? handle_mm_fault+0x292/0xa90 [ 3376.356430][T27811] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3376.362826][T27811] ? kasan_check_read+0x11/0x20 [ 3376.367828][T27811] handle_mm_fault+0x3b7/0xa90 [ 3376.372708][T27811] __do_page_fault+0x5ef/0xda0 [ 3376.377491][T27811] do_page_fault+0x71/0x581 [ 3376.382172][T27811] ? page_fault+0x8/0x30 [ 3376.386419][T27811] page_fault+0x1e/0x30 [ 3376.390765][T27811] RIP: 0033:0x41063f [ 3376.394666][T27811] Code: 0f 84 c8 02 00 00 48 83 bd 78 ff ff ff 00 0f 84 f9 04 00 00 48 8b 95 68 ff ff ff 44 89 95 38 ff ff ff 4c 8d ac 10 00 f7 ff ff <49> 89 85 90 06 00 00 49 8d 85 10 03 00 00 49 89 95 98 06 00 00 41 03:43:19 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$inet(0x2, 0x2000000080003, 0xc) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f00000000c0)=@broute={'broute\x00\x00\x00\x00\x02\x00\x00\x00\x00t\x00', 0x20, 0x1, 0x178, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000800], 0x2, 0x0, &(0x7f0000000800)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe, 0x1, [{{{0x11, 0x0, 0x0, 'bcsf0\x00\x00\x00\x00\b\x00', 'veth0_to_bond\x06\x00', 'vcan0\x00', 'vlan0\x00', @broadcast, [], @link_local, [], 0xb0, 0xb0, 0xe8, [@devgroup={'devgroup\x00', 0x18, {{0x38}}}]}}, @common=@dnat={'dnat\x00', 0x10, {{@link_local}}}}]}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}]}, 0x1f0) fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0) 03:43:20 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000340)={0x0, 0x3500, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) [ 3376.414413][T27811] RSP: 002b:00007fffe48ad690 EFLAGS: 00010206 [ 3376.420504][T27811] RAX: 00007fe1cdf66000 RBX: 0000000000020000 RCX: 0000000000458c7a [ 3376.428528][T27811] RDX: 0000000000021000 RSI: 0000000000021000 RDI: 0000000000000000 [ 3376.436528][T27811] RBP: 00007fffe48ad770 R08: ffffffffffffffff R09: 0000000000000000 [ 3376.444619][T27811] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fffe48ad850 [ 3376.452614][T27811] R13: 00007fe1cdf86700 R14: 0000000000000000 R15: 000000000073bfac [ 3376.497862][T27811] memory: usage 307200kB, limit 307200kB, failcnt 34629 [ 3376.504956][T27811] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3376.589164][T27811] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3376.621085][T27811] Memory cgroup stats for /syz1: cache:88KB rss:98892KB rss_huge:0KB shmem:8KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:98860KB inactive_file:68KB active_file:184KB unevictable:0KB [ 3376.643632][T27811] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=4867,uid=0 [ 3376.660581][T27811] Memory cgroup out of memory: Killed process 4867 (syz-executor.1) total-vm:72580kB, anon-rss:168kB, file-rss:35792kB, shmem-rss:0kB [ 3376.750526][T27812] syz-executor.1 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 3376.764054][T27812] CPU: 1 PID: 27812 Comm: syz-executor.1 Not tainted 5.1.0-rc5-next-20190418 #28 [ 3376.773203][T27812] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3376.783275][T27812] Call Trace: [ 3376.786633][T27812] dump_stack+0x172/0x1f0 [ 3376.791084][T27812] dump_header+0x10f/0xb6c [ 3376.795514][T27812] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3376.801326][T27812] ? ___ratelimit+0x60/0x595 [ 3376.805925][T27812] ? do_raw_spin_unlock+0x57/0x270 [ 3376.811083][T27812] oom_kill_process.cold+0x10/0x15 [ 3376.816245][T27812] out_of_memory+0x79a/0x1280 [ 3376.821211][T27812] ? retint_kernel+0x2b/0x2b [ 3376.825806][T27812] ? oom_killer_disable+0x280/0x280 [ 3376.831014][T27812] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3376.836549][T27812] ? memcg_event_wake+0x230/0x230 [ 3376.841565][T27812] ? do_raw_spin_unlock+0x57/0x270 [ 3376.846682][T27812] ? _raw_spin_unlock+0x2d/0x50 [ 3376.851571][T27812] try_charge+0xd4d/0x1790 [ 3376.855987][T27812] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3376.861537][T27812] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3376.866986][T27812] ? retint_kernel+0x2b/0x2b [ 3376.871564][T27812] __memcg_kmem_charge_memcg+0x7c/0x130 [ 3376.877181][T27812] ? memcg_kmem_put_cache+0xb0/0xb0 [ 3376.882477][T27812] ? __memcg_kmem_charge_memcg+0x2a/0x130 [ 3376.888301][T27812] __memcg_kmem_charge+0x136/0x300 [ 3376.893399][T27812] __alloc_pages_nodemask+0x437/0x7e0 [ 3376.898859][T27812] ? __alloc_pages_slowpath+0x28b0/0x28b0 [ 3376.904573][T27812] ? tsk_fork_get_node+0xf/0x70 [ 3376.909502][T27812] copy_process.part.0+0x3e0/0x7a90 [ 3376.914699][T27812] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3376.920144][T27812] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3376.925651][T27812] ? lockdep_hardirqs_on+0x418/0x5d0 [ 3376.930938][T27812] ? retint_kernel+0x2b/0x2b [ 3376.935513][T27812] ? trace_hardirqs_on_caller+0x6a/0x220 [ 3376.941147][T27812] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3376.946588][T27812] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3376.952051][T27812] ? lockdep_hardirqs_on+0x418/0x5d0 [ 3376.957438][T27812] ? retint_kernel+0x2b/0x2b [ 3376.962129][T27812] ? __cleanup_sighand+0x60/0x60 [ 3376.967050][T27812] ? retint_kernel+0x2b/0x2b [ 3376.971636][T27812] _do_fork+0x257/0xfd0 [ 3376.975783][T27812] ? fork_idle+0x1d0/0x1d0 [ 3376.980399][T27812] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3376.986103][T27812] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3376.991552][T27812] ? do_syscall_64+0x26/0x670 [ 3376.996240][T27812] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3377.002294][T27812] ? do_syscall_64+0x26/0x670 [ 3377.007046][T27812] __x64_sys_clone+0xbf/0x150 [ 3377.011717][T27812] do_syscall_64+0x103/0x670 [ 3377.016385][T27812] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3377.022278][T27812] RIP: 0033:0x458c29 [ 3377.026163][T27812] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3377.045766][T27812] RSP: 002b:00007fe1cdfa6c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 3377.054431][T27812] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000458c29 [ 3377.062593][T27812] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000002102001ffe [ 3377.070636][T27812] RBP: 000000000073bf00 R08: ffffffffffffffff R09: 0000000000000000 [ 3377.078705][T27812] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe1cdfa76d4 [ 3377.086693][T27812] R13: 00000000004befd3 R14: 00000000004d0020 R15: 00000000ffffffff [ 3377.096368][T27812] memory: usage 307012kB, limit 307200kB, failcnt 34629 [ 3377.103433][T27812] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3377.111674][T27812] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3377.119320][T27812] Memory cgroup stats for /syz1: cache:88KB rss:98892KB rss_huge:0KB shmem:8KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:98860KB inactive_file:68KB active_file:184KB unevictable:0KB [ 3377.141122][T27812] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=7328,uid=0 [ 3377.156711][T27812] Memory cgroup out of memory: Killed process 7328 (syz-executor.1) total-vm:72580kB, anon-rss:168kB, file-rss:35792kB, shmem-rss:0kB [ 3377.178381][T27666] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3377.192622][T27666] CPU: 0 PID: 27666 Comm: syz-executor.5 Not tainted 5.1.0-rc5-next-20190418 #28 [ 3377.201905][T27666] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3377.212080][T27666] Call Trace: [ 3377.215524][T27666] dump_stack+0x172/0x1f0 [ 3377.219877][T27666] dump_header+0x10f/0xb6c [ 3377.224443][T27666] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3377.230309][T27666] ? ___ratelimit+0x60/0x595 [ 3377.234949][T27666] ? do_raw_spin_unlock+0x57/0x270 [ 3377.240262][T27666] oom_kill_process.cold+0x10/0x15 [ 3377.245483][T27666] out_of_memory+0x79a/0x1280 [ 3377.250345][T27666] ? oom_killer_disable+0x280/0x280 [ 3377.255536][T27666] ? find_held_lock+0x35/0x130 [ 3377.260327][T27666] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3377.265863][T27666] ? memcg_event_wake+0x230/0x230 [ 3377.270897][T27666] ? do_raw_spin_unlock+0x57/0x270 [ 3377.276000][T27666] ? _raw_spin_unlock+0x2d/0x50 [ 3377.280874][T27666] try_charge+0x118d/0x1790 [ 3377.285390][T27666] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3377.291038][T27666] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3377.297288][T27666] ? kasan_check_read+0x11/0x20 [ 3377.302133][T27666] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3377.307740][T27666] mem_cgroup_try_charge+0x24d/0x5e0 [ 3377.313025][T27666] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3377.318685][T27666] wp_page_copy+0x416/0x1770 [ 3377.323366][T27666] ? do_wp_page+0x486/0x1500 [ 3377.327946][T27666] ? pmd_pfn+0x1d0/0x1d0 [ 3377.332192][T27666] ? lock_downgrade+0x880/0x880 [ 3377.337125][T27666] ? swp_swapcount+0x540/0x540 [ 3377.341887][T27666] ? kasan_check_read+0x11/0x20 [ 3377.346752][T27666] ? do_raw_spin_unlock+0x57/0x270 [ 3377.351860][T27666] do_wp_page+0x48e/0x1500 [ 3377.356262][T27666] ? finish_mkwrite_fault+0x540/0x540 [ 3377.361665][T27666] __handle_mm_fault+0x22e8/0x3ec0 [ 3377.366772][T27666] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3377.377934][T27666] ? find_held_lock+0x35/0x130 [ 3377.382973][T27666] ? handle_mm_fault+0x292/0xa90 [ 3377.387912][T27666] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3377.394323][T27666] ? kasan_check_read+0x11/0x20 [ 3377.399162][T27666] handle_mm_fault+0x3b7/0xa90 [ 3377.403929][T27666] __do_page_fault+0x5ef/0xda0 [ 3377.408721][T27666] do_page_fault+0x71/0x581 [ 3377.413230][T27666] ? page_fault+0x8/0x30 [ 3377.417465][T27666] page_fault+0x1e/0x30 [ 3377.421699][T27666] RIP: 0033:0x410710 [ 3377.425613][T27666] Code: ff ff 48 83 c8 01 48 89 05 bd fd 63 00 48 8b 05 96 27 30 00 49 c7 85 c8 02 00 00 90 2e 71 00 49 89 85 c0 02 00 00 4c 89 70 08 <4c> 89 35 79 27 30 00 48 c7 05 8e fd 63 00 00 00 00 00 f0 ff 0d 8f [ 3377.445699][T27666] RSP: 002b:00007ffc1533c070 EFLAGS: 00010202 [ 3377.451777][T27666] RAX: 00007fea306249c0 RBX: 0000000000020000 RCX: 00000000ffffffe0 [ 3377.459861][T27666] RDX: 0000000000000040 RSI: 0000000000000001 RDI: 00007fea306036a0 [ 3377.467950][T27666] RBP: 00007ffc1533c150 R08: 0000000000714800 R09: 0000000000714800 [ 3377.476055][T27666] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffc1533c230 [ 3377.484029][T27666] R13: 00007fea30603700 R14: 00007fea306039c0 R15: 000000000073bfac [ 3377.492946][T27666] memory: usage 307200kB, limit 307200kB, failcnt 96113 [ 3377.499979][T27666] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3377.507664][T27666] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3377.514635][T27666] Memory cgroup stats for /syz5: cache:124KB rss:99568KB rss_huge:0KB shmem:132KB mapped_file:0KB dirty:132KB writeback:0KB swap:0KB inactive_anon:132KB active_anon:99468KB inactive_file:4KB active_file:0KB unevictable:0KB [ 3377.536799][T27666] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=27666,uid=0 03:43:21 executing program 5: socket$inet_udplite(0x2, 0x2, 0x88) sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000002300)}, 0x0) clone(0x0, 0x0, 0x0, 0x0, 0x0) sysinfo(&(0x7f0000000000)=""/248) r0 = socket$inet(0x10, 0x3, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$sock_ifreq(r1, 0x89f1, &(0x7f0000000180)={'ip6tnl0\x00', @ifru_flags}) 03:43:21 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x600, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:43:21 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$inet(0x2, 0x2000000080003, 0xc) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f00000000c0)=@broute={'broute\x00\x00\x00\x00\x02\x00\x00\x00\x00t\x00', 0x20, 0x1, 0x178, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000800], 0x2, 0x0, &(0x7f0000000800)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe, 0x1, [{{{0x11, 0x0, 0x0, 'bcsf0\x00\x00\x00\x00\b\x00', 'veth0_to_bond\a\x00', 'vcan0\x00', 'vlan0\x00', @broadcast, [], @link_local, [], 0xb0, 0xb0, 0xe8, [@devgroup={'devgroup\x00', 0x18, {{0x38}}}]}}, @common=@dnat={'dnat\x00', 0x10, {{@link_local}}}}]}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}]}, 0x1f0) fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0) 03:43:21 executing program 3: r0 = creat(&(0x7f0000000080)='./bus\x00', 0x0) r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap(&(0x7f0000007000/0x1000)=nil, 0x1000, 0x0, 0x11, r1, 0x0) unlink(&(0x7f0000000280)='./bus\x00') r2 = syz_open_procfs(0x0, &(0x7f0000000040)='smaps\x00') preadv(r2, &(0x7f0000000700)=[{&(0x7f0000000600)=""/246, 0xf6}], 0x1, 0x80000000) setsockopt$inet_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000000c0)='tls\x00', 0x4) 03:43:21 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000340)={0x0, 0x3600, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:43:21 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) clock_gettime(0x0, &(0x7f0000000100)) sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000002300)=[{&(0x7f0000001300)}], 0x1}, 0x0) perf_event_open(&(0x7f0000000080)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x2102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) gettid() clone(0x3000000b8160102, 0x0, 0x0, 0x0, 0x0) wait4(0x0, 0x0, 0x0, 0x0) sysinfo(&(0x7f0000000000)=""/248) r1 = socket$inet(0x10, 0x3, 0x0) r2 = fcntl$dupfd(r0, 0x406, r1) setsockopt$IP_VS_SO_SET_FLUSH(0xffffffffffffffff, 0x0, 0x485, 0x0, 0x0) ioctl$sock_ifreq(r2, 0x89f1, &(0x7f0000000180)={'ip6tnl0\x00', @ifru_flags}) [ 3377.552552][T27666] Memory cgroup out of memory: Killed process 27666 (syz-executor.5) total-vm:72580kB, anon-rss:160kB, file-rss:35724kB, shmem-rss:0kB [ 3377.568296][ T1044] oom_reaper: reaped process 27666 (syz-executor.5), now anon-rss:0kB, file-rss:34828kB, shmem-rss:0kB [ 3377.634048][ T26] audit: type=1804 audit(2000000601.229:199): pid=28077 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir217225525/syzkaller.d07L5x/5890/bus" dev="sda1" ino=18449 res=1 03:43:21 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) clock_gettime(0x0, &(0x7f0000000100)) sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000002300)=[{&(0x7f0000001300)}], 0x1}, 0x0) r1 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000200)='/dev/cachefiles\x00', 0x80000, 0x0) connect$vsock_stream(r1, &(0x7f0000000240)={0x28, 0x0, 0xffffffff, @hyper}, 0x10) perf_event_open(&(0x7f0000000080)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000280)='/dev/sequencer2\x00', 0x105440, 0x0) setsockopt$inet6_MRT6_ADD_MIF(r2, 0x29, 0xca, &(0x7f00000001c0)={0x183, 0x1, 0x7, 0x400, 0x2}, 0xc) clone(0x2102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) gettid() ioctl$void(r0, 0xc0045878) clone(0x3000000b8160102, 0x0, 0x0, 0x0, 0x0) wait4(0x0, 0x0, 0x0, 0x0) sysinfo(&(0x7f0000000000)=""/248) r3 = socket$inet(0x10, 0x3, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) setsockopt$IP_VS_SO_SET_FLUSH(0xffffffffffffffff, 0x0, 0x485, 0x0, 0x0) ioctl$sock_ifreq(r4, 0x89f1, &(0x7f0000000180)={'ip6tnl0\x00', @ifru_flags}) 03:43:21 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$inet(0x2, 0x2000000080003, 0xc) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f00000000c0)=@broute={'broute\x00\x00\x00\x00\x02\x00\x00\x00\x00t\x00', 0x20, 0x1, 0x178, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000800], 0x2, 0x0, &(0x7f0000000800)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe, 0x1, [{{{0x11, 0x0, 0x0, 'bcsf0\x00\x00\x00\x00\b\x00', 'veth0_to_bond\t\x00', 'vcan0\x00', 'vlan0\x00', @broadcast, [], @link_local, [], 0xb0, 0xb0, 0xe8, [@devgroup={'devgroup\x00', 0x18, {{0x38}}}]}}, @common=@dnat={'dnat\x00', 0x10, {{@link_local}}}}]}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}]}, 0x1f0) fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0) 03:43:21 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x700, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) [ 3377.735109][ T26] audit: type=1804 audit(2000000601.319:200): pid=28077 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir217225525/syzkaller.d07L5x/5890/bus" dev="sda1" ino=18223 res=1 03:43:21 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000340)={0x0, 0x3700, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:43:21 executing program 3: socket$inet6_icmp_raw(0xa, 0x3, 0x3a) perf_event_open(&(0x7f0000000000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000003980)='net/raw6\x00') preadv(r0, &(0x7f00000017c0), 0x1be, 0x4700) bpf$OBJ_PIN_MAP(0x6, &(0x7f00000000c0)={&(0x7f0000000080)='./file0\x00', r0}, 0x10) [ 3377.916178][T28085] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 03:43:21 executing program 1: socket$inet_udplite(0x2, 0x2, 0x88) clock_gettime(0x0, &(0x7f0000000100)) sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000002300)=[{&(0x7f0000001300)}], 0x1}, 0x0) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/sequencer\x00', 0x280000, 0x0) r1 = perf_event_open(&(0x7f0000000080)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb99, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, r0, 0x0) clone(0x2102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) gettid() clone(0x3000000b8160102, 0x0, 0x0, 0x0, 0x0) wait4(0x0, 0x0, 0x0, 0x0) sysinfo(&(0x7f0000000000)=""/248) r2 = socket$inet(0x10, 0x3, 0x0) accept4$packet(r0, &(0x7f0000000740)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f0000000780)=0x14, 0x80000) bpf$MAP_CREATE(0x0, &(0x7f00000007c0)={0x5, 0x80000000, 0x10000, 0x0, 0x0, r0, 0xfff, [], r3, r0, 0x7fffffff, 0x900000000}, 0x3c) r4 = fcntl$dupfd(r2, 0x0, r2) dup(r1) setsockopt$IP_VS_SO_SET_FLUSH(0xffffffffffffffff, 0x0, 0x485, 0x0, 0x0) ioctl$sock_ifreq(r4, 0x89f1, &(0x7f0000000180)={'ip6tnl0\x00', @ifru_flags}) syz_open_dev$vcsa(&(0x7f0000000140)='/dev/vcsa#\x00', 0x445, 0x80000) [ 3378.017511][T28085] CPU: 1 PID: 28085 Comm: syz-executor.5 Not tainted 5.1.0-rc5-next-20190418 #28 [ 3378.026704][T28085] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3378.037072][T28085] Call Trace: [ 3378.040404][T28085] dump_stack+0x172/0x1f0 [ 3378.044901][T28085] dump_header+0x10f/0xb6c [ 3378.049354][T28085] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3378.055460][T28085] ? ___ratelimit+0x60/0x595 [ 3378.060072][T28085] ? do_raw_spin_unlock+0x57/0x270 [ 3378.065209][T28085] oom_kill_process.cold+0x10/0x15 [ 3378.070345][T28085] out_of_memory+0x79a/0x1280 [ 3378.075054][T28085] ? lock_downgrade+0x880/0x880 [ 3378.079915][T28085] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3378.086459][T28085] ? oom_killer_disable+0x280/0x280 [ 3378.086475][T28085] ? find_held_lock+0x35/0x130 [ 3378.086498][T28085] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3378.096511][T28085] ? memcg_event_wake+0x230/0x230 [ 3378.096534][T28085] ? do_raw_spin_unlock+0x57/0x270 [ 3378.096550][T28085] ? _raw_spin_unlock+0x2d/0x50 [ 3378.096568][T28085] try_charge+0x118d/0x1790 [ 3378.121786][T28085] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3378.127485][T28085] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3378.133799][T28085] ? kasan_check_read+0x11/0x20 [ 3378.138693][T28085] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3378.144273][T28085] mem_cgroup_try_charge+0x24d/0x5e0 [ 3378.149609][T28085] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3378.155888][T28085] wp_page_copy+0x416/0x1770 [ 3378.160612][T28085] ? do_wp_page+0x486/0x1500 [ 3378.165255][T28085] ? pmd_pfn+0x1d0/0x1d0 [ 3378.169539][T28085] ? lock_downgrade+0x880/0x880 [ 3378.174557][T28085] ? __pte_alloc_kernel+0x220/0x220 [ 3378.179780][T28085] ? kasan_check_read+0x11/0x20 [ 3378.184664][T28085] ? do_raw_spin_unlock+0x57/0x270 [ 3378.189961][T28085] do_wp_page+0x48e/0x1500 [ 3378.194523][T28085] ? do_raw_spin_lock+0x12a/0x2e0 [ 3378.200141][T28085] ? rwlock_bug.part.0+0x90/0x90 [ 3378.205189][T28085] ? finish_mkwrite_fault+0x540/0x540 [ 3378.210592][T28085] ? add_mm_counter_fast.part.0+0x40/0x40 [ 3378.216505][T28085] __handle_mm_fault+0x22e8/0x3ec0 [ 3378.221785][T28085] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3378.227529][T28085] ? find_held_lock+0x35/0x130 [ 3378.232419][T28085] ? handle_mm_fault+0x292/0xa90 [ 3378.237372][T28085] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3378.243845][T28085] ? kasan_check_read+0x11/0x20 [ 3378.248903][T28085] handle_mm_fault+0x3b7/0xa90 [ 3378.253681][T28085] __do_page_fault+0x5ef/0xda0 [ 3378.258455][T28085] do_page_fault+0x71/0x581 [ 3378.263086][T28085] ? page_fault+0x8/0x30 [ 3378.267442][T28085] page_fault+0x1e/0x30 [ 3378.271600][T28085] RIP: 0033:0x40de98 [ 3378.275491][T28085] Code: 8b 34 c6 4a 8d 04 2e 48 3d ff ff ff 7e 0f 86 77 ff ff ff bf 2c e2 4b 00 31 c0 e8 83 3a ff ff 31 ff e8 cc 36 ff ff 0f 1f 40 00 <89> 3c b5 00 00 73 00 eb b6 31 ed 0f 1f 44 00 00 80 3d ce 25 64 00 [ 3378.295131][T28085] RSP: 002b:00007ffc1533c090 EFLAGS: 00010246 [ 3378.301216][T28085] RAX: 000000009206de8d RBX: 0000000050d0b0ea RCX: 0000001b2e620000 [ 3378.309312][T28085] RDX: 0000000000000000 RSI: 0000000000001e8d RDI: ffffffff9206de8d [ 3378.317382][T28085] RBP: 0000000000000009 R08: 000000009206de8d R09: 000000009206de91 [ 3378.325461][T28085] R10: 00007ffc1533c220 R11: 0000000000000246 R12: 000000000073bf88 [ 3378.333465][T28085] R13: 0000000080000000 R14: 00007fea32625008 R15: 0000000000000009 [ 3378.342069][T28085] memory: usage 307200kB, limit 307200kB, failcnt 96137 [ 3378.349458][T28085] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3378.356928][T28085] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3378.364614][T28085] Memory cgroup stats for /syz5: cache:124KB rss:99568KB rss_huge:0KB shmem:132KB mapped_file:0KB dirty:132KB writeback:0KB swap:0KB inactive_anon:132KB active_anon:99600KB inactive_file:4KB active_file:0KB unevictable:0KB [ 3378.386393][T28085] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=27650,uid=0 [ 3378.401935][T28085] Memory cgroup out of memory: Killed process 27650 (syz-executor.5) total-vm:72580kB, anon-rss:164kB, file-rss:34816kB, shmem-rss:0kB [ 3378.421854][ T1044] oom_reaper: reaped process 27650 (syz-executor.5), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 3378.443162][T28340] syz-executor.1 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 3378.461523][T28340] CPU: 0 PID: 28340 Comm: syz-executor.1 Not tainted 5.1.0-rc5-next-20190418 #28 [ 3378.470966][T28340] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3378.481484][T28340] Call Trace: [ 3378.484968][T28340] dump_stack+0x172/0x1f0 [ 3378.489605][T28340] dump_header+0x10f/0xb6c [ 3378.494351][T28340] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3378.500387][T28340] ? ___ratelimit+0x60/0x595 [ 3378.504988][T28340] ? do_raw_spin_unlock+0x57/0x270 [ 3378.510209][T28340] oom_kill_process.cold+0x10/0x15 [ 3378.515424][T28340] out_of_memory+0x79a/0x1280 [ 3378.520200][T28340] ? oom_killer_disable+0x280/0x280 [ 3378.525516][T28340] ? find_held_lock+0x35/0x130 [ 3378.535974][T28340] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3378.541560][T28340] ? memcg_event_wake+0x230/0x230 [ 3378.546711][T28340] ? do_raw_spin_unlock+0x57/0x270 [ 3378.551864][T28340] ? _raw_spin_unlock+0x2d/0x50 [ 3378.556807][T28340] try_charge+0x118d/0x1790 [ 3378.561330][T28340] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3378.566891][T28340] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 3378.572531][T28340] ? find_held_lock+0x35/0x130 [ 3378.577299][T28340] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 3378.582950][T28340] __memcg_kmem_charge_memcg+0x7c/0x130 [ 3378.588500][T28340] ? memcg_kmem_put_cache+0xb0/0xb0 [ 3378.593889][T28340] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3378.599691][T28340] __memcg_kmem_charge+0x136/0x300 [ 3378.605183][T28340] __alloc_pages_nodemask+0x437/0x7e0 [ 3378.610686][T28340] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3378.617212][T28340] ? __alloc_pages_slowpath+0x28b0/0x28b0 [ 3378.622960][T28340] ? copy_process.part.0+0x1d40/0x7a90 [ 3378.628448][T28340] ? lockdep_hardirqs_on+0x418/0x5d0 [ 3378.633839][T28340] ? trace_hardirqs_on+0x67/0x230 [ 3378.638883][T28340] copy_process.part.0+0x3e0/0x7a90 [ 3378.644122][T28340] ? __handle_mm_fault+0x21b7/0x3ec0 [ 3378.649423][T28340] ? find_held_lock+0x35/0x130 [ 3378.654429][T28340] ? __handle_mm_fault+0x21b7/0x3ec0 [ 3378.659738][T28340] ? lock_downgrade+0x880/0x880 [ 3378.664611][T28340] ? migration_entry_to_page+0x320/0x320 [ 3378.670263][T28340] ? lru_cache_add+0x21c/0x590 [ 3378.675073][T28340] ? __cleanup_sighand+0x60/0x60 [ 3378.680301][T28340] ? __handle_mm_fault+0x7cd/0x3ec0 [ 3378.685511][T28340] ? __do_page_fault+0x623/0xda0 [ 3378.690548][T28340] ? find_held_lock+0x35/0x130 [ 3378.695326][T28340] _do_fork+0x257/0xfd0 [ 3378.699493][T28340] ? fork_idle+0x1d0/0x1d0 [ 3378.704062][T28340] ? kasan_check_write+0x14/0x20 [ 3378.709164][T28340] ? up_read+0x90/0x1c0 [ 3378.713359][T28340] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3378.718924][T28340] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3378.724407][T28340] ? do_syscall_64+0x26/0x670 [ 3378.729101][T28340] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3378.735169][T28340] ? do_syscall_64+0x26/0x670 [ 3378.739850][T28340] __x64_sys_clone+0xbf/0x150 [ 3378.744530][T28340] do_syscall_64+0x103/0x670 [ 3378.749129][T28340] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3378.755028][T28340] RIP: 0033:0x45b5f9 [ 3378.758946][T28340] Code: ff 48 85 f6 0f 84 d7 8e fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8e fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 3378.778643][T28340] RSP: 002b:00007fffe48ad648 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 3378.787481][T28340] RAX: ffffffffffffffda RBX: 00007fe1cdfa7700 RCX: 000000000045b5f9 [ 3378.795468][T28340] RDX: 00007fe1cdfa79d0 RSI: 00007fe1cdfa6db0 RDI: 00000000003d0f00 [ 3378.803456][T28340] RBP: 00007fffe48ad850 R08: 00007fe1cdfa7700 R09: 00007fe1cdfa7700 [ 3378.811441][T28340] R10: 00007fe1cdfa79d0 R11: 0000000000000202 R12: 0000000000000000 [ 3378.819438][T28340] R13: 00007fffe48ad6ff R14: 00007fe1cdfa79c0 R15: 000000000073bf0c [ 3378.832402][T28340] memory: usage 307092kB, limit 307200kB, failcnt 34638 [ 3378.839723][T28340] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3378.847272][T28340] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3378.854641][T28340] Memory cgroup stats for /syz1: cache:88KB rss:98604KB rss_huge:0KB shmem:8KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:98728KB inactive_file:68KB active_file:184KB unevictable:0KB [ 3378.876315][T28340] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=7827,uid=0 [ 3378.892118][T28340] Memory cgroup out of memory: Killed process 7827 (syz-executor.1) total-vm:72448kB, anon-rss:160kB, file-rss:35800kB, shmem-rss:0kB [ 3378.908067][ T1044] oom_reaper: reaped process 7827 (syz-executor.1), now anon-rss:0kB, file-rss:34840kB, shmem-rss:0kB [ 3378.925128][T28198] syz-executor.5 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 3378.942962][T28198] CPU: 1 PID: 28198 Comm: syz-executor.5 Not tainted 5.1.0-rc5-next-20190418 #28 [ 3378.952388][T28198] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3378.962637][T28198] Call Trace: [ 3378.965967][T28198] dump_stack+0x172/0x1f0 [ 3378.970342][T28198] dump_header+0x10f/0xb6c [ 3378.974798][T28198] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3378.980895][T28198] ? ___ratelimit+0x60/0x595 [ 3378.985501][T28198] ? do_raw_spin_unlock+0x57/0x270 [ 3378.990766][T28198] oom_kill_process.cold+0x10/0x15 [ 3378.996076][T28198] out_of_memory+0x79a/0x1280 [ 3379.000967][T28198] ? oom_killer_disable+0x280/0x280 [ 3379.006289][T28198] ? find_held_lock+0x35/0x130 [ 3379.011087][T28198] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3379.016631][T28198] ? memcg_event_wake+0x230/0x230 [ 3379.021656][T28198] ? do_raw_spin_unlock+0x57/0x270 [ 3379.026758][T28198] ? _raw_spin_unlock+0x2d/0x50 [ 3379.031611][T28198] try_charge+0x118d/0x1790 [ 3379.036230][T28198] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3379.041789][T28198] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 3379.047326][T28198] ? find_held_lock+0x35/0x130 [ 3379.052090][T28198] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 3379.057768][T28198] __memcg_kmem_charge_memcg+0x7c/0x130 [ 3379.063333][T28198] ? memcg_kmem_put_cache+0xb0/0xb0 [ 3379.068527][T28198] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3379.074072][T28198] __memcg_kmem_charge+0x136/0x300 [ 3379.079209][T28198] __alloc_pages_nodemask+0x437/0x7e0 [ 3379.084774][T28198] ? __alloc_pages_slowpath+0x28b0/0x28b0 [ 3379.090520][T28198] ? copy_page_range+0x128a/0x1fc0 [ 3379.095675][T28198] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3379.101917][T28198] alloc_pages_current+0x107/0x210 [ 3379.107036][T28198] pte_alloc_one+0x1b/0x1a0 [ 3379.111527][T28198] __pte_alloc+0x20/0x310 [ 3379.115870][T28198] copy_page_range+0x1561/0x1fc0 [ 3379.120821][T28198] ? __lock_acquire+0x548/0x3fb0 [ 3379.125772][T28198] ? pmd_alloc+0x180/0x180 [ 3379.130177][T28198] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 3379.135883][T28198] ? vma_compute_subtree_gap+0x158/0x230 [ 3379.141527][T28198] ? validate_mm_rb+0xa3/0xc0 [ 3379.146345][T28198] ? __vma_link_rb+0x279/0x370 [ 3379.151137][T28198] ? kasan_check_write+0x14/0x20 [ 3379.156085][T28198] copy_process.part.0+0x5afb/0x7a90 [ 3379.161378][T28198] ? __cleanup_sighand+0x60/0x60 [ 3379.166312][T28198] _do_fork+0x257/0xfd0 [ 3379.170458][T28198] ? fork_idle+0x1d0/0x1d0 [ 3379.175045][T28198] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3379.180605][T28198] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3379.186053][T28198] ? do_syscall_64+0x26/0x670 [ 3379.190919][T28198] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3379.197067][T28198] ? do_syscall_64+0x26/0x670 [ 3379.201740][T28198] __x64_sys_clone+0xbf/0x150 [ 3379.206417][T28198] do_syscall_64+0x103/0x670 [ 3379.210999][T28198] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3379.216918][T28198] RIP: 0033:0x458c29 [ 3379.220819][T28198] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3379.240504][T28198] RSP: 002b:00007fea30623c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 3379.249097][T28198] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000458c29 [ 3379.257062][T28198] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 3379.265036][T28198] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 3379.273017][T28198] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fea306246d4 [ 3379.281103][T28198] R13: 00000000004befd3 R14: 00000000004d0020 R15: 00000000ffffffff [ 3379.290329][T28198] memory: usage 307036kB, limit 307200kB, failcnt 96177 [ 3379.297538][T28198] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3379.305036][T28198] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3379.312059][T28198] Memory cgroup stats for /syz5: cache:124KB rss:99432KB rss_huge:0KB shmem:132KB mapped_file:0KB dirty:132KB writeback:0KB swap:0KB inactive_anon:132KB active_anon:99468KB inactive_file:4KB active_file:0KB unevictable:0KB [ 3379.333785][T28198] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=6348,uid=0 [ 3379.349282][T28198] Memory cgroup out of memory: Killed process 6348 (syz-executor.5) total-vm:72448kB, anon-rss:156kB, file-rss:34816kB, shmem-rss:0kB [ 3379.370321][ T1044] oom_reaper: reaped process 6348 (syz-executor.5), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 3379.399983][T28352] syz-executor.5 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 3379.412276][T28352] CPU: 1 PID: 28352 Comm: syz-executor.5 Not tainted 5.1.0-rc5-next-20190418 #28 [ 3379.421615][T28352] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3379.431700][T28352] Call Trace: [ 3379.435103][T28352] dump_stack+0x172/0x1f0 [ 3379.439667][T28352] dump_header+0x10f/0xb6c [ 3379.444196][T28352] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3379.450048][T28352] ? ___ratelimit+0x60/0x595 [ 3379.454856][T28352] ? do_raw_spin_unlock+0x57/0x270 [ 3379.460002][T28352] oom_kill_process.cold+0x10/0x15 [ 3379.465251][T28352] out_of_memory+0x79a/0x1280 [ 3379.470095][T28352] ? lock_downgrade+0x880/0x880 [ 3379.474947][T28352] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3379.481306][T28352] ? oom_killer_disable+0x280/0x280 [ 3379.486866][T28352] ? find_held_lock+0x35/0x130 [ 3379.491645][T28352] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3379.497194][T28352] ? memcg_event_wake+0x230/0x230 [ 3379.502244][T28352] ? do_raw_spin_unlock+0x57/0x270 [ 3379.507445][T28352] ? _raw_spin_unlock+0x2d/0x50 [ 3379.512394][T28352] try_charge+0x118d/0x1790 [ 3379.516913][T28352] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3379.522643][T28352] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 3379.528333][T28352] ? find_held_lock+0x35/0x130 [ 3379.533143][T28352] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 3379.538802][T28352] __memcg_kmem_charge_memcg+0x7c/0x130 [ 3379.544357][T28352] ? memcg_kmem_put_cache+0xb0/0xb0 [ 3379.549569][T28352] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3379.555126][T28352] __memcg_kmem_charge+0x136/0x300 [ 3379.560239][T28352] __alloc_pages_nodemask+0x437/0x7e0 [ 3379.565638][T28352] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3379.571878][T28352] ? __alloc_pages_slowpath+0x28b0/0x28b0 [ 3379.577684][T28352] ? copy_process.part.0+0x1d40/0x7a90 [ 3379.583230][T28352] ? lockdep_hardirqs_on+0x418/0x5d0 [ 3379.588587][T28352] ? trace_hardirqs_on+0x67/0x230 [ 3379.593711][T28352] ? kasan_check_read+0x11/0x20 [ 3379.598656][T28352] copy_process.part.0+0x3e0/0x7a90 [ 3379.603945][T28352] ? __lock_acquire+0x548/0x3fb0 [ 3379.608986][T28352] ? find_held_lock+0x35/0x130 [ 3379.613746][T28352] ? kcov_ioctl+0x53/0x200 [ 3379.618192][T28352] ? __might_fault+0x12b/0x1e0 [ 3379.622962][T28352] ? __cleanup_sighand+0x60/0x60 [ 3379.627929][T28352] ? lock_downgrade+0x880/0x880 [ 3379.632787][T28352] _do_fork+0x257/0xfd0 [ 3379.636941][T28352] ? fork_idle+0x1d0/0x1d0 [ 3379.641491][T28352] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3379.647014][T28352] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3379.652570][T28352] ? do_syscall_64+0x26/0x670 [ 3379.657366][T28352] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3379.663431][T28352] ? do_syscall_64+0x26/0x670 [ 3379.668126][T28352] __x64_sys_clone+0xbf/0x150 [ 3379.672830][T28352] do_syscall_64+0x103/0x670 [ 3379.677427][T28352] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3379.683321][T28352] RIP: 0033:0x458c29 [ 3379.687209][T28352] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3379.706895][T28352] RSP: 002b:00007fea30602c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 3379.715528][T28352] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000458c29 [ 3379.723595][T28352] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 3379.731680][T28352] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 3379.739871][T28352] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fea306036d4 [ 3379.747843][T28352] R13: 00000000004befd3 R14: 00000000004d0020 R15: 00000000ffffffff [ 3379.767785][T28352] memory: usage 307040kB, limit 307200kB, failcnt 96190 [ 3379.774979][T28352] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3379.783648][T28352] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3379.791159][T28352] Memory cgroup stats for /syz5: cache:124KB rss:99432KB rss_huge:0KB shmem:132KB mapped_file:0KB dirty:132KB writeback:0KB swap:0KB inactive_anon:132KB active_anon:99468KB inactive_file:4KB active_file:0KB unevictable:0KB [ 3379.813296][T28352] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=28085,uid=0 [ 3379.829180][T28352] Memory cgroup out of memory: Killed process 28352 (syz-executor.5) total-vm:72712kB, anon-rss:172kB, file-rss:35788kB, shmem-rss:0kB 03:43:23 executing program 5: socket$inet_udplite(0x2, 0x2, 0x88) sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000002300)}, 0x0) clone(0x0, 0x0, 0x0, 0x0, 0x0) sysinfo(&(0x7f0000000000)=""/248) r0 = socket$inet(0x10, 0x3, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$sock_ifreq(r1, 0x89f1, &(0x7f0000000180)={'ip6tnl0\x00', @ifru_flags}) 03:43:23 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x900, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:43:23 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) clock_gettime(0x0, &(0x7f0000000100)) sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000002300)=[{&(0x7f0000001300)}], 0x1}, 0x0) r1 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000200)='/dev/cachefiles\x00', 0x80000, 0x0) connect$vsock_stream(r1, &(0x7f0000000240)={0x28, 0x0, 0xffffffff, @hyper}, 0x10) perf_event_open(&(0x7f0000000080)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000280)='/dev/sequencer2\x00', 0x105440, 0x0) setsockopt$inet6_MRT6_ADD_MIF(r2, 0x29, 0xca, &(0x7f00000001c0)={0x183, 0x1, 0x7, 0x400, 0x2}, 0xc) clone(0x2102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) gettid() ioctl$void(r0, 0xc0045878) clone(0x3000000b8160102, 0x0, 0x0, 0x0, 0x0) wait4(0x0, 0x0, 0x0, 0x0) sysinfo(&(0x7f0000000000)=""/248) r3 = socket$inet(0x10, 0x3, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) setsockopt$IP_VS_SO_SET_FLUSH(0xffffffffffffffff, 0x0, 0x485, 0x0, 0x0) ioctl$sock_ifreq(r4, 0x89f1, &(0x7f0000000180)={'ip6tnl0\x00', @ifru_flags}) 03:43:23 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000340)={0x0, 0x3757, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:43:23 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$inet(0x2, 0x2000000080003, 0xc) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f00000000c0)=@broute={'broute\x00\x00\x00\x00\x02\x00\x00\x00\x00t\x00', 0x20, 0x1, 0x178, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000800], 0x2, 0x0, &(0x7f0000000800)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe, 0x1, [{{{0x11, 0x0, 0x0, 'bcsf0\x00\x00\x00\x00\b\x00', 'veth0_to_bond>\x00', 'vcan0\x00', 'vlan0\x00', @broadcast, [], @link_local, [], 0xb0, 0xb0, 0xe8, [@devgroup={'devgroup\x00', 0x18, {{0x38}}}]}}, @common=@dnat={'dnat\x00', 0x10, {{@link_local}}}}]}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}]}, 0x1f0) fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0) 03:43:23 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) clock_gettime(0x0, &(0x7f0000000100)) sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000002300)=[{&(0x7f0000001300)}], 0x1}, 0x0) perf_event_open(&(0x7f0000000080)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x2102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) gettid() clone(0x3000000b8160102, 0x0, 0x0, 0x0, 0x0) wait4(0x0, 0x0, 0x0, 0x0) sysinfo(&(0x7f0000000000)=""/248) r1 = socket$inet(0x10, 0x3, 0x0) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffff9c, 0x29, 0x22, &(0x7f0000001580)={{{@in=@multicast2, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@broadcast}, 0x0, @in6=@dev}}, &(0x7f0000001680)=0xe8) getsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000016c0)={{{@in6=@ipv4={[], [], @dev}, @in=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@loopback}, 0x0, @in=@broadcast}}, &(0x7f00000017c0)=0xe8) lstat(&(0x7f0000001800)='./file0\x00', &(0x7f0000001840)={0x0, 0x0, 0x0, 0x0, 0x0}) syz_mount_image$gfs2(&(0x7f0000000140)='gfs2\x00', &(0x7f00000001c0)='./file0\x00', 0x9, 0x6, &(0x7f00000014c0)=[{&(0x7f0000000200)="3ce1fec1676e37009e24775b8157f531d04ddaa70bc013ebbc591318f73f9d24121b6709b733b72d57052ba8272b78bd3d45071852d5529aa2bf79793c3e377f628c0a94d2102552fb7df3387d09f8781d7ef40dc2347b7902d7c0feaafc3acc3eb025113cc5a63bdf76c1385dea1321d8951b2c0e692c18fc9e3bcee0d35a990dfdca3c9122b51cf1d7ca15c174264f1b72369df618709c2d5d5085f572faaebe2293a3dbfce019c1a551ad699ea8e6233add3e27007ee0a90ef208b022955e831d596de997c7671e80bf4731d829de33cd06c5f6c1d0f793c268a81501afd53ff89b85ade688c6c7e306f0136726ef07e0fcfcc28437df2341371fbf1adbf2f4637e2a347694ee9d1ec10b071883cda90db7a66b68309f8f82b6a981313f3cfbdf0b2b59c38aadc586ab29cf203cffde0a6054099f906d1736fa782b5b961202fb2bae26fae24cb7b42f1adadea8f717cbd0f4c65df3e0ed615fb3790dff317b7e51d1cb06aa3b4bd932aefeb87ddbe11369a9de058a3f9bc569cfafc03559d90815d3f43478d40b1e6ca219c566f7892312e284a4d28b13b653200d276f84fd7fefae5bd85d77597679f3a5fc77c56d7032a64ef5c98f66b4dac15d4d6563aeb223a7fb1603c6627d974f9d9f08f83c7668184cc2224323dfaf0fd92cb537011455cb6823e89dd504fbb98ac4cd45c6b61984da657539dd13289836753c7311235a5ef992cc088c5b7753350c5e0e10f0e4b605f339463e85681e9b215fec7d19ce204be3cd0b3734db67f710c084eed8028bb24ea90ee40ee25f5e983a0729a98d669713a0571b6424f965cc13db9d4d680211cca3775d4156348ee948e4d8158d3862fe5d920565bde10b6f3ecf7f55255d91def267945ef229ee9bdc8ff6481c20dd9533e244c76e90fa277e729fe02167a946cf1a948597a8e05144c88493b8e5f2a9f7cd0807eed02a059f8c02f18cb2e2d6525f4e1a7524efe0c8b57692816f6cf430a90528ec38ac706f3ef9c9df3210282f00649e4c7822f73916f607b3fa3a01de141bedf57183ff7cd1aa38b24ce3d9bf15fb2689f12c84728c685959f481ba7e36de2fc19136df5c5faeee62815f787275167e642875cb6ae22c6a5ecd4dcd5b58c6fdcc99f7c4ff93ba84dec4e11bda61cd9fddf169a7e5007c895db0713b1570f2eafff6c6858742e826a550ebcff2c3985283e31341be083e1b789d78a6ba40951f4d5e4c12b6f2f190bbf8a0939eec15bc0e3f134bab3aaf8b817e201b8cb8ed3f87c14a2b9bba9a579d25bf6d034a183e409aec903a806ecb8f48628b9286cec4a0728788495b9454877f42e68ae42f68bb68de29371b0a53c357b98d119d3980c973dd6dbcaac8df3c6075f633cb6e6ef79cf8e2ca48470e9cd46689fd3a1fd040653d88efc23a09e9389e0d8df2ca6f0e0298f3847a509ae70d244150198c75192feda34ae0fd9b00a7e94b49e5ebb9f11edf9c420a12d1965e98623ed4f3aece01c77ec4a7599582aa906f117e37760ca5c6acfc01a70f4f47e8cab9af66c95867b637edacb6950e3815e774f3841a83366b03f8996642849fe2b7d77f1f0fa5b8ef724fcff923d17e90b2ecf9c5fe3ee87facff330bc0b006dc6e9ed520f024064fd3cf9a12b11633cdc92a71c6d09ee6598433c56428be353860c41eae3c38a666006cd7ced7cea1140603f0c825f82f5bd06d2171228cea7da079904aec4ac7d81df9b77130b05436abf4a6fc2baab80fb9fdb3f3e4ff1af6a9d87893ddfff1c4775569296876461a35a391c0b77920b782517356f2eedce296da96f9b94038083880866cdd4ccae377a19e34019a0910b658c0737f0b6d9b1af44f0dd8f19e8e4fda3bd3f203a787c763a3723f26f0f90194baae0d8fbdac6f832c6c2de790a5437ea639595b3320a8e0b4d5f0ba85ec29c35606108a8ff2941e532245acb915c862a687c9c4e318542ceefe83381a8459547c3a58f01e4ceb0ab3f6929735ad7f40b9b7ea859222b6d06c74fde28dad35d44c237061886fe23a1c5cc6c6656be1c71beb0a79aa052b245d70321f4ce72508abf347744747cf4799101583454111c25fb22d1b2d7d1b8c8e4c592c5d128457a842f2aed170c263e2e584ecf4e3ab74980a900abf88f9f3f0b7d477eb82fef7c435b8b0d8d1adbc7256602901a900dee6c7dd7130c36d7b0affb4211e6240538bda2f340657f515da1ffe757777cc60219fafdf8063cfe663bd0574ea805898224970c66a3085028273b3a46479e8c4cec398452eca3a614e9c7a307f8429bdce412066807570c16c2aef1fa8283609c0f107b774da3c79090c14648b5657d275771d275c4657291f9ccc8500994800ad12bd02818e5e6a422903375ee1a980e7c807316d5cdb663636cd6598c49be18ae231a8776fe3d6be36dffc3168647a2d5d70aa5b61ddab446d16eb0fbe37f501cec4c505f934c80c974efd03f24045ce1f6234f79c1cf1ad7f705f7c31e21e695a59267b9a9a342ab2846a45791670d8c1c9c6431f4c18a22def7adeebefd6c59c035ac5dfd59e84974e8f84d117224f0854c7efd03cfdc5f7497cfa3b5cf8c4bb8b836bb24b9b1105cab68531757f53059ecad5293c477940bcf73861d6c2c18bbfb6e1a0d317c239edd45be6ca5c1ac1b17528c4a5d05b07dcb339b704b029ac8dea4af7160ff66ec4f9305f80f67c3ffc74538fcf8b87e2feb2f2da3193a6677bc4af23a9fa9c5fc3bc7f012d02afbba17aaff0128bd6701094dda16050ba41243b52153c903b26f15351c187f1e79a6cc19b0b8d37f804e29911facb0a01f62153c2b08ecbaac7a5306f6813b33059bfe312f004e7bf9e2f83aa8232f9fdb8a4f556ae6c8966ab61fe0db1052e41dabbe1955ed5b690f078ead62640315ce33a73cc6f44aa89d54d3b6104f39ac90c114ba194266eae991b94d1969476d47d2381450b5dcb4a1f23a68e7e92053bb7695cf32e152e8195f1be9930a50d8ae4105e52cf1d2dfe4db8a87a37589af87a3c98888f5c466d2362ee7e5cc5b024f733e238953fafcf1028fa15790b8f8a58e19442400df02ff4e43c70fcc0a2952c1f7dd7237532498c56e8334b7353dd162ee5f434252b6e4f03283568c5fcc64701d045e952602751a08f18075f2f91dba7a4b1c3d7a9ba2b46997b87ca48e2ef52e19cd78597430c686eef69cc41821f1e7d9a19d9ae67764da5cab769c1c5ed5c4072705b4610c2d68d65540319c204ea11523214a3bf3410fac2a893901073823351793493ed6fedaa533ba16d8ecc8d95d5a91a88179fc05cfa98faf5698ed21644d65c3205fc971e8612db629536b11b1d62fc0a4abb7e9fd8719cfc5f94dee5f78d6240e006003637afa17ece54ab537e9fe7c05aeec79793690d1e36fcd401775d2de0debcb3e7bf957e14b978bf23b3759305a6198c22367171d04b15dc4c468edb1ef6f9ab696de57c14a834f6f5a7146aee7206848f49090e34de9ccd0f85c84be7655b245f0f00c4e0be77bc2995eab9ad670404d9471db788db1fc6f29cc7d3ce187f2476f9fc7e4788df63a6706b630c7941bf5b4920fd72a8fde3cda04314760d2b33cda6f7ba187c67680b3184fc31b72157b42fc5a4be5ae6403d278fc250c9b08761bb4a9a7b2b7d341e3fdfb02d98d008fea41e46a264b01f50456374c450bcd02fc50d4b2a4f2872e50748bd1bd1358041a1b80cd81a3a2c07c98aeb63b6acb98c51dda0ded61b767443cc44f23159f0d65d77e1fd6209c778c2c2497095a729299c8704d72b474776959dcbdc79f950857d530b5292dcfa042f1040dd24c9c01ba1c877ad88b572d07a5cbc5cb3e7b8449a13f306f9b89248c4c541693c2baefec7a2a307af1a35569ee10eb90bc749a2bbd4b0e8d7f15af4bfd59989bd8ffe1a5352ad41e1bcb30832a9b802c2fcbb9473b99e1373a75d3ac9e59dac99d02af2a6bc73da89d6e3d802c66f82c6115369356cf4805f7d38adf584e4238257b170bb8ff43699028bf100ff397d7b104a02e986937d6a7d5fd0f6c476f439003ff868705fc8c1822eba6a1f11dc3b9e629ae72ece1118ab69e556628fcedea8c3e595a5d2cedd054c7e3ade2dab97c6a67c34e46eb151584ec7ed786032621e034312fee56fc9ef9e9c21dc4a600f560424c2967d6d65fe5e8c4cf1d0d1d91018d69758b6a18943f817662c1b8a99a369988c3ec4d641669a695edc9c9d62b31eeff43b92c25aa40b10e8ab859b5704c24267d4c1da03831badb3ccc2ed75beae083739e96a6197150d6a52db3fa34ab2358cc523f857bd08fa970dc7aefc6d66297aefcd4648699c044e34d410b31d5f73fbb5f1527757e668a04dadd5ddea706269fa4cb3f81ca6cd98ae314b278730f88d7217cf5560f527b9d3cd51fda08743fe67cd1b5ccd24d03b59d0ef35f95b881865e308c6a550cefe7e961e076e6b0891a1474a7881b79b69529346ef365cf2aa3a632db51e42730efd2ef75c1e2861c6cf5f992f85778da69ea5f8026b1da86258a14920e940e4ff96a19b1ddf86c9310dc1cc96d8e365d50a0da2065952b98fa331d0dbb54bc1a2528fd136532fba752d1c9bf1b8dbde35a2cfcdf6538a7c67d539f4cb221ccdd3311c1b43812d5fca6cabec224bf9b14a7fa93ce6c5432b5c438c7b465b9b441eaa30ff09636554fd0372abadc98e8256536a7b96b4b2013c6ef6c6fedab261c9909d113b611b26169fbca06cacad854aaf07b99c268c2c361ae224a5521165a23138efdb26a1844b3ab4f98c096927d172d6904eb935fafc9d7b41c3b908edb6d80669bf5feb02458c3f6ddfa97d52946e005d2f5bd7a0758622a6c7b02fac1f4e75169ea1a617829f70fd3041104372477aaa07a72012e8594cc9178f566d511d92dff842638618c22163cc4ea3aa041173dc397f796df7ff1fda7800bd39c765d9ec4bc93ee85f61720fd62734859fcffe2697ddcf649ee4df6ef34080c85695d531ecfa969c7b4d4502e46abe3eaa1e922c7147a5eff547d911ea81d746a31b51824cfe9bdb8412e515be3f7302703935caa273fbf292c2d9b4124833ec5ff2f1cd2fb5a4a63dcf31506b0aeb9a0d4f2cf515fea483fbd77ac023885961520c9c7c774b2fc4661f8444bbba607bb87e71db398e5b2d496f330bb7940300359920d2feb4e2afe9cae3c3ab60be57218be8b9861fd3e7b836deb7c4c6121ea04243de47a0bd419ac23a1ac36e7ec75b51999d9dcf9a348a996fc65d2569c9174098784a8eea1f7ab675a8963b5f91c6220cc7d854cb7cebfccae7081c1da2289b307a4ba4880b0f3e4a985b309b268b5babc922a7bce922c28f282d199b4282cec65a45c03f9533fd7d0ef36bcd2767fb8ed79d09a2f9f51c9765ec244fbed44cb9b00bf710d7fdb71470eacee6ad50b0bd58db9fb82b7eb6e3c1cb0a001555ff0b6c1dd22d711faf5eca6ced27698e2ec0e720ba310b7b76c3fc7387d8bfcc296a6f77435d6eefa7c49d0b1d3aa4e0fb488341bb778c08f39bcb9f57fe7e25e87d7b3e9ee25930bb1ae1d545175954a014b787b0b51f1edf90e29e5dc287e7bf9c241ba246ea8674d74b63714b5dcda7fbe004d4cdf45b7de6df6dd4d321f9944075c43f53e56e3e93fbcfc64d3a3bedd0e6317f88e7bcf5f739629e29166acd8bcc27c35710092b69aa91856eb21029f860d62245fe9232e511498adcbb7501724a6ac9bf3e8893bfbf693d5c0e8afd78cd0165d227ef7fc7949e4ad81f44f9da861a008fbbbb167f63b4", 0x1000, 0x200}, {&(0x7f0000001200)="6508d61d918c70a707ae12299d08221987178cf1c5bae9008fa0e45326a349ec36cc55ff1d520aedb67dff6360ace1b756ac59c179a76732c682dd5e56dcb71d3353b5c8b9af1ee363ddbf327d9582dd96fc9fee08590a125a6fb75bb320ee3a91751c0a6f2c290831774c456e446c2b56f2ef4f30fbec8af8cfd713b5b122bf2542c10134", 0x85, 0x935}, {&(0x7f00000012c0)="34993413e0c2a299cd4f8c9f6a6f7a041f6d9c54a24a4a90d3c683d35cc0ce9b142f72b1a0b9a29921f54a", 0x2b, 0x2}, {&(0x7f0000001300)="0f47e8e22e70a4a30ef4530740019364e0c0cc4ca87fc752380c0e9f101904fd49d8f8591de5d207734e2275c35cec854cde64285dd0fddb9e4151c1b3dbe57d7bb786fd8880d132f7ef00c27496b891754721b5edbd0bce9309bef2bfb0de03aada1b19f3d38443126faaae6b63888269cad30d11bdd8141d798d3bfdb684b04cc9f02665ccb6f19acf960e62d4c8f4310aca38a37d0490b48e7d8a59353b0815b282afd4630b27af6ec3", 0xab, 0x5}, {&(0x7f00000013c0)="7ad5dc195171c0a50c2d8efe9e37d269b24ca383c449c4f941832cf5802d14e9869e4018", 0x24, 0x7fff}, {&(0x7f0000001400)="c0a127afab61f9984b75751de6ae19e6799d586f831f8fa82c1a24e814487e51334d51428257005ba9dd0a3d77a1b433e531831e34469fbb0171b6f0330c14ce87bf5ea7abba7d53e94bcc4d84634f6cea6c886bf429e3320c43611e09a643e5d44142d59d8bfcf913466ccd1ee87632f686a721308f0eee834221e7619897dcb623a72d32ff7899c643957c085d88701d8c3e9adb82312f93cd0fe878b0d136b071e9", 0xa3, 0x4}], 0x800, &(0x7f00000018c0)={[{@quota='quota'}], [{@euid_eq={'euid', 0x3d, r2}}, {@fowner_gt={'fowner>', r3}}, {@fowner_lt={'fowner<', r4}}, {@dont_hash='dont_hash'}]}) r5 = fcntl$dupfd(r1, 0x0, r1) setsockopt$IP_VS_SO_SET_FLUSH(0xffffffffffffffff, 0x0, 0x485, 0x0, 0x0) ioctl$sock_ifreq(r5, 0x89f1, &(0x7f0000000180)={'ip6tnl0\x00', @ifru_flags}) [ 3379.844797][ T1044] oom_reaper: reaped process 28352 (syz-executor.5), now anon-rss:0kB, file-rss:34828kB, shmem-rss:0kB 03:43:23 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) clock_gettime(0x0, &(0x7f0000000100)) sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000002300)=[{&(0x7f0000001300)}], 0x1}, 0x0) r1 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000200)='/dev/cachefiles\x00', 0x80000, 0x0) connect$vsock_stream(r1, &(0x7f0000000240)={0x28, 0x0, 0xffffffff, @hyper}, 0x10) perf_event_open(&(0x7f0000000080)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000280)='/dev/sequencer2\x00', 0x105440, 0x0) setsockopt$inet6_MRT6_ADD_MIF(r2, 0x29, 0xca, &(0x7f00000001c0)={0x183, 0x1, 0x7, 0x400, 0x2}, 0xc) clone(0x2102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) gettid() ioctl$void(r0, 0xc0045878) clone(0x3000000b8160102, 0x0, 0x0, 0x0, 0x0) wait4(0x0, 0x0, 0x0, 0x0) sysinfo(&(0x7f0000000000)=""/248) r3 = socket$inet(0x10, 0x3, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) setsockopt$IP_VS_SO_SET_FLUSH(0xffffffffffffffff, 0x0, 0x485, 0x0, 0x0) ioctl$sock_ifreq(r4, 0x89f1, &(0x7f0000000180)={'ip6tnl0\x00', @ifru_flags}) 03:43:23 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0xa00, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:43:23 executing program 1: socket$inet_udplite(0x2, 0x2, 0x88) clock_gettime(0x0, &(0x7f0000000100)) sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000002300)=[{&(0x7f0000001300)}], 0x1}, 0x0) perf_event_open(&(0x7f0000000080)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x2102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) gettid() clone(0x3000000b8160102, 0x0, 0x0, 0x0, 0x0) wait4(0x0, 0x0, 0x0, 0x0) sysinfo(&(0x7f0000000000)=""/248) r0 = socket$inet(0x10, 0x3, 0x0) r1 = syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x94002) setsockopt$inet6_MRT6_DEL_MFC_PROXY(r1, 0x29, 0xd3, &(0x7f00000001c0)={{0xa, 0x4e21, 0x1, @mcast2, 0x8f6a}, {0xa, 0x4e23, 0x1, @initdev={0xfe, 0x88, [], 0x1, 0x0}, 0x2}, 0x0, [0x9, 0x6, 0x1, 0x6, 0x2, 0x5, 0xf258, 0x6]}, 0x5c) r2 = fcntl$dupfd(r0, 0x0, r0) setsockopt$IP_VS_SO_SET_FLUSH(0xffffffffffffffff, 0x0, 0x485, 0x0, 0x0) ioctl$sock_ifreq(r2, 0x89f1, &(0x7f0000000180)={'ip6tnl0\x00', @ifru_flags}) 03:43:23 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$inet(0x2, 0x2000000080003, 0xc) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f00000000c0)=@broute={'broute\x00\x00\x00\x00\x02\x00\x00\x00\x00t\x00', 0x20, 0x1, 0x178, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000800], 0x2, 0x0, &(0x7f0000000800)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe, 0x1, [{{{0x11, 0x0, 0x0, 'bcsf0\x00\x00\x00\x00\b\x00', 'veth0_to_bond\xfe\x00', 'vcan0\x00', 'vlan0\x00', @broadcast, [], @link_local, [], 0xb0, 0xb0, 0xe8, [@devgroup={'devgroup\x00', 0x18, {{0x38}}}]}}, @common=@dnat={'dnat\x00', 0x10, {{@link_local}}}}]}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}]}, 0x1f0) fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0) 03:43:23 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000340)={0x0, 0x3800, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:43:23 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) clock_gettime(0x0, &(0x7f0000000100)) sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000002300)=[{&(0x7f0000001300)}], 0x1}, 0x0) r1 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000200)='/dev/cachefiles\x00', 0x80000, 0x0) connect$vsock_stream(r1, &(0x7f0000000240)={0x28, 0x0, 0xffffffff, @hyper}, 0x10) perf_event_open(&(0x7f0000000080)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000280)='/dev/sequencer2\x00', 0x105440, 0x0) setsockopt$inet6_MRT6_ADD_MIF(r2, 0x29, 0xca, &(0x7f00000001c0)={0x183, 0x1, 0x7, 0x400, 0x2}, 0xc) clone(0x2102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) gettid() ioctl$void(r0, 0xc0045878) clone(0x3000000b8160102, 0x0, 0x0, 0x0, 0x0) wait4(0x0, 0x0, 0x0, 0x0) sysinfo(&(0x7f0000000000)=""/248) r3 = socket$inet(0x10, 0x3, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) setsockopt$IP_VS_SO_SET_FLUSH(0xffffffffffffffff, 0x0, 0x485, 0x0, 0x0) ioctl$sock_ifreq(r4, 0x89f1, &(0x7f0000000180)={'ip6tnl0\x00', @ifru_flags}) [ 3380.210088][T28504] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3380.257984][T28504] CPU: 1 PID: 28504 Comm: syz-executor.1 Not tainted 5.1.0-rc5-next-20190418 #28 [ 3380.267276][T28504] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3380.277507][T28504] Call Trace: [ 3380.277534][T28504] dump_stack+0x172/0x1f0 [ 3380.277554][T28504] dump_header+0x10f/0xb6c [ 3380.277575][T28504] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3380.285362][T28504] ? ___ratelimit+0x60/0x595 [ 3380.285385][T28504] ? do_raw_spin_unlock+0x57/0x270 [ 3380.305893][T28504] oom_kill_process.cold+0x10/0x15 [ 3380.311222][T28504] out_of_memory+0x79a/0x1280 [ 3380.315936][T28504] ? lock_downgrade+0x880/0x880 [ 3380.320838][T28504] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3380.327555][T28504] ? oom_killer_disable+0x280/0x280 [ 3380.327572][T28504] ? find_held_lock+0x35/0x130 [ 3380.327594][T28504] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3380.327611][T28504] ? memcg_event_wake+0x230/0x230 [ 3380.337687][T28504] ? do_raw_spin_unlock+0x57/0x270 [ 3380.337704][T28504] ? _raw_spin_unlock+0x2d/0x50 [ 3380.337722][T28504] try_charge+0x118d/0x1790 [ 3380.337742][T28504] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3380.383535][T28504] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3380.389812][T28504] ? kasan_check_read+0x11/0x20 [ 3380.394713][T28504] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3380.400390][T28504] mem_cgroup_try_charge+0x24d/0x5e0 [ 3380.405704][T28504] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3380.411335][T28504] __handle_mm_fault+0x1e1f/0x3ec0 [ 3380.416528][T28504] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3380.422086][T28504] ? find_held_lock+0x35/0x130 [ 3380.426885][T28504] ? handle_mm_fault+0x292/0xa90 [ 3380.432247][T28504] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3380.438879][T28504] ? kasan_check_read+0x11/0x20 [ 3380.443839][T28504] handle_mm_fault+0x3b7/0xa90 [ 3380.448620][T28504] __do_page_fault+0x5ef/0xda0 [ 3380.453385][T28504] do_page_fault+0x71/0x581 [ 3380.458014][T28504] ? page_fault+0x8/0x30 [ 3380.462394][T28504] page_fault+0x1e/0x30 [ 3380.466548][T28504] RIP: 0033:0x40bf5d [ 3380.470524][T28504] Code: 48 18 8b 4c 24 4c 89 48 24 31 c0 48 8b 8c 04 10 01 00 00 48 89 8c 02 30 bf 73 00 48 83 c0 08 48 83 f8 48 75 e6 e8 83 72 ff ff <83> 05 a0 40 53 00 01 80 7c 24 35 00 74 0b f6 44 24 30 01 0f 84 68 [ 3380.490507][T28504] RSP: 002b:00007fffe48ad780 EFLAGS: 00010217 [ 3380.496700][T28504] RAX: 0000000000000000 RBX: 0000000000000064 RCX: 0000000000458c29 [ 3380.504924][T28504] RDX: 0000000000000000 RSI: 0000000000000081 RDI: 000000000073bf08 [ 3380.512939][T28504] RBP: 000000000073bf00 R08: 00007fe1cdfa7700 R09: 0000000000339393 [ 3380.520933][T28504] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000919 [ 3380.529162][T28504] R13: 0000000000000000 R14: 0000000000000003 R15: 000000000073bf0c [ 3380.537634][T28504] memory: usage 307200kB, limit 307200kB, failcnt 34659 [ 3380.544592][T28504] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3380.554403][T28504] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3380.561474][T28504] Memory cgroup stats for /syz1: cache:88KB rss:98736KB rss_huge:0KB shmem:8KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:98728KB inactive_file:68KB active_file:184KB unevictable:0KB [ 3380.583391][T28504] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=8814,uid=0 [ 3380.598873][T28504] Memory cgroup out of memory: Killed process 8814 (syz-executor.1) total-vm:72580kB, anon-rss:168kB, file-rss:35792kB, shmem-rss:0kB [ 3380.631639][T28377] syz-executor.5 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 3380.672564][T28377] CPU: 1 PID: 28377 Comm: syz-executor.5 Not tainted 5.1.0-rc5-next-20190418 #28 [ 3380.681722][T28377] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3380.691916][T28377] Call Trace: [ 3380.695261][T28377] dump_stack+0x172/0x1f0 [ 3380.699936][T28377] dump_header+0x10f/0xb6c [ 3380.704371][T28377] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3380.704387][T28377] ? ___ratelimit+0x60/0x595 [ 3380.704403][T28377] ? do_raw_spin_unlock+0x57/0x270 [ 3380.704423][T28377] oom_kill_process.cold+0x10/0x15 [ 3380.704439][T28377] out_of_memory+0x79a/0x1280 [ 3380.715079][T28377] ? oom_killer_disable+0x280/0x280 [ 3380.715099][T28377] ? find_held_lock+0x35/0x130 [ 3380.730084][T28377] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3380.730101][T28377] ? memcg_event_wake+0x230/0x230 [ 3380.740073][T28377] ? do_raw_spin_unlock+0x57/0x270 [ 3380.740089][T28377] ? _raw_spin_unlock+0x2d/0x50 [ 3380.740108][T28377] try_charge+0x118d/0x1790 [ 3380.765829][T28377] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3380.771417][T28377] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 3380.776985][T28377] ? find_held_lock+0x35/0x130 [ 3380.781792][T28377] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 3380.787368][T28377] __memcg_kmem_charge_memcg+0x7c/0x130 [ 3380.792943][T28377] ? memcg_kmem_put_cache+0xb0/0xb0 [ 3380.798201][T28377] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3380.803800][T28377] __memcg_kmem_charge+0x136/0x300 [ 3380.809135][T28377] __alloc_pages_nodemask+0x437/0x7e0 [ 3380.814594][T28377] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3380.820839][T28377] ? __alloc_pages_slowpath+0x28b0/0x28b0 [ 3380.826719][T28377] ? copy_process.part.0+0x1d40/0x7a90 [ 3380.832193][T28377] ? lockdep_hardirqs_on+0x418/0x5d0 [ 3380.837487][T28377] ? trace_hardirqs_on+0x67/0x230 [ 3380.842515][T28377] ? kasan_check_read+0x11/0x20 [ 3380.847506][T28377] copy_process.part.0+0x3e0/0x7a90 [ 3380.852732][T28377] ? psi_memstall_leave+0x11c/0x180 [ 3380.857930][T28377] ? kvm_sched_clock_read+0x9/0x20 [ 3380.863328][T28377] ? psi_memstall_leave+0x12e/0x180 [ 3380.868554][T28377] ? find_held_lock+0x35/0x130 [ 3380.873446][T28377] ? psi_memstall_leave+0x12e/0x180 [ 3380.878673][T28377] ? __cleanup_sighand+0x60/0x60 [ 3380.883617][T28377] ? __lock_acquire+0x548/0x3fb0 [ 3380.888649][T28377] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3380.895107][T28377] _do_fork+0x257/0xfd0 [ 3380.899468][T28377] ? fork_idle+0x1d0/0x1d0 [ 3380.903903][T28377] ? blkcg_maybe_throttle_current+0x5e2/0xfc0 [ 3380.909983][T28377] ? lock_downgrade+0x880/0x880 [ 3380.914846][T28377] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3380.921103][T28377] ? blkcg_exit_queue+0x30/0x30 [ 3380.925958][T28377] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3380.931549][T28377] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3380.937019][T28377] ? do_syscall_64+0x26/0x670 [ 3380.941708][T28377] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3380.947785][T28377] ? do_syscall_64+0x26/0x670 [ 3380.952503][T28377] __x64_sys_clone+0xbf/0x150 [ 3380.957191][T28377] do_syscall_64+0x103/0x670 [ 3380.961877][T28377] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3380.967768][T28377] RIP: 0033:0x45b5f9 [ 3380.971829][T28377] Code: ff 48 85 f6 0f 84 d7 8e fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8e fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 3380.991434][T28377] RSP: 002b:00007ffc1533c028 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 3380.999984][T28377] RAX: ffffffffffffffda RBX: 00007fea30603700 RCX: 000000000045b5f9 [ 3381.008068][T28377] RDX: 00007fea306039d0 RSI: 00007fea30602db0 RDI: 00000000003d0f00 [ 3381.016250][T28377] RBP: 00007ffc1533c230 R08: 00007fea30603700 R09: 00007fea30603700 [ 3381.024237][T28377] R10: 00007fea306039d0 R11: 0000000000000202 R12: 0000000000000000 [ 3381.032296][T28377] R13: 00007ffc1533c0df R14: 00007fea306039c0 R15: 000000000073bfac [ 3381.040755][T28377] memory: usage 307200kB, limit 307200kB, failcnt 96219 [ 3381.048502][T28377] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3381.056040][T28377] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3381.063106][T28377] Memory cgroup stats for /syz5: cache:124KB rss:99432KB rss_huge:0KB shmem:132KB mapped_file:0KB dirty:132KB writeback:0KB swap:0KB inactive_anon:132KB active_anon:99468KB inactive_file:4KB active_file:0KB unevictable:0KB [ 3381.084990][T28377] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=28377,uid=0 [ 3381.100616][T28377] Memory cgroup out of memory: Killed process 28377 (syz-executor.5) total-vm:72580kB, anon-rss:160kB, file-rss:35724kB, shmem-rss:0kB 03:43:24 executing program 5: socket$inet_udplite(0x2, 0x2, 0x88) sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000002300)}, 0x0) clone(0x0, 0x0, 0x0, 0x0, 0x0) sysinfo(&(0x7f0000000000)=""/248) r0 = socket$inet(0x10, 0x3, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$sock_ifreq(r1, 0x89f1, &(0x7f0000000180)={'ip6tnl0\x00', @ifru_flags}) 03:43:24 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0xb00, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:43:24 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$inet(0x2, 0x2000000080003, 0xc) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f00000000c0)=@broute={'broute\x00\x00\x00\x00\x02\x00\x00\x00\x00t\x00', 0x20, 0x1, 0x178, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000800], 0x2, 0x0, &(0x7f0000000800)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe, 0x1, [{{{0x11, 0x0, 0x0, 'bcsf0\x00\x00\x00\x00\b\x00', 'veth0_to_bond\x00\x03\x00', 'vcan0\x00', 'vlan0\x00', @broadcast, [], @link_local, [], 0xb0, 0xb0, 0xe8, [@devgroup={'devgroup\x00', 0x18, {{0x38}}}]}}, @common=@dnat={'dnat\x00', 0x10, {{@link_local}}}}]}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}]}, 0x1f0) fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0) 03:43:24 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000340)={0x0, 0x3900, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:43:24 executing program 1: socket$inet_udplite(0x2, 0x2, 0x88) clock_gettime(0x0, &(0x7f0000000100)) sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000002300)=[{&(0x7f0000001300)}], 0x1}, 0x0) perf_event_open(&(0x7f0000000080)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x2102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) gettid() clone(0x3000000b8160102, 0x0, 0x0, 0x0, 0x0) wait4(0x0, 0x0, 0x0, 0x0) sysinfo(&(0x7f00000008c0)=""/248) r0 = socket$inet(0x10, 0x3, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) setsockopt$IP_VS_SO_SET_FLUSH(0xffffffffffffffff, 0x0, 0x485, 0x0, 0x0) ioctl$sock_ifreq(r1, 0x89f1, &(0x7f0000000180)={'ip6tnl0\x00', @ifru_flags}) 03:43:24 executing program 3: r0 = socket$inet(0x10, 0x3, 0xc) r1 = syz_open_dev$sndpcmc(&(0x7f0000000180)='/dev/snd/pcmC#D#c\x00', 0x401, 0x210000) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_INFO(r1, 0xc08c5334, &(0x7f00000001c0)={0x6, 0x7fffffff, 0x1, 'queue0\x00', 0x2}) sendmsg(r0, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="2400000002031f001cfffd946fa2830020200a000900010003e700000000a3a20404ff7e", 0x24}], 0x1}, 0x0) r2 = syz_open_dev$swradio(&(0x7f0000000100)='/dev/swradio#\x00', 0x0, 0x2) openat(r2, &(0x7f0000000140)='./file0\x00', 0x4a0c80, 0x4) r3 = syz_open_dev$vcsa(&(0x7f0000000080)='/dev/vcsa#\x00', 0xfffffffffffffffd, 0x109000) write$FUSE_POLL(r3, &(0x7f00000000c0)={0x18, 0x0, 0x4, {0x1}}, 0x18) [ 3381.116075][ T1044] oom_reaper: reaped process 28377 (syz-executor.5), now anon-rss:0kB, file-rss:34828kB, shmem-rss:0kB 03:43:24 executing program 1: r0 = syz_open_dev$cec(&(0x7f0000000240)='/dev/cec#\x00', 0x2, 0x2) ioctl$KDSKBSENT(r0, 0x4b49, &(0x7f0000000280)="037093f6a11480bb48266ac6e416bd31b1f2023e59ddad1646b2c1b4307a9f706f7caa4cdb52e23f046cc19c0376c698f830f1955b80107da4b5fe9a80c5858d202a1faaa8add5e925c2332bbd24c273ece31a8eee5e2dd1f932176625f21dc8") r1 = socket$inet_udplite(0x2, 0x2, 0x88) clock_gettime(0x0, &(0x7f0000000100)) sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000002300)=[{&(0x7f0000000400)="353c31b4bb1a1e9bae5306b0159e20d797db8e4bf2426278c19bf3617c0500f92ceebb7198c464739deb31bd7ca007c8c07e223102681822efdfc2306ab3e1233d04fcad9c56461f0301ad7b5dad39692e74a702a5c78ca19d40b0e515033061d0ff49b07c443d69ad1fb037049c12b602b6d261035dd4963ec17588c700", 0x7e}], 0x1}, 0x0) perf_event_open(&(0x7f0000000080)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x20010000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) gettid() ioctl$FS_IOC_GETFSLABEL(r1, 0x81009431, &(0x7f0000000300)) clone(0x3000000b8160102, 0x0, 0x0, 0x0, 0x0) wait4(0x0, 0x0, 0x0, 0x0) r2 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x0, 0x2) ioctl$TIOCGDEV(r2, 0x80045432, &(0x7f00000001c0)) sysinfo(&(0x7f0000000000)=""/248) syz_emit_ethernet(0x1, &(0x7f0000000200)=ANY=[@ANYRESDEC=r0], 0x0) r3 = socket$inet(0x10, 0x3, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) setsockopt$IP_VS_SO_SET_FLUSH(0xffffffffffffffff, 0x0, 0x485, 0x0, 0x0) ioctl$sock_ifreq(r4, 0x89f1, &(0x7f0000000180)={'ip6tnl0\x00', @ifru_flags}) [ 3381.160072][T28650] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 03:43:24 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0xc00, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) [ 3381.253202][T28650] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 03:43:24 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$inet(0x2, 0x2000000080003, 0xc) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f00000000c0)=@broute={'broute\x00\x00\x00\x00\x02\x00\x00\x00\x00t\x00', 0x20, 0x1, 0x178, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000800], 0x2, 0x0, &(0x7f0000000800)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe, 0x1, [{{{0x11, 0x0, 0x0, 'bcsf0\x00\x00\x00\x00\b\x00', 'veth0_to_bond\x00\x05\x00', 'vcan0\x00', 'vlan0\x00', @broadcast, [], @link_local, [], 0xb0, 0xb0, 0xe8, [@devgroup={'devgroup\x00', 0x18, {{0x38}}}]}}, @common=@dnat={'dnat\x00', 0x10, {{@link_local}}}}]}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}]}, 0x1f0) fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0) 03:43:24 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000340)={0x0, 0x3a00, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) [ 3381.377278][T28793] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 03:43:25 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0xd00, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:43:25 executing program 3: r0 = syz_open_dev$video(&(0x7f0000000080)='/dev/video#\x00', 0x2000400000000009, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") poll(&(0x7f0000000100)=[{r0, 0x8041}], 0x1, 0x0) ioctl$VIDIOC_QUERY_EXT_CTRL(r0, 0xc0585609, &(0x7f0000000180)={0x0, 0x9, "d60700000000000000000032f101000080917149fd661837b011b15f24fc4d12", 0x0, 0x0, 0x0, 0x70effc, 0x100000002, 0xfffffffffffffffd, 0x0, 0x0, [0x1ff]}) [ 3381.480694][T28793] CPU: 0 PID: 28793 Comm: syz-executor.1 Not tainted 5.1.0-rc5-next-20190418 #28 [ 3381.489889][T28793] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3381.500053][T28793] Call Trace: [ 3381.503373][T28793] dump_stack+0x172/0x1f0 [ 3381.507735][T28793] dump_header+0x10f/0xb6c [ 3381.512176][T28793] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3381.518025][T28793] ? ___ratelimit+0x60/0x595 [ 3381.522644][T28793] ? do_raw_spin_unlock+0x57/0x270 [ 3381.527782][T28793] oom_kill_process.cold+0x10/0x15 [ 3381.532946][T28793] out_of_memory+0x79a/0x1280 [ 3381.537748][T28793] ? lock_downgrade+0x880/0x880 [ 3381.542628][T28793] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3381.548903][T28793] ? oom_killer_disable+0x280/0x280 [ 3381.554136][T28793] ? find_held_lock+0x35/0x130 [ 3381.558942][T28793] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3381.564536][T28793] ? memcg_event_wake+0x230/0x230 [ 3381.569667][T28793] ? do_raw_spin_unlock+0x57/0x270 [ 3381.574807][T28793] ? _raw_spin_unlock+0x2d/0x50 [ 3381.579685][T28793] try_charge+0x118d/0x1790 [ 3381.584214][T28793] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3381.589872][T28793] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3381.596218][T28793] ? kasan_check_read+0x11/0x20 [ 3381.601134][T28793] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3381.606729][T28793] mem_cgroup_try_charge+0x24d/0x5e0 [ 3381.612030][T28793] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3381.612051][T28793] wp_page_copy+0x416/0x1770 [ 3381.622258][T28793] ? do_wp_page+0x486/0x1500 [ 3381.626979][T28793] ? pmd_pfn+0x1d0/0x1d0 [ 3381.631244][T28793] ? lock_downgrade+0x880/0x880 [ 3381.636113][T28793] ? swp_swapcount+0x540/0x540 [ 3381.640902][T28793] ? kasan_check_read+0x11/0x20 [ 3381.645776][T28793] ? do_raw_spin_unlock+0x57/0x270 [ 3381.650919][T28793] do_wp_page+0x48e/0x1500 [ 3381.655365][T28793] ? finish_mkwrite_fault+0x540/0x540 [ 3381.660774][T28793] __handle_mm_fault+0x22e8/0x3ec0 [ 3381.665923][T28793] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3381.671490][T28793] ? find_held_lock+0x35/0x130 [ 3381.676376][T28793] ? handle_mm_fault+0x292/0xa90 [ 3381.681341][T28793] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3381.687600][T28793] ? kasan_check_read+0x11/0x20 [ 3381.692615][T28793] handle_mm_fault+0x3b7/0xa90 [ 3381.697397][T28793] __do_page_fault+0x5ef/0xda0 [ 3381.702180][T28793] do_page_fault+0x71/0x581 [ 3381.706696][T28793] ? page_fault+0x8/0x30 [ 3381.710956][T28793] page_fault+0x1e/0x30 [ 3381.715123][T28793] RIP: 0033:0x45722e [ 3381.719027][T28793] Code: 00 00 85 c0 41 89 c5 0f 85 fc 00 00 00 64 8b 04 25 d0 02 00 00 41 39 c4 0f 84 12 02 00 00 48 8b 05 17 f5 5f 00 48 85 c0 74 04 <48> 83 00 04 64 8b 04 25 d0 02 00 00 64 89 04 25 d4 02 00 00 0f 31 [ 3381.738649][T28793] RSP: 002b:00007fffe48ad8d0 EFLAGS: 00010206 [ 3381.738661][T28793] RAX: 0000000000a56248 RBX: 00007fffe48ad8d0 RCX: 00000000004571fa [ 3381.738667][T28793] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 3381.738674][T28793] RBP: 00007fffe48ad910 R08: 0000000000000001 R09: 00005555574fc940 [ 3381.738681][T28793] R10: 00005555574fcc10 R11: 0000000000000246 R12: 0000000000000001 [ 3381.738687][T28793] R13: 0000000000000000 R14: 0000000000000000 R15: 00007fffe48ad960 [ 3381.764672][T28793] memory: usage 307200kB, limit 307200kB, failcnt 34700 [ 3381.793582][T28793] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3381.804969][T28793] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3381.815717][T28793] Memory cgroup stats for /syz1: cache:88KB rss:98736KB rss_huge:0KB shmem:8KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:98728KB inactive_file:68KB active_file:184KB unevictable:0KB [ 3381.842968][T28793] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=10594,uid=0 [ 3381.859864][T28793] Memory cgroup out of memory: Killed process 10594 (syz-executor.1) total-vm:72580kB, anon-rss:168kB, file-rss:35792kB, shmem-rss:0kB [ 3381.883467][T28662] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3381.895569][T28662] CPU: 1 PID: 28662 Comm: syz-executor.5 Not tainted 5.1.0-rc5-next-20190418 #28 [ 3381.904912][T28662] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3381.915189][T28662] Call Trace: [ 3381.918506][T28662] dump_stack+0x172/0x1f0 [ 3381.922857][T28662] dump_header+0x10f/0xb6c [ 3381.927438][T28662] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3381.933327][T28662] ? ___ratelimit+0x60/0x595 [ 3381.938001][T28662] ? do_raw_spin_unlock+0x57/0x270 [ 3381.943117][T28662] oom_kill_process.cold+0x10/0x15 [ 3381.948358][T28662] out_of_memory+0x79a/0x1280 [ 3381.953034][T28662] ? oom_killer_disable+0x280/0x280 [ 3381.958399][T28662] ? find_held_lock+0x35/0x130 [ 3381.963282][T28662] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3381.968817][T28662] ? memcg_event_wake+0x230/0x230 [ 3381.973849][T28662] ? do_raw_spin_unlock+0x57/0x270 [ 3381.987438][T28662] ? _raw_spin_unlock+0x2d/0x50 [ 3382.000764][T28662] try_charge+0x118d/0x1790 [ 3382.005279][T28662] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3382.011004][T28662] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3382.017241][T28662] ? kasan_check_read+0x11/0x20 [ 3382.022085][T28662] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3382.027737][T28662] mem_cgroup_try_charge+0x24d/0x5e0 [ 3382.033040][T28662] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3382.038668][T28662] wp_page_copy+0x416/0x1770 [ 3382.043318][T28662] ? do_wp_page+0x486/0x1500 [ 3382.047984][T28662] ? pmd_pfn+0x1d0/0x1d0 [ 3382.052244][T28662] ? lock_downgrade+0x880/0x880 [ 3382.057365][T28662] ? __pte_alloc_kernel+0x220/0x220 [ 3382.062647][T28662] ? kasan_check_read+0x11/0x20 [ 3382.067486][T28662] ? do_raw_spin_unlock+0x57/0x270 [ 3382.072765][T28662] do_wp_page+0x48e/0x1500 [ 3382.077174][T28662] ? do_raw_spin_lock+0x12a/0x2e0 [ 3382.082274][T28662] ? rwlock_bug.part.0+0x90/0x90 [ 3382.087248][T28662] ? finish_mkwrite_fault+0x540/0x540 [ 3382.092602][T28662] ? add_mm_counter_fast.part.0+0x40/0x40 [ 3382.098320][T28662] __handle_mm_fault+0x22e8/0x3ec0 [ 3382.103442][T28662] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3382.108974][T28662] ? find_held_lock+0x35/0x130 [ 3382.113718][T28662] ? handle_mm_fault+0x292/0xa90 [ 3382.118649][T28662] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3382.124877][T28662] ? kasan_check_read+0x11/0x20 [ 3382.129744][T28662] handle_mm_fault+0x3b7/0xa90 [ 3382.134586][T28662] __do_page_fault+0x5ef/0xda0 [ 3382.139349][T28662] do_page_fault+0x71/0x581 [ 3382.143861][T28662] ? page_fault+0x8/0x30 [ 3382.148094][T28662] page_fault+0x1e/0x30 [ 3382.152274][T28662] RIP: 0033:0x40de98 [ 3382.156164][T28662] Code: 8b 34 c6 4a 8d 04 2e 48 3d ff ff ff 7e 0f 86 77 ff ff ff bf 2c e2 4b 00 31 c0 e8 83 3a ff ff 31 ff e8 cc 36 ff ff 0f 1f 40 00 <89> 3c b5 00 00 73 00 eb b6 31 ed 0f 1f 44 00 00 80 3d ce 25 64 00 [ 3382.175954][T28662] RSP: 002b:00007ffc1533c090 EFLAGS: 00010246 [ 3382.182012][T28662] RAX: 00000000caf71084 RBX: 00000000f594c188 RCX: 0000001b2e620000 [ 3382.189998][T28662] RDX: 0000000000000000 RSI: 0000000000001084 RDI: ffffffffcaf71084 [ 3382.197963][T28662] RBP: 0000000000000005 R08: 00000000caf71084 R09: 00000000caf71088 [ 3382.206028][T28662] R10: 00007ffc1533c220 R11: 0000000000000246 R12: 000000000073bf88 [ 3382.214132][T28662] R13: 0000000080000000 R14: 00007fea32625008 R15: 0000000000000005 [ 3382.225882][T28662] memory: usage 307176kB, limit 307200kB, failcnt 96250 [ 3382.238028][T28662] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3382.245578][T28662] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3382.252559][T28662] Memory cgroup stats for /syz5: cache:124KB rss:99432KB rss_huge:0KB shmem:132KB mapped_file:0KB dirty:132KB writeback:0KB swap:0KB inactive_anon:132KB active_anon:99468KB inactive_file:4KB active_file:0KB unevictable:0KB [ 3382.275213][T28662] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=6645,uid=0 [ 3382.291209][T28662] Memory cgroup out of memory: Killed process 6645 (syz-executor.5) total-vm:72448kB, anon-rss:156kB, file-rss:34816kB, shmem-rss:0kB [ 3382.307801][ T1044] oom_reaper: reaped process 6645 (syz-executor.5), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 3382.333145][T28794] syz-executor.5 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 3382.345897][T28794] CPU: 0 PID: 28794 Comm: syz-executor.5 Not tainted 5.1.0-rc5-next-20190418 #28 [ 3382.355557][T28794] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3382.366843][T28794] Call Trace: [ 3382.370302][T28794] dump_stack+0x172/0x1f0 [ 3382.374652][T28794] dump_header+0x10f/0xb6c [ 3382.379203][T28794] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3382.385036][T28794] ? ___ratelimit+0x60/0x595 [ 3382.389755][T28794] ? do_raw_spin_unlock+0x57/0x270 [ 3382.394971][T28794] oom_kill_process.cold+0x10/0x15 [ 3382.400126][T28794] out_of_memory+0x79a/0x1280 [ 3382.404895][T28794] ? lock_downgrade+0x880/0x880 [ 3382.410078][T28794] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3382.416370][T28794] ? oom_killer_disable+0x280/0x280 [ 3382.421670][T28794] ? find_held_lock+0x35/0x130 [ 3382.426462][T28794] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3382.432008][T28794] ? memcg_event_wake+0x230/0x230 [ 3382.437041][T28794] ? do_raw_spin_unlock+0x57/0x270 [ 3382.442246][T28794] ? _raw_spin_unlock+0x2d/0x50 [ 3382.447144][T28794] try_charge+0x118d/0x1790 [ 3382.451762][T28794] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3382.457432][T28794] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 3382.462984][T28794] ? find_held_lock+0x35/0x130 [ 3382.467758][T28794] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 3382.473402][T28794] __memcg_kmem_charge_memcg+0x7c/0x130 [ 3382.478971][T28794] ? memcg_kmem_put_cache+0xb0/0xb0 [ 3382.484178][T28794] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3382.489744][T28794] __memcg_kmem_charge+0x136/0x300 [ 3382.494891][T28794] __alloc_pages_nodemask+0x437/0x7e0 [ 3382.500286][T28794] ? __alloc_pages_slowpath+0x28b0/0x28b0 [ 3382.506138][T28794] ? copy_page_range+0x128a/0x1fc0 [ 3382.511380][T28794] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3382.517677][T28794] alloc_pages_current+0x107/0x210 [ 3382.522845][T28794] pte_alloc_one+0x1b/0x1a0 [ 3382.527388][T28794] __pte_alloc+0x20/0x310 [ 3382.537840][T28794] copy_page_range+0x1561/0x1fc0 [ 3382.542885][T28794] ? __lock_acquire+0x548/0x3fb0 [ 3382.547870][T28794] ? pmd_alloc+0x180/0x180 [ 3382.552418][T28794] ? vma_gap_callbacks_rotate+0x62/0x80 [ 3382.557989][T28794] ? __rb_insert_augmented+0x231/0xdf0 [ 3382.563455][T28794] ? validate_mm_rb+0xa3/0xc0 [ 3382.568230][T28794] ? __vma_link_rb+0x279/0x370 [ 3382.572992][T28794] ? kasan_check_write+0x14/0x20 [ 3382.577941][T28794] copy_process.part.0+0x5afb/0x7a90 [ 3382.583244][T28794] ? __cleanup_sighand+0x60/0x60 [ 3382.588295][T28794] _do_fork+0x257/0xfd0 [ 3382.592458][T28794] ? fork_idle+0x1d0/0x1d0 [ 3382.596876][T28794] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3382.602355][T28794] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3382.607926][T28794] ? do_syscall_64+0x26/0x670 [ 3382.612611][T28794] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3382.618803][T28794] ? do_syscall_64+0x26/0x670 [ 3382.623589][T28794] __x64_sys_clone+0xbf/0x150 [ 3382.628268][T28794] do_syscall_64+0x103/0x670 [ 3382.632980][T28794] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3382.638877][T28794] RIP: 0033:0x458c29 [ 3382.642770][T28794] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3382.662488][T28794] RSP: 002b:00007fea30623c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 3382.670909][T28794] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000458c29 [ 3382.678886][T28794] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 3382.686956][T28794] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 3382.695044][T28794] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fea306246d4 [ 3382.703056][T28794] R13: 00000000004befd3 R14: 00000000004d0020 R15: 00000000ffffffff [ 3382.712180][T28794] memory: usage 307040kB, limit 307200kB, failcnt 96306 [ 3382.719338][T28794] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3382.726824][T28794] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3382.733869][T28794] Memory cgroup stats for /syz5: cache:124KB rss:99432KB rss_huge:0KB shmem:132KB mapped_file:0KB dirty:132KB writeback:0KB swap:0KB inactive_anon:132KB active_anon:99468KB inactive_file:4KB active_file:0KB unevictable:0KB [ 3382.755698][T28794] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=6717,uid=0 [ 3382.771359][T28794] Memory cgroup out of memory: Killed process 6717 (syz-executor.5) total-vm:72448kB, anon-rss:156kB, file-rss:34816kB, shmem-rss:0kB [ 3382.786943][ T1044] oom_reaper: reaped process 6717 (syz-executor.5), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 3382.809756][T28943] syz-executor.5 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 3382.822172][T28943] CPU: 1 PID: 28943 Comm: syz-executor.5 Not tainted 5.1.0-rc5-next-20190418 #28 [ 3382.831366][T28943] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3382.841588][T28943] Call Trace: [ 3382.844900][T28943] dump_stack+0x172/0x1f0 [ 3382.849239][T28943] dump_header+0x10f/0xb6c [ 3382.853652][T28943] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3382.859777][T28943] ? ___ratelimit+0x60/0x595 [ 3382.864536][T28943] ? do_raw_spin_unlock+0x57/0x270 [ 3382.869740][T28943] oom_kill_process.cold+0x10/0x15 [ 3382.874855][T28943] out_of_memory+0x79a/0x1280 [ 3382.879535][T28943] ? lock_downgrade+0x880/0x880 [ 3382.884394][T28943] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3382.890778][T28943] ? oom_killer_disable+0x280/0x280 [ 3382.895997][T28943] ? find_held_lock+0x35/0x130 [ 3382.900895][T28943] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3382.906574][T28943] ? memcg_event_wake+0x230/0x230 [ 3382.911628][T28943] ? do_raw_spin_unlock+0x57/0x270 [ 3382.916743][T28943] ? _raw_spin_unlock+0x2d/0x50 [ 3382.921793][T28943] try_charge+0x118d/0x1790 [ 3382.926310][T28943] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3382.931984][T28943] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 3382.937709][T28943] ? find_held_lock+0x35/0x130 [ 3382.942573][T28943] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 3382.948310][T28943] __memcg_kmem_charge_memcg+0x7c/0x130 [ 3382.953871][T28943] ? memcg_kmem_put_cache+0xb0/0xb0 [ 3382.959338][T28943] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3382.964976][T28943] __memcg_kmem_charge+0x136/0x300 [ 3382.970102][T28943] __alloc_pages_nodemask+0x437/0x7e0 [ 3382.975589][T28943] ? __pud_alloc+0x1d3/0x250 [ 3382.980263][T28943] ? __alloc_pages_slowpath+0x28b0/0x28b0 [ 3382.985983][T28943] ? __pud_alloc+0x1d3/0x250 [ 3382.990582][T28943] ? lock_downgrade+0x880/0x880 [ 3382.995438][T28943] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3383.001809][T28943] alloc_pages_current+0x107/0x210 [ 3383.007049][T28943] ? do_raw_spin_unlock+0x57/0x270 [ 3383.012172][T28943] __pmd_alloc+0x41/0x460 [ 3383.016575][T28943] ? pmd_val+0x100/0x100 [ 3383.020856][T28943] pmd_alloc+0x10c/0x180 [ 3383.025110][T28943] copy_page_range+0x63c/0x1fc0 [ 3383.029966][T28943] ? __lock_acquire+0x548/0x3fb0 [ 3383.034918][T28943] ? anon_vma_fork+0x371/0x4a0 [ 3383.039727][T28943] ? find_held_lock+0x35/0x130 [ 3383.044596][T28943] ? copy_process.part.0+0x3159/0x7a90 [ 3383.050059][T28943] ? pmd_alloc+0x180/0x180 [ 3383.054490][T28943] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 3383.060304][T28943] ? validate_mm_rb+0xa3/0xc0 [ 3383.065008][T28943] ? __vma_link_rb+0x279/0x370 [ 3383.069868][T28943] ? kasan_check_write+0x14/0x20 [ 3383.074826][T28943] copy_process.part.0+0x5afb/0x7a90 [ 3383.080230][T28943] ? __cleanup_sighand+0x60/0x60 [ 3383.085206][T28943] _do_fork+0x257/0xfd0 [ 3383.089364][T28943] ? fork_idle+0x1d0/0x1d0 [ 3383.093882][T28943] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3383.099348][T28943] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3383.104802][T28943] ? do_syscall_64+0x26/0x670 [ 3383.109473][T28943] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3383.115535][T28943] ? do_syscall_64+0x26/0x670 [ 3383.120327][T28943] __x64_sys_clone+0xbf/0x150 [ 3383.125014][T28943] do_syscall_64+0x103/0x670 [ 3383.129605][T28943] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3383.135897][T28943] RIP: 0033:0x458c29 [ 3383.139812][T28943] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3383.159729][T28943] RSP: 002b:00007fea30602c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 3383.168138][T28943] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000458c29 [ 3383.176116][T28943] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 3383.184179][T28943] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 3383.192400][T28943] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fea306036d4 [ 3383.200471][T28943] R13: 00000000004befd3 R14: 00000000004d0020 R15: 00000000ffffffff [ 3383.209427][T28943] memory: usage 307040kB, limit 307200kB, failcnt 96325 [ 3383.216379][T28943] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3383.223943][T28943] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 03:43:26 executing program 5: socket$inet_udplite(0x2, 0x2, 0x88) sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000002300)}, 0x0) clone(0x0, 0x0, 0x0, 0x0, 0x0) sysinfo(&(0x7f0000000000)=""/248) r0 = socket$inet(0x10, 0x3, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$sock_ifreq(r1, 0x89f1, &(0x7f0000000180)={'ip6tnl0\x00', @ifru_flags}) 03:43:26 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$inet(0x2, 0x2000000080003, 0xc) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f00000000c0)=@broute={'broute\x00\x00\x00\x00\x02\x00\x00\x00\x00t\x00', 0x20, 0x1, 0x178, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000800], 0x2, 0x0, &(0x7f0000000800)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe, 0x1, [{{{0x11, 0x0, 0x0, 'bcsf0\x00\x00\x00\x00\b\x00', 'veth0_to_bond\x00\x06\x00', 'vcan0\x00', 'vlan0\x00', @broadcast, [], @link_local, [], 0xb0, 0xb0, 0xe8, [@devgroup={'devgroup\x00', 0x18, {{0x38}}}]}}, @common=@dnat={'dnat\x00', 0x10, {{@link_local}}}}]}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}]}, 0x1f0) fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0) 03:43:26 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0xe00, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:43:26 executing program 3: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = geteuid() getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000500)={0x0, 0x0}, &(0x7f0000000540)=0xc) syz_mount_image$f2fs(&(0x7f0000000100)='f2fs\x00', &(0x7f0000000140)='./file0\x00', 0x7fffffff, 0x4, &(0x7f0000000480)=[{&(0x7f0000000180)="7ef8fd9b7784fcb5224540bcbb55d69c149fd43cfe3be99620d50bb90b2a6cd0e4a1359bec0bedfb69ee004ce6890427e39462b4caf946f425b16c8a2c457219a989b133c26757fc75b61237603220f1db6031030ad2df30dd7b5c7e65f710fb44beea93d359c5b5b8a3d31bcde2f6be74aab09b4812e847878cc7205d0d275cfafb80932c985c8af3", 0x89, 0x1}, {&(0x7f0000000240)="894c0b970f9114f7f74083d1188bd98bba695cdc01f2", 0x16, 0x6}, {&(0x7f0000000280)="73a8f1e001d1a00faeb29488684919a2259ca20a0397bfb234dd1f25037f298c3eb2afb777d70ccd96f1bd6ac6d0f073d383a059116a5cb9541857427a7e3a0883e18a6d08f1a373e677bb837058efdd894fba514e4f01e475cbcb605c25a1d7b1f02ae204d2dba8e6e0ea330caf4244c0bb75bd85fdc40bb73627bd18bf84205e47b191d9374b55ca0908dda1ab4ba62cb38d4f797f0a990dd98f9d68c6ac9e94bbb75dfa5cd4ec0e78fd46e14117e6af88ec26c06c4bcd30e45e846819d77e8a2d04ae7bc067c8934fe5140ca0999a4b0b", 0xd2, 0x7}, {&(0x7f0000000380)="e1d36aba27d09be018b120888568b487fb41e79540084973b42e0c2d24dc5d4f410fd67ec753992d3dcf4ca4eb57aeeefcad696fe338e36101e0e0cc2eaec0b11ef74054f0dc9c39a55c0a95500d787037ff1f8d5013c5025122f4a25c2e93d4d3a6e9122e244957f00ed2a4bd5ac2fe98c62846149392889be1dd4dc3ed9cdbbce246807f4e9dc01adeaf1405a933c6abc41e51bafaa0afa3bfceb43f30cd8fbf17ba308511694a8226dec5681d6e19236cc9dae872f2d694925e15d8106251b43da6b9407d67d7e473e0a0091d912f60a9bf942c8b5a8f1e3ab05b95d358e8c49a42869efc6cbc4c9c8bfbfd6a86b6", 0xf0, 0x2}], 0x2008000, &(0x7f0000000580)={[{@alloc_mode_reuse='alloc_mode=reuse'}, {@noextent_cache='noextent_cache'}, {@noquota='noquota'}], [{@dont_measure='dont_measure'}, {@context={'context', 0x3d, 'root'}}, {@smackfshat={'smackfshat'}}, {@euid_gt={'euid>', r0}}, {@subj_user={'subj_user', 0x3d, 'system)&ppp0@\''}}, {@uid_gt={'uid>', r1}}, {@permit_directio='permit_directio'}, {@appraise_type='appraise_type=imasig'}]}) r2 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r2, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x105000, 0x800}, 0x18) r3 = getpgid(0x0) sched_getaffinity(r3, 0x8, &(0x7f00000000c0)) 03:43:26 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000340)={0x0, 0x3b00, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:43:26 executing program 1: socket$inet_udplite(0x2, 0x2, 0x88) clock_gettime(0x0, &(0x7f0000000100)) sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000002300)=[{&(0x7f0000001300)}], 0x1}, 0x0) perf_event_open(&(0x7f0000000080)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x2102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ubi_ctrl\x00', 0x60d00, 0x0) getsockname$netlink(r0, &(0x7f00000001c0), &(0x7f0000000200)=0xc) gettid() clone(0x3000000b8160102, 0x0, 0x0, 0x0, 0x0) wait4(0x0, 0x0, 0x0, 0x0) sysinfo(&(0x7f0000000000)=""/248) r1 = socket$inet(0x10, 0x3, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) setsockopt$IP_VS_SO_SET_FLUSH(0xffffffffffffffff, 0x0, 0x485, 0x0, 0x0) ioctl$sock_ifreq(r2, 0x89f1, &(0x7f0000000180)={'ip6tnl0\x00', @ifru_flags}) [ 3383.230848][T28943] Memory cgroup stats for /syz5: cache:124KB rss:99564KB rss_huge:0KB shmem:132KB mapped_file:0KB dirty:132KB writeback:0KB swap:0KB inactive_anon:132KB active_anon:99468KB inactive_file:4KB active_file:0KB unevictable:0KB [ 3383.252777][T28943] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=28662,uid=0 [ 3383.268542][T28943] Memory cgroup out of memory: Killed process 28662 (syz-executor.5) total-vm:72580kB, anon-rss:160kB, file-rss:35724kB, shmem-rss:0kB 03:43:26 executing program 1: socket$inet_udplite(0x2, 0x2, 0x88) clock_gettime(0x0, &(0x7f0000000100)) sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000002300)=[{&(0x7f0000001300)}], 0x1}, 0x0) perf_event_open(&(0x7f0000000080)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x2102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) gettid() clone(0x3000000b8160102, 0x0, 0x0, 0x0, 0x0) wait4(0x0, 0x0, 0x0, 0x0) sysinfo(&(0x7f0000000000)=""/248) r0 = syz_open_dev$amidi(&(0x7f0000001580)='/dev/amidi#\x00', 0x1, 0x4000) setsockopt$inet_sctp_SCTP_FRAGMENT_INTERLEAVE(r0, 0x84, 0x12, &(0x7f00000015c0)=0x7, 0x4) r1 = socket$inet(0x10, 0x3, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) setsockopt$IP_VS_SO_SET_FLUSH(0xffffffffffffffff, 0x0, 0x485, 0x0, 0x0) ioctl$sock_ifreq(r2, 0x89f1, &(0x7f0000000180)={'ip6tnl0\x00', @ifru_flags}) 03:43:27 executing program 3: r0 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x1, 0x2) shutdown(r0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$BLKGETSIZE(r0, 0x1260, &(0x7f0000000080)) openat$vimc0(0xffffffffffffff9c, &(0x7f0000000040)='/dev/video0\x00', 0x2, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f00000000c0)={'syz_tun\x00', &(0x7f0000000180)=ANY=[@ANYBLOB="2600000000000018"]}) [ 3383.511092][T29003] syz-executor.5 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 3383.534921][T29003] CPU: 0 PID: 29003 Comm: syz-executor.5 Not tainted 5.1.0-rc5-next-20190418 #28 [ 3383.544072][T29003] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3383.554147][T29003] Call Trace: [ 3383.557468][T29003] dump_stack+0x172/0x1f0 [ 3383.561813][T29003] dump_header+0x10f/0xb6c [ 3383.566356][T29003] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3383.572266][T29003] ? ___ratelimit+0x60/0x595 [ 3383.576878][T29003] ? do_raw_spin_unlock+0x57/0x270 [ 3383.582018][T29003] oom_kill_process.cold+0x10/0x15 [ 3383.587157][T29003] out_of_memory+0x79a/0x1280 [ 3383.591861][T29003] ? lock_downgrade+0x880/0x880 [ 3383.596726][T29003] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3383.602967][T29003] ? oom_killer_disable+0x280/0x280 03:43:27 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000001c0)="0adc1f123c123f319bd070") clone(0x9a0009fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/icmp6\x00') ioctl$TUNGETIFF(r1, 0x800454d2, &(0x7f0000000040)) [ 3383.602981][T29003] ? find_held_lock+0x35/0x130 [ 3383.603003][T29003] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3383.603015][T29003] ? memcg_event_wake+0x230/0x230 [ 3383.603033][T29003] ? do_raw_spin_unlock+0x57/0x270 [ 3383.603048][T29003] ? _raw_spin_unlock+0x2d/0x50 [ 3383.603066][T29003] try_charge+0x118d/0x1790 [ 3383.603085][T29003] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3383.603097][T29003] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 3383.603109][T29003] ? find_held_lock+0x35/0x130 [ 3383.603122][T29003] ? get_mem_cgroup_from_mm+0x10b/0x2b0 03:43:27 executing program 3: r0 = syz_open_dev$media(&(0x7f00000001c0)='/dev/media#\x00', 0x4, 0x105000) syz_genetlink_get_family_id$tipc2(&(0x7f0000000240)='TIPCv2\x00') sendmsg$TIPC_NL_MEDIA_GET(r0, &(0x7f0000000500)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000004c0), 0x1, 0x0, 0x0, 0xc001}, 0x4004000) r1 = syz_open_dev$audion(&(0x7f0000000000)='/dev/audio#\x00', 0x0, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x5) setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f0000000040)=0x74, 0x4) syz_genetlink_get_family_id$ipvs(&(0x7f0000000540)='IPVS\x00') bind$inet(r2, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000b86000)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) ioctl$VIDIOC_G_OUTPUT(r1, 0x8004562e, &(0x7f0000000580)) sendto$inet(r2, 0x0, 0x0, 0x200007fd, &(0x7f0000000680)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r2, 0x6, 0xd, &(0x7f0000000400)='bbr\x00', 0xb4) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000080)=0xda9, 0x4) r3 = fcntl$dupfd(r2, 0x0, r2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f0000000480)={0x8c, 0x18, 0xfa00, {0x10000000064, &(0x7f0000000440), 0x100000000000000, 0x5c, [0x9c00, 0x2ca13d]}}, 0xfef5) syz_genetlink_get_family_id$tipc(&(0x7f00000002c0)='TIPC\x00') sendmsg$TIPC_CMD_GET_NETID(r0, &(0x7f0000000380)={&(0x7f0000000280), 0xc, 0x0, 0x1, 0x0, 0x0, 0x20000804}, 0x4800) [ 3383.603144][T29003] __memcg_kmem_charge_memcg+0x7c/0x130 [ 3383.618645][T29003] ? memcg_kmem_put_cache+0xb0/0xb0 [ 3383.618668][T29003] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3383.618683][T29003] __memcg_kmem_charge+0x136/0x300 [ 3383.618700][T29003] __alloc_pages_nodemask+0x437/0x7e0 [ 3383.618715][T29003] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3383.618729][T29003] ? __alloc_pages_slowpath+0x28b0/0x28b0 [ 3383.618750][T29003] ? copy_process.part.0+0x1d40/0x7a90 [ 3383.704257][T29003] ? lockdep_hardirqs_on+0x418/0x5d0 [ 3383.709614][T29003] ? trace_hardirqs_on+0x67/0x230 [ 3383.714780][T29003] ? kasan_check_read+0x11/0x20 [ 3383.719673][T29003] copy_process.part.0+0x3e0/0x7a90 [ 3383.724979][T29003] ? psi_memstall_leave+0x11c/0x180 [ 3383.730203][T29003] ? kvm_sched_clock_read+0x9/0x20 [ 3383.735356][T29003] ? psi_memstall_leave+0x12e/0x180 [ 3383.740574][T29003] ? find_held_lock+0x35/0x130 [ 3383.745367][T29003] ? psi_memstall_leave+0x12e/0x180 [ 3383.750681][T29003] ? __cleanup_sighand+0x60/0x60 [ 3383.755644][T29003] ? __lock_acquire+0x548/0x3fb0 [ 3383.760696][T29003] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3383.766968][T29003] _do_fork+0x257/0xfd0 [ 3383.771146][T29003] ? fork_idle+0x1d0/0x1d0 [ 3383.775677][T29003] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3383.781182][T29003] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3383.786760][T29003] ? do_syscall_64+0x26/0x670 [ 3383.791461][T29003] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3383.797548][T29003] ? do_syscall_64+0x26/0x670 [ 3383.802275][T29003] __x64_sys_clone+0xbf/0x150 [ 3383.807321][T29003] do_syscall_64+0x103/0x670 03:43:27 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) r1 = fcntl$dupfd(r0, 0x406, r0) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000200)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r1, &(0x7f00000003c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x20040802}, 0xc, &(0x7f0000000380)={&(0x7f0000000240)=ANY=[@ANYBLOB="10010000", @ANYRES16=r2, @ANYBLOB="000329bd7000fbdbdf2512000000fc020000000003000100000008000300030000002c000200080003000800000008000400ffff00000800040000000000080002009e0e0000080002000300000044000200080003000000000008000300070000000800030006000000080001001000000008000200080000000800020008000000080003001dc30000080003000500000008000300e7e50000180001006574683a6272696467655f736c6176655f310000380004001400010002004e22ffffffff0000079800000000200002000a004e2f00000081fe80000000000000000000000000000eeaffffff0c0002000800030001000080140002000800040000000000080003001b550000"], 0x110}, 0x1, 0x0, 0x0, 0x20000000}, 0x4801) r3 = getpid() r4 = syz_open_procfs(0x0, &(0x7f0000000100)='autogroup\x00') perf_event_open(&(0x7f0000000080)={0x0, 0x70, 0x1, 0x2, 0x6, 0x94, 0x0, 0x4, 0x10210, 0xa, 0x1f, 0x1000000, 0x0, 0x41a, 0x3, 0x7, 0x3, 0xfffffffffffffffb, 0x1, 0x7ff, 0x1, 0xc2, 0x75d, 0x36, 0x101, 0x2, 0x80, 0x2, 0xffffffff7fffffff, 0x3, 0x3895d0ec, 0x0, 0x9, 0xa84b, 0x5, 0x8, 0x100000001, 0x1, 0x0, 0x8001, 0x4, @perf_bp={&(0x7f0000000040), 0x5}, 0x208, 0xb2, 0x5, 0x0, 0x4, 0x100, 0x6}, r3, 0x3, r4, 0x8) bind$alg(r0, &(0x7f0000000140)={0x26, 'hash\x00', 0x0, 0x0, 'cmac(camellia-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000000)="d281011850679959d5e5b54b0893105397caab00d9bfdc62d9445d5db9d581af", 0x20) [ 3383.811931][T29003] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3383.817830][T29003] RIP: 0033:0x45b5f9 [ 3383.821908][T29003] Code: ff 48 85 f6 0f 84 d7 8e fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8e fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 3383.841621][T29003] RSP: 002b:00007ffc1533c028 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 3383.841640][T29003] RAX: ffffffffffffffda RBX: 00007fea30603700 RCX: 000000000045b5f9 03:43:27 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0xec0, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) [ 3383.841648][T29003] RDX: 00007fea306039d0 RSI: 00007fea30602db0 RDI: 00000000003d0f00 [ 3383.841655][T29003] RBP: 00007ffc1533c230 R08: 00007fea30603700 R09: 00007fea30603700 [ 3383.841663][T29003] R10: 00007fea306039d0 R11: 0000000000000202 R12: 0000000000000000 [ 3383.841670][T29003] R13: 00007ffc1533c0df R14: 00007fea306039c0 R15: 000000000073bfac [ 3383.859962][T29003] memory: usage 307188kB, limit 307200kB, failcnt 96357 [ 3383.972795][T29003] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3383.985531][T29003] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3383.993322][T29003] Memory cgroup stats for /syz5: cache:124KB rss:99564KB rss_huge:0KB shmem:132KB mapped_file:0KB dirty:132KB writeback:0KB swap:0KB inactive_anon:132KB active_anon:99468KB inactive_file:4KB active_file:0KB unevictable:0KB [ 3384.016847][T29003] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=6933,uid=0 [ 3384.032546][T29003] Memory cgroup out of memory: Killed process 6933 (syz-executor.5) total-vm:72448kB, anon-rss:156kB, file-rss:34816kB, shmem-rss:0kB [ 3384.053294][ T7695] syz-executor.1 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=0 [ 3384.066516][ T7695] CPU: 1 PID: 7695 Comm: syz-executor.1 Not tainted 5.1.0-rc5-next-20190418 #28 [ 3384.075614][ T7695] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3384.085789][ T7695] Call Trace: [ 3384.089084][ T7695] dump_stack+0x172/0x1f0 [ 3384.093616][ T7695] dump_header+0x10f/0xb6c [ 3384.098051][ T7695] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3384.104019][ T7695] ? ___ratelimit+0x60/0x595 [ 3384.108613][ T7695] ? do_raw_spin_unlock+0x57/0x270 [ 3384.113749][ T7695] oom_kill_process.cold+0x10/0x15 [ 3384.118877][ T7695] out_of_memory+0x79a/0x1280 [ 3384.123565][ T7695] ? oom_killer_disable+0x280/0x280 [ 3384.128771][ T7695] ? find_held_lock+0x35/0x130 [ 3384.133849][ T7695] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3384.139422][ T7695] ? memcg_event_wake+0x230/0x230 [ 3384.144446][ T7695] ? do_raw_spin_unlock+0x57/0x270 [ 3384.149548][ T7695] ? _raw_spin_unlock+0x2d/0x50 [ 3384.154408][ T7695] try_charge+0x118d/0x1790 [ 3384.158904][ T7695] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3384.164444][ T7695] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 3384.170068][ T7695] ? find_held_lock+0x35/0x130 [ 3384.174911][ T7695] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 3384.180464][ T7695] __memcg_kmem_charge_memcg+0x7c/0x130 [ 3384.186043][ T7695] ? memcg_kmem_put_cache+0xb0/0xb0 [ 3384.191259][ T7695] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3384.196827][ T7695] __memcg_kmem_charge+0x136/0x300 [ 3384.201941][ T7695] __alloc_pages_nodemask+0x437/0x7e0 [ 3384.207529][ T7695] ? __alloc_pages_slowpath+0x28b0/0x28b0 [ 3384.213270][ T7695] ? copy_page_range+0x128a/0x1fc0 [ 3384.218471][ T7695] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3384.224740][ T7695] alloc_pages_current+0x107/0x210 [ 3384.229859][ T7695] pte_alloc_one+0x1b/0x1a0 [ 3384.234368][ T7695] __pte_alloc+0x20/0x310 [ 3384.238716][ T7695] copy_page_range+0x1561/0x1fc0 [ 3384.243738][ T7695] ? __lock_acquire+0x548/0x3fb0 [ 3384.248696][ T7695] ? pmd_alloc+0x180/0x180 [ 3384.253121][ T7695] ? vma_gap_callbacks_rotate+0x62/0x80 [ 3384.258674][ T7695] ? __rb_insert_augmented+0x231/0xdf0 [ 3384.264125][ T7695] ? validate_mm_rb+0xa3/0xc0 [ 3384.268795][ T7695] ? __vma_link_rb+0x279/0x370 [ 3384.273667][ T7695] ? kasan_check_write+0x14/0x20 [ 3384.278611][ T7695] copy_process.part.0+0x5afb/0x7a90 [ 3384.283913][ T7695] ? __cleanup_sighand+0x60/0x60 [ 3384.288851][ T7695] _do_fork+0x257/0xfd0 [ 3384.293002][ T7695] ? fork_idle+0x1d0/0x1d0 [ 3384.297423][ T7695] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3384.302901][ T7695] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3384.308421][ T7695] ? do_syscall_64+0x26/0x670 [ 3384.313173][ T7695] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3384.319324][ T7695] ? do_syscall_64+0x26/0x670 [ 3384.324014][ T7695] __x64_sys_clone+0xbf/0x150 [ 3384.328790][ T7695] do_syscall_64+0x103/0x670 [ 3384.333388][ T7695] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3384.339287][ T7695] RIP: 0033:0x4571fa [ 3384.343186][ T7695] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 3384.362931][ T7695] RSP: 002b:00007fffe48ad8d0 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 3384.371347][ T7695] RAX: ffffffffffffffda RBX: 00007fffe48ad8d0 RCX: 00000000004571fa [ 3384.379409][ T7695] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 3384.387384][ T7695] RBP: 00007fffe48ad910 R08: 0000000000000001 R09: 00005555574fc940 [ 3384.395448][ T7695] R10: 00005555574fcc10 R11: 0000000000000246 R12: 0000000000000001 [ 3384.403420][ T7695] R13: 0000000000000000 R14: 0000000000000000 R15: 00007fffe48ad960 [ 3384.413141][ T7695] memory: usage 307200kB, limit 307200kB, failcnt 34737 [ 3384.420245][ T7695] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3384.427988][ T7695] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3384.434835][ T7695] Memory cgroup stats for /syz1: cache:88KB rss:98604KB rss_huge:0KB shmem:8KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:98596KB inactive_file:68KB active_file:184KB unevictable:0KB [ 3384.456558][ T7695] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=11399,uid=0 [ 3384.472505][ T7695] Memory cgroup out of memory: Killed process 11399 (syz-executor.1) total-vm:72580kB, anon-rss:168kB, file-rss:35792kB, shmem-rss:0kB [ 3384.488369][ T1044] oom_reaper: reaped process 11399 (syz-executor.1), now anon-rss:0kB, file-rss:34832kB, shmem-rss:0kB [ 3384.501677][T29005] syz-executor.5 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 3384.518853][T29005] CPU: 1 PID: 29005 Comm: syz-executor.5 Not tainted 5.1.0-rc5-next-20190418 #28 [ 3384.528403][T29005] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3384.539382][T29005] Call Trace: [ 3384.542700][T29005] dump_stack+0x172/0x1f0 [ 3384.547068][T29005] dump_header+0x10f/0xb6c [ 3384.551509][T29005] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3384.557351][T29005] ? ___ratelimit+0x60/0x595 [ 3384.561966][T29005] ? do_raw_spin_unlock+0x57/0x270 [ 3384.567205][T29005] oom_kill_process.cold+0x10/0x15 [ 3384.572362][T29005] out_of_memory+0x79a/0x1280 [ 3384.577160][T29005] ? oom_killer_disable+0x280/0x280 [ 3384.582390][T29005] ? find_held_lock+0x35/0x130 [ 3384.587169][T29005] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3384.592742][T29005] ? memcg_event_wake+0x230/0x230 [ 3384.597776][T29005] ? do_raw_spin_unlock+0x57/0x270 [ 3384.602888][T29005] ? _raw_spin_unlock+0x2d/0x50 [ 3384.607745][T29005] try_charge+0x118d/0x1790 [ 3384.612459][T29005] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3384.618119][T29005] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 3384.623769][T29005] ? find_held_lock+0x35/0x130 [ 3384.628565][T29005] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 3384.634135][T29005] __memcg_kmem_charge_memcg+0x7c/0x130 [ 3384.639693][T29005] ? memcg_kmem_put_cache+0xb0/0xb0 [ 3384.644921][T29005] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3384.650563][T29005] __memcg_kmem_charge+0x136/0x300 [ 3384.655778][T29005] __alloc_pages_nodemask+0x437/0x7e0 [ 3384.661161][T29005] ? __pud_alloc+0x1d3/0x250 [ 3384.665848][T29005] ? __alloc_pages_slowpath+0x28b0/0x28b0 [ 3384.671600][T29005] ? __pud_alloc+0x1d3/0x250 [ 3384.676297][T29005] ? lock_downgrade+0x880/0x880 [ 3384.681338][T29005] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3384.687609][T29005] alloc_pages_current+0x107/0x210 [ 3384.692748][T29005] ? do_raw_spin_unlock+0x57/0x270 [ 3384.697958][T29005] __pmd_alloc+0x41/0x460 [ 3384.702379][T29005] ? pmd_val+0x100/0x100 [ 3384.706744][T29005] pmd_alloc+0x10c/0x180 [ 3384.710995][T29005] copy_page_range+0x63c/0x1fc0 [ 3384.715967][T29005] ? anon_vma_fork+0x371/0x4a0 [ 3384.720927][T29005] ? pmd_alloc+0x180/0x180 [ 3384.725354][T29005] ? vma_gap_callbacks_rotate+0x62/0x80 [ 3384.730927][T29005] ? validate_mm_rb+0xa3/0xc0 [ 3384.735618][T29005] ? __vma_link_rb+0x279/0x370 [ 3384.740392][T29005] copy_process.part.0+0x5afb/0x7a90 [ 3384.745726][T29005] ? __cleanup_sighand+0x60/0x60 [ 3384.750773][T29005] _do_fork+0x257/0xfd0 [ 3384.754933][T29005] ? fork_idle+0x1d0/0x1d0 [ 3384.759626][T29005] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3384.765176][T29005] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3384.770746][T29005] ? do_syscall_64+0x26/0x670 [ 3384.775425][T29005] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3384.781512][T29005] ? do_syscall_64+0x26/0x670 [ 3384.786459][T29005] __x64_sys_clone+0xbf/0x150 [ 3384.791161][T29005] do_syscall_64+0x103/0x670 [ 3384.795765][T29005] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3384.801758][T29005] RIP: 0033:0x458c29 [ 3384.805762][T29005] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3384.825736][T29005] RSP: 002b:00007fea30623c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 3384.834259][T29005] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000458c29 [ 3384.842226][T29005] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 3384.850417][T29005] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 3384.858538][T29005] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fea306246d4 [ 3384.866529][T29005] R13: 00000000004befd3 R14: 00000000004d0020 R15: 00000000ffffffff [ 3384.878643][T29005] memory: usage 307072kB, limit 307200kB, failcnt 96388 [ 3384.885686][T29005] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3384.893512][T29005] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3384.900990][T29005] Memory cgroup stats for /syz5: cache:124KB rss:99424KB rss_huge:0KB shmem:132KB mapped_file:0KB dirty:132KB writeback:0KB swap:0KB inactive_anon:132KB active_anon:99468KB inactive_file:4KB active_file:0KB unevictable:0KB [ 3384.923078][T29005] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=29003,uid=0 [ 3384.938894][T29005] Memory cgroup out of memory: Killed process 29003 (syz-executor.5) total-vm:72580kB, anon-rss:164kB, file-rss:35716kB, shmem-rss:0kB [ 3384.958516][T29115] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 3384.969640][T29115] CPU: 0 PID: 29115 Comm: syz-executor.1 Not tainted 5.1.0-rc5-next-20190418 #28 03:43:28 executing program 5: socket$inet_udplite(0x2, 0x2, 0x88) sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000002300)}, 0x0) clone(0x0, 0x0, 0x0, 0x0, 0x0) sysinfo(&(0x7f0000000000)=""/248) r0 = socket$inet(0x10, 0x3, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$sock_ifreq(r1, 0x89f1, &(0x7f0000000180)={'ip6tnl0\x00', @ifru_flags}) 03:43:28 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$inet(0x2, 0x2000000080003, 0xc) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f00000000c0)=@broute={'broute\x00\x00\x00\x00\x02\x00\x00\x00\x00t\x00', 0x20, 0x1, 0x178, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000800], 0x2, 0x0, &(0x7f0000000800)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe, 0x1, [{{{0x11, 0x0, 0x0, 'bcsf0\x00\x00\x00\x00\b\x00', 'veth0_to_bond\x00\a\x00', 'vcan0\x00', 'vlan0\x00', @broadcast, [], @link_local, [], 0xb0, 0xb0, 0xe8, [@devgroup={'devgroup\x00', 0x18, {{0x38}}}]}}, @common=@dnat={'dnat\x00', 0x10, {{@link_local}}}}]}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}]}, 0x1f0) fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0) 03:43:28 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000340)={0x0, 0x3c00, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:43:28 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") sendmmsg(0xffffffffffffffff, &(0x7f0000007e00)=[{{&(0x7f00000004c0)=@in6={0xa, 0x4e22, 0x0, @mcast2}, 0x80, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1400000000000000290000004300dfff040000007db8f94be3e2e3f53c31d8a596f708e2524fc080414678871d7fb8e69a11e9b78e071729113b412f758b7bc21ba22e194825e71f181a865af1ad18b494ac10f174f85bda7b1a774aba0fe56ccc636764ceb8057f67cd0c3e04607cc2d88e1d53e99024376212893e1ad2f3a5a1a6826b475787cc92aab7c2a9ee4d56"], 0x14}}], 0x1, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) socketpair(0xb, 0x6, 0x7, &(0x7f0000000040)={0xffffffffffffffff}) setsockopt$inet_sctp_SCTP_AUTOCLOSE(r2, 0x84, 0x4, &(0x7f0000000080)=0x2, 0x4) sendmmsg(r1, &(0x7f0000007e00), 0x136a88c8311572c, 0x0) arch_prctl$ARCH_GET_CPUID(0x1011) 03:43:28 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0xf00, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) [ 3384.978848][T29115] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3384.989081][T29115] Call Trace: [ 3384.992484][T29115] dump_stack+0x172/0x1f0 [ 3384.996834][T29115] dump_header+0x10f/0xb6c [ 3385.001274][T29115] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3385.007096][T29115] ? ___ratelimit+0x60/0x595 [ 3385.011841][T29115] ? do_raw_spin_unlock+0x57/0x270 [ 3385.017088][T29115] oom_kill_process.cold+0x10/0x15 [ 3385.022219][T29115] out_of_memory+0x79a/0x1280 [ 3385.026920][T29115] ? oom_killer_disable+0x280/0x280 [ 3385.032131][T29115] ? find_held_lock+0x35/0x130 [ 3385.036913][T29115] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3385.042468][T29115] ? memcg_event_wake+0x230/0x230 [ 3385.047725][T29115] ? do_raw_spin_unlock+0x57/0x270 [ 3385.053205][T29115] ? _raw_spin_unlock+0x2d/0x50 [ 3385.058683][T29115] try_charge+0x118d/0x1790 [ 3385.063209][T29115] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3385.068969][T29115] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3385.075229][T29115] ? kasan_check_read+0x11/0x20 [ 3385.080119][T29115] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3385.085690][T29115] mem_cgroup_try_charge+0x24d/0x5e0 [ 3385.091007][T29115] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3385.096872][T29115] wp_page_copy+0x416/0x1770 [ 3385.101516][T29115] ? do_wp_page+0x486/0x1500 [ 3385.106128][T29115] ? pmd_pfn+0x1d0/0x1d0 [ 3385.110389][T29115] ? lock_downgrade+0x880/0x880 [ 3385.115258][T29115] ? swp_swapcount+0x540/0x540 [ 3385.120152][T29115] ? kasan_check_read+0x11/0x20 03:43:28 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet_int(r1, 0x0, 0xf, &(0x7f0000000000)=0xfffffffffffffff9, 0x87) r2 = syz_open_dev$mice(&(0x7f0000000100)='/dev/input/mice\x00', 0x0, 0x40400) read$FUSE(r2, &(0x7f0000000280), 0x1000) getsockopt$inet_mreqn(r0, 0x0, 0x24, &(0x7f0000000080)={@multicast1}, &(0x7f0000000180)=0xc) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f00000000c0)=[@in={0x2, 0x4e20, @rand_addr=0x400}], 0x10) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000240)=[@in={0x2, 0x4e20, @initdev}, @in6={0xa, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0xc0fe], [], @broadcast}}], 0x2c) r3 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm-monitor\x00', 0x103800, 0x0) ioctl$KVM_SET_CPUID2(r3, 0x4008ae90, &(0x7f00000001c0)=ANY=[@ANYBLOB="02000000000000000a00000002000000010000000700000070000000080000000002000000000000000000000000000000000000ffffffff0100000001000000ffffffff2000000001000000000000000000000000000000643a44f95f"]) [ 3385.125011][T29115] ? do_raw_spin_unlock+0x57/0x270 [ 3385.130254][T29115] do_wp_page+0x48e/0x1500 [ 3385.134776][T29115] ? finish_mkwrite_fault+0x540/0x540 [ 3385.141243][T29115] __handle_mm_fault+0x22e8/0x3ec0 [ 3385.146549][T29115] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3385.152196][T29115] ? find_held_lock+0x35/0x130 [ 3385.156981][T29115] ? handle_mm_fault+0x292/0xa90 [ 3385.162202][T29115] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3385.168471][T29115] ? kasan_check_read+0x11/0x20 [ 3385.173438][T29115] handle_mm_fault+0x3b7/0xa90 [ 3385.178234][T29115] __do_page_fault+0x5ef/0xda0 [ 3385.183043][T29115] do_page_fault+0x71/0x581 [ 3385.187647][T29115] ? page_fault+0x8/0x30 [ 3385.192036][T29115] page_fault+0x1e/0x30 [ 3385.196200][T29115] RIP: 0033:0x40ee86 [ 3385.200103][T29115] Code: 16 64 00 49 8b 89 c8 02 00 00 49 8b 91 c0 02 00 00 48 89 4a 08 49 8b 89 c8 02 00 00 48 89 11 48 c7 05 2a 16 64 00 00 00 00 00 <48> c7 05 07 40 30 00 90 2e 71 00 31 d2 48 c7 05 f2 3f 30 00 90 2e [ 3385.219832][T29115] RSP: 002b:00007fffe48ad8c8 EFLAGS: 00010246 [ 3385.225916][T29115] RAX: 00005555574fcc00 RBX: 00007fffe48ad8d0 RCX: 0000000000a504a0 [ 3385.225931][T29115] RDX: 0000000000a504a0 RSI: 0000000000712e90 RDI: 00005555574fcc20 [ 3385.242171][T29115] RBP: 00007fffe48ad910 R08: 0000000000000001 R09: 00005555574fc940 [ 3385.250418][T29115] R10: 00005555574fcc10 R11: 0000000000000202 R12: 0000000000000001 [ 3385.258547][T29115] R13: 0000000000000000 R14: 0000000000000000 R15: 00007fffe48ad960 [ 3385.325327][T29115] memory: usage 306928kB, limit 307200kB, failcnt 34750 [ 3385.355390][T29115] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3385.374552][T29115] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3385.382201][T29115] Memory cgroup stats for /syz1: cache:88KB rss:98604KB rss_huge:0KB shmem:8KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:98728KB inactive_file:68KB active_file:184KB unevictable:0KB [ 3385.412415][T29115] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=12310,uid=0 [ 3385.432581][T29115] Memory cgroup out of memory: Killed process 12310 (syz-executor.1) total-vm:72580kB, anon-rss:168kB, file-rss:35792kB, shmem-rss:0kB 03:43:29 executing program 1: socket$inet_udplite(0x2, 0x2, 0x88) sched_setaffinity(0x0, 0x0, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000000, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000580)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x40000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) connect$bt_l2cap(r1, &(0x7f0000000000)={0x1f, 0x307, {0x0, 0x0, 0x0, 0x0, 0x6}}, 0xe) clock_gettime(0x0, &(0x7f0000000100)) sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000002300)=[{&(0x7f0000001300)}], 0x1}, 0x0) perf_event_open(&(0x7f0000000080)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x2102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) gettid() clone(0x3000000b8160102, 0x0, 0x0, 0x0, 0x0) wait4(0x0, 0x0, 0x0, 0x0) sysinfo(&(0x7f0000000000)=""/248) r2 = socket$inet(0x10, 0x3, 0x0) ioctl$PIO_CMAP(r0, 0x4b71, &(0x7f00000001c0)={0x20, 0x0, 0x9, 0x3, 0x2, 0xfffffffffffffff9}) r3 = fcntl$dupfd(r2, 0x0, r2) setsockopt$IP_VS_SO_SET_FLUSH(r2, 0x0, 0x485, 0x0, 0x0) r4 = syz_genetlink_get_family_id$net_dm(&(0x7f0000000280)='NET_DM\x00') sendmsg$NET_DM_CMD_STOP(r3, &(0x7f0000000340)={&(0x7f0000000240), 0xc, &(0x7f0000000300)={&(0x7f00000002c0)={0x14, r4, 0x300, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x4) ioctl$VHOST_SET_VRING_BASE(r3, 0x4008af12, &(0x7f0000000140)={0x0, 0x1000100000000}) ioctl$sock_ifreq(r3, 0x89f1, &(0x7f0000000180)={'ip6tnl0\x00', @ifru_flags}) write$eventfd(r3, &(0x7f0000000200)=0x40, 0x8) 03:43:29 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x1100, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:43:29 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$inet(0x2, 0x2000000080003, 0xc) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f00000000c0)=@broute={'broute\x00\x00\x00\x00\x02\x00\x00\x00\x00t\x00', 0x20, 0x1, 0x178, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000800], 0x2, 0x0, &(0x7f0000000800)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe, 0x1, [{{{0x11, 0x0, 0x0, 'bcsf0\x00\x00\x00\x00\b\x00', 'veth0_to_bond\x00\t\x00', 'vcan0\x00', 'vlan0\x00', @broadcast, [], @link_local, [], 0xb0, 0xb0, 0xe8, [@devgroup={'devgroup\x00', 0x18, {{0x38}}}]}}, @common=@dnat={'dnat\x00', 0x10, {{@link_local}}}}]}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}]}, 0x1f0) fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0) 03:43:29 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000340)={0x0, 0x3d00, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) [ 3385.486721][T29125] syz-executor.5 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 3385.566260][T29125] CPU: 1 PID: 29125 Comm: syz-executor.5 Not tainted 5.1.0-rc5-next-20190418 #28 [ 3385.575522][T29125] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3385.585944][T29125] Call Trace: [ 3385.589278][T29125] dump_stack+0x172/0x1f0 [ 3385.593652][T29125] dump_header+0x10f/0xb6c [ 3385.598084][T29125] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3385.604168][T29125] ? ___ratelimit+0x60/0x595 [ 3385.608771][T29125] ? do_raw_spin_unlock+0x57/0x270 [ 3385.613998][T29125] oom_kill_process.cold+0x10/0x15 [ 3385.619257][T29125] out_of_memory+0x79a/0x1280 [ 3385.623945][T29125] ? oom_killer_disable+0x280/0x280 [ 3385.629148][T29125] ? find_held_lock+0x35/0x130 [ 3385.634031][T29125] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3385.639593][T29125] ? memcg_event_wake+0x230/0x230 [ 3385.644638][T29125] ? do_raw_spin_unlock+0x57/0x270 [ 3385.649763][T29125] ? _raw_spin_unlock+0x2d/0x50 [ 3385.654631][T29125] try_charge+0x118d/0x1790 [ 3385.659272][T29125] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3385.664822][T29125] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 3385.670378][T29125] ? find_held_lock+0x35/0x130 [ 3385.675224][T29125] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 3385.680856][T29125] __memcg_kmem_charge_memcg+0x7c/0x130 [ 3385.686481][T29125] ? memcg_kmem_put_cache+0xb0/0xb0 [ 3385.691753][T29125] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3385.697286][T29125] __memcg_kmem_charge+0x136/0x300 [ 3385.702472][T29125] __alloc_pages_nodemask+0x437/0x7e0 [ 3385.707829][T29125] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3385.714141][T29125] ? __alloc_pages_slowpath+0x28b0/0x28b0 [ 3385.719849][T29125] ? copy_process.part.0+0x1d40/0x7a90 [ 3385.725292][T29125] ? lockdep_hardirqs_on+0x418/0x5d0 [ 3385.730572][T29125] ? trace_hardirqs_on+0x67/0x230 [ 3385.735668][T29125] ? kasan_check_read+0x11/0x20 [ 3385.740509][T29125] copy_process.part.0+0x3e0/0x7a90 [ 3385.745800][T29125] ? psi_memstall_leave+0x11c/0x180 [ 3385.751072][T29125] ? kvm_sched_clock_read+0x9/0x20 [ 3385.756263][T29125] ? psi_memstall_leave+0x12e/0x180 [ 3385.761447][T29125] ? find_held_lock+0x35/0x130 [ 3385.766296][T29125] ? psi_memstall_leave+0x12e/0x180 [ 3385.771488][T29125] ? __cleanup_sighand+0x60/0x60 [ 3385.776417][T29125] ? __lock_acquire+0x548/0x3fb0 [ 3385.781431][T29125] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3385.787755][T29125] _do_fork+0x257/0xfd0 [ 3385.791912][T29125] ? fork_idle+0x1d0/0x1d0 [ 3385.796493][T29125] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3385.801941][T29125] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3385.807477][T29125] ? do_syscall_64+0x26/0x670 [ 3385.812302][T29125] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3385.818350][T29125] ? do_syscall_64+0x26/0x670 [ 3385.823124][T29125] __x64_sys_clone+0xbf/0x150 [ 3385.828065][T29125] do_syscall_64+0x103/0x670 [ 3385.832653][T29125] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3385.838529][T29125] RIP: 0033:0x45b5f9 [ 3385.842413][T29125] Code: ff 48 85 f6 0f 84 d7 8e fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8e fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 03:43:29 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x1200, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:43:29 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000340)={0x0, 0x3e00, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) [ 3385.862272][T29125] RSP: 002b:00007ffc1533c028 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 3385.871186][T29125] RAX: ffffffffffffffda RBX: 00007fea30603700 RCX: 000000000045b5f9 [ 3385.879159][T29125] RDX: 00007fea306039d0 RSI: 00007fea30602db0 RDI: 00000000003d0f00 [ 3385.887291][T29125] RBP: 00007ffc1533c230 R08: 00007fea30603700 R09: 00007fea30603700 [ 3385.895264][T29125] R10: 00007fea306039d0 R11: 0000000000000202 R12: 0000000000000000 [ 3385.903217][T29125] R13: 00007ffc1533c0df R14: 00007fea306039c0 R15: 000000000073bfac [ 3385.974202][T29125] memory: usage 307156kB, limit 307200kB, failcnt 96425 [ 3385.982449][T29125] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3385.999484][T29125] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3386.008373][T29125] Memory cgroup stats for /syz5: cache:124KB rss:99424KB rss_huge:0KB shmem:132KB mapped_file:0KB dirty:132KB writeback:0KB swap:0KB inactive_anon:132KB active_anon:99468KB inactive_file:4KB active_file:0KB unevictable:0KB [ 3386.072325][T29125] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=7219,uid=0 [ 3386.096487][T29125] Memory cgroup out of memory: Killed process 7219 (syz-executor.5) total-vm:72448kB, anon-rss:156kB, file-rss:34816kB, shmem-rss:0kB 03:43:29 executing program 5: socket$inet_udplite(0x2, 0x2, 0x88) sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000002300)}, 0x0) clone(0x0, 0x0, 0x0, 0x0, 0x0) sysinfo(&(0x7f0000000000)=""/248) r0 = socket$inet(0x10, 0x3, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$sock_ifreq(r1, 0x89f1, &(0x7f0000000180)={'ip6tnl0\x00', @ifru_flags}) 03:43:29 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$inet(0x2, 0x2000000080003, 0xc) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f00000000c0)=@broute={'broute\x00\x00\x00\x00\x02\x00\x00\x00\x00t\x00', 0x20, 0x1, 0x178, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000800], 0x2, 0x0, &(0x7f0000000800)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe, 0x1, [{{{0x11, 0x0, 0x0, 'bcsf0\x00\x00\x00\x00\b\x00', 'veth0_to_bond\x8c\x10\x00', 'vcan0\x00', 'vlan0\x00', @broadcast, [], @link_local, [], 0xb0, 0xb0, 0xe8, [@devgroup={'devgroup\x00', 0x18, {{0x38}}}]}}, @common=@dnat={'dnat\x00', 0x10, {{@link_local}}}}]}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}]}, 0x1f0) fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0) 03:43:29 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000340)={0x0, 0x3f00, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:43:29 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x8001, 0x0) setsockopt$inet_icmp_ICMP_FILTER(r1, 0x1, 0x1, &(0x7f0000000080), 0x4) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x2f, 0xf}}, &(0x7f0000000180)='EP\xd4\x00\x1f\x91\xeb/W\xb72$C0%\x03\x9c0\x96\xb2\fkC\x93H\xbfh\x9c\b`\x857\xd6\">c\xad\xc0bO\xba\xe2\xe1\t5\x9d\xcei\"2L\xcc\x13\x16\vh\xca\xe6C\x06\x97%\x9d\xd5-\x1fs\xe1j\xdc5\x92\xd0)%\xdf\xfa\xe8^\x9c\xd29\x8clg\xc8\x7f\xb5\xb1&\x02\xf1E\xb4\x84\xbeE\x91)f\xe8\xb7\xe2\xf6`i\xc5m\xd7l\x1d\xc1\x12\x01<:kM\xe9\x99\xcd\xcd\xc8\x85Z\xee47\xdc\xc8u\x80\xcf\xbeTo\xbb\xfb\xc0\xebV\xd8\xbb\xbe\xa2\x90J|s\xc2'}, 0x48) 03:43:29 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x1300, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:43:29 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) clock_gettime(0x0, &(0x7f0000000100)) sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000002300)=[{&(0x7f0000001300)}], 0x1}, 0x0) perf_event_open(&(0x7f0000000080)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x2102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) gettid() clone(0x3000000b8160102, 0x0, 0x0, 0x0, 0x0) getsockopt$inet_IP_IPSEC_POLICY(r0, 0x0, 0x10, &(0x7f00000001c0)={{{@in6=@remote, @in=@multicast2}}, {{@in=@dev}, 0x0, @in=@multicast2}}, &(0x7f0000000140)=0xe8) wait4(0x0, 0x0, 0x0, 0x0) sysinfo(&(0x7f0000000000)=""/248) r1 = socket$inet(0x10, 0x3, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) setsockopt$IP_VS_SO_SET_FLUSH(0xffffffffffffffff, 0x0, 0x485, 0x0, 0x0) ioctl$sock_ifreq(r2, 0x89f1, &(0x7f0000000180)={'ip6tnl0\x00', @ifru_flags}) 03:43:29 executing program 1: socket$inet_udplite(0x2, 0x2, 0x88) clock_gettime(0x0, &(0x7f0000000100)) sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000002300)=[{&(0x7f0000001300)}], 0x1}, 0x0) perf_event_open(&(0x7f0000000080)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x2102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) gettid() clone(0x3000000b8160102, 0x0, 0x0, 0x0, 0x0) wait4(0x0, 0x0, 0x0, 0x0) sysinfo(&(0x7f0000000000)=""/248) r0 = socket$inet(0x10, 0x3, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$EVIOCGPHYS(r1, 0x80404507, &(0x7f00000001c0)=""/206) setsockopt$IP_VS_SO_SET_FLUSH(0xffffffffffffffff, 0x0, 0x485, 0x0, 0x0) ioctl$sock_ifreq(r1, 0x89f1, &(0x7f0000000180)={'ip6tnl0\x00', @ifru_flags}) 03:43:29 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x1400, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:43:30 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$inet(0x2, 0x2000000080003, 0xc) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f00000000c0)=@broute={'broute\x00\x00\x00\x00\x02\x00\x00\x00\x00t\x00', 0x20, 0x1, 0x178, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000800], 0x2, 0x0, &(0x7f0000000800)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe, 0x1, [{{{0x11, 0x0, 0x0, 'bcsf0\x00\x00\x00\x00\b\x00', 'veth0_to_bond\x00 \x00', 'vcan0\x00', 'vlan0\x00', @broadcast, [], @link_local, [], 0xb0, 0xb0, 0xe8, [@devgroup={'devgroup\x00', 0x18, {{0x38}}}]}}, @common=@dnat={'dnat\x00', 0x10, {{@link_local}}}}]}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}]}, 0x1f0) fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0) 03:43:30 executing program 3: socket$packet(0x11, 0x0, 0x300) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) close(r1) r2 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r2, &(0x7f0000000180)={0x2, 0x0, @local}, 0x10) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000000)='vcan0\x00', 0x10) setsockopt$sock_int(r2, 0x1, 0x40000000000003c, &(0x7f00000000c0)=0x1, 0x4) syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x4, 0x20000) bpf$OBJ_GET_MAP(0x7, &(0x7f00000001c0)={&(0x7f0000000080)='./file0\x00', 0x0, 0x10}, 0x10) sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="00ddffffff007d419f46db73afabf6eec2190000"], 0x1}}, 0x5000000) 03:43:30 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000340)={0x0, 0x4000, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:43:30 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) syz_mount_image$hfs(&(0x7f0000000000)='hfs\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) clock_gettime(0x2, &(0x7f0000000380)) sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000002300)=[{&(0x7f0000001300)}], 0x1}, 0x0) perf_event_open(&(0x7f0000000080)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x2102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) write(r0, &(0x7f00000001c0)="7411ca1245b71dbbd34328f96fd87be11e6e8779a11adbeca401ffff1a3f5751ea92cec79ec06fbf463cfb2b1ea6d161f3f0aa9c21242280e0e175530d6b72d108506ea9816114af323214b005c6ee08fd6b220d0603525b47f21fa3d370a6d67b8c8f19dbf68ba66ad0a933c286c58477b21cbbd06503be24dd908d16187d4bb7a15483bdfe837e0e4524a0d94cc429ed254d995b1ce0b016bf64f7391f303aa066cb532c6e3b01f20d81dc3d850cc02bdc6750", 0xb4) gettid() clone(0x3000000b8160102, 0x0, 0x0, 0x0, 0x0) wait4(0x0, 0x0, 0x0, 0x0) sysinfo(&(0x7f0000000000)=""/248) ioctl$VT_RELDISP(0xffffffffffffffff, 0x5605) r1 = socket$inet(0x10, 0x3, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) setsockopt$IP_VS_SO_SET_FLUSH(0xffffffffffffffff, 0x0, 0x485, 0x0, 0x0) ioctl$sock_ifreq(r2, 0x89f1, &(0x7f0000000180)={'ip6tnl0\x00', @ifru_flags}) [ 3386.521921][T29540] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3386.605960][T29540] CPU: 0 PID: 29540 Comm: syz-executor.5 Not tainted 5.1.0-rc5-next-20190418 #28 [ 3386.615126][T29540] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3386.625199][T29540] Call Trace: [ 3386.628510][T29540] dump_stack+0x172/0x1f0 [ 3386.632888][T29540] dump_header+0x10f/0xb6c [ 3386.637316][T29540] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3386.643494][T29540] ? ___ratelimit+0x60/0x595 [ 3386.648099][T29540] ? do_raw_spin_unlock+0x57/0x270 [ 3386.653316][T29540] oom_kill_process.cold+0x10/0x15 [ 3386.658448][T29540] out_of_memory+0x79a/0x1280 [ 3386.663144][T29540] ? lock_downgrade+0x880/0x880 [ 3386.668192][T29540] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3386.668211][T29540] ? oom_killer_disable+0x280/0x280 [ 3386.668224][T29540] ? find_held_lock+0x35/0x130 [ 3386.668246][T29540] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3386.668263][T29540] ? memcg_event_wake+0x230/0x230 [ 3386.679789][T29540] ? do_raw_spin_unlock+0x57/0x270 [ 3386.679803][T29540] ? _raw_spin_unlock+0x2d/0x50 [ 3386.679818][T29540] try_charge+0x118d/0x1790 [ 3386.679835][T29540] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3386.679851][T29540] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3386.679869][T29540] ? kasan_check_read+0x11/0x20 [ 3386.726656][T29540] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3386.732203][T29540] mem_cgroup_try_charge+0x24d/0x5e0 [ 3386.737524][T29540] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3386.743342][T29540] wp_page_copy+0x416/0x1770 [ 3386.748014][T29540] ? do_wp_page+0x486/0x1500 [ 3386.752663][T29540] ? pmd_pfn+0x1d0/0x1d0 [ 3386.756906][T29540] ? lock_downgrade+0x880/0x880 [ 3386.761835][T29540] ? __pte_alloc_kernel+0x220/0x220 [ 3386.767040][T29540] ? kasan_check_read+0x11/0x20 [ 3386.771888][T29540] ? do_raw_spin_unlock+0x57/0x270 [ 3386.777044][T29540] do_wp_page+0x48e/0x1500 [ 3386.781597][T29540] ? do_raw_spin_lock+0x12a/0x2e0 [ 3386.786614][T29540] ? rwlock_bug.part.0+0x90/0x90 [ 3386.791630][T29540] ? finish_mkwrite_fault+0x540/0x540 [ 3386.797003][T29540] ? add_mm_counter_fast.part.0+0x40/0x40 [ 3386.802718][T29540] __handle_mm_fault+0x22e8/0x3ec0 [ 3386.808110][T29540] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3386.813651][T29540] ? find_held_lock+0x35/0x130 [ 3386.818474][T29540] ? handle_mm_fault+0x292/0xa90 [ 3386.823496][T29540] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3386.829811][T29540] ? kasan_check_read+0x11/0x20 [ 3386.834648][T29540] handle_mm_fault+0x3b7/0xa90 [ 3386.839420][T29540] __do_page_fault+0x5ef/0xda0 [ 3386.844430][T29540] do_page_fault+0x71/0x581 [ 3386.848926][T29540] ? page_fault+0x8/0x30 [ 3386.853154][T29540] page_fault+0x1e/0x30 [ 3386.857300][T29540] RIP: 0033:0x40de98 [ 3386.861315][T29540] Code: 8b 34 c6 4a 8d 04 2e 48 3d ff ff ff 7e 0f 86 77 ff ff ff bf 2c e2 4b 00 31 c0 e8 83 3a ff ff 31 ff e8 cc 36 ff ff 0f 1f 40 00 <89> 3c b5 00 00 73 00 eb b6 31 ed 0f 1f 44 00 00 80 3d ce 25 64 00 [ 3386.881315][T29540] RSP: 002b:00007ffc1533c090 EFLAGS: 00010246 [ 3386.887406][T29540] RAX: 00000000fc510bf9 RBX: 000000004bf7b1b5 RCX: 0000001b2e620000 [ 3386.895400][T29540] RDX: 0000000000000000 RSI: 0000000000000bf9 RDI: fffffffffc510bf9 [ 3386.903451][T29540] RBP: 0000000000000004 R08: 00000000fc510bf9 R09: 00000000fc510bfd [ 3386.911422][T29540] R10: 00007ffc1533c220 R11: 0000000000000246 R12: 000000000073bf88 [ 3386.919662][T29540] R13: 0000000080000000 R14: 00007fea32625008 R15: 0000000000000004 [ 3386.933694][T29540] memory: usage 307200kB, limit 307200kB, failcnt 96490 [ 3386.941335][T29540] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3386.949476][T29540] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3386.957004][T29540] Memory cgroup stats for /syz5: cache:124KB rss:99556KB rss_huge:0KB shmem:132KB mapped_file:0KB dirty:132KB writeback:0KB swap:0KB inactive_anon:132KB active_anon:99600KB inactive_file:4KB active_file:0KB unevictable:0KB [ 3386.980259][T29540] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=29522,uid=0 [ 3386.996110][T29540] Memory cgroup out of memory: Killed process 29522 (syz-executor.5) total-vm:72580kB, anon-rss:164kB, file-rss:34816kB, shmem-rss:0kB [ 3387.015482][ T1044] oom_reaper: reaped process 29522 (syz-executor.5), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 3387.016643][ T7695] syz-executor.1 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=0 [ 3387.047344][ T7695] CPU: 0 PID: 7695 Comm: syz-executor.1 Not tainted 5.1.0-rc5-next-20190418 #28 [ 3387.056411][ T7695] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3387.066917][ T7695] Call Trace: [ 3387.070221][ T7695] dump_stack+0x172/0x1f0 [ 3387.074654][ T7695] dump_header+0x10f/0xb6c [ 3387.079168][ T7695] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3387.085359][ T7695] ? ___ratelimit+0x60/0x595 [ 3387.090090][ T7695] ? do_raw_spin_unlock+0x57/0x270 [ 3387.095473][ T7695] oom_kill_process.cold+0x10/0x15 [ 3387.100596][ T7695] out_of_memory+0x79a/0x1280 [ 3387.105292][ T7695] ? oom_killer_disable+0x280/0x280 [ 3387.110532][ T7695] ? find_held_lock+0x35/0x130 [ 3387.115425][ T7695] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3387.121081][ T7695] ? memcg_event_wake+0x230/0x230 [ 3387.126108][ T7695] ? do_raw_spin_unlock+0x57/0x270 [ 3387.131229][ T7695] ? _raw_spin_unlock+0x2d/0x50 [ 3387.136098][ T7695] try_charge+0x118d/0x1790 [ 3387.140642][ T7695] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3387.146272][ T7695] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 3387.151839][ T7695] ? find_held_lock+0x35/0x130 [ 3387.156615][ T7695] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 3387.162164][ T7695] __memcg_kmem_charge_memcg+0x7c/0x130 [ 3387.167712][ T7695] ? memcg_kmem_put_cache+0xb0/0xb0 [ 3387.172912][ T7695] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3387.178469][ T7695] __memcg_kmem_charge+0x136/0x300 [ 3387.183598][ T7695] __alloc_pages_nodemask+0x437/0x7e0 [ 3387.188983][ T7695] ? __alloc_pages_slowpath+0x28b0/0x28b0 [ 3387.194906][ T7695] ? copy_page_range+0x128a/0x1fc0 [ 3387.200029][ T7695] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3387.206286][ T7695] alloc_pages_current+0x107/0x210 [ 3387.211417][ T7695] pte_alloc_one+0x1b/0x1a0 [ 3387.215931][ T7695] __pte_alloc+0x20/0x310 [ 3387.220288][ T7695] copy_page_range+0x1561/0x1fc0 [ 3387.225331][ T7695] ? __lock_acquire+0x548/0x3fb0 [ 3387.230407][ T7695] ? pmd_alloc+0x180/0x180 [ 3387.234830][ T7695] ? vma_gap_callbacks_rotate+0x62/0x80 [ 3387.240399][ T7695] ? __rb_insert_augmented+0x231/0xdf0 [ 3387.245854][ T7695] ? validate_mm_rb+0xa3/0xc0 [ 3387.250534][ T7695] ? __vma_link_rb+0x279/0x370 [ 3387.255338][ T7695] ? kasan_check_write+0x14/0x20 [ 3387.260303][ T7695] copy_process.part.0+0x5afb/0x7a90 [ 3387.265692][ T7695] ? __cleanup_sighand+0x60/0x60 [ 3387.270840][ T7695] _do_fork+0x257/0xfd0 [ 3387.275016][ T7695] ? fork_idle+0x1d0/0x1d0 [ 3387.279457][ T7695] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3387.284933][ T7695] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3387.290589][ T7695] ? do_syscall_64+0x26/0x670 [ 3387.295285][ T7695] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3387.301442][ T7695] ? do_syscall_64+0x26/0x670 [ 3387.306146][ T7695] __x64_sys_clone+0xbf/0x150 [ 3387.310843][ T7695] do_syscall_64+0x103/0x670 [ 3387.315464][ T7695] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3387.321453][ T7695] RIP: 0033:0x4571fa [ 3387.325345][ T7695] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 3387.345253][ T7695] RSP: 002b:00007fffe48ad8d0 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 3387.353683][ T7695] RAX: ffffffffffffffda RBX: 00007fffe48ad8d0 RCX: 00000000004571fa [ 3387.361662][ T7695] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 3387.369727][ T7695] RBP: 00007fffe48ad910 R08: 0000000000000001 R09: 00005555574fc940 [ 3387.377714][ T7695] R10: 00005555574fcc10 R11: 0000000000000246 R12: 0000000000000001 [ 3387.385809][ T7695] R13: 0000000000000000 R14: 0000000000000000 R15: 00007fffe48ad960 [ 3387.396167][ T7695] memory: usage 307200kB, limit 307200kB, failcnt 34785 [ 3387.403232][ T7695] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3387.411340][ T7695] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3387.418428][ T7695] Memory cgroup stats for /syz1: cache:88KB rss:98596KB rss_huge:0KB shmem:8KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:98596KB inactive_file:68KB active_file:184KB unevictable:0KB [ 3387.439762][ T7695] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=15584,uid=0 [ 3387.455360][ T7695] Memory cgroup out of memory: Killed process 15584 (syz-executor.1) total-vm:72580kB, anon-rss:168kB, file-rss:35792kB, shmem-rss:0kB [ 3387.471655][ T1044] oom_reaper: reaped process 15584 (syz-executor.1), now anon-rss:0kB, file-rss:34832kB, shmem-rss:0kB [ 3387.476425][T29626] syz-executor.5 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 3387.499739][T29626] CPU: 0 PID: 29626 Comm: syz-executor.5 Not tainted 5.1.0-rc5-next-20190418 #28 [ 3387.508888][T29626] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3387.518967][T29626] Call Trace: [ 3387.523170][T29626] dump_stack+0x172/0x1f0 [ 3387.523197][T29626] dump_header+0x10f/0xb6c [ 3387.532045][T29626] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3387.532067][T29626] ? ___ratelimit+0x60/0x595 [ 3387.542548][T29626] ? do_raw_spin_unlock+0x57/0x270 [ 3387.547679][T29626] oom_kill_process.cold+0x10/0x15 [ 3387.552805][T29626] out_of_memory+0x79a/0x1280 [ 3387.557504][T29626] ? oom_killer_disable+0x280/0x280 [ 3387.561980][T29812] hfs: can't find a HFS filesystem on dev loop1 [ 3387.562823][T29626] ? find_held_lock+0x35/0x130 [ 3387.574127][T29626] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3387.579722][T29626] ? memcg_event_wake+0x230/0x230 [ 3387.584781][T29626] ? do_raw_spin_unlock+0x57/0x270 [ 3387.590224][T29626] ? _raw_spin_unlock+0x2d/0x50 [ 3387.595109][T29626] try_charge+0x118d/0x1790 [ 3387.599644][T29626] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3387.605208][T29626] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 3387.611001][T29626] ? find_held_lock+0x35/0x130 [ 3387.615786][T29626] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 3387.621449][T29626] __memcg_kmem_charge_memcg+0x7c/0x130 [ 3387.627185][T29626] ? memcg_kmem_put_cache+0xb0/0xb0 [ 3387.632405][T29626] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3387.637976][T29626] __memcg_kmem_charge+0x136/0x300 [ 3387.643188][T29626] __alloc_pages_nodemask+0x437/0x7e0 [ 3387.648563][T29626] ? __pud_alloc+0x1d3/0x250 [ 3387.653390][T29626] ? __alloc_pages_slowpath+0x28b0/0x28b0 [ 3387.659114][T29626] ? __pud_alloc+0x1d3/0x250 [ 3387.663739][T29626] ? lock_downgrade+0x880/0x880 [ 3387.668785][T29626] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3387.675156][T29626] alloc_pages_current+0x107/0x210 [ 3387.680296][T29626] ? do_raw_spin_unlock+0x57/0x270 [ 3387.685418][T29626] __pmd_alloc+0x41/0x460 [ 3387.689750][T29626] ? pmd_val+0x100/0x100 [ 3387.694005][T29626] pmd_alloc+0x10c/0x180 [ 3387.698349][T29626] copy_page_range+0x63c/0x1fc0 [ 3387.703215][T29626] ? anon_vma_fork+0x371/0x4a0 [ 3387.708011][T29626] ? pmd_alloc+0x180/0x180 [ 3387.712576][T29626] ? vma_gap_callbacks_rotate+0x62/0x80 [ 3387.718237][T29626] ? validate_mm_rb+0xa3/0xc0 [ 3387.722925][T29626] ? __vma_link_rb+0x279/0x370 [ 3387.727707][T29626] copy_process.part.0+0x5afb/0x7a90 [ 3387.733033][T29626] ? __cleanup_sighand+0x60/0x60 [ 3387.738007][T29626] _do_fork+0x257/0xfd0 [ 3387.742205][T29626] ? fork_idle+0x1d0/0x1d0 [ 3387.746725][T29626] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3387.752445][T29626] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3387.758000][T29626] ? do_syscall_64+0x26/0x670 [ 3387.762693][T29626] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3387.768775][T29626] ? do_syscall_64+0x26/0x670 [ 3387.773634][T29626] __x64_sys_clone+0xbf/0x150 [ 3387.778340][T29626] do_syscall_64+0x103/0x670 [ 3387.782975][T29626] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3387.788872][T29626] RIP: 0033:0x458c29 [ 3387.792782][T29626] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3387.812933][T29626] RSP: 002b:00007fea30623c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 3387.821383][T29626] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000458c29 [ 3387.829764][T29626] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 3387.837938][T29626] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 3387.845934][T29626] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fea306246d4 [ 3387.853919][T29626] R13: 00000000004befd3 R14: 00000000004d0020 R15: 00000000ffffffff [ 3387.863101][T29626] memory: usage 307036kB, limit 307200kB, failcnt 96516 [ 3387.870901][T29626] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3387.878506][T29626] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3387.885445][T29626] Memory cgroup stats for /syz5: cache:124KB rss:99424KB rss_huge:0KB shmem:132KB mapped_file:0KB dirty:132KB writeback:0KB swap:0KB inactive_anon:132KB active_anon:99468KB inactive_file:4KB active_file:0KB unevictable:0KB [ 3387.907566][T29626] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=7501,uid=0 [ 3387.923184][T29626] Memory cgroup out of memory: Killed process 7501 (syz-executor.5) total-vm:72448kB, anon-rss:156kB, file-rss:34816kB, shmem-rss:0kB 03:43:31 executing program 5: socket$inet_udplite(0x2, 0x2, 0x88) sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000002300)}, 0x0) clone(0x0, 0x0, 0x0, 0x0, 0x0) sysinfo(&(0x7f0000000000)=""/248) r0 = socket$inet(0x10, 0x3, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$sock_ifreq(r1, 0x89f1, &(0x7f0000000180)={'ip6tnl0\x00', @ifru_flags}) 03:43:31 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x1500, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:43:31 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000340)={0x0, 0x4100, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:43:31 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_BOOT_CPU_ID(r1, 0xae78, &(0x7f0000000080)=0x1) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r2 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000000)='/dev/cachefiles\x00', 0x400, 0x0) getsockopt$bt_BT_SECURITY(r2, 0x112, 0x4, &(0x7f0000000040), 0x2) ioctl$KVM_SET_BOOT_CPU_ID(r1, 0xae78, 0x0) r3 = semget$private(0x0, 0x2, 0x10) semctl$GETNCNT(r3, 0x3, 0xe, &(0x7f0000000180)=""/4096) 03:43:31 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$inet(0x2, 0x2000000080003, 0xc) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f00000000c0)=@broute={'broute\x00\x00\x00\x00\x02\x00\x00\x00\x00t\x00', 0x20, 0x1, 0x178, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000800], 0x2, 0x0, &(0x7f0000000800)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe, 0x1, [{{{0x11, 0x0, 0x0, 'bcsf0\x00\x00\x00\x00\b\x00', 'veth0_to_bond\x00>\x00', 'vcan0\x00', 'vlan0\x00', @broadcast, [], @link_local, [], 0xb0, 0xb0, 0xe8, [@devgroup={'devgroup\x00', 0x18, {{0x38}}}]}}, @common=@dnat={'dnat\x00', 0x10, {{@link_local}}}}]}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}]}, 0x1f0) fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0) [ 3388.005977][T29815] syz-executor.1 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 3388.019215][T29815] CPU: 0 PID: 29815 Comm: syz-executor.1 Not tainted 5.1.0-rc5-next-20190418 #28 [ 3388.028561][T29815] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3388.038826][T29815] Call Trace: [ 3388.042145][T29815] dump_stack+0x172/0x1f0 [ 3388.046628][T29815] dump_header+0x10f/0xb6c [ 3388.051056][T29815] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3388.056889][T29815] ? ___ratelimit+0x60/0x595 [ 3388.061500][T29815] ? do_raw_spin_unlock+0x57/0x270 [ 3388.066641][T29815] oom_kill_process.cold+0x10/0x15 [ 3388.071960][T29815] out_of_memory+0x79a/0x1280 [ 3388.076844][T29815] ? retint_kernel+0x2b/0x2b [ 3388.081455][T29815] ? oom_killer_disable+0x280/0x280 [ 3388.086679][T29815] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3388.092507][T29815] ? memcg_event_wake+0x230/0x230 [ 3388.097639][T29815] ? do_raw_spin_unlock+0x57/0x270 [ 3388.102949][T29815] ? _raw_spin_unlock+0x2d/0x50 [ 3388.107843][T29815] try_charge+0x118d/0x1790 [ 3388.112440][T29815] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3388.117969][T29815] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 3388.123501][T29815] ? find_held_lock+0x35/0x130 [ 3388.128438][T29815] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 3388.133977][T29815] __memcg_kmem_charge_memcg+0x7c/0x130 [ 3388.139507][T29815] ? memcg_kmem_put_cache+0xb0/0xb0 [ 3388.144693][T29815] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3388.150226][T29815] __memcg_kmem_charge+0x136/0x300 [ 3388.155432][T29815] __alloc_pages_nodemask+0x437/0x7e0 [ 3388.160806][T29815] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3388.167211][T29815] ? __alloc_pages_slowpath+0x28b0/0x28b0 [ 3388.172921][T29815] ? copy_process.part.0+0x1d40/0x7a90 [ 3388.178375][T29815] copy_process.part.0+0x3e0/0x7a90 [ 3388.183659][T29815] ? __lock_acquire+0x548/0x3fb0 [ 3388.188581][T29815] ? __sanitizer_cov_trace_switch+0x37/0x80 [ 3388.194467][T29815] ? __might_fault+0x12b/0x1e0 [ 3388.199225][T29815] ? __cleanup_sighand+0x60/0x60 [ 3388.204156][T29815] ? lock_downgrade+0x880/0x880 [ 3388.209115][T29815] _do_fork+0x257/0xfd0 [ 3388.213264][T29815] ? fork_idle+0x1d0/0x1d0 [ 3388.217675][T29815] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3388.223136][T29815] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3388.228730][T29815] ? do_syscall_64+0x26/0x670 [ 3388.233480][T29815] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3388.239527][T29815] ? do_syscall_64+0x26/0x670 [ 3388.244299][T29815] __x64_sys_clone+0xbf/0x150 [ 3388.249056][T29815] do_syscall_64+0x103/0x670 [ 3388.253703][T29815] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3388.259576][T29815] RIP: 0033:0x458c29 [ 3388.263541][T29815] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3388.283306][T29815] RSP: 002b:00007fe1cdf85c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 3388.291742][T29815] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000458c29 [ 3388.299795][T29815] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 03000000b8160102 [ 3388.307766][T29815] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 3388.315743][T29815] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe1cdf866d4 [ 3388.323796][T29815] R13: 00000000004befd3 R14: 00000000004d0020 R15: 00000000ffffffff 03:43:31 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x1600, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) [ 3388.418647][T29815] memory: usage 307192kB, limit 307200kB, failcnt 34824 [ 3388.426370][T29815] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3388.450683][T29815] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3388.501627][T29815] Memory cgroup stats for /syz1: cache:88KB rss:98596KB rss_huge:0KB shmem:8KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:98596KB inactive_file:68KB active_file:184KB unevictable:0KB 03:43:32 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$inet(0x2, 0x2000000080003, 0xc) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f00000000c0)=@broute={'broute\x00\x00\x00\x00\x02\x00\x00\x00\x00t\x00', 0x20, 0x1, 0x178, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000800], 0x2, 0x0, &(0x7f0000000800)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe, 0x1, [{{{0x11, 0x0, 0x0, 'bcsf0\x00\x00\x00\x00\b\x00', 'veth0_to_bond\x00?\x00', 'vcan0\x00', 'vlan0\x00', @broadcast, [], @link_local, [], 0xb0, 0xb0, 0xe8, [@devgroup={'devgroup\x00', 0x18, {{0x38}}}]}}, @common=@dnat={'dnat\x00', 0x10, {{@link_local}}}}]}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}]}, 0x1f0) fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0) 03:43:32 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000340)={0x0, 0x4200, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) [ 3388.537649][T29815] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=20826,uid=0 03:43:32 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x1700, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) [ 3388.643230][T29815] Memory cgroup out of memory: Killed process 20826 (syz-executor.1) total-vm:72448kB, anon-rss:160kB, file-rss:35800kB, shmem-rss:0kB 03:43:32 executing program 3: r0 = syz_open_dev$vbi(&(0x7f0000000000)='/dev/vbi#\x00', 0xffffffffffffffff, 0x2) fsetxattr$security_selinux(r0, &(0x7f00000001c0)='security.selinux\x00', 0x0, 0x0, 0x0) fsetxattr$security_smack_transmute(r0, &(0x7f0000000040)='security.SMACK64TRANSMUTE\x00', &(0x7f0000000080)='TRUE', 0x4, 0x3) 03:43:32 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x1800, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) [ 3388.696202][ T1044] oom_reaper: reaped process 20826 (syz-executor.1), now anon-rss:0kB, file-rss:34840kB, shmem-rss:0kB [ 3388.780313][T29811] syz-executor.1 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 3388.864760][T29811] CPU: 1 PID: 29811 Comm: syz-executor.1 Not tainted 5.1.0-rc5-next-20190418 #28 [ 3388.873932][T29811] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3388.884114][T29811] Call Trace: [ 3388.887431][T29811] dump_stack+0x172/0x1f0 [ 3388.891955][T29811] dump_header+0x10f/0xb6c [ 3388.896607][T29811] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3388.902751][T29811] ? ___ratelimit+0x60/0x595 [ 3388.907350][T29811] ? do_raw_spin_unlock+0x57/0x270 [ 3388.912477][T29811] oom_kill_process.cold+0x10/0x15 [ 3388.917753][T29811] out_of_memory+0x79a/0x1280 [ 3388.922780][T29811] ? oom_killer_disable+0x280/0x280 [ 3388.927988][T29811] ? find_held_lock+0x35/0x130 [ 3388.932953][T29811] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3388.938621][T29811] ? memcg_event_wake+0x230/0x230 [ 3388.943762][T29811] ? do_raw_spin_unlock+0x57/0x270 [ 3388.949017][T29811] ? _raw_spin_unlock+0x2d/0x50 [ 3388.953893][T29811] try_charge+0xd4d/0x1790 [ 3388.958327][T29811] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3388.964036][T29811] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 3388.969796][T29811] ? find_held_lock+0x35/0x130 [ 3388.974578][T29811] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 3388.980326][T29811] __memcg_kmem_charge_memcg+0x7c/0x130 [ 3388.985881][T29811] ? memcg_kmem_put_cache+0xb0/0xb0 [ 3388.991178][T29811] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3388.996996][T29811] __memcg_kmem_charge+0x136/0x300 [ 3389.002304][T29811] __alloc_pages_nodemask+0x437/0x7e0 [ 3389.007859][T29811] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3389.014366][T29811] ? __alloc_pages_slowpath+0x28b0/0x28b0 [ 3389.020303][T29811] ? copy_process.part.0+0x1d40/0x7a90 [ 3389.026104][T29811] ? lockdep_hardirqs_on+0x418/0x5d0 [ 3389.031508][T29811] ? trace_hardirqs_on+0x67/0x230 [ 3389.036649][T29811] ? kasan_check_read+0x11/0x20 [ 3389.041564][T29811] copy_process.part.0+0x3e0/0x7a90 [ 3389.046775][T29811] ? psi_memstall_leave+0x11c/0x180 [ 3389.051994][T29811] ? kvm_sched_clock_read+0x9/0x20 [ 3389.057132][T29811] ? psi_memstall_leave+0x12e/0x180 [ 3389.062343][T29811] ? find_held_lock+0x35/0x130 [ 3389.067212][T29811] ? psi_memstall_leave+0x12e/0x180 [ 3389.072524][T29811] ? __cleanup_sighand+0x60/0x60 [ 3389.077490][T29811] ? __lock_acquire+0x548/0x3fb0 [ 3389.082520][T29811] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3389.088862][T29811] _do_fork+0x257/0xfd0 [ 3389.093128][T29811] ? fork_idle+0x1d0/0x1d0 [ 3389.097641][T29811] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3389.103244][T29811] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3389.108709][T29811] ? do_syscall_64+0x26/0x670 [ 3389.113407][T29811] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3389.119471][T29811] ? do_syscall_64+0x26/0x670 [ 3389.124161][T29811] __x64_sys_clone+0xbf/0x150 [ 3389.128836][T29811] do_syscall_64+0x103/0x670 [ 3389.133625][T29811] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3389.139737][T29811] RIP: 0033:0x45b5f9 [ 3389.143628][T29811] Code: ff 48 85 f6 0f 84 d7 8e fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8e fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 3389.163509][T29811] RSP: 002b:00007fffe48ad648 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 3389.172034][T29811] RAX: ffffffffffffffda RBX: 00007fe1cdf65700 RCX: 000000000045b5f9 [ 3389.180007][T29811] RDX: 00007fe1cdf659d0 RSI: 00007fe1cdf64db0 RDI: 00000000003d0f00 [ 3389.187986][T29811] RBP: 00007fffe48ad850 R08: 00007fe1cdf65700 R09: 00007fe1cdf65700 [ 3389.196067][T29811] R10: 00007fe1cdf659d0 R11: 0000000000000202 R12: 0000000000000000 [ 3389.204145][T29811] R13: 00007fffe48ad6ff R14: 00007fe1cdf659c0 R15: 000000000073c04c [ 3389.219583][T29811] memory: usage 306856kB, limit 307200kB, failcnt 34825 [ 3389.226574][T29811] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3389.235437][T29811] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3389.242738][T29811] Memory cgroup stats for /syz1: cache:88KB rss:98596KB rss_huge:0KB shmem:8KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:98596KB inactive_file:68KB active_file:184KB unevictable:0KB 03:43:32 executing program 1: socket$inet_udplite(0x2, 0x2, 0x88) clock_gettime(0x0, &(0x7f0000000100)) sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000002300)=[{&(0x7f0000000280), 0xfffffffffffffed8}], 0x0, 0x0, 0x376}, 0x0) perf_event_open(&(0x7f0000000080)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x2102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() clone(0x3000000b8160102, 0x0, 0x0, 0x0, 0x0) wait4(0x0, 0x0, 0x0, 0x0) sysinfo(&(0x7f0000000000)=""/248) r1 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000280)='/proc/capi/capi20\x00', 0x400, 0x0) bind$isdn_base(r1, &(0x7f00000002c0)={0x22, 0x6, 0x1ff, 0x4, 0x3}, 0x6) r2 = socket$inet(0x10, 0x3, 0x0) fcntl$dupfd(r2, 0x0, r2) setsockopt$IP_VS_SO_SET_FLUSH(0xffffffffffffffff, 0x0, 0x485, 0x0, 0x0) wait4(r0, &(0x7f0000000140), 0x80000000, &(0x7f00000001c0)) ioctl$sock_ifreq(r2, 0x89ee, &(0x7f0000000180)={'batadv0\x00', @ifru_settings={0xffff, 0x5, @fr=&(0x7f0000000300)={0x7fffffff, 0x5d6, 0x7fff, 0x6, 0x4, 0x5, 0x2d4704a7}}}) [ 3389.264370][T29811] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=21301,uid=0 [ 3389.279915][T29811] Memory cgroup out of memory: Killed process 21301 (syz-executor.1) total-vm:72580kB, anon-rss:168kB, file-rss:35792kB, shmem-rss:0kB [ 3389.295913][ T1044] oom_reaper: reaped process 21301 (syz-executor.1), now anon-rss:0kB, file-rss:34832kB, shmem-rss:0kB [ 3389.305620][T29847] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3389.354770][T29847] CPU: 0 PID: 29847 Comm: syz-executor.5 Not tainted 5.1.0-rc5-next-20190418 #28 [ 3389.364506][T29847] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3389.374703][T29847] Call Trace: [ 3389.377996][T29847] dump_stack+0x172/0x1f0 [ 3389.378017][T29847] dump_header+0x10f/0xb6c [ 3389.378033][T29847] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3389.378048][T29847] ? ___ratelimit+0x60/0x595 [ 3389.378062][T29847] ? do_raw_spin_unlock+0x57/0x270 [ 3389.378085][T29847] oom_kill_process.cold+0x10/0x15 [ 3389.378101][T29847] out_of_memory+0x79a/0x1280 [ 3389.412870][T29847] ? oom_killer_disable+0x280/0x280 [ 3389.418575][T29847] ? find_held_lock+0x35/0x130 [ 3389.423632][T29847] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3389.429210][T29847] ? memcg_event_wake+0x230/0x230 [ 3389.434435][T29847] ? do_raw_spin_unlock+0x57/0x270 [ 3389.439577][T29847] ? _raw_spin_unlock+0x2d/0x50 [ 3389.444437][T29847] try_charge+0x118d/0x1790 [ 3389.448952][T29847] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3389.454692][T29847] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3389.460955][T29847] ? kasan_check_read+0x11/0x20 [ 3389.465821][T29847] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3389.471378][T29847] mem_cgroup_try_charge+0x24d/0x5e0 [ 3389.476904][T29847] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3389.482546][T29847] wp_page_copy+0x416/0x1770 [ 3389.487314][T29847] ? do_wp_page+0x486/0x1500 [ 3389.491906][T29847] ? pmd_pfn+0x1d0/0x1d0 [ 3389.496284][T29847] ? lock_downgrade+0x880/0x880 [ 3389.501138][T29847] ? __pte_alloc_kernel+0x220/0x220 [ 3389.506421][T29847] ? kasan_check_read+0x11/0x20 [ 3389.511364][T29847] ? do_raw_spin_unlock+0x57/0x270 [ 3389.516476][T29847] do_wp_page+0x48e/0x1500 [ 3389.521210][T29847] ? do_raw_spin_lock+0x12a/0x2e0 [ 3389.526412][T29847] ? rwlock_bug.part.0+0x90/0x90 [ 3389.531439][T29847] ? finish_mkwrite_fault+0x540/0x540 [ 3389.536990][T29847] ? add_mm_counter_fast.part.0+0x40/0x40 [ 3389.542809][T29847] __handle_mm_fault+0x22e8/0x3ec0 [ 3389.547926][T29847] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3389.553566][T29847] ? find_held_lock+0x35/0x130 [ 3389.558331][T29847] ? handle_mm_fault+0x292/0xa90 [ 3389.563268][T29847] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3389.569508][T29847] ? kasan_check_read+0x11/0x20 [ 3389.574377][T29847] handle_mm_fault+0x3b7/0xa90 [ 3389.579142][T29847] __do_page_fault+0x5ef/0xda0 [ 3389.583928][T29847] do_page_fault+0x71/0x581 [ 3389.588430][T29847] ? page_fault+0x8/0x30 [ 3389.592793][T29847] page_fault+0x1e/0x30 [ 3389.596942][T29847] RIP: 0033:0x40de98 [ 3389.600825][T29847] Code: 8b 34 c6 4a 8d 04 2e 48 3d ff ff ff 7e 0f 86 77 ff ff ff bf 2c e2 4b 00 31 c0 e8 83 3a ff ff 31 ff e8 cc 36 ff ff 0f 1f 40 00 <89> 3c b5 00 00 73 00 eb b6 31 ed 0f 1f 44 00 00 80 3d ce 25 64 00 [ 3389.620514][T29847] RSP: 002b:00007ffc1533c090 EFLAGS: 00010246 [ 3389.626581][T29847] RAX: 000000003ea6d7e9 RBX: 000000008b2dd9e4 RCX: 0000001b2e620000 [ 3389.634561][T29847] RDX: 0000000000000000 RSI: 00000000000017e9 RDI: ffffffff3ea6d7e9 [ 3389.642548][T29847] RBP: 0000000000000001 R08: 000000003ea6d7e9 R09: 000000003ea6d7ed [ 3389.650600][T29847] R10: 00007ffc1533c220 R11: 0000000000000246 R12: 000000000073bf88 [ 3389.658564][T29847] R13: 0000000080000000 R14: 00007fea32625008 R15: 0000000000000001 [ 3389.668571][T29847] memory: usage 307200kB, limit 307200kB, failcnt 96561 [ 3389.675530][T29847] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3389.683440][T29847] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3389.690459][T29847] Memory cgroup stats for /syz5: cache:124KB rss:99556KB rss_huge:0KB shmem:132KB mapped_file:0KB dirty:132KB writeback:0KB swap:0KB inactive_anon:132KB active_anon:99600KB inactive_file:4KB active_file:0KB unevictable:0KB [ 3389.712372][T29847] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=29820,uid=0 [ 3389.727959][T29847] Memory cgroup out of memory: Killed process 29820 (syz-executor.5) total-vm:72580kB, anon-rss:164kB, file-rss:34816kB, shmem-rss:0kB [ 3389.743524][ T1044] oom_reaper: reaped process 29820 (syz-executor.5), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 3389.760337][T29962] syz-executor.5 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 3389.772639][T29962] CPU: 0 PID: 29962 Comm: syz-executor.5 Not tainted 5.1.0-rc5-next-20190418 #28 [ 3389.781780][T29962] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3389.792054][T29962] Call Trace: [ 3389.795362][T29962] dump_stack+0x172/0x1f0 [ 3389.799712][T29962] dump_header+0x10f/0xb6c [ 3389.804200][T29962] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3389.810012][T29962] ? ___ratelimit+0x60/0x595 [ 3389.814729][T29962] ? do_raw_spin_unlock+0x57/0x270 [ 3389.820025][T29962] oom_kill_process.cold+0x10/0x15 [ 3389.825274][T29962] out_of_memory+0x79a/0x1280 [ 3389.829947][T29962] ? lock_downgrade+0x880/0x880 [ 3389.834879][T29962] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3389.841124][T29962] ? oom_killer_disable+0x280/0x280 [ 3389.846407][T29962] ? find_held_lock+0x35/0x130 [ 3389.851177][T29962] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3389.856731][T29962] ? memcg_event_wake+0x230/0x230 [ 3389.861855][T29962] ? do_raw_spin_unlock+0x57/0x270 [ 3389.866977][T29962] ? _raw_spin_unlock+0x2d/0x50 [ 3389.871924][T29962] try_charge+0x118d/0x1790 [ 3389.876426][T29962] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3389.881962][T29962] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 3389.887511][T29962] ? find_held_lock+0x35/0x130 [ 3389.892460][T29962] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 3389.898016][T29962] __memcg_kmem_charge_memcg+0x7c/0x130 [ 3389.903591][T29962] ? memcg_kmem_put_cache+0xb0/0xb0 [ 3389.908922][T29962] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3389.914762][T29962] __memcg_kmem_charge+0x136/0x300 [ 3389.920160][T29962] __alloc_pages_nodemask+0x437/0x7e0 [ 3389.925664][T29962] ? __pud_alloc+0x1d3/0x250 [ 3389.930272][T29962] ? __alloc_pages_slowpath+0x28b0/0x28b0 [ 3389.935997][T29962] ? __pud_alloc+0x1d3/0x250 [ 3389.940712][T29962] ? lock_downgrade+0x880/0x880 [ 3389.945681][T29962] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3389.951934][T29962] alloc_pages_current+0x107/0x210 [ 3389.957050][T29962] ? do_raw_spin_unlock+0x57/0x270 [ 3389.962221][T29962] __pmd_alloc+0x41/0x460 [ 3389.966668][T29962] ? pmd_val+0x100/0x100 [ 3389.970903][T29962] pmd_alloc+0x10c/0x180 [ 3389.975256][T29962] copy_page_range+0x63c/0x1fc0 [ 3389.980121][T29962] ? anon_vma_fork+0x371/0x4a0 [ 3389.984986][T29962] ? pmd_alloc+0x180/0x180 [ 3389.989407][T29962] ? vma_gap_callbacks_rotate+0x62/0x80 [ 3389.994967][T29962] ? validate_mm_rb+0xa3/0xc0 [ 3389.999743][T29962] ? __vma_link_rb+0x279/0x370 [ 3390.004537][T29962] copy_process.part.0+0x5afb/0x7a90 [ 3390.009847][T29962] ? __cleanup_sighand+0x60/0x60 [ 3390.015129][T29962] _do_fork+0x257/0xfd0 [ 3390.019292][T29962] ? fork_idle+0x1d0/0x1d0 [ 3390.023769][T29962] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3390.029332][T29962] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3390.034814][T29962] ? do_syscall_64+0x26/0x670 [ 3390.039497][T29962] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3390.045719][T29962] ? do_syscall_64+0x26/0x670 [ 3390.050415][T29962] __x64_sys_clone+0xbf/0x150 [ 3390.055097][T29962] do_syscall_64+0x103/0x670 [ 3390.059709][T29962] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3390.065617][T29962] RIP: 0033:0x458c29 [ 3390.069939][T29962] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3390.089645][T29962] RSP: 002b:00007fea30623c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 3390.098083][T29962] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000458c29 [ 3390.106178][T29962] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 3390.114154][T29962] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 3390.122171][T29962] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fea306246d4 [ 3390.130348][T29962] R13: 00000000004befd3 R14: 00000000004d0020 R15: 00000000ffffffff [ 3390.139359][T29962] memory: usage 307040kB, limit 307200kB, failcnt 96588 [ 3390.146323][T29962] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3390.153987][T29962] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3390.160936][T29962] Memory cgroup stats for /syz5: cache:124KB rss:99424KB rss_huge:0KB shmem:132KB mapped_file:0KB dirty:132KB writeback:0KB swap:0KB inactive_anon:132KB active_anon:99468KB inactive_file:4KB active_file:0KB unevictable:0KB [ 3390.182545][T29962] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=7557,uid=0 [ 3390.197961][T29962] Memory cgroup out of memory: Killed process 7557 (syz-executor.5) total-vm:72448kB, anon-rss:156kB, file-rss:34816kB, shmem-rss:0kB [ 3390.213783][ T1044] oom_reaper: reaped process 7557 (syz-executor.5), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 3390.237858][T30104] syz-executor.5 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 3390.250211][T30104] CPU: 0 PID: 30104 Comm: syz-executor.5 Not tainted 5.1.0-rc5-next-20190418 #28 [ 3390.259508][T30104] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3390.269567][T30104] Call Trace: [ 3390.272872][T30104] dump_stack+0x172/0x1f0 [ 3390.277194][T30104] dump_header+0x10f/0xb6c [ 3390.281611][T30104] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3390.287518][T30104] ? ___ratelimit+0x60/0x595 [ 3390.292115][T30104] ? do_raw_spin_unlock+0x57/0x270 [ 3390.297222][T30104] oom_kill_process.cold+0x10/0x15 [ 3390.302356][T30104] out_of_memory+0x79a/0x1280 [ 3390.307041][T30104] ? lock_downgrade+0x880/0x880 [ 3390.311884][T30104] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3390.318260][T30104] ? oom_killer_disable+0x280/0x280 [ 3390.323456][T30104] ? find_held_lock+0x35/0x130 [ 3390.328455][T30104] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3390.334027][T30104] ? memcg_event_wake+0x230/0x230 [ 3390.339237][T30104] ? do_raw_spin_unlock+0x57/0x270 [ 3390.344360][T30104] ? _raw_spin_unlock+0x2d/0x50 [ 3390.349225][T30104] try_charge+0x118d/0x1790 [ 3390.353763][T30104] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3390.359496][T30104] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 3390.365449][T30104] ? find_held_lock+0x35/0x130 [ 3390.370342][T30104] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 3390.376085][T30104] __memcg_kmem_charge_memcg+0x7c/0x130 [ 3390.381640][T30104] ? memcg_kmem_put_cache+0xb0/0xb0 [ 3390.386851][T30104] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3390.392394][T30104] __memcg_kmem_charge+0x136/0x300 [ 3390.397510][T30104] __alloc_pages_nodemask+0x437/0x7e0 [ 3390.402899][T30104] ? __pud_alloc+0x1d3/0x250 [ 3390.407505][T30104] ? __alloc_pages_slowpath+0x28b0/0x28b0 [ 3390.413320][T30104] ? __pud_alloc+0x1d3/0x250 [ 3390.417930][T30104] ? lock_downgrade+0x880/0x880 [ 3390.422915][T30104] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3390.429169][T30104] alloc_pages_current+0x107/0x210 [ 3390.434287][T30104] ? do_raw_spin_unlock+0x57/0x270 [ 3390.439429][T30104] __pmd_alloc+0x41/0x460 [ 3390.443769][T30104] ? pmd_val+0x100/0x100 [ 3390.448287][T30104] pmd_alloc+0x10c/0x180 [ 3390.452543][T30104] copy_page_range+0x63c/0x1fc0 [ 3390.457518][T30104] ? __lock_acquire+0x548/0x3fb0 [ 3390.462486][T30104] ? anon_vma_fork+0x371/0x4a0 [ 3390.467353][T30104] ? find_held_lock+0x35/0x130 [ 3390.472225][T30104] ? copy_process.part.0+0x3159/0x7a90 [ 3390.477791][T30104] ? pmd_alloc+0x180/0x180 [ 3390.482211][T30104] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 3390.488053][T30104] ? validate_mm_rb+0xa3/0xc0 [ 3390.492740][T30104] ? __vma_link_rb+0x279/0x370 [ 3390.497598][T30104] ? kasan_check_write+0x14/0x20 [ 3390.502644][T30104] copy_process.part.0+0x5afb/0x7a90 [ 3390.507966][T30104] ? __cleanup_sighand+0x60/0x60 [ 3390.512947][T30104] _do_fork+0x257/0xfd0 [ 3390.517193][T30104] ? fork_idle+0x1d0/0x1d0 [ 3390.521722][T30104] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3390.527387][T30104] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3390.538229][T30104] ? do_syscall_64+0x26/0x670 [ 3390.543191][T30104] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3390.549275][T30104] ? do_syscall_64+0x26/0x670 [ 3390.554293][T30104] __x64_sys_clone+0xbf/0x150 [ 3390.559076][T30104] do_syscall_64+0x103/0x670 [ 3390.563683][T30104] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3390.569720][T30104] RIP: 0033:0x458c29 [ 3390.573725][T30104] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3390.593606][T30104] RSP: 002b:00007fea30602c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 3390.602206][T30104] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000458c29 [ 3390.610276][T30104] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 3390.618267][T30104] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 3390.626351][T30104] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fea306036d4 [ 3390.634322][T30104] R13: 00000000004befd3 R14: 00000000004d0020 R15: 00000000ffffffff [ 3390.643629][T30104] memory: usage 307040kB, limit 307200kB, failcnt 96618 [ 3390.650706][T30104] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3390.658475][T30104] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3390.665367][T30104] Memory cgroup stats for /syz5: cache:124KB rss:99424KB rss_huge:0KB shmem:132KB mapped_file:0KB dirty:132KB writeback:0KB swap:0KB inactive_anon:132KB active_anon:99468KB inactive_file:4KB active_file:0KB unevictable:0KB [ 3390.686994][T30104] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=29847,uid=0 03:43:34 executing program 5: socket$inet_udplite(0x2, 0x2, 0x88) sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000002300)}, 0x0) clone(0x0, 0x0, 0x0, 0x0, 0x0) sysinfo(&(0x7f0000000000)=""/248) r0 = socket$inet(0x10, 0x3, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$sock_ifreq(r1, 0x89f1, &(0x7f0000000180)={'ip6tnl0\x00', @ifru_flags}) 03:43:34 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$inet(0x2, 0x2000000080003, 0xc) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f00000000c0)=@broute={'broute\x00\x00\x00\x00\x02\x00\x00\x00\x00t\x00', 0x20, 0x1, 0x178, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000800], 0x2, 0x0, &(0x7f0000000800)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe, 0x1, [{{{0x11, 0x0, 0x0, 'bcsf0\x00\x00\x00\x00\b\x00', 'veth0_to_bond\x00@\x00', 'vcan0\x00', 'vlan0\x00', @broadcast, [], @link_local, [], 0xb0, 0xb0, 0xe8, [@devgroup={'devgroup\x00', 0x18, {{0x38}}}]}}, @common=@dnat={'dnat\x00', 0x10, {{@link_local}}}}]}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}]}, 0x1f0) fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0) 03:43:34 executing program 3: r0 = epoll_create1(0x0) r1 = socket$packet(0x11, 0x3, 0x300) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000080)) r2 = socket(0x10, 0x3, 0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r2, &(0x7f0000000040)) r3 = syz_open_procfs(0x0, &(0x7f0000000000)='fdinfo/3\x00') getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000100)={0x0}, &(0x7f0000000140)=0xc) ioctl$TIOCSPGRP(r3, 0x5410, &(0x7f0000000180)=r4) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7ff, 0x200) sendfile(r2, r3, 0x0, 0xe6) 03:43:34 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000340)={0x0, 0x4300, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:43:34 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x1900, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:43:34 executing program 1: socket$inet_udplite(0x2, 0x2, 0x88) clock_gettime(0x0, &(0x7f0000000100)) sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000002300)=[{&(0x7f0000001300)}], 0x1}, 0x0) perf_event_open(&(0x7f0000000080)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x2102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) gettid() clone(0x20000400, 0x0, 0x0, 0x0, 0x0) wait4(0x0, 0x0, 0x0, 0x0) sysinfo(&(0x7f0000000000)=""/248) r0 = socket$inet(0x10, 0x3, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) setsockopt$IP_VS_SO_SET_FLUSH(0xffffffffffffffff, 0x0, 0x485, 0x0, 0x0) ioctl$sock_ifreq(r1, 0x89f1, &(0x7f0000000180)={'ip6tnl0\x00', @ifru_flags}) [ 3390.702541][T30104] Memory cgroup out of memory: Killed process 29847 (syz-executor.5) total-vm:72580kB, anon-rss:160kB, file-rss:35728kB, shmem-rss:0kB [ 3390.719300][ T1044] oom_reaper: reaped process 29847 (syz-executor.5), now anon-rss:0kB, file-rss:34832kB, shmem-rss:0kB 03:43:34 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x1a00, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:43:34 executing program 3: r0 = creat(&(0x7f0000000280)='./file1\x00', 0xa0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$sock_linger(r1, 0x1, 0xd, &(0x7f0000000000)={0x1, 0xcced}, 0x8) chdir(0x0) ioctl$sock_inet_SIOCSIFNETMASK(r0, 0x891c, &(0x7f0000000040)={'hwsim0\x00', {0x2, 0x4e24, @remote}}) mkdir(&(0x7f0000000380)='./file0\x00', 0x0) lsetxattr$trusted_overlay_redirect(&(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='trusted.overlay.redirect\x00', &(0x7f00000001c0)='./file1\x00', 0x8, 0x0) mkdir(&(0x7f0000000180)='./file1\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000080)='./file1/file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f0000000300)=ANY=[@ANYRESHEX, @ANYRESDEC=r1, @ANYBLOB="9afdb852d0f091bcf1a112217751f78d4cac8770380b9ffba0b74e3d", @ANYRES32=r0, @ANYRES32=r1, @ANYRESDEC=r1]) mount$overlay(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='overlay\x00', 0x20001, &(0x7f0000000540)=ANY=[@ANYBLOB="776f726b6469723d2e2f66696c65312c7869646f3d6f66662c6c6f7765726469723d2e2f66696c65302c78696ea948ba4b086f3d6f6e2c78696e6f3d6f66662c61707072613f4267b176568f2542fa500a4c524665d2325636c626f511561962d8647ca9787fbd2872104efc055d25962bc97df26f017f43fe432da286601e033fa4b5a607da08f5ecfe4a9a6d6963dd2c0e610b8323d8e85e38225ca06b5e4f6fbd9f8b148fcdc980ca7694aff7d7db5bd8103862da06b868f49adf28d0d1e06de3d3c3fae48b5f031f0f84be6958fa22281711af2d8bbe8501f64474d2a0142d1d41f157fed98cfda7f9587165c73044e7420455a929fadcb1d90506c176ec6ce32ec10a28a5040171126f9b10f8bfb8fc2e28304c63762c9c44deeb90"]) 03:43:34 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$inet(0x2, 0x2000000080003, 0xc) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f00000000c0)=@broute={'broute\x00\x00\x00\x00\x02\x00\x00\x00\x00t\x00', 0x20, 0x1, 0x178, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000800], 0x2, 0x0, &(0x7f0000000800)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe, 0x1, [{{{0x11, 0x0, 0x0, 'bcsf0\x00\x00\x00\x00\b\x00', 'veth0_to_bond\x10\x8c\x00', 'vcan0\x00', 'vlan0\x00', @broadcast, [], @link_local, [], 0xb0, 0xb0, 0xe8, [@devgroup={'devgroup\x00', 0x18, {{0x38}}}]}}, @common=@dnat={'dnat\x00', 0x10, {{@link_local}}}}]}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}]}, 0x1f0) fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0) [ 3390.915247][T30111] syz-executor.1 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 03:43:34 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000340)={0x0, 0x4400, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:43:34 executing program 3: bind$unix(0xffffffffffffffff, &(0x7f00000000c0)=@abs={0x1}, 0x2) [ 3391.011384][T30111] CPU: 0 PID: 30111 Comm: syz-executor.1 Not tainted 5.1.0-rc5-next-20190418 #28 [ 3391.020636][T30111] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3391.030800][T30111] Call Trace: [ 3391.034351][T30111] dump_stack+0x172/0x1f0 [ 3391.038874][T30111] dump_header+0x10f/0xb6c [ 3391.043447][T30111] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3391.049257][T30111] ? ___ratelimit+0x60/0x595 [ 3391.049275][T30111] ? do_raw_spin_unlock+0x57/0x270 [ 3391.049294][T30111] oom_kill_process.cold+0x10/0x15 [ 3391.049308][T30111] out_of_memory+0x79a/0x1280 [ 3391.049322][T30111] ? lock_downgrade+0x880/0x880 [ 3391.049336][T30111] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3391.049350][T30111] ? oom_killer_disable+0x280/0x280 [ 3391.049361][T30111] ? find_held_lock+0x35/0x130 [ 3391.049389][T30111] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3391.059533][T30111] ? memcg_event_wake+0x230/0x230 [ 3391.059551][T30111] ? do_raw_spin_unlock+0x57/0x270 [ 3391.059566][T30111] ? _raw_spin_unlock+0x2d/0x50 03:43:34 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x1b00, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) [ 3391.059581][T30111] try_charge+0x118d/0x1790 [ 3391.059601][T30111] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3391.059614][T30111] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 3391.059626][T30111] ? find_held_lock+0x35/0x130 [ 3391.059642][T30111] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 3391.137574][T30111] __memcg_kmem_charge_memcg+0x7c/0x130 [ 3391.143128][T30111] ? memcg_kmem_put_cache+0xb0/0xb0 [ 3391.148331][T30111] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3391.148347][T30111] __memcg_kmem_charge+0x136/0x300 [ 3391.148363][T30111] __alloc_pages_nodemask+0x437/0x7e0 [ 3391.148378][T30111] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3391.148393][T30111] ? __alloc_pages_slowpath+0x28b0/0x28b0 [ 3391.148409][T30111] ? copy_process.part.0+0x1d40/0x7a90 [ 3391.148428][T30111] ? lockdep_hardirqs_on+0x418/0x5d0 [ 3391.148447][T30111] ? trace_hardirqs_on+0x67/0x230 [ 3391.176463][T30111] ? kasan_check_read+0x11/0x20 [ 3391.176485][T30111] copy_process.part.0+0x3e0/0x7a90 [ 3391.176505][T30111] ? psi_memstall_leave+0x11c/0x180 [ 3391.202477][T30111] ? kvm_sched_clock_read+0x9/0x20 [ 3391.202500][T30111] ? psi_memstall_leave+0x12e/0x180 [ 3391.218252][T30111] ? find_held_lock+0x35/0x130 [ 3391.223057][T30111] ? psi_memstall_leave+0x12e/0x180 [ 3391.228372][T30111] ? __cleanup_sighand+0x60/0x60 [ 3391.233529][T30111] ? __lock_acquire+0x548/0x3fb0 [ 3391.238499][T30111] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3391.244853][T30111] _do_fork+0x257/0xfd0 [ 3391.249026][T30111] ? fork_idle+0x1d0/0x1d0 [ 3391.253467][T30111] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3391.258942][T30111] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3391.264411][T30111] ? do_syscall_64+0x26/0x670 [ 3391.269287][T30111] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3391.275473][T30111] ? do_syscall_64+0x26/0x670 [ 3391.280268][T30111] __x64_sys_clone+0xbf/0x150 [ 3391.285042][T30111] do_syscall_64+0x103/0x670 [ 3391.289655][T30111] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3391.295548][T30111] RIP: 0033:0x45b5f9 [ 3391.299534][T30111] Code: ff 48 85 f6 0f 84 d7 8e fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8e fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 3391.319165][T30111] RSP: 002b:00007fffe48ad648 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 3391.327687][T30111] RAX: ffffffffffffffda RBX: 00007fe1cdf86700 RCX: 000000000045b5f9 [ 3391.335682][T30111] RDX: 00007fe1cdf869d0 RSI: 00007fe1cdf85db0 RDI: 00000000003d0f00 [ 3391.344017][T30111] RBP: 00007fffe48ad850 R08: 00007fe1cdf86700 R09: 00007fe1cdf86700 [ 3391.352010][T30111] R10: 00007fe1cdf869d0 R11: 0000000000000202 R12: 0000000000000000 [ 3391.360005][T30111] R13: 00007fffe48ad6ff R14: 00007fe1cdf869c0 R15: 000000000073bfac [ 3391.378230][T30111] memory: usage 307188kB, limit 307200kB, failcnt 34857 [ 3391.392069][T30111] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3391.400374][T30111] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3391.408359][T30111] Memory cgroup stats for /syz1: cache:88KB rss:98592KB rss_huge:0KB shmem:8KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:98596KB inactive_file:68KB active_file:184KB unevictable:0KB [ 3391.430974][T30111] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=29816,uid=0 [ 3391.447779][T30111] Memory cgroup out of memory: Killed process 29816 (syz-executor.1) total-vm:72712kB, anon-rss:176kB, file-rss:35804kB, shmem-rss:0kB [ 3391.483546][T30112] syz-executor.1 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 3391.502952][T30112] CPU: 1 PID: 30112 Comm: syz-executor.1 Not tainted 5.1.0-rc5-next-20190418 #28 [ 3391.512387][T30112] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3391.523309][T30112] Call Trace: [ 3391.526708][T30112] dump_stack+0x172/0x1f0 [ 3391.531188][T30112] dump_header+0x10f/0xb6c [ 3391.535886][T30112] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3391.542625][T30112] ? ___ratelimit+0x60/0x595 [ 3391.547279][T30112] ? do_raw_spin_unlock+0x57/0x270 [ 3391.552590][T30112] oom_kill_process.cold+0x10/0x15 [ 3391.557713][T30112] out_of_memory+0x79a/0x1280 [ 3391.562516][T30112] ? oom_killer_disable+0x280/0x280 [ 3391.567758][T30112] ? find_held_lock+0x35/0x130 [ 3391.572560][T30112] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3391.578123][T30112] ? memcg_event_wake+0x230/0x230 [ 3391.583185][T30112] ? do_raw_spin_unlock+0x57/0x270 [ 3391.588313][T30112] ? _raw_spin_unlock+0x2d/0x50 [ 3391.593340][T30112] try_charge+0xd4d/0x1790 [ 3391.597779][T30112] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3391.603345][T30112] ? retint_kernel+0x2b/0x2b [ 3391.607980][T30112] __memcg_kmem_charge_memcg+0x7c/0x130 [ 3391.613547][T30112] ? memcg_kmem_put_cache+0xb0/0xb0 [ 3391.618749][T30112] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3391.624311][T30112] __memcg_kmem_charge+0x136/0x300 [ 3391.629581][T30112] __alloc_pages_nodemask+0x437/0x7e0 [ 3391.634972][T30112] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3391.641452][T30112] ? __alloc_pages_slowpath+0x28b0/0x28b0 [ 3391.647176][T30112] ? copy_process.part.0+0x1d40/0x7a90 [ 3391.652636][T30112] ? lockdep_hardirqs_on+0x418/0x5d0 [ 3391.658106][T30112] ? trace_hardirqs_on+0x67/0x230 [ 3391.663259][T30112] ? kasan_check_read+0x11/0x20 [ 3391.668130][T30112] copy_process.part.0+0x3e0/0x7a90 [ 3391.673343][T30112] ? __lock_acquire+0x548/0x3fb0 [ 3391.678383][T30112] ? finish_task_switch+0x146/0x780 [ 3391.683686][T30112] ? __might_fault+0x12b/0x1e0 [ 3391.688549][T30112] ? __cleanup_sighand+0x60/0x60 [ 3391.693766][T30112] ? lock_downgrade+0x880/0x880 [ 3391.698875][T30112] _do_fork+0x257/0xfd0 [ 3391.703035][T30112] ? fork_idle+0x1d0/0x1d0 [ 3391.707484][T30112] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3391.713140][T30112] ? retint_kernel+0x2b/0x2b [ 3391.717962][T30112] __x64_sys_clone+0xbf/0x150 [ 3391.722668][T30112] ? __sanitizer_cov_trace_pc+0x3b/0x50 [ 3391.728321][T30112] do_syscall_64+0x103/0x670 [ 3391.732931][T30112] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3391.738840][T30112] RIP: 0033:0x458c29 [ 3391.742759][T30112] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3391.762507][T30112] RSP: 002b:00007fe1cdfa6c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 3391.771108][T30112] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000458c29 [ 3391.779258][T30112] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000400 [ 3391.787262][T30112] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 3391.795450][T30112] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe1cdfa76d4 [ 3391.803436][T30112] R13: 00000000004befd3 R14: 00000000004d0020 R15: 00000000ffffffff [ 3391.818074][T30112] memory: usage 307112kB, limit 307200kB, failcnt 34877 [ 3391.825426][T30112] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3391.833443][T30112] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3391.840890][T30112] Memory cgroup stats for /syz1: cache:88KB rss:98592KB rss_huge:0KB shmem:8KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:98596KB inactive_file:68KB active_file:184KB unevictable:0KB [ 3391.865645][T30112] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=24867,uid=0 [ 3391.882613][T30112] Memory cgroup out of memory: Killed process 24867 (syz-executor.1) total-vm:72580kB, anon-rss:168kB, file-rss:35792kB, shmem-rss:0kB [ 3391.907011][T30125] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3391.926797][T30125] CPU: 1 PID: 30125 Comm: syz-executor.5 Not tainted 5.1.0-rc5-next-20190418 #28 [ 3391.936153][T30125] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3391.946222][T30125] Call Trace: [ 3391.949548][T30125] dump_stack+0x172/0x1f0 [ 3391.954102][T30125] dump_header+0x10f/0xb6c [ 3391.958521][T30125] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3391.964436][T30125] ? ___ratelimit+0x60/0x595 [ 3391.969052][T30125] ? do_raw_spin_unlock+0x57/0x270 [ 3391.974462][T30125] oom_kill_process.cold+0x10/0x15 [ 3391.979864][T30125] out_of_memory+0x79a/0x1280 [ 3391.984574][T30125] ? oom_killer_disable+0x280/0x280 [ 3391.989776][T30125] ? find_held_lock+0x35/0x130 [ 3391.994562][T30125] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3392.000155][T30125] ? memcg_event_wake+0x230/0x230 [ 3392.005297][T30125] ? do_raw_spin_unlock+0x57/0x270 [ 3392.010510][T30125] ? _raw_spin_unlock+0x2d/0x50 [ 3392.015371][T30125] try_charge+0x118d/0x1790 [ 3392.020039][T30125] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3392.025594][T30125] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3392.031872][T30125] ? kasan_check_read+0x11/0x20 [ 3392.036856][T30125] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3392.042435][T30125] mem_cgroup_try_charge+0x24d/0x5e0 [ 3392.047927][T30125] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3392.053577][T30125] wp_page_copy+0x416/0x1770 [ 3392.058202][T30125] ? do_wp_page+0x486/0x1500 [ 3392.062906][T30125] ? pmd_pfn+0x1d0/0x1d0 [ 3392.067552][T30125] ? lock_downgrade+0x880/0x880 [ 3392.072858][T30125] ? swp_swapcount+0x540/0x540 [ 3392.077918][T30125] ? kasan_check_read+0x11/0x20 [ 3392.082812][T30125] ? do_raw_spin_unlock+0x57/0x270 [ 3392.087969][T30125] do_wp_page+0x48e/0x1500 [ 3392.092515][T30125] ? finish_mkwrite_fault+0x540/0x540 [ 3392.097996][T30125] __handle_mm_fault+0x22e8/0x3ec0 [ 3392.103122][T30125] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3392.108882][T30125] ? find_held_lock+0x35/0x130 [ 3392.113781][T30125] ? handle_mm_fault+0x292/0xa90 [ 3392.118815][T30125] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3392.125077][T30125] ? kasan_check_read+0x11/0x20 [ 3392.130088][T30125] handle_mm_fault+0x3b7/0xa90 [ 3392.134871][T30125] __do_page_fault+0x5ef/0xda0 [ 3392.139656][T30125] do_page_fault+0x71/0x581 [ 3392.144186][T30125] ? page_fault+0x8/0x30 [ 3392.148549][T30125] page_fault+0x1e/0x30 [ 3392.152728][T30125] RIP: 0033:0x410710 [ 3392.156626][T30125] Code: ff ff 48 83 c8 01 48 89 05 bd fd 63 00 48 8b 05 96 27 30 00 49 c7 85 c8 02 00 00 90 2e 71 00 49 89 85 c0 02 00 00 4c 89 70 08 <4c> 89 35 79 27 30 00 48 c7 05 8e fd 63 00 00 00 00 00 f0 ff 0d 8f [ 3392.176894][T30125] RSP: 002b:00007ffc1533c070 EFLAGS: 00010202 [ 3392.183063][T30125] RAX: 00007fea306249c0 RBX: 0000000000020000 RCX: 00000000ffffffe0 [ 3392.191122][T30125] RDX: 0000000000000040 RSI: 0000000000000001 RDI: 00007fea306036a0 [ 3392.199191][T30125] RBP: 00007ffc1533c150 R08: 0000000000714800 R09: 0000000000714800 [ 3392.207166][T30125] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffc1533c230 [ 3392.215168][T30125] R13: 00007fea30603700 R14: 00007fea306039c0 R15: 000000000073bfac [ 3392.225967][T30125] memory: usage 307200kB, limit 307200kB, failcnt 96664 [ 3392.234527][T30125] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3392.242310][T30125] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3392.249409][T30125] Memory cgroup stats for /syz5: cache:124KB rss:99424KB rss_huge:0KB shmem:132KB mapped_file:0KB dirty:132KB writeback:0KB swap:0KB inactive_anon:132KB active_anon:99468KB inactive_file:4KB active_file:0KB unevictable:0KB [ 3392.271777][T30125] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=30125,uid=0 03:43:35 executing program 5: socket$inet_udplite(0x2, 0x2, 0x88) sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000002300)}, 0x0) clone(0x0, 0x0, 0x0, 0x0, 0x0) sysinfo(&(0x7f0000000000)=""/248) r0 = socket$inet(0x10, 0x3, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$sock_ifreq(r1, 0x89f1, &(0x7f0000000180)={'ip6tnl0\x00', @ifru_flags}) 03:43:35 executing program 3: r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x3, 0x0) get_thread_area(&(0x7f0000000000)={0x3ff, 0x20100000, 0x0, 0x0, 0x5, 0x1, 0xbc37, 0x1f, 0x7, 0x10000}) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_INFO(r0, 0x80045530, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfdfdffff]}) 03:43:35 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x1c00, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:43:35 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$inet(0x2, 0x2000000080003, 0xc) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f00000000c0)=@broute={'broute\x00\x00\x00\x00\x02\x00\x00\x00\x00t\x00', 0x20, 0x1, 0x178, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000800], 0x2, 0x0, &(0x7f0000000800)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe, 0x1, [{{{0x11, 0x0, 0x0, 'bcsf0\x00\x00\x00\x00\b\x00', 'veth0_to_bond\xff\xfe\x00', 'vcan0\x00', 'vlan0\x00', @broadcast, [], @link_local, [], 0xb0, 0xb0, 0xe8, [@devgroup={'devgroup\x00', 0x18, {{0x38}}}]}}, @common=@dnat={'dnat\x00', 0x10, {{@link_local}}}}]}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}]}, 0x1f0) fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0) 03:43:35 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000340)={0x0, 0x4500, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:43:35 executing program 1: r0 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x624002) getsockopt$inet_sctp_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f00000003c0)={0x0, @in6={{0xa, 0x4e22, 0xffffffffffffffff, @dev={0xfe, 0x80, [], 0x16}, 0x80}}, [0x20, 0x81, 0x7, 0x7, 0x3, 0x0, 0x20000000000, 0x40, 0x8, 0x3, 0x0, 0x10001, 0x9, 0x5, 0x1]}, &(0x7f0000000040)=0x100) getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f00000004c0)={r1, 0x8001}, &(0x7f0000000500)=0xc) socket$inet_udplite(0x2, 0x2, 0x88) clock_gettime(0x0, &(0x7f0000000100)) sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000002300)=[{&(0x7f0000001300)}], 0x1}, 0x0) perf_event_open(&(0x7f0000000080)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x2102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) gettid() rt_sigtimedwait(&(0x7f0000000140)={0x2e}, &(0x7f0000000540), &(0x7f0000000240)={0x0, 0x989680}, 0x8) clone(0x3000000b8160102, 0x0, 0x0, 0x0, 0x0) wait4(0x0, 0x0, 0x0, 0x0) r2 = syz_genetlink_get_family_id$tipc(&(0x7f00000002c0)='TIPC\x00') sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r0, &(0x7f0000000380)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x11010}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x1c, r2, 0x4, 0x70bd26, 0x25dfdbfd, {}, [""]}, 0x1c}, 0x1, 0x0, 0x0, 0x24008080}, 0x40000) sysinfo(&(0x7f00000008c0)=""/248) r3 = socket$inet(0x10, 0x3, 0x0) write$input_event(r0, &(0x7f00000001c0)={{0x77359400}, 0x5, 0x0, 0x4}, 0x18) r4 = fcntl$dupfd(r3, 0x0, r3) setsockopt$IP_VS_SO_SET_FLUSH(r4, 0x0, 0x485, 0x0, 0x0) modify_ldt$write2(0x11, &(0x7f0000000280)={0x1000, 0x20000800, 0x2400, 0x6, 0x2, 0x9, 0x100000000000, 0x5, 0x58ea}, 0x10) ioctl$sock_ifreq(r4, 0x89f1, &(0x7f0000000180)={'ip6tnl0\x00', @ifru_flags}) [ 3392.287639][T30125] Memory cgroup out of memory: Killed process 30125 (syz-executor.5) total-vm:72580kB, anon-rss:160kB, file-rss:35720kB, shmem-rss:0kB [ 3392.303127][ T1044] oom_reaper: reaped process 30125 (syz-executor.5), now anon-rss:0kB, file-rss:34824kB, shmem-rss:0kB 03:43:36 executing program 1: socket$inet_udplite(0x2, 0x2, 0x88) clock_gettime(0x0, &(0x7f0000000100)) sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000002300)=[{&(0x7f0000001300)}], 0x1}, 0x0) perf_event_open(&(0x7f0000000080)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x2102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) gettid() clone(0x3000000b8160102, 0x0, 0x0, 0x0, 0x0) wait4(0x0, 0x0, 0x0, 0x0) sysinfo(&(0x7f0000000000)=""/248) r0 = socket$inet(0x10, 0x3, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = socket$l2tp(0x18, 0x1, 0x1) connect$l2tp(r2, &(0x7f0000000040)=@pppol2tp={0x18, 0x1, {0x0, r1, {0x2, 0x0, @dev}, 0x4}}, 0x26) r3 = socket$l2tp(0x18, 0x1, 0x1) openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/btrfs-control\x00', 0x0, 0x0) connect$l2tp(r3, &(0x7f0000000100)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x4, 0x1, 0x0, 0x0, {0xa, 0x0, 0x0, @initdev}}}, 0x32) setsockopt$l2tp_PPPOL2TP_SO_REORDERTO(r3, 0x111, 0x4, 0x20000000, 0x4) r4 = fcntl$dupfd(r0, 0x0, r0) setsockopt$IP_VS_SO_SET_FLUSH(0xffffffffffffffff, 0x0, 0x485, 0x0, 0x0) ioctl$sock_ifreq(r4, 0x89f1, &(0x7f0000000180)={'ip6tnl0\x00', @ifru_flags}) 03:43:36 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x1d00, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:43:36 executing program 3: r0 = socket$inet6(0xa, 0x1000080002, 0x100000000000088) preadv(0xffffffffffffffff, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000240)=""/58, 0x3a}], 0x2, 0x0) bind$inet6(r0, &(0x7f0000d85fe4)={0xa, 0x4e23}, 0x1c) r1 = socket$inet6(0xa, 0x802, 0x88) sendto$inet6(r1, 0x0, 0x0, 0x8800, &(0x7f0000000000)={0xa, 0x4e23, 0x0, @ipv4}, 0x1c) sendto$inet6(r1, &(0x7f0000000100)="dd", 0x1, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000000380)=[{{0x0, 0xfef3, 0x0, 0x0, 0x0, 0xfffffffffffffdcc}}], 0x400000000000490, 0x6, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r3, 0x29, 0x23, &(0x7f00000013c0)={{{@in6=@remote, @in6=@ipv4, 0x0, 0x0, 0x0, 0x0, 0x2}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@multicast2, 0x0, 0x32}, 0x0, @in6}}, 0xe8) dup2(r2, r3) 03:43:36 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$inet(0x2, 0x2000000080003, 0xc) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f00000000c0)=@broute={'broute\x00\x00\x00\x00\x02\x00\x00\x00\x00t\x00', 0x20, 0x1, 0x178, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000800], 0x2, 0x0, &(0x7f0000000800)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe, 0x1, [{{{0x11, 0x0, 0x0, 'bcsf0\x00\x00\x00\x00\b\x00', 'veth0_to_bond\x00\xff\x00', 'vcan0\x00', 'vlan0\x00', @broadcast, [], @link_local, [], 0xb0, 0xb0, 0xe8, [@devgroup={'devgroup\x00', 0x18, {{0x38}}}]}}, @common=@dnat={'dnat\x00', 0x10, {{@link_local}}}}]}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}]}, 0x1f0) fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0) 03:43:36 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000340)={0x0, 0x4600, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:43:36 executing program 1: socket$inet_udplite(0x2, 0x2, 0x88) clock_gettime(0x0, &(0x7f0000000100)) sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000002300)=[{&(0x7f0000001300)}], 0x1}, 0x0) perf_event_open(&(0x7f0000000080)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x2102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) gettid() clone(0x3000000b8160102, 0x0, 0x0, 0x0, 0x0) wait4(0x0, 0x0, 0x0, 0x0) sysinfo(&(0x7f0000000000)=""/248) r0 = socket$inet(0x10, 0x3, 0x0) fcntl$dupfd(r0, 0x0, r0) setsockopt$IP_VS_SO_SET_FLUSH(0xffffffffffffffff, 0x0, 0x485, 0x0, 0x0) [ 3392.602239][T30428] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3392.628534][T30428] CPU: 1 PID: 30428 Comm: syz-executor.5 Not tainted 5.1.0-rc5-next-20190418 #28 [ 3392.638066][T30428] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3392.648344][T30428] Call Trace: [ 3392.651674][T30428] dump_stack+0x172/0x1f0 [ 3392.656051][T30428] dump_header+0x10f/0xb6c [ 3392.660502][T30428] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3392.667799][T30428] ? ___ratelimit+0x60/0x595 [ 3392.672391][T30428] ? do_raw_spin_unlock+0x57/0x270 [ 3392.677523][T30428] oom_kill_process.cold+0x10/0x15 [ 3392.682639][T30428] out_of_memory+0x79a/0x1280 [ 3392.687331][T30428] ? lock_downgrade+0x880/0x880 [ 3392.692273][T30428] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3392.698609][T30428] ? oom_killer_disable+0x280/0x280 [ 3392.703809][T30428] ? find_held_lock+0x35/0x130 [ 3392.708580][T30428] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3392.714141][T30428] ? memcg_event_wake+0x230/0x230 [ 3392.719178][T30428] ? do_raw_spin_unlock+0x57/0x270 [ 3392.724380][T30428] ? _raw_spin_unlock+0x2d/0x50 [ 3392.729251][T30428] try_charge+0x118d/0x1790 [ 3392.734124][T30428] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3392.739671][T30428] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3392.745928][T30428] ? kasan_check_read+0x11/0x20 [ 3392.750791][T30428] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3392.756361][T30428] mem_cgroup_try_charge+0x24d/0x5e0 [ 3392.761918][T30428] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3392.767556][T30428] wp_page_copy+0x416/0x1770 [ 3392.772159][T30428] ? do_wp_page+0x486/0x1500 [ 3392.776774][T30428] ? pmd_pfn+0x1d0/0x1d0 [ 3392.781117][T30428] ? lock_downgrade+0x880/0x880 [ 3392.785970][T30428] ? __pte_alloc_kernel+0x220/0x220 [ 3392.791180][T30428] ? kasan_check_read+0x11/0x20 [ 3392.796297][T30428] ? do_raw_spin_unlock+0x57/0x270 [ 3392.801412][T30428] do_wp_page+0x48e/0x1500 [ 3392.805840][T30428] ? do_raw_spin_lock+0x12a/0x2e0 [ 3392.810870][T30428] ? rwlock_bug.part.0+0x90/0x90 [ 3392.815894][T30428] ? finish_mkwrite_fault+0x540/0x540 [ 3392.821302][T30428] ? add_mm_counter_fast.part.0+0x40/0x40 [ 3392.827037][T30428] __handle_mm_fault+0x22e8/0x3ec0 [ 3392.832156][T30428] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3392.837701][T30428] ? find_held_lock+0x35/0x130 [ 3392.842645][T30428] ? handle_mm_fault+0x292/0xa90 [ 3392.847700][T30428] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3392.854045][T30428] ? kasan_check_read+0x11/0x20 [ 3392.858909][T30428] handle_mm_fault+0x3b7/0xa90 [ 3392.863709][T30428] __do_page_fault+0x5ef/0xda0 [ 3392.868850][T30428] do_page_fault+0x71/0x581 [ 3392.873351][T30428] ? page_fault+0x8/0x30 [ 3392.877682][T30428] page_fault+0x1e/0x30 [ 3392.881835][T30428] RIP: 0033:0x40de98 [ 3392.885729][T30428] Code: 8b 34 c6 4a 8d 04 2e 48 3d ff ff ff 7e 0f 86 77 ff ff ff bf 2c e2 4b 00 31 c0 e8 83 3a ff ff 31 ff e8 cc 36 ff ff 0f 1f 40 00 <89> 3c b5 00 00 73 00 eb b6 31 ed 0f 1f 44 00 00 80 3d ce 25 64 00 [ 3392.906557][T30428] RSP: 002b:00007ffc1533c090 EFLAGS: 00010246 [ 3392.912981][T30428] RAX: 0000000074e285fe RBX: 000000009dc9745b RCX: 0000001b2e620000 [ 3392.921217][T30428] RDX: 0000000000000000 RSI: 00000000000005fe RDI: ffffffff74e285fe [ 3392.929363][T30428] RBP: 0000000000000006 R08: 0000000074e285fe R09: 0000000074e28602 [ 3392.937447][T30428] R10: 00007ffc1533c220 R11: 0000000000000246 R12: 000000000073bf88 [ 3392.945614][T30428] R13: 0000000080000000 R14: 00007fea32625008 R15: 0000000000000006 [ 3393.018872][T30428] memory: usage 307200kB, limit 307200kB, failcnt 96695 [ 3393.035980][T30428] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3393.059341][T30428] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3393.069111][T30428] Memory cgroup stats for /syz5: cache:124KB rss:99424KB rss_huge:0KB shmem:132KB mapped_file:0KB dirty:132KB writeback:0KB swap:0KB inactive_anon:132KB active_anon:99468KB inactive_file:4KB active_file:0KB unevictable:0KB [ 3393.091469][T30428] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=8112,uid=0 [ 3393.108271][T30428] Memory cgroup out of memory: Killed process 8112 (syz-executor.5) total-vm:72448kB, anon-rss:156kB, file-rss:34816kB, shmem-rss:0kB [ 3393.145767][ T7695] syz-executor.1 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=0 [ 3393.160893][ T7695] CPU: 0 PID: 7695 Comm: syz-executor.1 Not tainted 5.1.0-rc5-next-20190418 #28 [ 3393.170141][ T7695] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3393.181087][ T7695] Call Trace: [ 3393.184483][ T7695] dump_stack+0x172/0x1f0 [ 3393.188997][ T7695] dump_header+0x10f/0xb6c [ 3393.193418][ T7695] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3393.199316][ T7695] ? ___ratelimit+0x60/0x595 [ 3393.203930][ T7695] ? do_raw_spin_unlock+0x57/0x270 [ 3393.209058][ T7695] oom_kill_process.cold+0x10/0x15 [ 3393.214192][ T7695] out_of_memory+0x79a/0x1280 [ 3393.219104][ T7695] ? oom_killer_disable+0x280/0x280 [ 3393.224307][ T7695] ? find_held_lock+0x35/0x130 [ 3393.229223][ T7695] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3393.234832][ T7695] ? memcg_event_wake+0x230/0x230 [ 3393.239890][ T7695] ? do_raw_spin_unlock+0x57/0x270 [ 3393.244997][ T7695] ? _raw_spin_unlock+0x2d/0x50 [ 3393.250053][ T7695] try_charge+0x118d/0x1790 [ 3393.254563][ T7695] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3393.260287][ T7695] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 3393.265831][ T7695] ? find_held_lock+0x35/0x130 [ 3393.270690][ T7695] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 3393.276257][ T7695] __memcg_kmem_charge_memcg+0x7c/0x130 [ 3393.282210][ T7695] ? memcg_kmem_put_cache+0xb0/0xb0 [ 3393.287729][ T7695] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3393.293285][ T7695] __memcg_kmem_charge+0x136/0x300 [ 3393.298418][ T7695] __alloc_pages_nodemask+0x437/0x7e0 [ 3393.303848][ T7695] ? __alloc_pages_slowpath+0x28b0/0x28b0 [ 3393.309571][ T7695] ? copy_page_range+0x128a/0x1fc0 [ 3393.314685][ T7695] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3393.321037][ T7695] alloc_pages_current+0x107/0x210 [ 3393.326239][ T7695] pte_alloc_one+0x1b/0x1a0 [ 3393.330835][ T7695] __pte_alloc+0x20/0x310 [ 3393.335189][ T7695] copy_page_range+0x1561/0x1fc0 [ 3393.340414][ T7695] ? __lock_acquire+0x548/0x3fb0 [ 3393.345383][ T7695] ? pmd_alloc+0x180/0x180 [ 3393.349903][ T7695] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 3393.355752][ T7695] ? vma_compute_subtree_gap+0x158/0x230 [ 3393.361412][ T7695] ? validate_mm_rb+0xa3/0xc0 [ 3393.366084][ T7695] ? __vma_link_rb+0x279/0x370 [ 3393.370845][ T7695] ? kasan_check_write+0x14/0x20 [ 3393.375846][ T7695] copy_process.part.0+0x5afb/0x7a90 [ 3393.381150][ T7695] ? __cleanup_sighand+0x60/0x60 [ 3393.386240][ T7695] _do_fork+0x257/0xfd0 [ 3393.390410][ T7695] ? fork_idle+0x1d0/0x1d0 [ 3393.394836][ T7695] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3393.400403][ T7695] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3393.405960][ T7695] ? do_syscall_64+0x26/0x670 [ 3393.410843][ T7695] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3393.417197][ T7695] ? do_syscall_64+0x26/0x670 [ 3393.422014][ T7695] __x64_sys_clone+0xbf/0x150 [ 3393.426700][ T7695] do_syscall_64+0x103/0x670 [ 3393.431306][ T7695] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3393.437211][ T7695] RIP: 0033:0x4571fa [ 3393.441103][ T7695] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 3393.461185][ T7695] RSP: 002b:00007fffe48ad8d0 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 3393.469628][ T7695] RAX: ffffffffffffffda RBX: 00007fffe48ad8d0 RCX: 00000000004571fa [ 3393.477621][ T7695] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 3393.485626][ T7695] RBP: 00007fffe48ad910 R08: 0000000000000001 R09: 00005555574fc940 [ 3393.493864][ T7695] R10: 00005555574fcc10 R11: 0000000000000246 R12: 0000000000000001 [ 3393.501940][ T7695] R13: 0000000000000000 R14: 0000000000000000 R15: 00007fffe48ad960 [ 3393.512151][ T7695] memory: usage 307200kB, limit 307200kB, failcnt 34889 [ 3393.519642][ T7695] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3393.528073][ T7695] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3393.535349][ T7695] Memory cgroup stats for /syz1: cache:88KB rss:98592KB rss_huge:0KB shmem:8KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:98596KB inactive_file:68KB active_file:184KB unevictable:0KB [ 3393.557978][ T7695] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=28886,uid=0 [ 3393.573894][ T7695] Memory cgroup out of memory: Killed process 28886 (syz-executor.1) total-vm:72580kB, anon-rss:168kB, file-rss:35792kB, shmem-rss:0kB [ 3393.591274][ T1044] oom_reaper: reaped process 28886 (syz-executor.1), now anon-rss:0kB, file-rss:34832kB, shmem-rss:0kB [ 3393.602517][T30433] syz-executor.5 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 3393.629535][T30433] CPU: 0 PID: 30433 Comm: syz-executor.5 Not tainted 5.1.0-rc5-next-20190418 #28 [ 3393.638711][T30433] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3393.648789][T30433] Call Trace: [ 3393.652129][T30433] dump_stack+0x172/0x1f0 [ 3393.656571][T30433] dump_header+0x10f/0xb6c [ 3393.661054][T30433] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3393.666902][T30433] ? ___ratelimit+0x60/0x595 [ 3393.671627][T30433] ? do_raw_spin_unlock+0x57/0x270 [ 3393.676785][T30433] oom_kill_process.cold+0x10/0x15 [ 3393.681916][T30433] out_of_memory+0x79a/0x1280 [ 3393.686721][T30433] ? oom_killer_disable+0x280/0x280 [ 3393.692075][T30433] ? find_held_lock+0x35/0x130 [ 3393.697069][T30433] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3393.702638][T30433] ? memcg_event_wake+0x230/0x230 [ 3393.707710][T30433] ? do_raw_spin_unlock+0x57/0x270 [ 3393.712852][T30433] ? _raw_spin_unlock+0x2d/0x50 [ 3393.717729][T30433] try_charge+0x118d/0x1790 [ 3393.722259][T30433] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3393.727828][T30433] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 3393.727845][T30433] ? find_held_lock+0x35/0x130 [ 3393.727859][T30433] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 3393.727882][T30433] __memcg_kmem_charge_memcg+0x7c/0x130 [ 3393.727895][T30433] ? memcg_kmem_put_cache+0xb0/0xb0 [ 3393.727910][T30433] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3393.727929][T30433] __memcg_kmem_charge+0x136/0x300 [ 3393.738244][T30433] __alloc_pages_nodemask+0x437/0x7e0 [ 3393.738260][T30433] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3393.738275][T30433] ? __alloc_pages_slowpath+0x28b0/0x28b0 [ 3393.738292][T30433] ? copy_process.part.0+0x1d40/0x7a90 [ 3393.738307][T30433] ? lockdep_hardirqs_on+0x418/0x5d0 [ 3393.738324][T30433] ? trace_hardirqs_on+0x67/0x230 [ 3393.738335][T30433] ? kasan_check_read+0x11/0x20 [ 3393.738352][T30433] copy_process.part.0+0x3e0/0x7a90 [ 3393.738368][T30433] ? __lock_acquire+0x548/0x3fb0 [ 3393.815503][T30433] ? __might_fault+0x12b/0x1e0 [ 3393.820282][T30433] ? __cleanup_sighand+0x60/0x60 [ 3393.825408][T30433] ? lock_downgrade+0x880/0x880 [ 3393.830448][T30433] _do_fork+0x257/0xfd0 [ 3393.834601][T30433] ? fork_idle+0x1d0/0x1d0 [ 3393.839025][T30433] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3393.844925][T30433] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3393.850395][T30433] ? do_syscall_64+0x26/0x670 [ 3393.855075][T30433] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3393.861138][T30433] ? do_syscall_64+0x26/0x670 [ 3393.865813][T30433] __x64_sys_clone+0xbf/0x150 [ 3393.870505][T30433] do_syscall_64+0x103/0x670 [ 3393.875105][T30433] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3393.880992][T30433] RIP: 0033:0x458c29 [ 3393.884899][T30433] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3393.905148][T30433] RSP: 002b:00007fea30623c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 3393.913560][T30433] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000458c29 [ 3393.921533][T30433] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 3393.929871][T30433] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 3393.937845][T30433] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fea306246d4 [ 3393.945830][T30433] R13: 00000000004befd3 R14: 00000000004d0020 R15: 00000000ffffffff [ 3393.955668][T30433] memory: usage 307196kB, limit 307200kB, failcnt 96714 [ 3393.962697][T30433] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3393.970464][T30433] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3393.977485][T30433] Memory cgroup stats for /syz5: cache:124KB rss:99556KB rss_huge:0KB shmem:132KB mapped_file:0KB dirty:132KB writeback:0KB swap:0KB inactive_anon:132KB active_anon:99468KB inactive_file:4KB active_file:0KB unevictable:0KB [ 3393.999406][T30433] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=8405,uid=0 [ 3394.014977][T30433] Memory cgroup out of memory: Killed process 8405 (syz-executor.5) total-vm:72448kB, anon-rss:156kB, file-rss:34816kB, shmem-rss:0kB [ 3394.037764][ T1044] oom_reaper: reaped process 8405 (syz-executor.5), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 3394.065309][T30433] syz-executor.5 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 3394.078278][T30433] CPU: 1 PID: 30433 Comm: syz-executor.5 Not tainted 5.1.0-rc5-next-20190418 #28 [ 3394.087625][T30433] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3394.097694][T30433] Call Trace: [ 3394.100992][T30433] dump_stack+0x172/0x1f0 [ 3394.105366][T30433] dump_header+0x10f/0xb6c [ 3394.109916][T30433] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3394.115889][T30433] ? ___ratelimit+0x60/0x595 [ 3394.120503][T30433] ? do_raw_spin_unlock+0x57/0x270 [ 3394.125611][T30433] oom_kill_process.cold+0x10/0x15 [ 3394.130715][T30433] out_of_memory+0x79a/0x1280 [ 3394.135386][T30433] ? lock_downgrade+0x880/0x880 [ 3394.140222][T30433] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3394.146652][T30433] ? oom_killer_disable+0x280/0x280 [ 3394.151867][T30433] ? find_held_lock+0x35/0x130 [ 3394.156629][T30433] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3394.162343][T30433] ? memcg_event_wake+0x230/0x230 [ 3394.167362][T30433] ? do_raw_spin_unlock+0x57/0x270 [ 3394.172471][T30433] ? _raw_spin_unlock+0x2d/0x50 [ 3394.177310][T30433] try_charge+0x118d/0x1790 [ 3394.181806][T30433] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3394.187353][T30433] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 3394.192980][T30433] ? find_held_lock+0x35/0x130 [ 3394.197737][T30433] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 3394.203305][T30433] __memcg_kmem_charge_memcg+0x7c/0x130 [ 3394.208844][T30433] ? memcg_kmem_put_cache+0xb0/0xb0 [ 3394.214155][T30433] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3394.219781][T30433] __memcg_kmem_charge+0x136/0x300 [ 3394.224993][T30433] __alloc_pages_nodemask+0x437/0x7e0 [ 3394.230372][T30433] ? __alloc_pages_slowpath+0x28b0/0x28b0 [ 3394.236100][T30433] ? copy_page_range+0x128a/0x1fc0 [ 3394.241208][T30433] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3394.247443][T30433] alloc_pages_current+0x107/0x210 [ 3394.252548][T30433] pte_alloc_one+0x1b/0x1a0 [ 3394.257037][T30433] __pte_alloc+0x20/0x310 [ 3394.261364][T30433] copy_page_range+0x1561/0x1fc0 [ 3394.266282][T30433] ? __lock_acquire+0x548/0x3fb0 [ 3394.271213][T30433] ? pmd_alloc+0x180/0x180 [ 3394.275603][T30433] ? vma_gap_callbacks_rotate+0x62/0x80 [ 3394.281141][T30433] ? __rb_insert_augmented+0x231/0xdf0 [ 3394.286606][T30433] ? validate_mm_rb+0xa3/0xc0 [ 3394.291282][T30433] ? __vma_link_rb+0x279/0x370 [ 3394.296034][T30433] ? kasan_check_write+0x14/0x20 [ 3394.301051][T30433] copy_process.part.0+0x5afb/0x7a90 [ 3394.306367][T30433] ? __cleanup_sighand+0x60/0x60 [ 3394.311300][T30433] _do_fork+0x257/0xfd0 [ 3394.315441][T30433] ? fork_idle+0x1d0/0x1d0 [ 3394.319884][T30433] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3394.325331][T30433] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3394.330778][T30433] ? do_syscall_64+0x26/0x670 [ 3394.335485][T30433] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3394.341542][T30433] ? do_syscall_64+0x26/0x670 [ 3394.346208][T30433] __x64_sys_clone+0xbf/0x150 [ 3394.350959][T30433] do_syscall_64+0x103/0x670 [ 3394.355533][T30433] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3394.361496][T30433] RIP: 0033:0x458c29 [ 3394.365386][T30433] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3394.385313][T30433] RSP: 002b:00007fea30623c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 3394.393839][T30433] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000458c29 [ 3394.401828][T30433] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 3394.409895][T30433] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 3394.417858][T30433] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fea306246d4 [ 3394.425997][T30433] R13: 00000000004befd3 R14: 00000000004d0020 R15: 00000000ffffffff [ 3394.438706][T30433] memory: usage 307040kB, limit 307200kB, failcnt 96784 [ 3394.446369][T30433] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3394.454370][T30433] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3394.461600][T30433] Memory cgroup stats for /syz5: cache:124KB rss:99556KB rss_huge:0KB shmem:132KB mapped_file:0KB dirty:132KB writeback:0KB swap:0KB inactive_anon:132KB active_anon:99468KB inactive_file:4KB active_file:0KB unevictable:0KB [ 3394.483754][T30433] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=8551,uid=0 [ 3394.499908][T30433] Memory cgroup out of memory: Killed process 8551 (syz-executor.5) total-vm:72448kB, anon-rss:156kB, file-rss:34816kB, shmem-rss:0kB 03:43:38 executing program 5: socket$inet_udplite(0x2, 0x2, 0x88) sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000002300)}, 0x0) clone(0x0, 0x0, 0x0, 0x0, 0x0) sysinfo(&(0x7f0000000000)=""/248) r0 = socket$inet(0x10, 0x3, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$sock_ifreq(r1, 0x89f1, &(0x7f0000000180)={'ip6tnl0\x00', @ifru_flags}) 03:43:38 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x1e00, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:43:38 executing program 3: r0 = openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) setsockopt$inet_sctp_SCTP_AUTOCLOSE(0xffffffffffffffff, 0x84, 0x4, &(0x7f0000000000)=0x80000001, 0x4) setsockopt$inet_msfilter(0xffffffffffffffff, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB="ac1e0001acac141414ef0900ffe0000002efffff442e00010000000000140000"], 0x1) setsockopt$inet_sctp6_SCTP_AUTH_KEY(0xffffffffffffffff, 0x84, 0x17, 0x0, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe800, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) getsockopt$EBT_SO_GET_ENTRIES(r0, 0x0, 0x81, &(0x7f00000002c0)={'nat\x00', 0x0, 0x3, 0xd5, [], 0x3, &(0x7f0000000140)=[{}, {}, {}], &(0x7f0000000640)=""/213}, &(0x7f0000000380)=0x78) fchdir(r1) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0xffffffffffffff2b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x0, 0x3}, 0x0) write$binfmt_misc(r1, &(0x7f00000001c0)={'syz0', "b2eabd53c7251735a0de87e7698e2143cd61c332c0d86759dea14c62f3f7cbc8ff97b103a2f65a0258d4ede2580fc146f87d29dfb2305491e22ac5ae451110dd8996e7f16f81d72082bddbbd4bc51f82fb74fc2413af8328fa5130ede4647902a898906a3fe48e862f814e30472f8b2463ecd7481a2cdc4d2a311494feec18264fa20e5871c2e22d2fb73bb7a375650aeb7640f27f0dd8ce99c51f72c6e47ae5abbbd0e220745d0e8c8652e098d05b1e37743a3e"}, 0xb8) open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) open$dir(&(0x7f0000000600)='./file0\x00', 0x4000, 0x0) write(r2, &(0x7f0000000400)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200) 03:43:38 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$inet(0x2, 0x2000000080003, 0xc) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f00000000c0)=@broute={'broute\x00\x00\x00\x00\x02\x00\x00\x00\x00t\x00', 0x20, 0x1, 0x178, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000800], 0x2, 0x0, &(0x7f0000000800)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe, 0x1, [{{{0x11, 0x0, 0x0, 'bcsf0\x00\x00\x00\x00\b\x00', 'veth0_to_bond\xfe\xff\x00', 'vcan0\x00', 'vlan0\x00', @broadcast, [], @link_local, [], 0xb0, 0xb0, 0xe8, [@devgroup={'devgroup\x00', 0x18, {{0x38}}}]}}, @common=@dnat={'dnat\x00', 0x10, {{@link_local}}}}]}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}]}, 0x1f0) fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0) 03:43:38 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000340)={0x0, 0x4700, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:43:38 executing program 1: socket$inet_udplite(0x2, 0x2, 0x88) clock_gettime(0x0, &(0x7f0000000100)) sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000002300)=[{&(0x7f0000001300)}], 0x1}, 0x0) perf_event_open(&(0x7f0000000080)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x2102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) gettid() clone(0x3000000b8160102, 0x0, 0x0, 0x0, 0x0) wait4(0x0, 0x0, 0x0, 0x0) sysinfo(&(0x7f0000000000)=""/248) r0 = socket$inet(0x10, 0x3, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) setsockopt$IP_VS_SO_SET_FLUSH(0xffffffffffffffff, 0x0, 0x485, 0x0, 0x0) ioctl$sock_ifreq(r1, 0x89f1, &(0x7f0000000180)={'ip6tnl0\x00', @ifru_flags}) r2 = add_key$user(&(0x7f0000000140)='user\x00', &(0x7f00000001c0)={'syz', 0x3}, &(0x7f0000000200)="a17aefcb6237e18c14b4ef72c93c568e30579ec72f5a2dc806a30d907fcd989f54fd276ea74e7eab615d0227ed0c7cdddac20ddd41ea948a69514ce88dda29edfcc6b8ce9a1ce25c8052778f3038c95fc292f8be52b7d25e215b96f9e1213638bb8bf06fe7204840457891b3", 0x6c, 0xfffffffffffffff8) keyctl$read(0xb, r2, &(0x7f0000000280)=""/23, 0x17) r3 = semget(0x3, 0x1, 0x24) semctl$IPC_RMID(r3, 0x0, 0x0) [ 3394.516271][ T1044] oom_reaper: reaped process 8551 (syz-executor.5), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 03:43:38 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) clock_gettime(0x0, &(0x7f0000000100)) sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000002300)=[{&(0x7f0000001300)}], 0x1}, 0x0) perf_event_open(&(0x7f0000000080)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x2102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() clone(0x3000000b8160102, 0x0, 0x0, 0x0, 0x0) wait4(0x0, 0x0, 0x0, 0x0) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000140)) sysinfo(&(0x7f0000000000)=""/248) r2 = socket$inet(0x10, 0x3, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) setsockopt$IP_VS_SO_SET_FLUSH(0xffffffffffffffff, 0x0, 0x485, 0x0, 0x0) ioctl$sock_ifreq(r3, 0x89f1, &(0x7f0000000180)={'ip6tnl0\x00', @ifru_flags}) ptrace$peekuser(0x3, r1, 0xffff) [ 3394.586566][ T26] audit: type=1800 audit(2000000618.179:201): pid=30707 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="file0" dev="sda1" ino=18147 res=0 03:43:38 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$inet(0x2, 0x2000000080003, 0xc) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f00000000c0)=@broute={'broute\x00\x00\x00\x00\x02\x00\x00\x00\x00t\x00', 0x20, 0x1, 0x178, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000800], 0x2, 0x0, &(0x7f0000000800)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe, 0x1, [{{{0x11, 0x0, 0x0, 'bcsf0\x00\x00\x00\x00\b\x00', 'veth0_to_bond\x00\x00\x02', 'vcan0\x00', 'vlan0\x00', @broadcast, [], @link_local, [], 0xb0, 0xb0, 0xe8, [@devgroup={'devgroup\x00', 0x18, {{0x38}}}]}}, @common=@dnat={'dnat\x00', 0x10, {{@link_local}}}}]}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}]}, 0x1f0) fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0) 03:43:38 executing program 3: r0 = syz_open_dev$dri(&(0x7f00000000c0)='/dev/dri/card#\x00', 0x0, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000000)={0x0, @in={{0x2, 0x4e22, @loopback}}, 0x100, 0x100000000, 0x1, 0x7f, 0x1}, &(0x7f0000000100)=0x98) getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r1, 0x84, 0x72, &(0x7f0000000140)={r2, 0x100, 0x20}, &(0x7f0000000200)=0xc) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r1, 0xc02c5341, &(0x7f0000000180)) getsockopt$inet_sctp6_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000000240)={r3, 0x2}, &(0x7f0000000280)=0x8) [ 3394.678770][ T26] audit: type=1804 audit(2000000618.209:202): pid=30707 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir217225525/syzkaller.d07L5x/5913/file0" dev="sda1" ino=18147 res=1 03:43:38 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x1f00, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:43:38 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000340)={0x0, 0x4800, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) [ 3394.834003][ T7695] syz-executor.1 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=0 [ 3394.862059][ T26] audit: type=1800 audit(2000000618.209:203): pid=30707 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="file0" dev="sda1" ino=18147 res=0 03:43:38 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$inet(0x2, 0x2000000080003, 0xc) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f00000000c0)=@broute={'broute\x00\x00\x00\x00\x02\x00\x00\x00\x00t\x00', 0x20, 0x1, 0x178, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000800], 0x2, 0x0, &(0x7f0000000800)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe, 0x1, [{{{0x11, 0x0, 0x0, 'bcsf0\x00\x00\x00\x00\b\x00', 'veth0_to_bond\x00\x00\x04', 'vcan0\x00', 'vlan0\x00', @broadcast, [], @link_local, [], 0xb0, 0xb0, 0xe8, [@devgroup={'devgroup\x00', 0x18, {{0x38}}}]}}, @common=@dnat={'dnat\x00', 0x10, {{@link_local}}}}]}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}]}, 0x1f0) fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0) [ 3394.874782][ T7695] CPU: 1 PID: 7695 Comm: syz-executor.1 Not tainted 5.1.0-rc5-next-20190418 #28 [ 3394.891651][ T7695] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3394.902154][ T7695] Call Trace: [ 3394.905468][ T7695] dump_stack+0x172/0x1f0 [ 3394.909822][ T7695] dump_header+0x10f/0xb6c [ 3394.914265][ T7695] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3394.920089][ T7695] ? ___ratelimit+0x60/0x595 [ 3394.924780][ T7695] ? do_raw_spin_unlock+0x57/0x270 [ 3394.929915][ T7695] oom_kill_process.cold+0x10/0x15 [ 3394.935143][ T7695] out_of_memory+0x79a/0x1280 [ 3394.935164][ T7695] ? lock_downgrade+0x880/0x880 [ 3394.935178][ T7695] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3394.935191][ T7695] ? oom_killer_disable+0x280/0x280 [ 3394.935207][ T7695] ? find_held_lock+0x35/0x130 [ 3394.950971][ T7695] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3394.966479][ T7695] ? memcg_event_wake+0x230/0x230 [ 3394.971538][ T7695] ? do_raw_spin_unlock+0x57/0x270 [ 3394.976680][ T7695] ? _raw_spin_unlock+0x2d/0x50 [ 3394.981749][ T7695] try_charge+0x118d/0x1790 [ 3394.986394][ T7695] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3394.992048][ T7695] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 3394.997708][ T7695] ? find_held_lock+0x35/0x130 [ 3395.002680][ T7695] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 3395.008260][ T7695] __memcg_kmem_charge_memcg+0x7c/0x130 [ 3395.013925][ T7695] ? memcg_kmem_put_cache+0xb0/0xb0 [ 3395.019151][ T7695] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3395.024725][ T7695] __memcg_kmem_charge+0x136/0x300 [ 3395.029868][ T7695] __alloc_pages_nodemask+0x437/0x7e0 [ 3395.035308][ T7695] ? __alloc_pages_slowpath+0x28b0/0x28b0 [ 3395.041277][ T7695] ? copy_page_range+0x128a/0x1fc0 [ 3395.041296][ T7695] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3395.041314][ T7695] alloc_pages_current+0x107/0x210 [ 3395.041335][ T7695] pte_alloc_one+0x1b/0x1a0 [ 3395.041347][ T7695] __pte_alloc+0x20/0x310 [ 3395.041361][ T7695] copy_page_range+0x1561/0x1fc0 [ 3395.041376][ T7695] ? __lock_acquire+0x548/0x3fb0 [ 3395.041403][ T7695] ? pmd_alloc+0x180/0x180 [ 3395.052963][ T7695] ? vma_gap_callbacks_rotate+0x62/0x80 [ 3395.052981][ T7695] ? __rb_insert_augmented+0x231/0xdf0 [ 3395.052995][ T7695] ? validate_mm_rb+0xa3/0xc0 [ 3395.053011][ T7695] ? __vma_link_rb+0x279/0x370 [ 3395.053025][ T7695] ? kasan_check_write+0x14/0x20 [ 3395.053044][ T7695] copy_process.part.0+0x5afb/0x7a90 [ 3395.053079][ T7695] ? __cleanup_sighand+0x60/0x60 [ 3395.093221][ T7695] _do_fork+0x257/0xfd0 [ 3395.093240][ T7695] ? fork_idle+0x1d0/0x1d0 [ 3395.102760][ T7695] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3395.102782][ T7695] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3395.137825][ T7695] ? do_syscall_64+0x26/0x670 [ 3395.142507][ T7695] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3395.148596][ T7695] ? do_syscall_64+0x26/0x670 [ 3395.153289][ T7695] __x64_sys_clone+0xbf/0x150 [ 3395.157990][ T7695] do_syscall_64+0x103/0x670 [ 3395.162674][ T7695] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3395.168584][ T7695] RIP: 0033:0x4571fa [ 3395.172658][ T7695] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 3395.192679][ T7695] RSP: 002b:00007fffe48ad8d0 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 3395.201199][ T7695] RAX: ffffffffffffffda RBX: 00007fffe48ad8d0 RCX: 00000000004571fa [ 3395.209275][ T7695] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 3395.217268][ T7695] RBP: 00007fffe48ad910 R08: 0000000000000001 R09: 00005555574fc940 [ 3395.225245][ T7695] R10: 00005555574fcc10 R11: 0000000000000246 R12: 0000000000000001 [ 3395.225253][ T7695] R13: 0000000000000000 R14: 0000000000000000 R15: 00007fffe48ad960 [ 3395.228339][ T7695] memory: usage 307200kB, limit 307200kB, failcnt 34942 [ 3395.249379][ T7695] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3395.257797][ T7695] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3395.265249][ T7695] Memory cgroup stats for /syz1: cache:88KB rss:98592KB rss_huge:0KB shmem:8KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:98596KB inactive_file:68KB active_file:184KB unevictable:0KB [ 3395.287259][ T7695] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=30310,uid=0 [ 3395.304508][ T7695] Memory cgroup out of memory: Killed process 30310 (syz-executor.1) total-vm:72448kB, anon-rss:160kB, file-rss:35800kB, shmem-rss:0kB [ 3395.337039][T30758] syz-executor.5 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 3395.354648][T30758] CPU: 0 PID: 30758 Comm: syz-executor.5 Not tainted 5.1.0-rc5-next-20190418 #28 [ 3395.364213][T30758] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3395.374290][T30758] Call Trace: [ 3395.377620][T30758] dump_stack+0x172/0x1f0 [ 3395.382383][T30758] dump_header+0x10f/0xb6c [ 3395.386911][T30758] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3395.393183][T30758] ? ___ratelimit+0x60/0x595 [ 3395.397916][T30758] ? do_raw_spin_unlock+0x57/0x270 [ 3395.403180][T30758] oom_kill_process.cold+0x10/0x15 [ 3395.408456][T30758] out_of_memory+0x79a/0x1280 [ 3395.413430][T30758] ? oom_killer_disable+0x280/0x280 [ 3395.418986][T30758] ? find_held_lock+0x35/0x130 [ 3395.423875][T30758] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3395.429529][T30758] ? memcg_event_wake+0x230/0x230 [ 3395.434595][T30758] ? do_raw_spin_unlock+0x57/0x270 [ 3395.439718][T30758] ? _raw_spin_unlock+0x2d/0x50 [ 3395.444672][T30758] try_charge+0x118d/0x1790 [ 3395.449310][T30758] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3395.454978][T30758] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 3395.460628][T30758] ? find_held_lock+0x35/0x130 [ 3395.465407][T30758] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 3395.470994][T30758] __memcg_kmem_charge_memcg+0x7c/0x130 [ 3395.476639][T30758] ? memcg_kmem_put_cache+0xb0/0xb0 [ 3395.481846][T30758] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3395.487592][T30758] __memcg_kmem_charge+0x136/0x300 [ 3395.492821][T30758] __alloc_pages_nodemask+0x437/0x7e0 [ 3395.498608][T30758] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3395.505077][T30758] ? __alloc_pages_slowpath+0x28b0/0x28b0 [ 3395.510822][T30758] ? copy_process.part.0+0x1d40/0x7a90 [ 3395.516390][T30758] ? lockdep_hardirqs_on+0x418/0x5d0 [ 3395.521703][T30758] ? trace_hardirqs_on+0x67/0x230 [ 3395.526895][T30758] ? kasan_check_read+0x11/0x20 [ 3395.532065][T30758] copy_process.part.0+0x3e0/0x7a90 [ 3395.537320][T30758] ? __handle_mm_fault+0x21b7/0x3ec0 [ 3395.542815][T30758] ? find_held_lock+0x35/0x130 [ 3395.547903][T30758] ? __handle_mm_fault+0x21b7/0x3ec0 [ 3395.553665][T30758] ? lock_downgrade+0x880/0x880 [ 3395.558664][T30758] ? migration_entry_to_page+0x320/0x320 [ 3395.564580][T30758] ? lru_cache_add+0x21c/0x590 [ 3395.569459][T30758] ? __cleanup_sighand+0x60/0x60 [ 3395.574617][T30758] ? __handle_mm_fault+0x7cd/0x3ec0 [ 3395.579996][T30758] ? __do_page_fault+0x623/0xda0 [ 3395.585218][T30758] ? find_held_lock+0x35/0x130 [ 3395.590003][T30758] _do_fork+0x257/0xfd0 [ 3395.594265][T30758] ? fork_idle+0x1d0/0x1d0 [ 3395.598694][T30758] ? kasan_check_write+0x14/0x20 [ 3395.603639][T30758] ? up_read+0x90/0x1c0 [ 3395.607826][T30758] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3395.613308][T30758] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3395.618873][T30758] ? do_syscall_64+0x26/0x670 [ 3395.623573][T30758] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3395.629770][T30758] ? do_syscall_64+0x26/0x670 [ 3395.634467][T30758] __x64_sys_clone+0xbf/0x150 [ 3395.639366][T30758] do_syscall_64+0x103/0x670 [ 3395.643978][T30758] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3395.649879][T30758] RIP: 0033:0x45b5f9 [ 3395.653798][T30758] Code: ff 48 85 f6 0f 84 d7 8e fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8e fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 3395.673911][T30758] RSP: 002b:00007ffc1533c028 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 3395.682343][T30758] RAX: ffffffffffffffda RBX: 00007fea30603700 RCX: 000000000045b5f9 [ 3395.690331][T30758] RDX: 00007fea306039d0 RSI: 00007fea30602db0 RDI: 00000000003d0f00 [ 3395.698359][T30758] RBP: 00007ffc1533c230 R08: 00007fea30603700 R09: 00007fea30603700 [ 3395.706453][T30758] R10: 00007fea306039d0 R11: 0000000000000202 R12: 0000000000000000 [ 3395.714484][T30758] R13: 00007ffc1533c0df R14: 00007fea306039c0 R15: 000000000073bfac [ 3395.726082][T30758] memory: usage 307200kB, limit 307200kB, failcnt 96793 [ 3395.734196][T30758] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3395.744722][T30758] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3395.752003][T30758] Memory cgroup stats for /syz5: cache:124KB rss:99416KB rss_huge:0KB shmem:132KB mapped_file:0KB dirty:132KB writeback:0KB swap:0KB inactive_anon:132KB active_anon:99468KB inactive_file:4KB active_file:0KB unevictable:0KB [ 3395.773998][T30758] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=30758,uid=0 [ 3395.789798][T30758] Memory cgroup out of memory: Killed process 30758 (syz-executor.5) total-vm:72580kB, anon-rss:160kB, file-rss:35724kB, shmem-rss:0kB [ 3395.805383][ T1044] oom_reaper: reaped process 30758 (syz-executor.5), now anon-rss:0kB, file-rss:34828kB, shmem-rss:0kB [ 3395.810267][T30975] syz-executor.1 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 03:43:39 executing program 5: socket$inet_udplite(0x2, 0x2, 0x88) sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000002300)}, 0x0) clone(0x0, 0x0, 0x0, 0x0, 0x0) sysinfo(&(0x7f0000000000)=""/248) r0 = socket$inet(0x10, 0x3, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$sock_ifreq(r1, 0x89f1, &(0x7f0000000180)={'ip6tnl0\x00', @ifru_flags}) 03:43:39 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$inet(0x2, 0x2000000080003, 0xc) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f00000000c0)=@broute={'broute\x00\x00\x00\x00\x02\x00\x00\x00\x00t\x00', 0x20, 0x1, 0x178, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000800], 0x2, 0x0, &(0x7f0000000800)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe, 0x1, [{{{0x11, 0x0, 0x0, 'bcsf0\x00\x00\x00\x00\b\x00', 'veth0_to_bond\x00\x00 ', 'vcan0\x00', 'vlan0\x00', @broadcast, [], @link_local, [], 0xb0, 0xb0, 0xe8, [@devgroup={'devgroup\x00', 0x18, {{0x38}}}]}}, @common=@dnat={'dnat\x00', 0x10, {{@link_local}}}}]}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}]}, 0x1f0) fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0) 03:43:39 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000080)={0x0, 0x2000}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe7000/0x18000)=nil, &(0x7f0000000440)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0x50) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000001000/0x2000)=nil}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 03:43:39 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x2000, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:43:39 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000340)={0x0, 0x4900, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) [ 3395.837226][T30975] CPU: 1 PID: 30975 Comm: syz-executor.1 Not tainted 5.1.0-rc5-next-20190418 #28 [ 3395.846479][T30975] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3395.856569][T30975] Call Trace: [ 3395.859887][T30975] dump_stack+0x172/0x1f0 [ 3395.864262][T30975] dump_header+0x10f/0xb6c [ 3395.868797][T30975] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3395.874711][T30975] ? ___ratelimit+0x60/0x595 [ 3395.879322][T30975] ? do_raw_spin_unlock+0x57/0x270 [ 3395.884458][T30975] oom_kill_process.cold+0x10/0x15 03:43:39 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x2100, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) [ 3395.889696][T30975] out_of_memory+0x79a/0x1280 [ 3395.894532][T30975] ? oom_killer_disable+0x280/0x280 [ 3395.899751][T30975] ? find_held_lock+0x35/0x130 [ 3395.904543][T30975] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3395.904561][T30975] ? memcg_event_wake+0x230/0x230 [ 3395.915157][T30975] ? do_raw_spin_unlock+0x57/0x270 [ 3395.915178][T30975] ? _raw_spin_unlock+0x2d/0x50 [ 3395.915204][T30975] try_charge+0x118d/0x1790 [ 3395.929804][T30975] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3395.935375][T30975] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 3395.940970][T30975] ? find_held_lock+0x35/0x130 [ 3395.945777][T30975] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 3395.951360][T30975] __memcg_kmem_charge_memcg+0x7c/0x130 [ 3395.956941][T30975] ? memcg_kmem_put_cache+0xb0/0xb0 [ 3395.962263][T30975] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3395.967847][T30975] __memcg_kmem_charge+0x136/0x300 [ 3395.972992][T30975] __alloc_pages_nodemask+0x437/0x7e0 [ 3395.978663][T30975] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3395.985026][T30975] ? __alloc_pages_slowpath+0x28b0/0x28b0 [ 3395.990789][T30975] ? copy_process.part.0+0x1d40/0x7a90 [ 3395.990812][T30975] ? lockdep_hardirqs_on+0x418/0x5d0 [ 3396.001526][T30975] ? trace_hardirqs_on+0x67/0x230 [ 3396.001544][T30975] copy_process.part.0+0x3e0/0x7a90 [ 3396.001560][T30975] ? __lock_acquire+0x548/0x3fb0 [ 3396.001586][T30975] ? __might_fault+0x12b/0x1e0 [ 3396.001609][T30975] ? __cleanup_sighand+0x60/0x60 [ 3396.026569][T30975] ? lock_downgrade+0x880/0x880 [ 3396.031554][T30975] _do_fork+0x257/0xfd0 [ 3396.035749][T30975] ? fork_idle+0x1d0/0x1d0 [ 3396.040206][T30975] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3396.046119][T30975] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3396.051820][T30975] ? do_syscall_64+0x26/0x670 [ 3396.056586][T30975] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3396.062667][T30975] ? do_syscall_64+0x26/0x670 [ 3396.067366][T30975] __x64_sys_clone+0xbf/0x150 [ 3396.072044][T30975] do_syscall_64+0x103/0x670 [ 3396.076624][T30975] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3396.082518][T30975] RIP: 0033:0x458c29 [ 3396.086399][T30975] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3396.106072][T30975] RSP: 002b:00007fe1cdf85c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 3396.114489][T30975] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000458c29 [ 3396.122531][T30975] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000002102001ffe [ 3396.130589][T30975] RBP: 000000000073bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 3396.138606][T30975] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe1cdf866d4 [ 3396.146563][T30975] R13: 00000000004befd3 R14: 00000000004d0020 R15: 00000000ffffffff [ 3396.171516][T30975] memory: usage 307156kB, limit 307200kB, failcnt 34982 [ 3396.188425][T30975] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3396.236061][T30975] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3396.260139][T30975] Memory cgroup stats for /syz1: cache:88KB rss:98592KB rss_huge:0KB shmem:8KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:98596KB inactive_file:68KB active_file:184KB unevictable:0KB [ 3396.321950][T30975] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=6271,uid=0 [ 3396.338494][T30975] Memory cgroup out of memory: Killed process 6271 (syz-executor.1) total-vm:72580kB, anon-rss:168kB, file-rss:35792kB, shmem-rss:0kB [ 3396.395102][T30971] syz-executor.1 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 3396.425399][T30971] CPU: 0 PID: 30971 Comm: syz-executor.1 Not tainted 5.1.0-rc5-next-20190418 #28 [ 3396.435085][T30971] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3396.445514][T30971] Call Trace: [ 3396.449153][T30971] dump_stack+0x172/0x1f0 [ 3396.453880][T30971] dump_header+0x10f/0xb6c [ 3396.458612][T30971] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3396.464602][T30971] ? ___ratelimit+0x60/0x595 [ 3396.469207][T30971] ? do_raw_spin_unlock+0x57/0x270 [ 3396.474418][T30971] oom_kill_process.cold+0x10/0x15 [ 3396.479660][T30971] out_of_memory+0x79a/0x1280 [ 3396.484589][T30971] ? oom_killer_disable+0x280/0x280 [ 3396.489811][T30971] ? find_held_lock+0x35/0x130 [ 3396.494599][T30971] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3396.500166][T30971] ? memcg_event_wake+0x230/0x230 [ 3396.505490][T30971] ? do_raw_spin_unlock+0x57/0x270 [ 3396.510642][T30971] ? _raw_spin_unlock+0x2d/0x50 [ 3396.515520][T30971] try_charge+0xd4d/0x1790 [ 3396.519952][T30971] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3396.525511][T30971] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 3396.537029][T30971] ? find_held_lock+0x35/0x130 [ 3396.542024][T30971] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 3396.547621][T30971] __memcg_kmem_charge_memcg+0x7c/0x130 [ 3396.553369][T30971] ? memcg_kmem_put_cache+0xb0/0xb0 [ 3396.558592][T30971] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3396.564321][T30971] __memcg_kmem_charge+0x136/0x300 [ 3396.569579][T30971] __alloc_pages_nodemask+0x437/0x7e0 [ 3396.575140][T30971] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3396.581611][T30971] ? __alloc_pages_slowpath+0x28b0/0x28b0 [ 3396.587857][T30971] ? copy_process.part.0+0x1d40/0x7a90 [ 3396.593332][T30971] ? lockdep_hardirqs_on+0x418/0x5d0 [ 3396.598811][T30971] ? trace_hardirqs_on+0x67/0x230 [ 3396.603932][T30971] copy_process.part.0+0x3e0/0x7a90 [ 3396.609249][T30971] ? psi_memstall_leave+0x11c/0x180 [ 3396.614532][T30971] ? kvm_sched_clock_read+0x9/0x20 [ 3396.619689][T30971] ? psi_memstall_leave+0x12e/0x180 [ 3396.625105][T30971] ? find_held_lock+0x35/0x130 [ 3396.630092][T30971] ? psi_memstall_leave+0x12e/0x180 [ 3396.635308][T30971] ? __cleanup_sighand+0x60/0x60 [ 3396.640430][T30971] ? __lock_acquire+0x548/0x3fb0 [ 3396.645631][T30971] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3396.651914][T30971] _do_fork+0x257/0xfd0 [ 3396.656168][T30971] ? fork_idle+0x1d0/0x1d0 [ 3396.660727][T30971] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3396.666273][T30971] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3396.671826][T30971] ? do_syscall_64+0x26/0x670 [ 3396.676593][T30971] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3396.682749][T30971] ? do_syscall_64+0x26/0x670 [ 3396.687549][T30971] __x64_sys_clone+0xbf/0x150 [ 3396.692337][T30971] do_syscall_64+0x103/0x670 [ 3396.697189][T30971] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3396.703084][T30971] RIP: 0033:0x45b5f9 [ 3396.706981][T30971] Code: ff 48 85 f6 0f 84 d7 8e fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8e fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 3396.726842][T30971] RSP: 002b:00007fffe48ad648 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 3396.735293][T30971] RAX: ffffffffffffffda RBX: 00007fe1cdf65700 RCX: 000000000045b5f9 [ 3396.743304][T30971] RDX: 00007fe1cdf659d0 RSI: 00007fe1cdf64db0 RDI: 00000000003d0f00 [ 3396.751390][T30971] RBP: 00007fffe48ad850 R08: 00007fe1cdf65700 R09: 00007fe1cdf65700 [ 3396.759913][T30971] R10: 00007fe1cdf659d0 R11: 0000000000000202 R12: 0000000000000000 [ 3396.768194][T30971] R13: 00007fffe48ad6ff R14: 00007fe1cdf659c0 R15: 000000000073c04c [ 3396.779659][T30971] memory: usage 306876kB, limit 307200kB, failcnt 34982 [ 3396.786769][T30971] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3396.794730][T30971] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3396.801947][T30971] Memory cgroup stats for /syz1: cache:88KB rss:98592KB rss_huge:0KB shmem:8KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:98596KB inactive_file:68KB active_file:184KB unevictable:0KB [ 3396.823691][T30971] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=8154,uid=0 [ 3396.840055][T30971] Memory cgroup out of memory: Killed process 8154 (syz-executor.1) total-vm:72580kB, anon-rss:168kB, file-rss:35792kB, shmem-rss:0kB [ 3396.855499][ T1044] oom_reaper: reaped process 8154 (syz-executor.1), now anon-rss:0kB, file-rss:34832kB, shmem-rss:0kB [ 3396.861453][T31046] syz-executor.5 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 3396.881111][T31046] CPU: 1 PID: 31046 Comm: syz-executor.5 Not tainted 5.1.0-rc5-next-20190418 #28 [ 3396.890432][T31046] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3396.900813][T31046] Call Trace: [ 3396.904220][T31046] dump_stack+0x172/0x1f0 [ 3396.908804][T31046] dump_header+0x10f/0xb6c [ 3396.913212][T31046] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3396.919031][T31046] ? ___ratelimit+0x60/0x595 [ 3396.923608][T31046] ? do_raw_spin_unlock+0x57/0x270 [ 3396.928723][T31046] oom_kill_process.cold+0x10/0x15 [ 3396.934008][T31046] out_of_memory+0x79a/0x1280 [ 3396.938680][T31046] ? oom_killer_disable+0x280/0x280 [ 3396.944243][T31046] ? find_held_lock+0x35/0x130 [ 3396.949026][T31046] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3396.954677][T31046] ? memcg_event_wake+0x230/0x230 [ 3396.959986][T31046] ? do_raw_spin_unlock+0x57/0x270 [ 3396.965285][T31046] ? _raw_spin_unlock+0x2d/0x50 [ 3396.970134][T31046] try_charge+0x118d/0x1790 [ 3396.974642][T31046] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3396.980351][T31046] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 3396.985899][T31046] ? find_held_lock+0x35/0x130 [ 3396.990892][T31046] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 3396.996534][T31046] __memcg_kmem_charge_memcg+0x7c/0x130 [ 3397.002171][T31046] ? memcg_kmem_put_cache+0xb0/0xb0 [ 3397.007477][T31046] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3397.013036][T31046] __memcg_kmem_charge+0x136/0x300 [ 3397.018145][T31046] __alloc_pages_nodemask+0x437/0x7e0 [ 3397.023618][T31046] ? __alloc_pages_slowpath+0x28b0/0x28b0 [ 3397.029480][T31046] ? do_huge_pmd_anonymous_page+0x420/0x1660 [ 3397.035456][T31046] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3397.041859][T31046] alloc_pages_current+0x107/0x210 [ 3397.047119][T31046] pte_alloc_one+0x1b/0x1a0 [ 3397.051617][T31046] __pte_alloc+0x20/0x310 [ 3397.056026][T31046] __handle_mm_fault+0x3391/0x3ec0 [ 3397.061225][T31046] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3397.066760][T31046] ? find_held_lock+0x35/0x130 [ 3397.071530][T31046] ? handle_mm_fault+0x292/0xa90 [ 3397.076665][T31046] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3397.083168][T31046] ? kasan_check_read+0x11/0x20 [ 3397.088022][T31046] handle_mm_fault+0x3b7/0xa90 [ 3397.092777][T31046] __do_page_fault+0x5ef/0xda0 [ 3397.097531][T31046] do_page_fault+0x71/0x581 [ 3397.102024][T31046] ? page_fault+0x8/0x30 [ 3397.106542][T31046] page_fault+0x1e/0x30 [ 3397.110726][T31046] RIP: 0033:0x400610 [ 3397.114616][T31046] Code: 01 e9 c9 00 00 00 48 8b 44 24 10 48 0b 44 24 28 be 08 00 00 00 48 8b 14 24 75 17 48 8b 7c 24 20 e8 f5 51 00 00 48 8b 4c 24 08 <48> 89 01 e9 9d 00 00 00 48 8b 44 24 08 48 8b 38 e8 db 51 00 00 8a [ 3397.134226][T31046] RSP: 002b:00007ffc1533c120 EFLAGS: 00010206 [ 3397.140388][T31046] RAX: 0000000000000000 RBX: 0000000000740060 RCX: 0000000020000180 03:43:40 executing program 1: socket$inet_udplite(0x2, 0x2, 0x88) clock_gettime(0x0, &(0x7f0000000100)) sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000002300)=[{&(0x7f0000001300)}], 0x1}, 0x0) perf_event_open(&(0x7f0000000080)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x2102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) gettid() clone(0x3000000b8160102, 0x0, 0x0, 0x0, 0x0) wait4(0x0, 0x0, 0x0, 0x0) sysinfo(&(0x7f0000000000)=""/248) r0 = socket$inet(0x10, 0x3, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) setsockopt$IP_VS_SO_SET_FLUSH(0xffffffffffffffff, 0x0, 0x485, 0x0, 0x0) r2 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000340)='IPVS\x00') sendmsg$IPVS_CMD_NEW_SERVICE(r1, &(0x7f0000000280)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x24, r2, 0x320, 0x70bd2a, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x200}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0xb46a}]}, 0x24}, 0x1, 0x0, 0x0, 0x4}, 0x0) r3 = getuid() setuid(r3) ioctl$sock_ifreq(r1, 0x89f1, &(0x7f0000000180)={'ip6tnl0\x00', @ifru_flags}) 03:43:40 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x2200, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:43:40 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000340)={0x0, 0x4a00, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:43:40 executing program 3: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) bind$bt_l2cap(r0, &(0x7f0000000500), 0xe) fchdir(r0) bind$bt_l2cap(r0, &(0x7f0000000000), 0xe) 03:43:40 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$inet(0x2, 0x2000000080003, 0xc) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f00000000c0)=@broute={'broute\x00\x00\x00\x00\x02\x00\x00\x00\x00t\x00', 0x20, 0x1, 0x178, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000800], 0x2, 0x0, &(0x7f0000000800)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe, 0x1, [{{{0x11, 0x0, 0x0, 'bcsf0\x00\x00\x00\x00\b\x00', 'veth0_to_bond\x00', 'vcan0\x00', 'vlan0\x00', @broadcast, [], @link_local, [], 0xb0, 0xb0, 0xe8, [@devgroup={'devgroup\x00', 0x18, {{0x38}}}]}}, @common=@dnat={'dnat\x00', 0x10, {{@link_local}}}}]}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}]}, 0x1f0) fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0) [ 3397.148725][T31046] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000000 [ 3397.156700][T31046] RBP: 0000000000740068 R08: 0000000000000000 R09: 0000000000000000 [ 3397.164905][T31046] R10: 00007ffc1533c220 R11: 0000000000000246 R12: fffffffffffffffe [ 3397.172946][T31046] R13: 000000000033d2a9 R14: 000000000033d2d6 R15: 000000000073bf0c [ 3397.182358][T31046] memory: usage 307200kB, limit 307200kB, failcnt 96833 [ 3397.212611][T31046] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 03:43:40 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$inet(0x2, 0x2000000080003, 0xc) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f00000000c0)=@broute={'broute\x00\x00\x00\x00\x02\x00\x00\x00\x00t\x00', 0x20, 0x1, 0x178, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000800], 0x2, 0x0, &(0x7f0000000800)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe, 0x1, [{{{0x11, 0x0, 0x0, 'bcsf0\x00\x00\x00\x00\b\x00', 'veth0_to_bond\x00', 'vcan0\x00', 'vlan0\x00', @broadcast, [], @link_local, [], 0xb0, 0xb0, 0xe8, [@devgroup={'devgroup\x00', 0x18, {{0x38}}}]}}, @common=@dnat={'dnat\x00', 0x10, {{@link_local}}}}]}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}]}, 0x1f0) fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0) [ 3397.274549][T31046] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3397.330628][T31046] Memory cgroup stats for /syz5: cache:124KB rss:99548KB rss_huge:0KB shmem:132KB mapped_file:0KB dirty:132KB writeback:0KB swap:0KB inactive_anon:132KB active_anon:99600KB inactive_file:4KB active_file:0KB unevictable:0KB [ 3397.411658][T31046] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=30697,uid=0 [ 3397.459177][T31046] Memory cgroup out of memory: Killed process 30697 (syz-executor.5) total-vm:72580kB, anon-rss:160kB, file-rss:34816kB, shmem-rss:0kB [ 3397.483806][ T1044] oom_reaper: reaped process 30697 (syz-executor.5), now anon-rss:0kB, file-rss:34688kB, shmem-rss:0kB [ 3397.553511][T31046] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3397.564632][T31046] CPU: 0 PID: 31046 Comm: syz-executor.5 Not tainted 5.1.0-rc5-next-20190418 #28 [ 3397.574133][T31046] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3397.584819][T31046] Call Trace: [ 3397.588350][T31046] dump_stack+0x172/0x1f0 [ 3397.592745][T31046] dump_header+0x10f/0xb6c [ 3397.597313][T31046] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3397.603138][T31046] ? ___ratelimit+0x60/0x595 [ 3397.607873][T31046] ? do_raw_spin_unlock+0x57/0x270 [ 3397.613406][T31046] oom_kill_process.cold+0x10/0x15 [ 3397.618610][T31046] out_of_memory+0x79a/0x1280 [ 3397.623294][T31046] ? lock_downgrade+0x880/0x880 [ 3397.628152][T31046] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3397.634423][T31046] ? oom_killer_disable+0x280/0x280 [ 3397.639620][T31046] ? find_held_lock+0x35/0x130 [ 3397.644395][T31046] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3397.650037][T31046] ? memcg_event_wake+0x230/0x230 [ 3397.655070][T31046] ? do_raw_spin_unlock+0x57/0x270 [ 3397.660643][T31046] ? _raw_spin_unlock+0x2d/0x50 [ 3397.665602][T31046] try_charge+0x118d/0x1790 [ 3397.670294][T31046] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3397.675859][T31046] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3397.682213][T31046] ? kasan_check_read+0x11/0x20 [ 3397.687062][T31046] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3397.692876][T31046] mem_cgroup_try_charge+0x24d/0x5e0 [ 3397.698283][T31046] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3397.703942][T31046] wp_page_copy+0x416/0x1770 [ 3397.708587][T31046] ? do_wp_page+0x486/0x1500 [ 3397.713186][T31046] ? pmd_pfn+0x1d0/0x1d0 [ 3397.717467][T31046] ? lock_downgrade+0x880/0x880 [ 3397.722463][T31046] ? swp_swapcount+0x540/0x540 [ 3397.727369][T31046] ? kasan_check_read+0x11/0x20 [ 3397.732318][T31046] ? do_raw_spin_unlock+0x57/0x270 [ 3397.737696][T31046] do_wp_page+0x48e/0x1500 [ 3397.742262][T31046] ? finish_mkwrite_fault+0x540/0x540 [ 3397.747733][T31046] __handle_mm_fault+0x22e8/0x3ec0 [ 3397.752847][T31046] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3397.758404][T31046] ? find_held_lock+0x35/0x130 [ 3397.763288][T31046] ? handle_mm_fault+0x292/0xa90 [ 3397.768508][T31046] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3397.774841][T31046] ? sync_mm_rss+0xa4/0x1c0 [ 3397.779522][T31046] handle_mm_fault+0x3b7/0xa90 [ 3397.784395][T31046] __do_page_fault+0x5ef/0xda0 [ 3397.789173][T31046] do_page_fault+0x71/0x581 [ 3397.793679][T31046] ? page_fault+0x8/0x30 [ 3397.797926][T31046] page_fault+0x1e/0x30 [ 3397.802093][T31046] RIP: 0033:0x42f207 [ 3397.806060][T31046] Code: 00 be 88 13 4e 00 bf 30 1b 4e 00 e8 e3 b8 ff ff 0f 1f 00 48 83 fe bf 0f 87 63 08 00 00 48 89 f0 41 57 41 56 48 83 c0 17 41 55 <41> 54 55 53 48 89 c5 48 83 e5 f0 48 89 fb 48 81 ec 98 00 00 00 48 [ 3397.825667][T31046] RSP: 002b:00007ffc1533c000 EFLAGS: 00010206 [ 3397.831733][T31046] RAX: 0000000000000127 RBX: 0000000000713640 RCX: 0000000000458c7a [ 3397.839711][T31046] RDX: 0000000000000011 RSI: 0000000000000110 RDI: 0000000000713640 [ 3397.847800][T31046] RBP: 0000000000000110 R08: ffffffffffffffff R09: 0000000000000000 [ 3397.855775][T31046] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000000205b0 [ 3397.863872][T31046] R13: 00005555555cca50 R14: 0000000000000005 R15: 000000000073bfac [ 3397.873961][T31046] memory: usage 307196kB, limit 307200kB, failcnt 96866 [ 3397.881077][T31046] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3397.888655][T31046] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3397.895527][T31046] Memory cgroup stats for /syz5: cache:124KB rss:99548KB rss_huge:0KB shmem:132KB mapped_file:0KB dirty:132KB writeback:0KB swap:0KB inactive_anon:132KB active_anon:99468KB inactive_file:4KB active_file:0KB unevictable:0KB [ 3397.917701][T31046] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=31046,uid=0 [ 3397.933335][T31046] Memory cgroup out of memory: Killed process 31046 (syz-executor.5) total-vm:72580kB, anon-rss:160kB, file-rss:35724kB, shmem-rss:0kB 03:43:41 executing program 5: socket$inet_udplite(0x2, 0x2, 0x88) sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000002300)}, 0x0) clone(0x0, 0x0, 0x0, 0x0, 0x0) sysinfo(&(0x7f0000000000)=""/248) r0 = socket$inet(0x10, 0x3, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$sock_ifreq(r1, 0x89f1, &(0x7f0000000180)={'ip6tnl0\x00', @ifru_flags}) 03:43:41 executing program 3: mlock2(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0) r0 = socket$can_raw(0x1d, 0x3, 0x1) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000000)={0x0}, &(0x7f0000000040)=0xc) ptrace$PTRACE_SECCOMP_GET_METADATA(0x420d, r1, 0x10, &(0x7f00000000c0)={0x3}) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$DRM_IOCTL_WAIT_VBLANK(0xffffffffffffffff, 0xc018643a, 0x0) mmap(&(0x7f00000f0000/0x4000)=nil, 0x4000, 0x2, 0x31, r2, 0x0) socket$nl_route(0x10, 0x3, 0x0) ioctl$PPPOEIOCDFWD(0xffffffffffffffff, 0xb101, 0x0) write$RDMA_USER_CM_CMD_SET_OPTION(0xffffffffffffffff, 0x0, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x5c831, 0xffffffffffffffff, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f00001da000/0x18000)=nil, 0x0, 0x0, 0x0, &(0x7f0000000680), 0x2000) 03:43:41 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) clock_gettime(0x0, &(0x7f0000000100)) fcntl$getflags(r0, 0x0) sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000002300)=[{&(0x7f0000001300)}], 0x1}, 0x0) perf_event_open(&(0x7f0000000080)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x2102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) gettid() clone(0x3000000b8160102, 0x0, 0x0, 0x0, 0x0) wait4(0x0, 0x0, 0x0, 0x0) sysinfo(&(0x7f0000000000)=""/248) r1 = socket$inet(0x10, 0x3, 0x0) r2 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/snapshot\x00', 0xfffffffff8000002, 0x0) connect$nfc_llcp(r2, &(0x7f00000001c0)={0x27, 0x1, 0x2, 0x2, 0xf8, 0x4, "0b738cbe5234a5125e24b52002ae2fddd4adec85d1647deeab1b7ad30ff979456f999827f55c151012f1251de3bdfb4f93160687b4a046659a19ffa74943ef", 0x16}, 0x60) r3 = fcntl$dupfd(r1, 0x0, r1) setsockopt$IP_VS_SO_SET_FLUSH(0xffffffffffffffff, 0x0, 0x485, 0x0, 0x0) ioctl$sock_ifreq(r3, 0x89f1, &(0x7f0000000180)={'ip6tnl0\x00', @ifru_flags}) 03:43:41 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000340)={0x0, 0x4b00, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:43:41 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x2300, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:43:41 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$inet(0x2, 0x2000000080003, 0xc) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f00000000c0)=@broute={'broute\x00\x00\x00\x00\x02\x00\x00\x00\x00t\x00', 0x20, 0x1, 0x178, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000800], 0x2, 0x0, &(0x7f0000000800)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe, 0x1, [{{{0x11, 0x0, 0x0, 'bcsf0\x00\x00\x00\x00\b\x00', 'veth0_to_bond\x00', 'vcan0\x00', 'vlan0\x00', @broadcast, [], @link_local, [], 0xb0, 0xb0, 0xe8, [@devgroup={'devgroup\x00', 0x18, {{0x38}}}]}}, @common=@dnat={'dnat\x00', 0x10, {{@link_local}}}}]}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}]}, 0x1f0) fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0) [ 3397.949078][ T1044] oom_reaper: reaped process 31046 (syz-executor.5), now anon-rss:0kB, file-rss:34828kB, shmem-rss:0kB 03:43:41 executing program 3: r0 = socket$inet6_sctp(0xa, 0x80005, 0x84) setsockopt$inet_sctp6_SCTP_INITMSG(r0, 0x84, 0x71, &(0x7f0000000240)={0x3}, 0x222) 03:43:41 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x2400, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:43:41 executing program 1: socket$inet_udplite(0x2, 0x2, 0x88) clock_gettime(0x0, &(0x7f0000000100)) sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000002300)=[{&(0x7f0000001300)}], 0x1}, 0x0) r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prctl$PR_SET_MM(0x23, 0x9, &(0x7f0000ffb000/0x2000)=nil) clone(0x2102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() clone(0x3000000b8160102, 0x0, 0x0, 0x0, 0x0) wait4(0x0, 0x0, 0x0, 0x0) sysinfo(&(0x7f00000001c0)=""/248) r2 = syz_open_procfs(r1, &(0x7f0000000000)='net/packet\x00') statx(r2, &(0x7f0000000040)='./file0\x00', 0x0, 0x20, &(0x7f00000002c0)) r3 = socket$inet(0x10, 0x3, 0x0) r4 = fcntl$dupfd(r0, 0xffffffffffffffff, r3) setsockopt$IP_VS_SO_SET_FLUSH(0xffffffffffffffff, 0x0, 0x485, 0x0, 0x0) ioctl$sock_ifreq(r4, 0x89f1, &(0x7f0000000180)={'ip6tnl0\x00', @ifru_flags}) 03:43:41 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$inet(0x2, 0x2000000080003, 0xc) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f00000000c0)=@broute={'broute\x00\x00\x00\x00\x02\x00\x00\x00\x00t\x00', 0x20, 0x1, 0x178, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000800], 0x2, 0x0, &(0x7f0000000800)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe, 0x1, [{{{0x11, 0x0, 0x0, 'bcsf0\x00\x00\x00\x00\b\x00', 'veth0_to_bond\x00', 'vcan0\x00', 'vlan0\x00', @broadcast, [], @link_local, [], 0xb0, 0xb0, 0xe8, [@devgroup={'devgroup\x00', 0x18, {{0x38}}}]}}, @common=@dnat={'dnat\x00', 0x10, {{@link_local}}}}]}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}]}, 0x1f0) fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0) 03:43:41 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000340)={0x0, 0x4c00, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) [ 3398.197090][T31317] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3398.316386][T31317] CPU: 1 PID: 31317 Comm: syz-executor.5 Not tainted 5.1.0-rc5-next-20190418 #28 [ 3398.325641][T31317] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3398.325654][T31317] Call Trace: [ 3398.339287][T31317] dump_stack+0x172/0x1f0 [ 3398.343668][T31317] dump_header+0x10f/0xb6c [ 3398.348128][T31317] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3398.354130][T31317] ? ___ratelimit+0x60/0x595 [ 3398.358741][T31317] ? do_raw_spin_unlock+0x57/0x270 [ 3398.363880][T31317] oom_kill_process.cold+0x10/0x15 [ 3398.363901][T31317] out_of_memory+0x79a/0x1280 [ 3398.373689][T31317] ? lock_downgrade+0x880/0x880 [ 3398.378646][T31317] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3398.384897][T31317] ? oom_killer_disable+0x280/0x280 [ 3398.390105][T31317] ? find_held_lock+0x35/0x130 [ 3398.394879][T31317] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3398.400425][T31317] ? memcg_event_wake+0x230/0x230 [ 3398.400449][T31317] ? do_raw_spin_unlock+0x57/0x270 [ 3398.400468][T31317] ? _raw_spin_unlock+0x2d/0x50 [ 3398.410751][T31317] try_charge+0x118d/0x1790 [ 3398.410773][T31317] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3398.410791][T31317] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3398.410811][T31317] ? kasan_check_read+0x11/0x20 [ 3398.426004][T31317] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3398.442853][T31317] mem_cgroup_try_charge+0x24d/0x5e0 [ 3398.448159][T31317] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3398.453802][T31317] wp_page_copy+0x416/0x1770 [ 3398.453817][T31317] ? do_wp_page+0x486/0x1500 [ 3398.453834][T31317] ? pmd_pfn+0x1d0/0x1d0 03:43:41 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x2500, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) [ 3398.467230][T31317] ? lock_downgrade+0x880/0x880 [ 3398.472206][T31317] ? __pte_alloc_kernel+0x220/0x220 [ 3398.477424][T31317] ? kasan_check_read+0x11/0x20 [ 3398.482294][T31317] ? do_raw_spin_unlock+0x57/0x270 [ 3398.487425][T31317] do_wp_page+0x48e/0x1500 [ 3398.491854][T31317] ? do_raw_spin_lock+0x12a/0x2e0 [ 3398.496887][T31317] ? rwlock_bug.part.0+0x90/0x90 [ 3398.502145][T31317] ? finish_mkwrite_fault+0x540/0x540 [ 3398.507526][T31317] ? add_mm_counter_fast.part.0+0x40/0x40 [ 3398.513304][T31317] __handle_mm_fault+0x22e8/0x3ec0 [ 3398.518423][T31317] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3398.518439][T31317] ? find_held_lock+0x35/0x130 [ 3398.518457][T31317] ? handle_mm_fault+0x292/0xa90 [ 3398.539458][T31317] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3398.539477][T31317] ? kasan_check_read+0x11/0x20 [ 3398.539494][T31317] handle_mm_fault+0x3b7/0xa90 [ 3398.539513][T31317] __do_page_fault+0x5ef/0xda0 [ 3398.560085][T31317] do_page_fault+0x71/0x581 [ 3398.564597][T31317] ? page_fault+0x8/0x30 [ 3398.568850][T31317] page_fault+0x1e/0x30 [ 3398.573141][T31317] RIP: 0033:0x40de98 [ 3398.577158][T31317] Code: 8b 34 c6 4a 8d 04 2e 48 3d ff ff ff 7e 0f 86 77 ff ff ff bf 2c e2 4b 00 31 c0 e8 83 3a ff ff 31 ff e8 cc 36 ff ff 0f 1f 40 00 <89> 3c b5 00 00 73 00 eb b6 31 ed 0f 1f 44 00 00 80 3d ce 25 64 00 [ 3398.597447][T31317] RSP: 002b:00007ffc1533c090 EFLAGS: 00010246 [ 3398.603517][T31317] RAX: 00000000caf71084 RBX: 00000000f594c188 RCX: 0000001b2e620000 [ 3398.611690][T31317] RDX: 0000000000000000 RSI: 0000000000001084 RDI: ffffffffcaf71084 [ 3398.620003][T31317] RBP: 0000000000000005 R08: 00000000caf71084 R09: 00000000caf71088 [ 3398.627968][T31317] R10: 00007ffc1533c220 R11: 0000000000000246 R12: 000000000073bf88 [ 3398.635952][T31317] R13: 0000000080000000 R14: 00007fea32625008 R15: 0000000000000005 [ 3398.650195][T31317] memory: usage 307200kB, limit 307200kB, failcnt 96899 [ 3398.657170][T31317] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3398.657178][T31317] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3398.657186][T31317] Memory cgroup stats for /syz5: cache:124KB rss:99548KB rss_huge:0KB shmem:132KB mapped_file:0KB dirty:132KB writeback:0KB swap:0KB inactive_anon:132KB active_anon:99468KB inactive_file:4KB active_file:0KB unevictable:0KB [ 3398.707614][T31317] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=9078,uid=0 [ 3398.723649][T31317] Memory cgroup out of memory: Killed process 9078 (syz-executor.5) total-vm:72448kB, anon-rss:156kB, file-rss:34816kB, shmem-rss:0kB [ 3398.738869][ T1044] oom_reaper: reaped process 9078 (syz-executor.5), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 3398.764714][T31399] syz-executor.5 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 3398.776984][T31399] CPU: 1 PID: 31399 Comm: syz-executor.5 Not tainted 5.1.0-rc5-next-20190418 #28 [ 3398.786291][T31399] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3398.796338][T31399] Call Trace: [ 3398.799622][T31399] dump_stack+0x172/0x1f0 [ 3398.803955][T31399] dump_header+0x10f/0xb6c [ 3398.808372][T31399] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3398.814275][T31399] ? ___ratelimit+0x60/0x595 [ 3398.818981][T31399] ? do_raw_spin_unlock+0x57/0x270 [ 3398.824799][T31399] oom_kill_process.cold+0x10/0x15 [ 3398.829956][T31399] out_of_memory+0x79a/0x1280 [ 3398.834625][T31399] ? lock_downgrade+0x880/0x880 [ 3398.839568][T31399] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3398.845799][T31399] ? oom_killer_disable+0x280/0x280 [ 3398.851244][T31399] ? find_held_lock+0x35/0x130 [ 3398.856001][T31399] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3398.861535][T31399] ? memcg_event_wake+0x230/0x230 [ 3398.866547][T31399] ? do_raw_spin_unlock+0x57/0x270 [ 3398.871655][T31399] ? _raw_spin_unlock+0x2d/0x50 [ 3398.876608][T31399] try_charge+0x118d/0x1790 [ 3398.881104][T31399] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3398.886634][T31399] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 3398.892166][T31399] ? find_held_lock+0x35/0x130 [ 3398.896914][T31399] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 3398.902547][T31399] __memcg_kmem_charge_memcg+0x7c/0x130 [ 3398.908089][T31399] ? memcg_kmem_put_cache+0xb0/0xb0 [ 3398.913282][T31399] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3398.918837][T31399] __memcg_kmem_charge+0x136/0x300 [ 3398.924052][T31399] __alloc_pages_nodemask+0x437/0x7e0 [ 3398.929431][T31399] ? __alloc_pages_slowpath+0x28b0/0x28b0 [ 3398.935166][T31399] ? copy_page_range+0x128a/0x1fc0 [ 3398.940275][T31399] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3398.946507][T31399] alloc_pages_current+0x107/0x210 [ 3398.951611][T31399] pte_alloc_one+0x1b/0x1a0 [ 3398.956133][T31399] __pte_alloc+0x20/0x310 [ 3398.960461][T31399] copy_page_range+0x1561/0x1fc0 [ 3398.965420][T31399] ? __lock_acquire+0x548/0x3fb0 [ 3398.970439][T31399] ? pmd_alloc+0x180/0x180 [ 3398.974840][T31399] ? vma_gap_callbacks_rotate+0x62/0x80 [ 3398.980376][T31399] ? __rb_insert_augmented+0x231/0xdf0 [ 3398.985832][T31399] ? validate_mm_rb+0xa3/0xc0 [ 3398.990751][T31399] ? __vma_link_rb+0x279/0x370 [ 3398.995524][T31399] ? kasan_check_write+0x14/0x20 [ 3399.000560][T31399] copy_process.part.0+0x5afb/0x7a90 [ 3399.005952][T31399] ? __cleanup_sighand+0x60/0x60 [ 3399.010900][T31399] _do_fork+0x257/0xfd0 [ 3399.015163][T31399] ? fork_idle+0x1d0/0x1d0 [ 3399.019603][T31399] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3399.025085][T31399] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3399.030686][T31399] ? do_syscall_64+0x26/0x670 [ 3399.035360][T31399] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3399.041442][T31399] ? do_syscall_64+0x26/0x670 [ 3399.046127][T31399] __x64_sys_clone+0xbf/0x150 [ 3399.050846][T31399] do_syscall_64+0x103/0x670 [ 3399.055454][T31399] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3399.061340][T31399] RIP: 0033:0x458c29 [ 3399.065224][T31399] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3399.085022][T31399] RSP: 002b:00007fea30623c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 3399.093644][T31399] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000458c29 [ 3399.101624][T31399] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 3399.109704][T31399] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 3399.117787][T31399] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fea306246d4 [ 3399.125752][T31399] R13: 00000000004befd3 R14: 00000000004d0020 R15: 00000000ffffffff [ 3399.133911][T31399] memory: usage 307040kB, limit 307200kB, failcnt 96926 [ 3399.140918][T31399] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3399.148508][T31399] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3399.155353][T31399] Memory cgroup stats for /syz5: cache:124KB rss:99548KB rss_huge:0KB shmem:132KB mapped_file:0KB dirty:132KB writeback:0KB swap:0KB inactive_anon:132KB active_anon:99468KB inactive_file:4KB active_file:0KB unevictable:0KB [ 3399.177003][T31399] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=9527,uid=0 [ 3399.192471][T31399] Memory cgroup out of memory: Killed process 9527 (syz-executor.5) total-vm:72448kB, anon-rss:156kB, file-rss:34816kB, shmem-rss:0kB [ 3399.211451][ T1044] oom_reaper: reaped process 9527 (syz-executor.5), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 3399.229217][T31399] syz-executor.5 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 3399.241408][T31399] CPU: 1 PID: 31399 Comm: syz-executor.5 Not tainted 5.1.0-rc5-next-20190418 #28 [ 3399.250633][T31399] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3399.260723][T31399] Call Trace: [ 3399.264015][T31399] dump_stack+0x172/0x1f0 [ 3399.268369][T31399] dump_header+0x10f/0xb6c [ 3399.272795][T31399] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3399.278601][T31399] ? ___ratelimit+0x60/0x595 [ 3399.283200][T31399] ? do_raw_spin_unlock+0x57/0x270 [ 3399.288348][T31399] oom_kill_process.cold+0x10/0x15 [ 3399.293449][T31399] out_of_memory+0x79a/0x1280 [ 3399.298125][T31399] ? lock_downgrade+0x880/0x880 [ 3399.302975][T31399] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3399.309209][T31399] ? oom_killer_disable+0x280/0x280 [ 3399.314397][T31399] ? find_held_lock+0x35/0x130 [ 3399.319175][T31399] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3399.324727][T31399] ? memcg_event_wake+0x230/0x230 [ 3399.329760][T31399] ? do_raw_spin_unlock+0x57/0x270 [ 3399.334884][T31399] ? _raw_spin_unlock+0x2d/0x50 [ 3399.340030][T31399] try_charge+0x118d/0x1790 [ 3399.344571][T31399] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3399.350121][T31399] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 3399.355674][T31399] ? find_held_lock+0x35/0x130 [ 3399.360472][T31399] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 3399.370467][T31399] __memcg_kmem_charge_memcg+0x7c/0x130 [ 3399.376024][T31399] ? memcg_kmem_put_cache+0xb0/0xb0 [ 3399.381239][T31399] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3399.386799][T31399] __memcg_kmem_charge+0x136/0x300 [ 3399.391920][T31399] __alloc_pages_nodemask+0x437/0x7e0 [ 3399.397286][T31399] ? __alloc_pages_slowpath+0x28b0/0x28b0 [ 3399.403002][T31399] ? copy_page_range+0x128a/0x1fc0 [ 3399.408121][T31399] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3399.414375][T31399] alloc_pages_current+0x107/0x210 [ 3399.419493][T31399] pte_alloc_one+0x1b/0x1a0 [ 3399.423992][T31399] __pte_alloc+0x20/0x310 [ 3399.428357][T31399] copy_page_range+0x1561/0x1fc0 [ 3399.433290][T31399] ? __lock_acquire+0x548/0x3fb0 [ 3399.438230][T31399] ? pmd_alloc+0x180/0x180 [ 3399.442631][T31399] ? vma_gap_callbacks_rotate+0x62/0x80 [ 3399.448263][T31399] ? __rb_insert_augmented+0x231/0xdf0 [ 3399.453726][T31399] ? validate_mm_rb+0xa3/0xc0 [ 3399.458494][T31399] ? __vma_link_rb+0x279/0x370 [ 3399.463420][T31399] ? kasan_check_write+0x14/0x20 [ 3399.468351][T31399] copy_process.part.0+0x5afb/0x7a90 [ 3399.473767][T31399] ? __cleanup_sighand+0x60/0x60 [ 3399.478731][T31399] _do_fork+0x257/0xfd0 [ 3399.482915][T31399] ? fork_idle+0x1d0/0x1d0 [ 3399.487345][T31399] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3399.492906][T31399] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3399.498373][T31399] ? do_syscall_64+0x26/0x670 [ 3399.503058][T31399] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3399.509131][T31399] ? do_syscall_64+0x26/0x670 [ 3399.513849][T31399] __x64_sys_clone+0xbf/0x150 [ 3399.518522][T31399] do_syscall_64+0x103/0x670 [ 3399.523127][T31399] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3399.529020][T31399] RIP: 0033:0x458c29 [ 3399.532918][T31399] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3399.552828][T31399] RSP: 002b:00007fea30623c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 3399.561242][T31399] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000458c29 [ 3399.569213][T31399] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 3399.577187][T31399] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 3399.585355][T31399] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fea306246d4 [ 3399.593416][T31399] R13: 00000000004befd3 R14: 00000000004d0020 R15: 00000000ffffffff [ 3399.601570][T31399] memory: usage 307040kB, limit 307200kB, failcnt 96936 [ 3399.608640][T31399] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3399.616118][T31399] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3399.623063][T31399] Memory cgroup stats for /syz5: cache:124KB rss:99548KB rss_huge:0KB shmem:132KB mapped_file:0KB dirty:132KB writeback:0KB swap:0KB inactive_anon:132KB active_anon:99468KB inactive_file:4KB active_file:0KB unevictable:0KB [ 3399.644750][T31399] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=10063,uid=0 03:43:43 executing program 5: socket$inet_udplite(0x2, 0x2, 0x88) sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000002300)}, 0x0) clone(0x0, 0x0, 0x0, 0x0, 0x0) sysinfo(&(0x7f0000000000)=""/248) r0 = socket$inet(0x10, 0x3, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$sock_ifreq(r1, 0x89f1, &(0x7f0000000180)={'ip6tnl0\x00', @ifru_flags}) 03:43:43 executing program 3: r0 = socket$kcm(0x2b, 0x200000000000001, 0x0) sendmsg$kcm(r0, &(0x7f00000000c0)={&(0x7f0000000100)=@in={0x2, 0x0, @remote}, 0x80, 0x0}, 0x20000054) ioctl$sock_kcm_SIOCKCMUNATTACH(r0, 0x5452, &(0x7f00000004c0)={r0}) r1 = syz_open_dev$vcsa(&(0x7f00000001c0)='/dev/vcsa#\x00', 0x1ea9, 0x1) setsockopt$sock_attach_bpf(r0, 0x6, 0x19, &(0x7f0000000000)=r1, 0x4) ioctl$sock_kcm_SIOCKCMUNATTACH(r0, 0x89e1, &(0x7f0000000180)={r0}) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, &(0x7f0000000300)={r1, &(0x7f0000000200)="2aa27c301a8be28c4a0d49e278f74554e7cd7c1c716c477aa008f437989cd30afbee1ea0a3f5e39acec1f10b859dc8b96e1e81d047393f17132df330037c7013057900db8f4c8f0ce519a60e782e74e2ac88b0422dfd5898dc2e9ac92ddacdf719430e59f710dd5e9f136789d5d4c0bfdc86ac9f8614f2582574aade5ee2ae89fe259ff4591c63c2840b69295e69db2a25061c4900a7a8d5190864d2267fc9fa5d0b", &(0x7f00000002c0)=""/24}, 0x18) r2 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000040)='/proc/capi/capi20\x00', 0x100, 0x0) read$eventfd(r2, &(0x7f0000000080), 0x8) 03:43:43 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000340)={0x0, 0x4d00, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:43:43 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x2600, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:43:43 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$inet(0x2, 0x2000000080003, 0xc) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f00000000c0)=@broute={'broute\x00\x00\x00\x00\x02\x00\x00\x00\x00t\x00', 0x20, 0x1, 0x178, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000800], 0x2, 0x0, &(0x7f0000000800)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe, 0x1, [{{{0x11, 0x0, 0x0, 'bcsf0\x00\x00\x00\x00\b\x00', 'veth0_to_bond\x00', 'vcan0\x00', 'vlan0\x00', @broadcast, [], @link_local, [], 0xb0, 0xb0, 0xe8, [@devgroup={'devgroup\x00', 0x18, {{0x38}}}]}}, @common=@dnat={'dnat\x00', 0x10, {{@link_local}}}}]}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}]}, 0x1f0) fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0) 03:43:43 executing program 1: socket$inet_udplite(0x2, 0x2, 0x88) clock_gettime(0x0, &(0x7f0000000100)) sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000002300)=[{&(0x7f0000001300)}], 0x1}, 0x0) perf_event_open(&(0x7f0000000080)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x2102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$swradio(&(0x7f0000000140)='/dev/swradio#\x00', 0x0, 0x2) ioctl$BLKALIGNOFF(r0, 0x127a, &(0x7f00000001c0)) gettid() clone(0x3000000b8160102, 0x0, 0x0, 0x0, 0x0) wait4(0x0, 0x0, 0x0, 0x0) sysinfo(&(0x7f0000000000)=""/248) r1 = socket$inet(0x10, 0x3, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) setsockopt$IP_VS_SO_SET_FLUSH(0xffffffffffffffff, 0x0, 0x485, 0x0, 0x0) ioctl$sock_ifreq(r2, 0x89f1, &(0x7f0000000180)={'ip6tnl0\x00', @ifru_flags}) [ 3399.660247][T31399] Memory cgroup out of memory: Killed process 10063 (syz-executor.5) total-vm:72448kB, anon-rss:156kB, file-rss:34816kB, shmem-rss:0kB [ 3399.677872][ T1044] oom_reaper: reaped process 10063 (syz-executor.5), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 3399.764182][ T7695] syz-executor.1 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=0 03:43:43 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x2700, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:43:43 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$inet(0x2, 0x2000000080003, 0xc) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f00000000c0)=@broute={'broute\x00\x00\x00\x00\x02\x00\x00\x00\x00t\x00', 0x20, 0x1, 0x178, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000800], 0x2, 0x0, &(0x7f0000000800)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe, 0x1, [{{{0x11, 0x0, 0x0, 'bcsf0\x00\x00\x00\x00\b\x00', 'veth0_to_bond\x00', 'vcan0\x00', 'vlan0\x00', @broadcast, [], @link_local, [], 0xb0, 0xb0, 0xe8, [@devgroup={'devgroup\x00', 0x18, {{0x38}}}]}}, @common=@dnat={'dnat\x00', 0x10, {{@link_local}}}}]}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}]}, 0x1f0) fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0) [ 3399.808628][ T7695] CPU: 1 PID: 7695 Comm: syz-executor.1 Not tainted 5.1.0-rc5-next-20190418 #28 [ 3399.817796][ T7695] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3399.817802][ T7695] Call Trace: [ 3399.817828][ T7695] dump_stack+0x172/0x1f0 [ 3399.817847][ T7695] dump_header+0x10f/0xb6c [ 3399.817864][ T7695] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3399.817878][ T7695] ? ___ratelimit+0x60/0x595 [ 3399.817894][ T7695] ? do_raw_spin_unlock+0x57/0x270 03:43:43 executing program 3: r0 = shmget(0x0, 0x1000, 0x1a80, &(0x7f0000fff000/0x1000)=nil) shmctl$IPC_RMID(r0, 0x0) shmctl$SHM_UNLOCK(r0, 0xc) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) syz_open_dev$sg(&(0x7f00000000c0)='/dev/sg#\x00', 0x4, 0x8000) r2 = dup2(r1, r1) accept4$packet(0xffffffffffffffff, &(0x7f0000001400)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000001440)=0x14, 0x80800) socket$key(0xf, 0x3, 0x2) gettid() ioctl$EVIOCSABS20(r2, 0x401845e0, &(0x7f0000000180)={0xd870, 0x9, 0x6, 0x3, 0x5, 0x2}) socket(0x11, 0x0, 0x0) openat$rtc(0xffffffffffffff9c, &(0x7f0000003a80)='/dev/rtc0\x00', 0x0, 0x0) getsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, 0x0, &(0x7f0000000200)=0x213) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x2902001fff, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(r2, 0x84, 0x7b, &(0x7f0000000040)={0x0, 0x7b4c}, &(0x7f0000000080)=0x8) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r2, 0x84, 0x6, &(0x7f0000000240)={r3, @in={{0x2, 0x4e24, @rand_addr=0x8}}}, &(0x7f00000001c0)=0x84) flistxattr(0xffffffffffffffff, &(0x7f0000001640)=""/4096, 0x1000) rt_sigtimedwait(&(0x7f0000000340), 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r4 = getpid() rt_tgsigqueueinfo(r4, r4, 0x16, &(0x7f0000000100)) ptrace(0x10, r4) ptrace$pokeuser(0x6, r4, 0x388, 0xffffffffffffffff) setrlimit(0x7, &(0x7f0000000000)) [ 3399.817911][ T7695] oom_kill_process.cold+0x10/0x15 [ 3399.817926][ T7695] out_of_memory+0x79a/0x1280 [ 3399.817942][ T7695] ? lock_downgrade+0x880/0x880 [ 3399.817957][ T7695] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3399.817978][ T7695] ? oom_killer_disable+0x280/0x280 [ 3399.866015][ T7695] ? find_held_lock+0x35/0x130 [ 3399.866042][ T7695] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3399.892815][ T7695] ? memcg_event_wake+0x230/0x230 [ 3399.897859][ T7695] ? do_raw_spin_unlock+0x57/0x270 [ 3399.902983][ T7695] ? _raw_spin_unlock+0x2d/0x50 [ 3399.907929][ T7695] try_charge+0x118d/0x1790 [ 3399.912439][ T7695] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3399.912453][ T7695] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 3399.912468][ T7695] ? find_held_lock+0x35/0x130 [ 3399.912484][ T7695] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 3399.933872][ T7695] __memcg_kmem_charge_memcg+0x7c/0x130 [ 3399.939437][ T7695] ? memcg_kmem_put_cache+0xb0/0xb0 [ 3399.939458][ T7695] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3399.939473][ T7695] __memcg_kmem_charge+0x136/0x300 03:43:43 executing program 3: r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/vga_arbiter\x00', 0x0, 0x0) getsockopt$ARPT_SO_GET_REVISION_TARGET(r0, 0x0, 0x63, &(0x7f0000000000)={'HL\x00'}, &(0x7f0000000040)=0x1e) close(r0) ioctl$TIOCGSID(r0, 0x5429, &(0x7f0000000080)=0x0) r2 = getpgid(0x0) tgkill(r1, r2, 0x1f) ioctl$sock_inet6_tcp_SIOCINQ(r0, 0xc0502100, 0x0) [ 3399.939490][ T7695] __alloc_pages_nodemask+0x437/0x7e0 [ 3399.939507][ T7695] ? __alloc_pages_slowpath+0x28b0/0x28b0 [ 3399.939532][ T7695] ? copy_page_range+0x128a/0x1fc0 [ 3399.955539][ T7695] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3399.955560][ T7695] alloc_pages_current+0x107/0x210 [ 3399.955580][ T7695] pte_alloc_one+0x1b/0x1a0 [ 3399.955602][ T7695] __pte_alloc+0x20/0x310 [ 3399.978171][ T7695] copy_page_range+0x1561/0x1fc0 [ 3399.978189][ T7695] ? __lock_acquire+0x548/0x3fb0 [ 3399.978221][ T7695] ? pmd_alloc+0x180/0x180 03:43:43 executing program 3: r0 = syz_init_net_socket$ax25(0x3, 0x3, 0x7) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f00000001c0)) r1 = creat(&(0x7f0000000200)='./file0\x00', 0x2) ioctl$ASHMEM_GET_SIZE(r1, 0x7704, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000140)="0adc1f023c123f3188a070") r3 = socket$inet(0x2, 0x3, 0x6) connect$inet(r3, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x13}}, 0x10) r4 = socket$inet(0x2, 0x3, 0x1) socket$nl_generic(0x10, 0x3, 0x10) rt_sigprocmask(0x0, &(0x7f0000000100)={0x3}, &(0x7f0000000180), 0x8) setsockopt$inet_IP_XFRM_POLICY(r4, 0x0, 0x23, &(0x7f0000000000)={{{@in=@multicast2, @in=@multicast1}}, {{@in6}, 0x0, @in6=@loopback}}, 0xb) setsockopt$inet_MCAST_MSFILTER(r3, 0x0, 0x14, 0x0, 0x0) [ 3399.978238][ T7695] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 3399.978252][ T7695] ? vma_compute_subtree_gap+0x158/0x230 [ 3399.978270][ T7695] ? validate_mm_rb+0xa3/0xc0 [ 3400.002061][ T7695] ? __vma_link_rb+0x279/0x370 [ 3400.002076][ T7695] ? kasan_check_write+0x14/0x20 [ 3400.002112][ T7695] copy_process.part.0+0x5afb/0x7a90 [ 3400.017857][ T7695] ? __cleanup_sighand+0x60/0x60 [ 3400.042623][ T7695] _do_fork+0x257/0xfd0 [ 3400.047067][ T7695] ? fork_idle+0x1d0/0x1d0 [ 3400.051509][ T7695] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3400.056990][ T7695] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3400.057010][ T7695] ? do_syscall_64+0x26/0x670 [ 3400.067134][ T7695] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3400.073233][ T7695] ? do_syscall_64+0x26/0x670 [ 3400.077918][ T7695] __x64_sys_clone+0xbf/0x150 [ 3400.084076][ T7695] do_syscall_64+0x103/0x670 [ 3400.088683][ T7695] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3400.094572][ T7695] RIP: 0033:0x4571fa 03:43:43 executing program 3: socket$inet_udplite(0x2, 0x2, 0x88) keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=@encrypted_load={'load ', 'ecryptfs', 0x20, 'user:', 'syz', 0x20, 0xab6}, 0xffffffffffffff0a, 0x0) add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180)={'syz'}, &(0x7f0000000100), 0x1f1, 0xfffffffffffffffe) [ 3400.094590][ T7695] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 3400.094598][ T7695] RSP: 002b:00007fffe48ad8d0 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 3400.094610][ T7695] RAX: ffffffffffffffda RBX: 00007fffe48ad8d0 RCX: 00000000004571fa [ 3400.094622][ T7695] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 3400.143268][ T7695] RBP: 00007fffe48ad910 R08: 0000000000000001 R09: 00005555574fc940 [ 3400.151340][ T7695] R10: 00005555574fcc10 R11: 0000000000000246 R12: 0000000000000001 [ 3400.159327][ T7695] R13: 0000000000000000 R14: 0000000000000000 R15: 00007fffe48ad960 [ 3400.179828][ T7695] memory: usage 307200kB, limit 307200kB, failcnt 34998 [ 3400.186909][ T7695] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3400.211156][T31695] encrypted_key: keylen for the ecryptfs format must be equal to 64 bytes [ 3400.240944][ T7695] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3400.263471][T31714] encrypted_key: keylen for the ecryptfs format must be equal to 64 bytes [ 3400.283550][ T7695] Memory cgroup stats for /syz1: cache:88KB rss:98456KB rss_huge:0KB shmem:8KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:98464KB inactive_file:68KB active_file:184KB unevictable:0KB [ 3400.313701][ T7695] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=31257,uid=0 [ 3400.339399][ T7695] Memory cgroup out of memory: Killed process 31257 (syz-executor.1) total-vm:72712kB, anon-rss:176kB, file-rss:35800kB, shmem-rss:0kB [ 3400.404852][T31566] syz-executor.5 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 3400.444186][T31566] CPU: 0 PID: 31566 Comm: syz-executor.5 Not tainted 5.1.0-rc5-next-20190418 #28 [ 3400.453446][T31566] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3400.463654][T31566] Call Trace: [ 3400.466969][T31566] dump_stack+0x172/0x1f0 [ 3400.466992][T31566] dump_header+0x10f/0xb6c [ 3400.475800][T31566] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3400.475819][T31566] ? ___ratelimit+0x60/0x595 [ 3400.486186][T31566] ? do_raw_spin_unlock+0x57/0x270 [ 3400.491326][T31566] oom_kill_process.cold+0x10/0x15 [ 3400.497028][T31566] out_of_memory+0x79a/0x1280 [ 3400.501894][T31566] ? oom_killer_disable+0x280/0x280 [ 3400.507119][T31566] ? find_held_lock+0x35/0x130 [ 3400.511998][T31566] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3400.517553][T31566] ? memcg_event_wake+0x230/0x230 [ 3400.522586][T31566] ? do_raw_spin_unlock+0x57/0x270 [ 3400.527900][T31566] ? _raw_spin_unlock+0x2d/0x50 [ 3400.538479][T31566] try_charge+0x118d/0x1790 [ 3400.543549][T31566] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3400.549239][T31566] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 3400.554922][T31566] ? find_held_lock+0x35/0x130 [ 3400.559692][T31566] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 3400.565257][T31566] __memcg_kmem_charge_memcg+0x7c/0x130 [ 3400.570801][T31566] ? memcg_kmem_put_cache+0xb0/0xb0 [ 3400.576521][T31566] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3400.582074][T31566] __memcg_kmem_charge+0x136/0x300 [ 3400.587393][T31566] __alloc_pages_nodemask+0x437/0x7e0 [ 3400.592942][T31566] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3400.599311][T31566] ? __alloc_pages_slowpath+0x28b0/0x28b0 [ 3400.605033][T31566] ? copy_process.part.0+0x1d40/0x7a90 [ 3400.610509][T31566] ? lockdep_hardirqs_on+0x418/0x5d0 [ 3400.615814][T31566] ? trace_hardirqs_on+0x67/0x230 [ 3400.620843][T31566] ? kasan_check_read+0x11/0x20 [ 3400.625914][T31566] copy_process.part.0+0x3e0/0x7a90 [ 3400.631117][T31566] ? psi_memstall_leave+0x11c/0x180 [ 3400.636323][T31566] ? kvm_sched_clock_read+0x9/0x20 [ 3400.641436][T31566] ? psi_memstall_leave+0x12e/0x180 [ 3400.646660][T31566] ? find_held_lock+0x35/0x130 [ 3400.651423][T31566] ? psi_memstall_leave+0x12e/0x180 [ 3400.656622][T31566] ? __cleanup_sighand+0x60/0x60 [ 3400.661551][T31566] ? __lock_acquire+0x548/0x3fb0 [ 3400.666531][T31566] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3400.672784][T31566] _do_fork+0x257/0xfd0 [ 3400.676932][T31566] ? fork_idle+0x1d0/0x1d0 [ 3400.681346][T31566] ? blkcg_maybe_throttle_current+0x5e2/0xfc0 [ 3400.687514][T31566] ? lock_downgrade+0x880/0x880 [ 3400.692358][T31566] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3400.698600][T31566] ? blkcg_exit_queue+0x30/0x30 [ 3400.703448][T31566] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3400.708903][T31566] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3400.714356][T31566] ? do_syscall_64+0x26/0x670 [ 3400.719030][T31566] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3400.725165][T31566] ? do_syscall_64+0x26/0x670 [ 3400.729870][T31566] __x64_sys_clone+0xbf/0x150 [ 3400.734690][T31566] do_syscall_64+0x103/0x670 [ 3400.739300][T31566] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3400.745204][T31566] RIP: 0033:0x45b5f9 [ 3400.749111][T31566] Code: ff 48 85 f6 0f 84 d7 8e fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8e fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 3400.768724][T31566] RSP: 002b:00007ffc1533c028 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 3400.777233][T31566] RAX: ffffffffffffffda RBX: 00007fea305e2700 RCX: 000000000045b5f9 [ 3400.785299][T31566] RDX: 00007fea305e29d0 RSI: 00007fea305e1db0 RDI: 00000000003d0f00 [ 3400.793469][T31566] RBP: 00007ffc1533c230 R08: 00007fea305e2700 R09: 00007fea305e2700 [ 3400.801522][T31566] R10: 00007fea305e29d0 R11: 0000000000000202 R12: 0000000000000000 [ 3400.809517][T31566] R13: 00007ffc1533c0df R14: 00007fea305e29c0 R15: 000000000073c04c [ 3400.819371][T31566] memory: usage 307180kB, limit 307200kB, failcnt 96971 [ 3400.826514][T31566] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3400.834182][T31566] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3400.841632][T31566] Memory cgroup stats for /syz5: cache:124KB rss:99400KB rss_huge:0KB shmem:132KB mapped_file:0KB dirty:132KB writeback:0KB swap:0KB inactive_anon:132KB active_anon:99336KB inactive_file:4KB active_file:0KB unevictable:0KB [ 3400.863482][T31566] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=31608,uid=0 [ 3400.879641][T31566] Memory cgroup out of memory: Killed process 31608 (syz-executor.5) total-vm:72580kB, anon-rss:164kB, file-rss:34816kB, shmem-rss:0kB [ 3400.894911][ T1044] oom_reaper: reaped process 31608 (syz-executor.5), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 3400.921391][T31577] syz-executor.5 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 3400.933758][T31577] CPU: 0 PID: 31577 Comm: syz-executor.5 Not tainted 5.1.0-rc5-next-20190418 #28 [ 3400.943127][T31577] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3400.953193][T31577] Call Trace: [ 3400.956580][T31577] dump_stack+0x172/0x1f0 [ 3400.961012][T31577] dump_header+0x10f/0xb6c [ 3400.965440][T31577] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3400.971277][T31577] ? ___ratelimit+0x60/0x595 [ 3400.975902][T31577] ? do_raw_spin_unlock+0x57/0x270 [ 3400.981027][T31577] oom_kill_process.cold+0x10/0x15 [ 3400.986247][T31577] out_of_memory+0x79a/0x1280 [ 3400.991121][T31577] ? lock_downgrade+0x880/0x880 [ 3400.996153][T31577] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3401.002396][T31577] ? oom_killer_disable+0x280/0x280 [ 3401.007737][T31577] ? find_held_lock+0x35/0x130 [ 3401.012512][T31577] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3401.018071][T31577] ? memcg_event_wake+0x230/0x230 [ 3401.023108][T31577] ? do_raw_spin_unlock+0x57/0x270 [ 3401.028552][T31577] ? _raw_spin_unlock+0x2d/0x50 [ 3401.033432][T31577] try_charge+0x118d/0x1790 [ 3401.038044][T31577] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3401.043616][T31577] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 3401.049331][T31577] ? find_held_lock+0x35/0x130 [ 3401.054088][T31577] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 3401.059655][T31577] __memcg_kmem_charge_memcg+0x7c/0x130 [ 3401.065233][T31577] ? memcg_kmem_put_cache+0xb0/0xb0 [ 3401.070727][T31577] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3401.076272][T31577] __memcg_kmem_charge+0x136/0x300 [ 3401.081387][T31577] __alloc_pages_nodemask+0x437/0x7e0 [ 3401.086760][T31577] ? find_held_lock+0x35/0x130 [ 3401.091546][T31577] ? __alloc_pages_slowpath+0x28b0/0x28b0 [ 3401.097279][T31577] ? kasan_check_write+0x14/0x20 [ 3401.102311][T31577] ? lock_downgrade+0x880/0x880 [ 3401.107195][T31577] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3401.113437][T31577] alloc_pages_current+0x107/0x210 [ 3401.118821][T31577] pte_alloc_one+0x1b/0x1a0 [ 3401.123335][T31577] __pte_alloc+0x20/0x310 [ 3401.127687][T31577] copy_page_range+0x1561/0x1fc0 [ 3401.132632][T31577] ? __lock_acquire+0x548/0x3fb0 [ 3401.137573][T31577] ? anon_vma_fork+0x371/0x4a0 [ 3401.142350][T31577] ? pmd_alloc+0x180/0x180 [ 3401.146764][T31577] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 3401.152579][T31577] ? validate_mm_rb+0xa3/0xc0 [ 3401.157272][T31577] ? __vma_link_rb+0x279/0x370 [ 3401.162130][T31577] ? kasan_check_write+0x14/0x20 [ 3401.167161][T31577] copy_process.part.0+0x5afb/0x7a90 [ 3401.172465][T31577] ? __cleanup_sighand+0x60/0x60 [ 3401.177429][T31577] _do_fork+0x257/0xfd0 [ 3401.181721][T31577] ? fork_idle+0x1d0/0x1d0 [ 3401.186309][T31577] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3401.191842][T31577] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3401.197295][T31577] ? do_syscall_64+0x26/0x670 [ 3401.201973][T31577] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3401.208086][T31577] ? do_syscall_64+0x26/0x670 [ 3401.212902][T31577] __x64_sys_clone+0xbf/0x150 [ 3401.217683][T31577] do_syscall_64+0x103/0x670 [ 3401.222284][T31577] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3401.228174][T31577] RIP: 0033:0x458c29 [ 3401.232265][T31577] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3401.251996][T31577] RSP: 002b:00007fea30623c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 3401.260706][T31577] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000458c29 [ 3401.268779][T31577] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 3401.276861][T31577] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 3401.284861][T31577] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fea306246d4 [ 3401.292876][T31577] R13: 00000000004befd3 R14: 00000000004d0020 R15: 00000000ffffffff [ 3401.302879][T31577] memory: usage 307040kB, limit 307200kB, failcnt 96983 [ 3401.310117][T31577] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3401.317687][T31577] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3401.324670][T31577] Memory cgroup stats for /syz5: cache:124KB rss:99400KB rss_huge:0KB shmem:132KB mapped_file:0KB dirty:132KB writeback:0KB swap:0KB inactive_anon:132KB active_anon:99336KB inactive_file:4KB active_file:0KB unevictable:0KB [ 3401.346581][T31577] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=31566,uid=0 03:43:44 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$inet(0x2, 0x2000000080003, 0xc) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f00000000c0)=@broute={'broute\x00\x00\x00\x00\x02\x00\x00\x00\x00t\x00', 0x20, 0x1, 0x178, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000800], 0x2, 0x0, &(0x7f0000000800)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe, 0x1, [{{{0x11, 0x0, 0x0, 'bcsf0\x00\x00\x00\x00\b\x00', 'veth0_to_bond\x00', 'vcan0\x00', 'vlan0\x00', @broadcast, [], @link_local, [], 0xb0, 0xb0, 0xe8, [@devgroup={'devgroup\x00', 0x18, {{0x38}}}]}}, @common=@dnat={'dnat\x00', 0x10, {{@link_local}}}}]}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}]}, 0x1f0) fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0) 03:43:44 executing program 5: socket$inet_udplite(0x2, 0x2, 0x88) sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000002300)}, 0x0) clone(0x0, 0x0, 0x0, 0x0, 0x0) sysinfo(&(0x7f0000000000)=""/248) r0 = socket$inet(0x10, 0x3, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$sock_ifreq(r1, 0x89f1, &(0x7f0000000180)={'ip6tnl0\x00', @ifru_flags}) 03:43:44 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x2800, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:43:44 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000340)={0x0, 0x4e00, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:43:44 executing program 3: r0 = socket$inet6(0xa, 0x10000000000003, 0x3a) connect$inet6(r0, &(0x7f0000000280)={0xa, 0x0, 0x0, @remote, 0x9}, 0x1c) r1 = syz_open_dev$dmmidi(&(0x7f0000000040)='/dev/dmmidi#\x00', 0x6, 0x101000) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000180)='TIPCv2\x00') flistxattr(r1, &(0x7f0000000340)=""/8, 0x8) sendmsg$TIPC_NL_BEARER_SET(r1, &(0x7f0000000240)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x280000}, 0xc, &(0x7f00000001c0)={&(0x7f00000002c0)={0x7c, r2, 0x620, 0x70bd28, 0x25dfdbfb, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x574}]}, @TIPC_NLA_NODE={0xc, 0x6, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0xd83d}]}, @TIPC_NLA_MON={0x2c, 0x9, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x3}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x5}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x59}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x5420000}]}, @TIPC_NLA_NET={0x24, 0x7, [@TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x4}, @TIPC_NLA_NET_ID={0x8, 0x1, 0xffffffffffffff25}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0xffffffffede1ee07}]}]}, 0x7c}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) sendmsg(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000200)="2c0271", 0x3}], 0x1}, 0xc100) sendmsg(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000500)="d09a0e633a476288b671afdbd53a5994e137381f62021d1951b627b8dda57a5d17d744648c81c5703ed8146ab1", 0x2d}], 0x1}, 0x0) stat(&(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)) 03:43:44 executing program 1: r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/vhost-vsock\x00', 0x2, 0x0) r1 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000040)='/proc/capi/capi20\x00', 0x2000, 0x0) pwrite64(r0, &(0x7f0000000100)="b1b221dc8faafcad89360beeadbf70f9cc85dd88b151e40dd0d8ebe50f82373ffd0fb8ddeb7ddaddab13697e17e5d910c55cabf7659bfbc11e52c62bef", 0x3d, 0x0) ioctl$UI_ABS_SETUP(r1, 0x401c5504, &(0x7f0000000140)={0x9, {0x4, 0x7f, 0x0, 0x6, 0x3, 0x7ff}}) ioctl$VHOST_VSOCK_SET_GUEST_CID(r0, 0x4008af60, &(0x7f0000000000)={@my=0x0}) ioctl$VHOST_VSOCK_SET_GUEST_CID(r0, 0x4008af60, &(0x7f0000000080)={@my=0x0}) mmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x2000006, 0x12, r1, 0x0) [ 3401.362240][T31577] Memory cgroup out of memory: Killed process 31566 (syz-executor.5) total-vm:72712kB, anon-rss:172kB, file-rss:35724kB, shmem-rss:0kB 03:43:45 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x2900, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:43:45 executing program 3: r0 = openat$userio(0xffffffffffffff9c, &(0x7f0000000100)='/dev/userio\x00', 0x0, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000000000)=0x0) syz_open_procfs(r1, &(0x7f0000000040)='fd\x00') pread64(r0, 0x0, 0x0, 0x0) 03:43:45 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$inet(0x2, 0x2000000080003, 0xc) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f00000000c0)=@broute={'broute\x00\x00\x00\x00\x02\x00\x00\x00\x00t\x00', 0x20, 0x1, 0x178, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000800], 0x2, 0x0, &(0x7f0000000800)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe, 0x1, [{{{0x11, 0x0, 0x0, 'bcsf0\x00\x00\x00\x00\b\x00', 'veth0_to_bond\x00', 'vcan0\x00', 'vlan0\x00', @broadcast, [], @link_local, [], 0xb0, 0xb0, 0xe8, [@devgroup={'devgroup\x00', 0x18, {{0x38}}}]}}, @common=@dnat={'dnat\x00', 0x10, {{@link_local}}}}]}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}]}, 0x1f0) fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0) 03:43:45 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000340)={0x0, 0x4f00, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:43:45 executing program 1: r0 = creat(&(0x7f0000000180)='./file0\x00', 0x0) r1 = perf_event_open(&(0x7f00000002c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x0) r2 = gettid() clone(0x2106001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount$9p_tcp(&(0x7f0000000000)='127.0.0.1\x00', &(0x7f0000000100)='./file0\x00', &(0x7f00000001c0)='9p\x00', 0x10, &(0x7f0000000540)=ANY=[]) ptrace(0x10, r2) r3 = request_key(&(0x7f0000000280)='keyring\x00', 0x0, &(0x7f0000000440)='\x00', 0xffffffffffffffff) ioctl$SIOCX25SCUDMATCHLEN(r0, 0x89e7, &(0x7f0000000040)={0x6a}) add_key$user(&(0x7f0000000200)='user\x00', &(0x7f0000000240)={'syz', 0x2}, &(0x7f00000006c0)="f317bcb89fafd5cbb9dd5457f06cbe920ae43365f4c0035eeb433307bbd613dc1d8f59bcf988fa8141993771e8b7caa1318d071c274033d0b92a5628714a2998cfe0acef31baa63febe1e367a65c821dbe5df6474a569d4994527324073a1ce0d56d867a24707ad145d497bbf745c7b74429ae65897691ec3e6b64c3b1ded032043be7060ed343b35ac43cbf7b21a9a472d76d4d56d9b6f03dd2bd5dc02642bb92b896291cb05f7cec456633a572e37e5755e0d65f3c2f8cd9cc3272d985f8ea8aeae3010403809b29da9e77f7091a", 0xcf, r3) wait4(0x0, 0x0, 0x8, 0x0) r4 = syz_genetlink_get_family_id$SEG6(&(0x7f00000000c0)='SEG6\x00') sendmsg$SEG6_CMD_DUMPHMAC(r0, &(0x7f0000000380)={&(0x7f0000000080), 0xc, &(0x7f0000000340)={&(0x7f0000000140)={0x20, r4, 0x300, 0x70bd2b, 0x25dfdbfb, {}, [@SEG6_ATTR_SECRET={0xc, 0x4, [0x9, 0x5]}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000000}, 0x40041) fchownat(r1, &(0x7f0000000480)='./file1\x00', 0x0, 0x0, 0x1800) 03:43:45 executing program 3: r0 = socket(0x2000010000000015, 0x80000000005, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0xd, 0x4, &(0x7f0000000300)=ANY=[@ANYBLOB="1800570100000000000000000001000061120000000800009500030000000700afc4a6aa0d8c65d95c85e31d55b6e4db4e800212e462f5c370a8795940824cd1a6cda8f52f54a313d47a0552e301993c3bb79287c212f24100000000000000c2f3c42b06936981cac3d20023c91d339cc81b5c5e0c72a831164d5ee3a99b36a0816276300133358edca887253295b422dd0ab36fc7c3c6deb3c041891794291b16037daeb41356226c8adb5eabeea488d45b90abf3680f"], 0x0, 0x1, 0xfb, &(0x7f0000000200)=""/251, 0x0, 0x0, [], 0x0, 0xf, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x70) getsockopt(r0, 0x114, 0x271b, 0x0, &(0x7f0000000040)) getsockname$netlink(r0, &(0x7f0000000140), &(0x7f0000000080)=0xc) ioctl$IMCLEAR_L2(r0, 0x80044946, &(0x7f00000003c0)=0x31b) r1 = syz_open_dev$video(&(0x7f00000000c0)='/dev/video#\x00', 0xdce5, 0x0) ioctl$VIDIOC_G_AUDOUT(r1, 0x80345631, &(0x7f0000000100)) setsockopt$packet_int(r0, 0x107, 0x1f, &(0x7f0000000400)=0xfffffffffffffff7, 0x4) [ 3401.684349][T31745] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 03:43:45 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$inet(0x2, 0x2000000080003, 0xc) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f00000000c0)=@broute={'broute\x00\x00\x00\x00\x02\x00\x00\x00\x00t\x00', 0x20, 0x1, 0x178, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000800], 0x2, 0x0, &(0x7f0000000800)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe, 0x1, [{{{0x11, 0x0, 0x0, 'bcsf0\x00\x00\x00\x00\b\x00', 'veth0_to_bond\x00', 'vcan0\x00', 'vlan0\x00', @broadcast, [], @link_local, [], 0xb0, 0xb0, 0xe8, [@devgroup={'devgroup\x00', 0x18, {{0x38}}}]}}, @common=@dnat={'dnat\x00', 0x10, {{@link_local}}}}]}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}]}, 0x1f0) fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0) [ 3401.764074][T31745] CPU: 0 PID: 31745 Comm: syz-executor.5 Not tainted 5.1.0-rc5-next-20190418 #28 [ 3401.773533][T31745] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3401.783690][T31745] Call Trace: [ 3401.787029][T31745] dump_stack+0x172/0x1f0 [ 3401.790862][T31886] 9pnet_virtio: no channels available for device 127.0.0.1 [ 3401.791411][T31745] dump_header+0x10f/0xb6c [ 3401.791431][T31745] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3401.791453][T31745] ? ___ratelimit+0x60/0x595 [ 3401.813440][T31745] ? do_raw_spin_unlock+0x57/0x270 [ 3401.818577][T31745] oom_kill_process.cold+0x10/0x15 [ 3401.823711][T31745] out_of_memory+0x79a/0x1280 [ 3401.828439][T31745] ? lock_downgrade+0x880/0x880 [ 3401.833479][T31745] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3401.839861][T31745] ? oom_killer_disable+0x280/0x280 [ 3401.845106][T31745] ? find_held_lock+0x35/0x130 [ 3401.849896][T31745] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3401.855691][T31745] ? memcg_event_wake+0x230/0x230 [ 3401.860821][T31745] ? do_raw_spin_unlock+0x57/0x270 [ 3401.866053][T31745] ? _raw_spin_unlock+0x2d/0x50 [ 3401.870924][T31745] try_charge+0x118d/0x1790 [ 3401.875578][T31745] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3401.881234][T31745] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3401.887592][T31745] ? kasan_check_read+0x11/0x20 [ 3401.887612][T31745] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3401.887628][T31745] mem_cgroup_try_charge+0x24d/0x5e0 [ 3401.887646][T31745] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3401.887664][T31745] wp_page_copy+0x416/0x1770 [ 3401.887676][T31745] ? do_wp_page+0x486/0x1500 [ 3401.887701][T31745] ? pmd_pfn+0x1d0/0x1d0 [ 3401.898172][T31745] ? lock_downgrade+0x880/0x880 [ 3401.898187][T31745] ? swp_swapcount+0x540/0x540 [ 3401.898201][T31745] ? kasan_check_read+0x11/0x20 [ 3401.898216][T31745] ? do_raw_spin_unlock+0x57/0x270 [ 3401.898231][T31745] do_wp_page+0x48e/0x1500 [ 3401.898249][T31745] ? finish_mkwrite_fault+0x540/0x540 [ 3401.898271][T31745] __handle_mm_fault+0x22e8/0x3ec0 [ 3401.898288][T31745] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3401.898299][T31745] ? find_held_lock+0x35/0x130 [ 3401.898315][T31745] ? handle_mm_fault+0x292/0xa90 [ 3401.972957][T31745] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3401.979310][T31745] ? kasan_check_read+0x11/0x20 [ 3401.984187][T31745] handle_mm_fault+0x3b7/0xa90 [ 3401.988977][T31745] __do_page_fault+0x5ef/0xda0 [ 3401.993909][T31745] do_page_fault+0x71/0x581 [ 3401.998437][T31745] ? page_fault+0x8/0x30 [ 3402.002698][T31745] page_fault+0x1e/0x30 [ 3402.006858][T31745] RIP: 0033:0x40bf46 [ 3402.010862][T31745] Code: 88 48 20 48 8b 4c 24 40 80 60 20 01 48 89 48 10 48 8b 4c 24 50 48 89 48 18 8b 4c 24 4c 89 48 24 31 c0 48 8b 8c 04 10 01 00 00 <48> 89 8c 02 30 bf 73 00 48 83 c0 08 48 83 f8 48 75 e6 e8 83 72 ff [ 3402.030795][T31745] RSP: 002b:00007ffc1533c160 EFLAGS: 00010297 [ 3402.036881][T31745] RAX: 0000000000000030 RBX: 0000000000000064 RCX: 0000000000000000 [ 3402.045243][T31745] RDX: 00000000000000a0 RSI: 00007fea30602db0 RDI: 000000000073bfa8 [ 3402.053550][T31745] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 00007fea30603700 [ 3402.061620][T31745] R10: 00007fea306039d0 R11: 0000000000000202 R12: 0000000000000068 [ 3402.069821][T31745] R13: 0000000000000001 R14: 0000000000000005 R15: 000000000073bfac [ 3402.083449][T31745] memory: usage 307200kB, limit 307200kB, failcnt 97001 [ 3402.091304][T31745] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3402.100429][T31745] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3402.108184][T31745] Memory cgroup stats for /syz5: cache:124KB rss:99396KB rss_huge:0KB shmem:132KB mapped_file:0KB dirty:132KB writeback:0KB swap:0KB inactive_anon:132KB active_anon:99600KB inactive_file:4KB active_file:0KB unevictable:0KB [ 3402.130832][T31745] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=31745,uid=0 [ 3402.146529][T31745] Memory cgroup out of memory: Killed process 31745 (syz-executor.5) total-vm:72580kB, anon-rss:160kB, file-rss:35724kB, shmem-rss:0kB 03:43:45 executing program 5: socket$inet_udplite(0x2, 0x2, 0x88) sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000002300)}, 0x0) clone(0x0, 0x0, 0x0, 0x0, 0x0) sysinfo(&(0x7f0000000000)=""/248) r0 = socket$inet(0x10, 0x3, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$sock_ifreq(r1, 0x89f1, &(0x7f0000000180)={'ip6tnl0\x00', @ifru_flags}) 03:43:45 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x2a00, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:43:45 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$inet(0x2, 0x2000000080003, 0xc) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f00000000c0)=@broute={'broute\x00\x00\x00\x00\x02\x00\x00\x00\x00t\x00', 0x20, 0x1, 0x178, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000800], 0x2, 0x0, &(0x7f0000000800)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe, 0x1, [{{{0x11, 0x0, 0x0, 'bcsf0\x00\x00\x00\x00\b\x00', 'veth0_to_bond\x00', 'vcan0\x00', 'vlan0\x00', @broadcast, [], @link_local, [], 0xb0, 0xb0, 0xe8, [@devgroup={'devgroup\x00', 0x18, {{0x38}}}]}}, @common=@dnat={'dnat\x00', 0x10, {{@link_local}}}}]}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}]}, 0x1f0) fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0) 03:43:45 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000140)='/dev/full\x00', 0x240102, 0x0) ioctl$SG_EMULATED_HOST(r1, 0x2203, &(0x7f00000001c0)) r2 = accept(r0, &(0x7f0000000000)=@nl=@proc, &(0x7f0000000080)=0x80) mlock(&(0x7f0000ffc000/0x2000)=nil, 0x2000) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0, 0x20) write$UHID_CREATE2(r3, &(0x7f0000000300)=ANY=[@ANYBLOB="0b00000073797a310000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a3000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000109a00a70700000800000001010000ff010000b80e5b5a2a6d43496fd38af09f8e706fe480b0aab13ee230f8aafb96d0ef90f129bb3618c3a5ac204480270f17c57a9a472b8faef2d0b55786122cc686826db1c09720b7f91de989552192cebe3e1f51227a7f5e5a925785db2c92a1d912c65442e22b97405b41d53d3df66ae9304dd7b1e33176c1f38d583b8fcde75524d18abf76c8f17307a1a0d7a9813bfa3ea79503cbd05974f3f30923df4db416f62998a3f4d2e7becbd42d680421667b69677aab8102b7729d723e0b02680c29f07916220bd20e1804a992d983c3dcef777dbb611ebdc45348a0abf25892cb21ad0ca1238ed463c0d5d694989ab8381b4c3e2658f1fc31fbd54c72e86e57a142e45bc0b16a009a374c582f71c4f423ed5eb6560c3213ae3e2b0759d52ca4c0cbe65c33354798a33d1bc0adf3cb1c1f7fee2355f35f415fe28742747e6a28498c16dce019d9a0e80445d427872e0baa4ee0d05319d7d35b6e8ca5ac9c48ffff1cedd479685f35e656259b3ee78606ef602221612415ec9ea560e3f405f75dc0c8048cace3238c628d0f527002d7c66e68b79a028bf2ab56cd1b8ec6d36d5da31805f1175dc791af0d34347c21b70968cb1a74d74db64bf55349a632d956a8aa3bd6f9136d1490e43c0e13f957a31e144d8d9a49abaef7c28852502f4e33cd0ee125056b94b8dd906c3c4fa630907b002c45e65f733e508c29307a215cc6e873909369bffca0473654d4f9c4f16a50ea2831eea5e7b27b3ba204ae720f2e258dce12689dcc0c32daaf8062b1c8246455a1a1f86ddf3fcf790e391a10b66740be5019e18f6e070561c7792131ca0cc8aab089579e675acf69f36210cb73b5ec16bd911989617432fdc8b2d5147f27399e8d8c5db8f91909e724385693e8e21dd6dff1134a1c5b2eaf44528128752d077585429fd3d872d27f334366d9832e9d4cf0d6695b9aaca9a474b7a5e4e8653c1be237561391dc26ec4164ba10a8b458e37a926eb6b9794d8b50951ee46fcfc092da89adaaf69e8a52d8c9664f89258a73391f1859bf73a06ac92af227d8cf6ec84c88bb0936651151845f4672867d4592f755de8a5446260f57fd5ee2257d2d63dcf80e1540ff58bad3c71205c7597779dba24710b1b9c1933f4b9788f6d20a14044bcec9bc89d085234f2b55095bef8502ad431cfcb4a28f4ee5cdb2ab6ea05c0a8e3f39806b38013614eb099f21ad0b8f0c4a080968f507b64b91828f68d9d97574e726bb75227029cf0baa4124e80585e9bf930092bd4702e5e6495f04029dc4024607aa5dbb103686c7ff939d77938b6223b9ac785bd6c4076aed078fd9ec2dc12a82326d0718311963422ce7655809b6b0bf72c7c37c11dca2a196aea3b9059cf393cca617f3ec348924dbcd908896663691ce830118612a3a68265093f32bd321a34c6aca6e8657f1c695367386cd3e9f18d0c8141e86b8db68298fe611ac6b2d2b409f3b7a58fe2f3839ce28693ad60b7b29d1e395c8e7c16aa8e66ec40775ebf3bea87c4ae6907ae5bbc4e1ec3a0ab66281991a3cc272f55be5845c1bcbe90db75a4d40cbc0c9062a7993e230f0734d3cdac8a18dd52fd9dd74f00cd63c7db131ba84a3970b65bea0b0b4f5a7ecdd11b432ed4fd2f18b81d4cfa67989a67d579ed2cf0bcb801df59cb19fc252b6a691b50eb0bf828957b7920c5b48271de2008a137ce14f39d5d2dea2f4a5967d474a8bf7656bd0ca062ee3696686f2e4666faad87caee7b467708a84b48582aa19e710eefa565b466d5dff51e24316cb35390e04a002345bc704bd97c49d83ca942fbb50f60f3f252b3cd92cd15256be245131f5f6b4568240c8841c827361a31a22e7a48e2b8c0f77e29f07f96002f2e881011ab423bc5e2e364a8f3359a7e320cfaa675f134574d9b853b52a8d2e75f514edc793eb9e9b09e47bd82b175371a97361fd815c98c81fab2ca7a7f6be28fe888e3c33827454e735a036eb6ae779848d63eb7c17e3e3a3edb573bbc9faf3baa6ce3d027372211ce18a2fbe2c7c36ea995353745f5ab14ed0a00b51fbcde0f6df122047b1f696746157b4ba67d73367ea09f20983989bca5761467ccd1a0a656d05011ad694a0d5b17007516b0bdca4f96f3c95c3b1cd9bb1d08f86514a85f120926ea90a8de20e6df09cc876ce78eeeee6865f77c63bc6b50c4d70b1ca45f4176129570f4059896e69c191295b0c6fe3c4f8b872c63325e25f33bf3b79fd97aeee8dbc8218c0999bbd6d9782f76829794f841bcc85e799975d9b2326857b04c41c1531cd9a9d669f4d8a29b15a6c150ee4b5dbb2715777710d0bbf3cc3bf9ed5b30139fbb496f857e4fad01130953379b25f20c84a5c1652dd86a5af725d64784c0b68c6fe735e88a97954a70304aa1c2867583f36e41778c70f8cdaf76543a1f4a093401f23b8784a33ed82eb412d33badac1d587257051d547c090a454e599a58d96a18ffd596b08163c24baf71c199ff350ecc72021aa801681da12893343cb3e486143cec237636f52d808f016a72e422d2c94e59aa0794ce4f093b17879026368aeb09c0da45800f2062f118f7f0ec79528d947876cd7cf47840ec27b19bc40a7a0272ea3b06714b942e692e5a79ce9e418c8851d98eca0b0ad4e2da2377eef874f284deb572e2138a7f11aaac014122570f3c6d93fcb1edc7f6f7fbd4603db6a3135b220fc8d907f20dfdee18579412cc50b2b78985fde5bd204191635936683dc27799261e110e04c92922c0fdfac1fad3bd72bb23ed306821df91997e4bc53f6da40c99351f227df4ba1d9a59f76fc2c093fcfe420f12aacaae9cabb6fed5d362a6e5a1088c0b2a70928e2488522a5798533ea0edec4e03717749eeb57a267c30ee402acd93f42fe11fc238696409ea212929e6343b46b1fb9ffd029c775f323c30846f25433b3bc23fa9c826c0ce700497af36febd4cd0d11947f9580299d2ac8aff8f874283a5260b3bbea565103586dc2df733fed6504c7d8b2771546f471fad7f30d34b5167f263c1c88bedd664d8bee02f7a49ed303ece5310cea6b2165ca7c3442015d48378bdf62823fbc4d30655a957f304dccf81e778cd01335c34486a4c63606f761523a2d9265baaf3209c3c010effc053765c7975648241179ba4aa176783c678561ef3208fd4dbf6ec44d52b1d79f102eea9ee9768ca6d971b1c30196b3def0035b41de637c1b90b6a79240c038972d7024056ea12f54ede9a3ece3bc9488336ce43cc191c752afe19da8265cc9bc65193a64549e18272a80bec6ca0ae89731375760e7338a04894b7a49335a1b3a15c457100993411002ae77fda3e5fc8528f888052ead1e88d116654bea59790ef6034cdb93f687299fb3472630fa43e392c66ef5de7fe0b94272885695786c5a19a5a9309eb61fec268c16e998935af797a502157b6440d37f94fbac51e80b1148e157fa07f81ec2e65c755e080afc94e98fb38a041e29b9f74d8ccaa33cb3d6b6a4af80dc65105441ff5a56af183e1135ac288071586a5b49826d8024e1429718e7f5e0ac780cd9b7f1a3776d4e3f671e310ec87f6fefced29e7cdc3b9af5923ac207745814f7e29e6cdd2125a1a249777903b6317d80db749a247b1896fa688eb689dd55597584a5a5bcdd71baadbbe34564db3df93d8e245689fd95af2bdac1dde2412aa3a27861c075e9a443e3dcecbdce80f3521964b67c33aae8b2c4c0665f10fca41a05c1ef9424494d9733b851f41449ff1a8dc8c841c6d9c5933ef74fb1806ec6074756ad6635919d87cda00dd5c8a4cc21222bd326d6918c20d823c5a4b7969411e56a71a95caaa5495c344c9b410ab6f24f70c63eca383e7c4ae9faee568b3c7b346fad684864bdb17168ed35caec9c6523eebb8f8a4959a6bcdde438980eb17d43d67daf4ce9b566e29fe05073d4432fb7c827e756fe0ced7f8d33164f855550822592172421a372a0ecf48cfd3407bdcea714a8309e32159da781dd419b0c7aa291552ee5c6f191d262edf0a5bbe652a635f26af30e8f4859beeacee44e51ca9f1700d5198b94498e1bdd1d1fc1a4a7be322e0952b5aadcdb104d10c23d2123a6064d5a6916667d3af82d4a9bd18e6b6cb4a28d3c4ba6165398d18b5869e71742b748860890e3ae2a6f2fa61267a1500bd0a128af68ebb8c2e26564e6d2380e3125d94b247977da8da7274da9e644b399b680d6f547041e5852379977d5013d1cee230d65fa338160dcb068e3340b1d3577e236bededc2a0b8b0e966669a2bb51497bd27923ddb49e5382e64e1472f251c36a785c9dd2c0782b80374a7acd62f29e259c465f090881681ce6a153a47e0979731fe2c85d57485791a30cda99181210a66ffedfb67026d253aa5db2f477d5ec13c2af0aa83428eb49e2d05234f22b5e2796e1605dcfaf78eff89763bd419872b57db2552589dcc8dee59177d59c895d9f0c2a78564d26538a50c7f4baa1ff1ba171d581ac61e5c9aeb628f02b03f0125a5e6aad0553d137de3666956225a5660ed2839d400e89ec4d11e73d0a44c86c90161253acce95ae9f33e4da245172e8a10cf50d2c3b9bf306384a4d004974894ba41f42de37d7aa474ce276ef8f06e430e9e62b8e7179af8e30d6a93c5274e3dd17c75c65a9ca1860d73b328bc5e625705163562b5ce364f83a7de225585cc26dc72302e72ff5c4c6c242006c1cd2b8dcefd584dc54f27b577372ddcfd8eeb7e1bc839f79cec0358c5c8fa93fbd07ce9f30b95786734e0b0becb80f30374d539c5fac64708bd3093cbcb61481ecbb52457e95ed4ddc5ce38e3f7eecb43f662b8ada9e56c7c676d055db1a9935a4439e05cfaa5c8df3f4a731ccebd46e5d3354498738c7127fc3d3b954720e43d239e27d4d6dfaf65e11bb05c285b860023ca53c285d17e7ce2a67096dd28ce4c977f776e3cbbd3087dfe2bf627006fdcb58c0420a235c8b6634c83ea109d8b96dfe161688f0c65832d0a9359fb5ca8d31464e6a387acad9b8e0a856a19878fa4723150b8c80b215288c2f7d47a97341bdeac07195cbda31b9040bb1a220c196bf0fdc98620e272140812d5e3e97443e880af6c642e908053d31a2e43aa87efb044fd0eda09a60c9855aceccf2c63264910682a01853970c25c6d0f259012b0281fab8cbf8fd7e25e8b6544087368376748ae0ef8cde9ef6cf4578ca3092226bbdb8da4a6ca2fbad101d087362b5b3b148b4e90e04af61cdb4c648528e7ee04b444a4717f991e1fb3b6a0cb68aa7a6016e3060795eaecbc9a5d600b49d2642f9f875f222ee7e83a1c396084c9be4a7296d261603a15c220a56db6a3387562ba8fce6f932178cd0bd702fe27e669135dca97f58758036f5192a6aaee09c3518f033985520edd6bad863a52eb93edea2bcc3b4b42c1ee02d81aad62c636222cdc5b4a58ccd66a2f716ccad0a43fcef200b0b485b81b8a4ed5ef8eac97941b487d3446d3be0ac6d77797fedc0d3bbe4e4d16fe72de8b4fc0009949ebaa5082551f74bb776d4046f7ff3ef89be0b703c27835e44677feefae5ad1aad7d168387a3a0482c67cfc410bbf3e84b9cec3c0e62fb59759a96ce0c1cca6e46aa65030bf571b816531ac75c35d41bc0d1350a9eaf179997e6a7c45d016ccf44a6c86d9e2993bcc176de0f4cfca72589653f3289da82602400ccc144464a1893ebe466341a4c6c0c2be6adfde916fffe0c361f5bc589db5130806ade9e4f8044e937f174d507158cfda5e27a2c542be670706554961b2cd8d47e7e05bd8803caae9b8ccbc36b33ba2b"], 0x1118) ioctl$SIOCGETNODEID(r2, 0x89e1, &(0x7f00000000c0)={0x3}) ioctl$sock_SIOCBRDELBR(r0, 0x89a1, &(0x7f00000002c0)='tunl0\x00') 03:43:45 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000340)={0x0, 0x5000, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) [ 3402.170637][T32011] syz-executor.1 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 3402.201610][T32011] CPU: 1 PID: 32011 Comm: syz-executor.1 Not tainted 5.1.0-rc5-next-20190418 #28 [ 3402.210844][T32011] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3402.210850][T32011] Call Trace: [ 3402.210875][T32011] dump_stack+0x172/0x1f0 [ 3402.210898][T32011] dump_header+0x10f/0xb6c [ 3402.233360][T32011] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3402.233381][T32011] ? ___ratelimit+0x60/0x595 [ 3402.244059][T32011] ? do_raw_spin_unlock+0x57/0x270 [ 3402.249191][T32011] oom_kill_process.cold+0x10/0x15 [ 3402.254618][T32011] out_of_memory+0x79a/0x1280 [ 3402.259445][T32011] ? oom_killer_disable+0x280/0x280 [ 3402.264859][T32011] ? find_held_lock+0x35/0x130 03:43:45 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x2b00, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) [ 3402.269831][T32011] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3402.275389][T32011] ? memcg_event_wake+0x230/0x230 [ 3402.280704][T32011] ? do_raw_spin_unlock+0x57/0x270 [ 3402.285996][T32011] ? _raw_spin_unlock+0x2d/0x50 [ 3402.286019][T32011] try_charge+0x118d/0x1790 [ 3402.286042][T32011] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3402.286054][T32011] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 3402.286073][T32011] ? find_held_lock+0x35/0x130 [ 3402.301449][T32011] ? get_mem_cgroup_from_mm+0x10b/0x2b0 03:43:45 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x2c00, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) [ 3402.301482][T32011] __memcg_kmem_charge_memcg+0x7c/0x130 [ 3402.322996][T32011] ? memcg_kmem_put_cache+0xb0/0xb0 [ 3402.328439][T32011] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3402.334126][T32011] __memcg_kmem_charge+0x136/0x300 [ 3402.339361][T32011] __alloc_pages_nodemask+0x437/0x7e0 [ 3402.344758][T32011] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3402.351290][T32011] ? __alloc_pages_slowpath+0x28b0/0x28b0 [ 3402.357119][T32011] ? copy_process.part.0+0x1d40/0x7a90 [ 3402.362611][T32011] copy_process.part.0+0x3e0/0x7a90 [ 3402.367829][T32011] ? __lock_acquire+0x548/0x3fb0 [ 3402.372797][T32011] ? __might_fault+0x12b/0x1e0 [ 3402.377798][T32011] ? __cleanup_sighand+0x60/0x60 [ 3402.382942][T32011] ? lock_downgrade+0x880/0x880 [ 3402.387825][T32011] _do_fork+0x257/0xfd0 [ 3402.392005][T32011] ? fork_idle+0x1d0/0x1d0 [ 3402.396537][T32011] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3402.402016][T32011] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3402.407675][T32011] ? do_syscall_64+0x26/0x670 [ 3402.412433][T32011] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe 03:43:46 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000340)={0x0, 0x5100, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) [ 3402.418641][T32011] ? do_syscall_64+0x26/0x670 [ 3402.423337][T32011] __x64_sys_clone+0xbf/0x150 [ 3402.428025][T32011] do_syscall_64+0x103/0x670 [ 3402.432625][T32011] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3402.438568][T32011] RIP: 0033:0x458c29 [ 3402.442821][T32011] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3402.463039][T32011] RSP: 002b:00007fe1cdf85c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 3402.463054][T32011] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000458c29 [ 3402.463062][T32011] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000002106001ffa [ 3402.463069][T32011] RBP: 000000000073bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 3402.463076][T32011] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe1cdf866d4 [ 3402.463084][T32011] R13: 00000000004befd3 R14: 00000000004d0020 R15: 00000000ffffffff 03:43:46 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$inet(0x2, 0x2000000080003, 0xc) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f00000000c0)=@broute={'broute\x00\x00\x00\x00\x02\x00\x00\x00\x00t\x00', 0x20, 0x1, 0x178, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000800], 0x2, 0x0, &(0x7f0000000800)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe, 0x1, [{{{0x11, 0x0, 0x0, 'bcsf0\x00\x00\x00\x00\b\x00', 'veth0_to_bond\x00', 'vcan0\x00', 'vlan0\x00', @broadcast, [], @link_local, [], 0xb0, 0xb0, 0xe8, [@devgroup={'devgroup\x00', 0x18, {{0x38}}}]}}, @common=@dnat={'dnat\x00', 0x10, {{@link_local}}}}]}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}]}, 0x1f0) fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0) [ 3402.598110][T32011] memory: usage 307168kB, limit 307200kB, failcnt 35036 [ 3402.605174][T32011] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3402.654933][T32011] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3402.686714][T32011] Memory cgroup stats for /syz1: cache:88KB rss:98588KB rss_huge:0KB shmem:8KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:98596KB inactive_file:68KB active_file:184KB unevictable:0KB [ 3402.710337][T32011] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=11694,uid=0 [ 3402.736391][T32011] Memory cgroup out of memory: Killed process 11694 (syz-executor.1) total-vm:72580kB, anon-rss:168kB, file-rss:35792kB, shmem-rss:0kB [ 3402.792009][T31885] syz-executor.1 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 3402.804585][T31885] CPU: 0 PID: 31885 Comm: syz-executor.1 Not tainted 5.1.0-rc5-next-20190418 #28 [ 3402.814033][T31885] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3402.824313][T31885] Call Trace: [ 3402.827628][T31885] dump_stack+0x172/0x1f0 [ 3402.831979][T31885] dump_header+0x10f/0xb6c [ 3402.836760][T31885] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3402.842682][T31885] ? ___ratelimit+0x60/0x595 [ 3402.847730][T31885] ? do_raw_spin_unlock+0x57/0x270 [ 3402.853156][T31885] oom_kill_process.cold+0x10/0x15 [ 3402.858298][T31885] out_of_memory+0x79a/0x1280 [ 3402.863001][T31885] ? oom_killer_disable+0x280/0x280 [ 3402.868234][T31885] ? find_held_lock+0x35/0x130 [ 3402.873195][T31885] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3402.879092][T31885] ? memcg_event_wake+0x230/0x230 [ 3402.884143][T31885] ? do_raw_spin_unlock+0x57/0x270 [ 3402.889406][T31885] ? _raw_spin_unlock+0x2d/0x50 [ 3402.894272][T31885] try_charge+0xd4d/0x1790 [ 3402.898701][T31885] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3402.904439][T31885] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 3402.910221][T31885] ? find_held_lock+0x35/0x130 [ 3402.914999][T31885] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 3402.920758][T31885] __memcg_kmem_charge_memcg+0x7c/0x130 [ 3402.926438][T31885] ? memcg_kmem_put_cache+0xb0/0xb0 [ 3402.931790][T31885] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3402.937508][T31885] __memcg_kmem_charge+0x136/0x300 [ 3402.942733][T31885] __alloc_pages_nodemask+0x437/0x7e0 [ 3402.948208][T31885] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3402.954577][T31885] ? __alloc_pages_slowpath+0x28b0/0x28b0 [ 3402.960765][T31885] ? copy_process.part.0+0x1d40/0x7a90 [ 3402.966260][T31885] ? lockdep_hardirqs_on+0x418/0x5d0 [ 3402.971645][T31885] ? trace_hardirqs_on+0x67/0x230 [ 3402.976859][T31885] ? kasan_check_read+0x11/0x20 [ 3402.981712][T31885] copy_process.part.0+0x3e0/0x7a90 [ 3402.987099][T31885] ? psi_memstall_leave+0x11c/0x180 [ 3402.992387][T31885] ? kvm_sched_clock_read+0x9/0x20 [ 3402.997513][T31885] ? psi_memstall_leave+0x12e/0x180 [ 3403.002764][T31885] ? find_held_lock+0x35/0x130 [ 3403.008097][T31885] ? psi_memstall_leave+0x12e/0x180 [ 3403.013408][T31885] ? __cleanup_sighand+0x60/0x60 [ 3403.018469][T31885] ? __lock_acquire+0x548/0x3fb0 [ 3403.023447][T31885] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3403.029720][T31885] _do_fork+0x257/0xfd0 [ 3403.038069][T31885] ? fork_idle+0x1d0/0x1d0 [ 3403.050678][T31885] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3403.056188][T31885] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3403.061665][T31885] ? do_syscall_64+0x26/0x670 [ 3403.066525][T31885] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3403.073091][T31885] ? do_syscall_64+0x26/0x670 [ 3403.077890][T31885] __x64_sys_clone+0xbf/0x150 [ 3403.082583][T31885] do_syscall_64+0x103/0x670 [ 3403.087188][T31885] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3403.093179][T31885] RIP: 0033:0x45b5f9 [ 3403.097343][T31885] Code: ff 48 85 f6 0f 84 d7 8e fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8e fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 3403.117625][T31885] RSP: 002b:00007fffe48ad648 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 3403.126278][T31885] RAX: ffffffffffffffda RBX: 00007fe1cdf65700 RCX: 000000000045b5f9 [ 3403.134358][T31885] RDX: 00007fe1cdf659d0 RSI: 00007fe1cdf64db0 RDI: 00000000003d0f00 [ 3403.142614][T31885] RBP: 00007fffe48ad850 R08: 00007fe1cdf65700 R09: 00007fe1cdf65700 [ 3403.150684][T31885] R10: 00007fe1cdf659d0 R11: 0000000000000202 R12: 0000000000000000 [ 3403.158982][T31885] R13: 00007fffe48ad6ff R14: 00007fe1cdf659c0 R15: 000000000073c04c [ 3403.168521][T31885] memory: usage 306884kB, limit 307200kB, failcnt 35036 [ 3403.175582][T31885] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3403.183589][T31885] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3403.190511][T31885] Memory cgroup stats for /syz1: cache:88KB rss:98588KB rss_huge:0KB shmem:8KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:98464KB inactive_file:68KB active_file:184KB unevictable:0KB [ 3403.212365][T31885] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=15168,uid=0 [ 3403.227975][T31885] Memory cgroup out of memory: Killed process 15168 (syz-executor.1) total-vm:72580kB, anon-rss:168kB, file-rss:35792kB, shmem-rss:0kB [ 3403.243678][ T1044] oom_reaper: reaped process 15168 (syz-executor.1), now anon-rss:0kB, file-rss:34832kB, shmem-rss:0kB [ 3403.248694][T32029] syz-executor.5 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 3403.268979][T32029] CPU: 0 PID: 32029 Comm: syz-executor.5 Not tainted 5.1.0-rc5-next-20190418 #28 [ 3403.273120][T32278] 9pnet_virtio: no channels available for device 127.0.0.1 [ 3403.278306][T32029] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3403.278312][T32029] Call Trace: [ 3403.278341][T32029] dump_stack+0x172/0x1f0 [ 3403.278363][T32029] dump_header+0x10f/0xb6c [ 3403.278379][T32029] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3403.278393][T32029] ? ___ratelimit+0x60/0x595 [ 3403.278409][T32029] ? do_raw_spin_unlock+0x57/0x270 [ 3403.278425][T32029] oom_kill_process.cold+0x10/0x15 [ 3403.278442][T32029] out_of_memory+0x79a/0x1280 [ 3403.278462][T32029] ? oom_killer_disable+0x280/0x280 [ 3403.278480][T32029] ? find_held_lock+0x35/0x130 03:43:46 executing program 1: clone(0x210b001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) keyctl$set_reqkey_keyring(0xe, 0x3) keyctl$join(0x1, 0x0) request_key(&(0x7f0000000000)='user\x00', &(0x7f0000000080)={'syz'}, &(0x7f00000000c0)='\xd1?\xf3\xd7v', 0x0) r0 = syz_open_dev$adsp(&(0x7f0000000040)='/dev/adsp#\x00', 0x5, 0x800) ioctl$VIDIOC_DQEVENT(r0, 0x80885659, &(0x7f0000000100)={0x0, @frame_sync}) 03:43:46 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x2d00, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:43:46 executing program 3: r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000080)=0x200000000) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") write$vnet(r0, &(0x7f00000018c0)={0x1, {&(0x7f00000000c0)=""/211, 0xd3, 0x0, 0x0, 0x2}}, 0x68) ioctl$int_in(r0, 0x40000000af01, 0x0) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000240)={0x3, 0x8000000000000, 0x0, &(0x7f0000000540)=""/246, 0x0}) r2 = openat$audio(0xffffffffffffff9c, &(0x7f0000000200)='/dev/audio\x00', 0x0, 0x0) close(r2) socket$packet(0x11, 0x3, 0x300) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f00000007c0)=ANY=[]) write$vnet(r0, &(0x7f00000004c0)={0x1, {&(0x7f00000003c0)=""/247, 0xb870ca92, &(0x7f0000000280)=""/118, 0x3, 0x2}}, 0x39f) ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008af30, &(0x7f0000f1dff8)={0x0, r2}) [ 3403.343511][T32029] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3403.349092][T32029] ? memcg_event_wake+0x230/0x230 [ 3403.354157][T32029] ? do_raw_spin_unlock+0x57/0x270 [ 3403.359289][T32029] ? _raw_spin_unlock+0x2d/0x50 [ 3403.370697][T32029] try_charge+0x118d/0x1790 [ 3403.375234][T32029] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3403.380791][T32029] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 3403.386423][T32029] ? find_held_lock+0x35/0x130 [ 3403.391220][T32029] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 3403.396971][T32029] __memcg_kmem_charge_memcg+0x7c/0x130 [ 3403.402530][T32029] ? memcg_kmem_put_cache+0xb0/0xb0 [ 3403.407751][T32029] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3403.413586][T32029] __memcg_kmem_charge+0x136/0x300 [ 3403.418827][T32029] __alloc_pages_nodemask+0x437/0x7e0 [ 3403.424447][T32029] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3403.430802][T32029] ? __alloc_pages_slowpath+0x28b0/0x28b0 [ 3403.436642][T32029] ? copy_process.part.0+0x1d40/0x7a90 [ 3403.442200][T32029] ? lockdep_hardirqs_on+0x418/0x5d0 [ 3403.447508][T32029] ? trace_hardirqs_on+0x67/0x230 [ 3403.452571][T32029] ? kasan_check_read+0x11/0x20 [ 3403.457467][T32029] copy_process.part.0+0x3e0/0x7a90 [ 3403.462690][T32029] ? __lock_acquire+0x548/0x3fb0 [ 3403.467852][T32029] ? __might_fault+0x12b/0x1e0 [ 3403.472643][T32029] ? __cleanup_sighand+0x60/0x60 [ 3403.477688][T32029] ? lock_downgrade+0x880/0x880 [ 3403.482674][T32029] _do_fork+0x257/0xfd0 [ 3403.486860][T32029] ? fork_idle+0x1d0/0x1d0 [ 3403.491294][T32029] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3403.496801][T32029] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3403.502274][T32029] ? do_syscall_64+0x26/0x670 [ 3403.502289][T32029] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3403.502300][T32029] ? do_syscall_64+0x26/0x670 [ 3403.502319][T32029] __x64_sys_clone+0xbf/0x150 [ 3403.502334][T32029] do_syscall_64+0x103/0x670 [ 3403.502349][T32029] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3403.502360][T32029] RIP: 0033:0x458c29 [ 3403.502373][T32029] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3403.502381][T32029] RSP: 002b:00007fea30623c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 3403.502393][T32029] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000458c29 [ 3403.502400][T32029] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 3403.502414][T32029] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 3403.590099][T32029] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fea306246d4 [ 3403.598165][T32029] R13: 00000000004befd3 R14: 00000000004d0020 R15: 00000000ffffffff [ 3403.607062][T32029] memory: usage 307200kB, limit 307200kB, failcnt 97025 [ 3403.614195][T32029] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3403.622011][T32029] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3403.628997][T32029] Memory cgroup stats for /syz5: cache:124KB rss:99396KB rss_huge:0KB shmem:132KB mapped_file:0KB dirty:132KB writeback:0KB swap:0KB inactive_anon:132KB active_anon:99468KB inactive_file:4KB active_file:0KB unevictable:0KB [ 3403.651345][T32029] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=10216,uid=0 [ 3403.667303][T32029] Memory cgroup out of memory: Killed process 10216 (syz-executor.5) total-vm:72448kB, anon-rss:156kB, file-rss:34816kB, shmem-rss:0kB [ 3403.683282][ T1044] oom_reaper: reaped process 10216 (syz-executor.5), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 3403.709686][T32029] syz-executor.5 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 3403.722127][T32029] CPU: 0 PID: 32029 Comm: syz-executor.5 Not tainted 5.1.0-rc5-next-20190418 #28 [ 3403.731541][T32029] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3403.741607][T32029] Call Trace: [ 3403.744932][T32029] dump_stack+0x172/0x1f0 [ 3403.749269][T32029] dump_header+0x10f/0xb6c [ 3403.753700][T32029] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3403.759533][T32029] ? ___ratelimit+0x60/0x595 [ 3403.764286][T32029] ? do_raw_spin_unlock+0x57/0x270 [ 3403.769520][T32029] oom_kill_process.cold+0x10/0x15 [ 3403.774675][T32029] out_of_memory+0x79a/0x1280 [ 3403.779391][T32029] ? lock_downgrade+0x880/0x880 [ 3403.784385][T32029] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3403.790659][T32029] ? oom_killer_disable+0x280/0x280 [ 3403.795931][T32029] ? find_held_lock+0x35/0x130 [ 3403.800718][T32029] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3403.806415][T32029] ? memcg_event_wake+0x230/0x230 [ 3403.811458][T32029] ? do_raw_spin_unlock+0x57/0x270 [ 3403.816698][T32029] ? _raw_spin_unlock+0x2d/0x50 [ 3403.821555][T32029] try_charge+0x118d/0x1790 [ 3403.826409][T32029] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3403.831949][T32029] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 3403.837504][T32029] ? find_held_lock+0x35/0x130 [ 3403.842307][T32029] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 3403.847892][T32029] __memcg_kmem_charge_memcg+0x7c/0x130 [ 3403.853549][T32029] ? memcg_kmem_put_cache+0xb0/0xb0 [ 3403.858767][T32029] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3403.864338][T32029] __memcg_kmem_charge+0x136/0x300 [ 3403.869702][T32029] __alloc_pages_nodemask+0x437/0x7e0 [ 3403.875102][T32029] ? find_held_lock+0x35/0x130 [ 3403.879897][T32029] ? __alloc_pages_slowpath+0x28b0/0x28b0 [ 3403.885620][T32029] ? kasan_check_write+0x14/0x20 [ 3403.890564][T32029] ? lock_downgrade+0x880/0x880 [ 3403.895542][T32029] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3403.901933][T32029] alloc_pages_current+0x107/0x210 [ 3403.907130][T32029] pte_alloc_one+0x1b/0x1a0 [ 3403.911634][T32029] __pte_alloc+0x20/0x310 [ 3403.915963][T32029] copy_page_range+0x1561/0x1fc0 [ 3403.920984][T32029] ? anon_vma_fork+0x371/0x4a0 [ 3403.925756][T32029] ? pmd_alloc+0x180/0x180 [ 3403.930288][T32029] ? vma_gap_callbacks_rotate+0x62/0x80 [ 3403.935905][T32029] ? validate_mm_rb+0xa3/0xc0 [ 3403.940596][T32029] ? __vma_link_rb+0x279/0x370 [ 3403.945375][T32029] copy_process.part.0+0x5afb/0x7a90 [ 3403.950673][T32029] ? __cleanup_sighand+0x60/0x60 [ 3403.955630][T32029] _do_fork+0x257/0xfd0 [ 3403.959808][T32029] ? fork_idle+0x1d0/0x1d0 [ 3403.964269][T32029] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3403.969897][T32029] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3403.975711][T32029] ? do_syscall_64+0x26/0x670 [ 3403.980414][T32029] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3403.986635][T32029] ? do_syscall_64+0x26/0x670 [ 3403.991426][T32029] __x64_sys_clone+0xbf/0x150 [ 3403.996320][T32029] do_syscall_64+0x103/0x670 [ 3404.001387][T32029] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3404.007415][T32029] RIP: 0033:0x458c29 [ 3404.011313][T32029] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3404.031724][T32029] RSP: 002b:00007fea30623c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 3404.040349][T32029] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000458c29 [ 3404.048685][T32029] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 3404.056786][T32029] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 3404.064907][T32029] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fea306246d4 [ 3404.072896][T32029] R13: 00000000004befd3 R14: 00000000004d0020 R15: 00000000ffffffff [ 3404.082127][T32029] memory: usage 307040kB, limit 307200kB, failcnt 97069 [ 3404.089287][T32029] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3404.096916][T32029] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3404.103863][T32029] Memory cgroup stats for /syz5: cache:124KB rss:99396KB rss_huge:0KB shmem:132KB mapped_file:0KB dirty:132KB writeback:0KB swap:0KB inactive_anon:132KB active_anon:99468KB inactive_file:4KB active_file:0KB unevictable:0KB [ 3404.125719][T32029] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=10398,uid=0 [ 3404.141744][T32029] Memory cgroup out of memory: Killed process 10398 (syz-executor.5) total-vm:72448kB, anon-rss:156kB, file-rss:34816kB, shmem-rss:0kB [ 3404.157539][ T1044] oom_reaper: reaped process 10398 (syz-executor.5), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 3404.182307][T32293] syz-executor.5 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 3404.194539][T32293] CPU: 0 PID: 32293 Comm: syz-executor.5 Not tainted 5.1.0-rc5-next-20190418 #28 [ 3404.203950][T32293] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3404.214196][T32293] Call Trace: [ 3404.217521][T32293] dump_stack+0x172/0x1f0 [ 3404.221952][T32293] dump_header+0x10f/0xb6c [ 3404.226586][T32293] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3404.232698][T32293] ? ___ratelimit+0x60/0x595 [ 3404.237431][T32293] ? do_raw_spin_unlock+0x57/0x270 [ 3404.242553][T32293] oom_kill_process.cold+0x10/0x15 [ 3404.247785][T32293] out_of_memory+0x79a/0x1280 [ 3404.252576][T32293] ? lock_downgrade+0x880/0x880 [ 3404.257514][T32293] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3404.263963][T32293] ? oom_killer_disable+0x280/0x280 [ 3404.269176][T32293] ? find_held_lock+0x35/0x130 [ 3404.274067][T32293] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3404.279699][T32293] ? memcg_event_wake+0x230/0x230 [ 3404.284849][T32293] ? do_raw_spin_unlock+0x57/0x270 [ 3404.289994][T32293] ? _raw_spin_unlock+0x2d/0x50 [ 3404.294958][T32293] try_charge+0x118d/0x1790 [ 3404.299547][T32293] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3404.305090][T32293] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 3404.310760][T32293] ? find_held_lock+0x35/0x130 [ 3404.315535][T32293] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 3404.321081][T32293] __memcg_kmem_charge_memcg+0x7c/0x130 [ 3404.326746][T32293] ? memcg_kmem_put_cache+0xb0/0xb0 [ 3404.332026][T32293] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3404.338073][T32293] __memcg_kmem_charge+0x136/0x300 [ 3404.343332][T32293] __alloc_pages_nodemask+0x437/0x7e0 [ 3404.348733][T32293] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3404.355004][T32293] ? __alloc_pages_slowpath+0x28b0/0x28b0 [ 3404.361204][T32293] ? copy_process.part.0+0x1d40/0x7a90 [ 3404.366691][T32293] copy_process.part.0+0x3e0/0x7a90 [ 3404.371923][T32293] ? __lock_acquire+0x548/0x3fb0 [ 3404.377085][T32293] ? do_raw_spin_unlock+0x57/0x270 [ 3404.382215][T32293] ? __might_fault+0x12b/0x1e0 [ 3404.387169][T32293] ? __cleanup_sighand+0x60/0x60 [ 3404.392211][T32293] ? lock_downgrade+0x880/0x880 [ 3404.397223][T32293] _do_fork+0x257/0xfd0 [ 3404.401416][T32293] ? fork_idle+0x1d0/0x1d0 [ 3404.406102][T32293] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3404.411600][T32293] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3404.417098][T32293] ? do_syscall_64+0x26/0x670 [ 3404.421852][T32293] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3404.428047][T32293] ? do_syscall_64+0x26/0x670 [ 3404.432736][T32293] __x64_sys_clone+0xbf/0x150 [ 3404.437441][T32293] do_syscall_64+0x103/0x670 [ 3404.442124][T32293] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3404.448096][T32293] RIP: 0033:0x458c29 [ 3404.452174][T32293] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3404.471885][T32293] RSP: 002b:00007fea30602c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 3404.480427][T32293] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000458c29 [ 3404.488523][T32293] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 3404.496629][T32293] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 3404.504848][T32293] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fea306036d4 [ 3404.512947][T32293] R13: 00000000004befd3 R14: 00000000004d0020 R15: 00000000ffffffff [ 3404.524708][T32293] memory: usage 306980kB, limit 307200kB, failcnt 97090 [ 3404.535651][T32293] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3404.543905][T32293] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3404.554716][T32293] Memory cgroup stats for /syz5: cache:124KB rss:99528KB rss_huge:0KB shmem:132KB mapped_file:0KB dirty:132KB writeback:0KB swap:0KB inactive_anon:132KB active_anon:99468KB inactive_file:4KB active_file:0KB unevictable:0KB [ 3404.578081][T32293] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=32025,uid=0 [ 3404.594929][T32293] Memory cgroup out of memory: Killed process 32293 (syz-executor.5) total-vm:72712kB, anon-rss:172kB, file-rss:35788kB, shmem-rss:0kB 03:43:48 executing program 5: socket$inet_udplite(0x2, 0x2, 0x88) sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000002300)}, 0x0) clone(0x0, 0x0, 0x0, 0x0, 0x0) sysinfo(&(0x7f0000000000)=""/248) r0 = socket$inet(0x10, 0x3, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$sock_ifreq(r1, 0x89f1, &(0x7f0000000180)={'ip6tnl0\x00\x00\x00\x00\x00\x00\x00\x00\xff', @ifru_flags}) 03:43:48 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$inet(0x2, 0x2000000080003, 0xc) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f00000000c0)=@broute={'broute\x00\x00\x00\x00\x02\x00\x00\x00\x00t\x00', 0x20, 0x1, 0x178, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000800], 0x2, 0x0, &(0x7f0000000800)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe, 0x1, [{{{0x11, 0x0, 0x0, 'bcsf0\x00\x00\x00\x00\b\x00', 'veth0_to_bond\x00', 'vcan0\x00', 'vlan0\x00', @broadcast, [], @link_local, [], 0xb0, 0xb0, 0xe8, [@devgroup={'devgroup\x00', 0x18, {{0x38}}}]}}, @common=@dnat={'dnat\x00', 0x10, {{@link_local}}}}]}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}]}, 0x1f0) fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0) 03:43:48 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000340)={0x0, 0x5200, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:43:48 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'ccm-aes-ce\x00'}, 0x3f9) r1 = openat$ion(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ion\x00', 0x121682, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="ab553fec94248c32e27d04000000288a", 0x10) r2 = accept$alg(r0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_TRANSLATE(r1, 0xc018ae85, &(0x7f0000000140)={0x0, 0x5004, 0x1, 0xff, 0x5}) write$binfmt_script(r2, &(0x7f0000000600)=ANY=[], 0xfec8) recvmmsg(r2, &(0x7f0000000e40)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f0000000840)=[{&(0x7f00000023c0)=""/4096, 0xfeb8}], 0x1}}], 0x2, 0x0, 0x0) ioctl$sock_inet_SIOCSIFPFLAGS(r2, 0x8934, &(0x7f0000000100)={'syzkaller1\x00', 0x81}) 03:43:48 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x2e00, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:43:48 executing program 3: bpf$MAP_CREATE(0x0, &(0x7f0000000100)={0xe, 0x4, 0x4, 0x1f}, 0x3c) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCBRADDBR(r0, 0x89a0, &(0x7f00000000c0)='bcsf0\x00') r1 = socket$inet_udplite(0x2, 0x2, 0x88) socket$l2tp(0x18, 0x1, 0x1) ftruncate(r0, 0x0) ioctl$VT_GETSTATE(r0, 0x5603, &(0x7f0000000040)={0x7, 0x8001, 0x8000000000000000}) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$sock_SIOCBRDELBR(r0, 0x89a1, &(0x7f0000000180)='bcsf0\x00\x00\x00\x00\x00\x00\x00\x11\x00\x00\x13') [ 3404.612284][ T1044] oom_reaper: reaped process 32293 (syz-executor.5), now anon-rss:0kB, file-rss:34828kB, shmem-rss:0kB 03:43:48 executing program 1: fstat(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0}) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000040)='./file0\x00', 0x2, 0x1, &(0x7f0000000180)=[{&(0x7f0000000080)="218a9a23e887aef43af5dfbe53eef97871d78dc500d89f7f8e288e52062ef867c2bd94e6eaa5bf6f1954a60ecfb0340d7eb566a942522c6e1fdbf74a28d8a3e47a945cd50a4fbad1c11fb33d8e1274fc44b89688e41b94e2db2ddcdc193780dd267abe667db6ac557be5702f5f3a2c3e2c9b02e3a5eb976af750ef23892647f028ead91f2c6c2ab3ca4bfcc480c7f5367bc208df6cae75f7fccac3921b319aa5f30af83933706c83e6596011a0a9bd450919e48ec36c564c296cd36cf2a0b012d1301606dc65346b7819a7c43351ae34e65cdcb62e86bea8184b4461eb61d115a8675cf269c370ba8a7bdcbea1b7a1fbd0990a", 0xf3, 0x5}], 0x810000, &(0x7f0000000240)=ANY=[@ANYBLOB="636865636b5f696e745f7072696e745f6d61736b3d3078303030303030303030303030352c636f6d70726573732d666f7263652c6e6f696e6f64655f636163de065b68652c636e6f6575746f6465667261672c666f776e65723e000000000000", @ANYRESDEC=r0, @ANYBLOB=',smackfstransmute=,\x00']) r1 = open(&(0x7f0000000300)='./file0\x00', 0x10000, 0x80) ioctl$KDSETMODE(r1, 0x4b3a, 0x10001) r2 = socket(0x15, 0x80005, 0x0) getsockopt(r2, 0x114, 0x2715, &(0x7f0000af0fe7)=""/13, &(0x7f000033bffc)=0x7ffff000) write$capi20_data(r1, &(0x7f0000000340)={{0x10, 0x1, 0x41, 0x82, 0x9, 0x21}, 0x6d, "7c68b6418f5c3725510a19fae22c144b975d1b13eb1b8d9b3661fe8c144dd30682403432f0f20eaeb21ae5e2282b8aa9f0a2164c01fcf0eb67e4ef6b143b7d42fa7d131873269f78f428d601d024a1de8d1c4199a76ff8122cebcbd91b9b6d2af589430615976167dc55b009a3"}, 0x7f) setresuid(r0, r0, r0) 03:43:48 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$inet(0x2, 0x2000000080003, 0xc) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f00000000c0)=@broute={'broute\x00\x00\x00\x00\x02\x00\x00\x00\x00t\x00', 0x20, 0x1, 0x178, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000800], 0x2, 0x0, &(0x7f0000000800)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe, 0x1, [{{{0x11, 0x0, 0x0, 'bcsf0\x00\x00\x00\x00\b\x00', 'veth0_to_bond\x00\x00\x10', 'vcan0\x00', 'vlan0\x00', @broadcast, [], @link_local, [], 0xb0, 0xb0, 0xe8, [@devgroup={'devgroup\x00', 0x18, {{0x38}}}]}}, @common=@dnat={'dnat\x00', 0x10, {{@link_local}}}}]}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}]}, 0x1f0) fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0) 03:43:48 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x2f00, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:43:48 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000340)={0x0, 0x5300, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:43:48 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r1, &(0x7f0000ef8cfd)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) listen(r1, 0x4) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r2, 0x84, 0x6b, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) write$binfmt_misc(r2, &(0x7f0000000040)=ANY=[@ANYRES32=0x0], 0x4) write(r2, &(0x7f0000000200)='}', 0x1) r3 = accept4(r1, 0x0, 0x0, 0x0) shutdown(r3, 0x3) write$binfmt_script(r3, &(0x7f0000001380)={'#! ', './file0'}, 0xa0) [ 3404.959604][T32315] syz-executor.5 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 3404.986935][T32315] CPU: 0 PID: 32315 Comm: syz-executor.5 Not tainted 5.1.0-rc5-next-20190418 #28 [ 3404.996244][T32315] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3404.996259][T32315] Call Trace: [ 3405.009626][T32315] dump_stack+0x172/0x1f0 [ 3405.014002][T32315] dump_header+0x10f/0xb6c [ 3405.018436][T32315] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3405.024348][T32315] ? ___ratelimit+0x60/0x595 [ 3405.028964][T32315] ? do_raw_spin_unlock+0x57/0x270 [ 3405.034168][T32315] oom_kill_process.cold+0x10/0x15 [ 3405.034185][T32315] out_of_memory+0x79a/0x1280 [ 3405.043998][T32315] ? lock_downgrade+0x880/0x880 [ 3405.048959][T32315] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 03:43:48 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$inet(0x2, 0x2000000080003, 0xc) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f00000000c0)=@broute={'broute\x00\x00\x00\x00\x02\x00\x00\x00\x00t\x00', 0x20, 0x1, 0x178, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000800], 0x2, 0x0, &(0x7f0000000800)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe, 0x1, [{{{0x11, 0x0, 0x0, 'bcsf0\x00\x00\x00\x00\b\x00', 'veth0_to_bond\xff\xff\xff', 'vcan0\x00', 'vlan0\x00', @broadcast, [], @link_local, [], 0xb0, 0xb0, 0xe8, [@devgroup={'devgroup\x00', 0x18, {{0x38}}}]}}, @common=@dnat={'dnat\x00', 0x10, {{@link_local}}}}]}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}]}, 0x1f0) fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0) [ 3405.055562][T32315] ? oom_killer_disable+0x280/0x280 [ 3405.060778][T32315] ? find_held_lock+0x35/0x130 [ 3405.065570][T32315] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3405.071128][T32315] ? memcg_event_wake+0x230/0x230 [ 3405.076158][T32315] ? do_raw_spin_unlock+0x57/0x270 [ 3405.081283][T32315] ? _raw_spin_unlock+0x2d/0x50 [ 3405.086146][T32315] try_charge+0x118d/0x1790 [ 3405.090660][T32315] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3405.090672][T32315] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 3405.090691][T32315] ? find_held_lock+0x35/0x130 [ 3405.090705][T32315] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 3405.090725][T32315] __memcg_kmem_charge_memcg+0x7c/0x130 [ 3405.090738][T32315] ? memcg_kmem_put_cache+0xb0/0xb0 [ 3405.090758][T32315] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3405.128859][T32315] __memcg_kmem_charge+0x136/0x300 [ 3405.133997][T32315] __alloc_pages_nodemask+0x437/0x7e0 [ 3405.134016][T32315] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3405.134034][T32315] ? __alloc_pages_slowpath+0x28b0/0x28b0 [ 3405.151484][T32315] ? copy_process.part.0+0x1d40/0x7a90 [ 3405.157039][T32315] ? lockdep_hardirqs_on+0x418/0x5d0 [ 3405.162392][T32315] ? trace_hardirqs_on+0x67/0x230 [ 3405.167530][T32315] copy_process.part.0+0x3e0/0x7a90 [ 3405.172760][T32315] ? psi_memstall_leave+0x11c/0x180 [ 3405.177975][T32315] ? kvm_sched_clock_read+0x9/0x20 [ 3405.183278][T32315] ? psi_memstall_leave+0x12e/0x180 [ 3405.188521][T32315] ? find_held_lock+0x35/0x130 [ 3405.193297][T32315] ? psi_memstall_leave+0x12e/0x180 [ 3405.198522][T32315] ? __cleanup_sighand+0x60/0x60 [ 3405.203470][T32315] ? __lock_acquire+0x548/0x3fb0 [ 3405.208414][T32315] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3405.214704][T32315] _do_fork+0x257/0xfd0 [ 3405.219009][T32315] ? fork_idle+0x1d0/0x1d0 [ 3405.219033][T32315] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3405.219045][T32315] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3405.219058][T32315] ? do_syscall_64+0x26/0x670 [ 3405.219072][T32315] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3405.219083][T32315] ? do_syscall_64+0x26/0x670 [ 3405.219098][T32315] __x64_sys_clone+0xbf/0x150 [ 3405.219116][T32315] do_syscall_64+0x103/0x670 [ 3405.234522][T32315] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3405.234538][T32315] RIP: 0033:0x45b5f9 [ 3405.269426][T32315] Code: ff 48 85 f6 0f 84 d7 8e fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8e fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 3405.289219][T32315] RSP: 002b:00007ffc1533c028 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 3405.297672][T32315] RAX: ffffffffffffffda RBX: 00007fea30603700 RCX: 000000000045b5f9 [ 3405.305689][T32315] RDX: 00007fea306039d0 RSI: 00007fea30602db0 RDI: 00000000003d0f00 [ 3405.313684][T32315] RBP: 00007ffc1533c230 R08: 00007fea30603700 R09: 00007fea30603700 [ 3405.321680][T32315] R10: 00007fea306039d0 R11: 0000000000000202 R12: 0000000000000000 [ 3405.329756][T32315] R13: 00007ffc1533c0df R14: 00007fea306039c0 R15: 000000000073bfac [ 3405.377424][T32315] memory: usage 307176kB, limit 307200kB, failcnt 97113 [ 3405.384544][T32315] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3405.462076][T32315] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3405.490796][T32315] Memory cgroup stats for /syz5: cache:124KB rss:99520KB rss_huge:0KB shmem:132KB mapped_file:0KB dirty:132KB writeback:0KB swap:0KB inactive_anon:132KB active_anon:99468KB inactive_file:4KB active_file:0KB unevictable:0KB [ 3405.513540][T32315] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=32298,uid=0 [ 3405.529860][T32315] Memory cgroup out of memory: Killed process 32298 (syz-executor.5) total-vm:72580kB, anon-rss:164kB, file-rss:34816kB, shmem-rss:0kB [ 3405.582759][T32315] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3405.593898][T32315] CPU: 1 PID: 32315 Comm: syz-executor.5 Not tainted 5.1.0-rc5-next-20190418 #28 [ 3405.603155][T32315] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3405.613352][T32315] Call Trace: [ 3405.616660][T32315] dump_stack+0x172/0x1f0 [ 3405.621003][T32315] dump_header+0x10f/0xb6c [ 3405.625805][T32315] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3405.631627][T32315] ? ___ratelimit+0x60/0x595 [ 3405.636224][T32315] ? do_raw_spin_unlock+0x57/0x270 [ 3405.641430][T32315] oom_kill_process.cold+0x10/0x15 [ 3405.646669][T32315] out_of_memory+0x79a/0x1280 [ 3405.651373][T32315] ? lock_downgrade+0x880/0x880 [ 3405.656250][T32315] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3405.662806][T32315] ? oom_killer_disable+0x280/0x280 [ 3405.668110][T32315] ? find_held_lock+0x35/0x130 [ 3405.673284][T32315] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3405.678929][T32315] ? memcg_event_wake+0x230/0x230 [ 3405.684186][T32315] ? do_raw_spin_unlock+0x57/0x270 [ 3405.689298][T32315] ? _raw_spin_unlock+0x2d/0x50 [ 3405.694230][T32315] try_charge+0x118d/0x1790 [ 3405.698848][T32315] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3405.704510][T32315] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3405.710753][T32315] ? kasan_check_read+0x11/0x20 [ 3405.715725][T32315] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3405.721588][T32315] mem_cgroup_try_charge+0x24d/0x5e0 [ 3405.727032][T32315] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3405.732819][T32315] wp_page_copy+0x416/0x1770 [ 3405.737416][T32315] ? do_wp_page+0x486/0x1500 [ 3405.742017][T32315] ? pmd_pfn+0x1d0/0x1d0 [ 3405.746381][T32315] ? lock_downgrade+0x880/0x880 [ 3405.751322][T32315] ? swp_swapcount+0x540/0x540 [ 3405.756099][T32315] ? kasan_check_read+0x11/0x20 [ 3405.760956][T32315] ? do_raw_spin_unlock+0x57/0x270 [ 3405.766099][T32315] do_wp_page+0x48e/0x1500 [ 3405.770522][T32315] ? finish_mkwrite_fault+0x540/0x540 [ 3405.776068][T32315] __handle_mm_fault+0x22e8/0x3ec0 [ 3405.781279][T32315] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3405.786942][T32315] ? find_held_lock+0x35/0x130 [ 3405.791795][T32315] ? handle_mm_fault+0x292/0xa90 [ 3405.796939][T32315] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3405.803182][T32315] ? kasan_check_read+0x11/0x20 [ 3405.808170][T32315] handle_mm_fault+0x3b7/0xa90 [ 3405.812957][T32315] __do_page_fault+0x5ef/0xda0 [ 3405.817729][T32315] do_page_fault+0x71/0x581 [ 3405.822229][T32315] ? page_fault+0x8/0x30 [ 3405.826469][T32315] page_fault+0x1e/0x30 [ 3405.830621][T32315] RIP: 0033:0x42f207 [ 3405.834500][T32315] Code: 00 be 88 13 4e 00 bf 30 1b 4e 00 e8 e3 b8 ff ff 0f 1f 00 48 83 fe bf 0f 87 63 08 00 00 48 89 f0 41 57 41 56 48 83 c0 17 41 55 <41> 54 55 53 48 89 c5 48 83 e5 f0 48 89 fb 48 81 ec 98 00 00 00 48 [ 3405.854272][T32315] RSP: 002b:00007ffc1533c000 EFLAGS: 00010206 [ 3405.860340][T32315] RAX: 0000000000000127 RBX: 0000000000713640 RCX: 0000000000458c7a [ 3405.868490][T32315] RDX: 0000000000000011 RSI: 0000000000000110 RDI: 0000000000713640 [ 3405.876457][T32315] RBP: 0000000000000110 R08: ffffffffffffffff R09: 0000000000000000 [ 3405.884456][T32315] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000020490 [ 3405.892446][T32315] R13: 00005555555ccb70 R14: 0000000000000003 R15: 000000000073c04c [ 3405.901871][T32315] memory: usage 307196kB, limit 307200kB, failcnt 97152 [ 3405.909059][T32315] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3405.916520][T32315] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3405.923431][T32315] Memory cgroup stats for /syz5: cache:124KB rss:99520KB rss_huge:0KB shmem:132KB mapped_file:0KB dirty:132KB writeback:0KB swap:0KB inactive_anon:132KB active_anon:99468KB inactive_file:4KB active_file:0KB unevictable:0KB [ 3405.945337][T32315] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=32315,uid=0 [ 3405.960864][T32315] Memory cgroup out of memory: Killed process 32315 (syz-executor.5) total-vm:72712kB, anon-rss:164kB, file-rss:35716kB, shmem-rss:0kB 03:43:49 executing program 5: socket$inet_udplite(0x2, 0x2, 0x88) sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000002300)}, 0x0) clone(0x0, 0x0, 0x0, 0x0, 0x0) sysinfo(&(0x7f0000000000)=""/248) r0 = socket$inet(0x10, 0x3, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$sock_ifreq(r1, 0x89f1, &(0x7f0000000180)={'ip6tnl0\x00', @ifru_flags}) 03:43:49 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000340)={0x0, 0x5400, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:43:49 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x3000, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:43:49 executing program 3: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'vet\x00\x00\x00\x00\x00\x00\x00\x00\x00\xbdh\x00', 0x43732e5398416f1a}) r1 = syz_open_dev$vcsa(&(0x7f0000000080)='/dev/vcsa#\x00', 0xfffffffffffffffd, 0x40000) ioctl$KVM_SIGNAL_MSI(r1, 0x4020aea5, &(0x7f00000000c0)={0x6000, 0xf000, 0xffffffff, 0x4, 0xfd6}) ioctl$TUNSETOWNER(r0, 0x400454cc, 0x0) r2 = socket(0xa, 0x7, 0xffffffff7fffffff) ioctl$EXT4_IOC_MOVE_EXT(r2, 0xc028660f, &(0x7f0000000280)={0x0, r0, 0x0, 0x2, 0x2, 0x6}) r3 = openat$tun(0xffffffffffffff9c, &(0x7f00000006c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000100)={'e\x00', 0x2002800}) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000000180)='TIPC\x00') sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r1, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x30, r4, 0x400, 0x70bd27, 0x25dfdbfb, {{}, 0x0, 0x5, 0x0, {0x14, 0x19, {0xbc55, 0x0, 0x8, 0x100000001}}}, ["", "", ""]}, 0x30}, 0x1, 0x0, 0x0, 0x24044005}, 0x0) 03:43:49 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$inet(0x2, 0x2000000080003, 0xc) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f00000000c0)=@broute={'broute\x00\x00\x00\x00\x02\x00\x00\x00\x00t\x00', 0x20, 0x1, 0x178, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000800], 0x2, 0x0, &(0x7f0000000800)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe, 0x1, [{{{0x11, 0x0, 0x0, 'bcsf0\x00\x00\x00\x00\b\x00', 'veth0_to_bond\x00', 'vcan0\x00', 'vlan0\x00', @broadcast, [], @link_local, [], 0xb0, 0xb0, 0xe8, [@devgroup={'devgroup\x00', 0x18, {{0x38}}}]}}, @common=@dnat={'dnat\x00', 0x10, {{@link_local}}}}]}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}]}, 0x1f0) fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0) 03:43:49 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) r1 = dup2(r0, r0) ioctl$VIDIOC_G_AUDOUT(r1, 0x80345631, &(0x7f0000000200)) bind$alg(r0, &(0x7f0000000440)={0x26, 'rng\x00', 0x0, 0x0, 'jitterentropy_rng\x00'}, 0x58) r2 = accept$alg(r0, 0x0, 0x0) r3 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm-monitor\x00', 0x400000, 0x0) setsockopt$inet_mtu(r3, 0x0, 0xa, &(0x7f0000000180)=0x1, 0x4) fstat(r2, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$SIOCAX25ADDUID(r3, 0x89e1, &(0x7f0000000240)={0x3, @null, r4}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$TIOCOUTQ(r3, 0x5411, &(0x7f0000000140)) recvmmsg(r2, &(0x7f0000003ac0)=[{{0x0, 0x89, &(0x7f00000001c0)=[{&(0x7f0000000100)=""/50, 0x32}], 0x1}}], 0x1, 0x0, 0x0) [ 3405.976297][ T1044] oom_reaper: reaped process 32315 (syz-executor.5), now anon-rss:0kB, file-rss:34828kB, shmem-rss:0kB [ 3406.131684][T32630] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3406.145715][T32630] CPU: 1 PID: 32630 Comm: syz-executor.5 Not tainted 5.1.0-rc5-next-20190418 #28 [ 3406.154868][T32630] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3406.165017][T32630] Call Trace: [ 3406.168338][T32630] dump_stack+0x172/0x1f0 [ 3406.172798][T32630] dump_header+0x10f/0xb6c 03:43:49 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x3100, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:43:49 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000340)={0x0, 0x5500, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) [ 3406.177221][T32630] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3406.183037][T32630] ? ___ratelimit+0x60/0x595 [ 3406.187723][T32630] ? do_raw_spin_unlock+0x57/0x270 [ 3406.192846][T32630] oom_kill_process.cold+0x10/0x15 [ 3406.198056][T32630] out_of_memory+0x79a/0x1280 [ 3406.202752][T32630] ? lock_downgrade+0x880/0x880 [ 3406.207920][T32630] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3406.214278][T32630] ? oom_killer_disable+0x280/0x280 [ 3406.219849][T32630] ? find_held_lock+0x35/0x130 [ 3406.224664][T32630] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3406.230315][T32630] ? memcg_event_wake+0x230/0x230 [ 3406.230341][T32630] ? do_raw_spin_unlock+0x57/0x270 [ 3406.230356][T32630] ? _raw_spin_unlock+0x2d/0x50 [ 3406.230375][T32630] try_charge+0x118d/0x1790 [ 3406.250021][T32630] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3406.255580][T32630] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3406.261939][T32630] ? kasan_check_read+0x11/0x20 [ 3406.266886][T32630] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3406.272517][T32630] mem_cgroup_try_charge+0x24d/0x5e0 [ 3406.277815][T32630] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3406.283522][T32630] __handle_mm_fault+0x1e1f/0x3ec0 [ 3406.288731][T32630] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3406.294300][T32630] ? find_held_lock+0x35/0x130 [ 3406.299049][T32630] ? handle_mm_fault+0x292/0xa90 [ 3406.304125][T32630] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3406.310450][T32630] ? kasan_check_read+0x11/0x20 [ 3406.315374][T32630] handle_mm_fault+0x3b7/0xa90 [ 3406.320129][T32630] __do_page_fault+0x5ef/0xda0 [ 3406.324880][T32630] do_page_fault+0x71/0x581 [ 3406.329374][T32630] ? page_fault+0x8/0x30 [ 3406.333711][T32630] page_fault+0x1e/0x30 [ 3406.338033][T32630] RIP: 0033:0x400610 [ 3406.341939][T32630] Code: 01 e9 c9 00 00 00 48 8b 44 24 10 48 0b 44 24 28 be 08 00 00 00 48 8b 14 24 75 17 48 8b 7c 24 20 e8 f5 51 00 00 48 8b 4c 24 08 <48> 89 01 e9 9d 00 00 00 48 8b 44 24 08 48 8b 38 e8 db 51 00 00 8a [ 3406.361535][T32630] RSP: 002b:00007ffc1533c120 EFLAGS: 00010206 [ 3406.368467][T32630] RAX: 0000000000000000 RBX: 0000000000740060 RCX: 0000000020000180 [ 3406.376437][T32630] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000000 [ 3406.384393][T32630] RBP: 0000000000740068 R08: 0000000000000000 R09: 0000000000000000 [ 3406.392363][T32630] R10: 00007ffc1533c220 R11: 0000000000000246 R12: fffffffffffffffe [ 3406.400501][T32630] R13: 000000000033f8ed R14: 000000000033f91a R15: 000000000073bf0c 03:43:50 executing program 1: syz_open_dev$mouse(0x0, 0x0, 0x0) mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000200)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000340)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_subtree(r0, &(0x7f00000001c0)='cgroup.subtree_control\x00', 0x2, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio\x00', 0x80, 0x0) write$cgroup_subtree(r1, &(0x7f0000000180)=ANY=[@ANYBLOB='+pies '], 0x6) [ 3406.431878][T32630] memory: usage 307200kB, limit 307200kB, failcnt 97166 [ 3406.460848][T32630] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 03:43:50 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$inet(0x2, 0x2000000080003, 0xc) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f00000000c0)=@broute={'broute\x00\x00\x00\x00\x02\x00\x00\x00\x00t\x00', 0x20, 0x1, 0x178, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000800], 0x2, 0x0, &(0x7f0000000800)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe, 0x1, [{{{0x11, 0x0, 0x0, 'bcsf0\x00\x00\x00\x00\b\x00', 'veth0_to_bond\xfe\xff\xff', 'vcan0\x00', 'vlan0\x00', @broadcast, [], @link_local, [], 0xb0, 0xb0, 0xe8, [@devgroup={'devgroup\x00', 0x18, {{0x38}}}]}}, @common=@dnat={'dnat\x00', 0x10, {{@link_local}}}}]}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}]}, 0x1f0) fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0) 03:43:50 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x3200, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) [ 3406.498037][T32630] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3406.510235][T32630] Memory cgroup stats for /syz5: cache:124KB rss:99520KB rss_huge:0KB shmem:132KB mapped_file:0KB dirty:132KB writeback:0KB swap:0KB inactive_anon:132KB active_anon:99468KB inactive_file:4KB active_file:0KB unevictable:0KB 03:43:50 executing program 3: unshare(0x40000000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) r0 = socket$key(0xf, 0x3, 0x2) fcntl$F_GET_FILE_RW_HINT(r0, 0x40d, &(0x7f0000000040)) setsockopt$IP_VS_SO_SET_STOPDAEMON(0xffffffffffffffff, 0x0, 0x48c, &(0x7f0000000000)={0x0, 'veth0_to_bond\x00', 0x2}, 0x18) r1 = socket(0xa, 0x800, 0x0) ioctl(r1, 0x8916, &(0x7f0000000000)) [ 3406.641645][ T410] IPVS: ftp: loaded support on port[0] = 21 [ 3406.695180][T32630] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=32610,uid=0 [ 3406.756354][T32630] Memory cgroup out of memory: Killed process 32610 (syz-executor.5) total-vm:72580kB, anon-rss:164kB, file-rss:34816kB, shmem-rss:0kB [ 3406.821435][T32649] syz-executor.5 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 3406.834323][T32649] CPU: 1 PID: 32649 Comm: syz-executor.5 Not tainted 5.1.0-rc5-next-20190418 #28 [ 3406.843533][T32649] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3406.853906][T32649] Call Trace: [ 3406.857214][T32649] dump_stack+0x172/0x1f0 [ 3406.861570][T32649] dump_header+0x10f/0xb6c [ 3406.866005][T32649] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3406.871828][T32649] ? ___ratelimit+0x60/0x595 [ 3406.876427][T32649] ? do_raw_spin_unlock+0x57/0x270 [ 3406.881645][T32649] oom_kill_process.cold+0x10/0x15 [ 3406.886764][T32649] out_of_memory+0x79a/0x1280 [ 3406.891453][T32649] ? lock_downgrade+0x880/0x880 [ 3406.896410][T32649] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3406.902682][T32649] ? oom_killer_disable+0x280/0x280 [ 3406.907983][T32649] ? find_held_lock+0x35/0x130 [ 3406.912882][T32649] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3406.918521][T32649] ? memcg_event_wake+0x230/0x230 [ 3406.923558][T32649] ? do_raw_spin_unlock+0x57/0x270 [ 3406.928765][T32649] ? _raw_spin_unlock+0x2d/0x50 [ 3406.933668][T32649] try_charge+0x118d/0x1790 [ 3406.938195][T32649] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3406.943754][T32649] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 3406.949305][T32649] ? find_held_lock+0x35/0x130 [ 3406.954084][T32649] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 3406.959748][T32649] __memcg_kmem_charge_memcg+0x7c/0x130 [ 3406.965496][T32649] ? memcg_kmem_put_cache+0xb0/0xb0 [ 3406.970724][T32649] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3406.976289][T32649] __memcg_kmem_charge+0x136/0x300 [ 3406.981422][T32649] __alloc_pages_nodemask+0x437/0x7e0 [ 3406.986811][T32649] ? __alloc_pages_slowpath+0x28b0/0x28b0 [ 3406.992827][T32649] ? copy_page_range+0x128a/0x1fc0 [ 3406.997945][T32649] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3407.004196][T32649] alloc_pages_current+0x107/0x210 [ 3407.009634][T32649] pte_alloc_one+0x1b/0x1a0 [ 3407.014131][T32649] __pte_alloc+0x20/0x310 [ 3407.018639][T32649] copy_page_range+0x1561/0x1fc0 [ 3407.023583][T32649] ? __lock_acquire+0x548/0x3fb0 [ 3407.028874][T32649] ? pmd_alloc+0x180/0x180 [ 3407.033294][T32649] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 3407.039104][T32649] ? vma_compute_subtree_gap+0x158/0x230 [ 3407.044757][T32649] ? validate_mm_rb+0xa3/0xc0 [ 3407.049424][T32649] ? __vma_link_rb+0x279/0x370 [ 3407.054174][T32649] ? kasan_check_write+0x14/0x20 [ 3407.059119][T32649] copy_process.part.0+0x5afb/0x7a90 [ 3407.064443][T32649] ? __cleanup_sighand+0x60/0x60 [ 3407.069561][T32649] _do_fork+0x257/0xfd0 [ 3407.073858][T32649] ? fork_idle+0x1d0/0x1d0 [ 3407.078477][T32649] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3407.084138][T32649] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3407.089622][T32649] ? do_syscall_64+0x26/0x670 [ 3407.094319][T32649] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3407.100496][T32649] ? do_syscall_64+0x26/0x670 [ 3407.105314][T32649] __x64_sys_clone+0xbf/0x150 [ 3407.110060][T32649] do_syscall_64+0x103/0x670 [ 3407.114740][T32649] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3407.120634][T32649] RIP: 0033:0x458c29 [ 3407.124592][T32649] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3407.144420][T32649] RSP: 002b:00007fea30623c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 3407.153239][T32649] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000458c29 [ 3407.161316][T32649] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 3407.169314][T32649] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 3407.177503][T32649] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fea306246d4 [ 3407.186000][T32649] R13: 00000000004befd3 R14: 00000000004d0020 R15: 00000000ffffffff [ 3407.194637][T32649] memory: usage 307040kB, limit 307200kB, failcnt 97191 [ 3407.202167][T32649] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3407.209873][T32649] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3407.217301][T32649] Memory cgroup stats for /syz5: cache:124KB rss:99384KB rss_huge:0KB shmem:132KB mapped_file:0KB dirty:132KB writeback:0KB swap:0KB inactive_anon:132KB active_anon:99336KB inactive_file:4KB active_file:0KB unevictable:0KB [ 3407.222637][ T410] IPVS: ftp: loaded support on port[0] = 21 [ 3407.239614][T32649] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=10739,uid=0 [ 3407.239740][T32649] Memory cgroup out of memory: Killed process 10739 (syz-executor.5) total-vm:72448kB, anon-rss:156kB, file-rss:34816kB, shmem-rss:0kB 03:43:50 executing program 5: socket$inet_udplite(0x2, 0x2, 0x88) sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000002300)}, 0x0) clone(0x0, 0x0, 0x0, 0x0, 0x0) sysinfo(&(0x7f0000000000)=""/248) r0 = socket$inet(0x10, 0x3, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$sock_ifreq(r1, 0x89f1, &(0x7f0000000180)={'ip6tnl0\x00', @ifru_flags}) 03:43:50 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f00000008c0)="8da4363ac0ed000000000000e200004d01000000000000000000000000000000ecf6f2a2299748aeb81e1b00920efd9a0000010000000000ffffffffffffffff5f42485266535f4dd2f873574f257e0a01e2a6a02f5e071383fa5a669a53f2fe9eb418628af41b035fd98372e7c2a6970f550441f0b263dca46c12ce6aaa994fbb4b3493ca901878bb330d2db8e953fc883f9c754f419e963874199295a945ec867b4f224fde52268a81e1154b80f7076f32b6eb8614e3fde3bfa0e0207e", 0xbe, 0x10000}], 0x0, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f319bd070") syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0xa1, 0x80000) openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/btrfs-control\x00', 0x40, 0x0) 03:43:50 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000340)={0x0, 0x5600, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:43:50 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x3300, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:43:50 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$inet(0x2, 0x2000000080003, 0xc) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f00000000c0)=@broute={'broute\x00\x00\x00\x00\x02\x00\x00\x00\x00t\x00', 0x20, 0x1, 0x178, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000800], 0x2, 0x0, &(0x7f0000000800)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe, 0x1, [{{{0x11, 0x0, 0x0, 'bcsf0\x00\x00\x00\x00\b\x00', 'veth0_to_bond\x00', 'vcan0\x00', 'vlan0\x00', @broadcast, [], @link_local, [], 0xb0, 0xb0, 0xe8, [@devgroup={'devgroup\x00', 0x18, {{0x38}}}]}}, @common=@dnat={'dnat\x00', 0x10, {{@link_local}}}}]}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}]}, 0x1f0) fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0) [ 3407.419984][ T475] BTRFS: device fsid ecf6f2a2-2997-48ae-b81e-1b00920efd9a devid 0 transid 756082810144684242 /dev/loop1 03:43:51 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x3400, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:43:51 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$inet(0x2, 0x2000000080003, 0xc) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f00000000c0)=@broute={'broute\x00\x00\x00\x00\x02\x00\x00\x00\x00t\x00', 0x20, 0x1, 0x178, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000800], 0x2, 0x0, &(0x7f0000000800)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe, 0x1, [{{{0x11, 0x0, 0x0, 'bcsf0\x00\x00\x00\x00\b\x00', 'veth0_to_bond\x00', 'vcan0\x00', 'vlan0\x00', @broadcast, [], @link_local, [], 0xb0, 0xb0, 0xe8, [@devgroup={'devgroup\x00', 0x18, {{0x38}}}]}}, @common=@dnat={'dnat\x00', 0x10, {{@link_local}}}}]}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}]}, 0x1f0) fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0) [ 3407.489611][ T475] BTRFS: Invalid seeding and uuid-changed device detected 03:43:51 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000340)={0x0, 0x5700, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) [ 3407.571741][ T468] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3407.597737][ T468] CPU: 1 PID: 468 Comm: syz-executor.5 Not tainted 5.1.0-rc5-next-20190418 #28 [ 3407.607445][ T468] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3407.618201][ T468] Call Trace: 03:43:51 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x22400, 0x1a0) perf_event_open(0x0, 0x0, 0xffffefffffffffff, r0, 0x0) r1 = socket$kcm(0x10, 0x200000000000, 0x10) sendmsg$kcm(r1, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000100)="2e0000001e000500ed0080648c6394f27e31d20004000b404b48000001000080000000000300f88000f01700d0bd", 0x2e}], 0x1}, 0x0) pipe2(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x84000) write$capi20(r3, &(0x7f0000000200)={0x10, 0x0, 0x0, 0x80, 0x100000001, 0x8}, 0x10) r4 = syz_genetlink_get_family_id$fou(&(0x7f0000000080)='fou\x00') sendmsg$FOU_CMD_GET(r2, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x1c, r4, 0x2, 0x70bd27, 0x25dfdbfe, {}, [@FOU_ATTR_AF={0x8}]}, 0x1c}}, 0x4000) [ 3407.621520][ T468] dump_stack+0x172/0x1f0 [ 3407.626095][ T468] dump_header+0x10f/0xb6c [ 3407.630536][ T468] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3407.636364][ T468] ? ___ratelimit+0x60/0x595 [ 3407.641012][ T468] ? do_raw_spin_unlock+0x57/0x270 [ 3407.646222][ T468] oom_kill_process.cold+0x10/0x15 [ 3407.646240][ T468] out_of_memory+0x79a/0x1280 [ 3407.656290][ T468] ? lock_downgrade+0x880/0x880 [ 3407.661155][ T468] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3407.661177][ T468] ? oom_killer_disable+0x280/0x280 [ 3407.661189][ T468] ? find_held_lock+0x35/0x130 [ 3407.661211][ T468] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3407.683101][ T468] ? memcg_event_wake+0x230/0x230 [ 3407.688441][ T468] ? do_raw_spin_unlock+0x57/0x270 [ 3407.693572][ T468] ? _raw_spin_unlock+0x2d/0x50 [ 3407.698525][ T468] try_charge+0x118d/0x1790 [ 3407.703053][ T468] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3407.708601][ T468] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3407.708618][ T468] ? kasan_check_read+0x11/0x20 [ 3407.708639][ T468] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3407.708657][ T468] mem_cgroup_try_charge+0x24d/0x5e0 [ 3407.708679][ T468] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3407.708696][ T468] __handle_mm_fault+0x1e1f/0x3ec0 [ 3407.708712][ T468] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3407.708727][ T468] ? find_held_lock+0x35/0x130 [ 3407.708739][ T468] ? handle_mm_fault+0x292/0xa90 [ 3407.708758][ T468] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3407.708770][ T468] ? kasan_check_read+0x11/0x20 [ 3407.708787][ T468] handle_mm_fault+0x3b7/0xa90 [ 3407.708806][ T468] __do_page_fault+0x5ef/0xda0 [ 3407.708826][ T468] do_page_fault+0x71/0x581 [ 3407.708840][ T468] ? page_fault+0x8/0x30 [ 3407.708852][ T468] page_fault+0x1e/0x30 [ 3407.708868][ T468] RIP: 0033:0x400610 [ 3407.731017][ T468] Code: 01 e9 c9 00 00 00 48 8b 44 24 10 48 0b 44 24 28 be 08 00 00 00 48 8b 14 24 75 17 48 8b 7c 24 20 e8 f5 51 00 00 48 8b 4c 24 08 <48> 89 01 e9 9d 00 00 00 48 8b 44 24 08 48 8b 38 e8 db 51 00 00 8a [ 3407.731027][ T468] RSP: 002b:00007ffc1533c120 EFLAGS: 00010206 [ 3407.731039][ T468] RAX: 0000000000000000 RBX: 0000000000740060 RCX: 0000000020000180 [ 3407.731047][ T468] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000000 [ 3407.731056][ T468] RBP: 0000000000740068 R08: 0000000000000000 R09: 0000000000000000 [ 3407.731065][ T468] R10: 00007ffc1533c220 R11: 0000000000000246 R12: fffffffffffffffe [ 3407.731073][ T468] R13: 000000000033fe1a R14: 000000000033fe47 R15: 000000000073bf0c [ 3407.824647][ T468] memory: usage 307200kB, limit 307200kB, failcnt 97215 03:43:51 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x3500, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:43:51 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$inet(0x2, 0x2000000080003, 0xc) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f00000000c0)=@broute={'broute\x00\x00\x00\x00\x02\x00\x00\x00\x00t\x00', 0x20, 0x1, 0x178, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000800], 0x2, 0x0, &(0x7f0000000800)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe, 0x1, [{{{0x11, 0x0, 0x0, 'bcsf0\x00\x00\x00\x00\b\x00', 'veth0_to_bond\x00', 'vcan0\x00', 'vlan0\x00', @broadcast, [], @link_local, [], 0xb0, 0xb0, 0xe8, [@devgroup={'devgroup\x00', 0x18, {{0x38}}}]}}, @common=@dnat={'dnat\x00', 0x10, {{@link_local}}}}]}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}]}, 0x1f0) fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0) 03:43:51 executing program 3: bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000040)={0xffffffffffffffff, 0x0, &(0x7f0000000140)}, 0x20) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(0xffffffffffffff9c, 0xc00c642e, &(0x7f0000000000)={0x0, 0x80000, 0xffffffffffffff9c}) ioctl$DRM_IOCTL_RES_CTX(0xffffffffffffffff, 0xc0106426, &(0x7f00000000c0)={0x1, &(0x7f0000000080)=[{0x0}]}) ioctl$DRM_IOCTL_LOCK(r0, 0x4008642a, &(0x7f0000000100)={r1, 0x1}) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x2, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4009}) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) r3 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A') perf_event_open$cgroup(&(0x7f0000000240)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, r3, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$can_raw(0x1d, 0x3, 0x1) write$cgroup_subtree(r2, &(0x7f0000000440)=ANY=[@ANYBLOB="044000dd07235e0d40aaedaa4b4a4a9551fbe644b55f8f9b06ca53dcf64001d0ae8b0cfad946ff8dd22f146b9ca2b63062ef59b2eeb49f715a79166061a1bd2945ca209ba681fd42327b7f4a5ace2f5be23097288c0fc766faaf997b254a521fbb235539454d3b52435f67f5b020e4a35ce9cf7ccf3c9cbc3026422970c5b747611e4bad9b9b787011026b4f2eac9db0afb240c81603d92fc0df40f4257fd312d8b591da96299105986f7009fedccda48f545827a449d0b7b012c3ec1b4206af273f228b0964e822fe5b7afa99b4e01d58899864fd80b757eec57b957c0d2db537b7df1fb55b0fd7d8aa5db89dcc8fddec439d3c57c13ce666"], 0x90ad) [ 3407.938507][ T468] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3407.970931][ T468] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3408.035448][ T468] Memory cgroup stats for /syz5: cache:124KB rss:99516KB rss_huge:0KB shmem:132KB mapped_file:0KB dirty:132KB writeback:0KB swap:0KB inactive_anon:132KB active_anon:99468KB inactive_file:4KB active_file:0KB unevictable:0KB [ 3408.130687][ T468] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null) [ 3408.130692][ T468] ,cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=426,uid=0 [ 3408.162442][ T468] Memory cgroup out of memory: Killed process 426 (syz-executor.5) total-vm:72580kB, anon-rss:164kB, file-rss:34816kB, shmem-rss:0kB [ 3408.186241][ T1044] oom_reaper: reaped process 426 (syz-executor.5), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 3408.198851][ T481] syz-executor.5 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 3408.212062][ T481] CPU: 1 PID: 481 Comm: syz-executor.5 Not tainted 5.1.0-rc5-next-20190418 #28 [ 3408.221134][ T481] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3408.231741][ T481] Call Trace: [ 3408.235056][ T481] dump_stack+0x172/0x1f0 [ 3408.239497][ T481] dump_header+0x10f/0xb6c [ 3408.244113][ T481] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3408.250005][ T481] ? ___ratelimit+0x60/0x595 [ 3408.254717][ T481] ? do_raw_spin_unlock+0x57/0x270 [ 3408.260076][ T481] oom_kill_process.cold+0x10/0x15 [ 3408.265284][ T481] out_of_memory+0x79a/0x1280 [ 3408.269956][ T481] ? lock_downgrade+0x880/0x880 [ 3408.274794][ T481] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3408.281142][ T481] ? oom_killer_disable+0x280/0x280 [ 3408.286446][ T481] ? find_held_lock+0x35/0x130 [ 3408.291252][ T481] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3408.296804][ T481] ? memcg_event_wake+0x230/0x230 [ 3408.302013][ T481] ? do_raw_spin_unlock+0x57/0x270 [ 3408.318191][ T481] ? _raw_spin_unlock+0x2d/0x50 [ 3408.336175][ T481] try_charge+0x118d/0x1790 [ 3408.344626][ T481] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3408.350462][ T481] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 3408.356307][ T481] ? find_held_lock+0x35/0x130 [ 3408.361310][ T481] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 3408.367379][ T481] __memcg_kmem_charge_memcg+0x7c/0x130 [ 3408.372957][ T481] ? memcg_kmem_put_cache+0xb0/0xb0 [ 3408.378206][ T481] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3408.384035][ T481] __memcg_kmem_charge+0x136/0x300 [ 3408.389148][ T481] __alloc_pages_nodemask+0x437/0x7e0 [ 3408.394536][ T481] ? __alloc_pages_slowpath+0x28b0/0x28b0 [ 3408.400411][ T481] ? copy_page_range+0x128a/0x1fc0 [ 3408.405764][ T481] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3408.412105][ T481] alloc_pages_current+0x107/0x210 [ 3408.417405][ T481] pte_alloc_one+0x1b/0x1a0 [ 3408.421926][ T481] __pte_alloc+0x20/0x310 [ 3408.426385][ T481] copy_page_range+0x1561/0x1fc0 [ 3408.431479][ T481] ? __lock_acquire+0x548/0x3fb0 [ 3408.436446][ T481] ? pmd_alloc+0x180/0x180 [ 3408.441147][ T481] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 3408.446870][ T481] ? vma_compute_subtree_gap+0x158/0x230 [ 3408.452602][ T481] ? validate_mm_rb+0xa3/0xc0 [ 3408.457420][ T481] ? __vma_link_rb+0x279/0x370 [ 3408.462274][ T481] ? kasan_check_write+0x14/0x20 [ 3408.467213][ T481] copy_process.part.0+0x5afb/0x7a90 [ 3408.472548][ T481] ? __cleanup_sighand+0x60/0x60 [ 3408.477522][ T481] _do_fork+0x257/0xfd0 [ 3408.481783][ T481] ? fork_idle+0x1d0/0x1d0 [ 3408.486373][ T481] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3408.492374][ T481] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3408.497949][ T481] ? do_syscall_64+0x26/0x670 [ 3408.502825][ T481] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3408.509004][ T481] ? do_syscall_64+0x26/0x670 [ 3408.513692][ T481] __x64_sys_clone+0xbf/0x150 [ 3408.518388][ T481] do_syscall_64+0x103/0x670 [ 3408.522991][ T481] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3408.535083][ T481] RIP: 0033:0x458c29 [ 3408.538986][ T481] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3408.558689][ T481] RSP: 002b:00007fea30623c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 3408.567108][ T481] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000458c29 [ 3408.575816][ T481] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 3408.584467][ T481] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 3408.592554][ T481] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fea306246d4 [ 3408.600631][ T481] R13: 00000000004befd3 R14: 00000000004d0020 R15: 00000000ffffffff [ 3408.611151][ T481] memory: usage 307040kB, limit 307200kB, failcnt 97246 [ 3408.619559][ T481] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3408.627529][ T481] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 03:43:52 executing program 5: socket$inet_udplite(0x2, 0x2, 0x88) sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000002300)}, 0x0) clone(0x0, 0x0, 0x0, 0x0, 0x0) sysinfo(&(0x7f0000000000)=""/248) r0 = socket$inet(0x10, 0x3, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$sock_ifreq(r1, 0x89f1, &(0x7f0000000180)={'ip6tnl0\x00', @ifru_flags}) 03:43:52 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000340)={0x0, 0x5737, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:43:52 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0) readv(r1, &(0x7f0000000480)=[{&(0x7f0000000000)=""/43, 0x2b}], 0x1) ioctl$int_in(r1, 0x800000c0045009, &(0x7f00000000c0)=0x10) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000100)={r1, 0x28, &(0x7f0000000080)}, 0x10) ioctl$int_in(r1, 0x80000040045010, &(0x7f0000000140)) ioctl(r0, 0x1000008912, &(0x7f0000001380)="0adc1f123c123f319bd070") 03:43:52 executing program 3: r0 = perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000340)='/dev/vhost-vsock\x00', 0x2, 0x0) r2 = getpgrp(0xffffffffffffffff) r3 = syz_open_procfs(r2, &(0x7f00000001c0)='statm\x00') getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000200)={0x0, 0x0}, &(0x7f0000000240)=0xc) fstat(r1, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000000300)={r4, r5, r6}, 0xfffffffffffffe2d) get_robust_list(r4, &(0x7f0000000500)=&(0x7f00000004c0)={&(0x7f0000000080)}, &(0x7f0000000400)=0x18) ioctl$VHOST_VSOCK_SET_GUEST_CID(r1, 0x4008af60, &(0x7f0000000140)={@my=0x0}) gettid() write$P9_RLERROR(r3, &(0x7f00000000c0)={0x27, 0x7, 0x1, {0x1e, '\x13em0:}eth0GPL,posix_acl_access'}}, 0x27) tee(r0, r3, 0x80000000, 0x8) 03:43:52 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$inet(0x2, 0x2000000080003, 0xc) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f00000000c0)=@broute={'broute\x00\x00\x00\x00\x02\x00\x00\x00\x00t\x00', 0x20, 0x1, 0x178, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000800], 0x2, 0x0, &(0x7f0000000800)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe, 0x1, [{{{0x11, 0x0, 0x0, 'bcsf0\x00\x00\x00\x00\b\x00', 'veth0_to_bond\x00', 'vcan0\x00', 'vlan0\x00', @broadcast, [], @link_local, [], 0xb0, 0xb0, 0xe8, [@devgroup={'devgroup\x00', 0x18, {{0x38}}}]}}, @common=@dnat={'dnat\x00', 0x10, {{@link_local}}}}]}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}]}, 0x1f0) fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0) 03:43:52 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x3600, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) [ 3408.634492][ T481] Memory cgroup stats for /syz5: cache:124KB rss:99516KB rss_huge:0KB shmem:132KB mapped_file:0KB dirty:132KB writeback:0KB swap:0KB inactive_anon:132KB active_anon:99468KB inactive_file:4KB active_file:0KB unevictable:0KB [ 3408.656690][ T481] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=11052,uid=0 [ 3408.673921][ T481] Memory cgroup out of memory: Killed process 11052 (syz-executor.5) total-vm:72448kB, anon-rss:156kB, file-rss:34816kB, shmem-rss:0kB 03:43:52 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x3700, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:43:52 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$inet(0x2, 0x2000000080003, 0xc) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f00000000c0)=@broute={'broute\x00\x00\x00\x00\x02\x00\x00\x00\x00t\x00', 0x20, 0x1, 0x178, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000800], 0x2, 0x0, &(0x7f0000000800)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe, 0x1, [{{{0x11, 0x0, 0x0, 'bcsf0\x00\x00\x00\x00\b\x00', 'veth0_to_bond\x00', 'vcan0\x00', 'vlan0\x00', @broadcast, [], @link_local, [], 0xb0, 0xb0, 0xe8, [@devgroup={'devgroup\x00', 0x18, {{0x38}}}]}}, @common=@dnat={'dnat\x00', 0x10, {{@link_local}}}}]}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}]}, 0x1f0) fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0) 03:43:52 executing program 3: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ppp\x00', 0x0, 0x0) ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f0000000040)) r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280)='/dev/sequencer\x00', 0x8000, 0x0) ioctl$BLKRAGET(r1, 0x1263, &(0x7f00000002c0)) r2 = syz_open_dev$mouse(&(0x7f0000000000)='/dev/input/mouse#\x00', 0xffffffffffffffff, 0x40) connect$pppoe(r2, &(0x7f00000000c0)={0x18, 0x0, {0x1, @dev={[], 0x20}, 'teql0\x00'}}, 0x1e) ioctl$VIDIOC_S_PARM(r2, 0xc0cc5616, &(0x7f0000000140)={0x7, @output={0x1000, 0x1, {0xffffffff, 0x1f}, 0x2, 0x2}}) ioctl$PPPIOCSFLAGS1(r0, 0x40047459, &(0x7f0000000080)=0x400) getsockopt$kcm_KCM_RECV_DISABLE(r2, 0x119, 0x1, &(0x7f0000000240), 0x4) ioctl$PPPIOCSFLAGS1(r0, 0x40047459, &(0x7f0000000100)) 03:43:52 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000340)={0x0, 0x5800, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) [ 3408.964427][ T731] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3408.980416][ T731] CPU: 1 PID: 731 Comm: syz-executor.5 Not tainted 5.1.0-rc5-next-20190418 #28 [ 3408.989399][ T731] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3408.999657][ T731] Call Trace: [ 3409.002972][ T731] dump_stack+0x172/0x1f0 [ 3409.007338][ T731] dump_header+0x10f/0xb6c [ 3409.011778][ T731] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3409.017876][ T731] ? ___ratelimit+0x60/0x595 [ 3409.017896][ T731] ? do_raw_spin_unlock+0x57/0x270 [ 3409.017915][ T731] oom_kill_process.cold+0x10/0x15 [ 3409.017929][ T731] out_of_memory+0x79a/0x1280 [ 3409.017943][ T731] ? lock_downgrade+0x880/0x880 [ 3409.017957][ T731] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3409.017971][ T731] ? oom_killer_disable+0x280/0x280 [ 3409.017981][ T731] ? find_held_lock+0x35/0x130 [ 3409.018004][ T731] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3409.027697][ T731] ? memcg_event_wake+0x230/0x230 [ 3409.027721][ T731] ? do_raw_spin_unlock+0x57/0x270 [ 3409.027737][ T731] ? _raw_spin_unlock+0x2d/0x50 [ 3409.027752][ T731] try_charge+0x118d/0x1790 [ 3409.027771][ T731] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3409.027788][ T731] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3409.027801][ T731] ? kasan_check_read+0x11/0x20 [ 3409.027816][ T731] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3409.027837][ T731] mem_cgroup_try_charge+0x24d/0x5e0 [ 3409.112073][ T731] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3409.117854][ T731] __handle_mm_fault+0x1e1f/0x3ec0 [ 3409.122984][ T731] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3409.128722][ T731] ? find_held_lock+0x35/0x130 [ 3409.133529][ T731] ? handle_mm_fault+0x292/0xa90 [ 3409.138583][ T731] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3409.145167][ T731] ? kasan_check_read+0x11/0x20 [ 3409.150054][ T731] handle_mm_fault+0x3b7/0xa90 [ 3409.154842][ T731] __do_page_fault+0x5ef/0xda0 [ 3409.159791][ T731] do_page_fault+0x71/0x581 [ 3409.164326][ T731] ? page_fault+0x8/0x30 [ 3409.168730][ T731] page_fault+0x1e/0x30 [ 3409.172894][ T731] RIP: 0033:0x400610 [ 3409.176880][ T731] Code: 01 e9 c9 00 00 00 48 8b 44 24 10 48 0b 44 24 28 be 08 00 00 00 48 8b 14 24 75 17 48 8b 7c 24 20 e8 f5 51 00 00 48 8b 4c 24 08 <48> 89 01 e9 9d 00 00 00 48 8b 44 24 08 48 8b 38 e8 db 51 00 00 8a [ 3409.196742][ T731] RSP: 002b:00007ffc1533c120 EFLAGS: 00010206 [ 3409.202839][ T731] RAX: 0000000000000000 RBX: 0000000000740060 RCX: 0000000020000180 [ 3409.211044][ T731] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000000 [ 3409.219033][ T731] RBP: 0000000000740068 R08: 0000000000000000 R09: 0000000000000000 [ 3409.227106][ T731] R10: 00007ffc1533c220 R11: 0000000000000246 R12: fffffffffffffffe [ 3409.235416][ T731] R13: 00000000003403b9 R14: 00000000003403e6 R15: 000000000073bf0c [ 3409.276111][ T731] memory: usage 307200kB, limit 307200kB, failcnt 97318 [ 3409.283380][ T731] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3409.296819][ T731] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 03:43:52 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000340)={0x0, 0x5900, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:43:52 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$inet(0x2, 0x2000000080003, 0xc) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f00000000c0)=@broute={'broute\x00\x00\x00\x00\x02\x00\x00\x00\x00t\x00', 0x20, 0x1, 0x178, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000800], 0x2, 0x0, &(0x7f0000000800)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe, 0x1, [{{{0x11, 0x0, 0x0, 'bcsf0\x00\x00\x00\x00\b\x00', 'veth0_to_bond\x00', 'vcan0\x00', 'vlan0\x00', @broadcast, [], @link_local, [], 0xb0, 0xb0, 0xe8, [@devgroup={'devgroup\x00', 0x18, {{0x38}}}]}}, @common=@dnat={'dnat\x00', 0x10, {{@link_local}}}}]}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}]}, 0x1f0) fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0) [ 3409.316468][ T731] Memory cgroup stats for /syz5: cache:124KB rss:99516KB rss_huge:0KB shmem:132KB mapped_file:0KB dirty:132KB writeback:0KB swap:0KB inactive_anon:132KB active_anon:99468KB inactive_file:4KB active_file:0KB unevictable:0KB [ 3409.348729][ T731] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=716,uid=0 [ 3409.505671][ T731] Memory cgroup out of memory: Killed process 716 (syz-executor.5) total-vm:72580kB, anon-rss:164kB, file-rss:34816kB, shmem-rss:0kB [ 3409.546584][ T1044] oom_reaper: reaped process 716 (syz-executor.5), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 3409.581820][ T804] syz-executor.5 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 3409.666656][ T804] CPU: 1 PID: 804 Comm: syz-executor.5 Not tainted 5.1.0-rc5-next-20190418 #28 [ 3409.676101][ T804] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3409.686309][ T804] Call Trace: [ 3409.689624][ T804] dump_stack+0x172/0x1f0 [ 3409.693966][ T804] dump_header+0x10f/0xb6c [ 3409.698419][ T804] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3409.704243][ T804] ? ___ratelimit+0x60/0x595 [ 3409.708846][ T804] ? do_raw_spin_unlock+0x57/0x270 [ 3409.714239][ T804] oom_kill_process.cold+0x10/0x15 [ 3409.719374][ T804] out_of_memory+0x79a/0x1280 [ 3409.724089][ T804] ? lock_downgrade+0x880/0x880 [ 3409.728944][ T804] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3409.735195][ T804] ? oom_killer_disable+0x280/0x280 [ 3409.740412][ T804] ? find_held_lock+0x35/0x130 [ 3409.745228][ T804] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3409.750798][ T804] ? memcg_event_wake+0x230/0x230 [ 3409.755841][ T804] ? do_raw_spin_unlock+0x57/0x270 [ 3409.760971][ T804] ? _raw_spin_unlock+0x2d/0x50 [ 3409.765835][ T804] try_charge+0x118d/0x1790 [ 3409.770533][ T804] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3409.776084][ T804] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 3409.781647][ T804] ? find_held_lock+0x35/0x130 [ 3409.786428][ T804] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 3409.791992][ T804] __memcg_kmem_charge_memcg+0x7c/0x130 [ 3409.797545][ T804] ? memcg_kmem_put_cache+0xb0/0xb0 [ 3409.802758][ T804] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3409.808331][ T804] __memcg_kmem_charge+0x136/0x300 [ 3409.813452][ T804] __alloc_pages_nodemask+0x437/0x7e0 [ 3409.818832][ T804] ? __alloc_pages_slowpath+0x28b0/0x28b0 [ 3409.824564][ T804] ? copy_page_range+0x128a/0x1fc0 [ 3409.829681][ T804] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3409.835934][ T804] alloc_pages_current+0x107/0x210 [ 3409.841146][ T804] pte_alloc_one+0x1b/0x1a0 [ 3409.845667][ T804] __pte_alloc+0x20/0x310 [ 3409.850007][ T804] copy_page_range+0x1561/0x1fc0 [ 3409.854961][ T804] ? __lock_acquire+0x548/0x3fb0 [ 3409.859955][ T804] ? pmd_alloc+0x180/0x180 [ 3409.864378][ T804] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 3409.870223][ T804] ? vma_compute_subtree_gap+0x158/0x230 [ 3409.876037][ T804] ? validate_mm_rb+0xa3/0xc0 [ 3409.880740][ T804] ? __vma_link_rb+0x279/0x370 [ 3409.885518][ T804] ? kasan_check_write+0x14/0x20 [ 3409.890587][ T804] copy_process.part.0+0x5afb/0x7a90 [ 3409.895911][ T804] ? __cleanup_sighand+0x60/0x60 [ 3409.900875][ T804] _do_fork+0x257/0xfd0 [ 3409.905040][ T804] ? fork_idle+0x1d0/0x1d0 [ 3409.909470][ T804] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3409.914928][ T804] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3409.920399][ T804] ? do_syscall_64+0x26/0x670 [ 3409.925143][ T804] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3409.931222][ T804] ? do_syscall_64+0x26/0x670 [ 3409.936123][ T804] __x64_sys_clone+0xbf/0x150 [ 3409.940899][ T804] do_syscall_64+0x103/0x670 [ 3409.945502][ T804] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3409.951397][ T804] RIP: 0033:0x458c29 [ 3409.955295][ T804] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3409.975224][ T804] RSP: 002b:00007fea30623c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 3409.983677][ T804] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000458c29 [ 3409.991755][ T804] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 3409.999855][ T804] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 3410.007844][ T804] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fea306246d4 [ 3410.015909][ T804] R13: 00000000004befd3 R14: 00000000004d0020 R15: 00000000ffffffff [ 3410.034483][ T804] memory: usage 307040kB, limit 307200kB, failcnt 97350 [ 3410.042607][ T804] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3410.054935][ T804] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3410.063869][ T804] Memory cgroup stats for /syz5: cache:124KB rss:99380KB rss_huge:0KB shmem:132KB mapped_file:0KB dirty:132KB writeback:0KB swap:0KB inactive_anon:132KB active_anon:99468KB inactive_file:4KB active_file:0KB unevictable:0KB [ 3410.091362][ T804] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=11460,uid=0 [ 3410.112706][ T804] Memory cgroup out of memory: Killed process 11460 (syz-executor.5) total-vm:72448kB, anon-rss:156kB, file-rss:34816kB, shmem-rss:0kB 03:43:53 executing program 5: socket$inet_udplite(0x2, 0x2, 0x88) sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000002300)}, 0x0) clone(0x0, 0x0, 0x0, 0x0, 0x0) sysinfo(&(0x7f0000000000)=""/248) r0 = socket$inet(0x10, 0x3, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$sock_ifreq(r1, 0x89f1, &(0x7f0000000180)={'ip6tnl0\x00', @ifru_flags}) 03:43:53 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x3800, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:43:53 executing program 3: sysinfo(&(0x7f0000000180)=""/199) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$KVM_GET_MSR_INDEX_LIST(r0, 0xc004ae02, &(0x7f00000000c0)={0xb4}) r1 = syz_open_procfs(0x0, &(0x7f0000000140)='loginuid\x00') writev(r1, &(0x7f0000000000)=[{&(0x7f0000000040)='0', 0x1}], 0x1) 03:43:53 executing program 1: openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/ptmx\x00', 0x0, 0x0) r0 = syz_open_dev$usb(&(0x7f0000000440)='/dev/bus/usb/00#/00#\x00', 0x80000000005, 0x1000000000000001) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$netrom_NETROM_T4(r0, 0x103, 0x6, &(0x7f0000000140), 0x4) getsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r0, 0x84, 0x13, &(0x7f0000000300)={0x0, 0x2}, &(0x7f0000000340)=0x8) getsockopt$inet_sctp_SCTP_RTOINFO(r0, 0x84, 0x0, &(0x7f0000000380)={r2, 0x0, 0x25, 0x3}, &(0x7f00000003c0)=0x10) ioctl$FS_IOC_FSGETXATTR(r1, 0x802c550a, &(0x7f0000000000)={0x5, 0x4000000000000000, 0x0, 0x740010, 0xfff7ffff7ff0bdbe}) syz_open_dev$usb(&(0x7f0000000400)='/dev/bus/usb/00#/00#\x00', 0x7, 0x20040) getsockopt$sock_buf(r0, 0x1, 0x3d, &(0x7f0000000040)=""/149, &(0x7f0000000100)=0x95) getsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f00000001c0)={0x0, 0x2}, &(0x7f0000000200)=0x8) getsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(r0, 0x84, 0x22, &(0x7f0000000240)={0x7, 0x4, 0x9, 0x7, r3}, &(0x7f0000000280)=0x10) 03:43:53 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$inet(0x2, 0x2000000080003, 0xc) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f00000000c0)=@broute={'broute\x00\x00\x00\x00\x02\x00\x00\x00\x00t\x00', 0x20, 0x1, 0x178, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000800], 0x2, 0x0, &(0x7f0000000800)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe, 0x1, [{{{0x11, 0x0, 0x0, 'bcsf0\x00\x00\x00\x00\b\x00', 'veth0_to_bond\x00', 'vcan0\x00', 'vlan0\x00', @broadcast, [], @link_local, [], 0xb0, 0xb0, 0xe8, [@devgroup={'devgroup\x00', 0x18, {{0x38}}}]}}, @common=@dnat={'dnat\x00', 0x10, {{@link_local}}}}]}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}]}, 0x1f0) fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0) 03:43:53 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000340)={0x0, 0x5a00, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:43:53 executing program 3: r0 = syz_genetlink_get_family_id$tipc(0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9a9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x2102001fff, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) tee(r1, r1, 0x6, 0x1) quotactl(0x2080000201, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) timer_create(0x80000000003, 0x0, 0x0) sendmsg$TEAM_CMD_OPTIONS_GET(0xffffffffffffffff, 0x0, 0x20000000) setsockopt$IP_VS_SO_SET_EDITDEST(0xffffffffffffffff, 0x0, 0x489, &(0x7f0000000500)={{0x8, @multicast1, 0x4e24, 0x0, 'lc\x00', 0x20, 0xfffffffffffffff9, 0x25}, {@multicast1, 0x4e20, 0x2000, 0xffffffff, 0x7, 0x200}}, 0x44) sendmsg$TIPC_CMD_GET_BEARER_NAMES(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000140)={&(0x7f0000000040)={0x1c, r0, 0x8, 0x70bd27, 0x25dfdbfc, {}, [""]}, 0x1c}, 0x1, 0x0, 0x0, 0x10}, 0x10) openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000000c0)='memory.current\x00', 0x0, 0x0) r2 = socket$inet(0x2, 0x80001, 0x84) sendmsg(r2, &(0x7f000001afc8)={&(0x7f0000006000)=@in={0x2, 0x4e20, @loopback}, 0x80, &(0x7f0000007f80)=[{&(0x7f000000a000)='\f', 0x1}], 0x1}, 0x0) getsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, 0x0, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) 03:43:53 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x3873, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:43:54 executing program 3: r0 = openat$md(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/md0\x00', 0x0, 0x0) lseek(r0, 0x0, 0x0) 03:43:54 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000340)={0x0, 0x5b00, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:43:54 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$inet(0x2, 0x2000000080003, 0xc) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f00000000c0)=@broute={'broute\x00\x00\x00\x00\x02\x00\x00\x00\x00t\x00', 0x20, 0x1, 0x178, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000800], 0x2, 0x0, &(0x7f0000000800)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe, 0x1, [{{{0x11, 0x0, 0x0, 'bcsf0\x00\x00\x00\x00\b\x00', 'veth0_to_bond\x00', 'vcan0\x00', 'vlan0\x00', @broadcast, [], @link_local, [], 0xb0, 0xb0, 0xe8, [@devgroup={'devgroup\x00', 0x18, {{0x38}}}]}}, @common=@dnat={'dnat\x00', 0x10, {{@link_local}}}}]}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}]}, 0x1f0) fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0) 03:43:54 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCBRADDBR(r0, 0x89a0, &(0x7f0000000000)='team0\x00') sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x2, &(0x7f00000000c0)={&(0x7f0000000240)=@dellink={0x34, 0x11, 0x201, 0x0, 0x0, {}, [@IFLA_IFNAME={0x14, 0x3, 'team0\x00'}]}, 0x34}}, 0x0) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_ABS_SETUP(r1, 0x401c5504, &(0x7f0000000100)={0x9, {0xfa7, 0x100000000, 0xffffffffffffff85, 0x8, 0x7ff, 0x7}}) [ 3410.503270][ T1166] syz-executor.5 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 3410.584192][ T1166] CPU: 0 PID: 1166 Comm: syz-executor.5 Not tainted 5.1.0-rc5-next-20190418 #28 [ 3410.593449][ T1166] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3410.603659][ T1166] Call Trace: [ 3410.606966][ T1166] dump_stack+0x172/0x1f0 [ 3410.611309][ T1166] dump_header+0x10f/0xb6c [ 3410.615815][ T1166] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3410.621649][ T1166] ? ___ratelimit+0x60/0x595 [ 3410.626504][ T1166] ? do_raw_spin_unlock+0x57/0x270 [ 3410.631617][ T1166] oom_kill_process.cold+0x10/0x15 [ 3410.636839][ T1166] out_of_memory+0x79a/0x1280 [ 3410.641518][ T1166] ? lock_downgrade+0x880/0x880 [ 3410.646396][ T1166] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3410.652732][ T1166] ? oom_killer_disable+0x280/0x280 [ 3410.658103][ T1166] ? find_held_lock+0x35/0x130 [ 3410.662919][ T1166] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3410.668463][ T1166] ? memcg_event_wake+0x230/0x230 [ 3410.673490][ T1166] ? do_raw_spin_unlock+0x57/0x270 [ 3410.678612][ T1166] ? _raw_spin_unlock+0x2d/0x50 [ 3410.683469][ T1166] try_charge+0x118d/0x1790 [ 3410.687983][ T1166] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3410.693528][ T1166] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 3410.699199][ T1166] ? find_held_lock+0x35/0x130 [ 3410.704088][ T1166] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 3410.709653][ T1166] __memcg_kmem_charge_memcg+0x7c/0x130 [ 3410.715209][ T1166] ? memcg_kmem_put_cache+0xb0/0xb0 [ 3410.720410][ T1166] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3410.725956][ T1166] __memcg_kmem_charge+0x136/0x300 [ 3410.731074][ T1166] __alloc_pages_nodemask+0x437/0x7e0 [ 3410.736551][ T1166] ? __alloc_pages_slowpath+0x28b0/0x28b0 [ 3410.742280][ T1166] ? do_huge_pmd_anonymous_page+0x420/0x1660 [ 3410.742294][ T1166] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3410.742312][ T1166] alloc_pages_current+0x107/0x210 [ 3410.742330][ T1166] pte_alloc_one+0x1b/0x1a0 [ 3410.742345][ T1166] __pte_alloc+0x20/0x310 [ 3410.742362][ T1166] __handle_mm_fault+0x3391/0x3ec0 [ 3410.773806][ T1166] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3410.779459][ T1166] ? find_held_lock+0x35/0x130 [ 3410.784331][ T1166] ? handle_mm_fault+0x292/0xa90 [ 3410.789287][ T1166] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3410.795634][ T1166] ? kasan_check_read+0x11/0x20 [ 3410.800498][ T1166] handle_mm_fault+0x3b7/0xa90 [ 3410.805363][ T1166] __do_page_fault+0x5ef/0xda0 [ 3410.810154][ T1166] do_page_fault+0x71/0x581 [ 3410.810178][ T1166] ? page_fault+0x8/0x30 [ 3410.810195][ T1166] page_fault+0x1e/0x30 [ 3410.823263][ T1166] RIP: 0033:0x400610 [ 3410.823277][ T1166] Code: 01 e9 c9 00 00 00 48 8b 44 24 10 48 0b 44 24 28 be 08 00 00 00 48 8b 14 24 75 17 48 8b 7c 24 20 e8 f5 51 00 00 48 8b 4c 24 08 <48> 89 01 e9 9d 00 00 00 48 8b 44 24 08 48 8b 38 e8 db 51 00 00 8a [ 3410.823290][ T1166] RSP: 002b:00007ffc1533c120 EFLAGS: 00010206 [ 3410.847040][ T1166] RAX: 0000000000000000 RBX: 0000000000740060 RCX: 0000000020000180 [ 3410.847048][ T1166] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000000 [ 3410.847054][ T1166] RBP: 0000000000740068 R08: 0000000000000000 R09: 0000000000000000 [ 3410.847061][ T1166] R10: 00007ffc1533c220 R11: 0000000000000246 R12: fffffffffffffffe [ 3410.847067][ T1166] R13: 00000000003409c8 R14: 00000000003409f5 R15: 000000000073bf0c [ 3410.853616][ T1166] memory: usage 307200kB, limit 307200kB, failcnt 97387 [ 3410.853627][ T1166] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3410.853636][ T1166] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3410.853643][ T1166] Memory cgroup stats for /syz5: cache:124KB rss:99512KB rss_huge:0KB shmem:132KB mapped_file:0KB dirty:132KB writeback:0KB swap:0KB inactive_anon:132KB active_anon:99600KB inactive_file:4KB active_file:0KB unevictable:0KB [ 3410.943203][ T1166] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=1139,uid=0 [ 3410.959545][ T1166] Memory cgroup out of memory: Killed process 1139 (syz-executor.5) total-vm:72580kB, anon-rss:164kB, file-rss:34816kB, shmem-rss:0kB [ 3411.169034][ T1166] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3411.186564][ T1166] CPU: 1 PID: 1166 Comm: syz-executor.5 Not tainted 5.1.0-rc5-next-20190418 #28 [ 3411.195812][ T1166] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3411.206407][ T1166] Call Trace: [ 3411.210062][ T1166] dump_stack+0x172/0x1f0 [ 3411.215757][ T1166] dump_header+0x10f/0xb6c [ 3411.220397][ T1166] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3411.226203][ T1166] ? ___ratelimit+0x60/0x595 [ 3411.230876][ T1166] ? do_raw_spin_unlock+0x57/0x270 [ 3411.235993][ T1166] oom_kill_process.cold+0x10/0x15 [ 3411.241114][ T1166] out_of_memory+0x79a/0x1280 [ 3411.245788][ T1166] ? lock_downgrade+0x880/0x880 [ 3411.250655][ T1166] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3411.256976][ T1166] ? oom_killer_disable+0x280/0x280 [ 3411.262274][ T1166] ? find_held_lock+0x35/0x130 [ 3411.267061][ T1166] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3411.273003][ T1166] ? memcg_event_wake+0x230/0x230 [ 3411.278028][ T1166] ? do_raw_spin_unlock+0x57/0x270 [ 3411.283151][ T1166] ? _raw_spin_unlock+0x2d/0x50 [ 3411.288251][ T1166] try_charge+0x118d/0x1790 [ 3411.292751][ T1166] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3411.298317][ T1166] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3411.304562][ T1166] ? kasan_check_read+0x11/0x20 [ 3411.309410][ T1166] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3411.314961][ T1166] mem_cgroup_try_charge+0x24d/0x5e0 [ 3411.320287][ T1166] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3411.325923][ T1166] wp_page_copy+0x416/0x1770 [ 3411.330662][ T1166] ? do_wp_page+0x486/0x1500 [ 3411.335267][ T1166] ? pmd_pfn+0x1d0/0x1d0 [ 3411.339510][ T1166] ? lock_downgrade+0x880/0x880 [ 3411.344370][ T1166] ? swp_swapcount+0x540/0x540 [ 3411.349137][ T1166] ? kasan_check_read+0x11/0x20 [ 3411.353989][ T1166] ? do_raw_spin_unlock+0x57/0x270 [ 3411.359198][ T1166] do_wp_page+0x48e/0x1500 [ 3411.363601][ T1166] ? finish_mkwrite_fault+0x540/0x540 [ 3411.375348][ T1166] __handle_mm_fault+0x22e8/0x3ec0 [ 3411.380585][ T1166] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3411.386223][ T1166] ? find_held_lock+0x35/0x130 [ 3411.390986][ T1166] ? handle_mm_fault+0x292/0xa90 [ 3411.396042][ T1166] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3411.402573][ T1166] ? kasan_check_read+0x11/0x20 [ 3411.407503][ T1166] handle_mm_fault+0x3b7/0xa90 [ 3411.412257][ T1166] __do_page_fault+0x5ef/0xda0 [ 3411.417131][ T1166] do_page_fault+0x71/0x581 [ 3411.421655][ T1166] ? page_fault+0x8/0x30 [ 3411.426229][ T1166] page_fault+0x1e/0x30 [ 3411.430387][ T1166] RIP: 0033:0x41066a [ 3411.434353][ T1166] Code: 89 85 90 06 00 00 49 8d 85 10 03 00 00 49 89 95 98 06 00 00 41 c7 45 18 01 00 00 00 49 89 85 10 05 00 00 48 8b 05 fe 5b 64 00 00 01 00 00 00 c7 05 0a 5c 64 00 01 00 00 00 41 c7 85 1c 06 00 [ 3411.454355][ T1166] RSP: 002b:00007ffc1533c070 EFLAGS: 00010206 [ 3411.460532][ T1166] RAX: 0000000000a56748 RBX: 0000000000020000 RCX: 0000000000458c7a [ 3411.468533][ T1166] RDX: 0000000000021000 RSI: 0000000000021000 RDI: 0000000000000000 [ 3411.476692][ T1166] RBP: 00007ffc1533c150 R08: ffffffffffffffff R09: 0000000000000000 [ 3411.485228][ T1166] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffc1533c230 [ 3411.493395][ T1166] R13: 00007fea30603700 R14: 0000000000000003 R15: 000000000073bfac [ 3411.511928][ T1166] memory: usage 307180kB, limit 307200kB, failcnt 97396 [ 3411.511942][ T1166] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3411.529661][ T1166] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3411.539022][ T1166] Memory cgroup stats for /syz5: cache:124KB rss:99512KB rss_huge:0KB shmem:132KB mapped_file:0KB dirty:132KB writeback:0KB swap:0KB inactive_anon:132KB active_anon:99600KB inactive_file:4KB active_file:0KB unevictable:0KB [ 3411.563748][ T1166] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5 [ 3411.563784][ T1166] ,task_memcg=/syz5,task=syz-executor.5,pid=11738,uid=0 [ 3411.589245][ T1166] Memory cgroup out of memory: Killed process 11738 (syz-executor.5) total-vm:72448kB, anon-rss:156kB, file-rss:34816kB, shmem-rss:0kB 03:43:55 executing program 5: socket$inet_udplite(0x2, 0x2, 0x88) sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000002300)}, 0x0) clone(0x0, 0x0, 0x0, 0x0, 0x0) sysinfo(&(0x7f0000000000)=""/248) r0 = socket$inet(0x10, 0x3, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$sock_ifreq(r1, 0x89f1, &(0x7f0000000180)={'ip6tnl0\x00', @ifru_flags}) 03:43:55 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x3900, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:43:55 executing program 3: r0 = add_key$user(&(0x7f0000000280)='user\x00', &(0x7f0000000000)={'syz'}, &(0x7f0000000240)='X', 0x1, 0xfffffffffffffffe) r1 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dlm_plock\x00', 0x8000, 0x0) ioctl$KVM_GET_FPU(r1, 0x81a0ae8c, &(0x7f00000002c0)) prlimit64(0x0, 0x0, 0x0, &(0x7f00000000c0)) add_key(&(0x7f0000000840)='pkcs7_test\x00', &(0x7f0000000880)={'syz', 0x0}, &(0x7f00000008c0)="48c9eb59e74c0bad4acf863c1da9147588eb589b8d49", 0x16, 0xfffffffffffffffc) r2 = add_key$keyring(&(0x7f0000000900)='keyring\x00', &(0x7f0000000580)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffe) r3 = add_key$user(&(0x7f00000001c0)='user\x00', &(0x7f0000000140)={'syz', 0x0}, &(0x7f0000000700)="bc5da2b96e9f20148738ca5ca2194cb8ac38ae0877b0f71d02c33efefde92921543181ad6ffac0a8d29ffdf9dd7e4d427a1021c4d8187699e7043fa375fd3addfefcebb2961d8eced40f46989e9b726a9c312ba610e6492f4ade8848bcf9ab52d5e5af4b48649ffa23db0f94f07081853b77b1e749d6fd8419c59130d50dbbbeb775ed26bfc352b52041d610536f380d020687ac5ee27e41e22f2414fb8c9f646b0f0a037558aff9fb768347fcfd79e4d1ffc6b4b479820032f363b56bbe903d1eecc2aaeff4ccac1c77b9934697b66cc0b2bcbcc80649d6e79164c1687212f7c640293ea5d5b36417d833d3da2d27404212b2000000000000000000000000000000e4e9da2749e3a6a7f6a5d1e23942b41719325c18c674251e0470", 0xfffffffffffffe6d, r2) keyctl$dh_compute(0x17, &(0x7f0000000080)={r0, r3, r3}, 0x0, 0x312, &(0x7f0000000180)={&(0x7f0000000040)={'crct10dif\x00'}}) getsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(r1, 0x84, 0x75, &(0x7f0000000200)={0x0, 0x6}, &(0x7f0000000480)=0x8) setsockopt$inet_sctp_SCTP_SET_PEER_PRIMARY_ADDR(r1, 0x84, 0x5, &(0x7f00000004c0)={r4, @in={{0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x16}}}}, 0x84) 03:43:55 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000340)={0x0, 0x5c00, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:43:55 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$inet(0x2, 0x2000000080003, 0xc) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f00000000c0)=@broute={'broute\x00\x00\x00\x00\x02\x00\x00\x00\x00t\x00', 0x20, 0x1, 0x178, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000800], 0x2, 0x0, &(0x7f0000000800)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe, 0x1, [{{{0x11, 0x0, 0x0, 'bcsf0\x00\x00\x00\x00\b\x00', 'veth0_to_bond\x00', 'vcan0\x00', 'vlan0\x00', @broadcast, [], @link_local, [], 0xb0, 0xb0, 0xe8, [@devgroup={'devgroup\x00', 0x18, {{0x38}}}]}}, @common=@dnat={'dnat\x00', 0x10, {{@link_local}}}}]}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}]}, 0x1f0) fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0) 03:43:55 executing program 1: r0 = socket$inet6(0xa, 0x2, 0x0) r1 = syz_open_pts(r0, 0x1) ioctl$TIOCGPTLCK(r1, 0x80045439, &(0x7f0000000040)) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={[], [], @multicast2}, 0xfffff80000000001}, 0xd0) 03:43:55 executing program 3: r0 = socket(0x200001e, 0x80007, 0x0) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040)='TIPCv2\x00') sendmsg$TIPC_NL_SOCK_GET(r0, &(0x7f00000003c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000380)={&(0x7f0000000080)={0x2e4, r1, 0x400, 0x70bd27, 0x25dfdbfe, {}, [@TIPC_NLA_NODE={0xc, 0x6, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x57c4}]}, @TIPC_NLA_MON={0x3c, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x4}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x800}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x510}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x205}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x477dede6}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}]}, @TIPC_NLA_BEARER={0xac, 0x1, [@TIPC_NLA_BEARER_NAME={0x10, 0x1, @l2={'eth', 0x3a, 'bond0\x00'}}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e23, 0x2, @local}}, {0x20, 0x2, @in6={0xa, 0x4e21, 0x10001, @initdev={0xfe, 0x88, [], 0x0, 0x0}, 0xffff}}}}, @TIPC_NLA_BEARER_NAME={0xc, 0x1, @l2={'eth', 0x3a, '\x00'}}, @TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x4e24, @remote}}, {0x14, 0x2, @in={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x1, 0x0}}}}}, @TIPC_NLA_BEARER_NAME={0x10, 0x1, @l2={'eth', 0x3a, 'bridge0\x00'}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3}]}]}, @TIPC_NLA_LINK={0x88, 0x4, [@TIPC_NLA_LINK_NAME={0x14, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x4}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1d}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xf}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1f}]}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_NAME={0x14, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_PROP={0x24, 0x7, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x34}]}]}, @TIPC_NLA_BEARER={0x80, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x0, 0x0}}}, {0x14, 0x2, @in={0x2, 0x1, @empty}}}}, @TIPC_NLA_BEARER_NAME={0x18, 0x1, @l2={'eth', 0x3a, 'veth1_to_hsr\x00'}}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e23, 0xfffffffffffffbff, @remote, 0x6c4}}, {0x14, 0x2, @in={0x2, 0x4e20, @remote}}}}]}, @TIPC_NLA_MEDIA={0x18, 0x5, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_PROP={0xc, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1}]}]}, @TIPC_NLA_MON={0x54, 0x9, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x4}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x6}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x401}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xc0}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x4}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x8}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfffffffffffffff9}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x1}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x9}]}, @TIPC_NLA_MEDIA={0x68, 0x5, [@TIPC_NLA_MEDIA_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xbccd}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_PROP={0x14, 0x2, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x2}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_PROP={0x24, 0x2, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0xffffffffffffff33}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8f}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x2}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7}]}]}]}, 0x2e4}, 0x1, 0x0, 0x0, 0x4040000}, 0x44050) bind(r0, &(0x7f0000d80f80)=@generic={0x1e, "0103000000000000000000000000000009a979f321b30c7bc8790405c7bad62e0a43a632ed4938d36d73fb8f8401a3ff59829a2b0afe7ce43a4b2470a0c5216669ca021f6f65dcf160e7e58f358c0002f0000158d19bcb31f1314a8ef151622ca5bdb9c8ead2000077aeb81c90001d6d7c980ee590c8b9f70dc136cb184a"}, 0x80) 03:43:55 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$inet(0x2, 0x2000000080003, 0xc) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f00000000c0)=@broute={'broute\x00\x00\x00\x00\x02\x00\x00\x00\x00t\x00', 0x20, 0x1, 0x178, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000800], 0x2, 0x0, &(0x7f0000000800)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe, 0x1, [{{{0x11, 0x0, 0x0, 'bcsf0\x00\x00\x00\x00\b\x00', 'veth0_to_bond\x00', 'vcan0\x00', 'vlan0\x00', @broadcast, [], @link_local, [], 0xb0, 0xb0, 0xe8, [@devgroup={'devgroup\x00', 0x18, {{0x38}}}]}}, @common=@dnat={'dnat\x00', 0x10, {{@link_local}}}}]}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}]}, 0x1f0) fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0) 03:43:55 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x3a00, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:43:55 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000340)={0x0, 0x5d00, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:43:55 executing program 1: r0 = socket$kcm(0x11, 0x2, 0x0) lstat(&(0x7f0000000880)='./file0\x00', &(0x7f00000008c0)={0x0, 0x0, 0x0, 0x0, 0x0}) syz_mount_image$hfsplus(&(0x7f0000000080)='hfsplus\x00', &(0x7f0000000100)='./file0\x00', 0x4, 0xa, &(0x7f0000000780)=[{&(0x7f0000000140)="f45e187c712d10c15ab0e837ae9de71a407b28f9f31056c94b7bee85952b59271c6bc6ff711fa5f08994340c440459ab3c7a72921b682cd0ed11b8e771950f62ab38a5a53a704feeb3ef43b66475b0cd531c0ba6cfe0a3f9c3b07336c7c2f2a10bf005cdf9ba52fcb57333c664fe15cdf06c400e2324438c7ad18dc6d84f502baf07d418c97d", 0x86, 0xc0e3}, {&(0x7f0000000200)="f41ca206f78b3fd9c8f9200ee87a17c9ee221256de8ee478dc054fab0751edeb2c829650bdcb843a7c5ed077f66b407b4b7d975c44098e5b27ce37fb6144375aef094401a54c2a92442b7a8b889406a1a3533e7ecaa2954d6096060e48386bb375acf4ed52235b19e59757c8d11c1c24e628cdf788e8acc61fd477a5f5fe5ddc93b52f36593d7ecadcc2600ded8d45142108256098967defc262e169de70f12f5bd8a327b0dc29bedd0f79232fd501b8c52ff7", 0xb3, 0x7fffffff}, {&(0x7f00000002c0)="9722922577a02ff56840ea29d8f00c711f7b9103dda3c946df371d4ec50ffaa1a3e5fba4c7b12b5a713c95597e385919b4c4adec90cd6f800e5ba909a2e2c9a5266406a2e0cca2533cb45791d8", 0x4d, 0x7}, {&(0x7f0000000340)="16a50f8e1b7168a780713ac14f327a9115312c39bf0c3beee953207cb337f3a03caaf77ff81cbac609e36b24cd66ff14dba382c7ac6bf64a03ba22959976428f00019d73737777831dca5c9cfa05e550846916bf7510a105dfae4ef8efc8311d8a45c69bf24ce602b14a2fb0151be8e8c5e80ab7e95436369d32c63dd7ce436f4d17ef6f1accf5dd757521d9e01d690af4f2003603bb5f9e924c624773c62e7d5f7045517390783ba9742465a913b8d4b018bd973f0bc1628d7460754a1d17f03ef4125c05299b9a110f9eaa5839bc0c2bd696d99da983983d4ba425facb02676ac7234bff62c52a8e8b7c5e735f00285f22e9d8addf", 0xf6, 0xcb5}, {&(0x7f0000000bc0)="48850713a22a6846d48e21e79863560801bc75ef311435191bb739fcb4f03d6a97e32be78cbbc1af21b0b71e92812760e14bce1bc284968b54d0bcbb74f81507e8f36cff187705a760bce74645db2936aca20795ffb2503f7c3ed8451712cfd47396bff44d5a887d0b2e5a554addb35da0209684667787626081c1251b559634655c454fc077b05e04d52d27810f283278921895bc445e3a08f001a96ee6be0d5d3271cbd89908bf35985aaa80de7aa329545d9875ceaa5dd3013cf582c5389ffd7e10457febd2e03704195674a8faaaa66e2a6c9983f3785d711c8c389d4ede1451372f701a9845fb1eb58296ebfa5d400eeed3272920a33907aeac337518c55756bcc658fac958f1cfd7eb8147af87df777a6f548d544037e1ff40622a6634accb0354274f63fb281558dce2af95051cc23d9c23211540e87bca6be3406eb72e51cbdc776c8e396e1d76e31f7b9bf6d38b47a9b47008dd63d1a57d4932d240dcbb312307675ad1b1b7ff277791a3e406a0cf7e01894872d02bab0e8c3e7def0897a08fa0203d9146cca68f8c1a6971d7e724f1bab7c1b418276ac79dc49e293416068b0c33c87c04658dfbaf5337427674f1e6db7a9ee86e83914973b1fc04e9f0ef50e55bd05ba702b151116aadfd880735fa9ab6217012fd42f124b71748c296dd45398f6168ee7f4bfcaaa2a843d015873aebcfb92a915d652849c4695ace855f62639f65ca175e6d57c0eb49c8de15edfbd2195d56cc524522099937ed7cf1d47f98ef27654fd58c587a1e36920b43a5a0feabe8a046cd3b53a7e41700cc3f0e3dffe94ba3cc65d93ecbe468cdd9172978bbc02851c3c37c2b6c2fb9e37bda9fe9d31cb7dd6b85b83de19f3bd4fd51ab62383c807589eab3b318b5fc3ac831885b3ac3386a23884a3e8fb39e5f3ad6b3631437ac926102871a87a121526544e73d69bf5f2270006dafa2c7fa4bcc3cac053d5d7344badcaaa40d7e27abd936683f4164f7aa17c8d9dc26260f9c25807456c76cbe31dc6928cda7a89f135acd56f6714a1426454025c3004dea90dada2b9a8a98c96a59f028b9e368af057541e060d4f48eeec3ec08e607c36792ae2b1ed5300efd38cc5454ef1df88b4646ef5b6de7a4fa945be6a8b9ca0343de5ba75d6e038b6885d76c62c5f6c9fc4be3427215ba96f0e3bffc50d13fa242570ebb1336661f8c85ab7a110cb3e4aac02496dd8173851919209baffe721cb6995bf649f376285ceebf6bc51a6747d3e79f00a6d3b29b37a88be1c79663adba18fd06ceac7d500421e5edf42d7ffe6accb006b32acfa3701bb0d8e5a7962397f4deaced9bad729dc3f3157eb6e17507d706fd5fb36c982f25fbba032236b1622d4ba9b46ac889d6c8d5c3d6651aa4161833c610157705fd04fd82f8b4e7101a76fb7ebf11ad33fe2d4daf07c2879f761ea7e06638ce5214cdcfe6ecd70c1bab257a6728bbda72dcfd7255367b9803c851829e7c04300169a53b7ea66559cbf6134e7ce9f52308140c929dd7cd71e24b067539ec96fd65f4570422690c679e0ccd606b7d5ee474c1824024259995a8fc10dd6e1d77d6cceaa4e418d1d2f8fdac88d61292af9ad0dce66c65bdb997aa09338a2f76e1e39e8dacc34cc43f399edade2a44a0a47e9a3c7e75c6346f7a7bae87580c43cd95c9f4d086bf2cbf11e8cb44e4d97f6febf8f434df2c0352d6500713cf7d96c1b7644f0948ac535f561c4a0429b16097efec0db80faf6e1cd732ec2b5fd405ef2d01f4f95020016619b90450eee729244c23985f06859d8056096380bae3bb28d10c556f2dbb5eaa8a82ea435b53e5a4964297cfaa7a8bf95534c6855be2a66920d11cf4c54b315da2a79fedd1f7f54470ee33450e634b4d0ef8de50e0a4735b40372f594cb761d81a5b7326e0a1d4762ec7cf4e472ddb4d7517a4810f41cb51537363856f490b2c5cfd3bab3cfc434e85d304b7f83808efca8344f378317f7954956538cc151f88bcdb8965dae79d7a6d4b2465182511ba0836e9bd209d5a5b3b6e7dfb7ac6987311bcd3bc426b42aaed214f9f4a98ccdfa4bba8f0dac25bf2f4041214cf8f2b766e8de9620a18700de914520f740dc6bba72904e905cf8412332695989ad745d2c9914be9312d80823f3223d9e7454d80648485b457a211f9c7bd3f4837eb2c33a4eefe412ca87e699a6ecf4985ab72401f915af140ba07513cc5679389ae9cc2abb862122e104d6ff3f69af2b79cb14c02b8c0d3b4e10d6c496ef230c80718335e286fdacf9fb6208f3f657c08547ae977917a1a0647d9a2c943959f353304e868203d1ee838fda6c42f70d5daa5c5a32f254fbe4ab8007450ee7840369e9d61bac19692706126a28168a1f7d5a4e2906a08e1fe9ec67e9bdf61a329878132795814034a299efc3ed0fcf1be209f5f2e1c0ecdb02b60e31876d8c633b81c6ac4dc50447e036c72f6c3d1eb7e7a8c48c32077c0739180fa53ac77c0165b384d005a81082f2ea67403ac6fa40b5fce46c04d7718a3f574fa154c3302a99913055f6830c86a8ed611fdf1bcf11f753b3d0384ab02cdbec36936cdea7717f5d90bc85d699683a3a151f63e497e7642f7ca73f597e4c1e733007a71e7f0eb12b803ca050609afbadd065990e2cdf9b566886f3dc1a82abd8bc8872de4af923867fe046c62d4d56eeceb70e460123f19c02d5a1c2fa599018fa21d78e12436200c02674bcf1321b53ffc7063833487a382ecab5a98127737e3bd67dab0c1eeae377cfdecdd2ec29f723dad62aeb0ea5663cea791fd96128bf4ef4fb2338160072bccbc2c57b909ad6faf68ec7b8fbe6bc00b35472044bcb082e5c68b2809b7939a15059faadd9a5b2ffa679fd1dcd83c6cf35536433f29cd8801af71296a1fd1f842587d20345b0f381fe8379bd34c4265f3a91b1121a22ce9c9050203d1c0aea0b1ac916d0d0ce62fd1524b20f9ec25bc95b2f262539c5228b3841dd3e2184e88c99305408115ee67b640ac94c1d8306039674f8bba6051ccd6ce16d02a05e5e29a2c5d3b03d5d23cf462f6fd2d343eaaa81d95c653158f753d27364bf39bedb683d8137f42d4aa4efe951412d4dbd2d158041f0ba2c703c2ab46de56b3fd8fbcb54ad4ca72e116ed044ca63f2dca422921f38e66f83509791506f0f74de51d5b4c37c8ce1b7e4b889ab47f23085c05cdcffbe17b1503c1ade4ff5765bbc55d0922c5f6deb3b51ed725672e2d1fdf5b762a7f0e80a87b61d9cadac942fa635a6ee64c6a398e68c7c9c7d1ab62e78bbf31265f664ad160bcf25095c0fdcf8c69ac29d0fa5f90240e9edf8cd7ed824b4df664d22452e09f8de0837dc90b36542472bcef34fa918242c72b5ff4c1de42e79449170b1ee3778ae97d0274af3e5aeb35c0a29817f5493662c9c88a08ef9f4123e61ed76008c2983b72c24c6d15230d4a7306872c49f6b6e16c7c71b4c23693b7297870f7402907aac8707d04fde693d59c5e0a28ba5ca4091c3c28ac4f6963172bf20c7df42f6cdf74323155d26632402d8d55633c6721f4eaf966023767a64bb669666e671c0deda51395a359296908341acaf59ccb43be1e47828cec5f4749b57d5e0855ea98dc3e0017f01bce16d874175d3d4348ee9e872d88792d50c729157849004c195db7197a052dc3efb68bed52b620537ecf6c5b3c1150bc3b4d75e271f03e1c40a7f4656bb4e0a416e562fc037d01ed3ccf8748234ea5e473c118c8f23373235f0a44769d895ee1b03a2aecc638407af2afa9d1b59e48fc80bfdfdfdbb3b9ba22320068cbcb5bc89d40f3cf788be56ceff16a8dbee246593adfa3fc6568dbc89c1f6a66894f54cd10be5d4b2fb8f10c2e91bdea75043edd2e47cd3debe9c5880b287bd7330c53b2344cfd43892e1052c66b61416b2f5f8a1111da5ec353a979ccdd5f1c2045599e251d2923c9e8a942116a0c82b925697e2cfbc10d53266dbca08eee05fd9d36897c1cfd948a47d1ea6cd79d28e54045bb5ef737cb027d55724cc203a47725d65f4aab1460de46647f98a2f86b989d0d89c8bc8586cfcdcc23152bb36bb3a1cd161945703bd84fa4f33b17cd5b9398d3c0008c10e20a83267d4e169961126549093fe2a864332cc1dbeb28d21522ff71e9a0e16089521109a137e5003e92b26ed4652de9afd93b43dec9c0128c3fb84ea61694a4c6f3ca6c84f9cf75e757c9199a7ead9b923060fa5d0b634ac95a4b2e96b5a50875574e9c6896180ec05f244299c864076fd603de0ebf6ef144623bfbf2f357331b1ae937d2eb01de238ed84582985b84e0e6ef9da02fad49db8dd5089032dc47a193c128d249bc337c00be23501202971f187ce0c961a9aa2b2ea9eda0ec9348f0a1073b01574b4ccf593b12abed9f24c52166babd9441acfd0b795c3d0595627dc74cae818d85470b003bf637f2d1f1a051c46a9767d44afbee3f8e2d5e63faed99e1a58e8c1756cd7284b4a2d7d801273f47c76e6bed9dc7ea8b9299d168f820ad3479db39a2424c1a50c260a02bcfb24072658871a3403c50e26fa922da0f5a9f17578485bd257d40205d648c7990a743f4b7a95381179836fdae8d5c97768ec6a38359684fdae753b92cdfd1df91cead98c88e1740eac35ea720c358a743e3228fbd0041bfd6bd10bd049933e627aba7005626c4558f9c06d53280613b57ea49c1b839bf9914d32be1a2184e8f28775a85ce576306a7a9813e9b5298df3f8209dd05ecf2dd81de37815b22edead7d11eb25a026cb88db7ffb9c524bdc8fee819cbdf869af35dcd436518815b2eb92c65708ec0ec9a0801316aba2232b4de44c6be810a2556d9479925c80a495bf885356acb116629403b0db840139a0fa404a595b914316f9114ecc1ebdd45e5c9d66612b3117d310ddae928d98b1d26b29e800c967ab3250ef3de1df989ee9216e8aa440b929b5218b91614e05df19d5b9a2b697206bfede329fe7f06ed6f04fba9bb877f6f823a64fde7c4a3ccc03169e4e0b639ff73177e7c76cc7c86f041571c1e666e86c1544c16755e641a2dd7ac1a75138450f53a3de6661f6fb12efdcd884a431ec39d0a636e1e5a7858be570480c5f6ed656f72c606cec4d864b6a04f1585e8ecc55ae421e31933744f7a2005f2bb558446034bdc1c90443b5e7f41a9e5d8b66b0f34e4ceeba24bf54a5ea2d04ded8e43d77c201608c054bbcd25c9d4f6c1a788e2b4d08108f186c6b59e914c9a8c716b235db3f8997720642eb2bfd4c66a5f524d55de6d9d8e49fff073a762912215944097c53d0e16e05fcc5c0ec60463eba3fe4ffe20fd336d4a57ece980afca4fd297aaf2208b3ecab6b736f2c59be1f3d8ddf35cb4ceb59119d7566724a9dd3563b911c4877f4daa2443f88fe4a957453eaba3b454ce5fe5759e61009cf73476eaf343e7d18c36d3c2f193bd7fef0f2dbcd8d20dd274e414adcc48a48c932ccd9c871278f2b6284a3949374f25b1198e8505a55a3525adef87310cfa8372a543e82d8531a131a01dcca735a1cbadf2117b499b93e8e2f1c3c59d99d72bf3a690f02ba948b7facd456444da87192bd3bbe5a7de24c998475ca653ad644cded4c6947bbf36aeb8894da9b39f75636a4ce773d8dbeb6bf8533d4421f6b1a7ed914ae6ed41b3abb002a7cb5a1e2dd3c801b0d580da9fc76e79d10392813b538cc3e4f5c9542945b923fb7894b3e56eb61a966138c0ea2d2d437edd51c6dbf66a309b07094d8571a18fa06e5fbd203d8bbb9147e0ea1f9e70a82736426aaa2e65b5eec0f2d0", 0x1000, 0xfffffffffffffff9}, {&(0x7f0000000440)="77e9463b3f0986465ca1e8a11631b38eef58ab5881337cc5b637d0f4ea021cd0444d481bac3d1fc17775d97bcb17fa7ba1", 0x31, 0x8001}, {&(0x7f0000000480)="acf1297578736316a2d813c9aa82d14717900537f97fe1bc41c176627183d97a4e026174f39b67607536c5548e350db7d554459d229bdf08df21c0215519a52a975c1fc15df3fc7ad2c6c18bef5fe11ac8ebfe9c23d3a5681ec0d12d7724b707fb3d8e9bc363a0967fa4fc591ad1109f4efbf7f12afcef7bc156458852a1f1a887c2349e285b563114344bc7aa9ad5313640e9b11625ff80fb2886b9bfecb984a54da8ac90109ba160ca83e95de7ba2200ea8e91e2071fb160a050d1dea5272db55108f4935030af925059ec0ff0f0afdba036b05b4db2", 0xd7, 0x6cef}, {&(0x7f0000000580)="58ce67a5538a3a9e305f27d97a84ed620ec25983f5ed2b7e7e654ee348f7c384a00f0f8a5f4a8c4ba7fe31ac71f2379167c8d6780f5a4b18c3070d92545e7dea52f6cbb7ffd1cc6f7e4f347e564e5e63af2dbd9727fb8c43d34c670627c4df208e8ed572c091216da6c6c6b04fcbd886e350ce57776e2015afee10200113bbe5b8a6d1c59f525a303b1ac90b0c9af9bf022c349b8e933d1095270362890a6c935f3bccb1161a4e7d3cec67776a89efe46988", 0xb2, 0x20}, {&(0x7f0000000640)="e0498ebb84e99c508c886acde29c5e94aa57b2d7e292c9a342b78932abb1712a10936b24a8b5e8af0fdbe8b31176d1ac7e6c95a686549a76cea3bd72764623403836aad2d719ca6340bc684149f846979da6942b5e8fa995439cbebbd6a53aadac4b1b148ed06d7f79c180a9bcc55f506d82b9a0eabbe279bab9c5007a0b99cee354a5df90ffcc", 0x87}, {&(0x7f0000000700)="4d69333cff941b0684bb10aa2a4ea2fa14eab626424966ccfe01e570163880f20edf7c013faa38880976a6c6f974fb9fe3ea87fbbd02fc5cc3316e194734df5971e26719a3c01db226b3", 0x4a, 0x20}], 0x0, &(0x7f0000000940)={[{@nodecompose='nodecompose'}], [{@fowner_eq={'fowner', 0x3d, r1}}]}) setsockopt$sock_attach_bpf(r0, 0x107, 0x14, &(0x7f00000000c0), 0x4) sendmsg$kcm(r0, &(0x7f0000000b80)={&(0x7f0000000000)=@caif=@rfm={0x25, 0x7, "f5db2f49ebebd4068bb8c91b36efba56"}, 0x80, 0x0}, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000980)='./file0/file0\x00', 0x0, 0x1) getsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0x14, &(0x7f00000009c0), &(0x7f0000000a00)=0x4) [ 3411.955778][ T1452] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3412.024211][ T1452] CPU: 0 PID: 1452 Comm: syz-executor.5 Not tainted 5.1.0-rc5-next-20190418 #28 [ 3412.033314][ T1452] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3412.043510][ T1452] Call Trace: [ 3412.046827][ T1452] dump_stack+0x172/0x1f0 [ 3412.051197][ T1452] dump_header+0x10f/0xb6c [ 3412.055634][ T1452] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3412.061477][ T1452] ? ___ratelimit+0x60/0x595 [ 3412.066099][ T1452] ? do_raw_spin_unlock+0x57/0x270 [ 3412.071239][ T1452] oom_kill_process.cold+0x10/0x15 [ 3412.076376][ T1452] out_of_memory+0x79a/0x1280 [ 3412.081164][ T1452] ? lock_downgrade+0x880/0x880 [ 3412.086063][ T1452] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3412.092439][ T1452] ? oom_killer_disable+0x280/0x280 [ 3412.097730][ T1452] ? find_held_lock+0x35/0x130 [ 3412.102757][ T1452] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3412.108418][ T1452] ? memcg_event_wake+0x230/0x230 [ 3412.113477][ T1452] ? do_raw_spin_unlock+0x57/0x270 [ 3412.118613][ T1452] ? _raw_spin_unlock+0x2d/0x50 [ 3412.123573][ T1452] try_charge+0x118d/0x1790 [ 3412.128106][ T1452] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3412.133698][ T1452] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3412.139945][ T1452] ? kasan_check_read+0x11/0x20 [ 3412.139966][ T1452] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3412.139982][ T1452] mem_cgroup_try_charge+0x24d/0x5e0 [ 3412.140011][ T1452] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3412.161501][ T1452] wp_page_copy+0x416/0x1770 [ 3412.161517][ T1452] ? do_wp_page+0x486/0x1500 [ 3412.161532][ T1452] ? pmd_pfn+0x1d0/0x1d0 03:43:55 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000002940)={0x1000000000000012, 0xa6, 0x40000000000004, 0x100000002, 0x0, 0x1, 0x0, [], 0x0, 0xffffffffffffffff, 0x6}, 0x3c) r1 = add_key$keyring(&(0x7f0000000000)='keyring\x00', &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe) keyctl$KEYCTL_PKEY_SIGN(0x1b, &(0x7f0000000080)={r1, 0x7ff, 0x2}, &(0x7f0000000580)=ANY=[@ANYBLOB="656e633d726177da70c5f410f2079ac19b0b362b59c7e256e314e4097293d7631420d57fb7802b315897a2352879251301a4de2741aa18647b0d3ae1e71a6b3030cdc05fe0b419bb5cafac030045ee1feea9626720686173683d6469676573745f6e756c6c2d67656e657269630000000000000000000000000000000000000000000000000000000000000000000000000000940ff920a102f02e9b6b57595578616546968e6d51686295979d1e82a25a287b58d080ce95ad1d2cb64acb9a50c360573b0193c90e01c6a9b6c642ece6ef887fb4754c5091fd69bd23a50a0ffa589aec38b31d55b444d020a36cc001ec4f89474ad7d416e45d8c081eb11a46fd85490a1bf73f5e31f7845fcccf82da70c4ce6ac3f82a59acbed06a431bb0504e580b3843c2d89a075d9039ebc3aa04852a2cb623e7e40ca3b27980e49a2084017fe2b19425c9d7a9fbbc02a5e312634632f76b343883cbeb1b683384e44816d0a36404907867377784c3fa0000"], &(0x7f00000001c0)="40ea08062b3349e640b95fd14771f17c23597714ec2a3da2dbdf77bec9b37a4b7723821e538ba8a5e6bbfe2f9a5ee86f6a70e36d644713993d2369df6e1fd72a837f5539b987a3608f5d480e3053fd64f6e3681c4e5dcdca3a4d121779e90712825c7b4b635a114dfce910c124eea9b2bca80d194bba4578f7f13ee37abc1345151c9cf4b6cf1a745061e1ca3405d807d64531197950444f8fea39d0af1a7f915b81405aeca32541e1c6bc684ca99ae1be7b", &(0x7f0000000280)=""/74) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000440)={r0, &(0x7f00000003c0)="48d3ae18e192b58a489943fecf5462ae27d84e394b804f6711cf6a2619c4009025a1b60000bda4f70ea8e40075f300"/59, 0x0}, 0x7) r2 = syz_open_dev$admmidi(&(0x7f0000000180)='/dev/admmidi#\x00', 0x1, 0x0) getpeername$tipc(r2, &(0x7f0000000300), &(0x7f0000000340)=0x10) r3 = syz_open_dev$usbmon(&(0x7f00000000c0)='/dev/usbmon#\x00', 0x8, 0x20000) ioctl$VT_GETMODE(r3, 0x5601, &(0x7f0000000100)) r4 = socket$alg(0x26, 0x5, 0x0) ioctl$sock_SIOCSIFBR(r4, 0x8941, &(0x7f0000000140)=@generic={0x3, 0x861, 0x2}) [ 3412.161550][ T1452] ? lock_downgrade+0x880/0x880 [ 3412.161563][ T1452] ? swp_swapcount+0x540/0x540 [ 3412.161579][ T1452] ? kasan_check_read+0x11/0x20 [ 3412.161595][ T1452] ? do_raw_spin_unlock+0x57/0x270 [ 3412.161609][ T1452] do_wp_page+0x48e/0x1500 [ 3412.161624][ T1452] ? finish_mkwrite_fault+0x540/0x540 [ 3412.161645][ T1452] __handle_mm_fault+0x22e8/0x3ec0 [ 3412.209768][ T1452] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3412.215340][ T1452] ? find_held_lock+0x35/0x130 [ 3412.220110][ T1452] ? handle_mm_fault+0x292/0xa90 [ 3412.220134][ T1452] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3412.220148][ T1452] ? kasan_check_read+0x11/0x20 [ 3412.220163][ T1452] handle_mm_fault+0x3b7/0xa90 [ 3412.220180][ T1452] __do_page_fault+0x5ef/0xda0 [ 3412.220198][ T1452] do_page_fault+0x71/0x581 [ 3412.220217][ T1452] ? page_fault+0x8/0x30 [ 3412.236496][ T1452] page_fault+0x1e/0x30 [ 3412.236510][ T1452] RIP: 0033:0x40b6c8 [ 3412.236523][ T1452] Code: 00 00 49 8d be 88 00 00 00 48 89 ea 48 89 de 0f 85 dd 00 00 00 e8 18 2c 00 00 8b 05 42 c9 32 00 48 8b 15 d3 4d 64 00 83 c0 01 <89> 05 32 c9 32 00 89 02 48 83 c4 08 5b 5d 41 5c 41 5d 41 5e 41 5f [ 3412.236657][ T1452] RSP: 002b:00007ffc1533c0f0 EFLAGS: 00010202 [ 3412.289157][ T1452] RAX: 0000000000000001 RBX: 0000001b2d620014 RCX: 0000001b2e620000 [ 3412.297252][ T1452] RDX: 0000001b2d620000 RSI: 0000000000001d2a RDI: ffffffff61d03d2a [ 3412.305491][ T1452] RBP: 0000001b2d620018 R08: 0000000061d03d2a R09: 0000000061d03d2e [ 3412.325235][ T1452] R10: 00007ffc1533c220 R11: 0000000000000246 R12: 0000001b2d62001c [ 3412.333392][ T1452] R13: 0000000000340f99 R14: 000000000073bf00 R15: 000000000073bf0c [ 3412.350851][ T1452] memory: usage 307200kB, limit 307200kB, failcnt 97434 [ 3412.361260][ T1452] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3412.369122][ T1452] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3412.376162][ T1452] Memory cgroup stats for /syz5: cache:124KB rss:99512KB rss_huge:0KB shmem:132KB mapped_file:0KB dirty:132KB writeback:0KB swap:0KB inactive_anon:132KB active_anon:99468KB inactive_file:4KB active_file:0KB unevictable:0KB [ 3412.398222][ T1452] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=1429,uid=0 [ 3412.415116][ T1452] Memory cgroup out of memory: Killed process 1429 (syz-executor.5) total-vm:72580kB, anon-rss:164kB, file-rss:34816kB, shmem-rss:0kB [ 3412.496598][ T1542] syz-executor.5 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 3412.514041][ T1542] CPU: 1 PID: 1542 Comm: syz-executor.5 Not tainted 5.1.0-rc5-next-20190418 #28 [ 3412.523128][ T1542] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3412.539159][ T1542] Call Trace: [ 3412.542488][ T1542] dump_stack+0x172/0x1f0 [ 3412.546827][ T1542] dump_header+0x10f/0xb6c [ 3412.551228][ T1542] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3412.557067][ T1542] ? ___ratelimit+0x60/0x595 [ 3412.561646][ T1542] ? do_raw_spin_unlock+0x57/0x270 [ 3412.566746][ T1542] oom_kill_process.cold+0x10/0x15 [ 3412.572043][ T1542] out_of_memory+0x79a/0x1280 [ 3412.576708][ T1542] ? lock_downgrade+0x880/0x880 [ 3412.581546][ T1542] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3412.587789][ T1542] ? oom_killer_disable+0x280/0x280 [ 3412.592992][ T1542] ? find_held_lock+0x35/0x130 [ 3412.597964][ T1542] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3412.603584][ T1542] ? memcg_event_wake+0x230/0x230 [ 3412.608613][ T1542] ? do_raw_spin_unlock+0x57/0x270 [ 3412.613795][ T1542] ? _raw_spin_unlock+0x2d/0x50 [ 3412.618645][ T1542] try_charge+0x118d/0x1790 [ 3412.623291][ T1542] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3412.628994][ T1542] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 3412.634541][ T1542] ? find_held_lock+0x35/0x130 [ 3412.639378][ T1542] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 3412.644915][ T1542] __memcg_kmem_charge_memcg+0x7c/0x130 [ 3412.650472][ T1542] ? memcg_kmem_put_cache+0xb0/0xb0 [ 3412.655749][ T1542] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3412.661382][ T1542] __memcg_kmem_charge+0x136/0x300 [ 3412.666480][ T1542] __alloc_pages_nodemask+0x437/0x7e0 [ 3412.671844][ T1542] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3412.678087][ T1542] ? __alloc_pages_slowpath+0x28b0/0x28b0 [ 3412.683794][ T1542] ? copy_process.part.0+0x1d40/0x7a90 [ 3412.689357][ T1542] copy_process.part.0+0x3e0/0x7a90 [ 3412.694630][ T1542] ? __lock_acquire+0x548/0x3fb0 [ 3412.699573][ T1542] ? __might_fault+0x12b/0x1e0 [ 3412.704340][ T1542] ? __cleanup_sighand+0x60/0x60 [ 3412.709267][ T1542] ? lock_downgrade+0x880/0x880 [ 3412.714134][ T1542] _do_fork+0x257/0xfd0 [ 3412.718393][ T1542] ? fork_idle+0x1d0/0x1d0 [ 3412.722801][ T1542] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3412.728292][ T1542] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3412.733740][ T1542] ? do_syscall_64+0x26/0x670 [ 3412.738401][ T1542] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3412.744449][ T1542] ? do_syscall_64+0x26/0x670 [ 3412.749242][ T1542] __x64_sys_clone+0xbf/0x150 [ 3412.753908][ T1542] do_syscall_64+0x103/0x670 [ 3412.758500][ T1542] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3412.764391][ T1542] RIP: 0033:0x458c29 [ 3412.768272][ T1542] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3412.787878][ T1542] RSP: 002b:00007fea30623c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 3412.796282][ T1542] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000458c29 [ 3412.804466][ T1542] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 3412.812702][ T1542] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 3412.820667][ T1542] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fea306246d4 [ 3412.828618][ T1542] R13: 00000000004befd3 R14: 00000000004d0020 R15: 00000000ffffffff [ 3412.840683][ T1542] memory: usage 307184kB, limit 307200kB, failcnt 97445 [ 3412.848711][ T1542] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3412.856845][ T1542] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3412.864757][ T1542] Memory cgroup stats for /syz5: cache:124KB rss:99512KB rss_huge:0KB shmem:132KB mapped_file:0KB dirty:132KB writeback:0KB swap:0KB inactive_anon:132KB active_anon:99468KB inactive_file:4KB active_file:0KB unevictable:0KB [ 3412.887145][ T1542] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=12029,uid=0 [ 3412.908091][ T1542] Memory cgroup out of memory: Killed process 12029 (syz-executor.5) total-vm:72448kB, anon-rss:156kB, file-rss:34816kB, shmem-rss:0kB [ 3412.925807][ T1044] oom_reaper: reaped process 12029 (syz-executor.5), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 3412.946405][ T1452] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3412.956742][ T1452] CPU: 0 PID: 1452 Comm: syz-executor.5 Not tainted 5.1.0-rc5-next-20190418 #28 [ 3412.965767][ T1452] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3412.976072][ T1452] Call Trace: [ 3412.979392][ T1452] dump_stack+0x172/0x1f0 [ 3412.983876][ T1452] dump_header+0x10f/0xb6c [ 3412.988299][ T1452] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3412.994128][ T1452] ? ___ratelimit+0x60/0x595 [ 3412.998739][ T1452] ? do_raw_spin_unlock+0x57/0x270 [ 3413.003862][ T1452] oom_kill_process.cold+0x10/0x15 [ 3413.009036][ T1452] out_of_memory+0x79a/0x1280 [ 3413.013719][ T1452] ? oom_killer_disable+0x280/0x280 [ 3413.018926][ T1452] ? find_held_lock+0x35/0x130 [ 3413.023705][ T1452] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3413.029271][ T1452] ? memcg_event_wake+0x230/0x230 [ 3413.034297][ T1452] ? do_raw_spin_unlock+0x57/0x270 [ 3413.039411][ T1452] ? _raw_spin_unlock+0x2d/0x50 [ 3413.044314][ T1452] try_charge+0xd4d/0x1790 [ 3413.048917][ T1452] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3413.054551][ T1452] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3413.060797][ T1452] ? kasan_check_read+0x11/0x20 [ 3413.065691][ T1452] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3413.071256][ T1452] mem_cgroup_try_charge+0x24d/0x5e0 [ 3413.076537][ T1452] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3413.082186][ T1452] __handle_mm_fault+0x1e1f/0x3ec0 [ 3413.087302][ T1452] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3413.093021][ T1452] ? find_held_lock+0x35/0x130 [ 3413.098053][ T1452] ? handle_mm_fault+0x292/0xa90 [ 3413.103057][ T1452] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3413.109511][ T1452] ? kasan_check_read+0x11/0x20 [ 3413.114404][ T1452] handle_mm_fault+0x3b7/0xa90 [ 3413.119183][ T1452] __do_page_fault+0x5ef/0xda0 [ 3413.124126][ T1452] do_page_fault+0x71/0x581 [ 3413.128710][ T1452] ? page_fault+0x8/0x30 [ 3413.133569][ T1452] page_fault+0x1e/0x30 [ 3413.137805][ T1452] RIP: 0033:0x45b5dd [ 3413.141781][ T1452] Code: 5b 5d f3 c3 66 0f 1f 84 00 00 00 00 00 48 c7 c0 ea ff ff ff 48 85 ff 0f 84 e0 8e fb ff 48 85 f6 0f 84 d7 8e fb ff 48 83 ee 10 <48> 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 [ 3413.161607][ T1452] RSP: 002b:00007ffc1533c028 EFLAGS: 00010202 [ 3413.167928][ T1452] RAX: ffffffffffffffea RBX: 00007fea30603700 RCX: 00007fea30603700 [ 3413.175928][ T1452] RDX: 00000000003d0f00 RSI: 00007fea30602db0 RDI: 000000000040fa30 [ 3413.183996][ T1452] RBP: 00007ffc1533c230 R08: 00007fea306039d0 R09: 00007fea30603700 [ 3413.192068][ T1452] R10: 00007fea30602dc0 R11: 0000000000000246 R12: 0000000000000000 [ 3413.200318][ T1452] R13: 00007ffc1533c0df R14: 00007fea306039c0 R15: 000000000073bfac [ 3413.209448][ T1452] memory: usage 306972kB, limit 307200kB, failcnt 97458 [ 3413.216690][ T1452] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3413.224501][ T1452] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 03:43:56 executing program 5: socket$inet_udplite(0x2, 0x2, 0x88) sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000002300)}, 0x0) clone(0x0, 0x0, 0x0, 0x0, 0x0) sysinfo(&(0x7f0000000000)=""/248) r0 = socket$inet(0x10, 0x3, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$sock_ifreq(r1, 0x89f1, &(0x7f0000000180)={'ip6tnl0\x00', @ifru_flags}) 03:43:56 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000340)={0x0, 0x5e00, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:43:56 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x3b00, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:43:56 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f00005befdc)) r2 = syz_open_dev$adsp(&(0x7f0000000040)='/dev/adsp#\x00', 0x27a6, 0x80000) ioctl$EVIOCGUNIQ(r2, 0x80404508, &(0x7f0000000180)=""/153) r3 = syz_open_pts(r1, 0x109002) ioctl$TCSETS(r3, 0x5402, &(0x7f0000000080)={0x7d016591, 0x5}) fcntl$setstatus(r3, 0x4, 0x102800) write(r3, &(0x7f0000000000), 0xffffff86) 03:43:56 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$inet(0x2, 0x2000000080003, 0xc) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f00000000c0)=@broute={'broute\x00\x00\x00\x00\x02\x00\x00\x00\x00t\x00', 0x20, 0x1, 0x178, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000800], 0x2, 0x0, &(0x7f0000000800)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe, 0x1, [{{{0x11, 0x0, 0x0, 'bcsf0\x00\x00\x00\x00\b\x00', 'veth0_to_bond\x00', 'vcan0\x00', 'vlan0\x00', @broadcast, [], @link_local, [], 0xb0, 0xb0, 0xe8, [@devgroup={'devgroup\x00', 0x18, {{0x38}}}]}}, @common=@dnat={'dnat\x00', 0x10, {{@link_local}}}}]}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}]}, 0x1f0) fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0) 03:43:56 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000100)='/dev/snapshot\x00', 0x4000, 0x0) ioctl$KVM_SET_NESTED_STATE(r2, 0x4080aebf, &(0x7f0000000180)={0x2, 0x0, 0x2080, {0x6000, 0xf000, 0x3}, [], "ca5050073e40a04f5fbbd26602920793d2b953dfb9b510780341ab185be34d4eafb88c5bac714cfd3742c02e5157829cf885b5a1feb92bfad4e8a6d419cc282937957091cdb0b24fd701661fa0826e26192810537bf52f1a8bac1aab006db5f6dbe6c0ad9c526446bffc7455f93e0cf66bec72b1a408b3466e2335b0878d390990f5f33c2d89621064483369784fa84556e87873e5e18c86d4334463cc4c647bd479182ca9aef3fa16723ce4d4b0126a3963cf19fa7ff0f7f3e8d0de567077af79eb2ba9140c1275e83400dd7ab6a13bc1e3688a29d99453be10b1239a57cde705f985cb858d16f2cdd38f96bad82a73972066c5c926ef1977fd457a25d644ff93ea87fc0b1d5e7aa3479224fcf10278faa5c014d6a8049879b86891366dd523442208aceaf1f9d3519e4809a994cf11f8b43db787639433e23be573a7d13b1cbc7d873483af4d50c3ac92a1911c720c3c9bdba28938e4ead2a2ec8287d307536f30f8b4b87f85a782c2239e6efb50a4f05c226c0573ee3ef6fa453016fa2b5c7fb3374986bbc8b7e3d1a92a759ca4f9fa6b4277bd25c8c1425b6e91c59dc4f22e67b9553e855efebf981946e893598adca16151d492be4f5790258cd2dc339c758162fa3707d4a0d11b7eb138de46f749b9a1cae8ac01d6ab86e4224b084eb63b600c34c1c646af60d76402792f4765d90c169faf8683e62bc28acfe13eb839ca50b5a01e31ab8781f4be1e54b6cd8dd014833c3d0037fdcd6396927a6c18951d25765ea7969d0548d6aa0998db8731208728e14c906e3b657e9cfd8e111df42022912bf38384de348b40184bc308999b9ad68a4c01cc4bd8cc2424d739943d5c8ca319e3298743a6a509ef148f67da0cc30fb16ac9f888e92ddb7e82bc49005c7cb7cede51712680b6289788989724e134543503b1b59ca08aa5c2f79ec5db8f6afc0f2770759fc2a97a0e1433c4de1a3fbb344a6ea0eaabd9431ab39d8a34709d4efea338d87d4bcbe61fcbded29f88e8330702ea4e43c406cb063e71e8d7ed3cf6cf534bbd651fdfef5c72f34ea49eb4d4f1154e4d1ae2a43b304edeaa1cdff239c04da380995968a75f80f4a8f19c9a6aaf1f0e299e6f52d3158ecb664779fcbe974850752032ce4111491ca7d97886af9f373cea5c15f9fa456165c28c2ba553ad6f62823c0ef51557d5b985b51486e75a51e29cfcdb790666ef90c39c842396e2a8aa7b6f936af12115dab28fe21da079c2e7c201fc0e363f5de9b2acfc156ffaa3639d4a273136841352ce41b59a343f3173845361652ad068c3b554a16969d7e550017948322b36de6aaa02766a0d85470b5b4842af2b01e21c87340e12f374b4d01522adce78b21504427a90920954729276ce7790fcfc19f63b5152c032b9c3cba231146d3141a2e26be2422fb3b3f41c0cffc08d71b5fa36e57d0c570a1376744c0db3fceb23c3a76886bd40430d530cf2d8297ff4793cb3911e72ff95a1b7f4affabaee030bf3d5c3af011ac7a644492721a616f18c1997d2e23984ba71667eeb4b3379fb7474a9cb9c9941440333f249aefe99c4f7958df24f06c926068cfd691ef19a985a1cbd1e93b0075fd4e2e0a848d329fc6c8d2d6fcfb4597c481060ed0ad8a617ce1be41bd23325f6bb8a129e03c9c32fc5963146ee6346c527c3b651b9dfa27e7693715d50ee78f4b5d8b19cd9466d56037073a7078e1984f1afcf4f01ed4b9e3f914af694f71ec35d3dac59ff50884dfb6f5e059ef74861e7a5e3b8f7859f278595b01a1c85a6f5356b796842bbba3028df68befa4d3e3fdb2469bccea93b9c85e8bf15ffbcc88b5581165ef8e6f6169ec14edcd8230c3fe7462c893ea4109ebf580e521a06a507988c0537740085f5427ddbacb1ebf7e91bf201af460096736380683c70970e75d0bfb399cdf06faa4a521ec5aa8ed20292a6b48ba316a6f944ec3e7f8eea71794614b59cd970c4af2726820597906f9fa8245700da16143b45883407e85664f9b385fbbc0304d2eb7934de71467886d2651e0d4eadf8de1b057e1ce65b754ba117095fb32d33e5086e06560de274845a9c6054212f43388e6cdd22038a252f9346d871d04b0f248bfc2943f6f3a9661866c1daf68030870d614d3d9fba382b87935b2a361a5daf6f90484a04bc86ee7eda856cf2b075e7f10e938a6a34655ac486e67fb1fe7ed43d7fa16ff32311b03c402597390bc65fa92ca304c96c6b2d60b179bdfb01cfa10cb7b6935fa4da395fca632f364be131c79825e8bdeee09eabde37fe016fd3714b6d9965e549c8a121ec440cc04ccadb936ef2bba583ebd2e0559e998cb5220b1f35f87d5cf18e7f13303bc4af57c874cfa3fcea3206b15716e4f24b78a7f107a054dd5a17416c11d65f327046f07d00476022007a0a88bc89065868bc4d47bdd6b093706bed259c512d15737ea4c8cb40252b24eabeead3583d7d089df45940a51b9a4df2b7e3a178a3a6c67ca9f227f3a6e044162918a022a37860debf44604da492932b0301fe534a4aace315bcdb260302a69af2347aa4568c2246391dccea61823b92f94ee94b735636809f491c14cec99803ea41d50e7aec7e968994145a188ba8a2c0b5cc15069532b480a0f726a168d1b0e54bd06eca43cb71f206115aa700e3e30b2c1f7acf47f3cdabab70f7342cae65a11153f6a202a304a743e17a55bcce93c98f2bb9268128d730c5c0cb77434b97639795179f357238b0ddbdb64d7ea89b1dfd9b7208e6a191793e646b20bd1acbae4fe2e19513cb3e375f274a997ee8ab09dd8a4f30bae30bd3f34002c2ef12ff555e9ee365e3b24cee6977f266a831bb7a2d8a7c7d957ee2b40994862d50a135481cdd55fd9f62c9807cdea02885528a8fb0eb0640b0c70dd79e5f65cbc079efa04ea2155daafdda16fbc5492c590f890e778e1704abad528a71ac38c88485c5b728e23024e5278290c4d5193d12bf8bad505a3ccf55e3fec711a275a7562a63dbec3c607031cb4c113010876eeb6c8d36d4c9abf437367ce7daf720ed316b184865f1a6614ef9f14b7fe8ef99a41fd277524d931c393caecb07ec0d1d59853bfff6f0dc33e37c29a6d1d278820ba3f0729cf75f7ace6cbe1ae2a455db363c977bbca879aa07e81165eb89d20486a263935070cf26a1d3180812f2963c54246b96dcbddfedc947982edf1376fb404c048dd471ce1e2a92091562391aef50da376dd2446e6ec90e25d4bba9e9638867e2a259f23c876de6524780c33ec328005c124c39f25ea96d1455947510f83c2c66143c9fd02bd028a2a2e23bea755144cd73e2d0cc940c48a2abcb16c8d216773da959a186d6eb61d074b8b77cfa8128e9a44d73fdb42f33a243275e46083b812e64d93f87aa1d15e109ed56138a15865fc1b1782038167d709ab3c459a329c3646732b164fc97cf993b6893b6b831a80a144d60c8809acfc643df610598c5fc46f0cc0bf7726598fdca9df773e053bb893b420bc1a346405fc42b3c4b56bf1947c49b3678c19dd493bcd6e2befeb3ec4474e74712d2c9a57b5be98c47530be8edfbc196e36115a1775eeeaa8aba46d8af9c22ec1103906342e6d219869998ecf83508444c540f5a87633827caa67e531631853b874f53ab1db26fcb5dbcacd3093a9c9b6aac41b54007969737ff0b3b82c4b21f05b3dd1d170b1ad5a293a60cbefbfd5e4d6112effcab40514418744cbf5987ae9e2539b5e24c5258e0014c0bb8999053b3ae7b3d0a41a28d2a07822b227c07ef9d31a7f82cddce37836d999e95d750c87ccbe56808e146ec8dde28ef7b8d4962d6492319605d1181d0c878bd555b6e892f1d639996d7e555095bc329d7332d2c7c283db1a92dda25665f4ce1f25d04eefff8dac22839bb4c2a7dc1d762adb54297c7ba8f2013a4c57c621e866496c27b634b0e77708248f7aaa1d947e8e4ec9ec9c7de3f484830662c965d364a4c938266e0704e7d258a28f5bcd62f67b4de81ee533d20c073ed0b2b5148e1e667a1546129236bb430a40508b1e1186ae6f77c8933f3dae31f1a0c92784b0fc95736803e3045e632794435c4f36dde7a903f6ccc166f38c3b85529b4cc7f56ee194cc3350c0b8cfc630f901c0901a81d04d382b25d1b90939fb6b3866634e83f5f1cd71b6d5a4a9a0e18b9add4b1671177a71c5d89138814d3f80ebfa4556599d42ecf39c1abf48d18158d7b52f16161a3ce6c3d5f5006dcbd362c5d45ddf18eb173b4d6993d1fba9784eeb07ce6aca3a3d5252615764a5cdbfe15ef5341263f945f193f2f9653cb89a75b7ead0b299ab1f68afbfd1bd4bb50e44e8f709d2037b4efe3102f5fdb09e640a4468052e6718d575426ad21cf13a961d67eb4d61ef403eb56428c28d0dd9656ac0adf3e8d56ceaeb4262acf9fc69ebdec59139ace142c7cdbde9fd56b39d1caa5c6d950fbacec434784ce9388cd0493cace5ddf661382d58cc0dc71f79cfcdf20d0332096887354d41388b8293e6b2e6c4dc8dd0be3ba9f3d2ff4125b982936eeb391a2b7adf17f218af88a7155b5e4bb4c53e16f630fd6f47e70780f3454243d2733f015bf2083cdf472768d40e071f58fc85da9faf1f7821ab99c5a487f4b6034e070006e96a110e67e9269fd89ce075b491a7b83f36c52f00c7e7e2ca3c88bf31842bcb488f736636248f7b1dc0b7824f66a6184093a26a85f96b1aca0a5eeaa5299745365e06c0b4ee10909e40ca60493614444767c564d006f4908cef58c53408c38cca946831dfd1b49e4825cd20f2866a2231949120034a240210f95678d325a82b300cb45a3bcde1eb46938f63b240f9b483f6faa27f51d10ad572d8887a48d471bf104c4e0fefd316a8a070b72191407fd2ac8b5fe36f46c5ae371361e2ee147f1da37287123cff57ab236c966ffa16b0ee372bd52d0dfbceb9aeaa8aeba315b00a37ba30beda83cc8897dd90aa78adf2f0ce3b9d900ff73f050708dfe91717baecd73a9df354a30fafe32d1c768c8b05f8a6dbc7e40c82c7815437bdc0cb12cf32a10c9db0494925224b28730487edb91e25730f70e56d60fc66a87ca1657cc0452757885f866736fe2cc033387442826c71ab706496e9ca08dd3bc22ea4004e8199ba26cc34bcc2506e3e5df9467cbcd2bc385b2b451e7d38bdeda801a5100531aa3450f1b085d90065d24d72b529237a2e3db750298e804f40d7e778e0b81299f93955748c430ba0f2eab3d5dc3814a0647475009cedac8c03612eab0a66ad5abdeeee0cdd5bb0a17d0ca49b9fdf5736eb615c7468e08c74558fca3b6fa4d58522bf78ce559acc17e65b8068d2045ded62f3c7f7ce44539a7aa4e0c2a3d125283e1f741912a3dde1ebdbe56db9c54364d0aa39ef291e25930ede562691f76a1dfacf8b408b11ee25cd18fcfbd7c143cc91f8e395314c9e67762d9ba205e3efb14af4ca36e9c97b681bcf94f27c052bdfcd48f322253aef2ba4301e3a487b2bec7d8003598b36b256f952e063d66c3f8546b8caeea427770ed92d7fd22511b54c46226e7fbab03c4de0302d0ea7bd60a8d414ba4a6cdb4fd35f40777719fa6f7180fef2a560ba1cc109b1212d8d24ff7a5f5e095c792ccffb09b81ecca958f2a908a65456c52b25d2493453a5152ca841fbdde23820df7caa07e5efda43cb0f53fb359d2a6644271ff3b9421b252428cc7fc53eca9f60704ee07ec5d93d43b37e39a103a7dae4ecf41b21c6721323a3d1b39df2d36fd84215055dbed38238e2e6d767bc66de70c958ffa53e504d52e5914", "93c59db8cc057f4a01197db8b76d2b7ce290dc5364516c8145ff8d4adfcd884da2e18ce7270ebb8ac0a36e1f31a6b3c57c524dad258c0a69ac54e73c2c835641fec52b8168ea723bb76a59ee091d4690437d949c2274c21f7bfde2fdacf45a353ed1bbc92e66cd1828b780287f05c7440a1a3c97ca39288fbc99c66d12cf153899f2ac2f9fcdbefc52ddbb68934762a4e094b7d3e3957a16539663bbed153c199654263e3bfe13608c52a6e52764cdfa2ce09dfe28c5568950367353d91a285b6a8e69377f7eb3222c337be2205d549bb0d9b016329a444a20141f427f2aeb190958770f05539dcd0d8c08e61b091aac03f1089bf21b9e95eb2d97fce4833ec25475af51ed8c9e0adf512e80840b28e4223f861b1d850b0c6b46f854e8f3eda86027c983fdb25e97be5852112bd60f1978e0c0aba4e665962714d9bb2ad444a5565eac7e9a0aee738922f6c6e924385ef31ca78852f8ba30b8cca6230e97579aa40c640cfefc2fe27dbaf9f7adf997c8d2d6883c8628b5f5d97a757dfc0f37ea97b80cf7dacb1ccc176e578d451205adec04171bc5ced3fc6216d60fd41ff64de65804a465ba939d676eea271d14fd38c4991804413ecffddb625c3426730874c7e0ded3f22f3dc829f62e8c63c8457f670b5b79d391918cf57c2b20d801f21c2e7dd961b2b4860edfb03fb0cde46f586cbcb59ba24b8eee20d71027a4fa2c9db9fbbba81a501843d19c22d6b03d56e42797e7af8d82ad505c22def57cd7f8d1da2a4475220ae29fe1a77ddbeff82e6a56aff60a361a1a7fc9f9956d4b0b044517fc01100080d39dbab6434732a69bb18d62f33c79eef0f249b87b0a63e7eecc2490d4738ed243bb4a35845d903914392a805fc95d6a7d74e20b04d9c536473aaa5ebdb04b41b37698479aa623b0d4b43de5663183e435c821feab83119c5403721886800637098a66bc05df2d1baf3aca7bf4271927d90f9b4a6c971c774a3c0a8063476a0e56f8b45c8bdc39edb8138e0478a90c1bbff961ef64405b7801de71143bfb46918ee369b0e4be683aa5d3b0e550bcf62dcadaa5436b2dc60afd06ac92faf19ab5ab1a40c6bd388b72f4587d57f9e46d71da697945effbf1d999c07390cf672d40a4da84d705ff52d173a8ab8b407610675403b300e9fc06da1237c2cebefc5ed3e7270bd1dfb17765b707372098f42c9f16bfcb51b228ca7068f0263db3e0c817f8cf44773800168bcb110baaabf2f899dfae0142896d517ee17460f4045d7bbb013ccd341c30afd550bf1a6a0a6297b1d7db8a7102c47b67562b12e963003c7258bfeb17c494a849fa47201aa0d979c067c1570cdf137784b553472f87f324490a57c994411a90b4401c1292bce97020032f7329d988eb71d750cc9bfc527429e8d667b97caa536126ede3882f00c9198df1fa40bfb9dd5e888c2cb58ab6768aca32498f6a8842c442c2a0c4973b2f6ab3877d9dfae3ac94e7bc395c2aec14aa390360a8d152c4365801ccce0aa2f9becc9a56b0f7dd0045eda22684ecf22a977634b3f3b1b7e175327ef478696047ecc208ff1cf984aca3027103f3c8b34545e2e75bed276366215490880eec4062766755f2236db5d80e5da63b5020cefcdb39c0557f1d786580e8382356fe3a77953acb3562a2673bb41a68bc1c7b0be36a4e9291ceb8356a1718e38d0525dcee2c65a1776722277b96151ed7f48d2eabbc7bb2f7dc6a704d8bbddfd4a7f8e45da2beed63ce6e0651d7eeea7bd043082a23969b770dd0fc38c026153532cd8037aaf209d4133d8d46a76499056a093638d3a4f4adff1fedd48d99520720dda4de5099657cb52787008c004c42030c014a866267e3087934d164a776c0b2053707d3a49bf2c5e92dcbc515c91507c9513487a2364a3b6e5f17a6199e877641e31ff5711b771f2077c1de7cde10ee690415f20703cebc5485f6a0fc80c8fcd736241fae5c2d4be9183cffe1c821577519800751ec2cf722bf864cb709327cc6303651dfedc13f7c245377b7ab06e1535d0e5fbd469d151319cdf3bc52885410a8aaf92919e344f683a5d3073f2041e6edf3e7fcaa19af6839b347a721c983e786c88a6a7df48149bcee2eff1ed4d80474a05fde8b217fff1ddba19608558633dab902ff210d7ad14c648eeb38fe993209f28f69dd2199a7e5d741ee84b3a64382f6a095fb008c12977189e0e0818f1301ede8a863fabdd0b73c40a913deffed7c224eb6d691bd9065a6a9b57311bc047a60efa90c546f6f3c8ef1b2f9524508936bc2789c760af54cbe9f324554122db76dea27baabe2a8623c03a11ca3a82a986fc87a84a0c9a00019de5d36dcf3e8ebe15d220e05ff9dad4f9401ae962bfa6ed84da1a79c24d5220574eede8e1f6ff1c7ac8592e072f65d9986f6ab2370429a49d068bc629699bfbdcf64bf45510755ed8de185070ba75ca4fa648f4e0d8249645b3cefcd8665404811eee371ea51e461024bc0fd12faae3cd7672375d3127c0adb2a13edc4e63bd2f6095225d0911745089490efc5af3c637d72793e237521365831e14443c1237ced60c67941d5ef3f72528cd76bfd5f222f69b587797471a4acd60b3168c4218f2a2a24e32207189fb8e92de362b9c925ccbeeaa6de3c3c2453f97e1f91fcb6e4f38bb8635b7b406610b6259c95f7c9da57f2396631b60b07074fa470d26aa8ee3c4fe41fafaa741fd2305d8d1afe7165c1541de8e12af0be86f814d3ee2c6972655e16b5607d2ef67b83ece30b84edc91f137655cf028fe739c8fcb200eab73c1565079a8d75588d50d43679b71b9060b9502dbc1c882c749be90fd0f124e35c86c285e6c3270351b54868e7ef45eb8d001a205f381b873540ef0c0079364d26f4826e05c83021dcc721c72901ddb42e8e4892a735783c106f2278d5e54954106abd93bb2511690933024a91ac7d746b240e2a4961c79e7aaaf0460d2027ec8e224d3d8d8cee14d08237f78a3186a0c225337fab17fcc01a9fdaf7a7b5ae1e581105bd83d9e82fcb8e311a17c677d4f8d3783e5ea7de71e0fb0bb7b2ae2c6953bb3874c87a33a4f4b06a4962408aa6e898502ee40d2bccc2d5a8c21a1e7fa41b1a3466daed5b8be068924d83432bbb5b255eb15bbef3e8f16f18f9f7d858428dfb656789828770790ff473df5a6226bbdd3108afc426e42107d5750019b8356ebdf02c20a507698a96aaef0e6e9e73785d3459b0e132ff50f35de48dbc124b607cdea840ce2ae234bad3cf7ff6d7d0d31c9fa6de476379f24484845dc2c19a83934d8de3af8b66c9f2f429837c42ed4f74fa0ba13d6e76c54522cfd0f6edc685590880149a4528a0c56aed5907cf63c3f645c210a009f8effb9625bc716c5897cc7859503c2e42c9af30cabc56f1129bcb8a43e0f9fa1e87fc6f755ed8eaf4c15999f28034971de33288e322b00e4f99bc70bfee3cecd751cabb9cb1266219d112bc3450eb25cb85ac028b24d4e8a471da05db44172980dfd9e6b1df80fa0faee6ddc20cd6fe5af8a795b48fefa2329a7f35cb99408d8f77c8b36446490251630ac151b8593845b65165638ffe8b1df6c3dbd80e4b95c6f083ab7edd3bd711d9d774eab92e10297bd4e040f011a9db6a73f33378425d111cfcb785d06aae13e538233a3353a0f0cac67bfe3b79532154d4c009aa6bdcff02b301c41aa8609e7311fae0cfc840c02b0dae09be16e27bc6a07a67b82f227a698fd26a678f55f65745644b8b41c1e5bf11c2bf2699259be6df5e1f8ec9793fb1eb2705b006ab027d585f4568f263035189470122db4d5519d083e25347d211c7d4789504499c9d71e6fafd4cdc51bc5a88c246cd38c7253e0592674b4dac3f6a5fa3aa40d3f341b6769789b42d46f40e10f3fd775755f3e227253c69eb48de56045f4863bc58f5edd2f4fe46cce5823fe21215a5d0efeaeab339a55fe425fa1b5e1480820ea2a7382b29b5c569d7752e82d02fc109f633373788cfa8ad16019893ced719495336d6cfda7cb5ffb3d720106f96e0339169f11741d3fe5937c1f8a03b7b17f3aec1df4400e0afb1d56696aca31032b91bd9fba86aabc201c891b388f23bc6d06142f7a448ba36e21256353c5f51613e602913f7eb4392eebab42a44952082e834a92e336d42cf1a2f4231a514ab81f2f3fa7777630083d7682849745917f710a1d3af2150987d987072d632c1d29dd4ad6094b7a90b9e55d440b7f0ae7eb73a905ef1b75ee2a4798f75ef9b2a600132e68e0c40b97883ae4ccef17e8652d6624b164c7b19a57000092c10dee881f8710cf1b25d91e33b32a4364cfa7ec43c07e9c0fda7e8899184afaba71ee939556bb314813e066dcceeeab64f1433b0b0bc19a51a14f995a6a6080fa92d475dc6bb7bedb60c9b73bd438e2ba0d475b5e0e285f473b269f92c379fee125e04cb7aa311a584bb1d0e2c4477c5ea422a804b0acbf5b0709224d9d22a436593c9e34c6facccb5ebd8c1fd94f42f52ecc22fbc0f52466237311f9732df857aa642d19ad50a887dee3d17aeab1931f6336a2f53e291670c715832c8c4979436f77e172dd98b6873298909c79f13d902a89d2962f3ca04a5f802354c5f3b94517ab0d518ddd5763d50d7edac1db9416017a0da66ac3463e66b86226ae6b29d57387fa92d24b765e7cf5e6ded4212d1008974eccb950f7dd8ad5bdebf8cefffbf0f404cfc032c28c5900f33d73ec41a0b4ac82a0c48ac698a18c7ba9b13e3f8c74212ab0705affccc3f516381ef855e130876aa1a1eb169bfaa0ae240a2c5cd0db2e91b86cfcd6fa8ad58c8dd5232ba4c27de86da1d4a49d0ae71e27804baa647ba72ec8a423e022c393f3bd1f0d3c3d6336ae22ca0a6839c90688dc0b06b143fc283a2624d79435da30a3079cff3d725b6215ac44997e9cd7ecfecc98311b0de99449de96fbb8d0f771c1a3490554a1c283244e88f1b830dbce4bfecdaf6481661fafe68c21cddfc913c9523071365d8e79b32bd4c8603aaab93a607db60ebe775c321cc59a7acda4a6b09f9d30ffb12b15077b9cff767873868db065db5e903c25b12c178f5a33582b8f93394cda7ef6d8df8868c611edf2472b3ad67b4b3b535aac95cf3d7b8aa44904b69e7e1d5774d95e90d531cfc78e6e5c1648a1b963dfc896e1c261063c7518e4514e5d812c88c7726236f90ca169037ea4d8dfdd9d8356034f28d31cb88d61b3ed162bb09ba7b6b22a8a3e7581726cee6e2d9ff7cf11e91319ea88d5c8f380425d04fdc0be9b5786385e742edf6c79d376719bd06352a829cfdd5ee1ca5ea8dfb314149fcf3081a90a8b4646cfda29bf5ec5fd3bbdee60b7fb3955cd16fe57de154e0094935d891b60eba087e152db1d3c8028c8e0c1bb83507c7d404f1e8c34152210d571e51a516045dc1b31d337d34cd906845f390c87e5045386a9010412f7a1936b891a0ebbe068c7d9b9c37b705596f281e21a042a5d55b039f6fb7111ed166a815cb550f11769156be243166fb311c85390ef7f6c30dc5b804cbd653d204765b1c1fb2e854042ca4e910222f4dd203e4982109d974295098565a25c40e2811a80824a1606d7c9ef7bbe45091b751b55b824ccd267228589fb497688950d66738138467c9ac5050114d07991a45c7961ce9bed3d1fe335257eb9a4f907b8999d3092e14b15cb9481fbeca17cc0600ece791b765f5a4d2e6b691a63dde6ce5c023aaef49c9371f5a18f962d7723d92bff5490bb87bf40487fe66221f5e2aa2bbdab2452d757c7e9fb1a182c0d48c"}) r3 = socket$inet(0x2, 0x3, 0x19) connect$inet(r3, &(0x7f0000000000)={0x2, 0x0, @local}, 0x10) setsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x23, &(0x7f0000000000)={{{@in=@multicast2, @in=@multicast1}}, {{@in6}, 0x0, @in6=@loopback}}, 0xe8) setsockopt(r3, 0x0, 0xb, &(0x7f0000000140)="f1", 0x1) [ 3413.231439][ T1452] Memory cgroup stats for /syz5: cache:124KB rss:99512KB rss_huge:0KB shmem:132KB mapped_file:0KB dirty:132KB writeback:0KB swap:0KB inactive_anon:132KB active_anon:99468KB inactive_file:4KB active_file:0KB unevictable:0KB [ 3413.253817][ T1452] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=1452,uid=0 [ 3413.269518][ T1452] Memory cgroup out of memory: Killed process 1452 (syz-executor.5) total-vm:72580kB, anon-rss:160kB, file-rss:35724kB, shmem-rss:0kB [ 3413.285075][ T1044] oom_reaper: reaped process 1452 (syz-executor.5), now anon-rss:0kB, file-rss:34828kB, shmem-rss:0kB 03:43:57 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x3c00, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:43:57 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000340)={0x0, 0x5f00, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:43:57 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$inet(0x2, 0x2000000080003, 0xc) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f00000000c0)=@broute={'broute\x00\x00\x00\x00\x02\x00\x00\x00\x00t\x00', 0x20, 0x1, 0x178, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000800], 0x2, 0x0, &(0x7f0000000800)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe, 0x1, [{{{0x11, 0x0, 0x0, 'bcsf0\x00\x00\x00\x00\b\x00', 'veth0_to_bond\x00', 'vcan0\x00', 'vlan0\x00', @broadcast, [], @link_local, [], 0xb0, 0xb0, 0xe8, [@devgroup={'devgroup\x00', 0x18, {{0x38}}}]}}, @common=@dnat={'dnat\x00', 0x10, {{@link_local}}}}]}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}]}, 0x1f0) fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0) 03:43:57 executing program 3: r0 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000500)='/dev/dlm-control\x00', 0x82000, 0x0) ioctl$sock_inet_SIOCSIFPFLAGS(r0, 0x8934, &(0x7f0000000540)={'ipddp0\x00'}) r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x0) r2 = semget$private(0x0, 0x5, 0x42) iopl(0x75b) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000000040)={{{@in6, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@broadcast}, 0x0, @in=@multicast1}}, &(0x7f0000000140)=0xe8) stat(&(0x7f0000000180)='./file0\x00', &(0x7f0000000600)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) getsockopt$inet_udp_int(r0, 0x11, 0x66, &(0x7f0000000580), &(0x7f00000005c0)=0x4) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffff9c, 0x29, 0x22, &(0x7f0000000240)={{{@in=@initdev, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@mcast2}, 0x0, @in=@empty}}, &(0x7f0000000380)=0xe8) stat(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) semctl$IPC_SET(r2, 0x0, 0x1, &(0x7f0000000480)={{0xffffffffffffff7d, r3, r4, r5, r6, 0x2, 0x100}, 0xffff, 0x8001, 0x73a}) ioctl$SCSI_IOCTL_SEND_COMMAND(r1, 0x5382, &(0x7f0000000000)=ANY=[@ANYBLOB="afb509706100"]) getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(0xffffffffffffff9c, 0x84, 0x73, &(0x7f00000001c0)={0x0, 0x0, 0x30, 0xfffffffffffffe00, 0x3}, &(0x7f0000000200)=0x18) setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r0, 0x84, 0xa, &(0x7f0000000680)={0x80000001, 0xfffffffffffffffc, 0x0, 0x100, 0x7e81, 0x3, 0x8, 0x3, r7}, 0x20) 03:43:57 executing program 1: r0 = io_uring_setup(0x90, &(0x7f0000000000)) io_uring_register$IORING_UNREGISTER_BUFFERS(r0, 0x1, 0x0, 0x0) [ 3413.628648][ T1728] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3413.683274][ T1728] CPU: 1 PID: 1728 Comm: syz-executor.5 Not tainted 5.1.0-rc5-next-20190418 #28 [ 3413.692361][ T1728] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3413.702730][ T1728] Call Trace: [ 3413.706044][ T1728] dump_stack+0x172/0x1f0 [ 3413.710425][ T1728] dump_header+0x10f/0xb6c [ 3413.715006][ T1728] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3413.720820][ T1728] ? ___ratelimit+0x60/0x595 [ 3413.720837][ T1728] ? do_raw_spin_unlock+0x57/0x270 [ 3413.720863][ T1728] oom_kill_process.cold+0x10/0x15 [ 3413.720880][ T1728] out_of_memory+0x79a/0x1280 [ 3413.740488][ T1728] ? lock_downgrade+0x880/0x880 [ 3413.740503][ T1728] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3413.740521][ T1728] ? oom_killer_disable+0x280/0x280 [ 3413.740531][ T1728] ? find_held_lock+0x35/0x130 [ 3413.740557][ T1728] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3413.767485][ T1728] ? memcg_event_wake+0x230/0x230 [ 3413.772541][ T1728] ? do_raw_spin_unlock+0x57/0x270 [ 3413.772558][ T1728] ? _raw_spin_unlock+0x2d/0x50 [ 3413.772579][ T1728] try_charge+0x118d/0x1790 [ 3413.787115][ T1728] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3413.792700][ T1728] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3413.792721][ T1728] ? kasan_check_read+0x11/0x20 [ 3413.792739][ T1728] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3413.792758][ T1728] mem_cgroup_try_charge+0x24d/0x5e0 [ 3413.814754][ T1728] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3413.820414][ T1728] __handle_mm_fault+0x1e1f/0x3ec0 [ 3413.825575][ T1728] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3413.831220][ T1728] ? find_held_lock+0x35/0x130 [ 3413.836084][ T1728] ? handle_mm_fault+0x292/0xa90 [ 3413.841394][ T1728] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3413.847729][ T1728] ? kasan_check_read+0x11/0x20 [ 3413.847748][ T1728] handle_mm_fault+0x3b7/0xa90 [ 3413.847766][ T1728] __do_page_fault+0x5ef/0xda0 [ 3413.847790][ T1728] do_page_fault+0x71/0x581 [ 3413.857764][ T1728] ? page_fault+0x8/0x30 [ 3413.857778][ T1728] page_fault+0x1e/0x30 [ 3413.857788][ T1728] RIP: 0033:0x45b5dd 03:43:57 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x3d00, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) [ 3413.857804][ T1728] Code: 5b 5d f3 c3 66 0f 1f 84 00 00 00 00 00 48 c7 c0 ea ff ff ff 48 85 ff 0f 84 e0 8e fb ff 48 85 f6 0f 84 d7 8e fb ff 48 83 ee 10 <48> 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 [ 3413.899149][ T1728] RSP: 002b:00007ffc1533c028 EFLAGS: 00010202 [ 3413.905501][ T1728] RAX: ffffffffffffffea RBX: 00007fea30603700 RCX: 00007fea30603700 [ 3413.913949][ T1728] RDX: 00000000003d0f00 RSI: 00007fea30602db0 RDI: 000000000040fa30 [ 3413.922038][ T1728] RBP: 00007ffc1533c230 R08: 00007fea306039d0 R09: 00007fea30603700 [ 3413.930024][ T1728] R10: 00007fea30602dc0 R11: 0000000000000246 R12: 0000000000000000 [ 3413.938009][ T1728] R13: 00007ffc1533c0df R14: 00007fea306039c0 R15: 000000000073bfac [ 3413.947872][ T1728] memory: usage 307200kB, limit 307200kB, failcnt 97494 [ 3413.955410][ T1728] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3413.963710][ T1728] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3413.971225][ T1728] Memory cgroup stats for /syz5: cache:124KB rss:99512KB rss_huge:0KB shmem:132KB mapped_file:0KB dirty:132KB writeback:0KB swap:0KB inactive_anon:132KB active_anon:99468KB inactive_file:4KB active_file:0KB unevictable:0KB [ 3413.993974][ T1728] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=1728,uid=0 [ 3414.010031][ T1728] Memory cgroup out of memory: Killed process 1728 (syz-executor.5) total-vm:72580kB, anon-rss:160kB, file-rss:35724kB, shmem-rss:0kB 03:43:57 executing program 5: socket$inet_udplite(0x2, 0x2, 0x88) sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000002300)}, 0x0) clone(0x0, 0x0, 0x0, 0x0, 0x0) sysinfo(&(0x7f0000000000)=""/248) r0 = socket$inet(0x10, 0x3, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$sock_ifreq(r1, 0x89f1, &(0x7f0000000180)={'ip6tnl0\x00\x00\x00\x00\x00\x00\x00\x00\xff', @ifru_flags}) 03:43:57 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000340)={0x0, 0x6000, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:43:57 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x400100, 0x0) openat$vcs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcs\x00', 0x200, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_SET_GSI_ROUTING(r1, 0x4008ae6a, &(0x7f0000000180)=ANY=[@ANYBLOB="010000000000000000000400010000000000000000000000000000003f00000000000000000000000000009c6db38300b6715c2ade81165670e130a57b7f4920ee392cd15b6586c408f02d860b27b3dcbef6cb6ebd507d632c736672f100ca39cb364b946d1123ce75d30bbecc744854d7bb032ade2f8cecaad81ef290b34de0e04eb7117bd3666fcd16da127749c4fbcfe3b1320f39c9ee4faa2244061b789340e062efb190974d9ffbc541e1a6f8f7279da753c43d436f3295b1f6e86ed63641c5f9277ef8c27b922ccbb8f1fabe414bacc4daa95889b1d083505233310e43be3ce05f1768f0248e2383bc722b856d5815bcf2b59f172ae8b0c57dfa7cd224513316fa3442cd0334b1c4e25f63a0109de1eae4045dc54fa19f47340ceec49e05084f50b84c410f923b70797867e3116a9a08140bf27ad4d0bf2c3b"]) 03:43:57 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$inet(0x2, 0x2000000080003, 0xc) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f00000000c0)=@broute={'broute\x00\x00\x00\x00\x02\x00\x00\x00\x00t\x00', 0x20, 0x1, 0x178, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000800], 0x2, 0x0, &(0x7f0000000800)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe, 0x1, [{{{0x11, 0x0, 0x0, 'bcsf0\x00\x00\x00\x00\b\x00', 'veth0_to_bond\x00', 'vcan0\x00', 'vlan0\x00', @broadcast, [], @link_local, [], 0xb0, 0xb0, 0xe8, [@devgroup={'devgroup\x00', 0x18, {{0x38}}}]}}, @common=@dnat={'dnat\x00', 0x10, {{@link_local}}}}]}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}]}, 0x1f0) fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0) [ 3414.027195][ T1044] oom_reaper: reaped process 1728 (syz-executor.5), now anon-rss:0kB, file-rss:34828kB, shmem-rss:0kB 03:43:57 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x3e00, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:43:57 executing program 1: r0 = syz_open_dev$evdev(&(0x7f0000000080)='/dev/input/event#\x00', 0x20000000000, 0x0) r1 = dup(r0) ioctl$EVIOCGRAB(r0, 0x40044590, &(0x7f0000000100)) ioctl$TIOCSBRK(r1, 0x40044590) getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000140)={0x0, @in6={{0xa, 0x4e23, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x6}}, 0x9, 0x2, 0x800, 0x43239391, 0x4}, &(0x7f0000000000)=0x98) getsockopt$inet_sctp_SCTP_ASSOCINFO(r1, 0x84, 0x1, &(0x7f0000000040)={r2, 0x5, 0x1, 0x4, 0x3, 0x1}, &(0x7f00000000c0)=0x14) 03:43:57 executing program 3: openat$vimc2(0xffffffffffffff9c, &(0x7f0000000240)='/dev/video2\x00', 0x2, 0x0) r0 = syz_open_dev$sndseq(&(0x7f0000000000)='/dev/snd/seq\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, 0x0) socket$xdp(0x2c, 0x3, 0x0) r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x400080, 0x0) ioctl$VIDIOC_SUBDEV_G_EDID(r1, 0xc0285628, &(0x7f0000000200)={0x0, 0x9, 0x10000000000004, [], &(0x7f0000000080)=0x6}) dup2(r0, r1) recvfrom$unix(r1, &(0x7f00000000c0)=""/186, 0xba, 0x100, &(0x7f0000000180)=@file={0x1, './file0\x00'}, 0x6e) 03:43:57 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$inet(0x2, 0x2000000080003, 0xc) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f00000000c0)=@broute={'broute\x00\x00\x00\x00\x02\x00\x00\x00\x00t\x00', 0x20, 0x1, 0x178, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000800], 0x2, 0x0, &(0x7f0000000800)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe, 0x1, [{{{0x11, 0x0, 0x0, 'bcsf0\x00\x00\x00\x00\b\x00', 'veth0_to_bond\x00', 'vcan0\x00', 'vlan0\x00', @broadcast, [], @link_local, [], 0xb0, 0xb0, 0xe8, [@devgroup={'devgroup\x00', 0x18, {{0x38}}}]}}, @common=@dnat={'dnat\x00', 0x10, {{@link_local}}}}]}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}]}, 0x1f0) fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0) 03:43:57 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x3f00, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:43:57 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000340)={0x0, 0x6100, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:43:58 executing program 3: read(0xffffffffffffffff, 0x0, 0x0) [ 3414.459190][ T2021] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3414.479439][ T2021] CPU: 1 PID: 2021 Comm: syz-executor.5 Not tainted 5.1.0-rc5-next-20190418 #28 [ 3414.488519][ T2021] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3414.498810][ T2021] Call Trace: [ 3414.502122][ T2021] dump_stack+0x172/0x1f0 [ 3414.506767][ T2021] dump_header+0x10f/0xb6c [ 3414.511221][ T2021] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3414.517236][ T2021] ? ___ratelimit+0x60/0x595 [ 3414.521854][ T2021] ? do_raw_spin_unlock+0x57/0x270 [ 3414.532633][ T2021] oom_kill_process.cold+0x10/0x15 [ 3414.537780][ T2021] out_of_memory+0x79a/0x1280 [ 3414.542583][ T2021] ? lock_downgrade+0x880/0x880 [ 3414.547434][ T2021] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3414.553676][ T2021] ? oom_killer_disable+0x280/0x280 [ 3414.559012][ T2021] ? find_held_lock+0x35/0x130 [ 3414.563880][ T2021] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3414.569448][ T2021] ? memcg_event_wake+0x230/0x230 [ 3414.574483][ T2021] ? do_raw_spin_unlock+0x57/0x270 [ 3414.579592][ T2021] ? _raw_spin_unlock+0x2d/0x50 [ 3414.584797][ T2021] try_charge+0x118d/0x1790 [ 3414.589322][ T2021] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3414.595045][ T2021] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3414.601504][ T2021] ? kasan_check_read+0x11/0x20 [ 3414.606376][ T2021] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3414.611945][ T2021] mem_cgroup_try_charge+0x24d/0x5e0 [ 3414.617335][ T2021] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3414.623089][ T2021] wp_page_copy+0x416/0x1770 [ 3414.627678][ T2021] ? do_wp_page+0x486/0x1500 [ 3414.632290][ T2021] ? pmd_pfn+0x1d0/0x1d0 [ 3414.636537][ T2021] ? lock_downgrade+0x880/0x880 [ 3414.641818][ T2021] ? swp_swapcount+0x540/0x540 [ 3414.646579][ T2021] ? kasan_check_read+0x11/0x20 [ 3414.651424][ T2021] ? do_raw_spin_unlock+0x57/0x270 [ 3414.656537][ T2021] do_wp_page+0x48e/0x1500 [ 3414.660967][ T2021] ? finish_mkwrite_fault+0x540/0x540 [ 3414.666531][ T2021] __handle_mm_fault+0x22e8/0x3ec0 [ 3414.671645][ T2021] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3414.677189][ T2021] ? find_held_lock+0x35/0x130 [ 3414.681957][ T2021] ? handle_mm_fault+0x292/0xa90 [ 3414.686991][ T2021] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3414.693321][ T2021] ? kasan_check_read+0x11/0x20 [ 3414.698183][ T2021] handle_mm_fault+0x3b7/0xa90 [ 3414.702950][ T2021] __do_page_fault+0x5ef/0xda0 [ 3414.707717][ T2021] do_page_fault+0x71/0x581 [ 3414.712216][ T2021] ? page_fault+0x8/0x30 [ 3414.716804][ T2021] page_fault+0x1e/0x30 [ 3414.720955][ T2021] RIP: 0033:0x40b6c8 [ 3414.724848][ T2021] Code: 00 00 49 8d be 88 00 00 00 48 89 ea 48 89 de 0f 85 dd 00 00 00 e8 18 2c 00 00 8b 05 42 c9 32 00 48 8b 15 d3 4d 64 00 83 c0 01 <89> 05 32 c9 32 00 89 02 48 83 c4 08 5b 5d 41 5c 41 5d 41 5e 41 5f [ 3414.744454][ T2021] RSP: 002b:00007ffc1533c0f0 EFLAGS: 00010202 [ 3414.750637][ T2021] RAX: 0000000000000001 RBX: 0000001b2d620014 RCX: 0000001b2e620000 03:43:58 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000340)={0x0, 0x6200, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) [ 3414.758711][ T2021] RDX: 0000001b2d620000 RSI: 0000000000001d2a RDI: ffffffff61d03d2a [ 3414.766971][ T2021] RBP: 0000001b2d620018 R08: 0000000061d03d2a R09: 0000000061d03d2e [ 3414.775488][ T2021] R10: 00007ffc1533c220 R11: 0000000000000246 R12: 0000001b2d62001c [ 3414.783466][ T2021] R13: 00000000003418c7 R14: 000000000073bf00 R15: 000000000073bf0c [ 3414.798861][ T2021] memory: usage 307200kB, limit 307200kB, failcnt 97532 [ 3414.805889][ T2021] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3414.859154][ T2021] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3414.889762][ T2021] Memory cgroup stats for /syz5: cache:124KB rss:99512KB rss_huge:0KB shmem:132KB mapped_file:0KB dirty:132KB writeback:0KB swap:0KB inactive_anon:132KB active_anon:99468KB inactive_file:4KB active_file:0KB unevictable:0KB [ 3414.932290][ T2021] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=12307,uid=0 [ 3414.956197][ T2021] Memory cgroup out of memory: Killed process 12307 (syz-executor.5) total-vm:72448kB, anon-rss:156kB, file-rss:34816kB, shmem-rss:0kB [ 3415.062837][ T2107] syz-executor.5 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 3415.081740][ T2107] CPU: 1 PID: 2107 Comm: syz-executor.5 Not tainted 5.1.0-rc5-next-20190418 #28 [ 3415.090810][ T2107] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3415.101058][ T2107] Call Trace: [ 3415.104531][ T2107] dump_stack+0x172/0x1f0 [ 3415.109129][ T2107] dump_header+0x10f/0xb6c [ 3415.113543][ T2107] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3415.119431][ T2107] ? ___ratelimit+0x60/0x595 [ 3415.124022][ T2107] ? do_raw_spin_unlock+0x57/0x270 [ 3415.129581][ T2107] oom_kill_process.cold+0x10/0x15 [ 3415.134699][ T2107] out_of_memory+0x79a/0x1280 [ 3415.139382][ T2107] ? lock_downgrade+0x880/0x880 [ 3415.144318][ T2107] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3415.150678][ T2107] ? oom_killer_disable+0x280/0x280 [ 3415.155965][ T2107] ? find_held_lock+0x35/0x130 [ 3415.160767][ T2107] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3415.166309][ T2107] ? memcg_event_wake+0x230/0x230 [ 3415.171363][ T2107] ? do_raw_spin_unlock+0x57/0x270 [ 3415.176477][ T2107] ? _raw_spin_unlock+0x2d/0x50 [ 3415.181326][ T2107] try_charge+0x118d/0x1790 [ 3415.185831][ T2107] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3415.191456][ T2107] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 3415.197114][ T2107] ? find_held_lock+0x35/0x130 [ 3415.201968][ T2107] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 3415.207521][ T2107] __memcg_kmem_charge_memcg+0x7c/0x130 [ 3415.213276][ T2107] ? memcg_kmem_put_cache+0xb0/0xb0 [ 3415.218575][ T2107] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3415.224124][ T2107] __memcg_kmem_charge+0x136/0x300 [ 3415.229239][ T2107] __alloc_pages_nodemask+0x437/0x7e0 [ 3415.234715][ T2107] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3415.240952][ T2107] ? __alloc_pages_slowpath+0x28b0/0x28b0 [ 3415.246758][ T2107] ? copy_process.part.0+0x1d40/0x7a90 [ 3415.252216][ T2107] ? lockdep_hardirqs_on+0x418/0x5d0 [ 3415.257504][ T2107] ? trace_hardirqs_on+0x67/0x230 [ 3415.262530][ T2107] ? kasan_check_read+0x11/0x20 [ 3415.267391][ T2107] copy_process.part.0+0x3e0/0x7a90 [ 3415.272590][ T2107] ? __lock_acquire+0x548/0x3fb0 [ 3415.277539][ T2107] ? __might_fault+0x12b/0x1e0 [ 3415.282330][ T2107] ? __cleanup_sighand+0x60/0x60 [ 3415.287271][ T2107] ? lock_downgrade+0x880/0x880 [ 3415.292132][ T2107] _do_fork+0x257/0xfd0 [ 3415.296292][ T2107] ? fork_idle+0x1d0/0x1d0 [ 3415.300721][ T2107] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3415.306177][ T2107] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3415.311735][ T2107] ? do_syscall_64+0x26/0x670 [ 3415.316422][ T2107] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3415.322738][ T2107] ? do_syscall_64+0x26/0x670 [ 3415.327627][ T2107] __x64_sys_clone+0xbf/0x150 [ 3415.332308][ T2107] do_syscall_64+0x103/0x670 [ 3415.336904][ T2107] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3415.342795][ T2107] RIP: 0033:0x458c29 [ 3415.346691][ T2107] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3415.370868][ T2107] RSP: 002b:00007fea30623c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 3415.379297][ T2107] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000458c29 [ 3415.387273][ T2107] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 3415.395464][ T2107] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 3415.403439][ T2107] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fea306246d4 [ 3415.411575][ T2107] R13: 00000000004befd3 R14: 00000000004d0020 R15: 00000000ffffffff [ 3415.435161][ T2107] memory: usage 307200kB, limit 307200kB, failcnt 97555 [ 3415.442280][ T2107] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3415.449894][ T2107] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3415.456892][ T2107] Memory cgroup stats for /syz5: cache:124KB rss:99380KB rss_huge:0KB shmem:132KB mapped_file:0KB dirty:132KB writeback:0KB swap:0KB inactive_anon:132KB active_anon:99468KB inactive_file:4KB active_file:0KB unevictable:0KB [ 3415.478747][ T2107] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=12593,uid=0 [ 3415.494309][ T2107] Memory cgroup out of memory: Killed process 12593 (syz-executor.5) total-vm:72448kB, anon-rss:156kB, file-rss:34816kB, shmem-rss:0kB [ 3415.515049][ T2021] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3415.525591][ T2021] CPU: 1 PID: 2021 Comm: syz-executor.5 Not tainted 5.1.0-rc5-next-20190418 #28 [ 3415.534812][ T2021] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3415.544869][ T2021] Call Trace: [ 3415.548164][ T2021] dump_stack+0x172/0x1f0 [ 3415.552500][ T2021] dump_header+0x10f/0xb6c [ 3415.556915][ T2021] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3415.562844][ T2021] ? ___ratelimit+0x60/0x595 [ 3415.567526][ T2021] ? do_raw_spin_unlock+0x57/0x270 [ 3415.572641][ T2021] oom_kill_process.cold+0x10/0x15 [ 3415.577753][ T2021] out_of_memory+0x79a/0x1280 [ 3415.582430][ T2021] ? oom_killer_disable+0x280/0x280 [ 3415.587714][ T2021] ? find_held_lock+0x35/0x130 [ 3415.592599][ T2021] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3415.598140][ T2021] ? memcg_event_wake+0x230/0x230 [ 3415.603249][ T2021] ? do_raw_spin_unlock+0x57/0x270 [ 3415.608558][ T2021] ? _raw_spin_unlock+0x2d/0x50 [ 3415.613440][ T2021] try_charge+0xd4d/0x1790 [ 3415.617887][ T2021] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3415.623433][ T2021] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3415.629992][ T2021] ? kasan_check_read+0x11/0x20 [ 3415.634968][ T2021] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3415.640816][ T2021] mem_cgroup_try_charge+0x24d/0x5e0 [ 3415.646182][ T2021] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3415.651834][ T2021] __handle_mm_fault+0x1e1f/0x3ec0 [ 3415.656958][ T2021] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3415.662522][ T2021] ? find_held_lock+0x35/0x130 [ 3415.667554][ T2021] ? handle_mm_fault+0x292/0xa90 [ 3415.672509][ T2021] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3415.679137][ T2021] ? kasan_check_read+0x11/0x20 [ 3415.684004][ T2021] handle_mm_fault+0x3b7/0xa90 [ 3415.688892][ T2021] __do_page_fault+0x5ef/0xda0 [ 3415.694287][ T2021] do_page_fault+0x71/0x581 [ 3415.698892][ T2021] ? page_fault+0x8/0x30 [ 3415.703146][ T2021] page_fault+0x1e/0x30 [ 3415.707294][ T2021] RIP: 0033:0x45b5dd [ 3415.711302][ T2021] Code: 5b 5d f3 c3 66 0f 1f 84 00 00 00 00 00 48 c7 c0 ea ff ff ff 48 85 ff 0f 84 e0 8e fb ff 48 85 f6 0f 84 d7 8e fb ff 48 83 ee 10 <48> 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 [ 3415.730993][ T2021] RSP: 002b:00007ffc1533c028 EFLAGS: 00010202 [ 3415.737077][ T2021] RAX: ffffffffffffffea RBX: 00007fea30603700 RCX: 00007fea30603700 [ 3415.745512][ T2021] RDX: 00000000003d0f00 RSI: 00007fea30602db0 RDI: 000000000040fa30 [ 3415.753513][ T2021] RBP: 00007ffc1533c230 R08: 00007fea306039d0 R09: 00007fea30603700 [ 3415.761515][ T2021] R10: 00007fea30602dc0 R11: 0000000000000246 R12: 0000000000000000 [ 3415.769484][ T2021] R13: 00007ffc1533c0df R14: 00007fea306039c0 R15: 000000000073bfac [ 3415.777930][ T2021] memory: usage 306972kB, limit 307200kB, failcnt 97556 [ 3415.784874][ T2021] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3415.792504][ T2021] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3415.799402][ T2021] Memory cgroup stats for /syz5: cache:124KB rss:99380KB rss_huge:0KB shmem:132KB mapped_file:0KB dirty:132KB writeback:0KB swap:0KB inactive_anon:132KB active_anon:99468KB inactive_file:4KB active_file:0KB unevictable:0KB 03:43:59 executing program 5: socket$inet_udplite(0x2, 0x2, 0x88) sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000002300)}, 0x0) clone(0x0, 0x0, 0x0, 0x0, 0x0) sysinfo(&(0x7f0000000000)=""/248) r0 = socket$inet(0x10, 0x3, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$sock_ifreq(r1, 0x89f1, &(0x7f0000000180)={'ip6tnl0\x00', @ifru_flags}) 03:43:59 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x4000, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:43:59 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_GET_REGS(0xffffffffffffffff, 0x8090ae81, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(0xffffffffffffffff, r0, 0x80000) stat(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)) getegid() mount$fuse(0x0, 0x0, &(0x7f0000000080)='fuse\x00', 0x0, 0x0) 03:43:59 executing program 1: r0 = socket$inet6(0xa, 0x5, 0x0) bind$inet6(r0, &(0x7f0000ef8cfd)={0xa, 0x4e23, 0x0, @loopback}, 0xf) setsockopt$inet_sctp6_SCTP_AUTOCLOSE(r0, 0x84, 0x4, &(0x7f0000000100)=0x6, 0x4) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r0, 0x84, 0x6b, &(0x7f000055bfe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) close(r0) 03:43:59 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000340)={0x0, 0x6300, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:43:59 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$inet(0x2, 0x2000000080003, 0xc) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f00000000c0)=@broute={'broute\x00\x00\x00\x00\x02\x00\x00\x00\x00t\x00', 0x20, 0x1, 0x178, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000800], 0x2, 0x0, &(0x7f0000000800)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe, 0x1, [{{{0x11, 0x0, 0x0, 'bcsf0\x00\x00\x00\x00\b\x00', 'veth0_to_bond\x00', 'vcan0\x00', 'vlan0\x00', @broadcast, [], @link_local, [], 0xb0, 0xb0, 0xe8, [@devgroup={'devgroup\x00', 0x18, {{0x38}}}]}}, @common=@dnat={'dnat\x00', 0x10, {{@link_local}}}}]}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}]}, 0x1f0) fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0) [ 3415.821203][ T2021] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=2021,uid=0 [ 3415.843131][ T2021] Memory cgroup out of memory: Killed process 2021 (syz-executor.5) total-vm:72580kB, anon-rss:160kB, file-rss:35724kB, shmem-rss:0kB [ 3415.864266][ T1044] oom_reaper: reaped process 2021 (syz-executor.5), now anon-rss:0kB, file-rss:34828kB, shmem-rss:0kB 03:43:59 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x4100, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:43:59 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$inet(0x2, 0x2000000080003, 0xc) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f00000000c0)=@broute={'broute\x00\x00\x00\x00\x02\x00\x00\x00\x00t\x00', 0x20, 0x1, 0x178, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000800], 0x2, 0x0, &(0x7f0000000800)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe, 0x1, [{{{0x11, 0x0, 0x0, 'bcsf0\x00\x00\x00\x00\b\x00', 'veth0_to_bond\x00', 'vcan0\x00', 'vlan0\x00', @broadcast, [], @link_local, [], 0xb0, 0xb0, 0xe8, [@devgroup={'devgroup\x00', 0x18, {{0x38}}}]}}, @common=@dnat={'dnat\x00', 0x10, {{@link_local}}}}]}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}]}, 0x1f0) fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0) 03:43:59 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="14040100220900000000000000000054d77989ca5f731ff3b62891a9b677d7277bb6f63260f2d210484fd866b9d81f8fe7abcadbb98ff1bbd71547c257082ecc451c75c6566591fcb9d9197be40040dd2816d9c263700a9f010693b985c5d206a425f1d458d9bc79cd8e9a2c2697628903f92d749dae6270b917a73ab0ea13b5d3f2f3bb8ccfc34f88dd3398cb3b2372"], 0x14}}, 0x0) fallocate(r0, 0x14, 0x0, 0x80000000) 03:43:59 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000340)={0x0, 0x6400, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:43:59 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x4200, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:43:59 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcs\x00', 0x20000, 0x0) getsockopt$bt_BT_RCVMTU(r1, 0x112, 0xd, &(0x7f0000000100)=0xfff, &(0x7f00000000c0)=0xfffffffffffffd12) epoll_ctl$EPOLL_CTL_DEL(r1, 0x2, r0) close(r0) openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000140)='/proc/thread-self/attr/current\x00', 0x2, 0x0) r2 = syz_open_dev$amidi(0x0, 0x0, 0x3001) r3 = open(&(0x7f0000002000)='./bus\x00', 0x141046, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ftruncate(r2, 0xfd6f) sendfile(r0, r3, 0x0, 0x80000000000f) setsockopt$inet_sctp6_SCTP_AUTOCLOSE(r2, 0x84, 0x4, &(0x7f0000000080)=0x7, 0x4) ioctl$SIOCX25SENDCALLACCPT(r2, 0x89e9) ioctl$TIOCLINUX7(r3, 0x541c, &(0x7f0000000040)={0x7, 0xfffffffffffffffa}) [ 3416.338002][ T2565] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3416.386031][ T2565] CPU: 1 PID: 2565 Comm: syz-executor.5 Not tainted 5.1.0-rc5-next-20190418 #28 [ 3416.395191][ T2565] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3416.405353][ T2565] Call Trace: [ 3416.408684][ T2565] dump_stack+0x172/0x1f0 [ 3416.413282][ T2565] dump_header+0x10f/0xb6c [ 3416.417812][ T2565] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3416.423651][ T2565] ? ___ratelimit+0x60/0x595 [ 3416.428256][ T2565] ? do_raw_spin_unlock+0x57/0x270 [ 3416.433464][ T2565] oom_kill_process.cold+0x10/0x15 [ 3416.438572][ T2565] out_of_memory+0x79a/0x1280 [ 3416.438589][ T2565] ? lock_downgrade+0x880/0x880 [ 3416.438612][ T2565] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3416.438626][ T2565] ? oom_killer_disable+0x280/0x280 [ 3416.438637][ T2565] ? find_held_lock+0x35/0x130 [ 3416.438661][ T2565] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3416.438677][ T2565] ? memcg_event_wake+0x230/0x230 [ 3416.470354][ T2565] ? do_raw_spin_unlock+0x57/0x270 [ 3416.480579][ T2565] ? _raw_spin_unlock+0x2d/0x50 [ 3416.480606][ T2565] try_charge+0x118d/0x1790 [ 3416.480625][ T2565] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3416.480644][ T2565] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3416.480660][ T2565] ? kasan_check_read+0x11/0x20 [ 3416.480676][ T2565] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3416.480696][ T2565] mem_cgroup_try_charge+0x24d/0x5e0 [ 3416.517885][ T2565] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3416.523636][ T2565] wp_page_copy+0x416/0x1770 [ 3416.533814][ T2565] ? do_wp_page+0x486/0x1500 [ 3416.538535][ T2565] ? pmd_pfn+0x1d0/0x1d0 [ 3416.542807][ T2565] ? lock_downgrade+0x880/0x880 [ 3416.547661][ T2565] ? swp_swapcount+0x540/0x540 [ 3416.552428][ T2565] ? kasan_check_read+0x11/0x20 [ 3416.557363][ T2565] ? do_raw_spin_unlock+0x57/0x270 [ 3416.562489][ T2565] do_wp_page+0x48e/0x1500 [ 3416.566921][ T2565] ? finish_mkwrite_fault+0x540/0x540 [ 3416.572518][ T2565] __handle_mm_fault+0x22e8/0x3ec0 [ 3416.577969][ T2565] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3416.583614][ T2565] ? find_held_lock+0x35/0x130 [ 3416.588475][ T2565] ? handle_mm_fault+0x292/0xa90 [ 3416.593753][ T2565] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3416.599982][ T2565] ? kasan_check_read+0x11/0x20 [ 3416.604822][ T2565] handle_mm_fault+0x3b7/0xa90 [ 3416.609593][ T2565] __do_page_fault+0x5ef/0xda0 [ 3416.614347][ T2565] do_page_fault+0x71/0x581 [ 3416.618923][ T2565] page_fault+0x1e/0x30 [ 3416.623200][ T2565] RIP: 0010:copy_user_enhanced_fast_string+0xe/0x20 [ 3416.629953][ T2565] Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 89 d1 f3 a4 [ 3416.649741][ T2565] RSP: 0018:ffff88820bcbfdc0 EFLAGS: 00010206 [ 3416.656062][ T2565] RAX: ffffed1041797fd5 RBX: 0000000000000070 RCX: 0000000000000070 [ 3416.664156][ T2565] RDX: 0000000000000070 RSI: ffff88820bcbfe38 RDI: 0000000020000000 [ 3416.672589][ T2565] RBP: ffff88820bcbfdf8 R08: 1ffff11041797fc7 R09: ffffed1041797fd5 [ 3416.680760][ T2565] R10: ffffed1041797fd4 R11: ffff88820bcbfea7 R12: 0000000020000000 [ 3416.688896][ T2565] R13: ffff88820bcbfe38 R14: 0000000020000070 R15: 00007ffffffff000 [ 3416.697085][ T2565] ? _copy_to_user+0xf7/0x120 [ 3416.701785][ T2565] __do_sys_sysinfo+0x92/0xf0 [ 3416.706454][ T2565] ? do_sysinfo+0x390/0x390 [ 3416.711070][ T2565] ? lockdep_hardirqs_on+0x418/0x5d0 [ 3416.716373][ T2565] ? trace_hardirqs_on+0x67/0x230 [ 3416.721602][ T2565] __x64_sys_sysinfo+0x31/0x40 [ 3416.726356][ T2565] do_syscall_64+0x103/0x670 [ 3416.730961][ T2565] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3416.736933][ T2565] RIP: 0033:0x458c29 [ 3416.740990][ T2565] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3416.760915][ T2565] RSP: 002b:00007fea30602c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000063 [ 3416.769546][ T2565] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000458c29 [ 3416.777520][ T2565] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000000 [ 3416.785507][ T2565] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 3416.793473][ T2565] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fea306036d4 [ 3416.801437][ T2565] R13: 00000000004c7514 R14: 00000000004dd460 R15: 00000000ffffffff [ 3416.812169][ T2565] memory: usage 307200kB, limit 307200kB, failcnt 97595 [ 3416.819408][ T2565] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3416.827044][ T2565] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3416.833964][ T2565] Memory cgroup stats for /syz5: cache:124KB rss:99380KB rss_huge:0KB shmem:132KB mapped_file:0KB dirty:132KB writeback:0KB swap:0KB inactive_anon:132KB active_anon:99468KB inactive_file:4KB active_file:0KB unevictable:0KB [ 3416.855618][ T2565] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=13015,uid=0 [ 3416.871768][ T2565] Memory cgroup out of memory: Killed process 13015 (syz-executor.5) total-vm:72448kB, anon-rss:156kB, file-rss:34816kB, shmem-rss:0kB [ 3416.890917][ T1044] oom_reaper: reaped process 13015 (syz-executor.5), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 3416.913610][ T2548] syz-executor.5 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 3416.925787][ T2548] CPU: 1 PID: 2548 Comm: syz-executor.5 Not tainted 5.1.0-rc5-next-20190418 #28 [ 3416.935012][ T2548] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3416.945495][ T2548] Call Trace: [ 3416.948796][ T2548] dump_stack+0x172/0x1f0 [ 3416.953167][ T2548] dump_header+0x10f/0xb6c [ 3416.957597][ T2548] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3416.963399][ T2548] ? ___ratelimit+0x60/0x595 [ 3416.968007][ T2548] ? do_raw_spin_unlock+0x57/0x270 [ 3416.973176][ T2548] oom_kill_process.cold+0x10/0x15 [ 3416.978321][ T2548] out_of_memory+0x79a/0x1280 [ 3416.983029][ T2548] ? lock_downgrade+0x880/0x880 [ 3416.987874][ T2548] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3416.994227][ T2548] ? oom_killer_disable+0x280/0x280 [ 3416.999534][ T2548] ? find_held_lock+0x35/0x130 [ 3417.004321][ T2548] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3417.009970][ T2548] ? memcg_event_wake+0x230/0x230 [ 3417.015158][ T2548] ? do_raw_spin_unlock+0x57/0x270 [ 3417.020378][ T2548] ? _raw_spin_unlock+0x2d/0x50 [ 3417.025247][ T2548] try_charge+0x118d/0x1790 [ 3417.029751][ T2548] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3417.035293][ T2548] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 3417.040943][ T2548] ? find_held_lock+0x35/0x130 [ 3417.045718][ T2548] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 3417.051260][ T2548] __memcg_kmem_charge_memcg+0x7c/0x130 [ 3417.056895][ T2548] ? memcg_kmem_put_cache+0xb0/0xb0 [ 3417.062267][ T2548] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3417.067802][ T2548] __memcg_kmem_charge+0x136/0x300 [ 3417.072906][ T2548] __alloc_pages_nodemask+0x437/0x7e0 [ 3417.078265][ T2548] ? __pud_alloc+0x1d3/0x250 [ 3417.082842][ T2548] ? __alloc_pages_slowpath+0x28b0/0x28b0 [ 3417.088641][ T2548] ? __pud_alloc+0x1d3/0x250 [ 3417.093227][ T2548] ? lock_downgrade+0x880/0x880 [ 3417.098127][ T2548] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3417.104360][ T2548] alloc_pages_current+0x107/0x210 [ 3417.109458][ T2548] ? do_raw_spin_unlock+0x57/0x270 [ 3417.114835][ T2548] __pmd_alloc+0x41/0x460 [ 3417.119314][ T2548] ? pmd_val+0x100/0x100 [ 3417.123695][ T2548] pmd_alloc+0x10c/0x180 [ 3417.128028][ T2548] copy_page_range+0x63c/0x1fc0 [ 3417.132902][ T2548] ? anon_vma_fork+0x371/0x4a0 [ 3417.137700][ T2548] ? pmd_alloc+0x180/0x180 [ 3417.142221][ T2548] ? vma_gap_callbacks_rotate+0x62/0x80 [ 3417.147875][ T2548] ? validate_mm_rb+0xa3/0xc0 [ 3417.153186][ T2548] ? __vma_link_rb+0x279/0x370 [ 3417.158319][ T2548] copy_process.part.0+0x5afb/0x7a90 [ 3417.163791][ T2548] ? __cleanup_sighand+0x60/0x60 [ 3417.168731][ T2548] _do_fork+0x257/0xfd0 [ 3417.172967][ T2548] ? fork_idle+0x1d0/0x1d0 [ 3417.177393][ T2548] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3417.183239][ T2548] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3417.188701][ T2548] ? do_syscall_64+0x26/0x670 [ 3417.193378][ T2548] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3417.199450][ T2548] ? do_syscall_64+0x26/0x670 [ 3417.204217][ T2548] __x64_sys_clone+0xbf/0x150 [ 3417.208914][ T2548] do_syscall_64+0x103/0x670 [ 3417.213732][ T2548] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3417.219623][ T2548] RIP: 0033:0x458c29 [ 3417.223521][ T2548] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3417.243305][ T2548] RSP: 002b:00007fea30623c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 3417.251928][ T2548] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000458c29 [ 3417.260224][ T2548] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 3417.268464][ T2548] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 3417.276555][ T2548] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fea306246d4 [ 3417.285133][ T2548] R13: 00000000004befd3 R14: 00000000004d0020 R15: 00000000ffffffff [ 3417.293950][ T2548] memory: usage 307032kB, limit 307200kB, failcnt 97633 [ 3417.301073][ T2548] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3417.308777][ T2548] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3417.315623][ T2548] Memory cgroup stats for /syz5: cache:124KB rss:99512KB rss_huge:0KB shmem:132KB mapped_file:0KB dirty:132KB writeback:0KB swap:0KB inactive_anon:132KB active_anon:99468KB inactive_file:4KB active_file:0KB unevictable:0KB 03:44:00 executing program 5: socket$inet_udplite(0x2, 0x2, 0x88) sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000002300)}, 0x0) clone(0x0, 0x0, 0x0, 0x0, 0x0) sysinfo(&(0x7f0000000000)=""/248) r0 = socket$inet(0x10, 0x3, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$sock_ifreq(r1, 0x89f1, &(0x7f0000000180)={'ip6tnl0\x00', @ifru_flags}) 03:44:00 executing program 1: r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000080)='/dev/hwrng\x00', 0x80, 0x0) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, &(0x7f00000000c0)={0x0, 0x8}, &(0x7f0000000140)=0x8) setsockopt$inet_sctp_SCTP_PR_SUPPORTED(r0, 0x84, 0x71, &(0x7f0000000180)={r1, 0x9}, 0x8) r2 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$inet_sctp_SCTP_RECVNXTINFO(r0, 0x84, 0x21, &(0x7f00000001c0), &(0x7f0000000200)=0x4) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) bind$bt_l2cap(r3, &(0x7f0000000040), 0xe) getsockopt$bt_BT_SNDMTU(r3, 0x112, 0x7, 0x0, &(0x7f0000000100)) getsockopt$EBT_SO_GET_INIT_ENTRIES(r0, 0x0, 0x83, &(0x7f0000000380)={'nat\x00', 0x0, 0x3, 0xf1, [], 0x1, &(0x7f0000000240)=[{}], &(0x7f0000000280)=""/241}, &(0x7f0000000400)=0x78) 03:44:00 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$inet(0x2, 0x2000000080003, 0xc) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f00000000c0)=@broute={'broute\x00\x00\x00\x00\x02\x00\x00\x00\x00t\x00', 0x20, 0x1, 0x178, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000800], 0x2, 0x0, &(0x7f0000000800)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe, 0x1, [{{{0x11, 0x0, 0x0, 'bcsf0\x00\x00\x00\x00\b\x00', 'veth0_to_bond\x00', 'vcan0\x00', 'vlan0\x00', @broadcast, [], @link_local, [], 0xb0, 0xb0, 0xe8, [@devgroup={'devgroup\x00', 0x18, {{0x38}}}]}}, @common=@dnat={'dnat\x00', 0x10, {{@link_local}}}}]}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}]}, 0x1f0) fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0) 03:44:00 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000340)={0x0, 0x6500, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:44:00 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x4300, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:44:00 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f319bd070") r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000180)='/dev/hwrng\x00', 0x400882, 0x0) ioctl$SG_SET_DEBUG(r1, 0x227e, &(0x7f0000000040)=0x1) r2 = syz_open_dev$dri(&(0x7f00000000c0)='/dev/dri/card#\x00', 0x0, 0x0) ioctl(r2, 0xffffffffbfffbfb4, 0x0) [ 3417.337427][ T2548] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=2429,uid=0 [ 3417.352905][ T2548] Memory cgroup out of memory: Killed process 2429 (syz-executor.5) total-vm:72580kB, anon-rss:164kB, file-rss:35716kB, shmem-rss:0kB 03:44:01 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/qat_adf_ctl\x00', 0x4000, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x2400, 0x7) r2 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x1, 0x0, 0x0, 0x0, 0x0, 0x7fff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r2, 0x40082404, &(0x7f0000000000)=0x2000000) 03:44:01 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x4400, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:44:01 executing program 1: r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dsp\x00', 0x2, 0x0) ioctl$int_in(r0, 0x80000040045010, &(0x7f0000000040)) write(r0, &(0x7f0000001280)="330e411ebc6ab9e22046da60820b49c70ddf5c8cb2914c763cafd066932b612535d863c339ca73eb9255d0f8c9412349e80707735ce95a2ecf85aab176b7a24f0ab0b4c1b9509c9ad9bb8c0f1b749503a62d0a561edbbe143b4b7442ae5026e2dc95bb8abd4d4ac29504613c4e852d79b702b2dd869331f8ac23b7366857e77282b16b2e09bcc5970ee4cc92af3e001d0a8cdfe4afaad7b8c7e65881b2862673600401628dd001a4e7f3a6c5873c6d48897870fd743a814f7d81343d929297870e4b65dedcb43bb5d8305de77a83d24652052a92b77d92fc3c0e53af3ab5acb68b6036abc338645f401ee5dc52e271f987057051ee179f42fd162830587135280d2214168259a247827dfc99340c4cf43ebd93d3c82640f2aa23f004d4676a11ccda5cc2505ca5000f48a4bc9bfece6708cc0277fdba3a24c6f7a4b2fab5f1911253e1080ea3410896a423ddb4a2f6fdf52d061d1405326982d8a0f6a935e5fb504c6bbde4c31e134612bf24d32c152d47bdc8f4741936397627bdf958f48cb1ad27739923946359fbe347c006d30c0ef9ca12aab0299d343e91d626340fd1c31eb330cc2e36f4362a50868d26cdcf6b4b6a42df4fd6ad8d107ae547fd0e41c7df81231febf6cd3c7e622bca4069ee78213b5c47dafe13fb2ad40ab7ad0f7623292af0359f46d7bb18f9bf149ffb98c030c0bfe565de2adbf691f0adb9dee670bdd69cd7345a0493ddcba0479bb2d571c86e27b02dc93bd0cb219bafb963a5d358b36f2a4d7bc0212fb45614686ab139fc8a5f80ecec157dbef8f51ee5fc027b89d215351bb5e7f01eec8759dbc845767444011dfff58c5c90a2472a0b374cc388cee853af5c382301f2fdf2dbacd91d4e31395bc21779535035524a05aa8001bee805c98f471f873a7c3e74b9b59ad0837ec333714b998b109d325271bb95c65e9665ec663c39b9a8d4947d543e65f09fddc86b17a379a28650336223e1578db8962dd7e4b113fc133ef39c49b0ecc75a117acf42a22d359465d5ad7bac98f734e6d36b2ba690c3392af114438cf425cd00e3b71cf7c789413f6d2019a05e25903264a7d80ba4b21863f579252adb5bab3f251959699897267552ae930091b226032400e08ab1b5549e67edb5e3f55c50eab0ac39a02bfad6dc6ae1759f16747260e9a09fd1c8686030f17d23554df1922914134b44e540615415947cf0dec8cf168c849afb8fc169dc9785e79e0a15eac8c09276a0610c8a6c04cacd376e297af43148a467d314511e9c5a1608217ebbf90ccbc033f9193d2c0e50c79bbda873c4875ad794294e2d079a288077d9aacb91ffe7c40632e2ef8ed0e4c9bffc4ab3bdf00f7ed7c84dcf9c7d7a20ebd5cca7efcfa3ffa1ab6cf19fefa1c4bc4a0f5cbefc1ab857fc2819dc26db8188ba92c247908394c9dbcf5510512624155013d9fdcc12ee102ef2dac8cc93ede90baa8fd211b47d8699b42cfdaaf38866f2bbdcce5e111027a516f9513f93178179b2ee824bfefef486db8a5e5515fd2b061e8740204ff2115c44f396f009dd0e5f463532454e7fcaadbf1550ddab5b0ac60bc72e01486e50d7c20b019bb0475262a737f7c7b94dd6cc5be2048b51e88c7163c859f30d0e36c290c1e0816d357e716ab4da751d34b9e4920d473d82571983ab51d02f2880a8231806c486ea190d1132ed75e2874f64f1b9f17531a55fcc3b6178b4e4ae44fd2934d5ec81ab91a2dc4a7bed19b227f72a198321e68325a1ec94b4acb85eeb1e29e6e92f13a8565f8dcd8e1ff16d6652e30cc64c2e9797174e19282733f6bfcd8383a3e98ea5648906eff0a169e4b567b2b4420d2bf0754476c440bcaaf5669183acf2209af4a3742e4ccc579ea1b43d5c397bceffbb3fb079ae98c1ed76a58fb7c0067c7399a2f150d31f6af83c47ba9a9e8360b60aaa3c33ef789ad91e5a237cc5220bca02d63766714aed475bb106e7fd385eaf2eb1d80488ab5cf8a744fe8c20f949f24134dee9c24e78052cae3a31986c2bc2f70c4bf3e4cb9d7a14effd2244c2fec460d8a50a15d565e47a6c66e8846d1b5903daf8d6e14979f97d83df255a9688fa19446ae2252939475b4fa509b4a1d9b74ee200cc563fad35bd19fb0b7c37207cfd8b471fa88ec1787892e5386712f780db43140700921579c9028fa110146074ae0f70c11aab280ff8fdf2af721273ce576560d3b9ade0b0e7bb7eb58251c0884bdb4b101db31060a99711fd744ce1c25fb1ed838b0bc87157f8b0667515a2aa8143fa423bf529448240805e0cd157a297aff2042ad1ec7de64c75ad756650f4a4f3b5e7c3c2894e57a5f3d8a9c3cdff5269c8f24240a9fe5782571ce14f78f1c7b02a8af20bf65bf69bcada167f4f5fef6c3bfc70026ec7f83d0a7e252f5d35a0056c91281610ec1ade9cbd38959faa206a9eb1d244d6ae52ca4429f48609cca0553ca00dd8103246544f3a085f22d9e3a6b6cdaa7f1d4755921135cb942346eccd536b8030b4cb6a77fd8d18c375a2d4170ef27179bdeaf921b5fe3f2c98e199e85446f575759cc92ef44892864606d47b4ad139ce90d753f52627855f931e60fa42ab4fa7c692d8dee59738a33743adecc8e0c5ca6b6f4cc8c0f7e6a3608a19be3ebb11aafc36d8a9dcbd2cc14439429892136b63291f0350c40401f65ffd0621b5e2f4cc3ad0324eff2af082924069e86a7a287f6c7eb5e828a0caca5ec1a2c69815be9adf4ab295de9198b04e33307829d823b3f96d0085538be092f3e901e1bd0f1cdbfbaa0eb3d8a90186e567dfdd385c0ac2ef2f471c5a62e0435fa28057d010fbbf8c316058b242615236387e7859c54b6ad1b77745e070345152630ec18f781b238449f690c4a9a2f7571b5337c038361eabc8ba689a42501788d57a792224c7d65d38575f0a3a6b5a859bbc92bf36906e6ef21fa8534ede1b805f4a3f5d70fb7315eb26f8ffdbc95e17e20160c799ebfcdc84acd3ea62cf582035cff40c706e8743e4013100280ade243bce2ec63e4e2724c639674aedd18c36f249b259adbe9373211cf600361675c5b76267f46f8fd47d218bb103817bb00bdd1bb5f9882d38e01515c7e69cedac8cbd72904a2421870c364363fc54a73a5bcf772aba64ce4cf77cae81e45f5c38348b98f3e5e7e00858e1f783604e0f517b895b95c4fc1e931147d43bf50426ad42b10c49491351a4bee4b4b7749491d943fee8a9024cd042c5c7534220f7ef83b041cf4abeff7b89eb7d87010ee9d9ff2cf720bfc9e94e470aa4a75725d2d7f0c2a840192bf4689e84b0039b88fec0742725f0f932cd0ea0a0b5466ee25bae00f56405010c08ef18ba6b7e372eca6feca503af55cc48ca9fc747fcaa60032544fbf44cdde77de92c713d06b6303f54a2c0be242274bbb3c3c3edf42dafdd7318930a6e9384937c4e6bc617431d8596aa9325b2a41243165667550071483b25b3f4b8cae395bf5299a82dddd6becd404d36a57bb04c5ccf1dbee4e01f212816eb739d680a3e26c8f76cfbcc7285e556bc353bac4dd6d9b31bd98b30f6ae50d0a191e572c50fec7b8a12c730fcdcbfce846fe578a55f08ad30ef707992490c45e00d7476118126ffcaafc64da6cd0089e26cb2228c5adadb7634f93060aa1070be670cd4591cd3ac3e7652c002ba0516379343ff112a26b3f4cfe508b5ddea51f6aca59d4abe7e37e05818fa27de16ad006304259579282b7462b0fc42e1d0c1c707f83b708d0366756882af97ecb11aae19766e6e01af544764c89c10f19b9ad93e7d50e358052922b6e296477c8ef8f377de49cb038006913a91bf161ee6e3ad8c9486793dfe40f2db1428ead3189446e8c3add7540446967ea95fdefec9ac648904d341ef9a83f3e3f74b2b0cf3b54cdebd50c1b7fdba3b1989f1cca99c5a1b7398a2a0bc65ae303d643c33772901db7fad9a6c4d3d255ca0288e1698c96c5b42e276c2c98090b96732d475e7f047a1af859f31765072f7465e4731062a39be6e05a608743ae394582b7d90aeb962eb48c2a299553a67be864a8db506e1b358e9a08c49247bcb71d9839c7d4a6fc495f4944ea0968fc0fda7ac5a1a1ece9a5e42324ee494f4b216f1eab20a2cbacfeebe28b8045adc4a71190fdad569c4a2dd565a8f99636a4dd9f76764250fb10fc2fe2f7682b067a5cad7fc3d79a32a8eee587ddf56d3f399c1fdb9c9ede18ed288b13cea53c1079d083ad8be89edf95c8f3b34a194553d30b8d384608f1e536b6c22ad2748fca35e46e1d824fb087f0b48574c51d555334b250230cc0e513f46ee41253cb5e4d2bc16853dd6856f9ddcf5944a91302ba0d7cd8a7dff4de3d817a301bd92c31e989e4e9e4851f59efddbbb3e1790dd573e47dff312d0cd175ce66ef91a527ce22756bcbf88212be17f5bf4d0bb88b186d1c57a85b6466975d565223e6145ec52d2acbae25216e58a904fd2096ba6d0c6965a70c3f552271ba7b1071165bfa8bf706be710214a5c1b9d7936fb9382d4d8071bc1c3da1195db7ffb3520566bbac0165e1dbe001d420f60a8bc679c793501e847fee2d2242f8f512bf2f27e12587fff67fc72f9fbabbda355da81ecad7756277d068be96fab3a08a77605a9a3a343a98594817094512ab82caaea7291804e26c514287720a08901738326a01855565bc586b7c147ebf535edd383c79f7ab425c5972aae27aa9d03e3c4b94121e53472365577e95cfe16903da0a7d5ff825da28c8245e9735de85349b9788fd948da11796168e4df7969727859079cbb0fe290589320fbbb9955e25bdaa16b27d5efab2e65a313ccdf32e131a704b5240f6ce28c14edb7c8fed6d131fe58a89c1c20398da0ce0a27595155661f0cb76d33e3a2a4c3128eb2f9167e88c2f99d2dd70e3fc5a10b509018768ed8e5d5ad9f90368c8837a05b7e68b1d4f59d51b63d10c5c1e5efaa3ced42fd2ab06d254162a74d321558e6240428658d92140339f00753a099961665bfd86fdce5fdd09543060d90827cfce696a4033a7a2bd960f542e8f3f09d1179f0c3cb18f0cb0005f7ec48ef1dc33f80ae287ac8bd9e106d1a6182512dff6fe83715a3f9921ef95ad57623642b0adad8787a5181fc5f4ecf1efc25bbe86d5a6ae57cddf49ba006c9642e7b26377b9235f330b9b061b97f4352a0e19ea7ded0f7812a3731d8ef24339b5376c779b8e3a260b0b849843265977843a80a312a5c3ead66fbb18d7016e885f35a681880b39fd83fb637c460395f33505b3a5e634b34b994787172597e814fb3a9d3ba4a5752b906eedcb116461b99f262e2476b89b74109f800a6ff08f78603a61f31a8e5fd6409eaaf31c1d3e4ea2117b919267a318020c5dfc48da8850dc90e6f625c7028fb9b576b1206533b4f041d6cad417d1928a604acf6e2c85395f62a30f1d36f35a88015f60ae24a135e77ebafec8fbd3b2b6cccd0a23f8bbde57189ff58b8e9de94721d4b7098c89dfe1920a8f9ac7b6f2aa3337e2ce6d2e0506c22ead011e57a0a6e7e5177c2411e1ebb8a41acee3dd921e965a784e4811ebe06c5a735d18cf8a11e2e1af691314618cfc6ad1df1a13fa07640f5ea2c07641ad6e5348d7714cf9c95b9456b05fff0306005d4ca8165921841b12f91cbfdf46e15e0b3cd7f5f07cd0f77d34c14c4a5573f5ed8395d5e2332ece81f84b6cc6b2a06d4eff6342252b517db29fffea7a413a73d34c000b30d56b55e50ce3e784118cec4bb7c2bb42d2b969e4ea2bd2ad55d1c08d4106eac014071293050e7b3f3cb00000000", 0xb6c) clock_adjtime(0x0, &(0x7f0000001180)={0x5, 0x400, 0x1, 0x80, 0x2, 0x9, 0x9, 0x81, 0x400, 0x40, 0x20, 0x7fff, 0x5, 0x0, 0x0, 0xff, 0x2, 0x3, 0xf3, 0x8000, 0x132, 0x2, 0x400, 0x40, 0x9, 0xf911}) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r0, 0x40505412, &(0x7f0000000080)={0x1, 0x3f, 0x2, 0x0, 0x7}) ioctl$RTC_EPOCH_SET(r0, 0x4008700e, 0x1) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000ffd000/0x2000)=nil, 0x2000}, 0x3}) 03:44:01 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$inet(0x2, 0x2000000080003, 0xc) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f00000000c0)=@broute={'broute\x00\x00\x00\x00\x02\x00\x00\x00\x00t\x00', 0x20, 0x1, 0x178, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000800], 0x2, 0x0, &(0x7f0000000800)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe, 0x1, [{{{0x11, 0x0, 0x0, 'bcsf0\x00\x00\x00\x00\b\x00', 'veth0_to_bond\xff\xff\xff', 'vcan0\x00', 'vlan0\x00', @broadcast, [], @link_local, [], 0xb0, 0xb0, 0xe8, [@devgroup={'devgroup\x00', 0x18, {{0x38}}}]}}, @common=@dnat={'dnat\x00', 0x10, {{@link_local}}}}]}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}]}, 0x1f0) fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0) 03:44:01 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000340)={0x0, 0x6600, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:44:01 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000100)='/dev/qat_adf_ctl\x00', 0x40400, 0x0) ioctl$SNDRV_RAWMIDI_IOCTL_INFO(r1, 0x810c5701, &(0x7f0000000240)) r2 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000200)='/dev/sequencer\x00', 0x2, 0x0) ioctl$BLKREPORTZONE(0xffffffffffffffff, 0xc0101282, &(0x7f0000000080)=ANY=[@ANYBLOB="000000000000000001000000000000767530c66837d2ace69e4c7c0000000000000000001400000000000000000000000000000081069e32d6c00000000000e5983770051f000000000000000000000000000000400000000000006dc1126c3811417e07a1ccb817e232b1b82f460c792c9c8204102664ef362d1e"]) write$sndseq(r2, &(0x7f0000000040)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @quote}], 0xff33) [ 3417.753650][ T2820] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3417.782693][ T2947] QAT: Invalid ioctl [ 3417.816262][ T2947] QAT: Invalid ioctl [ 3417.823709][ T2820] CPU: 0 PID: 2820 Comm: syz-executor.5 Not tainted 5.1.0-rc5-next-20190418 #28 [ 3417.832777][ T2820] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3417.842846][ T2820] Call Trace: [ 3417.846195][ T2820] dump_stack+0x172/0x1f0 [ 3417.850567][ T2820] dump_header+0x10f/0xb6c [ 3417.855345][ T2820] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3417.855363][ T2820] ? ___ratelimit+0x60/0x595 [ 3417.855385][ T2820] ? do_raw_spin_unlock+0x57/0x270 [ 3417.865770][ T2820] oom_kill_process.cold+0x10/0x15 [ 3417.865789][ T2820] out_of_memory+0x79a/0x1280 [ 3417.865806][ T2820] ? lock_downgrade+0x880/0x880 [ 3417.865825][ T2820] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3417.891872][ T2820] ? oom_killer_disable+0x280/0x280 [ 3417.897199][ T2820] ? find_held_lock+0x35/0x130 [ 3417.902059][ T2820] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3417.907893][ T2820] ? memcg_event_wake+0x230/0x230 [ 3417.913224][ T2820] ? do_raw_spin_unlock+0x57/0x270 [ 3417.918444][ T2820] ? _raw_spin_unlock+0x2d/0x50 [ 3417.923315][ T2820] try_charge+0x118d/0x1790 [ 3417.927837][ T2820] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3417.933390][ T2820] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3417.933409][ T2820] ? kasan_check_read+0x11/0x20 [ 3417.933429][ T2820] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3417.944591][ T2820] mem_cgroup_try_charge+0x24d/0x5e0 [ 3417.944611][ T2820] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3417.944630][ T2820] wp_page_copy+0x416/0x1770 [ 3417.966343][ T2820] ? do_wp_page+0x486/0x1500 [ 3417.971133][ T2820] ? pmd_pfn+0x1d0/0x1d0 [ 3417.988485][ T2820] ? lock_downgrade+0x880/0x880 [ 3417.994538][ T2820] ? swp_swapcount+0x540/0x540 [ 3417.999798][ T2820] ? kasan_check_read+0x11/0x20 [ 3418.004924][ T2820] ? do_raw_spin_unlock+0x57/0x270 [ 3418.010311][ T2820] do_wp_page+0x48e/0x1500 [ 3418.015357][ T2820] ? finish_mkwrite_fault+0x540/0x540 [ 3418.020756][ T2820] __handle_mm_fault+0x22e8/0x3ec0 [ 3418.026017][ T2820] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3418.031695][ T2820] ? find_held_lock+0x35/0x130 [ 3418.036650][ T2820] ? handle_mm_fault+0x292/0xa90 [ 3418.041596][ T2820] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3418.048022][ T2820] ? kasan_check_read+0x11/0x20 [ 3418.052964][ T2820] handle_mm_fault+0x3b7/0xa90 [ 3418.057742][ T2820] __do_page_fault+0x5ef/0xda0 [ 3418.062514][ T2820] do_page_fault+0x71/0x581 [ 3418.067018][ T2820] ? page_fault+0x8/0x30 [ 3418.071345][ T2820] page_fault+0x1e/0x30 [ 3418.075498][ T2820] RIP: 0033:0x40de98 [ 3418.079686][ T2820] Code: 8b 34 c6 4a 8d 04 2e 48 3d ff ff ff 7e 0f 86 77 ff ff ff bf 2c e2 4b 00 31 c0 e8 83 3a ff ff 31 ff e8 cc 36 ff ff 0f 1f 40 00 <89> 3c b5 00 00 73 00 eb b6 31 ed 0f 1f 44 00 00 80 3d ce 25 64 00 [ 3418.099666][ T2820] RSP: 002b:00007ffc1533c090 EFLAGS: 00010246 [ 3418.105752][ T2820] RAX: 0000000036286fea RBX: 0000000013ae6128 RCX: 0000001b2e620000 [ 3418.113836][ T2820] RDX: 0000000000000000 RSI: 0000000000000fea RDI: ffffffff36286fea [ 3418.122704][ T2820] RBP: 0000000000000001 R08: 0000000036286fea R09: 0000000036286fee [ 3418.130873][ T2820] R10: 00007ffc1533c220 R11: 0000000000000246 R12: 000000000073bf88 [ 3418.139021][ T2820] R13: 0000000080000000 R14: 00007fea32625008 R15: 0000000000000010 [ 3418.149038][ T2820] memory: usage 307200kB, limit 307200kB, failcnt 97664 [ 3418.167288][ T2820] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3418.174986][ T2820] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3418.182004][ T2820] Memory cgroup stats for /syz5: cache:124KB rss:99512KB rss_huge:0KB shmem:132KB mapped_file:0KB dirty:132KB writeback:0KB swap:0KB inactive_anon:132KB active_anon:99468KB inactive_file:4KB active_file:0KB unevictable:0KB [ 3418.203823][ T2820] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=13565,uid=0 [ 3418.219601][ T2820] Memory cgroup out of memory: Killed process 13565 (syz-executor.5) total-vm:72448kB, anon-rss:156kB, file-rss:34816kB, shmem-rss:0kB [ 3418.235379][ T1044] oom_reaper: reaped process 13565 (syz-executor.5), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 3418.264691][ T2852] syz-executor.5 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 3418.276906][ T2852] CPU: 0 PID: 2852 Comm: syz-executor.5 Not tainted 5.1.0-rc5-next-20190418 #28 [ 3418.285994][ T2852] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3418.296414][ T2852] Call Trace: [ 3418.299737][ T2852] dump_stack+0x172/0x1f0 [ 3418.304081][ T2852] dump_header+0x10f/0xb6c [ 3418.308512][ T2852] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3418.314469][ T2852] ? ___ratelimit+0x60/0x595 [ 3418.319074][ T2852] ? do_raw_spin_unlock+0x57/0x270 [ 3418.324316][ T2852] oom_kill_process.cold+0x10/0x15 [ 3418.329554][ T2852] out_of_memory+0x79a/0x1280 [ 3418.334234][ T2852] ? lock_downgrade+0x880/0x880 [ 3418.339197][ T2852] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3418.345814][ T2852] ? oom_killer_disable+0x280/0x280 [ 3418.351091][ T2852] ? find_held_lock+0x35/0x130 [ 3418.355981][ T2852] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3418.361620][ T2852] ? memcg_event_wake+0x230/0x230 [ 3418.366647][ T2852] ? do_raw_spin_unlock+0x57/0x270 [ 3418.371759][ T2852] ? _raw_spin_unlock+0x2d/0x50 [ 3418.376741][ T2852] try_charge+0x118d/0x1790 [ 3418.381794][ T2852] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3418.387365][ T2852] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 3418.393104][ T2852] ? find_held_lock+0x35/0x130 [ 3418.397919][ T2852] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 3418.403492][ T2852] __memcg_kmem_charge_memcg+0x7c/0x130 [ 3418.409144][ T2852] ? memcg_kmem_put_cache+0xb0/0xb0 [ 3418.414531][ T2852] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3418.420189][ T2852] __memcg_kmem_charge+0x136/0x300 [ 3418.425456][ T2852] __alloc_pages_nodemask+0x437/0x7e0 [ 3418.430914][ T2852] ? __alloc_pages_slowpath+0x28b0/0x28b0 [ 3418.436656][ T2852] ? save_stack+0x45/0xb0 [ 3418.440988][ T2852] ? __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 3418.446798][ T2852] ? kasan_slab_alloc+0xf/0x20 [ 3418.451571][ T2852] ? kmem_cache_alloc+0x11a/0x6f0 [ 3418.456891][ T2852] ? anon_vma_fork+0x1ea/0x4a0 [ 3418.461833][ T2852] ? copy_process.part.0+0x3547/0x7a90 [ 3418.467834][ T2852] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3418.474335][ T2852] alloc_pages_current+0x107/0x210 [ 3418.479477][ T2852] get_zeroed_page+0x14/0x50 [ 3418.484073][ T2852] __pud_alloc+0x3b/0x250 [ 3418.488673][ T2852] pud_alloc+0xde/0x150 [ 3418.493200][ T2852] copy_page_range+0x383/0x1fc0 [ 3418.498165][ T2852] ? anon_vma_fork+0x371/0x4a0 [ 3418.503112][ T2852] ? pmd_alloc+0x180/0x180 [ 3418.507711][ T2852] ? vma_gap_callbacks_rotate+0x62/0x80 [ 3418.513375][ T2852] ? validate_mm_rb+0xa3/0xc0 [ 3418.518185][ T2852] ? __vma_link_rb+0x279/0x370 [ 3418.523080][ T2852] copy_process.part.0+0x5afb/0x7a90 [ 3418.533756][ T2852] ? __cleanup_sighand+0x60/0x60 [ 3418.539078][ T2852] _do_fork+0x257/0xfd0 [ 3418.543268][ T2852] ? fork_idle+0x1d0/0x1d0 [ 3418.547711][ T2852] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3418.553356][ T2852] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3418.558825][ T2852] ? do_syscall_64+0x26/0x670 [ 3418.563566][ T2852] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3418.569833][ T2852] ? do_syscall_64+0x26/0x670 [ 3418.574630][ T2852] __x64_sys_clone+0xbf/0x150 [ 3418.579498][ T2852] do_syscall_64+0x103/0x670 [ 3418.584353][ T2852] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3418.590494][ T2852] RIP: 0033:0x458c29 [ 3418.594512][ T2852] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3418.614429][ T2852] RSP: 002b:00007fea30623c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 3418.624023][ T2852] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000458c29 [ 3418.632779][ T2852] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 3418.641100][ T2852] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 3418.649220][ T2852] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fea306246d4 [ 3418.657322][ T2852] R13: 00000000004befd3 R14: 00000000004d0020 R15: 00000000ffffffff [ 3418.666835][ T2852] memory: usage 306996kB, limit 307200kB, failcnt 97690 [ 3418.674005][ T2852] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3418.681755][ T2852] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3418.688915][ T2852] Memory cgroup stats for /syz5: cache:124KB rss:99512KB rss_huge:0KB shmem:132KB mapped_file:0KB dirty:132KB writeback:0KB swap:0KB inactive_anon:132KB active_anon:99468KB inactive_file:4KB active_file:0KB unevictable:0KB 03:44:02 executing program 5: socket$inet_udplite(0x2, 0x2, 0x88) sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000002300)}, 0x0) clone(0x0, 0x0, 0x0, 0x0, 0x0) sysinfo(&(0x7f0000000000)=""/248) r0 = socket$inet(0x10, 0x3, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$sock_ifreq(r1, 0x89f1, &(0x7f0000000180)={'ip6tnl0\x00', @ifru_flags}) 03:44:02 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x4500, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:44:02 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$inet(0x2, 0x2000000080003, 0xc) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f00000000c0)=@broute={'broute\x00\x00\x00\x00\x02\x00\x00\x00\x00t\x00', 0x20, 0x1, 0x178, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000800], 0x2, 0x0, &(0x7f0000000800)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe, 0x1, [{{{0x11, 0x0, 0x0, 'bcsf0\x00\x00\x00\x00\b\x00', 'veth0_to_bond\x00', 'vcan0\x00', 'vlan0\x00', @broadcast, [], @link_local, [], 0xb0, 0xb0, 0xe8, [@devgroup={'devgroup\x00', 0x18, {{0x38}}}]}}, @common=@dnat={'dnat\x00', 0x10, {{@link_local}}}}]}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}]}, 0x1f0) fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0) 03:44:02 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000340)={0x0, 0x6700, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:44:02 executing program 3: symlink(&(0x7f0000000280)='./file0\x00', &(0x7f0000000680)='./file0\x00') r0 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x1, 0x2) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r2 = socket$kcm(0x2, 0x2, 0x73) getsockname(r2, 0x0, 0x0) ioctl$CAPI_NCCI_OPENCOUNT(r0, 0x80044326, &(0x7f0000000040)=0xffffffff) 03:44:02 executing program 1: r0 = fcntl$dupfd(0xffffffffffffff9c, 0x406, 0xffffffffffffff9c) sendmsg$nfc_llcp(r0, &(0x7f00000003c0)={&(0x7f0000000000)={0x27, 0x1, 0x1, 0x7, 0x7fff, 0x68dd, "efec9b2544152cfd4fab2ba341ec40323f4b6c89aad18f387548e474083f68781139ee40ab910eae3cc44e2654d7bc1c503ee55c68d884f2a8d36f3aaba585", 0xe}, 0x60, &(0x7f0000000300)=[{&(0x7f0000000080)="1701f85ee5826039cbc1efe4f15cbb85c950eeaa9eb534c06ae00c0165f32d6d28270542bacca31a02603f288053e6d92224211120c51f4062e11f2878694c4ad6eb28d2a4f800a64c8fe39eed2b002ce3c2ed5bf1cb036d98385e6cb220d082b341662f5d977c6b741a4d7b635dabcb4449daa098bc8a856908d8a0b23583e1864daafcaf9d9c828524a36d9ad669f0aaebe705a0a7337e6da5b7fd42c41d7bef7a5102374dd5bec7f9114cb6910255e1017a8c12029b6f08e9d868ab0b7a3220558c935f20b40eeddb9f641167a1ca7ada40347875e521", 0xd8}, {&(0x7f0000000180)="d0ea162be8a89235d1cfc623b8c003e46307572cd6228475b259756b1a8e7ad8eefea89836e06d971ca8accc8714c9f92336c5a909ca722164723dfd05244fc835cb4baaa8456a699a9153cf7cec0eaeb3499205785f1d0fbd50a4da86fa1085beb2600bf9f31ef21b82cbf3ec5881c0300a4138fe6bce18d1134edc16823eee8e68b71d3bd4ca099a61e5f1c704d246ec08248f1f6e7a1733929a70c6d2da3730589d7ec9599ce4daedd27a46b3bd28682f833de070", 0xb6}, {&(0x7f0000000240)="9acce73237af73200c55ff15", 0xc}, {&(0x7f0000000280)="c8f5586c79e91ecb080b75f081af860cad5a31b3ad4de31a19dcaa6e6f6d251c8ec4d7023e4049bb694fb67c", 0x2c}, {&(0x7f00000002c0)="1b31bd775e5c40dd747d07b97a8b8f92e58cf1d73906a60a23efb554910e6cf6d59469367ca69fccf74263900b6ba3925b373d278398a4", 0x37}], 0x5, &(0x7f0000000380)={0x40, 0x105, 0x5, "7a979967ad59de25208570d5ac0b5f6296b188698ecf21576e41938f1d4eaad212a28dbebc98a0bc618557539fb3f5"}, 0x40, 0x1}, 0x0) ioctl$KDSETKEYCODE(r0, 0x4b4d, &(0x7f0000000400)={0x5, 0x8}) r1 = memfd_create(&(0x7f0000000440)='\x00', 0x7) connect$pppoe(r0, &(0x7f0000000480)={0x18, 0x0, {0x3, @random="a65ca710d4ab", 'vlan0\x00'}}, 0x1e) prctl$PR_MCE_KILL_GET(0x22) setsockopt$inet6_udp_int(r0, 0x11, 0xb, &(0x7f00000004c0)=0x1, 0x4) getsockopt$inet_tcp_buf(r0, 0x6, 0x0, &(0x7f0000000500)=""/40, &(0x7f0000000540)=0x28) setsockopt$inet_sctp_SCTP_EVENTS(r0, 0x84, 0xb, &(0x7f0000000580)={0x5, 0x2, 0x3, 0x1, 0x6, 0x0, 0x6, 0xfffffffffffffff9, 0x9, 0xb31, 0x2}, 0xb) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f00000005c0)='nv\x00', 0x3) getsockopt$ARPT_SO_GET_INFO(r0, 0x0, 0x60, &(0x7f0000000600)={'filter\x00'}, &(0x7f0000000680)=0x44) setsockopt$IP_VS_SO_SET_TIMEOUT(r0, 0x0, 0x48a, &(0x7f00000006c0)={0x6, 0x10001, 0xfffffffffffffffd}, 0xc) ioctl$VIDIOC_SUBDEV_G_DV_TIMINGS(r0, 0xc0845658, &(0x7f0000000700)={0x0, @reserved}) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f00000007c0)=[@in6={0xa, 0x4e21, 0x128, @local, 0x8}, @in={0x2, 0x4e23, @broadcast}, @in6={0xa, 0x4e23, 0x1b8, @loopback, 0x4}, @in6={0xa, 0x4e21, 0x9, @remote, 0x100000000}], 0x64) ioctl$sock_netdev_private(r0, 0x89f8, &(0x7f0000000840)="5952b466688a09c4dec8e4c221c79f3b5179acf8a0a7ef2b95cd8351f65d06fc1f11926b") ioctl$KVM_XEN_HVM_CONFIG(r0, 0x4038ae7a, &(0x7f0000000a00)={0x1c3a0000, 0xfdf, &(0x7f0000000880)="972fd094f96b5ee804f0e30a7a39e2e46a12bfe2b2f572afa8b618684856ade1bd880385c1c9d7f73492a3b8fb651fda494804b59c7002ffcbb71bf650d04e9d22b386c59411286f8119f2dcb3082e2b35ce96b78c3192f40557655386e0f0a33f8ddea09e3fc5776613dba5547e07966a533f95ec4227bacaf55842d6541189ace3453d18d7d53ee62395a7d3aaf63a3c724eae8ce665b7c9c5a9084ddf7e957a31af128279fa2c35556000a89532f7e789b016dcfa1ab9e460391ff8ff0b334da377c5de5fdc6dda98e2511410355ffa3503bdc0ff0d458eab8f35b375f0", &(0x7f0000000980)="51c4ba087c19f81630bf24ebd1fbc870a98addce2a0b1224a395384ea4cb220aae59999e126cb682104c096d08825724fa6f3269d232e838affe5a7a9c0fe2be86468a8a67968f93da554fd51923890d1eaae169d9aba314c8357042d9dc", 0xdf, 0x5e}) r2 = open$dir(&(0x7f0000001c00)='./file0\x00', 0x2, 0x10) fcntl$getownex(r0, 0x10, &(0x7f0000001c40)={0x0, 0x0}) getresuid(&(0x7f0000001c80), &(0x7f0000001cc0)=0x0, &(0x7f0000001d00)) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000001d40)={0x0, 0x0, 0x0}, &(0x7f0000001d80)=0xc) sendmsg$unix(r0, &(0x7f0000001ec0)={&(0x7f0000000a40)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000001bc0)=[{&(0x7f0000000ac0)="99a3bce40e115396c0f080a02d9c3a6a09eb4d4ce0555065e7365e0317c1d387a3a54f864ff68ff0d2491794be00af2addbcb4de8737417ccef4909cd73df731a2a95ff0bfad84f62eaa32d32a050ccc48910dcbb0c61d37532dc556161cae5605b92ed70292ea282f8132522b04c9c8a45a7daa3367b8c61f0c651d2ba1887c0e5160dcaf4c055a0e10331be9354a65a945034bcb341c6ddf2163622ffa5cda24b3c34e1c2566b059fb463ef17561a704d89f7026b327b1ff0e10630a1b65506acbd359635468cca261f138c3ee7b7e4c2399d15d3cac1777e31d9b64ae1e0f00f3822a0f85bb29a8d8a0cc762a862c303c4cbf9dc9e1f9772745990aea22243969ab6e55bad1dd2ffc571de32b7257b90401a5e8fff55d11f9d2640a3f5b1c1cfe5efdf5966eb9ad3de43fc0a0c559486c7c47bbe29947eb3769f1dd060564c74ebeb3a93f5338cd9e432dbf8ac4bdc6b3d2ce72d99f61aa36d85e08f99cc358792401d1082b70bd331e6896a3fa4ff4447ea63d166d8f7dae89c8bd7e435eb5e782377528c0fa9d741eeeca0ee6c594e5279ec2d2e2ac2eb8076e575b83f8f190aaba1590dd24bbbf9ff9dd60aa6e5c9eadf08371866758ee2e3d267b257884fef2595587ec47aaff1a43b0ad922a2ecaa74034fc36bae0b2965133f9f2393f4b31de6008cbe2caedd33f20c300e2ca086f9c2225b57a4e93aa9c94e7d3100aff6758d2c16c7732c5cc11bc14997cbdd87b1725d7cb1ee69c05da750825e28922d7348d21aef3b78b96e147c9c5a1a6a665f48d8871c409835707c8cdbe6f3ab14628eacfaacfb72e11459e2784bf8c8ad1c36cf836e5d00bea3fd0824a5d608397e0e0c56f60522ad705fa4363a5aea5c50457216d13a71b37352a692b9df444cbce9ccc0640d9954247c96da9211a69c5096eb7a58eef2d10f52cc240896ff4d6e74b47c81056618c31736427cb8afe5c5a8133c731518016b5158cb7af288a76b0826d9ab6e98a415942ef43cad201a925c00d4d0c530f1d46e5382aa07c8ea6568d395744cb13cd80867e5e9c7e4297fc127c76ab042e5002397c9d25968d568bc289d50e7594d29b11f68ed7e8a96f8e0bf9736c864228d62c216503479131df6b8ea36d80d8d5c8c8f086720622f435703a3826d6d427fb9066d8c59529d1747948b2199da94fcd314ffaefac8770e3f1ccc921f6fdc71b30c14bbe2837f9267e3ed565e12729cd6b42d90462622880dfd522805a248fe245556080a30ca3ba9bc6db1b518b5bf7d6f0c3730a718b86b03614f27842871f4eced1706fd91c6f48c2ef732d325bcf80f080063c41c248c0eba973462fbf952b10278045ae002d62ada485656fe9ac590fdbacf4a631b3c6f0fc17647253ffd8854ef8b254381f4e8108eb8071fee754ccfebf85a42d69286fe686fdd38225db0a77502d28fdad8df0a0326ba3282d63e4ebfac3437ddafd48f02efda3d2f816376f12d6db03c415f8401d6ba186d984be4c93ceeed165dca148831f162909c2bb2ac5bd3700553e3c1c0313a91347bf9148a2ce04c5f39a2ec200ac4746e4b4055f04ee14e042a55e44fbe6c20f8330c93d0996a34e1efe495cbc02e6019ed5912562273a96b5a18ec8da0cf006d7ab0bf70627090130430c8ae49fa89324c59460fe25519976565a05cc2089882547d28d5dfb409d89677ea7bf7e18722c52cb4ee189d422a30d304bfb9e1e35b9d88fb5d6250bb3574fd0c04ba19ca5141684add0f1c074cd80cc30d6ada6ba1c6c81a76961775ea7d6f310f71991662aaa94556db35b8b79b1f17f3ce78905f68903d6014e89837fe05522f2b382593db91b94138539f3004797fed9b83ffd14e85a0141138001c4d26304932d88e76b12af5fc82274455e9f34e61497ed96b0872158a808553413d2b4e8213263ac4dc45db6de302590877d6f3d38957fe358db43dc48ae5ea2eb3c18caca3e0f993ba595cd859ac883baaca2b6dd94d8afca8f5c032b851c6f07efd9b59eae33ec973d83d18c30f87e7a78f625278eee75c573bf840d8596358b431f7cfccae8a4b8e69290b595f4671bc73ce489e6a8e5de6e2bd0b143b154027830b0a51f2d007a0e380f59e3c8c64e1d2beb12d7fc947b05d9f8b8417c47250394bea81834c609ea3df216427ee6a769c5663d2a7561e71b2a9b91ae76a44c645a65c66ca71f3006b0831bb04fb6e62c84db87629c2eb24d95c788bab6edbaf044af624c0c3ed59a3653b4964b9f4f45da4f85042c703b38116ee56d4fde6ece85bae3e7191272bafe7185d10502c20373e753c45a911032af577a22adff8dcf6e9d3bdb6777fa8f4a55b323b123b7e47c36356bc4e91efaf1289b746b2d5f5cf525d6f3bee27285b921c1638571ae430cddc848c27bab2886269f90f5eb18a93bf6d26fd5d32acad2c3722165d9dae9871b63bfd96cd482249b2759e313656524f8e770e847bb6f938ef7ecda67f590410abd962605ab85053f3662e4f90a5aa80f8aba6a20591065d71e09dbf39d800961df32a05a0ddb779bed57df074e251085e5569da1b3b2690b2466d119b17cb05503e4a160f8bfbc87a92764a606b6edd07c2407b14537fb65b8492f846d87211a5c080728ab57419fb52bf4f2754255d168176b561bd08d7e2240f9c88f604dc2a26dec0f9b769100c00e5484e31825659ad51e984a2bc6c3ddb416ae4724ce47567ad97b6055918c69332476f51be91064be5230fbcd59ba4b10bacacc944209bdc38a6e6993dd622916989943632b2d0f2cf4103f08df6457c4217d6987e7738c51532daf6da71a71d1c35115f3b4515a735915116950aa35efdc9ebf071c018dc020b2d61773bf13135ce156cf45e0b8f083bd422f5692702fe05f710080cf9e79302f941894725db43e6736bdfc052bc7d658409f6c2d30e2befbcf8a0a9a6c8d3c7b10df821b4fd6bad392e22d557531e41b6f30cf156a72edb3c431a1ffa779b883b61f30b3a7359054870246ca3290cf1113e94957e233129b5c3ba993fcde795272466b1f2d98e5452deac5142e498c1d164cfaacb110c53ab168f3adc73704d1e5dff34f7d94a1d09f8cd3309462b9ae1597a84522b5d274bbd06a6e15902f8e680c3c3e279bef2898524e26f1d7d6fd29680563342f195a9db64a7ff269bd0542ef605a8604c4ae4cd725224ff3c94dbcfac35a3e23f47b35922ae9bd1e5c770f0292ec1fa11c3cfab52df2f54ba292389038352299840a2563ac0e287b6c2ee6c956f622651bf908adf7523f734d5afa66dc0793c38e1951bed960c40433abdb653a938614f52460f383f20a54d4f7eba46d79072a3db063d3eceaec9c3690a1757006784e6bf70d6d412cb9119a12931cf74ebd82292dd4916425fdd3eadcec8a8537afc13b61c16cc18ee9997f2d05dc529085feb297c1dd40c9f8cfaa84ddd2d3a4d316b7cbf09e3870d1cfe84a08e144ac98ac180f57c1a62f399c8b650557375e7117a848b711a1d28680e74a5ef68b5e7f20647f88e614f193dee77274ba69c67188b4fc72c31ce5541001083108b33d0e9db30bd31b1f7b9d286f2aa34e862c8e6299ea961fa38fa8104f574569bcddfdd96be9d13cbeebb67fb90c2615f3624cba33c86d5091bc3b1d8bac37c62dadbb44e28480f02083a392a1fcc8a1814ed95715a40d050f33d31d1944142b10708263b2b52c7cf410b32a07ab0f5f63818d630c947fa9b3a5db6f5a79bff707e03559aeddf78e3cdfa6e9412e2a288e5503fcea60ebd1968fedd32b2b7b59b8b51a6ebd0aebcc072d1c25148f0c87f7a1663fd14479ef33b6faddeb19b5ace83e16c1c97bfd929ee0e98a529f6a3994ece22801a0129d8bd9c008ad9e4e4fae199284b2048360a49eb0ffd35991ca15b8f7646691694dfa423a20fbfdbe6e671bd637c365656670e41c59e2e7e8245731d2af6d5297a64bb4de57d685c14c93a9e260d755ba018eb820d89eb76481a8e479ec01033b1f62b0c28c7de2752c7927916515d07fb7cf8326f922ce9b9820b4b27ff22f5ba6126f766de05df68cfcbf71ced34b3738efcd512f952947a7172f119fa0ac6a5a6fe95c55bd3f3c4894861b126d31f72cb7db20479e404216ee2a465052b68befe07b53f3443b940730221892163b1ec4315b94207e0791b6ed3eca0f921efe6fbe1182f11dff347a01ffcca4f0351865d92052316e8c8e26b2608d82b8d7e83ebf58f2839ce5bb6188526f0b56d53176c388acabe59a29d3875edbcde5747144ef8e37302cd835e35a9bb7aafb276eaa16f311e4a5d8d092123a318d03b3049dd642b305a3ebc92dd1efddeabfc4133ed685506abcdcdcf8aa05c08aa88e665cd414380723fdadefe02704dd6c8ae95011f68eaafef19cdef2ebb0456288939b9d2494270154d74ed62e51658bc54b7a22b097e69783ac7db98a220bb8696adac797dda087da93048515087c8971e9294526691562e35530aae0414edadb8188e8f3f9acf3d60770c3a96e29d4d3a6ab72840ef4ef0ddd1655097a2d3623402ef70579ae659332a12670a27cc5bf9af280723c899c2c5e97fc8f62d8386fdecb0ab490acab2e849607e8ba3b60b065251e654233b1c70e4ab78c4e596b41a7c806b05cd8d661f4e189a1cc98d8d14078720bb44bc039602d85c1db89ef7417a26011d0fcfe5b84b8d129fcfb090046a27ebfcd05a50e245e19b418df8ad2629f18978dfe080a2c8b123c8a728e2cee0afa84140c61b4c8c3a7d88c6a6fd6d7e4924b1789a7bd5f03f9c92273abc7ee047fba7e760fe9792e80a8debfb7236c962e00086e6b58cf40269beaf960736af892e7707b58eb5c3be8fe020980c5914bd908b2e7f8d70fce573c45571f5a93510c0eec1c7b8f6e2725752861593079b91be9f1ee52e69ad9d5c6d74d786e5c2ffb49340fd8ad3b4ad03710422830190adcdcc7f9c8d974f31e17a1d0092f9c96a72bfc2eedee4472c04d380cf2eba046a17258866f46ce3e6ccf1e64948a06d8239ad1dbe06817e12053b05fb6d740ff89f4fcd14bf4b3622c5165cbbe07daf0c2b2423f898d8137195eabb4d2f23f05fb704369eb606fadb088bf6fb4bb492528c542739932deb3e9ed0a6fe6ff70dd9931b541e49797225e5f828892de80eed7a430bc627850723e2b572627af65c44632c02161d8164a1e5d929e84cb62431c7f6bc44b47517945e6259387c6cf3e0dcbef937905da3c62eddc6e936a15a24268b2b1d895b502b90882a8dfb2f53076a036ed7052de445677dab427a4aa9b6ab3cf8971ff645363f8d290b7e34823c7d8eabbe96bb1c05fd8b49ab4115a5f3046f229dc1d091fd35f667bab8bb88489a1d8ef05f45e071b2f770de0999712caaf6748944c5c2347e6fd5588d5b8fedd9d49376e13093e52c2cf761e51c9c171c57d99feaa8caff18f299d3a9dd3e5a5525eee6d0d23891fd49a0c6538185d6b3da4f431f9aa2639fee12bb15b834fd6849e19d48e146754b586e2412777e2e84d7d757a45c51ce439e871fda980e000a8a02e17e630219b3a2660276d52e3841338652f863630fe373c1c70e66a7adaaa7e73cf77d263b5cf59b4bf76d1cac321d7514741c98214ef574b446b4ea8ee59f15a6f3899afcbdb7b2d6fceb675eaf41746d7e9815eec343692d8933bd99c72213be1413f8bef4ef1320321dbdb0b375443a645a699bf61e2355f465d3468e32dea00eceb615b19b685d63fddc49376bd537f731b847d4490d03d5952b2fcbc9db92f2e2632ea1f34", 0x1000}, {&(0x7f0000001ac0)="05b34812ac21e4a95dd9766205f8a7385ca69d39bf4672729daac7926032cdd6347a10a1814bdcb17fe4d658e18cf7057eb9cfc3c4133b003717f6586376b6b734a7eaa7607e81eb6f34ba05143dba812701d7e51fc9692ea7f16d4904a779d79a429343e72abb991e4a8047eff95366734d53c77d23c59f33e7b8bea6f1d8b90c92401d1d17a6ad2bbb51bf3f40b430536afc7962bce8de6427e19678ea29c55a254c1e1553d3bfaad8da2302a2ddd593fda8aa16791fee349fbc7ed2ba5d3ad6575907366d8233ba857115e279f8d360e8a6facbce48808209869bd0769f75e89f9c1b", 0xe4}], 0x2, &(0x7f0000001dc0)=[@rights={0x28, 0x1, 0x1, [r1, r1, r0, r1, r1]}, @rights={0x20, 0x1, 0x1, [r1, r0, r1]}, @rights={0x28, 0x1, 0x1, [r0, r1, r1, r2, r0, r0]}, @rights={0x30, 0x1, 0x1, [r0, r0, r0, r0, r1, r0, r1]}, @cred={0x20, 0x1, 0x2, r3, r4, r6}, @rights={0x20, 0x1, 0x1, [r0, r0, r0]}, @rights={0x20, 0x1, 0x1, [r1, r0, r1]}], 0x100, 0x80}, 0x4) ioctl$VIDIOC_ENCODER_CMD(r0, 0xc028564d, &(0x7f0000001f00)={0x3, 0x1, [0x6, 0x3, 0x3, 0x9, 0x3, 0x7, 0x5, 0x9]}) ioctl$sock_inet_SIOCSIFDSTADDR(r0, 0x8918, &(0x7f0000001f40)={'bond_slave_1\x00', {0x2, 0x4e22, @remote}}) ioctl$EXT4_IOC_MIGRATE(r2, 0x6609) stat(&(0x7f0000001f80)='./file0\x00', &(0x7f0000001fc0)) mq_notify(r0, &(0x7f0000002040)={0x0, 0x3c, 0x1, @tid=r5}) r7 = open(&(0x7f0000002080)='./file0\x00', 0x80, 0x68) ioctl$VIDIOC_DBG_S_REGISTER(r7, 0x4038564f, &(0x7f00000020c0)={{0x2, @name="e614e2ee1dd7f98e76043e1965ba80e40a3164ee415a477d103a1726bba4a631"}, 0x8, 0x2, 0x80000001}) getsockname$netrom(r0, &(0x7f0000002100)={{0x3, @rose}, [@null, @null, @remote, @remote, @null, @netrom, @rose, @null]}, &(0x7f0000002180)=0x48) ioctl$ASHMEM_GET_PROT_MASK(r7, 0x7706, &(0x7f00000021c0)) [ 3418.710711][ T2852] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=2820,uid=0 [ 3418.727256][ T2852] Memory cgroup out of memory: Killed process 2820 (syz-executor.5) total-vm:72580kB, anon-rss:164kB, file-rss:35716kB, shmem-rss:0kB 03:44:02 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x4600, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:44:02 executing program 1: r0 = openat$zero(0xffffffffffffff9c, 0x0, 0x101000, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) connect$inet6(0xffffffffffffffff, 0x0, 0xffffffffffffff43) ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(r0, 0x4010ae74, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xff) socket$can_raw(0x1d, 0x3, 0x1) write$FUSE_LSEEK(r0, &(0x7f0000000080)={0x18, 0x0, 0x200000000000004, {0x2}}, 0x18) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000000)={0x30, 0x6, 0x0, 0x0, 0x0, 0x9917, 0xffff}, 0x0) ioctl$PIO_UNIMAP(0xffffffffffffffff, 0x4b67, 0x0) socket$inet6(0xa, 0x4, 0x2) ioctl$SG_IO(0xffffffffffffffff, 0x2285, &(0x7f0000001840)={0x53, 0x0, 0x2a, 0x1, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001740)="27d16347a54151f1908ef36a0eb3e10ba13f613b716253f3ac4efec2a25d5d669a17a0de7409ea08e990", 0x0, 0x8c, 0x31, 0x2, 0x0}) unshare(0x40000000) write$P9_RWRITE(r0, &(0x7f0000000040)={0xb, 0x77, 0x1, 0x2}, 0xb) 03:44:02 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$inet(0x2, 0x2000000080003, 0xc) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f00000000c0)=@broute={'broute\x00\x00\x00\x00\x02\x00\x00\x00\x00t\x00', 0x20, 0x1, 0x178, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000800], 0x2, 0x0, &(0x7f0000000800)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe, 0x1, [{{{0x11, 0x0, 0x0, 'bcsf0\x00\x00\x00\x00\b\x00', 'veth0_to_bond\x00', 'vcan0\x00', 'vlan0\x00', @broadcast, [], @link_local, [], 0xb0, 0xb0, 0xe8, [@devgroup={'devgroup\x00', 0x18, {{0x38}}}]}}, @common=@dnat={'dnat\x00', 0x10, {{@link_local}}}}]}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}]}, 0x1f0) fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0) 03:44:02 executing program 3: r0 = socket(0x1e, 0x4, 0x0) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000300)='/dev/dlm-monitor\x00', 0xa004, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r2, 0x40605346, &(0x7f0000000200)={0x6, 0x2, {0xffffffffffffffff, 0x2, 0xfd5, 0x2, 0x209d}}) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000080)=@req={0x3fc, 0x0, 0x2}, 0xf6) getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r0, 0x84, 0x6, &(0x7f00000000c0)={0x0, @in={{0x2, 0x4e23, @multicast2}}}, &(0x7f0000000000)=0x84) getsockopt$inet_sctp_SCTP_DELAYED_SACK(r0, 0x84, 0x10, &(0x7f0000000040)=@sack_info={r3, 0x7, 0x40}, &(0x7f0000000180)=0xc) dup2(r1, r0) pwritev(r0, &(0x7f00000007c0)=[{&(0x7f0000000340)="339ecf14fa85604c733cc81af3b524af64ee45919735fd451f65d31c6e67199e6c9b4c02b28599c5bf8e402479586be6db0aa265ff6dc72bbede9bfd2389c9ddc56ccd147abd76c62ea0a0161e3f06c7cfcaa3d74b0c72ba37a40a444527dbc351ed45295bc8e1f7e75fa4ac2e5febfcc916167a75c14d04ab6a5a8a373da580f93ff1bed164506c98c176073dfd28c08359e839c9921ac926ff4287034d7462c6af562f0da2c5c8827ad56fd81dc76e2608fab00c00124d1015b988cddaa13b66281b54962b384ddab23df5f1d75ce92872c1", 0xd3}, {&(0x7f0000000440)="55686b4a228544c8bbc86636c96f084b94e79044ed22784c0a5bf642631b138b254f059f7768a7c0fe7322f582ffcf3897adc989b3b3aa50390856afc0de208ff0a7cf987aa7095850b45c2996a909681d4ce6ee7b8a9202a2fca84093b905e967aac9775afc0bd60e009daec47be167bd2a031a6da1cf32332064933338c3524f24e960b72b8b5085cae315644deb7620cac6140443a38c9d3e971cd6a5049b33cfef8bef388228a208fcfe42a1f1ebf1136ce33c0670d68a229e630dfbb6014c845b58a101ff35663b07fe8b5b28dd", 0xd0}, {&(0x7f0000000540)="2f698ccab8793b419413d410fb35c43e8fbd1066cc168c0ca1524f3378585b2dc3e6749f7e15356733e5100355e37c289c88685909db49a053cf834cd18b91b473d585a2fb55b7989cc4af6d9d86c5aa8620d3a1db2494b815deca26cc942d271f13a22786dcbaedfafe0337018d551f72cc77486a70d2c4149b5b6595076c58ecc5ce92ea38bf15ca1a79307e359b4dbf46bd0ec58b0eda18feb6e719b57cdb779ec38da5c04235723b6cf42291536adb50", 0xb2}, {&(0x7f0000000600)="0566bf33a72dbe239ec261b17baae0afffe9b829a7fc83e9bc402f9a3173abbd2b0ad9e41e882a9e61f35e2fb06991ed0f7e139f63410eb916aff207e160903ab34f8f6c7888b82dc77a24fb6ec04106fd3506aad6d7689b9793d0bc74aeb3a67ccb2886be6e9cf2f31c23e33ceb6f52c9e0a2231cc710807c04c5884e1eb245fe0e7559f1b77453c27b3e9ea4c56582ca5fa2888d9916679bb191f6fbd9d3175d1b66eeccd1513265084080f5f9", 0xae}, {&(0x7f0000000280)="4a9cb2c5ebcb381aa542e0a7e07dc8c142e3084e942f704e68085d68be4ea55398458660642cbafe72b77a710a974db39ef5de3a22c4c566c5df3ae1bf09182081513e3311420c68ba1c", 0x4a}, {&(0x7f00000006c0)="838c18e338b8710ba58cd05bdc1e8efb2e89b75b157f11c7bcaeca6d5adb58840330645c134ed2b064a035a22faa25c3754db9d44a6d9e247192482a6bb82bbc409feead2c", 0x45}, {&(0x7f0000000740)="a9cbe31ac95fa9b192c35a18e2c2a43bda0852b1dbdb26fa10c6d0e04b6af8c24d89655ea8d5ff173b50e414e7ff2bc30ad0c1e2a8131bbe14125bc6dee4c40db20293e9e8", 0x45}], 0x7, 0x0) 03:44:02 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000340)={0x0, 0x6800, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:44:02 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x4700, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) [ 3419.066110][ T3196] IPVS: ftp: loaded support on port[0] = 21 [ 3419.155836][ T3175] syz-executor.5 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 3419.191697][ T3175] CPU: 0 PID: 3175 Comm: syz-executor.5 Not tainted 5.1.0-rc5-next-20190418 #28 [ 3419.200949][ T3175] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3419.200956][ T3175] Call Trace: [ 3419.200983][ T3175] dump_stack+0x172/0x1f0 [ 3419.201005][ T3175] dump_header+0x10f/0xb6c [ 3419.201021][ T3175] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3419.201037][ T3175] ? ___ratelimit+0x60/0x595 [ 3419.201053][ T3175] ? do_raw_spin_unlock+0x57/0x270 [ 3419.201075][ T3175] oom_kill_process.cold+0x10/0x15 [ 3419.239332][ T3175] out_of_memory+0x79a/0x1280 [ 3419.239363][ T3175] ? lock_downgrade+0x880/0x880 [ 3419.239376][ T3175] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3419.239397][ T3175] ? oom_killer_disable+0x280/0x280 [ 3419.239408][ T3175] ? find_held_lock+0x35/0x130 [ 3419.239430][ T3175] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3419.239444][ T3175] ? memcg_event_wake+0x230/0x230 [ 3419.239465][ T3175] ? do_raw_spin_unlock+0x57/0x270 [ 3419.239485][ T3175] ? _raw_spin_unlock+0x2d/0x50 [ 3419.254293][ T3175] try_charge+0x118d/0x1790 [ 3419.254318][ T3175] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3419.254335][ T3175] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 3419.265778][ T3175] ? find_held_lock+0x35/0x130 [ 3419.265798][ T3175] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 3419.265829][ T3175] __memcg_kmem_charge_memcg+0x7c/0x130 [ 3419.276155][ T3175] ? memcg_kmem_put_cache+0xb0/0xb0 [ 3419.276175][ T3175] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3419.286607][ T3175] __memcg_kmem_charge+0x136/0x300 [ 3419.286628][ T3175] __alloc_pages_nodemask+0x437/0x7e0 [ 3419.286644][ T3175] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3419.286662][ T3175] ? __alloc_pages_slowpath+0x28b0/0x28b0 [ 3419.301724][ T3175] ? copy_process.part.0+0x1d40/0x7a90 [ 3419.301754][ T3175] copy_process.part.0+0x3e0/0x7a90 [ 3419.301772][ T3175] ? __lock_acquire+0x548/0x3fb0 [ 3419.301798][ T3175] ? __might_fault+0x12b/0x1e0 [ 3419.301820][ T3175] ? __cleanup_sighand+0x60/0x60 [ 3419.301835][ T3175] ? lock_downgrade+0x880/0x880 [ 3419.301858][ T3175] _do_fork+0x257/0xfd0 [ 3419.301876][ T3175] ? fork_idle+0x1d0/0x1d0 [ 3419.301899][ T3175] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3419.301911][ T3175] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3419.301925][ T3175] ? do_syscall_64+0x26/0x670 [ 3419.301940][ T3175] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3419.301952][ T3175] ? do_syscall_64+0x26/0x670 [ 3419.301968][ T3175] __x64_sys_clone+0xbf/0x150 [ 3419.301984][ T3175] do_syscall_64+0x103/0x670 [ 3419.302001][ T3175] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3419.302011][ T3175] RIP: 0033:0x458c29 [ 3419.302027][ T3175] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3419.302034][ T3175] RSP: 002b:00007fea30602c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 3419.302047][ T3175] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000458c29 [ 3419.302054][ T3175] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 3419.302062][ T3175] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 3419.302070][ T3175] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fea306036d4 [ 3419.302077][ T3175] R13: 00000000004befd3 R14: 00000000004d0020 R15: 00000000ffffffff [ 3419.376164][ T3175] memory: usage 307200kB, limit 307200kB, failcnt 97721 [ 3419.392889][ T3175] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3419.398412][ T3175] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 03:44:03 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x4800, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:44:03 executing program 5: socket$inet_udplite(0x2, 0x2, 0x88) sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000002300)}, 0x0) clone(0x0, 0x0, 0x0, 0x0, 0x0) sysinfo(&(0x7f0000000000)=""/248) r0 = socket$inet(0x10, 0x3, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$sock_ifreq(r1, 0x89f1, &(0x7f0000000180)={'ip6tnl0\x00', @ifru_flags}) 03:44:03 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$inet(0x2, 0x2000000080003, 0xc) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f00000000c0)=@broute={'broute\x00\x00\x00\x00\x02\x00\x00\x00\x00t\x00', 0x20, 0x1, 0x178, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000800], 0x2, 0x0, &(0x7f0000000800)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe, 0x1, [{{{0x11, 0x0, 0x0, 'bcsf0\x00\x00\x00\x00\b\x00', 'veth0_to_bond\xfe\xff\xff', 'vcan0\x00', 'vlan0\x00', @broadcast, [], @link_local, [], 0xb0, 0xb0, 0xe8, [@devgroup={'devgroup\x00', 0x18, {{0x38}}}]}}, @common=@dnat={'dnat\x00', 0x10, {{@link_local}}}}]}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}]}, 0x1f0) fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0) 03:44:03 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000340)={0x0, 0x6900, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:44:03 executing program 3: bpf$BPF_PROG_DETACH(0x9, &(0x7f00000003c0)={0x0, 0xffffffffffffffff, 0x800000000000011}, 0x14) [ 3419.408942][ T3175] Memory cgroup stats for /syz5: cache:124KB rss:99512KB rss_huge:0KB shmem:132KB mapped_file:0KB dirty:132KB writeback:0KB swap:0KB inactive_anon:132KB active_anon:99600KB inactive_file:4KB active_file:0KB unevictable:0KB [ 3419.427252][ T3175] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=3078,uid=0 [ 3419.477018][ T3175] Memory cgroup out of memory: Killed process 3078 (syz-executor.5) total-vm:72712kB, anon-rss:164kB, file-rss:35716kB, shmem-rss:0kB 03:44:03 executing program 3: recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) write$UHID_GET_REPORT_REPLY(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x9, 0x6, 0x5}, 0xa) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x6, 0x0) setsockopt$inet_int(r0, 0x0, 0xf, &(0x7f0000d10ffc)=0xfffffffffffffff9, 0x4) shutdown(r0, 0x0) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000100)=[@in={0x2, 0x0, @rand_addr=0x23d}], 0x10) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}, 0x9}, 0x1c) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000005680)={{{@in6=@local, @in6=@mcast1}}, {{@in=@dev}, 0x0, @in6=@ipv4={[], [], @remote}}}, &(0x7f0000005780)=0xe8) syz_open_procfs(0x0, &(0x7f00000000c0)='status\x00') 03:44:03 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x4900, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) [ 3419.848295][ T3174] IPVS: ftp: loaded support on port[0] = 21 [ 3419.864054][ T3450] syz-executor.5 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 3419.886526][ T3450] CPU: 1 PID: 3450 Comm: syz-executor.5 Not tainted 5.1.0-rc5-next-20190418 #28 [ 3419.895591][ T3450] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3419.895597][ T3450] Call Trace: [ 3419.895623][ T3450] dump_stack+0x172/0x1f0 [ 3419.895643][ T3450] dump_header+0x10f/0xb6c [ 3419.895660][ T3450] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3419.895676][ T3450] ? ___ratelimit+0x60/0x595 [ 3419.895694][ T3450] ? do_raw_spin_unlock+0x57/0x270 [ 3419.895712][ T3450] oom_kill_process.cold+0x10/0x15 [ 3419.895729][ T3450] out_of_memory+0x79a/0x1280 [ 3419.895749][ T3450] ? lock_downgrade+0x880/0x880 [ 3419.909217][ T3450] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3419.909234][ T3450] ? oom_killer_disable+0x280/0x280 [ 3419.909247][ T3450] ? find_held_lock+0x35/0x130 [ 3419.909273][ T3450] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3419.909303][ T3450] ? memcg_event_wake+0x230/0x230 [ 3419.918211][ T3450] ? do_raw_spin_unlock+0x57/0x270 [ 3419.918230][ T3450] ? _raw_spin_unlock+0x2d/0x50 [ 3419.918251][ T3450] try_charge+0x118d/0x1790 [ 3419.918274][ T3450] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3419.918305][ T3450] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 3419.928832][ T3450] ? find_held_lock+0x35/0x130 [ 3419.928850][ T3450] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 3419.928876][ T3450] __memcg_kmem_charge_memcg+0x7c/0x130 [ 3419.928893][ T3450] ? memcg_kmem_put_cache+0xb0/0xb0 [ 3419.928911][ T3450] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3419.928930][ T3450] __memcg_kmem_charge+0x136/0x300 [ 3419.928952][ T3450] __alloc_pages_nodemask+0x437/0x7e0 [ 3419.939137][ T3450] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3419.939156][ T3450] ? __alloc_pages_slowpath+0x28b0/0x28b0 [ 3419.939174][ T3450] ? copy_process.part.0+0x1d40/0x7a90 [ 3419.939192][ T3450] ? lockdep_hardirqs_on+0x418/0x5d0 [ 3419.939209][ T3450] ? trace_hardirqs_on+0x67/0x230 [ 3419.939239][ T3450] ? kasan_check_read+0x11/0x20 [ 3419.956082][ T3450] copy_process.part.0+0x3e0/0x7a90 [ 3419.956103][ T3450] ? __lock_acquire+0x548/0x3fb0 [ 3419.966068][ T3450] ? __might_fault+0x12b/0x1e0 [ 3419.966094][ T3450] ? __cleanup_sighand+0x60/0x60 [ 3419.982223][ T3450] ? lock_downgrade+0x880/0x880 [ 3419.982255][ T3450] _do_fork+0x257/0xfd0 [ 3419.982285][ T3450] ? fork_idle+0x1d0/0x1d0 [ 3419.997535][ T3450] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3419.997550][ T3450] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3419.997566][ T3450] ? do_syscall_64+0x26/0x670 [ 3419.997583][ T3450] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3419.997601][ T3450] ? do_syscall_64+0x26/0x670 [ 3420.019148][ T3450] __x64_sys_clone+0xbf/0x150 [ 3420.019169][ T3450] do_syscall_64+0x103/0x670 [ 3420.019189][ T3450] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3420.019205][ T3450] RIP: 0033:0x458c29 [ 3420.029927][ T3450] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3420.029941][ T3450] RSP: 002b:00007fea30623c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 3420.040392][ T3450] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000458c29 [ 3420.040400][ T3450] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 3420.040407][ T3450] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 3420.040415][ T3450] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fea306246d4 [ 3420.040424][ T3450] R13: 00000000004befd3 R14: 00000000004d0020 R15: 00000000ffffffff [ 3420.045053][ T3450] memory: usage 307192kB, limit 307200kB, failcnt 97741 [ 3420.096434][ T3450] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3420.136578][ T3450] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3420.151948][ T3450] Memory cgroup stats for /syz5: cache:124KB rss:99512KB rss_huge:0KB shmem:132KB mapped_file:0KB dirty:132KB writeback:0KB swap:0KB inactive_anon:132KB active_anon:99600KB inactive_file:4KB active_file:0KB unevictable:0KB [ 3420.152029][ T3450] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=13627,uid=0 [ 3420.152141][ T3450] Memory cgroup out of memory: Killed process 13627 (syz-executor.5) total-vm:72448kB, anon-rss:156kB, file-rss:34816kB, shmem-rss:0kB [ 3420.192786][ T1044] oom_reaper: reaped process 13627 (syz-executor.5), now anon-rss:0kB, file-rss:34688kB, shmem-rss:0kB [ 3420.255364][ T3414] syz-executor.5 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 3420.306657][ T3414] CPU: 1 PID: 3414 Comm: syz-executor.5 Not tainted 5.1.0-rc5-next-20190418 #28 [ 3420.323465][ T3414] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3420.323472][ T3414] Call Trace: [ 3420.323497][ T3414] dump_stack+0x172/0x1f0 [ 3420.323524][ T3414] dump_header+0x10f/0xb6c [ 3420.342947][ T3414] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3420.342967][ T3414] ? ___ratelimit+0x60/0x595 [ 3420.342984][ T3414] ? do_raw_spin_unlock+0x57/0x270 [ 3420.343005][ T3414] oom_kill_process.cold+0x10/0x15 [ 3420.365725][ T3414] out_of_memory+0x79a/0x1280 [ 3420.365745][ T3414] ? oom_killer_disable+0x280/0x280 [ 3420.376072][ T3414] ? find_held_lock+0x35/0x130 [ 3420.376099][ T3414] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3420.376121][ T3414] ? memcg_event_wake+0x230/0x230 [ 3420.386175][ T3414] ? do_raw_spin_unlock+0x57/0x270 [ 3420.386191][ T3414] ? _raw_spin_unlock+0x2d/0x50 [ 3420.386213][ T3414] try_charge+0xd4d/0x1790 [ 3420.396653][ T3414] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3420.396669][ T3414] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 3420.396685][ T3414] ? find_held_lock+0x35/0x130 [ 3420.396703][ T3414] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 3420.412255][ T3414] __memcg_kmem_charge_memcg+0x7c/0x130 [ 3420.412272][ T3414] ? memcg_kmem_put_cache+0xb0/0xb0 [ 3420.412288][ T3414] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3420.412307][ T3414] __memcg_kmem_charge+0x136/0x300 [ 3420.422790][ T3414] __alloc_pages_nodemask+0x437/0x7e0 [ 3420.422804][ T3414] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3420.422818][ T3414] ? __alloc_pages_slowpath+0x28b0/0x28b0 [ 3420.422832][ T3414] ? copy_process.part.0+0x1d40/0x7a90 [ 3420.422856][ T3414] copy_process.part.0+0x3e0/0x7a90 [ 3420.422873][ T3414] ? psi_memstall_leave+0x11c/0x180 [ 3420.422890][ T3414] ? kvm_sched_clock_read+0x9/0x20 [ 3420.422906][ T3414] ? psi_memstall_leave+0x12e/0x180 [ 3420.422926][ T3414] ? find_held_lock+0x35/0x130 [ 3420.444980][ T3414] ? psi_memstall_leave+0x12e/0x180 [ 3420.445015][ T3414] ? __cleanup_sighand+0x60/0x60 [ 3420.455869][ T3414] ? __lock_acquire+0x548/0x3fb0 [ 3420.455886][ T3414] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3420.455915][ T3414] _do_fork+0x257/0xfd0 [ 3420.466453][ T3414] ? fork_idle+0x1d0/0x1d0 [ 3420.466473][ T3414] ? blkcg_maybe_throttle_current+0x5e2/0xfc0 [ 3420.466493][ T3414] ? lock_downgrade+0x880/0x880 [ 3420.484041][ T3414] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3420.484064][ T3414] ? blkcg_exit_queue+0x30/0x30 [ 3420.484085][ T3414] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3420.494583][ T3414] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3420.494603][ T3414] ? do_syscall_64+0x26/0x670 [ 3420.514844][ T3414] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3420.514862][ T3414] ? do_syscall_64+0x26/0x670 [ 3420.514884][ T3414] __x64_sys_clone+0xbf/0x150 [ 3420.514902][ T3414] do_syscall_64+0x103/0x670 [ 3420.541164][ T3414] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3420.541187][ T3414] RIP: 0033:0x45b5f9 [ 3420.551688][ T3414] Code: ff 48 85 f6 0f 84 d7 8e fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8e fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 3420.551705][ T3414] RSP: 002b:00007ffc1533c028 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 3420.563297][ T3414] RAX: ffffffffffffffda RBX: 00007fea30603700 RCX: 000000000045b5f9 [ 3420.563305][ T3414] RDX: 00007fea306039d0 RSI: 00007fea30602db0 RDI: 00000000003d0f00 [ 3420.563312][ T3414] RBP: 00007ffc1533c230 R08: 00007fea30603700 R09: 00007fea30603700 [ 3420.563319][ T3414] R10: 00007fea306039d0 R11: 0000000000000202 R12: 0000000000000000 [ 3420.563326][ T3414] R13: 00007ffc1533c0df R14: 00007fea306039c0 R15: 000000000073bfac [ 3420.566614][ T3414] memory: usage 307172kB, limit 307200kB, failcnt 97763 [ 3420.580875][ T3414] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3420.592376][ T3414] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3420.601866][ T3414] Memory cgroup stats for /syz5: cache:124KB rss:99512KB rss_huge:0KB shmem:132KB mapped_file:0KB dirty:132KB writeback:0KB swap:0KB inactive_anon:132KB active_anon:99468KB inactive_file:4KB active_file:0KB unevictable:0KB [ 3420.612595][ T3414] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=13941,uid=0 [ 3420.637307][ T3414] Memory cgroup out of memory: Killed process 13941 (syz-executor.5) total-vm:72448kB, anon-rss:156kB, file-rss:34816kB, shmem-rss:0kB [ 3420.785433][ T1044] oom_reaper: reaped process 13941 (syz-executor.5), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 03:44:04 executing program 1: 03:44:04 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$inet(0x2, 0x2000000080003, 0xc) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f00000000c0)=@broute={'broute\x00\x00\x00\x00\x02\x00\x00\x00\x00t\x00', 0x20, 0x1, 0x178, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000800], 0x2, 0x0, &(0x7f0000000800)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe, 0x1, [{{{0x11, 0x0, 0x0, 'bcsf0\x00\x00\x00\x00\b\x00', 'veth0_to_bond\x00\x02\x00', 'vcan0\x00', 'vlan0\x00', @broadcast, [], @link_local, [], 0xb0, 0xb0, 0xe8, [@devgroup={'devgroup\x00', 0x18, {{0x38}}}]}}, @common=@dnat={'dnat\x00', 0x10, {{@link_local}}}}]}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}]}, 0x1f0) fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0) 03:44:04 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x4a00, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:44:04 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000340)={0x0, 0x6a00, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:44:04 executing program 3: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) ptrace$setopts(0x4206, r0, 0x0, 0x0) r1 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x7fff, 0x400000) getsockopt$sock_buf(r1, 0x1, 0x3b, &(0x7f0000000040)=""/54, &(0x7f0000000080)=0x36) tkill(r0, 0x8040000001d) wait4(0x0, 0x0, 0x0, 0x0) 03:44:04 executing program 5: socket$inet_udplite(0x2, 0x2, 0x88) sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000002300)}, 0x0) clone(0x0, 0x0, 0x0, 0x0, 0x0) sysinfo(&(0x7f0000000000)=""/248) r0 = socket$inet(0x10, 0x3, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$sock_ifreq(r1, 0x89f1, &(0x7f0000000180)={'ip6tnl0\x00', @ifru_flags}) 03:44:04 executing program 1: 03:44:04 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x4b00, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:44:04 executing program 3: 03:44:04 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$inet(0x2, 0x2000000080003, 0xc) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f00000000c0)=@broute={'broute\x00\x00\x00\x00\x02\x00\x00\x00\x00t\x00', 0x20, 0x1, 0x178, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000800], 0x2, 0x0, &(0x7f0000000800)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe, 0x1, [{{{0x11, 0x0, 0x0, 'bcsf0\x00\x00\x00\x00\b\x00', 'veth0_to_bond\x00\x03\x00', 'vcan0\x00', 'vlan0\x00', @broadcast, [], @link_local, [], 0xb0, 0xb0, 0xe8, [@devgroup={'devgroup\x00', 0x18, {{0x38}}}]}}, @common=@dnat={'dnat\x00', 0x10, {{@link_local}}}}]}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}]}, 0x1f0) fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0) 03:44:04 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000340)={0x0, 0x6b00, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:44:04 executing program 1: 03:44:04 executing program 3: [ 3421.204006][ T3501] syz-executor.5 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 3421.320404][ T3501] CPU: 0 PID: 3501 Comm: syz-executor.5 Not tainted 5.1.0-rc5-next-20190418 #28 [ 3421.329489][ T3501] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3421.340205][ T3501] Call Trace: [ 3421.343526][ T3501] dump_stack+0x172/0x1f0 [ 3421.347994][ T3501] dump_header+0x10f/0xb6c [ 3421.352422][ T3501] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3421.358248][ T3501] ? ___ratelimit+0x60/0x595 [ 3421.367404][ T3501] ? do_raw_spin_unlock+0x57/0x270 [ 3421.372563][ T3501] oom_kill_process.cold+0x10/0x15 [ 3421.377883][ T3501] out_of_memory+0x79a/0x1280 [ 3421.382593][ T3501] ? lock_downgrade+0x880/0x880 [ 3421.387468][ T3501] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3421.393811][ T3501] ? oom_killer_disable+0x280/0x280 [ 3421.399113][ T3501] ? find_held_lock+0x35/0x130 [ 3421.404006][ T3501] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3421.409769][ T3501] ? memcg_event_wake+0x230/0x230 [ 3421.414821][ T3501] ? do_raw_spin_unlock+0x57/0x270 03:44:04 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$inet(0x2, 0x2000000080003, 0xc) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f00000000c0)=@broute={'broute\x00\x00\x00\x00\x02\x00\x00\x00\x00t\x00', 0x20, 0x1, 0x178, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000800], 0x2, 0x0, &(0x7f0000000800)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe, 0x1, [{{{0x11, 0x0, 0x0, 'bcsf0\x00\x00\x00\x00\b\x00', 'veth0_to_bond\x00\x04\x00', 'vcan0\x00', 'vlan0\x00', @broadcast, [], @link_local, [], 0xb0, 0xb0, 0xe8, [@devgroup={'devgroup\x00', 0x18, {{0x38}}}]}}, @common=@dnat={'dnat\x00', 0x10, {{@link_local}}}}]}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}]}, 0x1f0) fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0) 03:44:04 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x4c00, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) [ 3421.419955][ T3501] ? _raw_spin_unlock+0x2d/0x50 [ 3421.424937][ T3501] try_charge+0x118d/0x1790 [ 3421.429471][ T3501] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3421.435525][ T3501] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 3421.441065][ T3501] ? find_held_lock+0x35/0x130 [ 3421.441079][ T3501] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 3421.441101][ T3501] __memcg_kmem_charge_memcg+0x7c/0x130 [ 3421.441115][ T3501] ? memcg_kmem_put_cache+0xb0/0xb0 [ 3421.441132][ T3501] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3421.441155][ T3501] __memcg_kmem_charge+0x136/0x300 [ 3421.441172][ T3501] __alloc_pages_nodemask+0x437/0x7e0 [ 3421.441193][ T3501] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3421.441210][ T3501] ? __alloc_pages_slowpath+0x28b0/0x28b0 [ 3421.468196][ T3501] ? copy_process.part.0+0x1d40/0x7a90 [ 3421.468217][ T3501] ? lockdep_hardirqs_on+0x418/0x5d0 [ 3421.468235][ T3501] ? trace_hardirqs_on+0x67/0x230 [ 3421.468249][ T3501] ? kasan_check_read+0x11/0x20 [ 3421.468267][ T3501] copy_process.part.0+0x3e0/0x7a90 [ 3421.468283][ T3501] ? __lock_acquire+0x548/0x3fb0 [ 3421.468311][ T3501] ? __might_fault+0x12b/0x1e0 [ 3421.468333][ T3501] ? __cleanup_sighand+0x60/0x60 [ 3421.468348][ T3501] ? lock_downgrade+0x880/0x880 [ 3421.468372][ T3501] _do_fork+0x257/0xfd0 [ 3421.468390][ T3501] ? fork_idle+0x1d0/0x1d0 [ 3421.496970][ T3501] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3421.496985][ T3501] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3421.497004][ T3501] ? do_syscall_64+0x26/0x670 [ 3421.562838][ T3501] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe 03:44:05 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000340)={0x0, 0x6c00, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) [ 3421.568920][ T3501] ? do_syscall_64+0x26/0x670 [ 3421.573640][ T3501] __x64_sys_clone+0xbf/0x150 [ 3421.578541][ T3501] do_syscall_64+0x103/0x670 [ 3421.583323][ T3501] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3421.589490][ T3501] RIP: 0033:0x458c29 [ 3421.593482][ T3501] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 03:44:05 executing program 1: [ 3421.613470][ T3501] RSP: 002b:00007fea30623c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 3421.613484][ T3501] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000458c29 [ 3421.613493][ T3501] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 3421.613502][ T3501] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 3421.613509][ T3501] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fea306246d4 [ 3421.613515][ T3501] R13: 00000000004befd3 R14: 00000000004d0020 R15: 00000000ffffffff [ 3421.683336][ T3501] memory: usage 307196kB, limit 307200kB, failcnt 97810 [ 3421.692073][ T3501] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3421.703012][ T3501] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3421.713833][ T3501] Memory cgroup stats for /syz5: cache:124KB rss:99512KB rss_huge:0KB shmem:132KB mapped_file:0KB dirty:132KB writeback:0KB swap:0KB inactive_anon:132KB active_anon:99468KB inactive_file:4KB active_file:0KB unevictable:0KB [ 3421.738603][ T3501] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=3481,uid=0 [ 3421.793286][ T3501] Memory cgroup out of memory: Killed process 3481 (syz-executor.5) total-vm:72580kB, anon-rss:164kB, file-rss:34816kB, shmem-rss:0kB [ 3421.887090][ T3500] syz-executor.5 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 3421.905712][ T3500] CPU: 1 PID: 3500 Comm: syz-executor.5 Not tainted 5.1.0-rc5-next-20190418 #28 [ 3421.914977][ T3500] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3421.925177][ T3500] Call Trace: [ 3421.928478][ T3500] dump_stack+0x172/0x1f0 [ 3421.933085][ T3500] dump_header+0x10f/0xb6c [ 3421.937776][ T3500] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3421.943597][ T3500] ? ___ratelimit+0x60/0x595 [ 3421.948190][ T3500] ? do_raw_spin_unlock+0x57/0x270 [ 3421.953566][ T3500] oom_kill_process.cold+0x10/0x15 [ 3421.958728][ T3500] out_of_memory+0x79a/0x1280 [ 3421.963409][ T3500] ? oom_killer_disable+0x280/0x280 [ 3421.968685][ T3500] ? find_held_lock+0x35/0x130 [ 3421.973575][ T3500] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3421.979129][ T3500] ? memcg_event_wake+0x230/0x230 [ 3421.984438][ T3500] ? do_raw_spin_unlock+0x57/0x270 [ 3421.989804][ T3500] ? _raw_spin_unlock+0x2d/0x50 [ 3421.994733][ T3500] try_charge+0xd4d/0x1790 [ 3421.999495][ T3500] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3422.005340][ T3500] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 3422.010884][ T3500] ? find_held_lock+0x35/0x130 [ 3422.015836][ T3500] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 3422.021512][ T3500] __memcg_kmem_charge_memcg+0x7c/0x130 [ 3422.027068][ T3500] ? memcg_kmem_put_cache+0xb0/0xb0 [ 3422.032414][ T3500] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3422.037955][ T3500] __memcg_kmem_charge+0x136/0x300 [ 3422.043170][ T3500] __alloc_pages_nodemask+0x437/0x7e0 [ 3422.049197][ T3500] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3422.055796][ T3500] ? __alloc_pages_slowpath+0x28b0/0x28b0 [ 3422.061772][ T3500] ? copy_process.part.0+0x1d40/0x7a90 [ 3422.067226][ T3500] ? lockdep_hardirqs_on+0x418/0x5d0 [ 3422.072685][ T3500] ? trace_hardirqs_on+0x67/0x230 [ 3422.077709][ T3500] ? kasan_check_read+0x11/0x20 [ 3422.082573][ T3500] copy_process.part.0+0x3e0/0x7a90 [ 3422.087857][ T3500] ? psi_memstall_leave+0x11c/0x180 [ 3422.093070][ T3500] ? kvm_sched_clock_read+0x9/0x20 [ 3422.098473][ T3500] ? psi_memstall_leave+0x12e/0x180 [ 3422.103777][ T3500] ? find_held_lock+0x35/0x130 [ 3422.108616][ T3500] ? psi_memstall_leave+0x12e/0x180 [ 3422.113840][ T3500] ? __cleanup_sighand+0x60/0x60 [ 3422.118884][ T3500] ? __lock_acquire+0x548/0x3fb0 [ 3422.124043][ T3500] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3422.130722][ T3500] _do_fork+0x257/0xfd0 [ 3422.135163][ T3500] ? fork_idle+0x1d0/0x1d0 [ 3422.139742][ T3500] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3422.145634][ T3500] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3422.151117][ T3500] ? do_syscall_64+0x26/0x670 [ 3422.156058][ T3500] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3422.162215][ T3500] ? do_syscall_64+0x26/0x670 [ 3422.166902][ T3500] __x64_sys_clone+0xbf/0x150 [ 3422.171676][ T3500] do_syscall_64+0x103/0x670 [ 3422.177132][ T3500] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3422.183041][ T3500] RIP: 0033:0x45b5f9 [ 3422.187136][ T3500] Code: ff 48 85 f6 0f 84 d7 8e fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8e fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 3422.208236][ T3500] RSP: 002b:00007ffc1533c028 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 3422.216774][ T3500] RAX: ffffffffffffffda RBX: 00007fea30603700 RCX: 000000000045b5f9 [ 3422.224774][ T3500] RDX: 00007fea306039d0 RSI: 00007fea30602db0 RDI: 00000000003d0f00 [ 3422.232932][ T3500] RBP: 00007ffc1533c230 R08: 00007fea30603700 R09: 00007fea30603700 [ 3422.241009][ T3500] R10: 00007fea306039d0 R11: 0000000000000202 R12: 0000000000000000 [ 3422.249001][ T3500] R13: 00007ffc1533c0df R14: 00007fea306039c0 R15: 000000000073bfac [ 3422.258092][ T3500] memory: usage 307128kB, limit 307200kB, failcnt 97813 [ 3422.265359][ T3500] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3422.273818][ T3500] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3422.280766][ T3500] Memory cgroup stats for /syz5: cache:124KB rss:99512KB rss_huge:0KB shmem:132KB mapped_file:0KB dirty:132KB writeback:0KB swap:0KB inactive_anon:132KB active_anon:99468KB inactive_file:4KB active_file:0KB unevictable:0KB [ 3422.280839][ T3500] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=3484,uid=0 [ 3422.318133][ T3500] Memory cgroup out of memory: Killed process 3484 (syz-executor.5) total-vm:72580kB, anon-rss:164kB, file-rss:34816kB, shmem-rss:0kB [ 3422.369626][ T3500] syz-executor.5 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 3422.382215][ T3500] CPU: 1 PID: 3500 Comm: syz-executor.5 Not tainted 5.1.0-rc5-next-20190418 #28 [ 3422.391267][ T3500] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3422.401537][ T3500] Call Trace: [ 3422.404931][ T3500] dump_stack+0x172/0x1f0 [ 3422.409291][ T3500] dump_header+0x10f/0xb6c [ 3422.413794][ T3500] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3422.419683][ T3500] ? ___ratelimit+0x60/0x595 [ 3422.424288][ T3500] ? do_raw_spin_unlock+0x57/0x270 [ 3422.429410][ T3500] oom_kill_process.cold+0x10/0x15 [ 3422.434514][ T3500] out_of_memory+0x79a/0x1280 [ 3422.439277][ T3500] ? lock_downgrade+0x880/0x880 [ 3422.444133][ T3500] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3422.450370][ T3500] ? oom_killer_disable+0x280/0x280 [ 3422.455582][ T3500] ? find_held_lock+0x35/0x130 [ 3422.460520][ T3500] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3422.466074][ T3500] ? memcg_event_wake+0x230/0x230 [ 3422.471130][ T3500] ? do_raw_spin_unlock+0x57/0x270 [ 3422.476658][ T3500] ? _raw_spin_unlock+0x2d/0x50 [ 3422.481600][ T3500] try_charge+0x118d/0x1790 [ 3422.486196][ T3500] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3422.491748][ T3500] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 3422.499833][ T3500] ? find_held_lock+0x35/0x130 [ 3422.504694][ T3500] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 3422.510249][ T3500] __memcg_kmem_charge_memcg+0x7c/0x130 [ 3422.515798][ T3500] ? memcg_kmem_put_cache+0xb0/0xb0 [ 3422.520997][ T3500] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3422.526650][ T3500] __memcg_kmem_charge+0x136/0x300 [ 3422.532090][ T3500] __alloc_pages_nodemask+0x437/0x7e0 [ 3422.537464][ T3500] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3422.543756][ T3500] ? __alloc_pages_slowpath+0x28b0/0x28b0 [ 3422.549644][ T3500] ? copy_process.part.0+0x1d40/0x7a90 [ 3422.555128][ T3500] ? lockdep_hardirqs_on+0x418/0x5d0 [ 3422.560430][ T3500] ? trace_hardirqs_on+0x67/0x230 [ 3422.565448][ T3500] ? kasan_check_read+0x11/0x20 [ 3422.570308][ T3500] copy_process.part.0+0x3e0/0x7a90 [ 3422.575661][ T3500] ? psi_memstall_leave+0x11c/0x180 [ 3422.580854][ T3500] ? kvm_sched_clock_read+0x9/0x20 [ 3422.585960][ T3500] ? psi_memstall_leave+0x12e/0x180 [ 3422.591361][ T3500] ? find_held_lock+0x35/0x130 [ 3422.596484][ T3500] ? psi_memstall_leave+0x12e/0x180 [ 3422.601880][ T3500] ? __cleanup_sighand+0x60/0x60 [ 3422.606919][ T3500] ? __lock_acquire+0x548/0x3fb0 [ 3422.611848][ T3500] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3422.618094][ T3500] _do_fork+0x257/0xfd0 [ 3422.622367][ T3500] ? fork_idle+0x1d0/0x1d0 [ 3422.626920][ T3500] ? blkcg_maybe_throttle_current+0x5e2/0xfc0 [ 3422.633195][ T3500] ? lock_downgrade+0x880/0x880 [ 3422.638146][ T3500] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3422.644383][ T3500] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3422.650661][ T3500] ? debug_smp_processor_id+0x3c/0x280 [ 3422.656128][ T3500] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3422.661621][ T3500] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3422.667079][ T3500] ? do_syscall_64+0x26/0x670 [ 3422.671933][ T3500] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3422.678117][ T3500] ? do_syscall_64+0x26/0x670 [ 3422.682993][ T3500] __x64_sys_clone+0xbf/0x150 [ 3422.687663][ T3500] do_syscall_64+0x103/0x670 [ 3422.692446][ T3500] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3422.698436][ T3500] RIP: 0033:0x45b5f9 [ 3422.702346][ T3500] Code: ff 48 85 f6 0f 84 d7 8e fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8e fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 3422.722513][ T3500] RSP: 002b:00007ffc1533c028 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 3422.731010][ T3500] RAX: ffffffffffffffda RBX: 00007fea305e2700 RCX: 000000000045b5f9 [ 3422.739073][ T3500] RDX: 00007fea305e29d0 RSI: 00007fea305e1db0 RDI: 00000000003d0f00 [ 3422.747273][ T3500] RBP: 00007ffc1533c230 R08: 00007fea305e2700 R09: 00007fea305e2700 [ 3422.755329][ T3500] R10: 00007fea305e29d0 R11: 0000000000000202 R12: 0000000000000000 [ 3422.763304][ T3500] R13: 00007ffc1533c0df R14: 00007fea305e29c0 R15: 000000000073c04c [ 3422.773604][ T3500] memory: usage 307200kB, limit 307200kB, failcnt 97865 [ 3422.780704][ T3500] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3422.788432][ T3500] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3422.788439][ T3500] Memory cgroup stats for /syz5: cache:124KB rss:99512KB rss_huge:0KB shmem:132KB mapped_file:0KB dirty:132KB writeback:0KB swap:0KB inactive_anon:132KB active_anon:99468KB inactive_file:4KB active_file:0KB unevictable:0KB 03:44:06 executing program 5: socket$inet_udplite(0x2, 0x2, 0x88) sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000002300)}, 0x0) clone(0x0, 0x0, 0x0, 0x0, 0x0) sysinfo(&(0x7f0000000000)=""/248) r0 = socket$inet(0x10, 0x3, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$sock_ifreq(r1, 0x89f1, &(0x7f0000000180)={'ip6tnl0\x00', @ifru_flags}) 03:44:06 executing program 3: 03:44:06 executing program 1: 03:44:06 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$inet(0x2, 0x2000000080003, 0xc) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f00000000c0)=@broute={'broute\x00\x00\x00\x00\x02\x00\x00\x00\x00t\x00', 0x20, 0x1, 0x178, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000800], 0x2, 0x0, &(0x7f0000000800)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe, 0x1, [{{{0x11, 0x0, 0x0, 'bcsf0\x00\x00\x00\x00\b\x00', 'veth0_to_bond\x00\x05\x00', 'vcan0\x00', 'vlan0\x00', @broadcast, [], @link_local, [], 0xb0, 0xb0, 0xe8, [@devgroup={'devgroup\x00', 0x18, {{0x38}}}]}}, @common=@dnat={'dnat\x00', 0x10, {{@link_local}}}}]}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}]}, 0x1f0) fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0) 03:44:06 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000340)={0x0, 0x6d00, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:44:06 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x4d00, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) [ 3422.817022][ T3500] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=3500,uid=0 [ 3422.817149][ T3500] Memory cgroup out of memory: Killed process 3500 (syz-executor.5) total-vm:72712kB, anon-rss:164kB, file-rss:35724kB, shmem-rss:0kB [ 3422.848952][ T1044] oom_reaper: reaped process 3500 (syz-executor.5), now anon-rss:0kB, file-rss:34828kB, shmem-rss:0kB 03:44:06 executing program 1: 03:44:06 executing program 3: 03:44:06 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x4e00, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:44:06 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$inet(0x2, 0x2000000080003, 0xc) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f00000000c0)=@broute={'broute\x00\x00\x00\x00\x02\x00\x00\x00\x00t\x00', 0x20, 0x1, 0x178, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000800], 0x2, 0x0, &(0x7f0000000800)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe, 0x1, [{{{0x11, 0x0, 0x0, 'bcsf0\x00\x00\x00\x00\b\x00', 'veth0_to_bond\x00\x06\x00', 'vcan0\x00', 'vlan0\x00', @broadcast, [], @link_local, [], 0xb0, 0xb0, 0xe8, [@devgroup={'devgroup\x00', 0x18, {{0x38}}}]}}, @common=@dnat={'dnat\x00', 0x10, {{@link_local}}}}]}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}]}, 0x1f0) fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0) 03:44:06 executing program 3: 03:44:06 executing program 1: [ 3423.104291][ T3923] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3423.181813][ T3923] CPU: 0 PID: 3923 Comm: syz-executor.5 Not tainted 5.1.0-rc5-next-20190418 #28 [ 3423.191161][ T3923] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3423.201470][ T3923] Call Trace: [ 3423.204778][ T3923] dump_stack+0x172/0x1f0 [ 3423.209561][ T3923] dump_header+0x10f/0xb6c [ 3423.214020][ T3923] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3423.219844][ T3923] ? ___ratelimit+0x60/0x595 [ 3423.224637][ T3923] ? do_raw_spin_unlock+0x57/0x270 [ 3423.229768][ T3923] oom_kill_process.cold+0x10/0x15 [ 3423.229786][ T3923] out_of_memory+0x79a/0x1280 [ 3423.239639][ T3923] ? lock_downgrade+0x880/0x880 [ 3423.239652][ T3923] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3423.239666][ T3923] ? oom_killer_disable+0x280/0x280 [ 3423.239676][ T3923] ? find_held_lock+0x35/0x130 [ 3423.239699][ T3923] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3423.239712][ T3923] ? memcg_event_wake+0x230/0x230 [ 3423.239729][ T3923] ? do_raw_spin_unlock+0x57/0x270 [ 3423.239743][ T3923] ? _raw_spin_unlock+0x2d/0x50 [ 3423.239756][ T3923] try_charge+0x118d/0x1790 [ 3423.239771][ T3923] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3423.239782][ T3923] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3423.239795][ T3923] ? kasan_check_read+0x11/0x20 [ 3423.239808][ T3923] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3423.239822][ T3923] mem_cgroup_try_charge+0x24d/0x5e0 [ 3423.239837][ T3923] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3423.239853][ T3923] __handle_mm_fault+0x1e1f/0x3ec0 [ 3423.239868][ T3923] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3423.239877][ T3923] ? find_held_lock+0x35/0x130 [ 3423.239888][ T3923] ? handle_mm_fault+0x292/0xa90 [ 3423.239904][ T3923] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3423.239915][ T3923] ? kasan_check_read+0x11/0x20 [ 3423.239929][ T3923] handle_mm_fault+0x3b7/0xa90 [ 3423.239945][ T3923] __do_page_fault+0x5ef/0xda0 [ 3423.239960][ T3923] do_page_fault+0x71/0x581 [ 3423.239971][ T3923] ? page_fault+0x8/0x30 [ 3423.239991][ T3923] page_fault+0x1e/0x30 [ 3423.240001][ T3923] RIP: 0033:0x400610 [ 3423.240013][ T3923] Code: 01 e9 c9 00 00 00 48 8b 44 24 10 48 0b 44 24 28 be 08 00 00 00 48 8b 14 24 75 17 48 8b 7c 24 20 e8 f5 51 00 00 48 8b 4c 24 08 <48> 89 01 e9 9d 00 00 00 48 8b 44 24 08 48 8b 38 e8 db 51 00 00 8a [ 3423.240024][ T3923] RSP: 002b:00007ffc1533c120 EFLAGS: 00010206 [ 3423.240032][ T3923] RAX: 0000000000000000 RBX: 0000000000740060 RCX: 0000000020000180 [ 3423.240038][ T3923] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000000 [ 3423.240044][ T3923] RBP: 0000000000740068 R08: 0000000000000000 R09: 0000000000000000 [ 3423.240050][ T3923] R10: 00007ffc1533c220 R11: 0000000000000246 R12: fffffffffffffffe [ 3423.240055][ T3923] R13: 0000000000343ab6 R14: 0000000000343ae3 R15: 000000000073bf0c [ 3423.313795][ T3923] memory: usage 307200kB, limit 307200kB, failcnt 97883 [ 3423.366425][ T3923] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3423.399012][ T3923] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3423.405620][ T3923] Memory cgroup stats for /syz5: cache:124KB rss:99512KB rss_huge:0KB shmem:132KB mapped_file:0KB dirty:132KB writeback:0KB swap:0KB inactive_anon:132KB active_anon:99468KB inactive_file:4KB active_file:0KB unevictable:0KB [ 3423.434816][ T3923] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=3911,uid=0 [ 3423.457006][ T3923] Memory cgroup out of memory: Killed process 3911 (syz-executor.5) total-vm:72580kB, anon-rss:164kB, file-rss:34816kB, shmem-rss:0kB [ 3423.525152][ T3927] syz-executor.5 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 3423.560145][ T3927] CPU: 0 PID: 3927 Comm: syz-executor.5 Not tainted 5.1.0-rc5-next-20190418 #28 [ 3423.575569][ T3927] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3423.575574][ T3927] Call Trace: [ 3423.575601][ T3927] dump_stack+0x172/0x1f0 [ 3423.575621][ T3927] dump_header+0x10f/0xb6c [ 3423.575637][ T3927] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3423.575652][ T3927] ? ___ratelimit+0x60/0x595 [ 3423.575667][ T3927] ? do_raw_spin_unlock+0x57/0x270 [ 3423.575686][ T3927] oom_kill_process.cold+0x10/0x15 [ 3423.621200][ T3927] out_of_memory+0x79a/0x1280 [ 3423.626093][ T3927] ? lock_downgrade+0x880/0x880 [ 3423.630970][ T3927] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3423.637348][ T3927] ? oom_killer_disable+0x280/0x280 [ 3423.642782][ T3927] ? find_held_lock+0x35/0x130 [ 3423.647745][ T3927] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3423.653315][ T3927] ? memcg_event_wake+0x230/0x230 [ 3423.658606][ T3927] ? do_raw_spin_unlock+0x57/0x270 [ 3423.663951][ T3927] ? _raw_spin_unlock+0x2d/0x50 [ 3423.668819][ T3927] try_charge+0x118d/0x1790 [ 3423.673432][ T3927] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3423.679402][ T3927] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 3423.685639][ T3927] ? find_held_lock+0x35/0x130 [ 3423.690513][ T3927] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 3423.696139][ T3927] __memcg_kmem_charge_memcg+0x7c/0x130 [ 3423.701683][ T3927] ? memcg_kmem_put_cache+0xb0/0xb0 [ 3423.706968][ T3927] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3423.712530][ T3927] __memcg_kmem_charge+0x136/0x300 [ 3423.717649][ T3927] __alloc_pages_nodemask+0x437/0x7e0 [ 3423.723106][ T3927] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3423.729460][ T3927] ? __alloc_pages_slowpath+0x28b0/0x28b0 [ 3423.735350][ T3927] ? copy_process.part.0+0x1d40/0x7a90 [ 3423.740906][ T3927] ? lockdep_hardirqs_on+0x418/0x5d0 [ 3423.746285][ T3927] ? trace_hardirqs_on+0x67/0x230 [ 3423.751319][ T3927] ? kasan_check_read+0x11/0x20 [ 3423.756192][ T3927] copy_process.part.0+0x3e0/0x7a90 [ 3423.761425][ T3927] ? __lock_acquire+0x548/0x3fb0 [ 3423.766371][ T3927] ? __might_fault+0x12b/0x1e0 [ 3423.771149][ T3927] ? __cleanup_sighand+0x60/0x60 [ 3423.776107][ T3927] ? lock_downgrade+0x880/0x880 [ 3423.781054][ T3927] _do_fork+0x257/0xfd0 [ 3423.785229][ T3927] ? fork_idle+0x1d0/0x1d0 [ 3423.789642][ T3927] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3423.795188][ T3927] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3423.800636][ T3927] ? do_syscall_64+0x26/0x670 [ 3423.805451][ T3927] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3423.811511][ T3927] ? do_syscall_64+0x26/0x670 [ 3423.816288][ T3927] __x64_sys_clone+0xbf/0x150 [ 3423.820958][ T3927] do_syscall_64+0x103/0x670 [ 3423.825573][ T3927] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3423.831450][ T3927] RIP: 0033:0x458c29 [ 3423.835476][ T3927] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3423.855163][ T3927] RSP: 002b:00007fea30623c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 3423.863828][ T3927] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000458c29 [ 3423.871875][ T3927] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 3423.879861][ T3927] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 3423.887823][ T3927] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fea306246d4 [ 3423.895985][ T3927] R13: 00000000004befd3 R14: 00000000004d0020 R15: 00000000ffffffff [ 3423.910189][ T3927] memory: usage 307200kB, limit 307200kB, failcnt 97926 [ 3423.917257][ T3927] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3423.924978][ T3927] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3423.932007][ T3927] Memory cgroup stats for /syz5: cache:124KB rss:99512KB rss_huge:0KB shmem:132KB mapped_file:0KB dirty:132KB writeback:0KB swap:0KB inactive_anon:132KB active_anon:99468KB inactive_file:4KB active_file:0KB unevictable:0KB [ 3423.955849][ T3927] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=3913,uid=0 [ 3423.971382][ T3927] Memory cgroup out of memory: Killed process 3913 (syz-executor.5) total-vm:72580kB, anon-rss:164kB, file-rss:34816kB, shmem-rss:0kB [ 3424.004691][ T3923] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3424.016270][ T3923] CPU: 0 PID: 3923 Comm: syz-executor.5 Not tainted 5.1.0-rc5-next-20190418 #28 [ 3424.025313][ T3923] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3424.035508][ T3923] Call Trace: [ 3424.038831][ T3923] dump_stack+0x172/0x1f0 [ 3424.043265][ T3923] dump_header+0x10f/0xb6c [ 3424.047689][ T3923] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3424.053617][ T3923] ? ___ratelimit+0x60/0x595 [ 3424.058214][ T3923] ? do_raw_spin_unlock+0x57/0x270 [ 3424.063343][ T3923] oom_kill_process.cold+0x10/0x15 [ 3424.068463][ T3923] out_of_memory+0x79a/0x1280 [ 3424.073242][ T3923] ? oom_killer_disable+0x280/0x280 [ 3424.078460][ T3923] ? find_held_lock+0x35/0x130 [ 3424.083345][ T3923] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3424.088908][ T3923] ? memcg_event_wake+0x230/0x230 [ 3424.094039][ T3923] ? do_raw_spin_unlock+0x57/0x270 [ 3424.099171][ T3923] ? _raw_spin_unlock+0x2d/0x50 [ 3424.104100][ T3923] try_charge+0xd4d/0x1790 [ 3424.108624][ T3923] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3424.114182][ T3923] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3424.120788][ T3923] ? kasan_check_read+0x11/0x20 [ 3424.125651][ T3923] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3424.131216][ T3923] mem_cgroup_try_charge+0x24d/0x5e0 [ 3424.136521][ T3923] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3424.142348][ T3923] wp_page_copy+0x416/0x1770 [ 3424.146975][ T3923] ? do_wp_page+0x486/0x1500 [ 3424.151659][ T3923] ? pmd_pfn+0x1d0/0x1d0 [ 3424.156095][ T3923] ? lock_downgrade+0x880/0x880 [ 3424.160962][ T3923] ? swp_swapcount+0x540/0x540 [ 3424.165737][ T3923] ? kasan_check_read+0x11/0x20 [ 3424.170599][ T3923] ? do_raw_spin_unlock+0x57/0x270 [ 3424.175723][ T3923] do_wp_page+0x48e/0x1500 [ 3424.180166][ T3923] ? finish_mkwrite_fault+0x540/0x540 [ 3424.185742][ T3923] __handle_mm_fault+0x22e8/0x3ec0 [ 3424.190876][ T3923] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3424.196440][ T3923] ? find_held_lock+0x35/0x130 [ 3424.201215][ T3923] ? handle_mm_fault+0x292/0xa90 [ 3424.207738][ T3923] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3424.214170][ T3923] ? kasan_check_read+0x11/0x20 [ 3424.219470][ T3923] handle_mm_fault+0x3b7/0xa90 [ 3424.224258][ T3923] __do_page_fault+0x5ef/0xda0 [ 3424.229044][ T3923] do_page_fault+0x71/0x581 [ 3424.233741][ T3923] ? page_fault+0x8/0x30 [ 3424.238017][ T3923] page_fault+0x1e/0x30 [ 3424.242203][ T3923] RIP: 0033:0x41066a [ 3424.246278][ T3923] Code: 89 85 90 06 00 00 49 8d 85 10 03 00 00 49 89 95 98 06 00 00 41 c7 45 18 01 00 00 00 49 89 85 10 05 00 00 48 8b 05 fe 5b 64 00 00 01 00 00 00 c7 05 0a 5c 64 00 01 00 00 00 41 c7 85 1c 06 00 [ 3424.265939][ T3923] RSP: 002b:00007ffc1533c070 EFLAGS: 00010206 [ 3424.272024][ T3923] RAX: 0000000000a56748 RBX: 0000000000020000 RCX: 0000000000458c7a [ 3424.280013][ T3923] RDX: 0000000000021000 RSI: 0000000000021000 RDI: 0000000000000000 [ 3424.288003][ T3923] RBP: 00007ffc1533c150 R08: ffffffffffffffff R09: 0000000000000000 [ 3424.296101][ T3923] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffc1533c230 [ 3424.304084][ T3923] R13: 00007fea30603700 R14: 0000000000000001 R15: 000000000073bfac [ 3424.313134][ T3923] memory: usage 307084kB, limit 307200kB, failcnt 97926 [ 3424.320264][ T3923] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3424.328129][ T3923] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3424.334990][ T3923] Memory cgroup stats for /syz5: cache:124KB rss:99512KB rss_huge:0KB shmem:132KB mapped_file:0KB dirty:132KB writeback:0KB swap:0KB inactive_anon:132KB active_anon:99468KB inactive_file:4KB active_file:0KB unevictable:0KB 03:44:08 executing program 5: socket$inet_udplite(0x2, 0x2, 0x88) sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000002300)}, 0x0) clone(0x0, 0x0, 0x0, 0x0, 0x0) sysinfo(&(0x7f0000000000)=""/248) r0 = socket$inet(0x10, 0x3, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$sock_ifreq(r1, 0x89f1, &(0x7f0000000180)={'ip6tnl0\x00', @ifru_flags}) 03:44:08 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000340)={0x0, 0x6e00, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:44:08 executing program 1: r0 = socket$packet(0x11, 0x3, 0x300) r1 = syz_open_dev$adsp(&(0x7f0000000000)='/dev/adsp#\x00', 0xb92, 0x280) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffff9c, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x13f, 0x3}}, 0x20) write$RDMA_USER_CM_CMD_QUERY(r1, &(0x7f0000000300)={0x13, 0x5, 0xfa00, {&(0x7f0000000100), r2}}, 0x18) getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000380)={0x0, @in6={{0xa, 0x4e24, 0x8, @loopback, 0xcf3}}, 0x9, 0x7, 0x20, 0x10000, 0x10}, &(0x7f0000000440)=0x98) setsockopt$inet_sctp6_SCTP_AUTH_DEACTIVATE_KEY(r1, 0x84, 0x23, &(0x7f0000000480)={r3}, 0x8) readahead(r0, 0x2, 0x2) setsockopt$packet_int(r0, 0x107, 0x20000000001, &(0x7f00000000c0)=0x3, 0x3a) syz_open_dev$vcsn(&(0x7f0000000340)='/dev/vcs#\x00', 0x0, 0x80040) 03:44:08 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x4f00, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:44:08 executing program 3: ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0) prctl$PR_SET_KEEPCAPS(0x8, 0x0) r0 = openat$cgroup_type(0xffffffffffffff9c, &(0x7f0000000000)='cgroup.type\x00', 0x2, 0x0) readv(r0, &(0x7f0000000500)=[{&(0x7f0000000140)=""/14, 0xe}, {&(0x7f0000000300)=""/46, 0x2e}, {&(0x7f0000000380)=""/151, 0x97}, {&(0x7f0000000440)=""/89, 0x59}, {&(0x7f00000004c0)=""/58, 0x3a}], 0x5) r1 = creat(&(0x7f00000001c0)='./bus\x00', 0xffffffffffdffffe) r2 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) sendmmsg(r1, &(0x7f0000000940)=[{{&(0x7f0000000680)=@tipc=@nameseq={0x1e, 0x1, 0x0, {0x1, 0x4}}, 0x80, &(0x7f0000000700), 0x0, &(0x7f0000000740)=[{0xe8, 0x119, 0x400, "1507315b36d39dcb2a413822dae557604f8cc8955f1bbd4335724caa83add21f5a6692a6e22b78834fff457be31bdc9173e99c3896fb6c84166c8317f43f995d51ad112ae6268fbada89360e6dc3d7dba3ca1ce1acf83f1e9dbef88f3aa42c962afae8aa952ed83d15bc4c9ad1bd468187cf9eaae37be69a7af5e253c06fb9ad27e516273117d73f3db0a779d94d2e74f653d5b66dae39096de5865122ff7a5132f32f91a34c2ea393fe120a55c77b3e1668140cc9105b5e763c43f4f914f6d80f394e7dc9620bb54d51f70364e7c0612f"}, {0x110, 0x113, 0x3, "1f7e02b9e7fde45967d1c9ebc8219ebf07e03b64398c557df82540e5a7c6c96f07ceb818f3277fb4fd06d2a07914f82f0e6bae24b50d7f4bbe7d0e1c619de0302e3e6e169fe5080fd653a6ab1bcbc6cfa0f9821adcdb79383dcd36bc5b6f8b1b5f8c81c151983a801c7d2964a5015b7c0cdf9364f074d4af712d4c404739a54ac5268894f09fded26458640e6fa75226c0542327ed501c6721f7cf383854f677bd2ebff1268a91f009bdf8d8962494da8d0c6e0cf9aa10865ee2db946e5e45e8c15702e23f94f0a25d9f4b668882b5434ce0101b0603a8945ff2b0b5a4aa4f3f22a379bb0aa110dd31c593bbdabd7d6fe4d0ec02ff01e6e4b9"}], 0x1f8}, 0x9}], 0x1, 0x4000) write$apparmor_current(r2, &(0x7f0000000580)=ANY=[@ANYBLOB="e1f0cea995d7669f5c7c70b0db765dc41b225920aaea6f3cef79262dc7032f993c826176683389015b94ec4823853d270e24a2097cb96200e2241f68440f683a1f4ef51a3ef95f982a1a4c89f0635f79cbb362568606aa10b08809f2667bab0ac994f9d948abd5665abef8068856616bc31f11587cacac24906e664225d2c7c8b186f1c9621e00008cf708eb0b0dd5803bfc18439fe1a9f801c47c34054c510e06640955a9356c0e187b256fe95fcfc1a31b87d4e900af8ee9977908b61279e02859d0b748078c5da1738367808da5ac8e2b15a9552b44"], 0x1) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) lsetxattr$trusted_overlay_upper(&(0x7f0000000100)='./bus\x00', &(0x7f0000000200)='trusted.overlay.upper\x00', 0x0, 0x0, 0x0) r3 = open(&(0x7f0000000180)='./bus\x00', 0x0, 0x0) lsetxattr$security_selinux(&(0x7f0000000240)='./bus\x00', &(0x7f00000002c0)='security.selinux\x00', &(0x7f0000000340)='system_u:object_r:inetd_var_run_t:s0\x00', 0x25, 0x0) sendfile(r2, r3, 0x0, 0x8000fffffffe) ioctl$RNDZAPENTCNT(r1, 0x5204, &(0x7f0000000280)) 03:44:08 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$inet(0x2, 0x2000000080003, 0xc) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f00000000c0)=@broute={'broute\x00\x00\x00\x00\x02\x00\x00\x00\x00t\x00', 0x20, 0x1, 0x178, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000800], 0x2, 0x0, &(0x7f0000000800)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe, 0x1, [{{{0x11, 0x0, 0x0, 'bcsf0\x00\x00\x00\x00\b\x00', 'veth0_to_bond\x00\a\x00', 'vcan0\x00', 'vlan0\x00', @broadcast, [], @link_local, [], 0xb0, 0xb0, 0xe8, [@devgroup={'devgroup\x00', 0x18, {{0x38}}}]}}, @common=@dnat={'dnat\x00', 0x10, {{@link_local}}}}]}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}]}, 0x1f0) fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0) [ 3424.356713][ T3923] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=14272,uid=0 [ 3424.372312][ T3923] Memory cgroup out of memory: Killed process 14272 (syz-executor.5) total-vm:72448kB, anon-rss:156kB, file-rss:34816kB, shmem-rss:0kB [ 3424.495335][ T26] audit: type=1804 audit(2000000648.089:204): pid=4085 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir217225525/syzkaller.d07L5x/5962/bus" dev="sda1" ino=18825 res=1 03:44:08 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x5000, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:44:08 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$inet(0x2, 0x2000000080003, 0xc) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f00000000c0)=@broute={'broute\x00\x00\x00\x00\x02\x00\x00\x00\x00t\x00', 0x20, 0x1, 0x178, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000800], 0x2, 0x0, &(0x7f0000000800)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe, 0x1, [{{{0x11, 0x0, 0x0, 'bcsf0\x00\x00\x00\x00\b\x00', 'veth0_to_bond\x00\t\x00', 'vcan0\x00', 'vlan0\x00', @broadcast, [], @link_local, [], 0xb0, 0xb0, 0xe8, [@devgroup={'devgroup\x00', 0x18, {{0x38}}}]}}, @common=@dnat={'dnat\x00', 0x10, {{@link_local}}}}]}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}]}, 0x1f0) fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0) 03:44:08 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") mknod$loop(&(0x7f0000000100)='./file0\x00', 0x400002200006007, 0x0) r1 = creat(&(0x7f0000000200)='./file0\x00', 0x0) ioctl$sock_SIOCBRDELBR(r0, 0x89a1, &(0x7f0000000040)='rose0\x00') mmap(&(0x7f0000000000/0xfda000)=nil, 0xfda000, 0x2, 0x31, 0xffffffffffffffff, 0x0) ioctl$BLKALIGNOFF(r1, 0x127e, &(0x7f0000000000)) 03:44:08 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000340)={0x0, 0x6f00, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) [ 3424.655674][ T4176] syz-executor.5 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 3424.771212][ T4176] CPU: 1 PID: 4176 Comm: syz-executor.5 Not tainted 5.1.0-rc5-next-20190418 #28 [ 3424.780297][ T4176] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3424.790459][ T4176] Call Trace: [ 3424.793863][ T4176] dump_stack+0x172/0x1f0 [ 3424.798210][ T4176] dump_header+0x10f/0xb6c [ 3424.802645][ T4176] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3424.808474][ T4176] ? ___ratelimit+0x60/0x595 [ 3424.813077][ T4176] ? do_raw_spin_unlock+0x57/0x270 [ 3424.818200][ T4176] oom_kill_process.cold+0x10/0x15 [ 3424.823367][ T4176] out_of_memory+0x79a/0x1280 [ 3424.828088][ T4176] ? lock_downgrade+0x880/0x880 [ 3424.832949][ T4176] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3424.839218][ T4176] ? oom_killer_disable+0x280/0x280 [ 3424.844425][ T4176] ? find_held_lock+0x35/0x130 [ 3424.849304][ T4176] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3424.854873][ T4176] ? memcg_event_wake+0x230/0x230 [ 3424.859929][ T4176] ? do_raw_spin_unlock+0x57/0x270 [ 3424.865168][ T4176] ? _raw_spin_unlock+0x2d/0x50 [ 3424.870035][ T4176] try_charge+0x118d/0x1790 [ 3424.874564][ T4176] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3424.880153][ T4176] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 3424.885717][ T4176] ? find_held_lock+0x35/0x130 [ 3424.890532][ T4176] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 3424.896106][ T4176] __memcg_kmem_charge_memcg+0x7c/0x130 [ 3424.901755][ T4176] ? memcg_kmem_put_cache+0xb0/0xb0 [ 3424.906977][ T4176] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3424.912543][ T4176] __memcg_kmem_charge+0x136/0x300 [ 3424.917673][ T4176] __alloc_pages_nodemask+0x437/0x7e0 [ 3424.923060][ T4176] ? __alloc_pages_slowpath+0x28b0/0x28b0 [ 3424.928910][ T4176] ? is_dynamic_key+0x1c0/0x1c0 [ 3424.933994][ T4176] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3424.940345][ T4176] alloc_pages_current+0x107/0x210 [ 3424.945482][ T4176] pte_alloc_one+0x1b/0x1a0 [ 3424.950012][ T4176] __handle_mm_fault+0x3491/0x3ec0 [ 3424.955155][ T4176] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3424.960720][ T4176] ? find_held_lock+0x35/0x130 [ 3424.965513][ T4176] ? handle_mm_fault+0x292/0xa90 [ 3424.970587][ T4176] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3424.976853][ T4176] ? kasan_check_read+0x11/0x20 [ 3424.981727][ T4176] handle_mm_fault+0x3b7/0xa90 [ 3424.986508][ T4176] __do_page_fault+0x5ef/0xda0 [ 3424.991419][ T4176] do_page_fault+0x71/0x581 [ 3424.996022][ T4176] ? page_fault+0x8/0x30 [ 3425.000284][ T4176] page_fault+0x1e/0x30 [ 3425.004449][ T4176] RIP: 0033:0x458c29 [ 3425.008403][ T4176] Code: Bad RIP value. [ 3425.012471][ T4176] RSP: 002b:00007fea30623c78 EFLAGS: 00010246 03:44:08 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x5100, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) [ 3425.018546][ T4176] RAX: 0000000000000000 RBX: 0000000000000005 RCX: 0000000000458c29 [ 3425.026527][ T4176] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 3425.034693][ T4176] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 3425.042683][ T4176] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fea306246d4 [ 3425.050675][ T4176] R13: 00000000004befd3 R14: 00000000004d0020 R15: 00000000ffffffff 03:44:08 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x5200, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) [ 3425.264397][ T26] audit: type=1804 audit(2000000648.859:205): pid=4134 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir217225525/syzkaller.d07L5x/5962/bus" dev="sda1" ino=18825 res=1 [ 3425.354532][ T26] audit: type=1804 audit(2000000648.859:206): pid=4134 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir217225525/syzkaller.d07L5x/5962/bus" dev="sda1" ino=18825 res=1 [ 3425.368483][ T4176] memory: usage 307200kB, limit 307200kB, failcnt 97949 [ 3425.416235][ T26] audit: type=1804 audit(2000000648.879:207): pid=4134 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir217225525/syzkaller.d07L5x/5962/bus" dev="sda1" ino=18825 res=1 [ 3425.447714][ T4176] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3425.455798][ T4176] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3425.463206][ T4176] Memory cgroup stats for /syz5: cache:124KB rss:99380KB rss_huge:0KB shmem:132KB mapped_file:0KB dirty:132KB writeback:0KB swap:0KB inactive_anon:132KB active_anon:99336KB inactive_file:4KB active_file:0KB unevictable:0KB [ 3425.490540][ T4176] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=4089,uid=0 03:44:09 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") capset(&(0x7f0000000380)={0x19980330}, &(0x7f0000000040)={0x20000fffffff9, 0xffffffffffffffff}) r1 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000240)='/dev/cachefiles\x00', 0x400000, 0x0) getsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f00000003c0)={{{@in6=@ipv4={[], [], @loopback}, @in6=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@broadcast}, 0x0, @in=@loopback}}, &(0x7f0000000340)=0xe8) setsockopt$packet_drop_memb(r1, 0x107, 0x2, &(0x7f00000004c0)={r2, 0x1, 0x6}, 0x10) mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) mkdir(&(0x7f0000000080)='./file1\x00', 0x0) r3 = syz_open_dev$sndpcmp(&(0x7f0000000140)='/dev/snd/pcmC#D#p\x00', 0x7, 0x101000) getsockopt$netrom_NETROM_N2(r3, 0x103, 0x3, &(0x7f0000000180)=0x1, &(0x7f0000000200)=0x4) mount$overlay(0x400000, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000100)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './file1'}, 0x5c}]}) 03:44:09 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$inet(0x2, 0x2000000080003, 0xc) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f00000000c0)=@broute={'broute\x00\x00\x00\x00\x02\x00\x00\x00\x00t\x00', 0x20, 0x1, 0x178, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000800], 0x2, 0x0, &(0x7f0000000800)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe, 0x1, [{{{0x11, 0x0, 0x0, 'bcsf0\x00\x00\x00\x00\b\x00', 'veth0_to_bond\x00>\x00', 'vcan0\x00', 'vlan0\x00', @broadcast, [], @link_local, [], 0xb0, 0xb0, 0xe8, [@devgroup={'devgroup\x00', 0x18, {{0x38}}}]}}, @common=@dnat={'dnat\x00', 0x10, {{@link_local}}}}]}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}]}, 0x1f0) fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0) 03:44:09 executing program 3: r0 = socket$inet_dccp(0x2, 0x6, 0x0) r1 = syz_open_dev$mouse(&(0x7f0000000080)='/dev/input/mouse#\x00', 0x61f084eb, 0x0) io_uring_enter(r1, 0x6, 0xff, 0x1, &(0x7f00000000c0)={0x1ff}, 0x8) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000003880), &(0x7f0000004680)=0xc) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000140)='TIPCv2\x00') sendmsg$TIPC_NL_NET_SET(r1, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x38, r2, 0x50c, 0x70bd25, 0x25dfdbfe, {}, [@TIPC_NLA_NET={0x24, 0x7, [@TIPC_NLA_NET_NODEID={0xc, 0x3, 0x1ff}, @TIPC_NLA_NET_ID={0x8}, @TIPC_NLA_NET_NODEID_W1={0xc}]}]}, 0x38}, 0x1, 0x0, 0x0, 0x4040}, 0x4) accept$packet(r1, &(0x7f00000002c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000300)=0x14) sendmmsg(r1, &(0x7f0000004400)=[{{&(0x7f0000000340)=@can={0x1d, r3}, 0x80, &(0x7f0000000400)=[{&(0x7f00000003c0)="988a852540add287853c", 0xa}], 0x1, &(0x7f0000000440)=[{0x28, 0x10f, 0x2164, "41795555b35fc3a43fa5b026e7fc0ceba15122e3"}], 0x28}, 0x8000}, {{&(0x7f0000000480)=@isdn={0x22, 0x1ff, 0x2da, 0x15, 0x7}, 0x80, &(0x7f00000016c0)=[{&(0x7f0000000500)="f3f38458b2db2732da6f122b114bc6bd39148fad02a22bed3d9e97203740267ebd8bcd87c13c3c7234e3a6c1908a96f092a603852cb3ff15e7598cd4d291ef7d7c9acd74a830709ff26d09dbeb2a621babb76ed1805bae59e18b933bf342e46736a4b5523b841ac46287eca2a91cdab6abc5fd5002fa0e6f8fec1874b997535eded1c080f37b44c07db647a3b4c873629b33bd1a91ab51045e66b7289df685e63d7c3efac950fd8550a3f493aca37fc30b799cb5c464e919", 0xb8}, {&(0x7f00000005c0)="4c0102f6ae728cce981e870e2d59ddea3024cb99e58649ce827a6d81edd89dea30416c31b03850c1ad45dfe7800faf68cb1c957205868a46b576238207d0c8e750b4c976453e7722f0237ff575fbc54493d2d7d25ec39403628a786fe20c97ec8110e137c9bd3afa74678c1b0e93e7358d6a3107079a83394dba5a486512b645bbc8c984be186203b7a0369f50d6997cda22c309a4eb6c389cd2caaf803be13a5fa8946c9e9b1f6b92330c8d96a3b1cbd0fd8a3f0f059ad2496f63dfd1c22af8f735e0c783d5d78ae0852c19465ca4b7ca28d2db61d6d6", 0xd7}, {&(0x7f00000006c0)="adc6eb00e99aa24db67f0351b8b612f64912c99f6a4b8f5fe0781c1c43f845067051e792c21ed3ff4daf5eb94ba4431d87d70a6bab4b751c4404ecf5ba427da622aa55e9e1322623c515356820bdfbab1a26e649842e0122c3b8381a83a8e45d8be851cf5896e5c24cb04cc369ea523a81bb0c8df60995223b4eb3f76f75b22f19a07f68b52ce06ec638919b5505b3ea9fbae838624b4c44b420dd79e321f781532d6c30764373fe8d78fd5dac9cbd845ba38e98201e2d21f301f93874278ffc608dba442a49b134c57cfc976fc5eb78fafc89f04d0d4baa6e51a5b22bcc6e345ef9ca343ad103102309fc9bd2219386acd613b568eb8982ccd0592ad85cb693844101a0e8788a5c185058fba44a2afc214cb85809c585cdb0d22bbabf8a376da4a2f45432a63fd14448aec0d29534c92034b36f7e64c7efda045a24b79ba63e2cf767f7841f040d70a3e3beb63a36f8eae3280c3084e6ef9628b168253a4ea7fd1f854d01adccf8a8a9f5b5597e71345b1138f5c4eb43884110bbc6601eaeb7239ac23e64420a9819eac13fc607933a3d46fa5d52e651ab08acbedb69d780206c8c928622928cb87565592d3b9067d668d33d1c984160097092fe87a46213e0066373568070d3f798393f705a644b0ef1d5897f89be1c8806233f919bd14f63e7dc0921dccf1e2de1370fe0ac9f34fa506c8cb26ac83c34172aa37fd420dceecf12e8cafb23b452068ae8bc2d8ffded33d5179b1cc39a4d65bd3bc433411df4aca2889a93696d193a4f6e4a2652bd43fb3b46a52003a3ca11534d49931b0597a8f2f6dd68769aa7b75ed932ae9721d35872530bae4e48d7e9d17ab94081eae4bfd6e412a7d3d29d6f9a79691f383198bac6bff099900dac70c4c639ae9e85e18643a3fa1397eb9037a0c9076ba33c368e2d056e89da5f4f9d05e07b8243aeb6e49330db8f780916c13d14df9965829b4753d616b524b44f70ae80ddd51feef2bebaa295b27d04acbabd556871f69c949c13f0696016930f454b31aee50d9364af713d3eac692ce3c197be95964fbcee1dd0156b6c2814d34ebfb1f302a4208728bc9d03f5ddc6c9ad1488501c92a437915dab09e92945a753ffc35de4bc8b5d7bed1a42e5cdf75fca6154ab891eb917f13592d6a8df13db6bdf01991794871c3dc57080772313c7d30dee206a26a1b26dbca75fc9f1f866771188b18e642ba51459133c8338aa602741cc1e046b7e0c31782fedd72ca0826f9a5439f457a5d53bae1af296d86251f51f8598cee268a51639b2215fdb87c69592c480a312e2682df6248a8e8ee8cff280c496b6b83c999a0da0605f7668a03e72a63a19e80c7fbbcca0d7c4811c5cf96664da5c46534a04f7af6681f60645bc7684b68720aebf2f5f5155ab6aafacf9078af7b67947d1aba9ce9025fd15358f8073286c166f287bb05637fdf9e18938a7ecec846a7a895b65d9354456e7375bac9c2cb23073ab9b04b42b79bd20dde093701ec12fcb7d32046da3000156fe8309f2f07cd982a1f4fa576ea5c60df5137ac0ae394b8fd788ca78da49b3582bf1768dc340471570c45687a2827d43fff160cdb5408c515e7b2cf52f001e86101d6205ff6022602aaeb912c3564446dad1dee47a8cb29ba11081543af53aa274a4436819b4d47910980d171a97f9833e246ec47318c4e53adb8101d3d8d765d1a06d3a0418a19dfb6f7e1f47333113d73ab8dcc6724b80c6467abd3968d12e8d21c09f1279e128d98da7f1c3fe6c873ee6857def59c3563cec35cdda2f0ab94cb2da830d3b65302c65db845e092e13d672a45f0c8defb2b77b51c60c5bb2485238b984c20c725d3943fdfb8cb34802a1f5b1140e234fc50fbe8b6e14420dcc66291242562b55937aee7043190c2de51796429e893f39c79f720965c497b9995bb4c56dc2525ad3b79426cd6eb80f7d05407ac7aa56e57fa6ce6f5f71cbc72597feb4beb172cbeacd4c956edafdf87e5071720d8f1e1a3a51604090bba36a20b2bad377fc0f13ced8668001cb5e090175829363d3405686e7cd3f6ce10c9060fb4fad1f53d7436af993eebd850c83388c126d8c3e6f96adce749f6cf673d3b483718ff2d01d1820bb75616d5411cb2223aca7596ef5e1873e1340c8519f85331cd0ab0620013b2c843211bf5c6817daaccc767039c577feca39053be4d471cf524819de79f4996f6d841c288b8d780e42b89c93e0085fbd6130f3647c82b98ebf1779689b2ed10ef46f10e01a7ff1bac66db309f8d073273f23bd00681721627497096a0ba0af62424fc94163bd7943d202a1b2f12ccde32e1d6d5b12c49f47d9b1dca779dac9911aab839bd92eeca4062b6fd27fe13d491dd1ba386fdc53f6025a64638a68a0bb2e4bb7af3582b060342c7a82b1489eeb57a3df5b4a7fb634f3ec0f56a41b55c74a3e55e2ee5e508f515b1d6260e029a1e526881ebea3939456ef186dec60cfc05b888762c23bbaae866156097e82b9b9313dc99c638fb43fc76715c00d426ff11f4b2b5b604a22c3588b951e1ee5e676070534e59833cde97b1a077b89da62736e49584c6f16e748090b25df51c47560b5e74155915cbc05300257af0cc230394a0822b762e90af775459568c15f850efb293dea1025393d6ca0f0c1445d00a08c1aa71b09972bf8d518f716f7fb5266de9316d59d1506cb7b8b8763be648a06272c19f90f5ac6403c8ac6eacac99fd950a61a98dde7fb52ce186dc5fed575b7378d15d4449cc16b8c44f9eda3c330402e38b17c46ef1b0b15fa9a3dd50b1b56807d704d135afcbc746eb3b9ad8a9afb95ba9ec6aeb684e78e0619cfd52ccaf6ee7a95631bb621e405c9fca78b069b21219c1842052d5b6c6859d9521892519120b23e94fa6d902ac15acae90064c856bf5eb70c67f0ab1d1305aae9f6624fe009f6c3b9f21c6b5afbe8a645eb1f8831e70db54fc043ca6bb998fef6fd69e430d5175596675c7edfb2d85cc5a4ed496f4d8bd17356e81d27c8204bb66afd8b09410de9995328ffe60ae3112a86bc5ccbda92568cef7b667d41eef7700a916bbfebfabca16315244983181f686c1e21eb371b91957cc9e98558b5f362199cd7934960873417cfa1c1bf8222669572fdb4daf48e7eeb66ff360396af058e53257390f779143abf32ee0db7ac8c6aa2ef4a74eed98211b2a1d56e51152d93761bb5a7195577f59a5b8b12fdd999b01275e8c8a8b2043f6ead233e6a2c87102bc2c96cd94b4ec4b68e9099e3dc8a9ab77ea834ff0d8913b1a18417d1b16f04552b13941541a66bb880fd7930680aca200435069214815c85b0c149145592a6bbe0e3ba6e70788a7af151cc10a27d78b623166d9eb3b9251b9c4546c8986a0813df68bb78e631be78ab75b25e3f6a9b5173930f75f281cd21117a00115e9b04e930ca1433dec5a2d7c3708966ce48347ff221a72c4f4efe1f1b544cdbc72b2a9d586cf459d2f47f87c15ecaed1eb4c19eaad2bd864b9759510c0e62b04367c4951289cf82109816165ed44ffaaca700e0ba0307a7cd1629418bae7a941b6af1f4a917778de8e8ddd7f3dd60353cdff732506b5bc1b1335ff0ec29a380c2d76f26c9ac76de7cf7a101da3a683858d04b416cf0021e55923de0c1a38a3420b196b60dff25a54c20e4106d16f2cb8b5ef99f51c1ce32dcef5cefa00e0393003d379416f2af9cf52f387e69b68a46bce09841dc027fd2b176a6e6e75aaba662bb10ca4843c8ac33ad26b6455ea011b299ced0699fc773844e226996bf7a5d4835cceb317d89d32fe59d387b0c62a75749bb8d1b17d8c9829f086d437d09875ccbb219b0c738fcc2b6aa7dffce2ca8a06c19730da5f8c5cc28dc9cae897f16a389b24da8ece0a61f9fbf583817f174dac9242061ec1b250e00137c949fc3476ab7386ca0a5fec448302c4e8a0ec799fd878813dfe032092365b1c65d4b935397557ccec699cce2f5c90301b2acabc6e658496cdaa4a1045c685da037ddd0173de62371b4fce77c328f5270cfcf5b36c08a53860081edff275dd285e5dc6807f81ed51554f9da24aad18ab87ab30bdc2db14fac7ddf9b62a0359de5a2a820b7cdcc0c5a0b49dbcb20762c3476803d8730fd728e727d42d536475fc73a5c2f5181b6effae4feb40919f006a3660ff0e3671255d12038109d558b6b4dfac421b739fe049c70d58649420d1afabe0f8dab05d582d52f1e66ebb6e7d247c34697c512a87ff8dcc81ddef78aa1881160e8be813fda26e0b862d327ecc0d1d338294f0fdfb354eb751ffaebb1d8d7ed1e06918f9f362a8d47d24d12474f47a3d6e98fc52725e180d33905fea2ec72252838b20859f427a1831f177a4f1b100f155dee2eaaee5cf6a926b19d727ebc7587d87dbe3ec7dd74bba3b4925cd1dd1e496476a1b27efd9e780ed6e70535c5634511a4e7f0512681afba8c5809c277e11e33ceb39cd71958f3bd18594136771f0ae07887180d784a0e67305d5e56edd801b45d38c7b37f8d98228ef51b57ccde2d27baaf7b5640bbb33190f876dfa7b16aa3f0209fa76cc3d0d405cc8d0ad503850bdd98d240e09ef0a837bfe8f3015469b5f066159fca18f7cb9999dc9d18a56358495ee179e997a33ba22d1af437478cbd31f44e2a0ba4698b91b8c4253cde36df8198ca6ccf6cc43fa29af31e1b54f7a5625d42b8e7f2c5449404bdc44e16cf7e8afbde9b32867899062dda3f9afca53edc3bbba69d1381293fb63aa85327008937b852cb4f4912cf35b1b1ef135c38ce4234f7aa6782737fece5bfab5bece6e361fd2ac55eddd081323b99cc9211f799a8fa63be17bf4d92b0565b0a75238ce51927fd09b1bdfaf81a80b7e26e55f0211e5fab89c275328a9ac0afce26bc333875e88c4db4017b974aecc8a03ca9473520d98590aa3a96d7dc62832e5a5abd46d0a1704b244c5f32753b6a73ac7d243cd8a9a52c4c2979bcc9adec1c6a8192f0e6edd9a312475bcd01e0f8a4d874d5b4d9004ddb5ee84cac559234bd5b47376f25434a1f4b44b407e11d23121f01ffee197f9d67dda4f20d81afb4eedc2be2a3ab38df17e80558b1fa7cd6048794ad9591337ad777faa3569091cf6351fbe564c01b16e187557554502c770b7b8c514f99176ba6b6c5690dbae68a88dd3163c95ee26a2237ae55c0923334064e31d575a888230b453117d680d4270cf2bb49aaa102ee8a609bdf640cff716b1a8a817a13c4155a005be4ab958cff7457f62d6de05c2688fe7e19e71cf7918ded6f20a9d9276689eb2c10517f4f218e0482baeb1c102aab115af5232fe625fa10798d8bfa6d798aa41709778cb772e292b75e9cc4f1b71e775a91aa192704daf46c36ef28aea05931ab6aeac31d38c582059c8f6454568e971119dda5cc72db6ec5ea2890c4ebb6e21b18bad46e27f916a50cdc86ebc07e05ce4c2acd69a3b54245e1d209c0d7a930e0d1f14ad61aefaaeaecf6f372ac646e1b364684aa8507abdeb916580e452186f1e1070d1551b3e9b16bd2e864843b127b040ba7ae04a5dcd4d7c526a09b5214fdf3e9c54ff7831c1db0607086235591beca1e035a14c20897f926e65ca88c9ee1c41f1b46a7c4931a14b833659064a3132b1a5d467c12d18fc470a1d7078d0b71fe05ccdba2ed79d35282a704edc466bcae428c181bb49ffc1b63e580cf426b5feca57a8af19a1e9c5ea7b3f8762b489e1024f84499e03883d97dfb6f7b7a93aae42c6bc9f62a9727a4acd7b4fb555bac42b4d68cbd756eca3abd68e9e500c82ee8f5", 0x1000}], 0x3, &(0x7f0000001700)=[{0x20, 0x105, 0x6, "02424e8ef53ee2d4773ae2e5862b17"}, {0xe8, 0x115, 0x8001, "36c7bfe363eaf18baed2d2427af3647f9fc6f6414e0b4cbbc88bd9b867e14ee34ddf59a22d90663bf8c324312871b4e89f855286cb61df058885bb5b9ce1d0bf7782fe06b883576daeee669c537f17c9b34293eb5d9a5035155bafd3be65beedfcb941fc3e2fe21336154b92522351e46aadd09f0c47290c20e501e8ce5943345922520cfa3f3c6032903900e2f01f4f48fb0aca1033f67e922e17b4240e6fe9a6bd65d40a2fde4ac3f9a5ebf50b259f17726cc85277862d4aa5b1f7b8f0d765f0b9da22f87af8ac910123fd57e39ab7d17ed33e"}, {0xc8, 0x11f, 0xcc, "57ce9394f75abd5118db65230b46c3b80628438bb4270cb9da456821758bd6d7a6d63e4a8f673929a43ddc937a7a6ec45e75603c95955b7571ef0a07fdf9000e041b4cd0e51c65986e574b94d6a6390bdea4455910ac7ff5cc314c2a3e16c1c526701204d0302c2f55ee5e11df26b1918142d5afe864295ef9c4818bfd6a04c0a7b43f4fccb6867c990535da6943770455c8871ec421c31b432b9c463bd4bcb6531254da1ec22e17c794058dab2e1afa80c3ee5e0e"}, {0x20, 0x115, 0x5, "cfafb9812e1fa2f1c19c96892b77"}, {0xb8, 0x115, 0x3, "69df404db0882539584bd7fc2df58ab247a8ec2d0989809bd69291e1af04ebf7b25dddc6ead0b7ec3a7883c103a4a430ae8bdb20acbabf138c9bd79dd6ff564663cca2cc0042a8a56a6bfe9f6ed3523730b21edf4959f86453d21651b8dd394b65946e33072aa11e1a9c1371b59742d8104bfdad7f76c734be77ed004c9813055bd8975318c903b1f5d5dfb4545c52fa0deb0b1420a178f9a64b52881fac4fba4207"}, {0x88, 0x117, 0xa5, "12fb313b3f74ef7c09cab6e8034b9b877e1255526d16294c91575ef8f51884ff19863f75530efa24744208d9ddb6ba234ab3d32331e75d6aa59df8867b72b67beb1db19433b09bc9c11242a4dfc86fd7061c4b6a4891361ba2235189573e42bc47b8b5719271016c90e729eae3435701aa9748"}, {0x78, 0x117, 0x7, "1e87eb5ec0b6092000e7444293f5fa23375fc640002e1ca465d0f16fe2cdb44a1a4008b798d825e2c017d6335016f5009cdde2a9d7cf20bfe91e2df50fcbb18aca4d8991c517a1e2739deedb52593703409a14431870779e7d8b8d0b82f7a756651d373dba"}, {0x78, 0x1, 0x10000, "0cd552532d89ac774f9f7c8a9c1786e5785f7fe4a2eee7b779bbefb2a13b55fde984eb3c433d6df08b0de502b8e8670120ec6aa1e644bc63586ffba35105c403f5e6b88b9f9125bbea9bb21bddaee6e6529fa23234110d0ffc26dfce3663d6dfdae4e2321f301aa0"}, {0x58, 0x117, 0xb079, "b1d5ae1ff7ebd8a71c5f06d88be352b7ce45be23e3fa7dc402058519722c4e1d66b568b85a8117fd9a5c1caf16671ce2bfc5d9cfb969726235e6bbbfcee9f2b82dd485b4"}, {0x110, 0x1, 0x2, "80566821fd5f3a0befd36145a0a74845c90fb36150bb957baf0ea413b7a83c282a4f7b96ce8e1ceb20b0def6fd68b1cc7534f0d32f8b2b18632be1824deeb931c0043dfd0605f726b6bd873ebbb499bef4319c878111ca22b6ce437a51d24b0dcdb3ebcc9006d116cf6168387e2d0d348199bcb905a2af02fbe64f51fc6d5df884bdbaaf476e582d4eaff8ad58bf10e0f2cdac400a1e6235ed3a3a89fea1295aae179f7dc66a894d8b868ed8d7e8db0c2022a60fad236a4051c9cd8f33fe09a9f290976dfe66057eefe1f02b1c788d17003760b2f2ba002cbcd7337e255039ec955e357bd15b05b0e1fd89b416483a60aa9acc7e8986eb125d"}], 0x588}, 0xfffffffffffffffd}, {{&(0x7f0000001cc0)=@llc={0x1a, 0x335, 0x3, 0x6, 0x6, 0x1, @random="f5d317b8474b"}, 0x80, &(0x7f0000001fc0)=[{&(0x7f0000001d40)="011f2a7abe1a3a2f9178d6302887ea0685b6ce76612db3a5d81935c7780c76630c77955c1d8845f896cd682ec2e958dc63dfc71dce5a06d37d3e57917b68cb01bc466a2ff817c59af4041b1fd59f93ca8daf03a3c0f121ba9f3cbec721789a0a3458822d3c0d7edef6a8628a94363f1c1a3c02267646b917741664946334205658b85abedebf8952c16f7700a93e500686343f2578002c", 0x97}, {&(0x7f0000001e00)="c06dc748646014ff383150430ab2359054ea734ad8d454d056d6002140e7b42e115f46a39fc9856edc55b34799861a6578f0dc1fca6f438bcd82e57e18605f94f12c1c93cacbe71e12efb29551f5bac8618efa8c7ce3599c696d95dd225e9d1820b1f3bc23e00d29b17041e1bad51c3e61bd6bdef2eb4d69d785fcd518d58cad28ec974469aacb5e8688e0d390e98c94d903b06ac4a437922b87461d57d1d7ed8261ae195279d9c21ad20da1bb4c7424869d5b8b1c2d5278dbe6de06bcd8529d41444a251b2a991ccbefc470d018b808ee8a3d5669", 0xd5}, {&(0x7f0000001f00)="849b9167ef012ce461944a98743c221f3329dc33cef7d229af238995d1a7d869837d74ad0204a394bb84ce5c2a1d978d0655f5d968654010e2f5ee61051d65b6ae3b2d37925cafa2ee4d6e3005881cc2298425af19ee3f743ff2521350e0d3a3d01243ed822384bb8ed39ff3be4735ad141b0d6b0cf0374870fd4c3f3ad9780b8953417c62e029b8d10b808a24eae1bfa1e75d76cd4e7a16a538b22b1cd6d3c82add2d191538fb6d774e53c9146ebca86f8767f95eccebd4e789963211e733", 0xbf}], 0x3, &(0x7f0000002000)=[{0x100, 0x10d, 0x2, "b2edad3c3003885b6919fdfeeccdc0e0bc07670a7ec8e0b87494c0641772e0221d4c7df3990019364e5128ce69cb352ba0e168932c1d7815a932edcf6697b3b976e4cf1ca123d76085cf9412247ea375d71bea3d0183e3074b362abb2a8b55978eed43997b943a48f708bfb490246226b8cd9b31c647169308a1ffd8046e896c3976e8e4eb49ac158904112c8283ae4c1fc51fe99fcbdec78e04a409a326726aa9992e62afd2cc404493fbbc3712f0f9457c75d38c1c3a2df0c5f8b53746b09f4fd9b13cda964c2e98717da34556595f78ba3896a2089d5d827d8c76ebdb52f4a144b01ddd25c7a02f9d745d53"}], 0x100}, 0x9}, {{&(0x7f0000002100)=@sco={0x1f, {0x3, 0x5, 0xf9a0, 0x8, 0x6, 0xe5}}, 0x80, &(0x7f00000022c0)=[{&(0x7f0000002180)="e7f9823aaff1a8f0a0eee5b9d84b5f82b5d5b2f57ecff665cb70872303ef6f18eec2fb791466", 0x26}, {&(0x7f00000021c0)="f7ff67f07300ad61a13e0bf080d05b57f108105762be7ba8377351f6c03ed01c4f9a36bc4aa33f2f7b70bdc816b6a782e907c929778251139a954a03feb53f8cc0d5988af536182f4c10908a155bd7f6a6f8fa84765238ad416d66a6771bf7ea6f3ef948c5d29ad69ab7b3c89238f81942131cabd65dd5d0e3d84e808b933d0d90d282cbc86584a06e00a7eda4994bce050588ed6a1129a8de3a5fca12765be27b3be4bcbc52228c9cf7bc7ec8ff2b33c84515c260cba8ea24eb2c47fc472c656f040da638c0126f9206d1da4e44563a76048f99847890184782fd6389f195", 0xdf}], 0x2, &(0x7f0000002300)=[{0xd8, 0x115, 0x767a, "c674b60f97066575bbb1422a43d1990ad38818f6aa6ae8cde5da96e202ab98c01c134a4800d79d0f0f571baaef2c62be0d459f45405aeb1ae5c235713ec3811e8d24b6a4b4852a5bb3c43bd4d43af6d9c5ce67fa632a91b89f64c263b4cf33e1df6d2868c5a76e4cc16139dff621c9144ddb75159ca74db2bd7dd5808a241a91cf06597cfbcca9d9e60cc572de53e7cf860785ac974011a5cdd9a38cdfa4edbaf6da2c044913dff98c426dd9ac5b2d058445eeea73361626b2acf067e24dc0c27aa89a25"}], 0xd8}, 0xd42}, {{&(0x7f0000002400)=@nfc={0x27, 0x0, 0x2, 0x7}, 0x80, &(0x7f0000003600)=[{&(0x7f0000002480)="348abb0920ffe3a51327416930d0a7288ac52642b9e2510d5ddf9d924716a55ef1ee85144eb411660b24d4edbccd05a55925a07eb1efd361cd13424bb0e9438b46b797e71f0c95b922598c442e0fbbd93aaf241160e426055c9cba164e80d31367fce563e6b3220d73dd8ff01407e03166b9b9a4ca9fc2494cf26ae9d2437f7a9bded7c9620413d8ded518dcc655cfedff6c2a60c67c210656eccd775a23f5ea31cecc41c8f537e06a3c16c69e0bd95556ca8d8994fb6ab98dd0af231991243f6224a78b95e37a7acb73b6f9802b0e459dd2f7ee073224ab7d407260c66ec468201396defe45ab32b9a1e3ea562271b469440992989d54abe7e8a17f236afeeec4cda033f797fad24464b0a0ff47125c03dc7860a26ccde9ab9c14ab7b59798563ea8f39b814c5cd49419c59e569a34155ae6c4e1379e8d9ac21e635b864b82a90856d9cc5dd544266dab97a0cc358d5921891e52b76470bbdb1f311bdbf27035c3712ad03f687cd0b4ddb335e2af535238f6e4780ab7a96c48375955689c2927391fd8b3ed4734b61439dd4d2a0285a117ee182612321262227d5ef79d6642609aa5c56c2848a67a59b2d28637508b71fa30d8fc2e7835b970ff19bf1fabf9d912b9ec8806ec138208733d9b5d2318802c6d876be77c3e7a233395e67cced707f7dc818b81c80002192dc1aad792c413ea19dbbf98f15b18c359caf9430087e7adb235d7a68235b319480e190c837d89251ad4421b28dd5fe48adc380f9d455cadc88d38ea8f113d8960f4bc2a20b2575caccddfa7b8f6d676ec424f4ff1a3383550d12897c4eb4cf54e77b63c351364a39e8c689074e35273e747cedfac68c5f4e21b2e40f1c5b33ff1b23e164e7b1c9837acb905404e4aca8e0224a0389e624a9a3bcfc911286ba987032635b2e1bb7130fae7a1136405ea48e4dbd152b6f11a965008ff7dc4380af6c04fe35af9fd62ebcbd3be989e7035fb27ca8378970b30506f343e4f5f639260005a3d22b25564bcf696742b70d2b8a71051d344dcd67d9903b7bd24fa2bdbb0f00b337baeddca9dd8f95d922d6ecef0a373da3635e100ae266b130707feea3fc3abb6d855f480765b759e422b12be1b89a73b4089afc39dc42289b2d5849b4422dee8f3f7127c1cb8f06b3546e534bf7d5ba860a2c390ca8cb23a5ad480f4b591a4766b383788ce8a6afde28369d71d30ae661b21503ea6de05e83d9939ad7df74c30057c969d7aec41eb2f8c7f748aa967c5aea4b9c58bd32e055214d254802c58ced45de9491f7b736e46bbfa8a0ce29961b85bfa124b0d58bce549c1b181f9a1115eabd87a28f9077d6029af573c029c326390cd7e8dbbfb3c2b69535de9310a69e6dac00224c879fbd7bb97aafbc568e66649eb753d70d3edb8e1850c85f43a5458f5f4b485bf25e9cf872c992ab89d6185ec49739009f142041c7721a176eac465a83011d99a54e348c078fdf3fed357a0a178ae7cfe5261a1d43385fba6d6ca53d0a60d4af9bb9eb83d08c8313aafadbffbeeeefda83ac86b376012f65a54ee6c849cdd7c8a15b38573a7eabfbed4b4fe42d5f9be9620fd3395aca1d5264d31d3a4467b02f8e92eb58d7db479a5f6e975521a6f1ab3c6c0fc5d15e07936d3888805f156935b7ad6fc389bcea6df6c4a621c834a2a3813385993b148f1c31ece751cff88aeb39dcda047bda90950c95d7a24a0ba855749f9331359a1197a28eabd8029051b46b13b7a6633e1501de1430849156a3df4919b2443552eae11fb1bd821cb2c601511f741cedbddf161c59d1b5a008b049eae93bdf78223696aabe86b734f253f73c889e0744272496bfa535b60e880811dd8a442bc62e8fe4e2bf60a0606259503728dd2848ceaa64d7a2ba72a4e3f00f2b6d098e418b9c83c6e1b4c8dc68cb7f705dce5da0650b66a348b245d853af3d79d2cbb846de7ae6b65bd0ae2d35c55342463184653b83b7c618dbb8367e43f3582abf43a28c1e7588eead097ce37181b1efc17e191c55dd4df443b4b96cbe34595d5bb7d2d41605b45c782a99541c49535f5cbc36ace89a02929ffd55ba656a49bdb66d9e52b905580deca10b22ba6d7327985b297e44a714fd78f6745a4d8394c03505ccac40db8dcb590e19224d5a162e8471ecd62013783b377c2340629c8d2073113705dc792732448e3c429841c0c1ecd6d5ece2605ad1f7938f1ccd12abff3f333c23ba353d5d13e2b631d48fb09b05fda575ebe5734923fe57b439678f12b6f579112dee0a1d3119bdec3ee36ec7667c57d3372559de3f786015696b93909e95d0ba7c7a13eaa33546f6ed558cae5ed347261d671b3165e8381405aa795d6474bdc4f6f0246b55e6180b2edfad44ae8fd0259fc87064ed6cf76cbdf52d38a338804882fa2b34bc8c819034609091b596357ed004500341a68a343e7e582699b68753fe4c6d20cde46506eaf4fd35168d49e6ed1973f0620d47fdcdf7da83ec6ab93011b2e09c7dd80bdd9004310384bec2b71937a034ec2243bbc6cf8e9cc7bf857cf251005f8d0675ad2c9c796724efecc89be90effd58e9ae5980ce053f32270e68385ee05a9fa23e0d1382663a6a272522498496de2a4385a111ea862df3a5090560a9630cb40b11eb68b86042fa4b358274a47dbd2d1226d3629cca9a7de9e8e6ae2e4e096736ab30da6f33197e3bdf5513c2048a0b2bd4e07cbdfd0da2401d60a00277bd1c64a92653cd35685ac426729ce92deddfac9091b594db7d2ef1b6ca865aa242dcad5c3eb2e52fc96449d8caf2643de7995e031ceae325c4afb74af65865f21b26edb4f8781c589aafff10a0bc46449d80362a9f9421ebd79b819675c750821f9dff1b97f7fe69b0206860f0d5fa623513744c912e9628dbb5693d8bccd94185f86775f04192feb58fe6b6e16f5e4a05de2c1db1876592fd5c241a6cdf3f6fba0e1b154520c3479af1ca0b58e978267fb1e54706465f95c68724eb32eb264a37cfbc786b5274c2dd4cc1170a4ce46cdadee8014bb43abfa1567a98fd24f7c8c6a0f14baaef6ebb8807cca81eec4b3db73259037c6b8a53265d407782a8e9a332b57e392deb866e5ce7f99ecbb7e494b7a297a84f9f44f8a4cfebd705534ebc3f79ae708ec8920b3332ac353910244e99d8ddf3f2e7fbef19267ff1906c210e613c08bce865b5d902f9121911780b7c409eb83e0fa01de29fe68c4e8fa2f30ba2ff10f9088a786cd4d49ddb830ccdaf68df14baeaeadb88ad3824e080a399363b0d2c87929a27b1723f1d563dc0cd1d5bfe9bbb5de5d3fc8a2df526aba8416b184c3e9abcf15ab6fbd1ea92fbf41e45808e8de7e4b2c9021e3684db1676f34003f06fbe57596687d1a2b2967eacee651c5bfb78d5544c314ed5a4804c1a52ed3d4229cadb134aad0e9012f4578e14f511a05f4acc78f4adedaf0634e06ddc95cd596066170ed1b4bd5d7272c1074fc7cd763b2f4b0871b45201e10eff752ae148b2c47301080f87e2eff56e5ba9d0fbe951a081d32b933c891d2b82d3575e2da5d0741ede522b055d54f5c5056260bb198d00e9399662c37b431682c913efc898b547de91dcd5763d641cfedb68d0e0db5f9fb2ae9d55e58bc68b5851edaf107c063b537dd01a94fce710efd2e4d170df8910497285bffc51397a13aea3c2e83449a394236a4e7eac794ea5d2f1fceeeb4e66ce3eeeed22527d68505a4c862de37f9a25dfe32c892276a775a110e93853784d00ecfd72324d4ae03e6357fe745d73d1ebca7842f1c1259c85ff9a5458cb596fdb4230a647f932ba7fd396edcf033cc5a47b8fb09f9fb7aa6f2e58944c57b2a076bc76a4984bd238a55de751778789fea671cfdb4ef11318fb4be3d205b030b400274bc7a0ee5d88e283537297acda9d4b7141d72b3455c53a6f2e8515600ee3f08a58a55152adcc786dff05936087b63ed4cff4bfbb74e1e24aadb8977b205d977de6d58a36194b12521a15006a89c01e7b40a8891827fbc478862c38e94a0a2e4b69bf33bb6cd8b15bf3f332acd845f8af285ec2e573529b8bba200376fc87b344415cde6538c7ce58d5fdafde0c477f48a74bb206e058fb5d27fbeefd083a8510ab7bd9c1575738194a5714358fffdfab14bef4615a912e0f20655a62f92f3fd19e74dd2fb64c483e31057c94f9f41cdcacf7a219e3c5a673e1dc7e5d8114aa673481ced62482c0d61198984cc77107d0130e764afe78b7524c4c6dd372f2d3facdf12a24a5a355059ec11f57e9fb9f1371e8c6410151d070984894480c2569c475ffc4ca4a8aa5a84bc4527ed0650b0f5c1d52aec5208d8fadb6d319abb70147467456b19c73e167659ef14a4fa36e9f8d6eb86a3b8796cc33160e620b1b933a1e7d21a633badf1bc6b3d2196d68d870667f1c88a121ee13bcaf0cbfbdc18f9f11ebda160c061bbf7b72c8b8cedb199029b78a327227932729b6c8ff6dbee61cae8cd7888248bae90c3867e5285ba8553b4068b0d2473a1cfabb269d45c972656b01102deb6e4fd1c218a994169d52aa100d21566e6c2f3a2b1ff0cb0bb822fbb9df4a2f72442ff2fa0fcfedf7b6f49d83cdb4457daa33e1cf49fc0089c85df542454bc13b3cdc0f40c0a9e1a56ebd4c4dcfb24fb12b92ff69f78c78b7c54ddfc9b9e1f90b7125675e674bc10da090e985058f7c74a9b90e3c881c051f571171a3f46934e77a8e64d1253e5d084228c112957579ca97cfc5497b5f320e4fdaaa573e5d15e32e1aea3ecac2d8ff568ce50139b1776b7e19fda0ec13d0fd5de33115b7c1ba45199fdd19501f9475fc964f93c1975ef7ee40c96802fdf9165658f065a3fda37d9489bd4c3a1152bf8c3a26c537a50f7456b131053511b1ef56a712146efbc59983a32e102d67fee34e789ab42df6837076e9f9f1c58fa62bd9d193f6fe625a1e2cb50527dafdfd027b00ca477bd63a787da147eee90cc8287cc7a0095d8f1b9ca5c38e38d38f7c00696372a446b69662593c0c749b339310e5305bb12aef789c0959c3f4e68c766cc491ead77bc3d5ceb1f50733dcb4dce5b807d57b53ebb40f458fca96c4d4d376172724701a4f67ad9eccdab14ef8a15fdc4ce6c23cba1b1d2fad6e8658c3493dad634c931d7f5e67b39eb322c302cf0e591af2d4d603fc02112665c1f35af436085d3f4e686696ead2a93d83fc79bb4b8733dcb3ea8333c2e945b668595d3d9c74f5d66f2e1e292b1460bcd34a9c1c6e52b648a3e6dde8ba536287e4e75e7f1ac7c70d8120f79cf777976fdd1ced25b062ed8a869e33f2899c26657cca8e4e71357a0b5b7120e481b153eebbf0ca6babe897af571ef468732356ad7056ce3523c0d1f2e0621e5162d6c2be395f60d54572cece73b4649204a23afe152e3f5a20638f4068d2714dd4cb3384e3e5a1982e8fc04bca21ab4619eea4ff0703caac83da459b933f99595e43274f1492d55eabd41c6979cbeb7a9489ae1d9b5b20ae001d288aa6848c7b46a01f175612c17b0e7b7d3cf685168adf8d2afd1a7e94106f9f42a008644288a5bb1f52fdddf87a4b4789f133b7ad4e0169477a62c24981fd7448566239545ddb92ae8f21c79b5b8d772f4d04bc33f147460e9f87a6239b72fb47c782556e4956d451036408b85bdcfdf8dcc552eb3cb68744b0bffcb1631246a2715c2ded3be0da658e686ab3a4a4ca35dfaf5924ae890b7e9018dd5389f7d61f5ce70c2e78bf24646be29218bd8bdae2e651dc37b7e50604d2dba15e4413be1d82fc7a47e518feac2cc3a4c45b34020", 0x1000}, {&(0x7f0000003480)="b2c9f7a99c06b6fe1e2a4133f5a17b7905c23b3bb2693d813dbe3294b7a4ef9125b360f11c16012940ee5b81f46b0a030525dc3c08622a8deee31834068d9b585fd2874a07413fde2892e4f906644b8ca5ad53cc4946ec9cf4b79c87764cdf3e41851ce2585b627c2b17e91627bfa1b731f4aecde33f8c95b63a96e4a5b1a932c44617d790134d7e500c8f8f0c3b26a840a9bb4e5f921628a7521e48dee1c9d8651606a8d3a1306cefcee542a3d47453be9c61f5fc4d8bd39a7fcea5623665bdf61b0152680cde7b5a850299a9094fdbd825fc2e9c851daa4f9b1ecae2ec343c4e4d8cc21ac49433111237542e", 0xed}, {&(0x7f0000003580)="9793f2f8c65d1ffc8d71eb6f1489411307cd1713f5418f751f33580ae0d62f76fbfae40ce788c5c3a5d8e9caadea136bbf8cf571a58a6faa6490fb40b4e6ab10773be0cc1c00acf8369446876edca7514d267000eceab40d8391ea51280c1bc36d3d1e3b82558099f8ab7ae1fec2066540064b3e", 0x74}], 0x3}}, {{&(0x7f0000003640)=@tipc=@name={0x1e, 0x2, 0x0, {{0x0, 0x2}}}, 0x80, &(0x7f0000003840)=[{&(0x7f00000036c0)="f53fa0973b686d5019f2f979b019c80674799600f34763dca37810eea28dfd303a006aad4b1373df670e00ef72b79e027f10f493835de2b60fee279fb3f56da279b06bba56132ac859fb02d3d52c3b5a285731135d748d7a55131bed995c1894ff7fe306cad2475a118a21e4bad1d2510420b8cee217e2fadb6f2863fc6744d25dea12bf965597294c20e6c5dabd6cdbc83aaf6980fc67dbcbc1c1e38b9cf5e8159bfb44564ac07c5ad5524b7f3bb864b390353c4da96e1a046f8bf68b", 0xbd}, {&(0x7f0000003780)="bbc1dd78d027609da34bcf9eb55ac3b824005336d10bc88cf9cd8c64e7bb4139549ec339de70827a3c0c277c42fea759bbf3e77951ace5cfc2a58c34c786665872e57e2d97c896e7c261", 0x4a}, {&(0x7f0000003800)="45aad94be422b9cb41f508a978c481c3b85b07e49c0c7bfa", 0x18}], 0x3, &(0x7f0000003880)}, 0x3}, {{&(0x7f00000038c0)=@rc={0x1f, {0x3ff, 0x8, 0x100010, 0x8, 0x1, 0x7ff}, 0x546}, 0x80, &(0x7f0000003a40)=[{&(0x7f0000003940)="653f88d97963c1a269afb42296bdd63bf8ef2fbda6d2024fa9b4113277a1278c8d7303bdf4ef9e1186eb574e9a0b8959f8b4cfa5f769e064f88bfde7423be81843ca4b5723c0b1022a05b7b6a3e7be122721139365361a0f3936f4b8a922df0d9a004d97c5a36d917b30b08e9b027eee519e3a464833c8e8e5b1a1b1aa18e7b2aa9b522e4334ab40b1e1f802f5c87171ce4307fcf977ac048c5a95e5fb981deee88817041f84e2b90593", 0xaa}, {&(0x7f0000003a00)="e06d01e4861250a97ac4b406a43d390f88f54b042f5fe6ce750d0af44e11cb17b6e3bc460edba0dd48875cf8bcb213a95071a1d7268a1314ebac", 0x3a}], 0x2, &(0x7f0000003a80)=[{0x60, 0x10f, 0x8001, "c1fb08866a79e4dc1c201e1b542a39d9c825690b4dddc5f497f333726bb302707a57090545532c32845f643929292f27541e16c2891b1f336613de2a90f213b18772fcf33dfb46763abf7fc79b2e7f10"}], 0x60}, 0xf}, {{&(0x7f0000003b00)=@nl=@proc={0x10, 0x0, 0x25dfdbfc, 0x80}, 0x80, &(0x7f0000003ec0)=[{&(0x7f0000003b80)="90801a2abb2093776b01ec5693487ed98ddcb0e0eb056d5093858474760b1fb7fffee53223fb245807c91e7f0ffdc29870f3a41f86648dddadb5a7a88cacbac4d9540d66b759a2f73dcdf7c408b56b37461858a64c3ca83a5cd18c281f97006c306cad1c2e41d42d214aec14a4488909ae3d4f0ebd545f39044618d38148df577b9d9efe7f6279631726f7df72f8be3b25926f4931e17dfa8e3d582de5b585b9274784d380869c0f7d59c39f6e2ddb69283465c9f59f0f5b9294675f14f6568a765aab8e7a50500fec7451b5b3ad9d52953f", 0xd2}, {&(0x7f0000003c80)="f758e62e89e17615a7c4b35138def12b0f9d3a8f301e1a78ab3c2a4ca755b4c1d45e6a", 0x23}, {&(0x7f0000003cc0)="b763bb043a03c07554dc776c064bd886d645c7f187a9cc79095979c7657abbaaa068c6bf1f001a6a24e3a9f95cefa50b70cbc4a62b4158f79a02c9f38e386cc1aa7cf63ffd8088366f6ade874d8fafdfad5f4350a182eb7c2e7a4bbed9124c072db8c15f8d1654b259f4e3014ba7ed4dbcd8ae3203ea1ebd4c56748a07f60a309db655f3a2f060e7eb60eb9894e545f8f9cc833da8c8ec6ce1057b5bf1101bb3517558f45759147af860350002dd4743ebbec6ef6526292c0ae6d130", 0xbc}, {&(0x7f0000003d80)="5f68dca73c645f73399528dc6e84699d88b670df0d0c6d33a0b96a1a2d9996486c0e67c756edc3371771c2360c4392759fd4", 0x32}, {&(0x7f0000003dc0)="44b1be60f2a8bc5f5e3698b789945c88594a6ac3aadffaad278f7b5d099429b09b2e3733e108dfe8e65d54decb2a71f976e70d05a33388a01b84907e34bc88fa2533df44fb17f65b80cfeb99486b123ae0eac01f93c881d9a54f2bfb828f75e0550e95dcd4620d67be6ab54084092a15e1229d15384f0dc32adafea39a76379aed6ac7349d5e613495d12c61c3c8f8663202d051e1477bcd91d1", 0x9a}, {&(0x7f0000003e80)="9a78ed6395957f6e50edc845498dee84a6864816fcd653233ba87299bf07dfbc07e0903b6fb1bac634096f5cd369706383bf321fd1d4455a4cbaff5161c047", 0x3f}], 0x6, &(0x7f0000003f40)=[{0x28, 0x118, 0x7, "73cb817109fe4f3789aa0c311f1be47e44c08d28df06"}, {0x50, 0x10f, 0x5, "309b81eba38589dbfbc18b3592e17945ccddb7fa3725b670c6b08eb034b84aee5540bbf7db7100ebb326f6d9c6ad3159eed45aaf099179c7c48fb63346289a8b"}, {0x18, 0x1ff, 0xdfd0, "11f4a83c8688"}, {0x20, 0x119, 0x8, "e35e3e93b0e31684eab84c"}, {0x110, 0x0, 0x4, "b1bfad9ba76fb116733de5859f0b6135569b07d4ec184757be233add9d2d886e23a88afa6b53aa3a0a06fe92be0635da766eeccc04ea4cd83b58f5283b4dc8f627cb027804cd6ff98185e6c635987d666da78f210aafaa3654174a20264811b5c21d3e8f209ccfd7c2f55b915dfe58a308a14b899ae3e1811cfbb8c47b3d8d3cf7ff7616ee379a77d58e6073df9d37fb7e5c90fa2ae17e54420ee2c4d7624b784121eab74079b2a95ba10f176214cdf3d42524c7455d94b873bfdd43ae4c500ef72159969230c75ff2841dc7bd7059d0b487c7cda5085fa7cf014545395dd575c6ed09be04792c6a13678368779a6d7c0287f14bea55da164e7b"}, {0xd0, 0x11f, 0x1f, "b6f7457199cdb33edaf75232f7ce63b95c935b5b8a7b4ccf030fa2d88d0fd426093fc34e0e69aa8d34d584e05932f9154e7c162f8503c8a166f7b396a60e36ad4478ded84a6818b053db32235b838960abcf1853d86fc4bf6910decc2544abe4ee4178e8c4ee8f7168189d69930ae5d1f87746079e36cbf7ead1aac66589a64821c3d653f4d6ca3a29df0d119496402fe67ec736ee0e4bc15febeeb1167753275a217d9813f630128d33b1fabc61571a127a7ede75d4a7be2fe5aa2b3f"}], 0x290}, 0x5}, {{0x0, 0x0, &(0x7f00000043c0)=[{&(0x7f0000004200)="b6ad1446a3b21246a6c3975d4c35b94816f848904251ede8cac338d03752229c9f7dbff947cb61ba8e2d0b332d9137260435433056097343c516633b1525b7e1f6974c86090f201006367dbbd427cc13dcd9666621d85dd5f794decfa6b99c4cbcdab7408d897b16e51ab27c4ad74ede8bf55bc170d765155853e22df9460aee80ee350a662d9799bbf83f", 0x8b}, {&(0x7f00000042c0)="e50f87616a4e7009e12395c1e026b35bac5bdc07c0cf020702e2d86c5c642072be59e31ca322a36726c9ec07d2edb4f36b3bb544c20c02bc8ec5f41118eba1556cda98a9226192f75acbd8ad4dec6ec61019fa6b963f05fb379d9c3910e39bd6a217cde264f6a7564dbf5573b6831f2aff6e8a9fb002a6e403bc8cdbe994870eb91cc25125ea", 0x86}, {&(0x7f0000004380)="f1e4debe15b9dd2fe42a944c8a9e2515c44a153b7af2220a631552261a9a57e2c4ce5b21df", 0x25}], 0x3}, 0xffffffff}], 0x9, 0x0) getsockopt$inet_int(r0, 0x10d, 0x10000000000000d, &(0x7f000079bffc), &(0x7f0000004640)) getsockopt$TIPC_NODE_RECVQ_DEPTH(r1, 0x10f, 0x83, &(0x7f0000000240), &(0x7f0000000280)=0x4) getsockopt$inet_int(r0, 0x0, 0x33, &(0x7f0000000000), &(0x7f0000000040)=0x4) 03:44:09 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x5300, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:44:09 executing program 5: socket$inet_udplite(0x2, 0x2, 0x88) sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000002300)}, 0x0) clone(0x0, 0x0, 0x0, 0x0, 0x0) sysinfo(&(0x7f0000000000)=""/248) r0 = socket$inet(0x10, 0x3, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$sock_ifreq(r1, 0x89f1, &(0x7f0000000180)={'ip6tnl0\x00', @ifru_flags}) 03:44:09 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000340)={0x0, 0x7000, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) [ 3425.509488][ T4176] Memory cgroup out of memory: Killed process 4089 (syz-executor.5) total-vm:72580kB, anon-rss:164kB, file-rss:35716kB, shmem-rss:0kB 03:44:09 executing program 3: mkdir(&(0x7f0000000040)='./file0/bus\x00', 0x21) r0 = creat(&(0x7f0000df1000)='./file0/bus\x00', 0x0) fcntl$lock(r0, 0x7, &(0x7f0000027000)) openat$uhid(0xffffffffffffff9c, &(0x7f0000000000)='/dev/uhid\x00', 0x0, 0x0) 03:44:09 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$inet(0x2, 0x2000000080003, 0xc) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f00000000c0)=@broute={'broute\x00\x00\x00\x00\x02\x00\x00\x00\x00t\x00', 0x20, 0x1, 0x178, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000800], 0x2, 0x0, &(0x7f0000000800)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe, 0x1, [{{{0x11, 0x0, 0x0, 'bcsf0\x00\x00\x00\x00\b\x00', 'veth0_to_bond\x00\xfe\x00', 'vcan0\x00', 'vlan0\x00', @broadcast, [], @link_local, [], 0xb0, 0xb0, 0xe8, [@devgroup={'devgroup\x00', 0x18, {{0x38}}}]}}, @common=@dnat={'dnat\x00', 0x10, {{@link_local}}}}]}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}]}, 0x1f0) fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0) 03:44:09 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000340)={0x0, 0x7100, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:44:09 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x5400, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:44:09 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000180)="0adc1f123c123f319bd070") r1 = socket$inet(0x10, 0x2, 0x0) r2 = perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x0, 0x2, 0x3ff, 0x40000000000, 0x0, 0x1, 0x20400, 0x3, 0x6, 0x1f, 0x2, 0x0, 0x80000000, 0x10001, 0x8, 0x8000, 0x9, 0xffff, 0x871, 0x8, 0x1, 0x2, 0x4, 0x81, 0x2, 0x6, 0x8000, 0xd7, 0xffffffffffffffac, 0x98e0, 0x5, 0x0, 0x7, 0x400, 0x8, 0x0, 0x0, 0xe2a, 0x2, @perf_config_ext={0x7f, 0x2}, 0x20000, 0x8, 0x0, 0x8, 0x13e, 0x7, 0x1ff}, 0xffffffffffffffff, 0xb, 0xffffffffffffff9c, 0x2) ioctl$PERF_EVENT_IOC_REFRESH(r2, 0x2402, 0xffffffffa67fbe19) openat$zero(0xffffffffffffff9c, &(0x7f0000000340)='/dev/zero\x00', 0x80080, 0x0) ioctl$sock_inet_SIOCDELRT(r1, 0x890c, &(0x7f00000001c0)={0x0, {0x2, 0x4e24, @local}, {0x2, 0x4e22, @multicast2}, {0x2, 0x4e20, @loopback}, 0x100, 0x0, 0x0, 0x0, 0x5574, &(0x7f00000000c0)='ip6erspan0\x00', 0x0, 0x4689, 0x3}) sendmsg(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000240)="2f0000001c0005c5ffffff000d0000000200001f01000000fc0002c9130001000300000050000000586700a28663b3", 0x2f}], 0x1000000000000129, 0x0, 0xfffffffffffffe00}, 0x0) r3 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000300)='/dev/btrfs-control\x00', 0x1, 0x0) perf_event_open$cgroup(&(0x7f0000000280)={0x1, 0x70, 0x3, 0xfffffffffffffffe, 0x4724, 0xfffffffffffffffa, 0x0, 0x635df221, 0x2000, 0x0, 0x214, 0x800, 0x0, 0xc93, 0x100, 0x3f, 0x1, 0x9, 0x0, 0x0, 0xfffffffffffff801, 0x8, 0x7, 0x4, 0x3ff, 0x4, 0x8, 0x80000001, 0x1000, 0x2, 0x6, 0x1ff, 0x5c3, 0x6, 0x1, 0x10000, 0x10000, 0x3f, 0x0, 0x7, 0x6, @perf_bp={&(0x7f0000000140), 0x5}, 0x20100, 0x1ff, 0x7, 0x1, 0x48, 0x4c9, 0x7}, r3, 0xd, 0xffffffffffffff9c, 0x1) 03:44:09 executing program 1: r0 = syz_open_dev$mouse(&(0x7f0000000000)='/dev/input/mouse#\x00', 0x5, 0x840c0) ioctl$TCXONC(r0, 0x540a, 0x80000000) r1 = socket(0x2, 0x2, 0x0) r2 = dup(r1) setsockopt$inet_opts(r2, 0x0, 0x20000000000001, &(0x7f0000000080)="01", 0x1) setsockopt$IP_VS_SO_SET_STOPDAEMON(r0, 0x0, 0x48c, &(0x7f0000000040)={0x1, 'erspan0\x00', 0x2}, 0x18) 03:44:09 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$inet(0x2, 0x2000000080003, 0xc) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f00000000c0)=@broute={'broute\x00\x00\x00\x00\x02\x00\x00\x00\x00t\x00', 0x20, 0x1, 0x178, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000800], 0x2, 0x0, &(0x7f0000000800)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe, 0x1, [{{{0x11, 0x0, 0x0, 'bcsf0\x00\x00\x00\x00\b\x00', 'veth0_to_bond\x00\x00\x03', 'vcan0\x00', 'vlan0\x00', @broadcast, [], @link_local, [], 0xb0, 0xb0, 0xe8, [@devgroup={'devgroup\x00', 0x18, {{0x38}}}]}}, @common=@dnat={'dnat\x00', 0x10, {{@link_local}}}}]}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}]}, 0x1f0) fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0) [ 3425.975096][ T4504] syz-executor.5 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 3426.139268][ T4504] CPU: 1 PID: 4504 Comm: syz-executor.5 Not tainted 5.1.0-rc5-next-20190418 #28 [ 3426.148364][ T4504] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3426.158439][ T4504] Call Trace: [ 3426.158467][ T4504] dump_stack+0x172/0x1f0 [ 3426.158490][ T4504] dump_header+0x10f/0xb6c [ 3426.158507][ T4504] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3426.158523][ T4504] ? ___ratelimit+0x60/0x595 [ 3426.158537][ T4504] ? do_raw_spin_unlock+0x57/0x270 [ 3426.158557][ T4504] oom_kill_process.cold+0x10/0x15 [ 3426.166248][ T4504] out_of_memory+0x79a/0x1280 [ 3426.166272][ T4504] ? lock_downgrade+0x880/0x880 [ 3426.166294][ T4504] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3426.208046][ T4504] ? oom_killer_disable+0x280/0x280 [ 3426.213369][ T4504] ? find_held_lock+0x35/0x130 [ 3426.218180][ T4504] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3426.218194][ T4504] ? memcg_event_wake+0x230/0x230 [ 3426.218216][ T4504] ? do_raw_spin_unlock+0x57/0x270 [ 3426.228868][ T4504] ? _raw_spin_unlock+0x2d/0x50 [ 3426.228886][ T4504] try_charge+0x118d/0x1790 [ 3426.228908][ T4504] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3426.249040][ T4504] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 3426.254637][ T4504] ? find_held_lock+0x35/0x130 [ 3426.259432][ T4504] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 3426.265043][ T4504] __memcg_kmem_charge_memcg+0x7c/0x130 [ 3426.270716][ T4504] ? memcg_kmem_put_cache+0xb0/0xb0 [ 3426.275944][ T4504] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3426.281518][ T4504] __memcg_kmem_charge+0x136/0x300 [ 3426.286651][ T4504] __alloc_pages_nodemask+0x437/0x7e0 [ 3426.292041][ T4504] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3426.298402][ T4504] ? __alloc_pages_slowpath+0x28b0/0x28b0 [ 3426.304134][ T4504] ? copy_process.part.0+0x1d40/0x7a90 [ 3426.309614][ T4504] ? lockdep_hardirqs_on+0x418/0x5d0 [ 3426.314917][ T4504] ? trace_hardirqs_on+0x67/0x230 [ 3426.319949][ T4504] ? kasan_check_read+0x11/0x20 [ 3426.324816][ T4504] copy_process.part.0+0x3e0/0x7a90 [ 3426.330037][ T4504] ? __lock_acquire+0x548/0x3fb0 [ 3426.335128][ T4504] ? __might_fault+0x12b/0x1e0 [ 3426.339913][ T4504] ? __cleanup_sighand+0x60/0x60 [ 3426.344867][ T4504] ? lock_downgrade+0x880/0x880 [ 3426.349752][ T4504] _do_fork+0x257/0xfd0 [ 3426.353925][ T4504] ? fork_idle+0x1d0/0x1d0 [ 3426.358360][ T4504] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3426.363824][ T4504] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3426.369377][ T4504] ? do_syscall_64+0x26/0x670 [ 3426.374231][ T4504] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3426.380703][ T4504] ? do_syscall_64+0x26/0x670 [ 3426.385404][ T4504] __x64_sys_clone+0xbf/0x150 [ 3426.390302][ T4504] do_syscall_64+0x103/0x670 [ 3426.395316][ T4504] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3426.401224][ T4504] RIP: 0033:0x458c29 [ 3426.405170][ T4504] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3426.424880][ T4504] RSP: 002b:00007fea30623c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 3426.433388][ T4504] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000458c29 [ 3426.441539][ T4504] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 3426.449522][ T4504] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 3426.457496][ T4504] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fea306246d4 [ 3426.465582][ T4504] R13: 00000000004befd3 R14: 00000000004d0020 R15: 00000000ffffffff [ 3426.474922][ T4504] memory: usage 307200kB, limit 307200kB, failcnt 97988 [ 3426.482022][ T4504] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3426.489704][ T4504] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3426.496775][ T4504] Memory cgroup stats for /syz5: cache:124KB rss:99380KB rss_huge:0KB shmem:132KB mapped_file:0KB dirty:132KB writeback:0KB swap:0KB inactive_anon:132KB active_anon:99336KB inactive_file:4KB active_file:0KB unevictable:0KB [ 3426.518536][ T4504] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=4071,uid=0 [ 3426.534487][ T4504] Memory cgroup out of memory: Killed process 4071 (syz-executor.5) total-vm:72580kB, anon-rss:160kB, file-rss:34816kB, shmem-rss:0kB [ 3426.555146][ T4404] syz-executor.5 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 3426.573879][ T4404] CPU: 1 PID: 4404 Comm: syz-executor.5 Not tainted 5.1.0-rc5-next-20190418 #28 [ 3426.583059][ T4404] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3426.593324][ T4404] Call Trace: [ 3426.596617][ T4404] dump_stack+0x172/0x1f0 [ 3426.600949][ T4404] dump_header+0x10f/0xb6c [ 3426.605369][ T4404] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3426.611178][ T4404] ? ___ratelimit+0x60/0x595 [ 3426.615763][ T4404] ? do_raw_spin_unlock+0x57/0x270 [ 3426.620875][ T4404] oom_kill_process.cold+0x10/0x15 [ 3426.625983][ T4404] out_of_memory+0x79a/0x1280 [ 3426.630839][ T4404] ? oom_killer_disable+0x280/0x280 [ 3426.636030][ T4404] ? find_held_lock+0x35/0x130 [ 3426.640792][ T4404] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3426.646328][ T4404] ? memcg_event_wake+0x230/0x230 [ 3426.651384][ T4404] ? do_raw_spin_unlock+0x57/0x270 [ 3426.656521][ T4404] ? _raw_spin_unlock+0x2d/0x50 [ 3426.661586][ T4404] try_charge+0xd4d/0x1790 [ 3426.666007][ T4404] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3426.671645][ T4404] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 3426.677214][ T4404] ? find_held_lock+0x35/0x130 [ 3426.682009][ T4404] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 3426.687567][ T4404] __memcg_kmem_charge_memcg+0x7c/0x130 [ 3426.693113][ T4404] ? memcg_kmem_put_cache+0xb0/0xb0 [ 3426.698342][ T4404] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3426.703900][ T4404] __memcg_kmem_charge+0x136/0x300 [ 3426.709047][ T4404] __alloc_pages_nodemask+0x437/0x7e0 [ 3426.714419][ T4404] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3426.720769][ T4404] ? __alloc_pages_slowpath+0x28b0/0x28b0 [ 3426.726713][ T4404] ? copy_process.part.0+0x1d40/0x7a90 [ 3426.732290][ T4404] ? lockdep_hardirqs_on+0x418/0x5d0 [ 3426.737580][ T4404] ? trace_hardirqs_on+0x67/0x230 [ 3426.742748][ T4404] ? kasan_check_read+0x11/0x20 [ 3426.747727][ T4404] copy_process.part.0+0x3e0/0x7a90 [ 3426.753062][ T4404] ? psi_memstall_leave+0x11c/0x180 [ 3426.758386][ T4404] ? kvm_sched_clock_read+0x9/0x20 [ 3426.763516][ T4404] ? psi_memstall_leave+0x12e/0x180 [ 3426.768738][ T4404] ? find_held_lock+0x35/0x130 [ 3426.773508][ T4404] ? psi_memstall_leave+0x12e/0x180 [ 3426.778717][ T4404] ? __cleanup_sighand+0x60/0x60 [ 3426.784414][ T4404] ? __lock_acquire+0x548/0x3fb0 [ 3426.789370][ T4404] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3426.795758][ T4404] _do_fork+0x257/0xfd0 [ 3426.799921][ T4404] ? fork_idle+0x1d0/0x1d0 [ 3426.804478][ T4404] ? blkcg_maybe_throttle_current+0x5e2/0xfc0 [ 3426.810548][ T4404] ? lock_downgrade+0x880/0x880 [ 3426.815456][ T4404] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3426.821893][ T4404] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3426.828153][ T4404] ? debug_smp_processor_id+0x3c/0x280 [ 3426.833622][ T4404] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3426.839093][ T4404] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3426.844549][ T4404] ? do_syscall_64+0x26/0x670 [ 3426.849314][ T4404] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3426.855405][ T4404] ? do_syscall_64+0x26/0x670 [ 3426.860096][ T4404] __x64_sys_clone+0xbf/0x150 [ 3426.864931][ T4404] do_syscall_64+0x103/0x670 [ 3426.869531][ T4404] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3426.875528][ T4404] RIP: 0033:0x45b5f9 [ 3426.879683][ T4404] Code: ff 48 85 f6 0f 84 d7 8e fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8e fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 3426.899400][ T4404] RSP: 002b:00007ffc1533c028 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 3426.907928][ T4404] RAX: ffffffffffffffda RBX: 00007fea30603700 RCX: 000000000045b5f9 [ 3426.915904][ T4404] RDX: 00007fea306039d0 RSI: 00007fea30602db0 RDI: 00000000003d0f00 [ 3426.923888][ T4404] RBP: 00007ffc1533c230 R08: 00007fea30603700 R09: 00007fea30603700 [ 3426.931863][ T4404] R10: 00007fea306039d0 R11: 0000000000000202 R12: 0000000000000000 [ 3426.939824][ T4404] R13: 00007ffc1533c0df R14: 00007fea306039c0 R15: 000000000073bfac [ 3426.950295][ T4404] memory: usage 307116kB, limit 307200kB, failcnt 97991 [ 3426.957524][ T4404] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3426.965160][ T4404] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 03:44:10 executing program 5: socket$inet_udplite(0x2, 0x2, 0x88) sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000002300)}, 0x0) clone(0x0, 0x0, 0x0, 0x0, 0x0) sysinfo(&(0x7f0000000000)=""/248) r0 = socket$inet(0x10, 0x3, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$sock_ifreq(r1, 0x89f1, &(0x7f0000000180)={'ip6tnl0\x00', @ifru_flags}) 03:44:10 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x5500, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:44:10 executing program 1: r0 = syz_init_net_socket$llc(0x1a, 0x2, 0x0) bind$llc(r0, &(0x7f0000000040)={0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @dev}, 0x10) socketpair$unix(0x1, 0x7, 0x0, &(0x7f0000000140)) r1 = syz_open_dev$vcsn(&(0x7f0000000000)='/dev/vcs#\x00', 0x21d4, 0x4200c0) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000080)={0x0, @multicast2, @empty}, &(0x7f00000000c0)=0xc) connect$packet(r1, &(0x7f0000000100)={0x11, 0x18, r2, 0x1, 0x3, 0x6, @remote}, 0x14) close(r0) 03:44:10 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000340)={0x0, 0x7200, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:44:10 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$inet(0x2, 0x2000000080003, 0xc) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f00000000c0)=@broute={'broute\x00\x00\x00\x00\x02\x00\x00\x00\x00t\x00', 0x20, 0x1, 0x178, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000800], 0x2, 0x0, &(0x7f0000000800)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe, 0x1, [{{{0x11, 0x0, 0x0, 'bcsf0\x00\x00\x00\x00\b\x00', 'veth0_to_bond\x00\x00\x05', 'vcan0\x00', 'vlan0\x00', @broadcast, [], @link_local, [], 0xb0, 0xb0, 0xe8, [@devgroup={'devgroup\x00', 0x18, {{0x38}}}]}}, @common=@dnat={'dnat\x00', 0x10, {{@link_local}}}}]}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}]}, 0x1f0) fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0) 03:44:10 executing program 3: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/net/tun\x00', 0x6, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'nr0\x01\x00', 0x501e}) r1 = socket$kcm(0x29, 0x80000000000005, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f0000000500)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&') write$cgroup_subtree(r0, &(0x7f00000000c0)={[{0x0, '\x03\x86\xdd'}]}, 0xfdef) r2 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x4400, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r2, 0x1, &(0x7f0000000080)={0x0, 0x6a, 0x5862}) [ 3426.972125][ T4404] Memory cgroup stats for /syz5: cache:124KB rss:99380KB rss_huge:0KB shmem:132KB mapped_file:0KB dirty:132KB writeback:0KB swap:0KB inactive_anon:132KB active_anon:99336KB inactive_file:4KB active_file:0KB unevictable:0KB [ 3426.994046][ T4404] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=14810,uid=0 [ 3427.009958][ T4404] Memory cgroup out of memory: Killed process 14810 (syz-executor.5) total-vm:72448kB, anon-rss:156kB, file-rss:34816kB, shmem-rss:0kB [ 3427.160992][ T4657] device nr0 entered promiscuous mode 03:44:10 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$inet(0x2, 0x2000000080003, 0xc) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f00000000c0)=@broute={'broute\x00\x00\x00\x00\x02\x00\x00\x00\x00t\x00', 0x20, 0x1, 0x178, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000800], 0x2, 0x0, &(0x7f0000000800)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe, 0x1, [{{{0x11, 0x0, 0x0, 'bcsf0\x00\x00\x00\x00\b\x00', 'veth0_to_bond\x00\x00\x06', 'vcan0\x00', 'vlan0\x00', @broadcast, [], @link_local, [], 0xb0, 0xb0, 0xe8, [@devgroup={'devgroup\x00', 0x18, {{0x38}}}]}}, @common=@dnat={'dnat\x00', 0x10, {{@link_local}}}}]}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}]}, 0x1f0) fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0) 03:44:10 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x5600, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:44:10 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000340)={0x0, 0x7300, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:44:10 executing program 1: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0x5, 0x0, 0xfcdbb8abe2740183) r1 = openat$vimc1(0xffffffffffffff9c, &(0x7f0000000000)='/dev/video1\x00', 0x2, 0x0) ioctl$VIDIOC_G_AUDOUT(r1, 0x80345631, &(0x7f0000000040)) [ 3427.459468][ T4800] syz-executor.5 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 3427.473455][ T4800] CPU: 1 PID: 4800 Comm: syz-executor.5 Not tainted 5.1.0-rc5-next-20190418 #28 [ 3427.482529][ T4800] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3427.492608][ T4800] Call Trace: [ 3427.496013][ T4800] dump_stack+0x172/0x1f0 [ 3427.500363][ T4800] dump_header+0x10f/0xb6c [ 3427.504801][ T4800] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3427.510726][ T4800] ? ___ratelimit+0x60/0x595 [ 3427.515333][ T4800] ? do_raw_spin_unlock+0x57/0x270 [ 3427.520755][ T4800] oom_kill_process.cold+0x10/0x15 [ 3427.526383][ T4800] out_of_memory+0x79a/0x1280 [ 3427.531189][ T4800] ? lock_downgrade+0x880/0x880 [ 3427.536137][ T4800] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3427.542648][ T4800] ? oom_killer_disable+0x280/0x280 [ 3427.547939][ T4800] ? find_held_lock+0x35/0x130 [ 3427.552726][ T4800] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3427.558371][ T4800] ? memcg_event_wake+0x230/0x230 [ 3427.563495][ T4800] ? do_raw_spin_unlock+0x57/0x270 [ 3427.568619][ T4800] ? _raw_spin_unlock+0x2d/0x50 [ 3427.573486][ T4800] try_charge+0x118d/0x1790 [ 3427.578216][ T4800] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3427.583778][ T4800] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 3427.589346][ T4800] ? find_held_lock+0x35/0x130 [ 3427.594139][ T4800] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 3427.599697][ T4800] __memcg_kmem_charge_memcg+0x7c/0x130 [ 3427.605241][ T4800] ? memcg_kmem_put_cache+0xb0/0xb0 [ 3427.610532][ T4800] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3427.616088][ T4800] __memcg_kmem_charge+0x136/0x300 [ 3427.621321][ T4800] __alloc_pages_nodemask+0x437/0x7e0 [ 3427.626844][ T4800] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3427.633095][ T4800] ? __alloc_pages_slowpath+0x28b0/0x28b0 [ 3427.638841][ T4800] ? copy_process.part.0+0x1d40/0x7a90 [ 3427.644388][ T4800] ? lockdep_hardirqs_on+0x418/0x5d0 [ 3427.649917][ T4800] ? trace_hardirqs_on+0x67/0x230 [ 3427.654957][ T4800] ? kasan_check_read+0x11/0x20 [ 3427.660223][ T4800] copy_process.part.0+0x3e0/0x7a90 [ 3427.665681][ T4800] ? __lock_acquire+0x548/0x3fb0 [ 3427.673199][ T4800] ? __lock_acquire+0x548/0x3fb0 [ 3427.678190][ T4800] ? __might_fault+0x12b/0x1e0 [ 3427.683092][ T4800] ? __cleanup_sighand+0x60/0x60 [ 3427.688089][ T4800] ? lock_downgrade+0x880/0x880 [ 3427.693013][ T4800] _do_fork+0x257/0xfd0 [ 3427.697187][ T4800] ? fork_idle+0x1d0/0x1d0 [ 3427.701619][ T4800] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3427.707166][ T4800] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3427.712630][ T4800] ? do_syscall_64+0x26/0x670 [ 3427.717323][ T4800] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3427.723404][ T4800] ? do_syscall_64+0x26/0x670 [ 3427.728208][ T4800] __x64_sys_clone+0xbf/0x150 [ 3427.732890][ T4800] do_syscall_64+0x103/0x670 [ 3427.737503][ T4800] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3427.743501][ T4800] RIP: 0033:0x458c29 [ 3427.747400][ T4800] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3427.767802][ T4800] RSP: 002b:00007fea30623c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 3427.776498][ T4800] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000458c29 [ 3427.784869][ T4800] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 3427.792849][ T4800] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 3427.800954][ T4800] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fea306246d4 03:44:11 executing program 1: r0 = syz_open_dev$adsp(&(0x7f0000000000)='/dev/adsp#\x00', 0x3ff, 0x80000) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r0, 0x84, 0x22, &(0x7f0000000040)={0x100000000, 0x8, 0x583, 0x81, 0x0}, &(0x7f0000000080)=0x10) getsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r0, 0x84, 0x18, &(0x7f0000000100)={r1, 0xd1b}, &(0x7f0000000140)=0x8) ioctl$DRM_IOCTL_DROP_MASTER(r0, 0x641f) timerfd_settime(0xffffffffffffffff, 0xfffffffffffffffe, &(0x7f00000000c0)={{0x77359400}, {0x0, 0x1c9c380}}, 0x0) socket$inet_smc(0x2b, 0x1, 0x0) [ 3427.808931][ T4800] R13: 00000000004befd3 R14: 00000000004d0020 R15: 00000000ffffffff [ 3427.824543][ T4800] memory: usage 307192kB, limit 307200kB, failcnt 98033 [ 3427.835465][ T4800] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3427.849962][ T4800] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3427.859262][ T4800] Memory cgroup stats for /syz5: cache:124KB rss:99512KB rss_huge:0KB shmem:132KB mapped_file:0KB dirty:132KB writeback:0KB swap:0KB inactive_anon:132KB active_anon:99468KB inactive_file:4KB active_file:0KB unevictable:0KB [ 3427.901964][ T4800] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=4647,uid=0 03:44:11 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x5700, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) [ 3427.942445][ T4657] device nr0 entered promiscuous mode [ 3427.989892][ T4800] Memory cgroup out of memory: Killed process 4647 (syz-executor.5) total-vm:72580kB, anon-rss:164kB, file-rss:34816kB, shmem-rss:0kB [ 3428.118257][ T4663] syz-executor.5 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 3428.151863][ T4663] CPU: 1 PID: 4663 Comm: syz-executor.5 Not tainted 5.1.0-rc5-next-20190418 #28 [ 3428.160951][ T4663] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3428.171143][ T4663] Call Trace: [ 3428.174447][ T4663] dump_stack+0x172/0x1f0 [ 3428.178877][ T4663] dump_header+0x10f/0xb6c [ 3428.183388][ T4663] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3428.189334][ T4663] ? ___ratelimit+0x60/0x595 [ 3428.194027][ T4663] ? do_raw_spin_unlock+0x57/0x270 [ 3428.199273][ T4663] oom_kill_process.cold+0x10/0x15 [ 3428.204574][ T4663] out_of_memory+0x79a/0x1280 [ 3428.209370][ T4663] ? oom_killer_disable+0x280/0x280 [ 3428.214566][ T4663] ? find_held_lock+0x35/0x130 [ 3428.219424][ T4663] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3428.224992][ T4663] ? memcg_event_wake+0x230/0x230 [ 3428.230289][ T4663] ? do_raw_spin_unlock+0x57/0x270 [ 3428.235529][ T4663] ? _raw_spin_unlock+0x2d/0x50 [ 3428.240373][ T4663] try_charge+0xd4d/0x1790 [ 3428.244784][ T4663] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3428.250434][ T4663] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 3428.256196][ T4663] ? find_held_lock+0x35/0x130 [ 3428.261138][ T4663] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 3428.266697][ T4663] __memcg_kmem_charge_memcg+0x7c/0x130 [ 3428.272239][ T4663] ? memcg_kmem_put_cache+0xb0/0xb0 [ 3428.277447][ T4663] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3428.283006][ T4663] __memcg_kmem_charge+0x136/0x300 [ 3428.288200][ T4663] __alloc_pages_nodemask+0x437/0x7e0 [ 3428.293574][ T4663] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3428.300032][ T4663] ? __alloc_pages_slowpath+0x28b0/0x28b0 [ 3428.305867][ T4663] ? copy_process.part.0+0x1d40/0x7a90 [ 3428.311332][ T4663] ? lockdep_hardirqs_on+0x418/0x5d0 [ 3428.316610][ T4663] ? trace_hardirqs_on+0x67/0x230 [ 3428.321624][ T4663] ? kasan_check_read+0x11/0x20 [ 3428.326564][ T4663] copy_process.part.0+0x3e0/0x7a90 [ 3428.331753][ T4663] ? psi_memstall_leave+0x11c/0x180 [ 3428.336936][ T4663] ? kvm_sched_clock_read+0x9/0x20 [ 3428.342036][ T4663] ? psi_memstall_leave+0x12e/0x180 [ 3428.347229][ T4663] ? find_held_lock+0x35/0x130 [ 3428.351986][ T4663] ? psi_memstall_leave+0x12e/0x180 [ 3428.357196][ T4663] ? __cleanup_sighand+0x60/0x60 [ 3428.362138][ T4663] ? __lock_acquire+0x548/0x3fb0 [ 3428.367115][ T4663] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3428.373388][ T4663] _do_fork+0x257/0xfd0 [ 3428.377628][ T4663] ? fork_idle+0x1d0/0x1d0 [ 3428.382040][ T4663] ? blkcg_maybe_throttle_current+0x5e2/0xfc0 [ 3428.388151][ T4663] ? lock_downgrade+0x880/0x880 [ 3428.392997][ T4663] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3428.399233][ T4663] ? blkcg_exit_queue+0x30/0x30 [ 3428.404172][ T4663] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3428.409738][ T4663] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3428.415192][ T4663] ? do_syscall_64+0x26/0x670 [ 3428.419862][ T4663] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3428.425945][ T4663] ? do_syscall_64+0x26/0x670 [ 3428.431233][ T4663] __x64_sys_clone+0xbf/0x150 [ 3428.435913][ T4663] do_syscall_64+0x103/0x670 [ 3428.440492][ T4663] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3428.446512][ T4663] RIP: 0033:0x45b5f9 [ 3428.450393][ T4663] Code: ff 48 85 f6 0f 84 d7 8e fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8e fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 3428.470025][ T4663] RSP: 002b:00007ffc1533c028 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 3428.478513][ T4663] RAX: ffffffffffffffda RBX: 00007fea30603700 RCX: 000000000045b5f9 [ 3428.486582][ T4663] RDX: 00007fea306039d0 RSI: 00007fea30602db0 RDI: 00000000003d0f00 [ 3428.494751][ T4663] RBP: 00007ffc1533c230 R08: 00007fea30603700 R09: 00007fea30603700 [ 3428.502819][ T4663] R10: 00007fea306039d0 R11: 0000000000000202 R12: 0000000000000000 [ 3428.510788][ T4663] R13: 00007ffc1533c0df R14: 00007fea306039c0 R15: 000000000073bfac [ 3428.521294][ T4663] memory: usage 307040kB, limit 307200kB, failcnt 98055 [ 3428.533976][ T4663] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3428.541932][ T4663] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3428.549242][ T4663] Memory cgroup stats for /syz5: cache:124KB rss:99512KB rss_huge:0KB shmem:132KB mapped_file:0KB dirty:132KB writeback:0KB swap:0KB inactive_anon:132KB active_anon:99468KB inactive_file:4KB active_file:0KB unevictable:0KB [ 3428.571670][ T4663] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=4649,uid=0 [ 3428.587749][ T4663] Memory cgroup out of memory: Killed process 4649 (syz-executor.5) total-vm:72580kB, anon-rss:164kB, file-rss:34816kB, shmem-rss:0kB [ 3428.624424][ T4800] syz-executor.5 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 3428.637171][ T4800] CPU: 1 PID: 4800 Comm: syz-executor.5 Not tainted 5.1.0-rc5-next-20190418 #28 [ 3428.646194][ T4800] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3428.646200][ T4800] Call Trace: [ 3428.646224][ T4800] dump_stack+0x172/0x1f0 [ 3428.646245][ T4800] dump_header+0x10f/0xb6c [ 3428.646266][ T4800] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3428.674193][ T4800] ? ___ratelimit+0x60/0x595 [ 3428.678773][ T4800] ? do_raw_spin_unlock+0x57/0x270 [ 3428.683959][ T4800] oom_kill_process.cold+0x10/0x15 [ 3428.689056][ T4800] out_of_memory+0x79a/0x1280 [ 3428.693740][ T4800] ? oom_killer_disable+0x280/0x280 [ 3428.698919][ T4800] ? find_held_lock+0x35/0x130 [ 3428.703687][ T4800] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3428.709223][ T4800] ? memcg_event_wake+0x230/0x230 [ 3428.714239][ T4800] ? do_raw_spin_unlock+0x57/0x270 [ 3428.719335][ T4800] ? _raw_spin_unlock+0x2d/0x50 [ 3428.724633][ T4800] try_charge+0x118d/0x1790 [ 3428.729136][ T4800] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3428.734665][ T4800] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 3428.740192][ T4800] ? find_held_lock+0x35/0x130 [ 3428.744937][ T4800] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 3428.750647][ T4800] __memcg_kmem_charge_memcg+0x7c/0x130 [ 3428.756179][ T4800] ? memcg_kmem_put_cache+0xb0/0xb0 [ 3428.761542][ T4800] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3428.767073][ T4800] __memcg_kmem_charge+0x136/0x300 [ 3428.772265][ T4800] __alloc_pages_nodemask+0x437/0x7e0 [ 3428.777620][ T4800] ? __alloc_pages_slowpath+0x28b0/0x28b0 [ 3428.783321][ T4800] ? copy_page_range+0x128a/0x1fc0 [ 3428.788419][ T4800] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3428.794641][ T4800] alloc_pages_current+0x107/0x210 [ 3428.799753][ T4800] pte_alloc_one+0x1b/0x1a0 [ 3428.804236][ T4800] __pte_alloc+0x20/0x310 [ 3428.808550][ T4800] copy_page_range+0x1561/0x1fc0 [ 3428.813480][ T4800] ? __lock_acquire+0x548/0x3fb0 [ 3428.818437][ T4800] ? pmd_alloc+0x180/0x180 [ 3428.822844][ T4800] ? vma_gap_callbacks_rotate+0x62/0x80 [ 3428.828375][ T4800] ? __rb_insert_augmented+0x231/0xdf0 [ 3428.833819][ T4800] ? validate_mm_rb+0xa3/0xc0 [ 3428.838487][ T4800] ? __vma_link_rb+0x279/0x370 [ 3428.843232][ T4800] ? kasan_check_write+0x14/0x20 [ 3428.848245][ T4800] copy_process.part.0+0x5afb/0x7a90 [ 3428.853637][ T4800] ? __cleanup_sighand+0x60/0x60 [ 3428.858570][ T4800] _do_fork+0x257/0xfd0 [ 3428.862712][ T4800] ? fork_idle+0x1d0/0x1d0 [ 3428.867116][ T4800] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3428.872569][ T4800] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3428.878098][ T4800] ? do_syscall_64+0x26/0x670 [ 3428.882762][ T4800] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3428.888818][ T4800] ? do_syscall_64+0x26/0x670 [ 3428.893485][ T4800] __x64_sys_clone+0xbf/0x150 [ 3428.898147][ T4800] do_syscall_64+0x103/0x670 [ 3428.902722][ T4800] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3428.908595][ T4800] RIP: 0033:0x458c29 [ 3428.912582][ T4800] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3428.932290][ T4800] RSP: 002b:00007fea30623c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 3428.940686][ T4800] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000458c29 [ 3428.948639][ T4800] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 3428.956689][ T4800] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 3428.964713][ T4800] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fea306246d4 [ 3428.972668][ T4800] R13: 00000000004befd3 R14: 00000000004d0020 R15: 00000000ffffffff [ 3428.989342][ T4800] memory: usage 306792kB, limit 307200kB, failcnt 98055 [ 3428.996595][ T4800] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3429.013985][ T4800] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3429.021653][ T4800] Memory cgroup stats for /syz5: cache:124KB rss:99512KB rss_huge:0KB shmem:132KB mapped_file:0KB dirty:132KB writeback:0KB swap:0KB inactive_anon:132KB active_anon:99468KB inactive_file:4KB active_file:0KB unevictable:0KB [ 3429.043771][ T4800] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=15238,uid=0 [ 3429.061330][ T4800] Memory cgroup out of memory: Killed process 15238 (syz-executor.5) total-vm:72448kB, anon-rss:156kB, file-rss:34816kB, shmem-rss:0kB 03:44:12 executing program 5: socket$inet_udplite(0x2, 0x2, 0x88) sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000002300)}, 0x0) clone(0x0, 0x0, 0x0, 0x0, 0x0) sysinfo(&(0x7f0000000000)=""/248) r0 = socket$inet(0x10, 0x3, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$sock_ifreq(r1, 0x89f1, &(0x7f0000000180)={'ip6tnl0\x00', @ifru_flags}) 03:44:12 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x12, 0x5, 0x4, 0x417, 0x0, 0x1}, 0x3c) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000080)={r0, &(0x7f0000000140)}, 0x10) r1 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vsock\x00', 0x250201, 0x0) ioctl$KVM_SET_FPU(r1, 0x41a0ae8d, &(0x7f00000000c0)={[], 0x1f, 0x3ff, 0x3, 0x0, 0x0, 0x3000, 0x10000, [], 0xffad}) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) 03:44:12 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000340)={0x0, 0x7400, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:44:12 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$inet(0x2, 0x2000000080003, 0xc) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f00000000c0)=@broute={'broute\x00\x00\x00\x00\x02\x00\x00\x00\x00t\x00', 0x20, 0x1, 0x178, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000800], 0x2, 0x0, &(0x7f0000000800)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe, 0x1, [{{{0x11, 0x0, 0x0, 'bcsf0\x00\x00\x00\x00\b\x00', 'veth0_to_bond\x00\x00\a', 'vcan0\x00', 'vlan0\x00', @broadcast, [], @link_local, [], 0xb0, 0xb0, 0xe8, [@devgroup={'devgroup\x00', 0x18, {{0x38}}}]}}, @common=@dnat={'dnat\x00', 0x10, {{@link_local}}}}]}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}]}, 0x1f0) fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0) 03:44:12 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x5800, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:44:12 executing program 3: r0 = socket$inet(0xa, 0x10000000000005, 0x3ff) connect$inet(r0, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) listen(r0, 0xfffffffffffffffe) r1 = accept4(r0, 0x0, 0x0, 0x0) shutdown(r1, 0x0) 03:44:12 executing program 3: r0 = syz_open_dev$vbi(&(0x7f0000000100)='/dev/vbi#\x00', 0x2, 0x2) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffeed) getsockopt$inet_sctp6_SCTP_HMAC_IDENT(r0, 0x84, 0x16, &(0x7f0000000040)={0x1, [0x1000]}, &(0x7f0000000140)=0x6) ioctl$KVM_RUN(r0, 0xae80, 0x0) ioctl$DRM_IOCTL_ADD_CTX(r0, 0xc0086420, &(0x7f0000000080)={0x0}) ioctl$DRM_IOCTL_SWITCH_CTX(r0, 0x40086424, &(0x7f00000000c0)={r3, 0x1}) 03:44:12 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x5900, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:44:12 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000340)={0x0, 0x7500, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:44:12 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$inet(0x2, 0x2000000080003, 0xc) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f00000000c0)=@broute={'broute\x00\x00\x00\x00\x02\x00\x00\x00\x00t\x00', 0x20, 0x1, 0x178, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000800], 0x2, 0x0, &(0x7f0000000800)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe, 0x1, [{{{0x11, 0x0, 0x0, 'bcsf0\x00\x00\x00\x00\b\x00', 'veth0_to_bond\x00\x00\t', 'vcan0\x00', 'vlan0\x00', @broadcast, [], @link_local, [], 0xb0, 0xb0, 0xe8, [@devgroup={'devgroup\x00', 0x18, {{0x38}}}]}}, @common=@dnat={'dnat\x00', 0x10, {{@link_local}}}}]}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}]}, 0x1f0) fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0) 03:44:12 executing program 1: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x80002, 0x88) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x10000000004e20, 0x0, @mcast2, 0x5}, 0x1c) recvmmsg(r0, &(0x7f0000003b40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x0, 0x0) setsockopt$sock_int(r0, 0x1, 0x2e, &(0x7f0000000000)=0x6, 0x4) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, 0x0, 0x0) syz_emit_ethernet(0x83, &(0x7f0000000180)={@local, @dev, [], {@ipv6={0x86dd, {0x0, 0x6, "1bfc97", 0x4d, 0x88, 0x0, @dev, @mcast2, {[], @udp={0x0, 0x4e20, 0x4d, 0x0, [], "e29607149378d33e1db1c73936c77aa3f7fac33b042bd368236862531934ecb1c373d6ea51369e92fb96cc7c6fe4e24d1fcafff87429e50b32881721afab69cc3712c37ed0"}}}}}}, 0x0) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dsp\x00', 0x10000, 0x0) write$P9_RMKNOD(r1, &(0x7f0000000100)={0x14, 0x13, 0x1, {0x24, 0x0, 0x6}}, 0x14) shutdown(r0, 0x0) 03:44:13 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x5a00, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) [ 3429.446915][ T5020] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3429.555325][ T5020] CPU: 0 PID: 5020 Comm: syz-executor.5 Not tainted 5.1.0-rc5-next-20190418 #28 [ 3429.564431][ T5020] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3429.574500][ T5020] Call Trace: [ 3429.577808][ T5020] dump_stack+0x172/0x1f0 [ 3429.582160][ T5020] dump_header+0x10f/0xb6c [ 3429.586706][ T5020] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3429.592524][ T5020] ? ___ratelimit+0x60/0x595 [ 3429.597127][ T5020] ? do_raw_spin_unlock+0x57/0x270 [ 3429.602254][ T5020] oom_kill_process.cold+0x10/0x15 [ 3429.607372][ T5020] out_of_memory+0x79a/0x1280 [ 3429.612083][ T5020] ? lock_downgrade+0x880/0x880 [ 3429.616935][ T5020] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3429.623190][ T5020] ? oom_killer_disable+0x280/0x280 [ 3429.628399][ T5020] ? find_held_lock+0x35/0x130 [ 3429.633181][ T5020] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3429.638816][ T5020] ? memcg_event_wake+0x230/0x230 [ 3429.643855][ T5020] ? do_raw_spin_unlock+0x57/0x270 [ 3429.649059][ T5020] ? _raw_spin_unlock+0x2d/0x50 [ 3429.653919][ T5020] try_charge+0x118d/0x1790 [ 3429.658578][ T5020] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3429.664138][ T5020] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3429.670424][ T5020] ? kasan_check_read+0x11/0x20 [ 3429.675299][ T5020] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3429.680961][ T5020] mem_cgroup_try_charge+0x24d/0x5e0 [ 3429.686257][ T5020] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3429.691987][ T5020] wp_page_copy+0x416/0x1770 [ 3429.696602][ T5020] ? do_wp_page+0x486/0x1500 [ 3429.701299][ T5020] ? pmd_pfn+0x1d0/0x1d0 [ 3429.705633][ T5020] ? lock_downgrade+0x880/0x880 [ 3429.710487][ T5020] ? swp_swapcount+0x540/0x540 [ 3429.710502][ T5020] ? kasan_check_read+0x11/0x20 [ 3429.710517][ T5020] ? do_raw_spin_unlock+0x57/0x270 [ 3429.710531][ T5020] do_wp_page+0x48e/0x1500 [ 3429.710547][ T5020] ? finish_mkwrite_fault+0x540/0x540 [ 3429.710567][ T5020] __handle_mm_fault+0x22e8/0x3ec0 [ 3429.710584][ T5020] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3429.710595][ T5020] ? find_held_lock+0x35/0x130 [ 3429.710607][ T5020] ? handle_mm_fault+0x292/0xa90 [ 3429.710629][ T5020] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3429.725422][ T5020] ? kasan_check_read+0x11/0x20 [ 3429.735181][ T5020] handle_mm_fault+0x3b7/0xa90 [ 3429.745951][ T5020] __do_page_fault+0x5ef/0xda0 [ 3429.755991][ T5020] do_page_fault+0x71/0x581 [ 3429.767071][ T5020] ? page_fault+0x8/0x30 [ 3429.785400][ T5020] page_fault+0x1e/0x30 [ 3429.789570][ T5020] RIP: 0033:0x40de98 [ 3429.793472][ T5020] Code: 8b 34 c6 4a 8d 04 2e 48 3d ff ff ff 7e 0f 86 77 ff ff ff bf 2c e2 4b 00 31 c0 e8 83 3a ff ff 31 ff e8 cc 36 ff ff 0f 1f 40 00 <89> 3c b5 00 00 73 00 eb b6 31 ed 0f 1f 44 00 00 80 3d ce 25 64 00 [ 3429.813505][ T5020] RSP: 002b:00007ffc1533c090 EFLAGS: 00010246 [ 3429.819585][ T5020] RAX: 000000002d848cc7 RBX: 000000005ddcb292 RCX: 0000001b2e620000 [ 3429.827591][ T5020] RDX: 0000000000000000 RSI: 0000000000000cc7 RDI: ffffffff2d848cc7 [ 3429.835668][ T5020] RBP: 000000000000000f R08: 000000002d848cc7 R09: 000000002d848ccb [ 3429.843809][ T5020] R10: 00007ffc1533c220 R11: 0000000000000246 R12: 000000000073c028 [ 3429.851771][ T5020] R13: 0000000080000000 R14: 00007fea32425008 R15: 0000000000000027 [ 3429.862149][ T5020] memory: usage 307200kB, limit 307200kB, failcnt 98070 [ 3429.869442][ T5020] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3429.877127][ T5020] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3429.884547][ T5020] Memory cgroup stats for /syz5: cache:124KB rss:99504KB rss_huge:0KB shmem:132KB mapped_file:0KB dirty:132KB writeback:0KB swap:0KB inactive_anon:132KB active_anon:99468KB inactive_file:4KB active_file:0KB unevictable:0KB 03:44:13 executing program 5: socket$inet_udplite(0x2, 0x2, 0x88) sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000002300)}, 0x0) clone(0x0, 0x0, 0x0, 0x0, 0x0) sysinfo(&(0x7f0000000000)=""/248) r0 = socket$inet(0x10, 0x3, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$sock_ifreq(r1, 0x89f1, &(0x7f0000000180)={'ip6tnl0\x00', @ifru_flags}) 03:44:13 executing program 3: r0 = socket$inet6(0xa, 0x1000000004, 0x0) bind$inet6(r0, &(0x7f0000000080)={0xa, 0x6e20, 0x0, @ipv4}, 0x1c) r1 = socket$inet6(0xa, 0x2, 0x0) r2 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000180)='/dev/sequencer2\x00', 0x0, 0x0) setsockopt$sock_int(r2, 0x1, 0x29, &(0x7f0000d1c000)=0x6, 0x4) sendto$inet6(r0, &(0x7f00000000c0)="f5b5f34bbace49d12ac7d184d1e874c73d535a08a9ada0236818385d88cd230944ae7db8fe108607d4b52d331876c531f5597de30464e24e7b8d2759d5abcca794090d91fb6507d4654882d85e8b76f692ffa7c6005f43c513049342c4", 0x5d, 0x20000000, 0x0, 0x0) syz_genetlink_get_family_id$fou(&(0x7f0000000140)='fou\x00') setsockopt$inet6_int(r1, 0x29, 0x1f, &(0x7f0000000000)=0x9, 0x4) r3 = socket$inet6(0xa, 0x2, 0x0) setsockopt$sock_int(r3, 0x1, 0x2000000000000f, &(0x7f0000d1c000)=0x6, 0x4) bind$inet6(r3, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x19) bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e20}, 0x1c) 03:44:13 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$inet(0x2, 0x2000000080003, 0xc) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f00000000c0)=@broute={'broute\x00\x00\x00\x00\x02\x00\x00\x00\x00t\x00', 0x20, 0x1, 0x178, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000800], 0x2, 0x0, &(0x7f0000000800)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe, 0x1, [{{{0x11, 0x0, 0x0, 'bcsf0\x00\x00\x00\x00\b\x00', 'veth0_to_bond\x00\x8c\x10', 'vcan0\x00', 'vlan0\x00', @broadcast, [], @link_local, [], 0xb0, 0xb0, 0xe8, [@devgroup={'devgroup\x00', 0x18, {{0x38}}}]}}, @common=@dnat={'dnat\x00', 0x10, {{@link_local}}}}]}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}]}, 0x1f0) fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0) 03:44:13 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000340)={0x0, 0x7600, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:44:13 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x5b00, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:44:13 executing program 1: setitimer(0x0, &(0x7f0000000080)={{}, {0x10000000000000}}, 0x0) r0 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x21cb, 0x440000) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_PREFER_SUBDEVICE(r0, 0x40045542, &(0x7f0000000040)=0x7) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000100)='TIPC\x00') sendmsg$TIPC_CMD_RESET_LINK_STATS(r0, &(0x7f00000001c0)={&(0x7f00000000c0), 0xc, &(0x7f0000000180)={&(0x7f0000000140)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="000027bd70000000016d6dc4281e5cc9c9000c410000000c001473797a67decbe1f5"], 0x28}, 0x1, 0x0, 0x0, 0x8000}, 0x4000000) [ 3429.906563][ T5020] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=5020,uid=0 [ 3429.922089][ T5020] Memory cgroup out of memory: Killed process 5020 (syz-executor.5) total-vm:72580kB, anon-rss:164kB, file-rss:35716kB, shmem-rss:0kB [ 3429.937605][ T1044] oom_reaper: reaped process 5020 (syz-executor.5), now anon-rss:0kB, file-rss:34820kB, shmem-rss:0kB 03:44:13 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x5c00, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:44:13 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$inet(0x2, 0x2000000080003, 0xc) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f00000000c0)=@broute={'broute\x00\x00\x00\x00\x02\x00\x00\x00\x00t\x00', 0x20, 0x1, 0x178, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000800], 0x2, 0x0, &(0x7f0000000800)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe, 0x1, [{{{0x11, 0x0, 0x0, 'bcsf0\x00\x00\x00\x00\b\x00', 'veth0_to_bond\x00\x00 ', 'vcan0\x00', 'vlan0\x00', @broadcast, [], @link_local, [], 0xb0, 0xb0, 0xe8, [@devgroup={'devgroup\x00', 0x18, {{0x38}}}]}}, @common=@dnat={'dnat\x00', 0x10, {{@link_local}}}}]}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}]}, 0x1f0) fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0) 03:44:13 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x5d00, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:44:13 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000340)={0x0, 0x7700, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:44:13 executing program 1: r0 = mmap$binder(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffff9c, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffff9c, 0xc0306201, &(0x7f0000000200)={0x54, 0x0, &(0x7f0000000180)=[@request_death={0x400c630e, 0x4, 0x2}, @reply={0x40406301, {0x4, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x18, 0x20, &(0x7f0000000040)=[@flat={0x77622a85, 0x1, r0, 0x2}], &(0x7f0000000140)=[0x18, 0x20, 0x38, 0x48]}}], 0xf9, 0x0, &(0x7f0000000300)="4c5f2872740a036ea34ad544c2c4a62f381c8142e96c113aab65d2759d54594d39fd4ec0eff1d952012e54aa2b400255d6003856b585d37cc0a5193f61fd8eaff5acf93550b6bdaed87e51c2074867e7d5e2dd19a21db0feb3803d758cdff04fc01507a6b5eb6267c102dbcecbef729d1525740caf586b9f9b545ba52bf05281cb48264ab45505eec92777f390d0358245cec330c488008ec80a3323b0d78c6f9c306d7da2bb0e39c2a88bbf6c0a579eaef001ab9c8095c93be80b1c822648e8d43cd223d299a521fa62041a174cc150e5aec3e2cc3a76a7cb1346e27982f6e01cb66300a1315210cbd14fd7b9e3c8be672423db7d917b6fb0"}) r1 = syz_open_dev$swradio(&(0x7f00000002c0)='/dev/swradio#\x00', 0xffffffffffffffff, 0x2) pselect6(0x69, &(0x7f0000000280)={0x8}, 0x0, 0x0, 0x0, 0x0) mmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x1, 0x28010, r1, 0x0) ioctl$sock_inet_tcp_SIOCINQ(r1, 0x541b, &(0x7f0000000240)) read(r1, &(0x7f0000000080)=""/146, 0x92) 03:44:13 executing program 3: prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1) r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0) ioctl$sock_SIOCBRADDBR(r0, 0x89a0, &(0x7f0000000000)='syzkaller1\x00') r1 = socket$isdn_base(0x22, 0x3, 0x0) ioctl$IMSETDEVNAME(r1, 0x80184947, &(0x7f0000000040)={0x6, 'syz0\x00'}) r2 = openat$vfio(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vfio/vfio\x00', 0x2, 0x0) write$UHID_CREATE(r2, &(0x7f0000000140)={0x0, 'syz0\x00', 'syz0\x00', 'syz0\x00', &(0x7f00000000c0)=""/69, 0x45, 0xfffffffffffffffa, 0x4, 0x7, 0x5, 0x1}, 0x120) ioctl$TIOCGSID(r2, 0x5429, &(0x7f0000000280)=0x0) capget(&(0x7f00000002c0)={0x19980330, r3}, &(0x7f0000000300)={0x1, 0xb67, 0x1, 0x401, 0x8, 0x6}) ioctl$UI_SET_KEYBIT(r1, 0x40045565, 0x137) ioctl$sock_SIOCINQ(r2, 0x541b, &(0x7f0000000340)) recvfrom$netrom(r2, &(0x7f0000000380)=""/233, 0xe9, 0x40012120, 0x0, 0x0) ioctl$KDGKBDIACR(r2, 0x4b4a, &(0x7f0000000480)=""/202) setsockopt$netlink_NETLINK_RX_RING(r2, 0x10e, 0x6, &(0x7f0000000580)={0x3cc28, 0x9, 0x73, 0x20}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000007c0)={r2, 0xc0, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000005c0)=0x3ff, 0x0, 0x0, 0x0, &(0x7f0000000600)={0x2, 0x9}, 0x0, 0x0, &(0x7f0000000640)={0x1, 0x4, 0xc8f5, 0x800}, &(0x7f0000000680)=0x5, 0x0, 0x0, 0x0, 0x0, &(0x7f00000006c0)=0x230b}}, 0x10) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000000840)='TIPC\x00') sendmsg$TIPC_CMD_SHOW_STATS(r2, &(0x7f0000000900)={&(0x7f0000000800), 0xc, &(0x7f00000008c0)={&(0x7f0000000880)={0x1c, r4, 0x824, 0x70bd28, 0x25dfdbfe, {}, ["", "", "", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x4004}, 0x0) ioctl$BLKSECTGET(r2, 0x1267, &(0x7f0000000940)) sendto(r1, &(0x7f0000000980)="2daf9f7958ea8d7e6562d9615fa1a22e35c676550b3600e84dcfb57b9b271d1284907bc92c8807093015aac8f4b44ea197038bdc74e4f4369dd207adc39b76de2fa70a8e0aeffe840ea7f42fc9085b13c444d609ccc4cede5ef2e200153e0b20e00f72b6717cf37f50daf688cce569d7601e4d0665dd2a51f47c3be1fa95065f64890fa81a2e4c81c8b1025f5775c608964f7fe322a189038261f5132c577a9a9b3502e529b382e7547b6ed89e9e7a24a915825e9fe73c022e527048aaf4a87918dd541badb7ba9b591902043122bbd6200af3f4e83d64f839df1a4dcbcbc3e0bf9cec6db83d4385e23b07da627ccaa9b0556c3196b879987761364f8341da", 0xff, 0x81, &(0x7f0000000a80)=@tipc=@name={0x1e, 0x2, 0x0, {{0x42, 0x1}, 0x1}}, 0x80) ioctl$TIOCCBRK(r2, 0x5428) r5 = request_key(&(0x7f0000000b80)='user\x00', &(0x7f0000000bc0)={'syz', 0x3}, &(0x7f0000000c00)='syz0\x00', 0xffffffffffffffff) r6 = add_key$keyring(&(0x7f0000000b00)='keyring\x00', &(0x7f0000000b40)={'syz', 0x0}, 0x0, 0x0, r5) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000c40)={r2, r2}) getsockopt$SO_COOKIE(r0, 0x1, 0x39, &(0x7f0000000c80), &(0x7f0000000cc0)=0x8) keyctl$negate(0xd, r6, 0x3, r5) ioctl$TIOCSSERIAL(r2, 0x541f, &(0x7f0000000dc0)={0x100000001, 0xffffffff, 0x5b, 0x4, 0xeab, 0x80, 0xffffffffffff6121, 0x1, 0x8, 0x6, 0x2, 0x3, 0x696cf590, 0x5, &(0x7f0000000d00)=""/149, 0x7, 0x1, 0x5}) getpeername(r2, &(0x7f0000000e40)=@nl=@proc, &(0x7f0000000ec0)=0x80) getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(r2, 0x84, 0x7, &(0x7f0000000f00), &(0x7f0000000f40)=0x4) ioctl$FICLONE(r2, 0x40049409, r0) mq_timedsend(r1, &(0x7f0000000f80)="1a146770e0cffa", 0x7, 0x4, &(0x7f0000000fc0)) [ 3430.273716][ T5369] syz-executor.5 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 3430.350036][ T5369] CPU: 0 PID: 5369 Comm: syz-executor.5 Not tainted 5.1.0-rc5-next-20190418 #28 [ 3430.359278][ T5369] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3430.369357][ T5369] Call Trace: [ 3430.372681][ T5369] dump_stack+0x172/0x1f0 [ 3430.377040][ T5369] dump_header+0x10f/0xb6c [ 3430.381468][ T5369] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3430.387286][ T5369] ? ___ratelimit+0x60/0x595 [ 3430.391899][ T5369] ? do_raw_spin_unlock+0x57/0x270 [ 3430.397197][ T5369] oom_kill_process.cold+0x10/0x15 [ 3430.402317][ T5369] out_of_memory+0x79a/0x1280 [ 3430.407015][ T5369] ? lock_downgrade+0x880/0x880 [ 3430.411887][ T5369] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3430.418142][ T5369] ? oom_killer_disable+0x280/0x280 [ 3430.423353][ T5369] ? find_held_lock+0x35/0x130 [ 3430.428246][ T5369] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3430.433804][ T5369] ? memcg_event_wake+0x230/0x230 [ 3430.438850][ T5369] ? do_raw_spin_unlock+0x57/0x270 [ 3430.443972][ T5369] ? _raw_spin_unlock+0x2d/0x50 [ 3430.448847][ T5369] try_charge+0x118d/0x1790 [ 3430.453384][ T5369] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3430.458941][ T5369] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 3430.464503][ T5369] ? find_held_lock+0x35/0x130 [ 3430.469282][ T5369] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 3430.474873][ T5369] __memcg_kmem_charge_memcg+0x7c/0x130 [ 3430.474891][ T5369] ? memcg_kmem_put_cache+0xb0/0xb0 [ 3430.474912][ T5369] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3430.491197][ T5369] __memcg_kmem_charge+0x136/0x300 [ 3430.496336][ T5369] __alloc_pages_nodemask+0x437/0x7e0 [ 3430.501734][ T5369] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3430.507986][ T5369] ? __alloc_pages_slowpath+0x28b0/0x28b0 [ 3430.513718][ T5369] ? copy_process.part.0+0x1d40/0x7a90 [ 3430.519210][ T5369] ? lockdep_hardirqs_on+0x418/0x5d0 [ 3430.524516][ T5369] ? trace_hardirqs_on+0x67/0x230 [ 3430.534914][ T5369] ? kasan_check_read+0x11/0x20 [ 3430.539793][ T5369] copy_process.part.0+0x3e0/0x7a90 [ 3430.539814][ T5369] ? __lock_acquire+0x548/0x3fb0 [ 3430.539841][ T5369] ? __might_fault+0x12b/0x1e0 [ 3430.539861][ T5369] ? __cleanup_sighand+0x60/0x60 [ 3430.539876][ T5369] ? lock_downgrade+0x880/0x880 [ 3430.539901][ T5369] _do_fork+0x257/0xfd0 [ 3430.555011][ T5369] ? fork_idle+0x1d0/0x1d0 [ 3430.573521][ T5369] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3430.579173][ T5369] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3430.584646][ T5369] ? do_syscall_64+0x26/0x670 [ 3430.584664][ T5369] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3430.584680][ T5369] ? do_syscall_64+0x26/0x670 [ 3430.600157][ T5369] __x64_sys_clone+0xbf/0x150 [ 3430.600185][ T5369] do_syscall_64+0x103/0x670 [ 3430.609438][ T5369] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3430.615339][ T5369] RIP: 0033:0x458c29 [ 3430.619247][ T5369] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3430.638858][ T5369] RSP: 002b:00007fea30623c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 3430.647471][ T5369] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000458c29 [ 3430.655467][ T5369] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 3430.663446][ T5369] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 3430.671600][ T5369] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fea306246d4 [ 3430.679613][ T5369] R13: 00000000004befd3 R14: 00000000004d0020 R15: 00000000ffffffff [ 3430.697592][ T5369] memory: usage 307192kB, limit 307200kB, failcnt 98111 [ 3430.705179][ T5369] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3430.713506][ T5369] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3430.721137][ T5369] Memory cgroup stats for /syz5: cache:124KB rss:99504KB rss_huge:0KB shmem:132KB mapped_file:0KB dirty:132KB writeback:0KB swap:0KB inactive_anon:132KB active_anon:99468KB inactive_file:4KB active_file:0KB unevictable:0KB [ 3430.743649][ T5369] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=4943,uid=0 [ 3430.759836][ T5369] Memory cgroup out of memory: Killed process 4943 (syz-executor.5) total-vm:72580kB, anon-rss:164kB, file-rss:34816kB, shmem-rss:0kB [ 3430.793854][ T5273] syz-executor.5 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 3430.831852][ T5273] CPU: 0 PID: 5273 Comm: syz-executor.5 Not tainted 5.1.0-rc5-next-20190418 #28 [ 3430.840924][ T5273] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3430.850988][ T5273] Call Trace: [ 3430.854295][ T5273] dump_stack+0x172/0x1f0 [ 3430.858621][ T5273] dump_header+0x10f/0xb6c [ 3430.858637][ T5273] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3430.858653][ T5273] ? ___ratelimit+0x60/0x595 [ 3430.858669][ T5273] ? do_raw_spin_unlock+0x57/0x270 [ 3430.858683][ T5273] oom_kill_process.cold+0x10/0x15 [ 3430.858699][ T5273] out_of_memory+0x79a/0x1280 [ 3430.888348][ T5273] ? oom_killer_disable+0x280/0x280 [ 3430.893644][ T5273] ? find_held_lock+0x35/0x130 [ 3430.898431][ T5273] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3430.903984][ T5273] ? memcg_event_wake+0x230/0x230 [ 3430.909022][ T5273] ? do_raw_spin_unlock+0x57/0x270 [ 3430.914139][ T5273] ? _raw_spin_unlock+0x2d/0x50 [ 3430.919089][ T5273] try_charge+0xd4d/0x1790 [ 3430.923532][ T5273] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3430.929083][ T5273] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 3430.934650][ T5273] ? find_held_lock+0x35/0x130 [ 3430.939592][ T5273] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 3430.945184][ T5273] __memcg_kmem_charge_memcg+0x7c/0x130 [ 3430.950733][ T5273] ? memcg_kmem_put_cache+0xb0/0xb0 [ 3430.955935][ T5273] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3430.961575][ T5273] __memcg_kmem_charge+0x136/0x300 [ 3430.966721][ T5273] __alloc_pages_nodemask+0x437/0x7e0 [ 3430.972128][ T5273] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3430.978384][ T5273] ? __alloc_pages_slowpath+0x28b0/0x28b0 [ 3430.984111][ T5273] ? copy_process.part.0+0x1d40/0x7a90 [ 3430.989588][ T5273] copy_process.part.0+0x3e0/0x7a90 [ 3430.994792][ T5273] ? psi_memstall_leave+0x11c/0x180 [ 3431.000166][ T5273] ? kvm_sched_clock_read+0x9/0x20 [ 3431.005492][ T5273] ? psi_memstall_leave+0x12e/0x180 [ 3431.010697][ T5273] ? find_held_lock+0x35/0x130 [ 3431.015474][ T5273] ? psi_memstall_leave+0x12e/0x180 [ 3431.020699][ T5273] ? __cleanup_sighand+0x60/0x60 [ 3431.025642][ T5273] ? __lock_acquire+0x548/0x3fb0 [ 3431.030586][ T5273] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3431.036845][ T5273] _do_fork+0x257/0xfd0 [ 3431.041010][ T5273] ? fork_idle+0x1d0/0x1d0 [ 3431.045440][ T5273] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3431.050987][ T5273] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3431.056553][ T5273] ? do_syscall_64+0x26/0x670 [ 3431.061247][ T5273] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3431.067329][ T5273] ? do_syscall_64+0x26/0x670 [ 3431.072061][ T5273] __x64_sys_clone+0xbf/0x150 [ 3431.076746][ T5273] do_syscall_64+0x103/0x670 [ 3431.081354][ T5273] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3431.087246][ T5273] RIP: 0033:0x45b5f9 [ 3431.091148][ T5273] Code: ff 48 85 f6 0f 84 d7 8e fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8e fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 3431.110925][ T5273] RSP: 002b:00007ffc1533c028 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 3431.119478][ T5273] RAX: ffffffffffffffda RBX: 00007fea30603700 RCX: 000000000045b5f9 [ 3431.127475][ T5273] RDX: 00007fea306039d0 RSI: 00007fea30602db0 RDI: 00000000003d0f00 [ 3431.135591][ T5273] RBP: 00007ffc1533c230 R08: 00007fea30603700 R09: 00007fea30603700 [ 3431.143747][ T5273] R10: 00007fea306039d0 R11: 0000000000000202 R12: 0000000000000000 [ 3431.151729][ T5273] R13: 00007ffc1533c0df R14: 00007fea306039c0 R15: 000000000073bfac [ 3431.161404][ T5273] memory: usage 307124kB, limit 307200kB, failcnt 98114 [ 3431.168976][ T5273] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3431.177059][ T5273] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3431.184623][ T5273] Memory cgroup stats for /syz5: cache:124KB rss:99504KB rss_huge:0KB shmem:132KB mapped_file:0KB dirty:132KB writeback:0KB swap:0KB inactive_anon:132KB active_anon:99468KB inactive_file:4KB active_file:0KB unevictable:0KB [ 3431.207105][ T5273] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=4945,uid=0 [ 3431.223109][ T5273] Memory cgroup out of memory: Killed process 4945 (syz-executor.5) total-vm:72580kB, anon-rss:164kB, file-rss:34816kB, shmem-rss:0kB 03:44:14 executing program 5: socket$inet_udplite(0x2, 0x2, 0x88) sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000002300)}, 0x0) clone(0x0, 0x0, 0x0, 0x0, 0x0) sysinfo(&(0x7f0000000000)=""/248) r0 = socket$inet(0x10, 0x3, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$sock_ifreq(r1, 0x89f1, &(0x7f0000000180)={'ip6tnl0\x00', @ifru_flags}) 03:44:14 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$inet(0x2, 0x2000000080003, 0xc) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f00000000c0)=@broute={'broute\x00\x00\x00\x00\x02\x00\x00\x00\x00t\x00', 0x20, 0x1, 0x178, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000800], 0x2, 0x0, &(0x7f0000000800)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe, 0x1, [{{{0x11, 0x0, 0x0, 'bcsf0\x00\x00\x00\x00\b\x00', 'veth0_to_bond\x00\x00>', 'vcan0\x00', 'vlan0\x00', @broadcast, [], @link_local, [], 0xb0, 0xb0, 0xe8, [@devgroup={'devgroup\x00', 0x18, {{0x38}}}]}}, @common=@dnat={'dnat\x00', 0x10, {{@link_local}}}}]}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}]}, 0x1f0) fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0) 03:44:14 executing program 3: clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x21) r1 = socket(0xa, 0x4, 0x100000001) ioctl$sock_inet_SIOCGIFPFLAGS(r1, 0x8935, &(0x7f0000000000)={'team_slave_1\x00'}) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x16, 0xa}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 03:44:14 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x5e00, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:44:14 executing program 1: r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) sendmmsg(0xffffffffffffffff, &(0x7f0000008380)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1400010000000000000000000200000037000000"], 0x14}}], 0x1, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @multicast1}, 0x10) sendmmsg(r0, &(0x7f0000007fc0), 0x331, 0x0) 03:44:14 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000340)={0x0, 0x7800, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:44:15 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x5f00, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:44:15 executing program 1: r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000800)='/dev/snapshot\x00', 0x2400, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000180)="0adc1f123c123f319bd070") r2 = socket$kcm(0x2, 0x2, 0x73) accept$netrom(r0, &(0x7f0000000940)={{0x3, @netrom}, [@null, @bcast, @bcast, @netrom, @bcast, @bcast, @remote, @bcast]}, &(0x7f00000009c0)=0x48) sendmmsg(r2, &(0x7f0000002700)=[{{&(0x7f0000000140)=@nl=@unspec, 0x80, 0x0}}], 0x1, 0x0) sendmmsg(r2, &(0x7f0000002480)=[{{&(0x7f0000000000)=@pppoe={0x18, 0x0, {0x4, @empty, 'veth0_to_hsr\x00'}}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000080)="4234d72b31379fd11b99170ed18ac2f1fff65dad6f6c5d31189e22dc8de2d14dacba1d0b89c0684a88dcc6ab14bf8f882725b7900a", 0x35}, {&(0x7f00000001c0)="f3c4c5e2b30473e6c54a811423cbebf558d349dda167806868dc8dafc8639a19892cadd3f95635196bf44892d988f1f5ade618233ad5546a6fcd4f7be51b298757a161b81afd32938d6b109e31308511143e1957e6c0d4e21bbd3743947565906993a60ff8390c7c1a66f564a497d23b1dd82d35f65c3f76ac56bd0cf4ee587a9ff5da66f9e06a19a68d6ca93eeac1ee081bf22d5033d77a95996c", 0x9b}], 0x2, &(0x7f0000002740)=[{0xf8, 0x117, 0x5, "cdfecf71a92170e308e13919644df91129eea775017124681cb7e9b3b2944065b0341cd21b97453f0e3819b9ce586a27e8c12eb6edabfe95fe4b115a31b235660afacc51b941a1f3dd445114aa63133618cb57b6ee93dde8dc3514e4120e4f7818fe0991385df2c734c71bb8b33cca9c4a1dfdd5c8e52b575562f9d34d61b5b81e993c8746b45c21d29395a9dc344fbb88a547455ac566828cd767e44fddfb1f5b30b73ce7f6f7524613ffce3f713e43e5d6b03a858c2b3c05919a232fe61f9671c3250dbcec58213ac82855c6fc3d40a367842caecbf6ebf4659cd127cabc186764"}, {0x28, 0x84, 0x800, "b5272235e427f5de712e64da028d06fb4c2e3f8d06ae"}, {0x1010, 0x111, 0x0, "1d43a69b85f003ea65fec256cfc74e9a427bfe72465048de4ce47550d8d56fbef72ba4cc64f8e6292aa660bcf1394e7f698f6e3d7637c51891786a58a90676af981b3a73311fabb2a32db96dd7f1a773909e39c41b8dd10a295870973dfb4cea14703f29c22f9859230b120062e87fff73754f34749a00c56e643384963f61ac16cc09a8e477cdfa44ae21787a2ae009d8942e08ada54e424938eb2773d80420d6eb3bc08483e9bc1829c60342263789c4fafa7b267ae4fe86e23202a3974efc23208b89a7d67684ce0ec27f8ae068318936410c1da478dc0418a0712691398a68e24a12f725d1b947626777477d6e82c5c553666a380a1d8a854b9bd76f21b88372d4026c3ff141bca1fc8bf445bbc5fb81e83e6ec10ddc179bf51f954674a4584f70eccbc0f03eb9b3dd55bbf17cfd2ba06a8e8e5300021c57f793946ccfe8eb76dbf1d0757c0818949248d4e3e943ad688de494a203b394dd471dbad002d16238133b3540f6eec2120b222b7e61fc1e30435ac1076fa6923dc4e058cc1067c0a12c3ddf7230ff1080be6537cba66ba6e31ec3e9866bab3f96c3cbdc8d60f8d5304a1c9b8b8d2a775e1cfd36c3511d1fdf7c731e764a1d8434e17a3f0dc282a6c2cfc26152d13a6080b6806359506d965fa7d13e03f8481864b79fb3d99bf1d6d17b9bd2842605b46cfdf04e22b195ba1f1f3108ef7817cc4631a7e886c053587500d9f296750fae25a87a82f706937ca97f90efc5612b0ae4f6c28831855e2c80ae960964ad0242b46c1de9525fdb08501d0e66e3a79a8b32c8c737d2a6a31f608592846cc42e66f65a84998fb8fe28797d8a797f8a0e0c6a7c5ae832e90687540312d4988c68b2573417e5086b454d61ab5a8b7e1e43d23763e3f89b3c5828c2fca753a8319a4df2fab61aa74c7af72fdfa374a58bc1787bd9686bad7a3f86e1564fe394390fd9f9039bbd8301f1970ef566aa6d95b782e8f559f982ad658d5f093fa3b6d06e2996344463be0c35f8f6f6435d6217409e94044cbfc4066739a0088c490bfe3cf73adc31c993e3748505d9294020c6703d9f9470c953428780f5dfa3b5f2ac9140934a73cd200f844d52f12653d694fbf2e1274c12d0f32ab3073227666549303acd6381a2f0630f956e8dcc3a8241b11be22693ae23dcc7be52621533379deffdf2a91044a5546c6973c7f0cb8e8a4fb4b19231f4bb483c70fd7ce9ca6ac146af08f5709fa3f8e5886f9272d4e274a404a776c95d5aacc494bd4d761b7cbdd8f7b08d1ed5749867f993518bfb53aa4df144868e22e98f38f0d221b018f1ada4550ac3ad4b54f128a714c5ebf2e648cded2016bd6bbf55632aab492ba6a05b57c98e0b21d75a7ecb95d0baca47135d62abee778d117326cdd72433d6b68d6128c15dfa3b18662fac4a5863f112b4b63dd2ba06b8bf2a8cb8a4d02274b4ce4b3ece599dca341a706267fd69fe19ff1031c5220d89808fa2b6461c1552792510f57ca8618ba5623e8a8a5bd8702b5eae6294f16c165b3ee23ae010095f506187f51e18d375b55fb896e6de846b05ab4f69352e9a929705f9ade2694cb986409d38755d2c1428fb4ec4e5f08d6bae2b96cb2ba5cb7da22502246536059cd681e5b75870c5601bbc36b514b2ccb45ac216480ac078c5f07c17b8c87e25d5f7c08111444cc91f1edbe7b8b26d5d9a2fa3ffba0ed264abe0355b797dab279a837f4ffa252137fcc6d705a2c4d506d5a9c5e42e8f2c7203bd14b2a78e92780d7278adaa55a6a491345eed1dfcb6c8a87b414fd9a39ac565e992a5b68ea0a846864cc48f37d556c33bc01c23c69936cce24a86ce26c4b3974ce17ffdc1703c0db4e96d3ac7f96770488dc59aad3d6073b59066af8a80f52150acc9782a92e7227c2a9ba59c702336aa3eb2673fb93a4a8017d2c495b2899cc8f7e7398cc681395eb23d90fd80a267b2a68a4700d390a0901a3c901a9da93ee51c2501cb1718f4d1f85cd0988e266e6d06359793f302401e1833009a7e037383f883f40876c8ffecf7b2133bb4d0bd6a44e8802b8f6ef164810f36c3d67dbdda661758b52e572805f0eaaec20343044fd81be3e80f1dfb7df82353a29cea9556739b9a60124c2251679ddbdf1d4b4777567bab3adf1d74601dc69fefdb35c77bc496def01d66e09929e5a5e4674811badbbb4dca538c9a2cce1ab1b04d93c183912446ce10c4dc6d3da24f5c31e68bf1cbad15ce7c3b8420124c19283e8779e46f5a9dbfe113160016b9270c84bc0d887f5814d08d84fad733686d60a228e26036f65737612eef19cc56a01e337cbdb6385a4e37f5c49a396fe302b30a0923f7555dd064152609c6a010b8387c294fa023a6b05da48843537f5bf0c205a581ac504015a89d5353a2a50e51196df3b8d33c8f6ad38ce2cdab3b61e842d54767c263f1caea7849f53202ba8593efeaa6b8282bfd48439a05549bbc15548e80e52951fd8019eeabf47c62af7bc367fc06528c28af4d2cc6a6e567afa89b58e23bc38f0e442a60b51534e22e0aebb8fb53a3637d494c4eb8968398e3f37749122846165438f8f1ee0f197bc93fd2e84a5a998833e81bd5e56ea1516c317cce35a3a0a4723ba84789adfccdbca2c0cdd0bcd7d18d565387898f5850f05cc2d1eaa59f2d36e7b578d40a479bc39f43b66664a27c5abdf16d2d10399f9a7d65d2cac99e35361bbf74027984a7a9abfb1a7b52b0bcef0a0ec489db9a2c509a392d9d79fb6a9bd14245c6046dee24f761e53b50c05fb77fcfe2e7d46a746aa303a209bbb0bb751b3154c64080e8cb5e68e43dfa0e4cabf19e7a19d9106e92d4233d2dd0c3de2af61560386bfeb06c55a47bfceeeb5fe990741c2fca0caf634afac7db7ffed6813026152cb39e977beb5c6b154d80ac103ad499511a974418f2e16976d5babbbc3277a376bd866d47a6f6ba4d620161f93c4816ed6b083dcf6cdbbd7da0cd342393fb68f737d63f2c4b4fc716adf91c50ad1bc6bbeacbc26dac7ef5944c806eb07e74ba6823b83df5d5c30be2a5815b7a013a411201d9614d73edd678e9f5c6c329cdb64a9b4edceff7ae4b5ebb944c4b0597faf8238bd0c0d1e982935fc10b59afeb22da8af253545c1ef53a26f8547e6c5fc73f9d37d55c849a8ac79b87b6b6efe0fed201a0c01589d7805fbff40a0aad11f5efffaf63ea7f697208344f6c1d0f07c583df7a2027cb504c8dcef36a8e879b9da48bea59a12e5a49fca93e2c74912dc770d16f1b007cb7ee80afbc8d4054bd08e3d8eeff7fbdc1a4d3d7b07177fab31d8e831c51c9ace1cc0f2efee5b8057511a9cb5843839c3477a077b3ffe2132bf40a69ceb8b992d4d7c3d02df5e470c0c20fdc9f85e7c7a33103da3c08607a0dd1dbefccfacd5864794938b0fdb7fccc2c50ecbc9c316c1ed63329bbd59373f329502c7da2a01f5b3730117229afdffeb325ececba0d6cc6e4eefe600788f34c21a8f4f14873819eba3f6b304f61ad3675b133dae3af172d089bda532f3c33e433d18639fa749f3a00ef6a18e174a85d0e0f0ba13b3d7a5ca149fef52a26c921146f73a7590fe699e4c4b9f03f762bd390a01e0ccaba61f8eec589388f3bd1cc62a2117a0f510214959abc08f5ab4474159bda46dabe041ec0a9316a31a971a8834963c0ba5ee7a2fe9ee2245c631675ccf79ef2af26ecea0f9cd30d28dccd66ad7da77bc598271730658cd69d8f56305abe17193102b35aaf57c2a6af260a85ec75ad731a714433b97e83864d4234145feb7234e5ecaec1da4f03f36c302fa043e9d75a044228266b38358ab412dc89e094596a4c0f7cddd9d8fe4695bdaa47f5ebfb2b19055d33dc91e81ab0b5a3b9080b73b75ef4f1763307c0d9e1cdd6689f986a70cfb8732210ad1c36ce307675f735aae8866e6176b2eae431db0a425ea7a95de79132ecc5ba5ddd4a4030bec31937fa44682af8692d4386c44aee614eae1b93716127d8563314bedeb7fb9a980cffd9e7d793eb8ddb312173bfe58c4346173b9b5b6496847d809e3c74dfba679883f9c7ab39c759aa32ed4e416b6bdbf9ac72be1a7a773978dd8f3d9bb0776b0a3968011cf4f27113d9a3b84b2ebd1da02c2d321aadb9a1db5f134fe703e31368c463adf2d732e807902ff5fe48f652a2e307c4fd92ce7bd1094de8ac72a541490e421adda0769fc6e3ec346dc83dd09449631123dfe353a1aa06f32a057d6d56d18a8013e0a98e36b6cef07b2bc27495f8d86d85b6586abf6bb8bd91dd9a02b98b5406a23cd64a563968f2ca4123a0c624b24d88a6ca99a7c45c0ee1bb08f683949617f5fdf8d0b3b9bde5d2347cdf6c0e2842b7e9c9b3a89974d526f724d7ffe1f576217954e1f20e68ed1aeae0ce6a9339d45c77ceec7c464a02e767429a5252b976d8d5c037ce7b75c9623e00ced60b2a52d692d3ab1d64222dc56d3ffc7b17b93d797b7365fe02151f786d7cd90d1cb377521f08880bd0e2996390a3d3b97a7208f11ecc7a4b0cc945f958ac675dcc851e0bd97a3087eab58b5914bdc34a41d5b6ebea7ddd17a41676c479d853bef18a08b204b7a70552ba89c4c3f8988eab629413d73992ab6350b51a358b69e20344a4f25814620dba3d1b33b03f225f082cbe5a337833bac25e24eec17edeec90e55848cb6342828bc41d04a6cb03351f8efe5c0483a471a50af1cb8c02fde17ec0af1d5231d4629bd36d9a75ed85ebdfc68636a85ffcbb687355a3fc60c36f6a52c52e959b658f0f44361d9160d803147bbf42beed81d66177260c2ac6ea44af3a4aa9c59a7b94abc5b6f921021a06d050927dcffc01efa4286d1b26bbed170f881b6452d2a67abce0cc1a130689d9e7048b0b3eace3ba2c44a17ef0d3eaeaf416cd6c87a349fae9483e24b3c044eb56933158d33324627538f7f7c4efb76fbd00ef316223f5baa7e2b2263ce5e28c26f3a7fca575cb80a90b05b882e199c4bcdd7c41cd7814f1bfb337b8fd49f32e46b1377c24411cf33daf3c632903e20567cc2a5028af4a3d07ab0a979302c8ec2fabc2f9bf6a2a256fc031e542765f4d9830b1de3f58244e779934f748f958cf6bffd490c7e1678b308c4f995dea837dc34d4b3d8f131f68732604333dff194fc470f40104dff29ff7010f78413226fcb56204660d579545326f58e11520497fdac73047a1964e34529198ea76016e282f13087c4683a49a637a4f6540febbcf0c85aa94b934c4b5e2a9fbb7fbe1701c12bb6002d92a282a052f2c09c18b263ca36befa32dbf71c570b2ab7c2582975016a96ac32c7f518985a2fd6436c06bce29fa7a6aa4c722f8d0c65b1fa315f2ff409d45c6042e819b63426f965b559a1336c5cf9b0d47c421bb04ac906465a6c0b464bc10f655c806a8c9085020ec4d23da1eb715ce05c6ee537e70846fe6c0ba76375ec7b066707de0f885f5deda050bb02c448817d204889e2cb36a82b2db5c130ff12ca429ee21c94bbfffd87f4a8baa82a87fb5c3cde2c79814c6b11becaa341db9c06447627e631506b5434467458ab4be09e9b1c93b4f243ae5e31201c83f89e5837976f8ea08bf2b0ed8fbec4eeeb549b1db433e0d0eb81d4cc5036d2522d2b43f301ec3d4fa18c78d17d3e58597d2fe1ef05a0189a12b3c56cfaccfd676ee15b43ea8541d8b27accc7e3f8868a0a92639c02d6ef5b1f2bd242024d87a57445ecc3d4b41ded99ce16e252ceeda03cba88373e8e8aee005c15f6946408f2a0431563e5742ae69f9296050a951fd54e5bd90431bb73d3e9fc0cd40d7"}, {0xe8, 0x110, 0xdd, "06a4ac6a5273e7ad1d33043d7be71988e5b107d6779fc2e82c6e11012cc4c33cd5e5b1b376e1210d4a8c166dc01d2bd105aee902ba85b257d5d2d02eff00d58dd12fa8c879081b56f716782a8f6dd13e95fb492ca392ff753c92fe620eff41d5841b83de3ce16dc7131aac64e0022876575888f85b79b09b3af3d9c4faabb13413eb5a4bde53329617d3b91e22bdbbd5099108bf3dcf9ae79c380c7685a034f9fa0d5176192baa9da736b64b8cdca6ae231122cdec68b87ba8256dbc65c8d16f0057fd22dbf4e50002d8170001002388d4"}, {0xe0, 0x101, 0x9, "82ae9c12eddd0c0f83ea8f82e3fa19a75f16b01db36115764ee2e8fa67a6bea9e90f94a43de03c04f78eaba685059e35f3e15bbc90352c2647c15d51b385f3e43732be174a5cf77c0d5c708bd587b8c87c59c64e80c8e8664a175a369586ca5b826b35c7c5f5da56cfd64fde60d00feaa1d6f5ee5353fd569e8f89347f53b4bfc6de9b0c4dcac48ada2431ae422cb9c5aad066969d6e89ef9d35b999f57db93fbed65302cb743656310843e6243243b9a89c92dc724949d99d763889885050d7380080a021d0dcbed54d26835a"}, {0xf8, 0x11f, 0x9, "6a33832aaf2d4377e466da31ea1eba3a576dc55a01b0fa72d6898c4c1c01900116b7b4410936c3d5fb3c4f626cb0351be0d49582bdddb026b4191963de2fb965f9d210cee5076acda8da0de2f48e6b509a11cdf769177d8a562f9e61251c6626feca636a723e2339952d169a4b74b037557e2e7658201b6cf7501d56e5539cffb5d9b90f07d49c74b879f149b7f468588a7b435a9f9d23730665b5a796a7325a022a202923659663bf5af8a9c0f10271e19d86b9fc42c6b494337bcb6051c3f3976f9acbc7d79529d373533aa21316dba64009cfac7ff37fd4d0231f58ec8ef53e"}, {0x58, 0x107, 0x8, "78f2a1177e54df7f67c802c76d52dfb6cb26eb78df26f897e1a40730bc80977473b6be2d45e5a97e4e308e902f6cee3bbe632a46976bd691609e1efc5caca7e975e798fb"}, {0x1010, 0x88, 0x0, "7eab04ce5821a980d0027d0ca1f9437de41faf266adaf85a6403a008c61972e4107cccec2fafe1f624cb43363ab4cfdf4ffa56879b8301104b2600a37b6b743f47c16a81f3ebe1bdb1cdb94cb025f432094a045fa04175d680facf811825b7f14fd5cdef402c9feed0fe48242c6a34426054426aac35424eb85fa060140a7e212798eb80406b1e43b6f6d481beebbb5910108baf8928d0dd987a4f3717248d2515f2bcda9e52fd49ac61719c8c3be247b974ae27f3f6a8caeec64de3a6ebdc97f0bb689b17812b4bfda7943f2ea79dd4ba1ca340a54a1c272252b25c8c756ec75aef206311ec77c63a6262bd0d06e292fae12492f06c6d2cbc9d1a4a093bb1d9cef5f1c3125dd185dd13e804c36de1cc154f88c3a3a5482cdb1fa8222e5e38056d3c538e17ce52d9c59786cbb7f35de9c87657fdd64e6a1b4e91909e38eaaf42b6d987a3a49d14022602db41acb22f4a3b8411cceda421fd9d85623c0a8ed51be72264683ed0fbdbcf530a9d661f8f859a29e3afe4cf98ef89e1cb408e44e8bf9890f2a38fc89c684c82c30bd3532db8b754af86cbb41b559835244bdade062851602ee295dcc5d09372345e3eebc001dd8fe4059192ba55d427a5cc3b295e564d1f2956bd9b2803cd19e777060c823f564ab4125c09849c2d9a2e4d3b706d5168ee986fa0f70d10be91ed7d24630a989ace425b062503526d7b6b326a8cfa6167cb0444eadcfa636bb5a32f31b2d81943136ee36429dc25655c7ab0068bdb33accc1baeae1c856e2572014c2a5f1bb99ce1b0094c4513388243e6b7594723cad70435ba281ce6d5f2dff22fbc34465be9a04e6e3ca0f2d89a548d48a2d7a6aef63f5269ee9724f1ff1a9204354e0bba3a9649ce42362a5fdf705bd1b6d9049f026616135fc5c6bcbacd1805f55e2337b9ef188d2790d9e78f4d253f774893757922d5a372ad71cd235281d571cf110f7256c0ce230bb246cb62f34c84f5dc10d7aa7e253131808a541c4cd236706cbfaa8f8ad68bffe9e1636e79fb81852ea9d842caf47d7a4c3a92021cec39f7c97e61f49d229771d5a68b0ec804a2b1881f8a56a9e0ad036eafb4df17f76d4dd4b3d515f2f83a93a6e829b8984a1a0e49c9d5abae86649075d9ccf99ba858a35f96504f0cc0f8cb43a7c0d8cf8dc1992676a8bd45c2f6c40c4e9be401f3bd3cda1eabfc9625269549a2730d29fc6a6e0d1551da6361cc0d25cfec835951b683a3bcfd7e03f50f36c3ff11a83dc1636e5379f78e25609d950feff7663b12c513c3cc165964ed61c9e1144e4b6b50f0a4a0da104092bc2b3c9300ea6b8ed2f2a692cef98aeec34793ab0f53868f8b6447eaf832d7befe9f1ee68299d6005a6c137b773abb5a63f4ca20096b205ddb161e2f04509c33199f2768366426794d4faf3de5fd87c996a899cfe56fb74df6cb401f1bdf8fd732ff5d426819bf6d07ef63b366ae6e5b3a72685943d659ab5221cca321d3ff6cb09363967401112f9f569c4da01389be0b8fe92ca274fb47d719c6f5c884e9bfadb806db0139ad56f3f0cc31c145eb194be7f91779c906176c80b79d41e9b040810120f9b457173c5bae43875129c0bdc88ba8328a2c663460dc92b64f88182db21294a4e97213f468207e27f05aa79872a5b1ce9133dd1d955ae8de9bd14b138c0a479fd3f3417b27853700897a5fafcf5d1d142e5478b430a99954890e4bf4dd5a6b85aa2ae58ac4d96f01258e7ba50134c97dc5f2f4a8b63370b37ddd50ceb928ba86dbd6842552393955e8f3682a5baa780ff8838a66f195e225b707d22a3c441a67f237f18dbfc5dd4f92719f5efb3eb1a30dcb0c0cf1fdcc738a102d938d6bf3f2ad5f222be1c28e8c4eb05dd6f8b07d45f9e27b0db124844525e2de7d3c85db24bfa490e780cee34457bd220b571e8ead661002b2f8a479ecbb17eecbc74f56a8cc59e0fe84b9546b7357dca97b14a808236df0615769f70c5dfdd84622580082ff84c80f8c043c29079f95d9267e553c65c142a0b60147f5d0aea06a8e36b1ff697634d0dad13406899768713a2253e913e11d3de696924d5264dec17bdd83ed00b1aec96ab44d555208124103131e6b975267a7ed332de9f8b3b3dc439643b9752b2e076dcaf63dcad6413d308309ced42741d416f6d9146629862555973e79fa63125c589728b11e41f69571d0ef29ba79c77df106afd58169309dfd1924343ce4cb6678047843ad456b9087578cfc5ecdbdfe41fff292dcebe477752018b4a9205cc85c61626a43adac7526d555c09376f286b3c0edfe24e794550ab461f6c6267d09a15b58df9b2973293e2fa8997f25043320515d753f73c38d3cdeab1d0a349d8fb8f4b79720e6bbe3d60c84a3f6facb9f2852f905adf05f42922c595776131735918232083abbc7eb51874e2bc96f8da050926e76f03ad8e9735a1b08412a1e78ec291ee4761222a64c240f0d1967e50ea6fd6a9dde6b35c45397b807deaa47d0c76c5b1e44a04b2681f464d5ec5248c36156a8910e15eace477723ddc215a2695a4df7638ec5d8558273ac6dcd72174306f1ecb1bf6936d3f0dd559a54a0038c576107d564fd0f31d1c797ea27318c829ae9b8f521fd1424b942dd68d2e2f30f377b55db8544153f22ee2f103734864d5d3f86197215d7e8ba413c47f88504b14b91108070c3468f93bc586fc2d2326e066ecfe2f0c8bd0195312255f9a151e5f6aeddac269c49bb3dba23a4ff85414fb43d39dc7afe64f768b130434886e24c6e0c9751c2d0fbb66120d9c06778c510da0b6fee2029878f3aa7301a84a96e125aa4fee2cecde353fe1c633e76318b76e1e4357be14f5945ff4da70f92e1777212e226723d74455b42a9d41ec9204afed20f612bcce40ada5d33f4cd4c20222394965d3229768724f09b6136bfdf5388ffed9b49c86d8754330561ac1f7c3b82f753473fb9d1aa39e70e49ecedbc47f1bf844aff8818d952c715800d155538fa4d912682cc623b44a8c211b28f14b70905108fbc040c6a6bd7616729744990dee485f0a45b69ab49b9aa6bf7c1bf02f5b7fb6692e9a06144a9b7f095538e39ab737eb27c285c594558212e8123b6a093e5e841b9970a14bfdb556ecdc55b4e9eb116a77c8a27748bcdbd72c4ba3a0d960d5c0abb385725056bc3179fe7e481676c32eb0a189352c6bee241af4089dd8f64b7193d55915a2032a9396e7214c1446a987c56619d322f5184f09d0a5d81a0c50ce8d4629cb7d7889c004a31e156dc8104179ce794cf5b61ab5fbd3ddac172b6030d4e6c0160fa7f0ba4a261dd573fb11dd1115bea13d37942137a14058ae17f62f125aaef96fed1a0162797348c0f5d1aa28ea0d43e5b472ceb6d5f5e199a50f6233598b73082bccca0d3c8317d1257fd741e81dc62eddf83ce359b8c8d96d0d137af0e913d9c270e44bf97c44b5957bfd0cb8ff8d1330b41a217c6e011d4952b74d37a3c8112883689016416c5d70f3bc3c7feac4a36ae0b66a5014ba8abdd38301a9262102ecc0a056b49bfeb58271ddc7a7f7ee6b9c1c332da721a5288d53b15dcd2d594e7f8e1383a51926fd33e416340da9e4d97da554e38f4b4647681a475f755c6959be081c83824ecaaf0ac5d5daaa45e5319f7615d68c2f7f131e8f0f337c56f230a0392c6e467aced1b17b4e6db1b50545e16e3491ad3ed533923e799b360b42f13202052a55c8b779dc4a6d42e9aef4ad9a7a5bedf48e2325e1ebe466f72aaae9b8f3bfa378d8182ae31ad284cac1fdb211e1d025fb31bb97dfff2463c8b083195f24030edb1d70e84ea1710f081b9ca24aa71fb317bdfb50bdea1bf59e4694a99498c4eb76dffda5e65bcae4136b58129d599e918151c20cbe89ff7c8d3681821971535dbef912a8d31cddd8b833eacc9d83801c62b4cb4a3548eb0c51ae1c29071b2588668acc5c60788b73e382c1bed0826625bf0f12655bb7ffbfb4aee5e29ed482313944252158c2921ff1ec9516259534583733182b74cb6199601ca63bedc0f01444c445e5d64d3fa0bcb1836e2ed4441076d443b51d230f23b6c757086074f51bc2f9531bdd29f3dfb5093e3819711be5c03de2b3daaac7a37cb51c7d276a8eff0c09ebeb363365b2e0342061047eef937114ef438b23efb954d0d1a5b2cc2bf633c0b5a6b9bd004a2269fdcaad806bb44f33cb98ee6db3dbbdf17b89bc5c199926508ee122680305f2d23c492c534f9ad16869a2a5488f147f867383df5756db149932e78c85cbd79a53655f8a5654bd1677c28fa5e687deb1cc0dbd3d81df7998b77a50c62245940beec15ced213ca1f667a805af27b5c327bb93fa3239228c672b5c835907f46faa795240c3453ee245f3ced2f4dbd43b4622ef81e6c5ebe8f425f8aaad528319915e88325820fe9735e9fcc349879afcde160ff2ec3267e939adc177a933670cddaba0d4adc56884570930bb262479692c1e52ec402604ae349aeced89a08571f951f6abf34d310b2e7b2cfa6a3566e219e264c09a20ed260e4fe6a0bed981917e5a26b303e76dd935090447e523484655756b3fdcb2aac18d06bd97e35bb0ad7aa2af15f4084a0e17598670dd16df0a309dbbf53cdbf6b872f9835cbd87dd59e67d488565af8d421cc03112d6b0f984982d6cb4838d553fda8750112126f59fea5e6e58544d34e7379418284ae227d3ea909855e5a20cb371e40d8e516a0bd92e8fce3143d0cab3de29381b1d488471a63c0b6bc226a2edeb68ac91ffd2b48c7f20ef8d1566e25e9dbf702de3885ee4c7ad879f5d7db95521f2465d3bc50b8e8f9fc4d085526826f84c031d3f98f31bbbb38e3fa93006a1c87c3a898db8347b55b1348871848e3bd14cc651a8eb39e59eaf8de46ce35185df6450f337a9d623939d4083a4de41540a520503c3ce0d3868d562973808f320c28824e171e8f2fd5f83bd74b0f8987aff6fca8842baff2d52972fd670830746180334bca432d9bf3e60fec0642c6f77cd624d1e70ad41323ab812fb4191a5c112c276eadfe6fb1bfe95f80a34ff41a47396204e7ee4f2a38165d82ab47dd66b47c6754a805df81ab616d9b4b9254cee1beb86b2d6e08e8b5f9203ad88aaabef4d1110b490d9201ec50b9b85c226d3b955bdf8528877a166487cee1d0ee4e07b1608003650392c5ac388fa64b08a1fafccc9f7f574f188333a1399f719b7decf4254df6c2534089d950e044184e8124c95975f2f6551e37a9e45432b4e6d6d7251d9f763b43c04cb3426e1d6055b8a977fdc37aa8ad296b43993902cc60cc77af1cbc9ae373adadae409aa005c909d5a39f3434b05eb522f1ba27ffdaab596cd05dc4d4438c82cf87f49331313b19e35c134fdaef21b14e3a1933188f151527dc7b4030be7f24ecf8c517b26d2bf7aeada171a5c0e183d508169c5c4ccefb0cebb213e039a2f827d56307bdc22fe8bfdb4de3752616f5828a8721c1680bfedbfe7af38444ab44a74f8a827794d15ecb8af8e23e7658a5dc84c31c01f131766ae40b5cf19797e178bc4b6d5326a43dc280f2e305b18781d06eb5beed016cd3d9193da58595f80cab6b30844ddc7e46bbcf87a6feca4a9b5bec99079c66827d5fdb532395ef219de52ab8dc2588220cc0b21d1f7eaec0320cc78cbb63f53beb0ac99c639636f96511643fe74258f2e23bfc704e909472a46968e62495330533265c6648cc1033a66a7e0503ae17228f17819cc3df63f72adcba7fd2daff675477daa22383558d83eb880e226d66742a55ccfccb7d6c9e53aa794f"}, {0xd8, 0x117, 0x8, "501158cd43eee86bd556aa02e75a970be994cd5047606ec6f3a3493f0f98aeb853b1e8689a7328032f037bb1224bda8e18be6752d0ba3691af2d70f7b167903de60a65c6e344bf50e54cbda4460f44e0e7c21a8e1acd189a040bf23ee8468c0a91082c32dc510980553bb598d2a8d3f49ee1c2a48b6a5dd7873c3b8ce093f00b5d4b88aca55263bfd4be13babbd84b1c6938026df89aad14d72abd21332085814086de455632076b9736e7d6691bbbe64f7c99b39edf59ddd5dfd760496610e4d5fc7eba"}], 0x2530}, 0x4}, {{&(0x7f0000000280)=@caif=@dbg={0x25, 0x3, 0x1}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)="fab5342113fe232444de1e289d3330b710cc749d1ccb307ef8c685c111efcd33ebda728996aff01a4c01eb13eff4543cd202a30b649fe679720313f543c893c5422608c7bc9e248db81bc2e47992aadfd6005d8fea87cf6aa2eb029bb2033d1856dff6f2520a5ab304b72c69832762885eda1269572871c0bb127b633f908e4bf1376fb72648e6d80f987d96d7904882c4e73f215e6ca2ff1393b3539eb9147e31392f8c56ed7e3845304d2603ff2f3653c7336f1f0949b13ad04bc8a74395353ea21e16ad70e3fee2f54ddb4cc1525199abb00538d20d0311f594034433733f704f247ceeb1b4f3fae7c938ebbc", 0xee}, {&(0x7f0000000400)="af5e0748305b7f30e818c2e691c060140651a2674960be1594082bf7bfdaa1afacd2549fc1bf55310b6ada8b926f1cc2d968d83453c496905d066c0469e1b06ee84ac01a2b219583b5e710a923fa88632f68ecd774d38de4f00816a45beb23ddc4c3cba620954f6a739b94bf78f9fe56b1a280123f1553552afa25091977676e23dbc26fbfa9ad5d7e061bf4b625c08b35", 0x91}, {&(0x7f00000004c0)="1b7883188955694bab66e4f6f41fca4f31317ba55fe0dd059e84eccc03f7d8cf16c054e77c2d267ba2e917f9e35c7b67e5053da09801075d94af5ca74b789aff5def531700b38f87f829e1f2e2e82e5b8d57a618710f1bf4e7c55d44d793f6914263162f43d2e50cc589aef40821cd4fe34f95b59f723496c344145e1e8ff1f7548ea707dc8e6b25a5657e73cfc12aee84b399c1838da2d90c97045fd1e0f3da2102453476629de1f72aa503984283931aa2403044fbe6c6e13fc187cf31b0d1fe001e143dfe124d8cd82586e201c22bf8a33dde33c33fce3949e5d812e6d6caca44da2d899b39c8ef300acacb4ebe4c43", 0xf1}, {&(0x7f0000000100)="dbec0b14d74c6242e0ac72715fd9f5ae4992f61049f3f8c22f41", 0x1a}, {&(0x7f00000005c0)="95eb872c7e9832df70a90bfebbdc6873bfea9768445970af7d5bec2a92e2609f816240e918e02ab8bb40f6f0d5af85c1980af5cc02842fbf1c0d37b9b4d0c2711eab669263f22016431a19629a0e764265663e9507e7ac3c6a8a4583f9f263334177aae297709f2143bae8249578bace1c95c502c67534c5fa97db928eaffb4105c97753a536aebbdba42092e66e9ad182958e0f5ed9632b5d30b00fd618c5e724143ac97aa7d155379af528153135480d9c27f97ce6a39e05d170e6d67ae12c7d31072cffe5a40dedec2cd785680b8cb7b9d2e65fbbffa8", 0xd8}, {&(0x7f00000006c0)="ab668598891f75e5986327cc370bf2e432a4821111da4f6a2148f175f687bb4a8ca1c69d93f55daa96593b190ad156272b1b18e374657adc8f4222f31d024e6ecfca62fcfec2295d33fc03d269add40c8eaba52175f2d78d3a0f21faa1202963d2b2446e2e6ff688fce8f63b547fa74342baa5eb3bf53735bbfcaf9e86fa3a0e382de940a8bd0bc61f730c853028368d3c5c", 0x92}, {&(0x7f0000000780)="8729f3d709131289383d9d449ffc5ec00bbc2dc7092309e322a1e2542d8e0deb941dca2a", 0x24}, {&(0x7f00000007c0)="d79dce8709c041fbf2789a079d2a52c02989a2084306675b29fe54580dae866c5a042ca316f6641585ddc33c9a2e", 0x2e}, {&(0x7f0000000800)}], 0x9, &(0x7f0000002580)=ANY=[@ANYBLOB="380000000000000088000000ff0f00008b0a8c60bbed0173ecbf25793c608939c796ad3aca729e41a79bcf53ec4836577be1af919779cb6e451ff6dc0f8b00000078000000000000000501000008000000070ed2b5b70f8a7c3c73c49eb1099aa9a9a7c7f130573928ed471187b243ad9fcf105c3d03db6054a5942c41d8f0b2f96cc4f3027377a05b4df7e8e0820cb27a4623f84603620a0f4423a448241d3f1bf2f83f2f4c42d784b05c7d81267c63b3542f8e0f2f00000068000000000000001701000004000000730b78e3bb038b1461201ebc688a86c7130bb833cccec92f2d73f325bdf7cb01892f4c39e326f1595a9724ef002b96fab02db731211837836059b62f0e85d68f2ab3ce250235699a9ca0a836ef7d4ea70000000000000000"], 0x118}, 0x7f81}, {{&(0x7f0000000a40)=@pppol2tpv3in6={0x18, 0x1, {0x0, r2, 0x1, 0x4, 0x0, 0x4, {0xa, 0x4e22, 0x8000000000000, @loopback, 0x7}}}, 0x80, &(0x7f0000000bc0)=[{&(0x7f0000000ac0)="58ec80ab517904104caaacd78628f560f71e9f42cfb8359a8e4eb5b5de5c2fbf91f9d3c940852a0d5aceb937379686c7da3e1d4bb7be89162038fcfff557aa44dd5e08c330ec2dfa6bbb1a80014eefabd6e2b699a5ceb499560c031186746df29c94d1e3fb030ca6d6484d915d9dd5032c11941f29f0896f0f4b4d69d798a30cc540315a611402222db2d4ecf72c01dfb862542ced54fd7126878d63cd349c15", 0xa0}, {&(0x7f0000000b80)="f562cbb6adddbb893eac01f05e0b58df416b20d6a31b0a07b761410a82cb3e8d22c69480400290d7e0edb3", 0x2b}], 0x2, &(0x7f0000000c00)=[{0x110, 0x0, 0x78, "4561e2230cbdbea3f10375bbe0fa1e7f3536b6b3e2578fbd095b52b3edfa17edc7d0a15007e68d27200717cbed5d629f8234e82e056e715d6e8d143223f6925e3b7528cd2ec58e73c8de4ecdc01a584115994930327eb8f9427ce5b346216566720108240881d9ed9fa307bf5b402fd80f817e617c7b135acdc45235083e70d28f8ccb2b1e9b8067a340785d401efd3368c09d5b39ae1b8326a9a3dbb63286506cbdf17b9759526d10dceaf534024ec0e178f3f003ae21b467138f484526f8d84f013c45025caa784a2d6fef6a66b7daa5a5b84d71ba915272c67f0bdc6bcab844e5cb05f468577397de2b4f86d70d92ccc361293e33c914ead9"}, {0x38, 0x10e, 0x2, "2516f2e53c407877b7090a4037549ff806130ce8559ea13192be236c10366658ceea66b8e97438"}, {0xe0, 0x18d, 0x20000, "57f7941a950d788bd36d78de38a08b01348f2495fb9b11ec32f3d8a13e99c8bea1911a13a18007ee083ba6cd77ed0dadcb161ea1ab462dc4bca29488314e89f7bc09f7c7f696c0aa4722d74dfc2664d4d1d59ee0b416f7fa85edc24abede5020d9da06abf5d3db8f977f2e540d785b0850b6feaa706abde6f385cbb9b5a4092c99f20b2e300243188cbdd14f0c7251a0950dfb0460a7fa273ead1327b8f65046ffc6c6fb6d773d4e139855e1439d8d557e6c565329fd285619e8f81688888164204e3a9ad340e52b6fcf2769708e2a29"}, {0x1010, 0x110, 0x2, "fadf876a1fd2913dea9e3f976d0e6bf0b535163e024b21544e0e4d4762181226c46327caa724094adc85e29134870cc66f9d1648c549c35098fa25f175fb2cbcc4a26650778ed36c05b63edbf5e072cf55009560e18bcb335c72143220b63da5bc1efe5c34f669007e0418b8990efd650caa7b16596e900e87f755299519f593752745be5a95f1e803f9947213526d22531c88d832a62e6fa69b200437e975d9c8b1ac0d06bbd7ed04fd1f10d6dcbfef188d4d93a244ad33584e4b5e0911c597ed394c62673f16f3ca163974323687f36accaea8209a90be5c06e4f9a1e0fdec6ed204fcc6c336f85a2288da796ae64895805169f6985d4e16833de894225e1e5fd3d68b24f63db83441f4e3210a580b55fc3c32e26a00002d5404f67113b3243d26efa8907411a15f2b7a1800a6fdde2bb8cc7e3d3e033599625def24004a6ef0add1df5daf2363880cc98493841653e2da954b8db7064b230ec07e1349806bd5680c7eb67f2dfdc61b968142571c9673a684b645a82fd3d708813e8355fbd03dc74dfe4529c688a3a18c62a221ed620b545fe54a5bca810c99f43083008461faf45a22a1f147c089ba3da10c25f1b17f95299a1ab486ee0ca6a8663d9b986183a1be9b1d9a00b72b1f44e21eb359e76e3b3673c63b10ec91aacb506c2cbc74b6b48a8cf841736bc508fcb7d530787c1ac2df7c57cf14edf60492f398605d6b144f35f67322314f5944b4402cadae1befafe048ddc58b4bb438a19bdd4948061e7db532822969c6c628c27c34c0264b7a1e6a8c35e5f27df7b354774056c0e6d642415400a15e527034369dd54f701996591e6009869b1e31725584db619510326945b51e1ef4f1ea62a52e8c7e3935a1eca60ec9d7d47c0c1362f899557de1f99b712cdb4ff30b59b999b5c5901c6a6e530f124808795e82c993015dcedeb10571a4d7741ec8cf374b74ea10f6cfd96190553cad6c24a4339eec5e5849cbaecf7df25d9083b404f3255f41743b00a50cffb7180aaea887ae8049dafb1347ce0eb4fa9108b72414e5261cdfa2d94f10903e8dbc3327b01a06e60d33a04b0a402ec7d0e5372fbc19ea161569cf574f75f861e2d83a20568a9da4a3bd51f1449c553b114788f3b85662eeadd4d2643cb3d2cd25d6cd12e8c6cdab22635c31ac941d7e1a30506cde4da0808ecee1269f556628ac37ed5def74d6ae1ccabf336dcfec6de54257473fd05f2655768f336cea0d6e9b271f1e1e2145ee5917413fa3775c90943682db7934a7862c639e9733a999c619ae6bdf858c6eb6a9bdb60ffe0c1840336cc16c6c016b4b4d26867321c08c9bbd318e7b6aebddf7c987349162a5426d0e0bbbdb6aebc0c9202fb575e03f5554343806bf578b0d7463e296700b3e6c59fdfd41d1364c293ae3ebfbe97652236e9945edd23931add956a0df273a4a04ea612ead7be83ad44388195992fc8ad65761ea99bd1dc9bf927d530468b9d317b7fd00723bd882aae286c171aad8b3d78bafd78399df4a012d3e19008ed9f3675c5a1e18407daecfca62f794d4aec757fcfa72006459d5513373262e3f92b3a49b1e1f5a1fad49b98aee49776e4e5c7eccb6c208e393f30901c133c0d8398b68c3a11d5189e5e54a076b8dd7688b1d95c61dca1c755971e7fbfe6cba5f7d0aecdb1b1a50c932f6c1a4547f0c2629946636a03df25d8a9d73c0d028881b845429d150db4f836c544e832556066dc70391e87cd8e3905776fe23c1b9853356d9dac6811087facbb045a62a2873b2da79917b6b4605ba30b915bd3b41b9d99a7bc4c7450d63b5a2707c22c46796af019bda5a260e9bd2201bd9c1a1e0632441cc07c8b5f26e4dc211ee1fd3f28e050dc5d2cfcf08ae1bc38603f3bc82d4b879e767d11db78fa7aec4701d0ce1f34f9e6932f5198d45c85a8494dcfd03429e15dc8f27e231a1bc7e43ec679d427e7eb58a1587745940b1aa4bed5c48403bbc0aa39890143eb5c13af5e1b6d59397fd8b0c588d9a6e30394fb3906d6bc7bf84fca89bb0f76d36fbc2f9f175c9e09359b4e33298130877403e08a4dd6e14b27af616024b79f885322deac3c937605cf50691c2c5f970fa6ea4b143a89a6796aae42394261fffb35cc4fffd2b866051b8dcf09ff475ecf00d863967ef64e03871bff2b9c4e82db371bc9b0462e3c2b4da99271681f9d488cea17f6746aaf8f8f8554309e965e2e905bde0e5f9f15755436396213c01bbb2c5d9cf8551016a629a43791ed0cc11dae467ecc0e7deb76b4a0b9c5600170a8ac8d85c9ec7beec082e9aa3549323c7092e032fc71df557963f29ec33f0127cefbf853ed569baa2aa3752cc421387e7941833542d741ebaea146fe12f476897d7950b3b2320d0d62271f0f368b2abb2afade71e7df365ff9c6d4c54a59622f7d28fd0142d649cf820250c597f51b76d282589f8939227e68201d775e2b80d82dc182537ec85fcf73896806e5564e34af9e054efb9ae3572cf21c77aeab1f13c740dcdacfafc9840bfcec3c9cbba0ec5b5220347ddbb6e7107620625295a02da8a3d0f305bd58b6cdd392ec3f9675d4957f423f0038d9cb066bffce72c85c14873417cbc03a7b3768aac1c3d5ca24c88b57d761f76af7a751d3d13d5f58a17d1cb0a9d7ca9fc28989106c6cf649c0e7ac02c39547e632e549c0ac974fe7ba1bf9a2949dcf169fe587cd70b30b4e8e381cab2d0745da95b49a8b8fd259b121c3602579e3747eaf6f27364fbd7b34dfff73e855a7c592f01c426c1da22e88240f17a0a317cfa7bf7a79eb14adb7c88c8c3b451d3bc7bcba71a76d5b021e1f4abf81ed2707755dcd262a28ca56f05f7f6c343160e07edc11994f5c4a2d8fcefd313834893e55c2476f4f7ccca632ae21f27373706bf22c4dd2b9974b2f561dec38605f42ba7254ccf21ebfd780870a353870db828d3f99335e861e3caf189f2d758b7fca667989ef4335b4ae3900d4c8475a538407ae88a07042f679cbc32d18e3d963cb6dd0eda90b3e6dc2fcd9addb7ca4388a6a2df8dbedd732a2ddd515d70964961aca09a285b274df14dd35d635e8bc5580a2fd6e3c0549bdf6d2c6db6a49547a38155c55f13bee3ec321cf66723f61b69445f1e26a1623d7e0052d8ca5889c017e1f943171b0af2c0652fb50c4a491f7e3af999efd28de7c79d7dcc8e04b7833a8fa826366d5252c9a2f23469db401052269eeb7396bd76126ed5b76d8ece584f513127be983c05e5b70b8ba8a182c16b6611d9c124126243206ffa4cdaf1b7084c3424bfbdfd51a5ce3247194cebab8eedbf3a4d325122c2725bc07e252fa032ef1458f68b6e7fe15120566c3cd0380ceb5f15ce11c35422c5ce41fe88f98272e43b7780cac7d3f23067774097445f998494997d4b9715ed0259289cb8420852b802786af99c16a2ee2744aea6c78b6c52af2e37d9c1e749d87a581facd1cd42150ed6895a4b00b81dcacfba3e5a12bdc2f80540d431fbf7c127a60d39ef01b9e6ee5c46bf3268044e64eee64518b6f96b605c726cb715bc3463aa57cbe473695a2b6398484e65f2f85266af0fce6953aeed52817f150b50ee3d05519fde98af8a6e88e2660a2172e92122b765cd54b3cbab612983befee008a08ecb991c8cf3e8618cd069c2c4ac1e9cf7c2108e428bc4c8ffcbd934d301c7b026f3116abe1b06429b0dafd5dec7327752b7426945ae3addd6728a803222ba4d0f2980c018ccf248848cc208901f86efb16126c0318931070054ac643c86e892463bc69c398b41aae0689e37948df672fc7b24c5fb3126b295ae535a7fe19377191b065ec431d3ea4e226a340ccbd9e6c6dd95510a0dbcfd98de8e89b39c75509c5df7d497c99bd1d296f3bb0d2bc45c055ed87d77a75cc57b1b23325d96e19fc15f7d8e7a629a0689b799b9a9638f92c709e3903d7d98310f23ece32ed31f65080b445671eba9744c664062013d6ce4a52847bb47dc0ea8952a45a48922c4c1ec7a4126e436ac0fc27c34757e630fbeacd815b99ac7ec82515f5e508a622aea2bfc7a93c8d234eafe6c1e2cfd75f4fc19023322bde4b9f2b632ca25e74c9deae5e1859bb897e0629c6fae9066ea2e45f5b1ab412c7fddcb09a89e254bb08e813c8b53dec87dbd55c6bd52fd090ab930ab9227712b264a7bf713bac0f907e9b7f122aac4f8ea467fa8201cd23cd101e9e456eb3f6baf91e9b85fe6bf57d19a1be54fd717c4ee49337d62a5627ce404ec9033a2576e1c5d354e1e2d09a80f85ecf9bda0e1d030aad43075b739d44cbe254d682708fbcc12c83e6379810282dde8b273dbb0d2528b6fba696fec9c4c9dee204765571434e3afb421973b5ac36513f2df1849742dca6bef545caea8d786b2a83293f71f509609812e344931b3c7ba1677bd8822f5f34f1a99aec44382b490993bcae4e777bf866c7e82297cecb3f94db9e0cbd1475241d41c3cec97d16ebfa14aaeda4e8342418c1f2dac706e8abc118fce383514e06a9b736b63d16a4d86434c1996698c45bd21a0f225ffd1bae023bdfde58d3268e588a6e898882c7f3b6e338bf07232c81df133a14ff4f71e10136417040b5df715757b6776dedec14b7d0c0f08a1f6f649882ac6e1e964764b2857d0dbe2afc63e9dec56c2979e8281681d839b12f6e23f8283d0361b68c3d74054c6eb3aceb760eba897854cdc68a4c547c5e5be8f50234d49f22289119c394c171cfd20b006b645a8dca5671e206a72ca5c8ff1d0f346861386ba448a76481225c10d59ba561fc01be8deadc0468ec3f908fa05bb260273067ddd9763e8bd9cde913cd091eb0cecace18467e9d05822957428a8e0f0e76b1ac1c50e5c925b3ae3709210fb9305bec195ac10802d369526486800219632c9fac4f5c5fb547983bee0e2689d77442a40ccef9bf4ced4e257dfbac947241f1753cccfe52517641cf4ce43875395658c9fc3073a233c14c2bea64383e92801be14a0b3276d5ffdd6d0ead7865f4cbc07da27d0eca29522dd4fc9fc012c2abe5158ad4fc9805574a412e17b8658758a609f560c071c52a72e2c94329accb870bfd268ef57e6f84ef39d5f89d307c2ce86f3ac6e068efe2d6cee6e8a197ee554d573b285b5ec0b1a2713ab2cc09ba523bb3d4d5b0602afc4b0392ebcda6c839483399dea608aa8f9029eaadb4d912be16be3f31929345108050235a671b440a02e84e83b48ccfdc3373adfe955724bdf3bc8c8699d940f3b8dcdda90e2a6041533f20bc760d73a43ae52af6b5ef371b0cb77be07787a8ceeb44da3c75a2824e3c2ad6a48db4eee1b8dc223b1021c89f93b543f64a153e5b8afcbce1dc7ca942184ba4c3475c4df4ea490f7db576453c4752978721d75f4a34af0665464cc1c6d5cf90027a2a682b8dfda34562e6a12b36539f1357c48bcc4a7300354ae4f7566be02ef4b03262c650c4530a08f92e22deb274846cd1831755a03a6017fca514bf84dd596d37dda26843cc9513ae0bd83412b364924376e7337aaafbe23a2db28a78b7468c3cadaf0197724698b91cc6e3d1abfeac7c92e6e41c783686a9eb5792b5e067d2bc66d9e2021ff5656776b86480b29505a68366f8d94cad0b949b9d2f3c2830df413dd21604edb344b39c6c4311bd0b887a666fe3db74db42784f5e5b74954556a603828cd468a735945351190a431d132aca610b102ebcb91f204f413fd1a4dc034ae1f9c205ddf185bcf52e31a665cb5a2fb7575edf8f7fded961dbe391e3d6d71ee77612ad2cef1db1147ae29e99b1b707b65"}, {0xd0, 0x117, 0x0, "76738aa844b4010681092a6e403bee24b288b38ab794a0428cda70b32d15084545db2d60cb875825201ec138689fb7754d39cb7e649e0edbee7b00c97aac128619263516992d3cc7fe987b841571081caea9bf3543018c40a50a16d0c017220ca15057702d6c3b6cd8cd0d0c29f4da8c8fac18d53ccb40fafb90de3c65835e8239c18a6c5e6c740f401d8a10a3d88e5a8f0bb6a0cece49fece06314230a0699de7929b46526661c8ab627e8abc693d2a02ecfb2799e5639579"}, {0x78, 0x13f, 0x0, "b7e2d06f3ced76b040861c700345eee1c634f0e6aac8245857eb6f9e62947d4096b8fa60a3c504f22cf716bfd4f41872c5e9098c08283370971a264bc57f4596aa2a404c5ca387933b553d6539bb52b67fef4e8fdf7f1b8edf18dd7b09c9bafef7e6a7d05ff8ac"}, {0x38, 0x11b, 0x4, "7f92a9a4673591180448cd24f849863e5342896ed5848cffeb3eb7499ca2b17a7e"}], 0x13b8}, 0x9}, {{&(0x7f0000001fc0)=@tipc=@id={0x1e, 0x3, 0x1, {0x4e24, 0x3}}, 0x80, &(0x7f0000002400)=[{&(0x7f0000002040)="781756e0e6f992bf0d6c3044b416abd9bb0931f7e42c4786140084a8e054ea94f2057ff896476c3c0b64bdb8cefa719fe1302150fc39fbcb91c0cf288e45f85a895e2a59437293202e6fbfc939e2d4", 0x4f}, {&(0x7f00000020c0)="1560a48af7aec50241e85bcbbff1cf8bc8abfb794ce1a11e16a6696d9bee236116d97fdce05455abe9d3abf7f0232de94f784b722c27507825eaa471901a3d0b13fe018a1e1b5ec2999257dfd960e87d0167ab97248f485322af6b21ebc304cc77138ccdaefa3a42e8f86c69d51f318acb7a", 0x72}, {&(0x7f0000002140)="c4e80d3bc16231e32031", 0xa}, {&(0x7f0000002180)="42babfbb1e3652a47f8bf65ef7cab6141719398d066d47e1b8dddda09e31d500d8f0e5b7b3798dfa9f05440b7cb701df039ca91a9e84a703a709299ec5c650215f4b98a19bfbe8300e2ec2be5fd42f670e7d5a844e1299ff2df6c6f3b1a0af3e2eda49f87db16fd4898f1194ab828179c12aa53738698ddc35b739d2e7180b422f7f3ed31a2aff9e069f6532213634a0cc03f76bbe0520cbf8ffa34d4c5f967e4bca4796df7025", 0xa7}, {&(0x7f0000002240)="0d048c0bf3b11fd242421d000e685d68602d4d30d64aa0e55890bcc9579f88d4e16f65cdf6543cde5c5ed939295075284e154d5f2e42edc70727d53734e9e35b08958b2825cffefb6b118fb8837eb066ca78e4367cf872a1dbdeb9017f00ab6cbdec4964aec0c16905843b64cdfdcec0d853027f5df269547f72495823c6d1076dbd1fbabfb518b66cee816d7885e047d5a303285041d980d5", 0x99}, {&(0x7f0000002300)="cc686c622aa9316e6ab857f0639cea6820e079946d1601e84304ec9a7d45c2065c36a2de704441feefe88f454b37ab069c47028cc583ba5e25529b82a30ac079d72e661b07b2ea3df8f23cc23f4c404a6eb4b4b178203b532e18cc148a0b6c42ae0020e3939653cb572dc6b80653fb9d29f4415b39ef35ad5cf0ea1b9dd402ed299cad56c3ea8c778919bd330587ff7c9391825c73dee27b2e9bde338d22601b22841c34191ea1150a29bb3aa8a946ebdd9d567f4a2bf6a102a5abdf50c0bd788b2f76a0", 0xc4}], 0x6, &(0x7f0000004c80)=[{0xf0, 0x102, 0x9, "eb24723c87faf85c62b04adf856446d4f625dca820c0d004e609898ee3c8c56c088ee8bcca718997cd4b82c7b1a7316965e4eeb566072dcfa3db5ce445be9aa7862f9950835ce75916ac7216ac82d23c0d9f6c70f364e0b7fc5a1d252884b20ae814147f7f0f7517fec8d975fdfeb139003c4c4797413abb3e28ee449d418f687d7f3890b9cc783b5f573ed463da47287b7de3776fd7f56bbb3c962799d81e0642dbf7e6d644360209850710b184046b71b28353efe571b7261d1b9052d53e90c95e54e729ab0297bab899fc0720b1ff1a9a31e88f9515161bfb9fd69f4c"}, {0x90, 0x102, 0x1, "379456f403d1881a6b32c7376483d637ea532177ed226ec1cbe1e998d6cdd727387e4fadc33085f4ae7e74f853abedc8eeb19f8ea73e5e9e70256c4d2abe6d20fe46d3d191b5b9fff955ebe9f051569aaf66cc47eed9405fb4e8164bb82e4a3daac8157d37c2febf1aa7329b563cccc09619d716779ae7e6a039dc6044"}, {0xe8, 0x109, 0xe959, "b91b813d9ec935cc177e46647f6c2abee18321eb9b6a8bfd17a8c4d109065cd0e9e16239ea3be3f3b648a2704e436708f411518d71bf396fa7d6146c5cde7a3ce4ba672b174326eb99cb52485d8aa1b2743e48d7aa449609c1a0be9b134f15be2f795b9a13e8fb8af67ad848476a20b4ce4ba908cbe9442fe81029e10b8ed68106fe1756d431d5645a0efa56cc26435f74227053b98393db3e3c15c2245bea688f3f5bc0594fb1523c82b34b2f02884000d16c328d68f78a90d21cca9f7ac0f441a066495f832a28020d793bfca5dd97ac"}, {0xc0, 0x10f, 0x9, "98ae96b9ebe35eb6d5b0907eec7233b4466319dcab3f1a6e23513429234664b79bdce1bbddc51684800493faca4734f392645cdee564ba75e6f3c63697814fdf2fed95e8d20fac96ea29196a0d6659fbed826cb08c8b693965bf2144519066ccf424438b5007746405b66e28bc948dcdff981e66c78f51643976a12f41eec50fc951f9968bddfebbd58a116682bef7063d002b7bcc95f7c03328134f4853c8cadeb39070e69d9846bb81fe"}, {0x70, 0x10f, 0x40, "8dd73b5b6b6bbf7e5b3897f5e3c71256c570aab0f6cf8feb00b52448bc766807c3f1096aeb3989d3fc2f1c2272e8600147a384f229667268f22060db780122cdc69617801c05de025568d8a4ce11ee0a53334cbdcbffce066f629ad5"}, {0x1010, 0x117, 0x8, "cc58c85b1f386d1a101923dac3d40cf5fa7a52e149124143ee2592419d19c6a94c645634d14eaac63d8d769d63c93db8704d4ad0e85a65c53466c33222e491beeb418758be27bf763280b75e29a6dd67db0ae3c52c68b928fb9aadd322432a657176f43880abd2a1d840d6fb596d0b7449be23556c6120a771f49d639a67bbd84606874bb6765afa1e63f742fe9b6a3b2cf7f879daafe9d42c4138a64c58da7b05e07a4eb66de018ed9fb3c3d527beb31c09fcea0c342b9ebc9a5c7a6c51b56aa23a167454c118117cf0be7c00e5c481d13e1ce4eb6e1bf12bea8cd36d0253487ef7c9a267da8f58f6fe9cfb728f175cab2899c84cc73f64a88ee60e8afae0c2f26159ca2914d7f5ddfc891b38bed34114cee0095cf0a49fa77910ae6a96f0d694743a4622e9798aa2714fba43ab9202a5f141ede03c82c70f3629caaf0f61ec4f29392e2e9f301555b3533665d72af5d8c8ecc6722c4a10ab5ba3fdc2e142b94996e8a9dbb1e9bebcf664f50815d68fc24f5b59f2f591c5680fd7584b399df80a31903201034b49c0dc0104bd96553e44f79212b5efdc191b62b587a8ca8f8e7eb84700ee3fb49f4355fdcc341957739a6ca7099f1ba757b91ce0a288e4f00fadb395dae9c80ab5b0221c1a71728eb5961e07ab6b15f54024cb381144cbc378124124ba7c312a9cf0628f0d997cac554790c97b1b55afebe5ce3af767dd4e96b7e3c08fab14d9952a19389705598accc2a786a187a07ddfb8cf06f4077148a73e44ea027b4451a6e74bfe03d8d00859c9b5d516bf240b46513989d0d7498a95580dc9e5bcf22b8c1a4282e796afdd675bb1c40eaa6322dded1eaf8f565cbcf64da1240cfee0465b2ace3666d2cfd73c349b7831bb1cf4d7e34e37020ecfbf22f318832ca79dbccf52deac3a2188f20d465402798d67c880b0830e24e84f55407fcb50503a74650e99d2c0df2e86326a99627d7468a767b039f0291f0f5e7fc8e98fa428b472bd809790183a0f93583acdd008023b0a6f7baa4e85b7822d4ad5bb1d6abe21c50f13a41b0e36adae06f06f0bbbff69660556de2808db6574f8b136c2df7fe9fb6e9c8a98910f1e25916b9fb4cecdc3d6b3952f8693a4e9bbc42d06d81bdb639fb1f9cf774b06d9ccf31ae65b28d57197367d91741e6b062b18865092573df04e7c0245ed34fb5feea535bdf1d616acfb56d31a01510ce27671d0c9b57bee23825900da7739e84e2a9ed0c52dab80fca380eed53b7ca0fcc3a66cb06ee29a1b35a6964833087baea1d16514350664682964cb057ca95c4a837541377f833118be7d1e3304ba74fc13442d096c92c37d8485106a3dcf83c071407b01820b5825516523a79ee63135e6ee411745e8961d4638258f6ee96373ac8b626b5e030a0587543057ac52424dd76c8fcd4d301fadfede2a7559a3b7013c3d84a8b70ba93e1d0548acdbf43df5bce8931ddecc7f9a905328b96b3b19f30f353e1e348eb795ce8c64b84ca0051777705a4b0e8386f058e0d6c407888fd19c44065c0a15a5079b3426df2081b8e8b2806016190e72929f3a61d17fe49cd8ae845d197e80812a869081ec539956656c4233785057028fa06111cfe06b415a97d1dc15af3026c54d49683ad33e5471051c6f218684a1bf277bf8d0d203dfc438362973dd1ac25693b67f0d87643f0b27ead1f2fc8d2d953b9c6b3ce39410d1b80a91cf2d7891a3c4e0b0dfa0a3a15297ad741779b4c6741a294871dfa1f401f509e15a9b718f33da168b043ca90bec65b9d2b76ed89171ce0804b366d03a92a218eb5b1d9e6a94130c77fd3538d13d34a7d7e6252b7450a6ce3f39d6fb049b7484d223c10681f15810ebb9d1a64aad4c49030f2636c9c1054936b23d032333614d2b77b5cca54c006c85f1d23e363ed88db31117097e0b0df2124ee8fbe72ce163b723f599f76e003cc5fa628e03c169192411e74b4457de1bc00780f78211299a490b932bbba2419931881ae7440d4db1b8373d85a1befbcbdadc593f44808a8b6d0278c374f03b2ac1e505cd63ce696df41a49f3c7bdad67d1815e9446b67cf7b4866eeab1b0ee3b76e276cbe33b6f89cfbf7aae753424b2b5eb5c41a065f8045ee3f914d0fc1bb1727b7a5a5096d25a1d166000dab998a51b07ad98f38e61a6f1513a9ff14feeed3c096edbcc4dd6d02158ede01bef192476b4ccb8f9427eb0a959f27e51c6b6ca75de1f0830eb8ab59c170b5824c7297d9f59a23519f639aeb56212303c511535a1e3048051fa9ff11a79a8d57aa32a2ae1de958940727c5c366a1dc0489c11569eee4325f0a414748195ef743488c128f530357c8212f6a837589f9ee012e442d30da8860efa8284e6588f1a1c1483175e3811aab9e151530ec24ce38c3df222aafb5e1127f701eba28611ea55142a9dfb40caa1a61252c687729bca1e4e4e2e54241ab5fab3f9af6f05de707a5111000b574eb7257a0d4b9e7ff0a173c37e8cec8829b1b3a6816825e4689ad3f7781381447f5a1e88ccfbcdfa3123566e7017b3a36ceca31b793299eddf67352deb5a2a1f9d7fac8557689f4fd17e84e0cfc90416586e0b91f0f3c7230db8f36bf0fe3b5480140926f46b1038899b8cfedeb482db03ae217fb00b65233aa4a10b5a1ae908b33f12f3128b4c381812698db0a228161767c7741a53435c969211ef6a508f74e948c16529e697439b70668c98ace1c6d78029ce5cfab75d8f6960e65c1bf41110cbb97047aefb9b2434671c800809317747e9916f056525cccaee992f057193f6453e085bb80f981f09595650f0985ecfcd63102b76d86ebedf22fc690e35d41c9dc7244e42bb03319913bbeb4289263e93c4732cc582dc04925f6f8e586946c76e313e31ee6a9da7dc8b0f2239f98611e32888f6c11616eef9e104d541991238b2a320122eb907d890182368623ca0eb81ba1b0e272819fd46b3a99284b56058f9d403954fd7c038deb50e1c627ab6aed0aadb8011827038635524a4fabc3074f63c8326a15ca0c32cf390f8962357e3808de9c334e43a19330182b22657f4cf10a94624c4ad35dae758c7b9df2faf7d1a334b1bc5fea39bc038900a380684fbf076627c115cc98dccba761bfdfef99261c559616227a4709fd8914761e79ebbb7ba65eea57083e61566fff0cef3b4b8e7e9527ddc4dfe0d54911a7e4520cdda51e05ab862cf770d9ff1073e3d1bde5b2a9749a8349b4a1e4dae96d3497b9ad0f87516c73b87cfbf91cf52913954c757ef65322ad4757b88fdf1b5ac1d7ac328b7f57b4f7d34b2e10d472f332965b3c832669ccf8233977852e2292374b98b5811fbc767aca618bb710a31357f0dde120b9f556bba333f5b0bd52d229ea6fa11cd5977d74e0cb4948fd2c53c579e281d1711b6b5bf8f3c08f859dfea22b6c1d69005e5516383b5b99d13d04cb63db063daa19a3aebe8bbeecd5248c6f534afc3864027b72bfd873f27be16458c1409321d70276de235976d2fd714900505b238a555d8e5ae9a3fb6da2c88346f78fe05822bd5b932020615f804d1507f43dcfd7a4d1239151fe96e73e02ac7600cf84e031f3c546fc05ee06d854e22334f2ca9159bdff7a4d0bf7f856a2e9edd7bf2e2ba89e41b2c615499ad2bfe5702cc4a0d95f7c0ea396c9585e15341a5447b49918bc821f127ecf2910309b13e69fe81518f56b4de8b8664318b0ecd6cac9af81e1d85288ce989abaa1be0988a9fc5d44d4349d144d658db1ce61af8661b25b8de3a554f38ee65fbae7593a706d56ad6dbc03724e46fc767cc201cc24227c3a24291ab140c797c81fc6c46a655011795a937de37e911ac2099a3dc6fab41abe3806d61c0393a9c36eb944c621002bd88006fa096c9ca82f8c361c0cfabb45de932c68e180cc9e8b373b85cdfae8b64480fafc9509a6767ddee6ec0bdb17f2fc0f630c568d837b8bba9a704ea62cee408e8c4669c4db0394e2b9be4a14b212de18e6f6efc411f48415e5717b290857c36aa9d1f788a8cb0476900ad1bcd4ab78432f6e8759d38377ae916fcd287c612569b71e58084c19ef992830a48ef5a4759ace8d8fee979d6a5b2df22e117e8476bf093334c6314b9483c7a6d71d1de661dc4b37673a5ba52e1d80d9cc715e0de4d70d4b5a4cd6da04608f5a4c7d06c893208425c07a718063fb9af4a4036fbb21bb33e5813c1b39238f2069d7c2662e029a1498d4af11d51082c6fd0fe0d523cbdb0d9e5390f45ef30c5bd5a89baae2ada9f1125565658068af11c41aaf26176337938abe07b907ea1518789a996ec3bc823b14a043b822256ab41b787b2e52ff24637587d93d6bff7e367bd497776d8172659ecd37e8247a77d02b074a651d36686e34753aadc5efe1b8bdf4b22098481b9d672d9aa8c92c5406ed2fd9b1027b4fe8009228abc21a6edca40c43294bf605abaad39ef44207f6717d12d7c3e87f06e47c8d0a2b939562b1d0ec1be92db2a257a774f79c46952f66779c5749d2973b3bc7461ad124fd7c32c4f420b912a6fd938f5a7cbb960314a12a7e330ceeedac15ef73b932d7d38cbc87cb6edd1f4d0393967e5fd4a5e3d53d39e271beb362e6deb1ad2214af86eee47673719320a1af705281e2774419da55964615f2485069ad7360ac51ebfd3ab0ddf84d2b504b9c4254cb85af8117a0e982edeabad82e50001e83316e8a2bcfa87b062c85ec8af60a8f891b72f0cab8c2fcace4b34fed886c6f0b59e017b0a093dd25c29043b062c15fc531c9390d2b7786b8ed78751943182260d40116a8033002b837ccad01ee4c4e8e25a4278ca4df2b5a392179da825c056fbe929924b1b4bb91d4ea91f155fdc4409efeafa98ad42d09e473ac985c745f202dc290cd353a383460f2b225b6a9b311199e48c39eebffed7091ee8c5e1beb979686ab2f2b5555a963d77289bc39a5de0b569d33018eda9949e343ce4646c85cbfab6939ab7c14470058209fbe1e45fc08c732bd17c8b0e7d18f8807befada9f68bc7ba49934a2035cee8568d49f7dedd22cc5d7982f54d167f85d1b8f81d380d6bec310481ab1454408cd7242f8d4cda5167f0cf2bca86beb4051b788945e207d7a65fd268e6b9847d760e9eeaab1c470da58c6d274ae8c4be9f37b43ed8f677e39b34e15a4021017b135074457c86628f626815c2ea87dd69acbc17553d417cb8193a5b320b3b2c196a2ec3011194d57e31d0104dccbf606e2210a6f8a730efe64ee915248d8ef3a8ccbc825b3a1e9c8f6eee4d4125a01e5637df21dc74bdbbcebb8b7a032f84306bc87e42808ff8a8bd88ea190a8782d7d4c46896e38b6aff99efbffe4d27af6827795f625fdcbcfe90630989023186b90d2ef5bcb755450cd3db4beefdcbcd1a0f436759b3e45475afecf9055b3a2d5004bcc318ec4032720b9f042941ffab3ae774560af15f023558c92984d71fd3304077ba440f4a5f6d2449d5df1693029ff1bf20137eb263097b1844052bcd4818a9027da97520b6e265cd79377a06cebb7ac259fcda8b905070f5164279881ecdaffdf850762db09c4a321f629c724d503c325b1dbf4dcff9acc5c5c78bfdda86611743b48af1c632d6fa3bd94e2028e964aa283cbbf5fa4d827621a18d8f1c657af960ee0482485eaef9ef224d6ca91de82756c4e5c45618fd4686d96cb9d216470870a403d78ae2d150d30564c3a4d181f4dac77327955aea94876d411ec5f6a3f0ff27a751de99289d375c2c857796e4308a6057e866dff15f153aaefba2d738f70948186c5dbddf61de"}, {0x98, 0x0, 0x4, "b24921e8dbdecf1d17eb944a6f2358ba76762bfdeceb63e1451c90d8b249729b296e0aebe0501a526a25101a98713a0fc028a8efd13662d74f4b0316000090c6a054fdd8aec247fc2cc81d4e404b7a51191399fb3da1f997ee8edd5e59862227dec20701043b014a2d2231025657aae463a155a6a00c972ead448257fc70b52d60a739d4d762"}], 0x1440}, 0x6}], 0x4, 0x20000001) ioctl$VIDIOC_DBG_G_REGISTER(r0, 0xc0385650, &(0x7f0000000900)={{0x5, @name="13f3919ad36ea4167ba8d4aaacfad0116ec260725a62c5ee6d0717ea7882cda4"}, 0x8, 0x1, 0x6}) 03:44:15 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000340)={0x0, 0x7900, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:44:15 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$inet(0x2, 0x2000000080003, 0xc) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f00000000c0)=@broute={'broute\x00\x00\x00\x00\x02\x00\x00\x00\x00t\x00', 0x20, 0x1, 0x178, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000800], 0x2, 0x0, &(0x7f0000000800)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe, 0x1, [{{{0x11, 0x0, 0x0, 'bcsf0\x00\x00\x00\x00\b\x00', 'veth0_to_bond\x00\x00?', 'vcan0\x00', 'vlan0\x00', @broadcast, [], @link_local, [], 0xb0, 0xb0, 0xe8, [@devgroup={'devgroup\x00', 0x18, {{0x38}}}]}}, @common=@dnat={'dnat\x00', 0x10, {{@link_local}}}}]}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}]}, 0x1f0) fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0) 03:44:15 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x6000, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:44:15 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$inet(0x2, 0x2000000080003, 0xc) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f00000000c0)=@broute={'broute\x00\x00\x00\x00\x02\x00\x00\x00\x00t\x00', 0x20, 0x1, 0x178, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000800], 0x2, 0x0, &(0x7f0000000800)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe, 0x1, [{{{0x11, 0x0, 0x0, 'bcsf0\x00\x00\x00\x00\b\x00', 'veth0_to_bond\x00\x00@', 'vcan0\x00', 'vlan0\x00', @broadcast, [], @link_local, [], 0xb0, 0xb0, 0xe8, [@devgroup={'devgroup\x00', 0x18, {{0x38}}}]}}, @common=@dnat={'dnat\x00', 0x10, {{@link_local}}}}]}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}]}, 0x1f0) fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0) [ 3431.665973][ T5681] syz-executor.5 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 3431.737864][ T5681] CPU: 0 PID: 5681 Comm: syz-executor.5 Not tainted 5.1.0-rc5-next-20190418 #28 [ 3431.746945][ T5681] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3431.757016][ T5681] Call Trace: [ 3431.760331][ T5681] dump_stack+0x172/0x1f0 [ 3431.764684][ T5681] dump_header+0x10f/0xb6c [ 3431.769122][ T5681] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3431.775033][ T5681] ? ___ratelimit+0x60/0x595 [ 3431.779638][ T5681] ? do_raw_spin_unlock+0x57/0x270 [ 3431.784769][ T5681] oom_kill_process.cold+0x10/0x15 [ 3431.789891][ T5681] out_of_memory+0x79a/0x1280 [ 3431.794587][ T5681] ? lock_downgrade+0x880/0x880 [ 3431.799445][ T5681] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3431.805705][ T5681] ? oom_killer_disable+0x280/0x280 [ 3431.810908][ T5681] ? find_held_lock+0x35/0x130 [ 3431.815696][ T5681] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3431.824736][ T5681] ? memcg_event_wake+0x230/0x230 [ 3431.831272][ T5681] ? do_raw_spin_unlock+0x57/0x270 [ 3431.836535][ T5681] ? _raw_spin_unlock+0x2d/0x50 [ 3431.841399][ T5681] try_charge+0x118d/0x1790 [ 3431.845921][ T5681] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3431.851484][ T5681] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 3431.857046][ T5681] ? find_held_lock+0x35/0x130 [ 3431.861831][ T5681] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 3431.867492][ T5681] __memcg_kmem_charge_memcg+0x7c/0x130 [ 3431.873099][ T5681] ? memcg_kmem_put_cache+0xb0/0xb0 [ 3431.878318][ T5681] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3431.883876][ T5681] __memcg_kmem_charge+0x136/0x300 [ 3431.889156][ T5681] __alloc_pages_nodemask+0x437/0x7e0 [ 3431.894546][ T5681] ? __alloc_pages_slowpath+0x28b0/0x28b0 [ 3431.900279][ T5681] ? save_stack+0x45/0xb0 [ 3431.904615][ T5681] ? __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 3431.910426][ T5681] ? kasan_slab_alloc+0xf/0x20 [ 3431.915207][ T5681] ? kmem_cache_alloc+0x11a/0x6f0 [ 3431.920247][ T5681] ? anon_vma_fork+0x1ea/0x4a0 [ 3431.925020][ T5681] ? copy_process.part.0+0x3547/0x7a90 [ 3431.930478][ T5681] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3431.930501][ T5681] alloc_pages_current+0x107/0x210 [ 3431.941904][ T5681] get_zeroed_page+0x14/0x50 [ 3431.941918][ T5681] __pud_alloc+0x3b/0x250 [ 3431.941932][ T5681] pud_alloc+0xde/0x150 [ 3431.941946][ T5681] copy_page_range+0x383/0x1fc0 [ 3431.941962][ T5681] ? __lock_acquire+0x548/0x3fb0 [ 3431.941977][ T5681] ? anon_vma_fork+0x371/0x4a0 [ 3431.941996][ T5681] ? find_held_lock+0x35/0x130 [ 3431.942014][ T5681] ? copy_process.part.0+0x3159/0x7a90 [ 3431.942029][ T5681] ? pmd_alloc+0x180/0x180 [ 3431.942042][ T5681] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 3431.942059][ T5681] ? validate_mm_rb+0xa3/0xc0 [ 3431.942074][ T5681] ? __vma_link_rb+0x279/0x370 [ 3431.942085][ T5681] ? kasan_check_write+0x14/0x20 [ 3431.942102][ T5681] copy_process.part.0+0x5afb/0x7a90 [ 3431.942139][ T5681] ? __cleanup_sighand+0x60/0x60 [ 3431.942169][ T5681] _do_fork+0x257/0xfd0 [ 3431.942196][ T5681] ? fork_idle+0x1d0/0x1d0 [ 3431.942219][ T5681] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3431.942239][ T5681] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3431.942254][ T5681] ? do_syscall_64+0x26/0x670 [ 3431.942269][ T5681] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3431.942281][ T5681] ? do_syscall_64+0x26/0x670 [ 3431.942300][ T5681] __x64_sys_clone+0xbf/0x150 [ 3432.054809][ T5681] do_syscall_64+0x103/0x670 [ 3432.059423][ T5681] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3432.065332][ T5681] RIP: 0033:0x458c29 [ 3432.069240][ T5681] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3432.089024][ T5681] RSP: 002b:00007fea30623c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 3432.097444][ T5681] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000458c29 [ 3432.105422][ T5681] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 3432.113414][ T5681] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 3432.121394][ T5681] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fea306246d4 [ 3432.129461][ T5681] R13: 00000000004befd3 R14: 00000000004d0020 R15: 00000000ffffffff [ 3432.152649][ T5681] memory: usage 307184kB, limit 307200kB, failcnt 98144 [ 3432.160392][ T5681] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3432.173110][ T5681] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3432.191076][ T5681] Memory cgroup stats for /syz5: cache:124KB rss:99504KB rss_huge:0KB shmem:132KB mapped_file:0KB dirty:132KB writeback:0KB swap:0KB inactive_anon:132KB active_anon:99468KB inactive_file:4KB active_file:0KB unevictable:0KB [ 3432.220699][ T5681] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=5528,uid=0 [ 3432.238568][ T5681] Memory cgroup out of memory: Killed process 5528 (syz-executor.5) total-vm:72580kB, anon-rss:164kB, file-rss:34816kB, shmem-rss:0kB [ 3432.302044][ T5681] syz-executor.5 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 3432.315300][ T5681] CPU: 0 PID: 5681 Comm: syz-executor.5 Not tainted 5.1.0-rc5-next-20190418 #28 [ 3432.324381][ T5681] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3432.334454][ T5681] Call Trace: [ 3432.337771][ T5681] dump_stack+0x172/0x1f0 [ 3432.342125][ T5681] dump_header+0x10f/0xb6c [ 3432.346684][ T5681] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3432.352505][ T5681] ? ___ratelimit+0x60/0x595 [ 3432.357212][ T5681] ? do_raw_spin_unlock+0x57/0x270 [ 3432.362346][ T5681] oom_kill_process.cold+0x10/0x15 [ 3432.367475][ T5681] out_of_memory+0x79a/0x1280 [ 3432.372167][ T5681] ? lock_downgrade+0x880/0x880 [ 3432.377031][ T5681] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3432.383381][ T5681] ? oom_killer_disable+0x280/0x280 [ 3432.388588][ T5681] ? find_held_lock+0x35/0x130 [ 3432.393373][ T5681] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3432.398930][ T5681] ? memcg_event_wake+0x230/0x230 [ 3432.403977][ T5681] ? do_raw_spin_unlock+0x57/0x270 [ 3432.409374][ T5681] ? _raw_spin_unlock+0x2d/0x50 [ 3432.414253][ T5681] try_charge+0x118d/0x1790 [ 3432.418774][ T5681] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3432.424415][ T5681] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 3432.429970][ T5681] ? find_held_lock+0x35/0x130 [ 3432.434739][ T5681] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 3432.440303][ T5681] __memcg_kmem_charge_memcg+0x7c/0x130 [ 3432.445858][ T5681] ? memcg_kmem_put_cache+0xb0/0xb0 [ 3432.451069][ T5681] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3432.456625][ T5681] __memcg_kmem_charge+0x136/0x300 [ 3432.461746][ T5681] __alloc_pages_nodemask+0x437/0x7e0 [ 3432.467159][ T5681] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3432.473525][ T5681] ? __alloc_pages_slowpath+0x28b0/0x28b0 [ 3432.479252][ T5681] ? copy_process.part.0+0x1d40/0x7a90 [ 3432.484724][ T5681] ? lockdep_hardirqs_on+0x418/0x5d0 [ 3432.490027][ T5681] ? trace_hardirqs_on+0x67/0x230 [ 3432.495052][ T5681] ? kasan_check_read+0x11/0x20 [ 3432.499932][ T5681] copy_process.part.0+0x3e0/0x7a90 [ 3432.505156][ T5681] ? __lock_acquire+0x548/0x3fb0 [ 3432.510133][ T5681] ? __might_fault+0x12b/0x1e0 [ 3432.514929][ T5681] ? __cleanup_sighand+0x60/0x60 [ 3432.520060][ T5681] ? lock_downgrade+0x880/0x880 [ 3432.530665][ T5681] _do_fork+0x257/0xfd0 [ 3432.534883][ T5681] ? fork_idle+0x1d0/0x1d0 [ 3432.539460][ T5681] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3432.544964][ T5681] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3432.550440][ T5681] ? do_syscall_64+0x26/0x670 [ 3432.555143][ T5681] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3432.561234][ T5681] ? do_syscall_64+0x26/0x670 [ 3432.565932][ T5681] __x64_sys_clone+0xbf/0x150 [ 3432.570724][ T5681] do_syscall_64+0x103/0x670 [ 3432.575332][ T5681] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3432.581252][ T5681] RIP: 0033:0x458c29 [ 3432.585161][ T5681] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3432.605002][ T5681] RSP: 002b:00007fea30623c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 3432.613433][ T5681] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000458c29 [ 3432.621417][ T5681] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 3432.629496][ T5681] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 3432.637671][ T5681] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fea306246d4 [ 3432.645653][ T5681] R13: 00000000004befd3 R14: 00000000004d0020 R15: 00000000ffffffff [ 3432.658254][ T5681] memory: usage 307172kB, limit 307200kB, failcnt 98152 [ 3432.665384][ T5681] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3432.679952][ T5681] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3432.700271][ T5681] Memory cgroup stats for /syz5: cache:124KB rss:99504KB rss_huge:0KB shmem:132KB mapped_file:0KB dirty:132KB writeback:0KB swap:0KB inactive_anon:132KB active_anon:99468KB inactive_file:4KB active_file:0KB unevictable:0KB [ 3432.728516][ T5681] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=5576,uid=0 03:44:16 executing program 5: socket$inet_udplite(0x2, 0x2, 0x88) sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000002300)}, 0x0) clone(0x0, 0x0, 0x0, 0x0, 0x0) sysinfo(&(0x7f0000000000)=""/248) r0 = socket$inet(0x10, 0x3, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$sock_ifreq(r1, 0x89f1, &(0x7f0000000180)={'ip6tnl0\x00', @ifru_flags}) 03:44:16 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000340)={0x0, 0x7a00, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) [ 3432.752353][ T5681] Memory cgroup out of memory: Killed process 5576 (syz-executor.5) total-vm:72712kB, anon-rss:164kB, file-rss:35716kB, shmem-rss:0kB [ 3432.774671][ T1044] oom_reaper: reaped process 5576 (syz-executor.5), now anon-rss:0kB, file-rss:34768kB, shmem-rss:0kB [ 3432.989878][ T5851] syz-executor.5 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 3433.002595][ T5851] CPU: 1 PID: 5851 Comm: syz-executor.5 Not tainted 5.1.0-rc5-next-20190418 #28 [ 3433.011818][ T5851] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3433.021891][ T5851] Call Trace: [ 3433.025237][ T5851] dump_stack+0x172/0x1f0 [ 3433.029593][ T5851] dump_header+0x10f/0xb6c [ 3433.034035][ T5851] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3433.039865][ T5851] ? ___ratelimit+0x60/0x595 [ 3433.044591][ T5851] ? do_raw_spin_unlock+0x57/0x270 [ 3433.049725][ T5851] oom_kill_process.cold+0x10/0x15 [ 3433.054852][ T5851] out_of_memory+0x79a/0x1280 [ 3433.059546][ T5851] ? lock_downgrade+0x880/0x880 [ 3433.064408][ T5851] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3433.070671][ T5851] ? oom_killer_disable+0x280/0x280 [ 3433.075884][ T5851] ? find_held_lock+0x35/0x130 [ 3433.080676][ T5851] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3433.086239][ T5851] ? memcg_event_wake+0x230/0x230 [ 3433.091286][ T5851] ? do_raw_spin_unlock+0x57/0x270 [ 3433.096411][ T5851] ? _raw_spin_unlock+0x2d/0x50 [ 3433.101305][ T5851] try_charge+0x118d/0x1790 [ 3433.105826][ T5851] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3433.111514][ T5851] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 3433.117087][ T5851] ? find_held_lock+0x35/0x130 [ 3433.121866][ T5851] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 3433.127437][ T5851] __memcg_kmem_charge_memcg+0x7c/0x130 [ 3433.132993][ T5851] ? memcg_kmem_put_cache+0xb0/0xb0 [ 3433.138210][ T5851] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3433.143870][ T5851] __memcg_kmem_charge+0x136/0x300 [ 3433.149093][ T5851] __alloc_pages_nodemask+0x437/0x7e0 [ 3433.154485][ T5851] ? __alloc_pages_slowpath+0x28b0/0x28b0 [ 3433.160212][ T5851] ? save_stack+0x89/0xb0 [ 3433.164555][ T5851] ? kmem_cache_alloc+0x11a/0x6f0 [ 3433.169595][ T5851] ? anon_vma_fork+0x1ea/0x4a0 [ 3433.174485][ T5851] ? copy_process.part.0+0x3547/0x7a90 [ 3433.179959][ T5851] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3433.186223][ T5851] alloc_pages_current+0x107/0x210 [ 3433.191357][ T5851] pte_alloc_one+0x1b/0x1a0 [ 3433.195879][ T5851] __pte_alloc+0x20/0x310 [ 3433.200232][ T5851] copy_page_range+0x1561/0x1fc0 [ 3433.205190][ T5851] ? anon_vma_fork+0x371/0x4a0 [ 3433.209986][ T5851] ? pmd_alloc+0x180/0x180 [ 3433.214424][ T5851] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 3433.220160][ T5851] ? validate_mm_rb+0xa3/0xc0 [ 3433.224858][ T5851] ? __vma_link_rb+0x279/0x370 [ 3433.229648][ T5851] copy_process.part.0+0x5afb/0x7a90 [ 3433.234979][ T5851] ? __cleanup_sighand+0x60/0x60 [ 3433.240142][ T5851] _do_fork+0x257/0xfd0 [ 3433.246760][ T5851] ? fork_idle+0x1d0/0x1d0 [ 3433.251299][ T5851] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3433.256773][ T5851] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3433.262247][ T5851] ? do_syscall_64+0x26/0x670 [ 3433.267030][ T5851] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3433.273117][ T5851] ? do_syscall_64+0x26/0x670 [ 3433.277822][ T5851] __x64_sys_clone+0xbf/0x150 [ 3433.282516][ T5851] do_syscall_64+0x103/0x670 [ 3433.287125][ T5851] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3433.293020][ T5851] RIP: 0033:0x458c29 [ 3433.296929][ T5851] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3433.316807][ T5851] RSP: 002b:00007fea30623c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 3433.325323][ T5851] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000458c29 [ 3433.333311][ T5851] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 3433.341296][ T5851] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 3433.349280][ T5851] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fea306246d4 [ 3433.357266][ T5851] R13: 00000000004befd3 R14: 00000000004d0020 R15: 00000000ffffffff [ 3433.378111][ T5851] memory: usage 307168kB, limit 307200kB, failcnt 98197 [ 3433.385584][ T5851] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3433.394001][ T5851] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3433.403132][ T5851] Memory cgroup stats for /syz5: cache:124KB rss:99504KB rss_huge:0KB shmem:132KB mapped_file:0KB dirty:132KB writeback:0KB swap:0KB inactive_anon:132KB active_anon:99600KB inactive_file:4KB active_file:0KB unevictable:0KB [ 3433.425798][ T5851] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=5532,uid=0 [ 3433.442450][ T5851] Memory cgroup out of memory: Killed process 5532 (syz-executor.5) total-vm:72580kB, anon-rss:164kB, file-rss:34816kB, shmem-rss:0kB [ 3433.499626][ T5942] syz-executor.5 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 3433.512532][ T5942] CPU: 1 PID: 5942 Comm: syz-executor.5 Not tainted 5.1.0-rc5-next-20190418 #28 [ 3433.522054][ T5942] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3433.532437][ T5942] Call Trace: [ 3433.535755][ T5942] dump_stack+0x172/0x1f0 [ 3433.540174][ T5942] dump_header+0x10f/0xb6c [ 3433.544710][ T5942] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3433.550538][ T5942] ? ___ratelimit+0x60/0x595 [ 3433.555155][ T5942] ? do_raw_spin_unlock+0x57/0x270 [ 3433.560459][ T5942] oom_kill_process.cold+0x10/0x15 [ 3433.565595][ T5942] out_of_memory+0x79a/0x1280 [ 3433.570374][ T5942] ? lock_downgrade+0x880/0x880 [ 3433.575342][ T5942] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3433.581611][ T5942] ? oom_killer_disable+0x280/0x280 [ 3433.586915][ T5942] ? find_held_lock+0x35/0x130 [ 3433.591854][ T5942] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3433.597557][ T5942] ? memcg_event_wake+0x230/0x230 [ 3433.602592][ T5942] ? do_raw_spin_unlock+0x57/0x270 [ 3433.607777][ T5942] ? _raw_spin_unlock+0x2d/0x50 [ 3433.612613][ T5942] try_charge+0x118d/0x1790 [ 3433.617215][ T5942] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3433.622835][ T5942] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 3433.628373][ T5942] ? find_held_lock+0x35/0x130 [ 3433.633308][ T5942] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 3433.638870][ T5942] __memcg_kmem_charge_memcg+0x7c/0x130 [ 3433.644412][ T5942] ? memcg_kmem_put_cache+0xb0/0xb0 [ 3433.649616][ T5942] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3433.655274][ T5942] __memcg_kmem_charge+0x136/0x300 [ 3433.660377][ T5942] __alloc_pages_nodemask+0x437/0x7e0 [ 3433.665818][ T5942] ? __alloc_pages_slowpath+0x28b0/0x28b0 [ 3433.671638][ T5942] ? copy_page_range+0x128a/0x1fc0 [ 3433.676742][ T5942] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3433.682984][ T5942] alloc_pages_current+0x107/0x210 [ 3433.688095][ T5942] pte_alloc_one+0x1b/0x1a0 [ 3433.692595][ T5942] __pte_alloc+0x20/0x310 [ 3433.696934][ T5942] copy_page_range+0x1561/0x1fc0 [ 3433.701874][ T5942] ? __lock_acquire+0x548/0x3fb0 [ 3433.706815][ T5942] ? pmd_alloc+0x180/0x180 [ 3433.711260][ T5942] ? vma_gap_callbacks_rotate+0x62/0x80 [ 3433.716805][ T5942] ? __rb_insert_augmented+0x231/0xdf0 [ 3433.722251][ T5942] ? validate_mm_rb+0xa3/0xc0 [ 3433.726965][ T5942] ? __vma_link_rb+0x279/0x370 [ 3433.731712][ T5942] ? kasan_check_write+0x14/0x20 [ 3433.736644][ T5942] copy_process.part.0+0x5afb/0x7a90 [ 3433.741928][ T5942] ? __cleanup_sighand+0x60/0x60 [ 3433.746860][ T5942] _do_fork+0x257/0xfd0 [ 3433.751000][ T5942] ? fork_idle+0x1d0/0x1d0 [ 3433.755595][ T5942] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3433.761159][ T5942] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3433.766618][ T5942] ? do_syscall_64+0x26/0x670 [ 3433.771295][ T5942] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3433.777368][ T5942] ? do_syscall_64+0x26/0x670 [ 3433.782038][ T5942] __x64_sys_clone+0xbf/0x150 [ 3433.786719][ T5942] do_syscall_64+0x103/0x670 [ 3433.791300][ T5942] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3433.797192][ T5942] RIP: 0033:0x458c29 [ 3433.801091][ T5942] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3433.820688][ T5942] RSP: 002b:00007fea30602c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 3433.829101][ T5942] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000458c29 [ 3433.837236][ T5942] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 3433.845192][ T5942] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 3433.853241][ T5942] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fea306036d4 [ 3433.861476][ T5942] R13: 00000000004befd3 R14: 00000000004d0020 R15: 00000000ffffffff [ 3433.872320][ T5942] memory: usage 307164kB, limit 307200kB, failcnt 98218 [ 3433.881163][ T5942] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3433.889410][ T5942] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3433.896722][ T5942] Memory cgroup stats for /syz5: cache:124KB rss:99372KB rss_huge:0KB shmem:132KB mapped_file:0KB dirty:132KB writeback:0KB swap:0KB inactive_anon:132KB active_anon:99468KB inactive_file:4KB active_file:0KB unevictable:0KB [ 3433.919133][ T5942] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=5836,uid=0 [ 3433.934654][ T5942] Memory cgroup out of memory: Killed process 5836 (syz-executor.5) total-vm:72580kB, anon-rss:164kB, file-rss:35716kB, shmem-rss:0kB 03:44:17 executing program 3: r0 = syz_open_dev$audion(&(0x7f0000000000)='/dev/audio#\x00', 0x3, 0x800000000008001) ioctl$VIDIOC_QUERYCAP(r0, 0x80685600, &(0x7f0000000080)) openat$vim2m(0xffffffffffffff9c, &(0x7f0000000100)='/dev/video35\x00', 0x2, 0x0) 03:44:17 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$inet(0x2, 0x2000000080003, 0xc) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f00000000c0)=@broute={'broute\x00\x00\x00\x00\x02\x00\x00\x00\x00t\x00', 0x20, 0x1, 0x178, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000800], 0x2, 0x0, &(0x7f0000000800)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe, 0x1, [{{{0x11, 0x0, 0x0, 'bcsf0\x00\x00\x00\x00\b\x00', 'veth0_to_bond\x00\x10\x8c', 'vcan0\x00', 'vlan0\x00', @broadcast, [], @link_local, [], 0xb0, 0xb0, 0xe8, [@devgroup={'devgroup\x00', 0x18, {{0x38}}}]}}, @common=@dnat={'dnat\x00', 0x10, {{@link_local}}}}]}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}]}, 0x1f0) fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0) 03:44:17 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup3(r0, r0, 0x80000) r2 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_NEW_SERVICE(r1, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40400000}, 0xc, &(0x7f0000000180)={&(0x7f00000000c0)={0x8c, r2, 0x802, 0x70bd2a, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x2}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x5}, @IPVS_CMD_ATTR_DAEMON={0x1c, 0x3, [@IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @multicast1}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x8, 0x4, 0xffffffffffffffff}, @IPVS_DAEMON_ATTR_STATE={0x8}]}, @IPVS_CMD_ATTR_SERVICE={0x14, 0x1, [@IPVS_SVC_ATTR_SCHED_NAME={0x8, 0x6, 'lc\x00'}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x3}]}, @IPVS_CMD_ATTR_SERVICE={0x38, 0x1, [@IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x3ff}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0xc3a8}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x12, 0x15}}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x2d}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x37}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x3}]}]}, 0x8c}, 0x1, 0x0, 0x0, 0x8090}, 0x2000c040) ioctl(r0, 0x1000008912, &(0x7f00000001c0)="0adc1f123c123f319bc070") r3 = socket(0x20000000000000a, 0x2, 0x0) getsockopt$sock_buf(r3, 0x1, 0xd, &(0x7f0000e530e9)=""/16, &(0x7f0000000000)=0x10) 03:44:17 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x6100, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:44:17 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000340)={0x0, 0x7b00, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:44:17 executing program 5: socket$inet_udplite(0x2, 0x2, 0x88) sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000002300)}, 0x0) clone(0x0, 0x0, 0x0, 0x0, 0x0) sysinfo(&(0x7f0000000000)=""/248) r0 = socket$inet(0x10, 0x3, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$sock_ifreq(r1, 0x89f1, &(0x7f0000000180)={'ip6tnl0\x00', @ifru_flags}) 03:44:18 executing program 3: mmap(&(0x7f0000600000/0x4000)=nil, 0x4000, 0x0, 0x44031, 0xffffffffffffffff, 0x0) r0 = openat$vfio(0xffffffffffffff9c, 0x0, 0x2, 0x0) sendmsg(r0, &(0x7f0000002b40)={0x0, 0x0, &(0x7f00000025c0)=[{&(0x7f00000022c0)}, {0x0}], 0x2}, 0x40004) openat$cuse(0xffffffffffffff9c, 0x0, 0x2, 0x0) r1 = socket$netlink(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc(&(0x7f0000000000)='TIPC\x00') perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$uinput_user_dev(0xffffffffffffffff, 0x0, 0x0) sendmsg$TIPC_CMD_RESET_LINK_STATS(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)={0x30, r2, 0x1, 0x0, 0x0, {{}, 0x0, 0xb, 0x0, {0x14, 0x14, 'broadcast-link\x00'}}}, 0x30}}, 0x0) migrate_pages(0x0, 0x0, 0x0, &(0x7f0000000200)=0x81) 03:44:18 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000340)={0x0, 0x7c00, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:44:18 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x6200, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:44:18 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$inet(0x2, 0x2000000080003, 0xc) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f00000000c0)=@broute={'broute\x00\x00\x00\x00\x02\x00\x00\x00\x00t\x00', 0x20, 0x1, 0x178, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000800], 0x2, 0x0, &(0x7f0000000800)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe, 0x1, [{{{0x11, 0x0, 0x0, 'bcsf0\x00\x00\x00\x00\b\x00', 'veth0_to_bond\x00\xff\xfe', 'vcan0\x00', 'vlan0\x00', @broadcast, [], @link_local, [], 0xb0, 0xb0, 0xe8, [@devgroup={'devgroup\x00', 0x18, {{0x38}}}]}}, @common=@dnat={'dnat\x00', 0x10, {{@link_local}}}}]}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}]}, 0x1f0) fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0) 03:44:18 executing program 1: open$dir(0x0, 0x0, 0x44) r0 = socket(0x200000000000011, 0x3, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = syz_open_dev$dspn(&(0x7f00000000c0)='/dev/dsp#\x00', 0x9, 0x480200) ioctl$sock_FIOGETOWN(r2, 0x8903, &(0x7f0000000100)) socket$inet_icmp_raw(0x2, 0x3, 0x1) connect$rose(r0, &(0x7f0000000000)=@short={0xb, @dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, 0x1, @bcast}, 0x1c) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x400000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7fff, 0x7}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000500)={'sit0\x00\x00\x00\x00\x00\x00\x00\xd6\x00'}) sendmsg$netlink(r0, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000200), 0x0, 0x40004}, 0x800) setsockopt$inet_sctp6_SCTP_NODELAY(r2, 0x84, 0x3, &(0x7f00000002c0)=0x9, 0x4) openat$vfio(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vfio/vfio\x00', 0x2, 0x0) ioctl$KVM_GET_XSAVE(r2, 0x9000aea4, &(0x7f0000000540)) ioctl$sock_SIOCOUTQNSD(r1, 0x894b, &(0x7f0000000180)) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000140)={'sit0\x00\x00\xff\xff\xff\xff\xa0\x00Q\xfc\x03\xc0', 0x141}) [ 3434.518287][ T5952] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3434.610746][ T5952] CPU: 1 PID: 5952 Comm: syz-executor.5 Not tainted 5.1.0-rc5-next-20190418 #28 [ 3434.619835][ T5952] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3434.629905][ T5952] Call Trace: [ 3434.633218][ T5952] dump_stack+0x172/0x1f0 [ 3434.637566][ T5952] dump_header+0x10f/0xb6c [ 3434.641985][ T5952] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3434.642004][ T5952] ? ___ratelimit+0x60/0x595 [ 3434.642020][ T5952] ? do_raw_spin_unlock+0x57/0x270 [ 3434.642042][ T5952] oom_kill_process.cold+0x10/0x15 [ 3434.657611][ T5952] out_of_memory+0x79a/0x1280 [ 3434.657631][ T5952] ? lock_downgrade+0x880/0x880 [ 3434.657646][ T5952] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3434.657660][ T5952] ? oom_killer_disable+0x280/0x280 [ 3434.657675][ T5952] ? find_held_lock+0x35/0x130 [ 3434.688539][ T5952] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3434.694096][ T5952] ? memcg_event_wake+0x230/0x230 [ 3434.699147][ T5952] ? do_raw_spin_unlock+0x57/0x270 [ 3434.704277][ T5952] ? _raw_spin_unlock+0x2d/0x50 [ 3434.709147][ T5952] try_charge+0x118d/0x1790 [ 3434.713672][ T5952] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3434.719241][ T5952] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3434.725493][ T5952] ? kasan_check_read+0x11/0x20 [ 3434.725513][ T5952] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3434.725531][ T5952] mem_cgroup_try_charge+0x24d/0x5e0 [ 3434.735938][ T5952] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3434.735957][ T5952] wp_page_copy+0x416/0x1770 [ 3434.735969][ T5952] ? do_wp_page+0x486/0x1500 [ 3434.735990][ T5952] ? pmd_pfn+0x1d0/0x1d0 [ 3434.760278][ T5952] ? lock_downgrade+0x880/0x880 [ 3434.765146][ T5952] ? swp_swapcount+0x540/0x540 [ 3434.769930][ T5952] ? kasan_check_read+0x11/0x20 [ 3434.774793][ T5952] ? do_raw_spin_unlock+0x57/0x270 [ 3434.780074][ T5952] do_wp_page+0x48e/0x1500 [ 3434.784509][ T5952] ? finish_mkwrite_fault+0x540/0x540 [ 3434.789986][ T5952] __handle_mm_fault+0x22e8/0x3ec0 [ 3434.795110][ T5952] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3434.800666][ T5952] ? find_held_lock+0x35/0x130 [ 3434.805445][ T5952] ? handle_mm_fault+0x292/0xa90 [ 3434.810579][ T5952] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3434.816856][ T5952] ? kasan_check_read+0x11/0x20 [ 3434.821712][ T5952] handle_mm_fault+0x3b7/0xa90 [ 3434.826476][ T5952] __do_page_fault+0x5ef/0xda0 [ 3434.826497][ T5952] do_page_fault+0x71/0x581 [ 3434.835749][ T5952] ? page_fault+0x8/0x30 [ 3434.840088][ T5952] page_fault+0x1e/0x30 [ 3434.844239][ T5952] RIP: 0033:0x4144b3 [ 3434.848144][ T5952] Code: e9 4c 89 e2 ff 74 24 48 4c 8b 4c 24 10 89 ee 4c 8b 44 24 18 48 89 df e8 cb f7 ff ff 66 2e 0f 1f 84 00 00 00 00 00 90 48 f7 d8 <64> 89 04 25 d4 ff ff ff 48 83 c8 ff c3 48 81 ec 98 00 00 00 31 ff [ 3434.867850][ T5952] RSP: 002b:00007ffc1533c158 EFLAGS: 00010213 [ 3434.873941][ T5952] RAX: 000000000000006e RBX: 00000000000003e8 RCX: 0000000000458c29 [ 3434.881937][ T5952] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 000000000073bf0c [ 3434.889928][ T5952] RBP: 000000000073bf00 R08: 000000000034676b R09: 000000000034676b [ 3434.897919][ T5952] R10: 00007ffc1533c220 R11: 0000000000000246 R12: 000000000000002d 03:44:18 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x6300, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:44:18 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x6400, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:44:18 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x6500, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:44:18 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x6600, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:44:18 executing program 3: r0 = socket$inet6(0xa, 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_INITMSG(r1, 0x84, 0x2, &(0x7f0000000080)={0x7ff}, 0x8) sendmmsg$inet_sctp(r1, &(0x7f0000002bc0)=[{&(0x7f0000000000)=@in={0x2, 0x0, @local}, 0x10, &(0x7f0000000500)=[{&(0x7f00000001c0)="93", 0x1}], 0x1}], 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x2c, &(0x7f0000000040)=0x6, 0x4) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000080)={0x0, 0x0}, 0x10) [ 3434.905895][ T5952] R13: 0000000000346773 R14: 00000000003467a0 R15: 000000000073bf0c [ 3434.918834][ T5952] memory: usage 307200kB, limit 307200kB, failcnt 98252 03:44:18 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$inet(0x2, 0x2000000080003, 0xc) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f00000000c0)=@broute={'broute\x00\x00\x00\x00\x02\x00\x00\x00\x00t\x00', 0x20, 0x1, 0x178, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000800], 0x2, 0x0, &(0x7f0000000800)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe, 0x1, [{{{0x11, 0x0, 0x0, 'bcsf0\x00\x00\x00\x00\b\x00', 'veth0_to_bond\x00\x00\xff', 'vcan0\x00', 'vlan0\x00', @broadcast, [], @link_local, [], 0xb0, 0xb0, 0xe8, [@devgroup={'devgroup\x00', 0x18, {{0x38}}}]}}, @common=@dnat={'dnat\x00', 0x10, {{@link_local}}}}]}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}]}, 0x1f0) fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0) [ 3434.970506][ T6136] device sit0 left promiscuous mode [ 3435.083261][ T5952] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3435.113513][ T5952] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3435.136996][ T5952] Memory cgroup stats for /syz5: cache:124KB rss:99504KB rss_huge:0KB shmem:132KB mapped_file:0KB dirty:132KB writeback:0KB swap:0KB inactive_anon:132KB active_anon:99468KB inactive_file:4KB active_file:0KB unevictable:0KB [ 3435.160020][ T5952] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=15503,uid=0 [ 3435.176705][ T5952] Memory cgroup out of memory: Killed process 15503 (syz-executor.5) total-vm:72448kB, anon-rss:156kB, file-rss:34816kB, shmem-rss:0kB [ 3435.192451][ T1044] oom_reaper: reaped process 15503 (syz-executor.5), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 3435.393077][ T6251] syz-executor.5 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 3435.405374][ T6251] CPU: 1 PID: 6251 Comm: syz-executor.5 Not tainted 5.1.0-rc5-next-20190418 #28 [ 3435.414411][ T6251] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3435.424610][ T6251] Call Trace: [ 3435.427929][ T6251] dump_stack+0x172/0x1f0 [ 3435.432287][ T6251] dump_header+0x10f/0xb6c [ 3435.436723][ T6251] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3435.442657][ T6251] ? ___ratelimit+0x60/0x595 [ 3435.447264][ T6251] ? do_raw_spin_unlock+0x57/0x270 [ 3435.452577][ T6251] oom_kill_process.cold+0x10/0x15 [ 3435.457707][ T6251] out_of_memory+0x79a/0x1280 [ 3435.462499][ T6251] ? lock_downgrade+0x880/0x880 [ 3435.467363][ T6251] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3435.473628][ T6251] ? oom_killer_disable+0x280/0x280 [ 3435.478928][ T6251] ? find_held_lock+0x35/0x130 [ 3435.483932][ T6251] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3435.489496][ T6251] ? memcg_event_wake+0x230/0x230 [ 3435.494556][ T6251] ? do_raw_spin_unlock+0x57/0x270 [ 3435.499688][ T6251] ? _raw_spin_unlock+0x2d/0x50 [ 3435.504560][ T6251] try_charge+0x118d/0x1790 [ 3435.509091][ T6251] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3435.514751][ T6251] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 3435.520318][ T6251] ? find_held_lock+0x35/0x130 [ 3435.525473][ T6251] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 3435.531048][ T6251] __memcg_kmem_charge_memcg+0x7c/0x130 [ 3435.536634][ T6251] ? memcg_kmem_put_cache+0xb0/0xb0 [ 3435.541868][ T6251] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3435.547581][ T6251] __memcg_kmem_charge+0x136/0x300 [ 3435.552716][ T6251] __alloc_pages_nodemask+0x437/0x7e0 [ 3435.558114][ T6251] ? __alloc_pages_slowpath+0x28b0/0x28b0 [ 3435.563945][ T6251] ? save_stack+0x89/0xb0 [ 3435.568313][ T6251] ? kmem_cache_alloc+0x11a/0x6f0 [ 3435.573351][ T6251] ? anon_vma_fork+0x1ea/0x4a0 [ 3435.578125][ T6251] ? copy_process.part.0+0x3547/0x7a90 [ 3435.583597][ T6251] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3435.589859][ T6251] alloc_pages_current+0x107/0x210 [ 3435.595039][ T6251] pte_alloc_one+0x1b/0x1a0 [ 3435.599556][ T6251] __pte_alloc+0x20/0x310 [ 3435.603943][ T6251] copy_page_range+0x1561/0x1fc0 [ 3435.608897][ T6251] ? anon_vma_fork+0x371/0x4a0 [ 3435.613688][ T6251] ? pmd_alloc+0x180/0x180 [ 3435.618118][ T6251] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 3435.623889][ T6251] ? validate_mm_rb+0xa3/0xc0 [ 3435.628578][ T6251] ? __vma_link_rb+0x279/0x370 [ 3435.633358][ T6251] copy_process.part.0+0x5afb/0x7a90 [ 3435.638684][ T6251] ? __cleanup_sighand+0x60/0x60 [ 3435.643653][ T6251] _do_fork+0x257/0xfd0 [ 3435.647825][ T6251] ? fork_idle+0x1d0/0x1d0 [ 3435.652270][ T6251] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3435.657931][ T6251] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3435.663491][ T6251] ? do_syscall_64+0x26/0x670 [ 3435.668282][ T6251] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3435.674456][ T6251] ? do_syscall_64+0x26/0x670 [ 3435.679346][ T6251] __x64_sys_clone+0xbf/0x150 [ 3435.684052][ T6251] do_syscall_64+0x103/0x670 [ 3435.688666][ T6251] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3435.694573][ T6251] RIP: 0033:0x458c29 [ 3435.698574][ T6251] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3435.718189][ T6251] RSP: 002b:00007fea305e1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 3435.726617][ T6251] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000458c29 [ 3435.734611][ T6251] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 3435.742596][ T6251] RBP: 000000000073c040 R08: 0000000000000000 R09: 0000000000000000 [ 3435.750587][ T6251] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fea305e26d4 [ 3435.758583][ T6251] R13: 00000000004befd3 R14: 00000000004d0020 R15: 00000000ffffffff [ 3435.768045][ T6241] device sit0 entered promiscuous mode [ 3435.808541][ T6251] memory: usage 307160kB, limit 307200kB, failcnt 98285 [ 3435.815621][ T6251] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3435.829528][ T6251] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3435.849592][ T6251] Memory cgroup stats for /syz5: cache:124KB rss:99504KB rss_huge:0KB shmem:132KB mapped_file:0KB dirty:132KB writeback:0KB swap:0KB inactive_anon:132KB active_anon:99468KB inactive_file:4KB active_file:0KB unevictable:0KB [ 3435.881068][ T6251] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=5952,uid=0 03:44:19 executing program 5: socket$inet_udplite(0x2, 0x2, 0x88) sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000002300)}, 0x0) clone(0x0, 0x0, 0x0, 0x0, 0x0) sysinfo(&(0x7f0000000000)=""/248) r0 = socket$inet(0x10, 0x3, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$sock_ifreq(r1, 0x89f1, &(0x7f0000000180)={'ip6tnl0\x00', @ifru_flags}) 03:44:19 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000340)={0x0, 0x7d00, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:44:19 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x100000890e, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r1, &(0x7f000047b000)={0xa, 0x4e20}, 0x1c) listen(r1, 0x7fff) r2 = socket$inet6(0xa, 0x6, 0x0) get_thread_area(&(0x7f0000000100)={0x1, 0x20000000, 0xffffffffffffffff, 0x1, 0x7, 0xccd8, 0x4, 0x5, 0x3, 0x8a}) setsockopt$inet6_int(r2, 0x29, 0x6, &(0x7f0000000000), 0x4) getsockopt$inet_sctp6_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000000040)={0x0, 0x401}, &(0x7f0000000080)=0x8) setsockopt$inet_sctp6_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f00000000c0)=@assoc_value={r3, 0x9}, 0x8) connect$inet6(r2, &(0x7f0000419000)={0xa, 0x4e20, 0x0, @empty}, 0x1c) 03:44:19 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x6700, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) [ 3435.904685][ T6251] Memory cgroup out of memory: Killed process 5952 (syz-executor.5) total-vm:72712kB, anon-rss:160kB, file-rss:35724kB, shmem-rss:0kB 03:44:19 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = creat(&(0x7f0000000040)='./file1\x00', 0x0) fallocate(r1, 0x0, 0xc478, 0x5) write$P9_ROPEN(r1, &(0x7f00000000c0)={0x18, 0x71, 0x0, {{0x0, 0x0, 0x2}}}, 0x18) getpeername$packet(r1, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000100)=0x14) getsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000140)={{{@in=@initdev, @in6=@empty}}, {{@in6=@remote}, 0x0, @in=@local}}, &(0x7f0000000240)=0xe8) fallocate(r1, 0x0, 0x0, 0x8001) ioctl$FS_IOC_FIEMAP(r1, 0xc020660b, &(0x7f00000002c0)=ANY=[@ANYBLOB="000000000000000000000167eec2c2c718ad1c2cd88ca894b1384d5b6045b28b08471e44a4379a3cd28713b374faa5b3ace1ebfcfbb237"]) [ 3436.094766][ T6286] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3436.112670][ T6286] CPU: 1 PID: 6286 Comm: syz-executor.5 Not tainted 5.1.0-rc5-next-20190418 #28 [ 3436.121853][ T6286] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3436.132001][ T6286] Call Trace: [ 3436.135310][ T6286] dump_stack+0x172/0x1f0 [ 3436.139655][ T6286] dump_header+0x10f/0xb6c [ 3436.144073][ T6286] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3436.149890][ T6286] ? ___ratelimit+0x60/0x595 [ 3436.154485][ T6286] ? do_raw_spin_unlock+0x57/0x270 [ 3436.159609][ T6286] oom_kill_process.cold+0x10/0x15 [ 3436.164816][ T6286] out_of_memory+0x79a/0x1280 [ 3436.169500][ T6286] ? lock_downgrade+0x880/0x880 [ 3436.174359][ T6286] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3436.180614][ T6286] ? oom_killer_disable+0x280/0x280 [ 3436.185924][ T6286] ? find_held_lock+0x35/0x130 [ 3436.190706][ T6286] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3436.196254][ T6286] ? memcg_event_wake+0x230/0x230 [ 3436.201378][ T6286] ? do_raw_spin_unlock+0x57/0x270 [ 3436.206675][ T6286] ? _raw_spin_unlock+0x2d/0x50 [ 3436.211709][ T6286] try_charge+0x118d/0x1790 [ 3436.216226][ T6286] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3436.221777][ T6286] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3436.228028][ T6286] ? kasan_check_read+0x11/0x20 [ 3436.232896][ T6286] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3436.238465][ T6286] mem_cgroup_try_charge+0x24d/0x5e0 [ 3436.243774][ T6286] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3436.249435][ T6286] wp_page_copy+0x416/0x1770 [ 3436.254025][ T6286] ? do_wp_page+0x486/0x1500 [ 3436.259056][ T6286] ? pmd_pfn+0x1d0/0x1d0 [ 3436.263316][ T6286] ? lock_downgrade+0x880/0x880 [ 3436.268173][ T6286] ? swp_swapcount+0x540/0x540 [ 3436.273110][ T6286] ? kasan_check_read+0x11/0x20 [ 3436.277966][ T6286] ? do_raw_spin_unlock+0x57/0x270 [ 3436.283087][ T6286] do_wp_page+0x48e/0x1500 [ 3436.287517][ T6286] ? finish_mkwrite_fault+0x540/0x540 [ 3436.292900][ T6286] __handle_mm_fault+0x22e8/0x3ec0 [ 3436.298190][ T6286] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3436.303914][ T6286] ? find_held_lock+0x35/0x130 [ 3436.308680][ T6286] ? handle_mm_fault+0x292/0xa90 [ 3436.313744][ T6286] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3436.320697][ T6286] ? kasan_check_read+0x11/0x20 [ 3436.325587][ T6286] handle_mm_fault+0x3b7/0xa90 [ 3436.330372][ T6286] __do_page_fault+0x5ef/0xda0 [ 3436.335232][ T6286] do_page_fault+0x71/0x581 [ 3436.339739][ T6286] ? page_fault+0x8/0x30 [ 3436.344001][ T6286] page_fault+0x1e/0x30 [ 3436.348157][ T6286] RIP: 0033:0x404bee [ 3436.352058][ T6286] Code: 48 8b 55 40 48 8b 75 38 48 8b 7d 30 ff 75 70 ff 75 68 ff 75 60 4c 8b 4d 58 4c 8b 45 50 ff d0 48 83 c4 20 48 89 c3 48 83 fb ff <48> 89 5d 78 41 8b 04 24 0f 85 d4 00 00 00 85 c0 0f 85 cc 00 00 00 [ 3436.371668][ T6286] RSP: 002b:00007fea30623c90 EFLAGS: 00010217 [ 3436.377780][ T6286] RAX: 0000000000000000 RBX: 0000000000002d05 RCX: 0000000000458c29 [ 3436.385847][ T6286] RDX: 0000000000404ba6 RSI: 0000000000000000 RDI: 0000000000000000 [ 3436.393816][ T6286] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 3436.401793][ T6286] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fea306246d4 [ 3436.412129][ T6286] R13: 00000000004befd3 R14: 00000000004d0020 R15: 00000000ffffffff [ 3436.428673][ T6286] memory: usage 307200kB, limit 307200kB, failcnt 98329 [ 3436.435807][ T6286] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3436.443978][ T6286] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3436.451429][ T6286] Memory cgroup stats for /syz5: cache:124KB rss:99504KB rss_huge:0KB shmem:132KB mapped_file:0KB dirty:132KB writeback:0KB swap:0KB inactive_anon:132KB active_anon:99600KB inactive_file:4KB active_file:0KB unevictable:0KB [ 3436.473736][ T6286] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=15736,uid=0 [ 3436.489874][ T6286] Memory cgroup out of memory: Killed process 15736 (syz-executor.5) total-vm:72448kB, anon-rss:156kB, file-rss:34816kB, shmem-rss:0kB [ 3436.532445][ T6326] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3436.542928][ T6326] CPU: 1 PID: 6326 Comm: syz-executor.5 Not tainted 5.1.0-rc5-next-20190418 #28 [ 3436.552229][ T6326] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3436.562334][ T6326] Call Trace: [ 3436.565742][ T6326] dump_stack+0x172/0x1f0 [ 3436.570119][ T6326] dump_header+0x10f/0xb6c [ 3436.574641][ T6326] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3436.580460][ T6326] ? ___ratelimit+0x60/0x595 [ 3436.585063][ T6326] ? do_raw_spin_unlock+0x57/0x270 [ 3436.590238][ T6326] oom_kill_process.cold+0x10/0x15 [ 3436.595505][ T6326] out_of_memory+0x79a/0x1280 [ 3436.600246][ T6326] ? oom_killer_disable+0x280/0x280 [ 3436.605457][ T6326] ? find_held_lock+0x35/0x130 [ 3436.610259][ T6326] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3436.615826][ T6326] ? memcg_event_wake+0x230/0x230 [ 3436.620878][ T6326] ? do_raw_spin_unlock+0x57/0x270 [ 3436.626011][ T6326] ? _raw_spin_unlock+0x2d/0x50 [ 3436.630982][ T6326] try_charge+0xd4d/0x1790 [ 3436.635573][ T6326] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3436.641133][ T6326] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3436.647442][ T6326] ? kasan_check_read+0x11/0x20 [ 3436.652326][ T6326] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3436.657907][ T6326] mem_cgroup_try_charge+0x24d/0x5e0 [ 3436.663324][ T6326] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3436.669068][ T6326] wp_page_copy+0x416/0x1770 [ 3436.673674][ T6326] ? do_wp_page+0x486/0x1500 [ 3436.678508][ T6326] ? pmd_pfn+0x1d0/0x1d0 [ 3436.682862][ T6326] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3436.689169][ T6326] ? lock_downgrade+0x880/0x880 [ 3436.694047][ T6326] ? swp_swapcount+0x540/0x540 [ 3436.699327][ T6326] ? kasan_check_read+0x11/0x20 [ 3436.704470][ T6326] ? do_raw_spin_unlock+0x57/0x270 [ 3436.709608][ T6326] do_wp_page+0x48e/0x1500 [ 3436.714057][ T6326] ? finish_mkwrite_fault+0x540/0x540 [ 3436.719457][ T6326] __handle_mm_fault+0x22e8/0x3ec0 [ 3436.724596][ T6326] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3436.730245][ T6326] ? find_held_lock+0x35/0x130 [ 3436.735029][ T6326] ? handle_mm_fault+0x292/0xa90 [ 3436.740062][ T6326] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3436.746316][ T6326] ? kasan_check_read+0x11/0x20 [ 3436.751194][ T6326] handle_mm_fault+0x3b7/0xa90 [ 3436.756213][ T6326] __do_page_fault+0x5ef/0xda0 [ 3436.761309][ T6326] do_page_fault+0x71/0x581 [ 3436.765940][ T6326] ? page_fault+0x8/0x30 [ 3436.770204][ T6326] page_fault+0x1e/0x30 [ 3436.774461][ T6326] RIP: 0033:0x404bee [ 3436.778458][ T6326] Code: 48 8b 55 40 48 8b 75 38 48 8b 7d 30 ff 75 70 ff 75 68 ff 75 60 4c 8b 4d 58 4c 8b 45 50 ff d0 48 83 c4 20 48 89 c3 48 83 fb ff <48> 89 5d 78 41 8b 04 24 0f 85 d4 00 00 00 85 c0 0f 85 cc 00 00 00 [ 3436.798440][ T6326] RSP: 002b:00007fea30623c90 EFLAGS: 00010213 [ 3436.804530][ T6326] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000458c29 [ 3436.812645][ T6326] RDX: 0000000000404ba6 RSI: 0000000000000000 RDI: 0000000000000000 [ 3436.820639][ T6326] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 3436.828933][ T6326] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fea306246d4 [ 3436.836924][ T6326] R13: 00000000004befd3 R14: 00000000004d0020 R15: 00000000ffffffff [ 3436.847991][ T6326] memory: usage 307068kB, limit 307200kB, failcnt 98329 [ 3436.855141][ T6326] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3436.864023][ T6326] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3436.872011][ T6326] Memory cgroup stats for /syz5: cache:124KB rss:99372KB rss_huge:0KB shmem:132KB mapped_file:0KB dirty:132KB writeback:0KB swap:0KB inactive_anon:132KB active_anon:99468KB inactive_file:4KB active_file:0KB unevictable:0KB [ 3436.894219][ T6326] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=15886,uid=0 [ 3436.910465][ T6326] Memory cgroup out of memory: Killed process 15886 (syz-executor.5) total-vm:72448kB, anon-rss:156kB, file-rss:34816kB, shmem-rss:0kB [ 3436.945577][ T6279] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3436.956594][ T6279] CPU: 1 PID: 6279 Comm: syz-executor.5 Not tainted 5.1.0-rc5-next-20190418 #28 [ 3436.965634][ T6279] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3436.975804][ T6279] Call Trace: [ 3436.979122][ T6279] dump_stack+0x172/0x1f0 [ 3436.983517][ T6279] dump_header+0x10f/0xb6c [ 3436.988040][ T6279] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3436.993916][ T6279] ? ___ratelimit+0x60/0x595 [ 3436.998570][ T6279] ? do_raw_spin_unlock+0x57/0x270 [ 3437.003705][ T6279] oom_kill_process.cold+0x10/0x15 [ 3437.008865][ T6279] out_of_memory+0x79a/0x1280 [ 3437.013568][ T6279] ? oom_killer_disable+0x280/0x280 [ 3437.019089][ T6279] ? find_held_lock+0x35/0x130 [ 3437.023878][ T6279] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3437.029445][ T6279] ? memcg_event_wake+0x230/0x230 [ 3437.034493][ T6279] ? do_raw_spin_unlock+0x57/0x270 [ 3437.039629][ T6279] ? _raw_spin_unlock+0x2d/0x50 [ 3437.044593][ T6279] try_charge+0xd4d/0x1790 [ 3437.049037][ T6279] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3437.054690][ T6279] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3437.061156][ T6279] ? kasan_check_read+0x11/0x20 [ 3437.066034][ T6279] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3437.071603][ T6279] mem_cgroup_try_charge+0x24d/0x5e0 [ 3437.076920][ T6279] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3437.082580][ T6279] wp_page_copy+0x416/0x1770 [ 3437.087192][ T6279] ? do_wp_page+0x486/0x1500 [ 3437.091805][ T6279] ? pmd_pfn+0x1d0/0x1d0 [ 3437.096068][ T6279] ? lock_downgrade+0x880/0x880 [ 3437.100935][ T6279] ? swp_swapcount+0x540/0x540 [ 3437.105809][ T6279] ? kasan_check_read+0x11/0x20 [ 3437.110778][ T6279] ? do_raw_spin_unlock+0x57/0x270 [ 3437.115909][ T6279] do_wp_page+0x48e/0x1500 [ 3437.120355][ T6279] ? finish_mkwrite_fault+0x540/0x540 [ 3437.125781][ T6279] __handle_mm_fault+0x22e8/0x3ec0 [ 3437.130918][ T6279] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3437.136485][ T6279] ? find_held_lock+0x35/0x130 [ 3437.141289][ T6279] ? handle_mm_fault+0x292/0xa90 [ 3437.146488][ T6279] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3437.153030][ T6279] ? kasan_check_read+0x11/0x20 [ 3437.157909][ T6279] handle_mm_fault+0x3b7/0xa90 [ 3437.162699][ T6279] __do_page_fault+0x5ef/0xda0 [ 3437.167519][ T6279] do_page_fault+0x71/0x581 [ 3437.172127][ T6279] ? page_fault+0x8/0x30 [ 3437.176385][ T6279] page_fault+0x1e/0x30 [ 3437.180551][ T6279] RIP: 0033:0x4144b3 [ 3437.184817][ T6279] Code: e9 4c 89 e2 ff 74 24 48 4c 8b 4c 24 10 89 ee 4c 8b 44 24 18 48 89 df e8 cb f7 ff ff 66 2e 0f 1f 84 00 00 00 00 00 90 48 f7 d8 <64> 89 04 25 d4 ff ff ff 48 83 c8 ff c3 48 81 ec 98 00 00 00 31 ff [ 3437.205022][ T6279] RSP: 002b:00007ffc1533c158 EFLAGS: 00010213 [ 3437.211431][ T6279] RAX: 000000000000006e RBX: 00000000000003e8 RCX: 0000000000458c29 [ 3437.219634][ T6279] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 000000000073bf0c [ 3437.227623][ T6279] RBP: 000000000073bf00 R08: 0000000000346de1 R09: 0000000000346de1 [ 3437.235741][ T6279] R10: 00007ffc1533c220 R11: 0000000000000246 R12: 000000000000002d [ 3437.243819][ T6279] R13: 0000000000346de8 R14: 0000000000346e15 R15: 000000000073bf0c [ 3437.254669][ T6279] memory: usage 306800kB, limit 307200kB, failcnt 98329 [ 3437.262083][ T6279] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3437.270516][ T6279] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3437.278163][ T6279] Memory cgroup stats for /syz5: cache:124KB rss:99372KB rss_huge:0KB shmem:132KB mapped_file:0KB dirty:132KB writeback:0KB swap:0KB inactive_anon:132KB active_anon:99468KB inactive_file:4KB active_file:0KB unevictable:0KB [ 3437.300871][ T6279] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=16307,uid=0 [ 3437.321868][ T6279] Memory cgroup out of memory: Killed process 16307 (syz-executor.5) total-vm:72448kB, anon-rss:156kB, file-rss:34816kB, shmem-rss:0kB [ 3437.547129][ T6256] device sit0 left promiscuous mode [ 3437.632269][ T6241] device sit0 entered promiscuous mode 03:44:21 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) mkdir(&(0x7f0000000840)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./filowerdir=./file1,workdr=./file1\x00']) llistxattr(&(0x7f0000000400)='./file0\x00', 0x0, 0x0) r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000180)='/dev/zero\x00', 0x20000, 0x0) ioctl$BLKFLSBUF(r0, 0x1261, &(0x7f0000000040)=0x3) getsockname$packet(r0, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f00000002c0)=0x14) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'team0\x00', r1}) bind$packet(r0, &(0x7f00000000c0)={0x11, 0x1f, r2, 0x1, 0xffffffff, 0x6, @random="b24c8ca03f7f"}, 0x14) 03:44:21 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$inet(0x2, 0x2000000080003, 0xc) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f00000000c0)=@broute={'broute\x00\x00\x00\x00\x02\x00\x00\x00\x00t\x00', 0x20, 0x1, 0x178, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000800], 0x2, 0x0, &(0x7f0000000800)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe, 0x1, [{{{0x11, 0x0, 0x0, 'bcsf0\x00\x00\x00\x00\b\x00', 'veth0_to_bond\x00\xfe\xff', 'vcan0\x00', 'vlan0\x00', @broadcast, [], @link_local, [], 0xb0, 0xb0, 0xe8, [@devgroup={'devgroup\x00', 0x18, {{0x38}}}]}}, @common=@dnat={'dnat\x00', 0x10, {{@link_local}}}}]}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}]}, 0x1f0) fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0) 03:44:21 executing program 3: r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000), 0x1c) r1 = socket$packet(0x11, 0x3, 0x300) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e22, 0x0, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x14}}}, 0x1c) recvmmsg(r1, &(0x7f0000000300), 0x121, 0x0, 0x0) setsockopt$packet_int(r1, 0x107, 0x8, &(0x7f0000000040)=0x100, 0x4) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") recvmmsg(r1, &(0x7f0000002cc0)=[{{&(0x7f0000000100)=@pppoe={0x18, 0x0, {0x0, @link_local}}, 0x80, &(0x7f0000000280)=[{&(0x7f0000000180)=""/200, 0xc8}], 0x1}, 0x10000}, {{&(0x7f00000002c0)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @local}}}, 0x80, &(0x7f0000001700)=[{&(0x7f0000000340)=""/227, 0xe3}, {&(0x7f0000000440)=""/115, 0x73}, {&(0x7f00000004c0)=""/55, 0x37}, {&(0x7f0000000500)=""/19, 0x13}, {&(0x7f0000000540)=""/32, 0x20}, {&(0x7f0000000580)=""/47, 0x2f}, {&(0x7f00000005c0)=""/189, 0xbd}, {&(0x7f0000000680)=""/99, 0x63}, {&(0x7f0000000700)=""/4096, 0x1000}], 0x9, &(0x7f00000017c0)=""/116, 0x74}, 0x2}, {{&(0x7f0000001840)=@ipx, 0x80, &(0x7f0000002bc0)=[{&(0x7f00000018c0)=""/25, 0x19}, {&(0x7f0000001900)=""/78, 0x4e}, {&(0x7f0000001980)=""/4096, 0x1000}, {&(0x7f0000002980)=""/19, 0x13}, {&(0x7f00000029c0)=""/24, 0x18}, {&(0x7f0000002a00)=""/172, 0xac}, {&(0x7f0000002ac0)=""/236, 0xec}], 0x7, &(0x7f0000002c40)=""/75, 0x4b}, 0xca}], 0x3, 0x2000, 0x0) syz_emit_ethernet(0x300cce, &(0x7f0000002d80)=ANY=[@ANYBLOB="aaaa677eaaaa0000000000008100000086dd60b409000008000002024300800080000000ffffe0000002ff0200000000000000000000000000013c0090780007040060b680fa000000000000000000000000000072d39f0482f876278affffffffffff00000000000000000000ffffac14ffbb519020f1ad44447dc7d42bea91427978db94ec5719b85ddadbebdab74f65b5051e8205805b2d769de07f97e6ef01f48d1711315fa6bfee8e81525a4cf9afd212607afb70ff4d0f99e62972975fcd245f6dd7f155e4749776a1ba5931ffc7878c1adbcb61b288efc493c9f1a389c23d516ba11dac7a3636883382df0552c17ed50cc887b34c1ebab8c69052886a3c2f0b0cbd6aec44e31a8cc4c4064261c308f2fdf758aa71d11d8a26c2b919309d45e1eaedf0a043181fcb263e3629348ad2bd1eaa7e24e056506c95d5fe607a25b9120ec67109e16f33d78f554f94c17eacc68082d36363599751139d259959cac37e9603298b9535d95cba83d7abd1000edcf3ef5e22622e68ab390a01fbdbc73633315aad4b0fc216236226482a9fe5e0b92ac374ea68cde9e1502062ed6d7fb8e3862a6f35"], 0x0) sendmmsg(r0, &(0x7f00000092c0), 0x4000000000001b9, 0x0) 03:44:21 executing program 5: socket$inet_udplite(0x2, 0x2, 0x88) sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000002300)}, 0x0) clone(0x0, 0x0, 0x0, 0x0, 0x0) sysinfo(&(0x7f0000000000)=""/248) r0 = socket$inet(0x10, 0x3, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$sock_ifreq(r1, 0x89f1, &(0x7f0000000180)={'ip6tnl0\x00', @ifru_flags}) 03:44:21 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x6800, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:44:21 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000340)={0x0, 0x7e00, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:44:21 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$inet(0x2, 0x2000000080003, 0xc) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f00000000c0)=@broute={'broute\x00\x00\x00\x00\x02\x00\x00\x00\x00t\x00', 0x20, 0x1, 0x178, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000800], 0x2, 0x0, &(0x7f0000000800)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe, 0x1, [{{{0x11, 0x0, 0x0, 'bcsf0\x00\x00\x00\x00\b\x00', 'veth0_to_bond\x00', 'vcan0\x00', 'vlan0\x00', @broadcast, [], @link_local, [], 0xb0, 0xb0, 0xe8, [@devgroup={'devgroup\x00', 0x18, {{0x38}}}]}}, @common=@dnat={'dnat\x00', 0x10, {{@link_local}}}}]}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}]}, 0x1f0) fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0) [ 3437.979473][ T6423] overlayfs: unrecognized mount option "workdr=./file1" or missing value 03:44:21 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x6900, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:44:21 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000340)={0x0, 0x7f00, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:44:21 executing program 1: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000140)='bpf\x00', 0x0, 0x0) mkdir(&(0x7f00000000c0)='./file0/file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000001c0)='./file0\x00', 0x0, 0x8055, 0x0) mount$bpf(0x0, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x80000, 0x0) ioctl$KVM_IOEVENTFD(0xffffffffffffffff, 0x4040ae79, 0x0) r0 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000100)='/dev/btrfs-control\x00', 0x402980, 0x0) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000000400)={{{@in=@multicast1, @in=@empty, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6}, 0x0, @in=@multicast2}}, &(0x7f0000000340)=0x2ed) r2 = openat$vfio(0xffffffffffffff9c, &(0x7f0000000380)='/dev/vfio/vfio\x00', 0x428000, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000500)={0x2, 0xf95, 0x0, 0x5, 0x8, r0, 0xf37, [], r1, r2, 0x10001, 0x604}, 0x3c) r3 = accept(0xffffffffffffffff, &(0x7f0000000200)=@xdp, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x1e, &(0x7f0000000180), 0x4) mount$bpf(0x20000000, &(0x7f0000000300)='./file0/file0\x00', 0x0, 0x5004, 0x0) gettid() umount2(&(0x7f0000000800)='./file0\x00', 0x0) 03:44:21 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x6a00, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) [ 3438.177598][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 3438.179868][ T6466] syz-executor.5 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 3438.184079][ C1] protocol 88fb is buggy, dev hsr_slave_1 03:44:21 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$inet(0x2, 0x2000000080003, 0xc) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f00000000c0)=@broute={'broute\x00\x00\x00\x00\x02\x00\x00\x00\x00t\x00', 0x20, 0x1, 0x178, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000800], 0x2, 0x0, &(0x7f0000000800)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe, 0x1, [{{{0x11, 0x0, 0x0, 'bcsf0\x00\x00\x00\x00\b\x00', 'veth0_to_bond\x00', 'vcan0\x00', 'vlan0\x00', @broadcast, [], @link_local, [], 0xb0, 0xb0, 0xe8, [@devgroup={'devgroup\x00', 0x18, {{0x38}}}]}}, @common=@dnat={'dnat\x00', 0x10, {{@link_local}}}}]}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}]}, 0x1f0) fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0) [ 3438.376080][ T6466] CPU: 0 PID: 6466 Comm: syz-executor.5 Not tainted 5.1.0-rc5-next-20190418 #28 [ 3438.385578][ T6466] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3438.395898][ T6466] Call Trace: [ 3438.399336][ T6466] dump_stack+0x172/0x1f0 [ 3438.404065][ T6466] dump_header+0x10f/0xb6c [ 3438.408534][ T6466] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3438.414372][ T6466] ? ___ratelimit+0x60/0x595 [ 3438.419108][ T6466] ? do_raw_spin_unlock+0x57/0x270 [ 3438.424250][ T6466] oom_kill_process.cold+0x10/0x15 [ 3438.429768][ T6466] out_of_memory+0x79a/0x1280 [ 3438.434551][ T6466] ? lock_downgrade+0x880/0x880 [ 3438.439674][ T6466] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3438.446167][ T6466] ? oom_killer_disable+0x280/0x280 [ 3438.451398][ T6466] ? find_held_lock+0x35/0x130 [ 3438.456198][ T6466] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3438.461774][ T6466] ? memcg_event_wake+0x230/0x230 [ 3438.466831][ T6466] ? do_raw_spin_unlock+0x57/0x270 [ 3438.472060][ T6466] ? _raw_spin_unlock+0x2d/0x50 [ 3438.477136][ T6466] try_charge+0x118d/0x1790 [ 3438.482007][ T6466] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3438.487770][ T6466] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 3438.493518][ T6466] ? find_held_lock+0x35/0x130 [ 3438.498311][ T6466] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 3438.503898][ T6466] __memcg_kmem_charge_memcg+0x7c/0x130 [ 3438.509754][ T6466] ? memcg_kmem_put_cache+0xb0/0xb0 [ 3438.515032][ T6466] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3438.520819][ T6466] __memcg_kmem_charge+0x136/0x300 [ 3438.532386][ T6466] __alloc_pages_nodemask+0x437/0x7e0 [ 3438.537794][ T6466] ? __alloc_pages_slowpath+0x28b0/0x28b0 [ 3438.543889][ T6466] ? copy_page_range+0x128a/0x1fc0 [ 3438.549674][ T6466] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3438.556379][ T6466] alloc_pages_current+0x107/0x210 [ 3438.561640][ T6466] pte_alloc_one+0x1b/0x1a0 [ 3438.566177][ T6466] __pte_alloc+0x20/0x310 [ 3438.571058][ T6466] copy_page_range+0x1561/0x1fc0 03:44:22 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000340)={0x0, 0x8100, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:44:22 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x1, 0x0) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev, 0x4}, 0x1c) kexec_load(0x2, 0x2, &(0x7f00000001c0)=[{&(0x7f0000000000)="076607852409d690771ef34918a1ed4a1f36a60a2e21a3cf6570a5d2e440a2863bf3f37f4e1d92d786897abc5577880a121bd94b1a4858640e442173ba9cd42bf08cc42d21cea134b783d8f432c95b80590e56d94b92f81d002b901538e68f9f907055057b7d9b1258abbf6e8aa6d0cc1313ea7e31471b25dadfa3a694fb0415954accee7af600581c4e5306562407a058080c3e5fc90c6ab3e5c08c905183e658d9311714508a23101f248c2fc902614233f247e4a21f86bff6aa3adbdd5cccf6f0147cf27ae59a7bb33421ca85f8b28897cea2a991", 0xd6, 0x40a, 0x400}, {&(0x7f0000000140)="afc70e3c0a6c102c704ae83cb1bc4fe5d8c122b32019cb71c0e9ca5a8def128a95458f657e99888a8761e684cc330a63f821eb0b1b7a736ae0a4c62757626b3c20af2d915ae58d648b92be9cdc4046f9a4d30a", 0x53, 0x57, 0x7}], 0x320000) sendmmsg(r0, &(0x7f00000002c0), 0x400000000000174, 0x7ffffff7) [ 3438.576807][ T6466] ? __lock_acquire+0x548/0x3fb0 [ 3438.582076][ T6466] ? pmd_alloc+0x180/0x180 [ 3438.586658][ T6466] ? vma_gap_callbacks_rotate+0x62/0x80 [ 3438.592351][ T6466] ? __rb_insert_augmented+0x231/0xdf0 [ 3438.598148][ T6466] ? validate_mm_rb+0xa3/0xc0 [ 3438.603147][ T6466] ? __vma_link_rb+0x279/0x370 [ 3438.608018][ T6466] ? kasan_check_write+0x14/0x20 [ 3438.613017][ T6466] copy_process.part.0+0x5afb/0x7a90 [ 3438.618649][ T6466] ? __cleanup_sighand+0x60/0x60 [ 3438.623707][ T6466] _do_fork+0x257/0xfd0 [ 3438.628078][ T6466] ? fork_idle+0x1d0/0x1d0 [ 3438.635001][ T6466] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3438.640484][ T6466] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3438.646058][ T6466] ? do_syscall_64+0x26/0x670 [ 3438.650889][ T6466] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3438.657391][ T6466] ? do_syscall_64+0x26/0x670 [ 3438.662102][ T6466] __x64_sys_clone+0xbf/0x150 [ 3438.666817][ T6466] do_syscall_64+0x103/0x670 [ 3438.671663][ T6466] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3438.677845][ T6466] RIP: 0033:0x458c29 [ 3438.681932][ T6466] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3438.701813][ T6466] RSP: 002b:00007fea30602c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 3438.710521][ T6466] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000458c29 [ 3438.718895][ T6466] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 3438.726992][ T6466] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 3438.735078][ T6466] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fea306036d4 [ 3438.743180][ T6466] R13: 00000000004befd3 R14: 00000000004d0020 R15: 00000000ffffffff [ 3438.751784][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 3438.757838][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 3438.764120][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 3438.770064][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 3438.776841][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 3438.783029][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 3438.789243][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 3438.795057][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 3438.874923][ T6466] memory: usage 307200kB, limit 307200kB, failcnt 98337 [ 3439.067605][ T6466] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3439.086047][ T6466] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 03:44:22 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x8, &(0x7f0000000180)="0adc1f123c123f319bd070") clone(0x4000003102041ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() futex(&(0x7f0000000140)=0x2, 0x0, 0x2, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x2f) write$P9_RREAD(0xffffffffffffffff, &(0x7f0000000100)=ANY=[@ANYBLOB="0d2bc705353cd87430cf5cbee41738f247764e16ad47400000000000230061f974b70000f60200000000000000f174956bcf4ae5759410c753"], 0x39) ptrace$cont(0x18, r1, 0x0, 0x0) ptrace$setregs(0xd, r1, 0x0, &(0x7f00000000c0)) ptrace$cont(0x7, r1, 0x0, 0x0) [ 3439.095346][ T6466] Memory cgroup stats for /syz5: cache:124KB rss:99480KB rss_huge:0KB shmem:132KB mapped_file:0KB dirty:132KB writeback:0KB swap:0KB inactive_anon:132KB active_anon:99468KB inactive_file:4KB active_file:0KB unevictable:0KB [ 3439.127212][ T6466] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=6397,uid=0 [ 3439.160812][ T6466] Memory cgroup out of memory: Killed process 6397 (syz-executor.5) total-vm:72580kB, anon-rss:160kB, file-rss:35724kB, shmem-rss:0kB 03:44:22 executing program 5: socket$inet_udplite(0x2, 0x2, 0x88) sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000002300)}, 0x0) clone(0x0, 0x0, 0x0, 0x0, 0x0) sysinfo(&(0x7f0000000000)=""/248) r0 = socket$inet(0x10, 0x3, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$sock_ifreq(r1, 0x89f1, &(0x7f0000000180)={'ip6tnl0\x00', @ifru_flags}) 03:44:22 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x6b00, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:44:22 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000340)={0x0, 0x8200, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:44:22 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$inet(0x2, 0x2000000080003, 0xc) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f00000000c0)=@broute={'broute\x00\x00\x00\x00\x02\x00\x00\x00\x00t\x00', 0x20, 0x1, 0x178, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000800], 0x2, 0x0, &(0x7f0000000800)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe, 0x1, [{{{0x11, 0x0, 0x0, 'bcsf0\x00\x00\x00\x00\b\x00', 'veth0_to_bond\x00', 'vcan0\x00', 'vlan0\x00', @broadcast, [], @link_local, [], 0xb0, 0xb0, 0xe8, [@devgroup={'devgroup\x00', 0x18, {{0x38}}}]}}, @common=@dnat={'dnat\x00', 0x10, {{@link_local}}}}]}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}]}, 0x1f0) fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0) 03:44:22 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") clock_settime(0x0, &(0x7f0000000100)={0x77359400}) 03:33:20 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$inet(0x2, 0x2000000080003, 0xc) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f00000000c0)=@broute={'broute\x00\x00\x00\x00\x02\x00\x00\x00\x00t\x00', 0x20, 0x1, 0x178, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000800], 0x2, 0x0, &(0x7f0000000800)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe, 0x1, [{{{0x11, 0x0, 0x0, 'bcsf0\x00\x00\x00\x00\b\x00', 'veth0_to_bond\x00', 'vcan0\x00', 'vlan0\x00', @broadcast, [], @link_local, [], 0xb0, 0xb0, 0xe8, [@devgroup={'devgroup\x00', 0x18, {{0x38}}}]}}, @common=@dnat={'dnat\x00', 0x10, {{@link_local}}}}]}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}]}, 0x1f0) fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0) 03:33:20 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x6c00, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:33:20 executing program 3: r0 = memfd_create(&(0x7f0000000000)='%-@vboxnet1vmnet0ppp1}wlan1eth1ppp0em0\x00', 0x5) fallocate(r0, 0xa, 0x7, 0x8) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000140)='/dev/hwrng\x00', 0x482001, 0x0) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000040)='/dev/hwrng\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_INFO(r1, 0x40bc5311, &(0x7f0000000080)={0x3, 0x1, 'client1\x00', 0xffffffff80000004, "6a2af74ab15db283", "346b0d9adfc3794463c486d4316d2dc13606344c272b06bff4f25b828b7dc0aa", 0xfffffffffffffff7, 0x9}) mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000004, 0x10, r1, 0x0) 03:33:20 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000340)={0x0, 0x8300, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:33:20 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$inet(0x2, 0x2000000080003, 0xc) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f00000000c0)=@broute={'broute\x00\x00\x00\x00\x02\x00\x00\x00\x00t\x00', 0x20, 0x1, 0x178, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000800], 0x2, 0x0, &(0x7f0000000800)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe, 0x1, [{{{0x11, 0x0, 0x0, 'bcsf0\x00\x00\x00\x00\b\x00', 'veth0_to_bond\x00', 'vcan0\x00', 'vlan0\x00', @broadcast, [], @link_local, [], 0xb0, 0xb0, 0xe8, [@devgroup={'devgroup\x00', 0x18, {{0x38}}}]}}, @common=@dnat={'dnat\x00', 0x10, {{@link_local}}}}]}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}]}, 0x1f0) fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0) 03:33:20 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f319bd070") r1 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x80000000, 0x141000) ioctl$VIDIOC_SUBDEV_DV_TIMINGS_CAP(r1, 0xc0905664, &(0x7f0000000180)={0x0, 0x0, [], @bt={0x1, 0x2, 0x9aba, 0x4, 0x1, 0x7, 0x2, 0x8}}) clone(0x4000003102041ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_COUNTERS(r2, 0x0, 0x81, &(0x7f00000000c0)={'nat\x11\x00', 0x0, 0x0, 0x0, [], 0x1, 0x0, 0x0, [{}]}, 0x88) 03:33:20 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0x4, 0x82) connect$bt_rfcomm(r1, &(0x7f0000000100)={0x1f, {0x7, 0x4000000000, 0x7, 0x100000001, 0xdb, 0x81}, 0xffffffff7fffffff}, 0xa) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0) clone(0x10002102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$EXT4_IOC_GROUP_ADD(r2, 0x40286608, &(0x7f00000000c0)={0x4}) socket$inet_udplite(0x2, 0x2, 0x88) [ 3439.789389][ T7023] EXT4-fs warning (device sda1): verify_group_input:104: Cannot add at group 4 (only 16 groups) [ 3439.993120][ T6844] syz-executor.5 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 3440.007078][ T6844] CPU: 1 PID: 6844 Comm: syz-executor.5 Not tainted 5.1.0-rc5-next-20190418 #28 [ 3440.016954][ T6844] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3440.027487][ T6844] Call Trace: [ 3440.030823][ T6844] dump_stack+0x172/0x1f0 [ 3440.035625][ T6844] dump_header+0x10f/0xb6c [ 3440.040266][ T6844] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3440.046265][ T6844] ? ___ratelimit+0x60/0x595 [ 3440.051136][ T6844] ? do_raw_spin_unlock+0x57/0x270 [ 3440.056270][ T6844] oom_kill_process.cold+0x10/0x15 [ 3440.061575][ T6844] out_of_memory+0x79a/0x1280 [ 3440.066476][ T6844] ? lock_downgrade+0x880/0x880 [ 3440.071481][ T6844] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3440.077743][ T6844] ? oom_killer_disable+0x280/0x280 [ 3440.084697][ T6844] ? find_held_lock+0x35/0x130 [ 3440.089941][ T6844] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3440.096039][ T6844] ? memcg_event_wake+0x230/0x230 [ 3440.101284][ T6844] ? do_raw_spin_unlock+0x57/0x270 [ 3440.106598][ T6844] ? _raw_spin_unlock+0x2d/0x50 [ 3440.111646][ T6844] try_charge+0x118d/0x1790 [ 3440.116307][ T6844] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3440.122105][ T6844] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 3440.127846][ T6844] ? find_held_lock+0x35/0x130 [ 3440.132946][ T6844] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 3440.138818][ T6844] __memcg_kmem_charge_memcg+0x7c/0x130 [ 3440.144499][ T6844] ? memcg_kmem_put_cache+0xb0/0xb0 [ 3440.150159][ T6844] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3440.155977][ T6844] __memcg_kmem_charge+0x136/0x300 [ 3440.161127][ T6844] __alloc_pages_nodemask+0x437/0x7e0 [ 3440.166608][ T6844] ? __alloc_pages_slowpath+0x28b0/0x28b0 [ 3440.172608][ T6844] ? save_stack+0x45/0xb0 [ 3440.177025][ T6844] ? __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 3440.183129][ T6844] ? kasan_slab_alloc+0xf/0x20 [ 3440.188069][ T6844] ? kmem_cache_alloc+0x11a/0x6f0 [ 3440.193483][ T6844] ? anon_vma_fork+0x1ea/0x4a0 [ 3440.198553][ T6844] ? copy_process.part.0+0x3547/0x7a90 [ 3440.204395][ T6844] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3440.210950][ T6844] alloc_pages_current+0x107/0x210 [ 3440.216297][ T6844] __pmd_alloc+0x41/0x460 [ 3440.220972][ T6844] ? pmd_val+0x100/0x100 [ 3440.225347][ T6844] pmd_alloc+0x10c/0x180 [ 3440.229880][ T6844] copy_page_range+0x63c/0x1fc0 [ 3440.235919][ T6844] ? anon_vma_fork+0x371/0x4a0 [ 3440.240840][ T6844] ? pmd_alloc+0x180/0x180 [ 3440.245362][ T6844] ? vma_gap_callbacks_rotate+0x62/0x80 [ 3440.251057][ T6844] ? validate_mm_rb+0xa3/0xc0 [ 3440.256043][ T6844] ? __vma_link_rb+0x279/0x370 [ 3440.261253][ T6844] copy_process.part.0+0x5afb/0x7a90 [ 3440.266884][ T6844] ? __cleanup_sighand+0x60/0x60 [ 3440.272162][ T6844] _do_fork+0x257/0xfd0 [ 3440.276608][ T6844] ? fork_idle+0x1d0/0x1d0 [ 3440.281234][ T6844] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3440.287244][ T6844] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3440.292811][ T6844] ? do_syscall_64+0x26/0x670 [ 3440.297595][ T6844] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3440.303854][ T6844] ? do_syscall_64+0x26/0x670 [ 3440.308819][ T6844] __x64_sys_clone+0xbf/0x150 [ 3440.313781][ T6844] do_syscall_64+0x103/0x670 [ 3440.318783][ T6844] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3440.324811][ T6844] RIP: 0033:0x458c29 [ 3440.328732][ T6844] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3440.350997][ T6844] RSP: 002b:00007fea30623c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 3440.360240][ T6844] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000458c29 [ 3440.368548][ T6844] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 3440.376726][ T6844] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 3440.385033][ T6844] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fea306246d4 [ 3440.394079][ T6844] R13: 00000000004befd3 R14: 00000000004d0020 R15: 00000000ffffffff [ 3440.403914][ T6844] memory: usage 307164kB, limit 307200kB, failcnt 98374 [ 3440.420064][ T6844] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3440.430679][ T6844] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3440.438505][ T6844] Memory cgroup stats for /syz5: cache:124KB rss:99480KB rss_huge:0KB shmem:132KB mapped_file:0KB dirty:132KB writeback:0KB swap:0KB inactive_anon:132KB active_anon:99468KB inactive_file:4KB active_file:0KB unevictable:0KB [ 3440.461638][ T6844] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=6385,uid=0 [ 3440.478052][ T6844] Memory cgroup out of memory: Killed process 6385 (syz-executor.5) total-vm:72712kB, anon-rss:172kB, file-rss:34816kB, shmem-rss:0kB [ 3440.499918][ T1044] oom_reaper: reaped process 6385 (syz-executor.5), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 3440.540711][ T6844] syz-executor.5 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 3440.553784][ T6844] CPU: 0 PID: 6844 Comm: syz-executor.5 Not tainted 5.1.0-rc5-next-20190418 #28 [ 3440.564081][ T6844] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3440.575722][ T6844] Call Trace: [ 3440.579786][ T6844] dump_stack+0x172/0x1f0 [ 3440.584344][ T6844] dump_header+0x10f/0xb6c [ 3440.589549][ T6844] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3440.595843][ T6844] ? ___ratelimit+0x60/0x595 [ 3440.600862][ T6844] ? do_raw_spin_unlock+0x57/0x270 [ 3440.606329][ T6844] oom_kill_process.cold+0x10/0x15 [ 3440.612214][ T6844] out_of_memory+0x79a/0x1280 [ 3440.617515][ T6844] ? lock_downgrade+0x880/0x880 [ 3440.622514][ T6844] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3440.629168][ T6844] ? oom_killer_disable+0x280/0x280 [ 3440.635157][ T6844] ? find_held_lock+0x35/0x130 [ 3440.640493][ T6844] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3440.646660][ T6844] ? memcg_event_wake+0x230/0x230 [ 3440.652777][ T6844] ? do_raw_spin_unlock+0x57/0x270 [ 3440.658101][ T6844] ? _raw_spin_unlock+0x2d/0x50 [ 3440.662972][ T6844] try_charge+0x118d/0x1790 [ 3440.667946][ T6844] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3440.673779][ T6844] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 3440.679746][ T6844] ? find_held_lock+0x35/0x130 [ 3440.684566][ T6844] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 3440.690224][ T6844] __memcg_kmem_charge_memcg+0x7c/0x130 [ 3440.695959][ T6844] ? memcg_kmem_put_cache+0xb0/0xb0 [ 3440.701701][ T6844] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3440.707885][ T6844] __memcg_kmem_charge+0x136/0x300 [ 3440.713649][ T6844] __alloc_pages_nodemask+0x437/0x7e0 [ 3440.719319][ T6844] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3440.726044][ T6844] ? __alloc_pages_slowpath+0x28b0/0x28b0 [ 3440.732572][ T6844] ? copy_process.part.0+0x1d40/0x7a90 [ 3440.738510][ T6844] ? lockdep_hardirqs_on+0x418/0x5d0 [ 3440.744532][ T6844] ? trace_hardirqs_on+0x67/0x230 [ 3440.750649][ T6844] ? kasan_check_read+0x11/0x20 [ 3440.755839][ T6844] copy_process.part.0+0x3e0/0x7a90 [ 3440.761335][ T6844] ? __lock_acquire+0x548/0x3fb0 [ 3440.766531][ T6844] ? __might_fault+0x12b/0x1e0 [ 3440.771752][ T6844] ? __cleanup_sighand+0x60/0x60 [ 3440.777031][ T6844] ? lock_downgrade+0x880/0x880 [ 3440.782003][ T6844] _do_fork+0x257/0xfd0 [ 3440.786330][ T6844] ? fork_idle+0x1d0/0x1d0 [ 3440.791201][ T6844] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3440.797037][ T6844] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3440.802598][ T6844] ? do_syscall_64+0x26/0x670 [ 3440.807566][ T6844] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3440.814336][ T6844] ? do_syscall_64+0x26/0x670 [ 3440.819107][ T6844] __x64_sys_clone+0xbf/0x150 [ 3440.824073][ T6844] do_syscall_64+0x103/0x670 [ 3440.829030][ T6844] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3440.835305][ T6844] RIP: 0033:0x458c29 [ 3440.839638][ T6844] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3440.860748][ T6844] RSP: 002b:00007fea30623c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 3440.869633][ T6844] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000458c29 [ 3440.878626][ T6844] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 3440.887203][ T6844] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 3440.896795][ T6844] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fea306246d4 [ 3440.905598][ T6844] R13: 00000000004befd3 R14: 00000000004d0020 R15: 00000000ffffffff [ 3440.917018][ T6844] memory: usage 307164kB, limit 307200kB, failcnt 98398 [ 3440.928723][ T6844] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3440.937115][ T6844] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3440.945694][ T6844] Memory cgroup stats for /syz5: cache:124KB rss:99480KB rss_huge:0KB shmem:132KB mapped_file:0KB dirty:132KB writeback:0KB swap:0KB inactive_anon:132KB active_anon:99468KB inactive_file:4KB active_file:0KB unevictable:0KB [ 3440.970165][ T6844] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=6839,uid=0 03:33:21 executing program 5: socket$inet_udplite(0x2, 0x2, 0x88) sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000002300)}, 0x0) clone(0x0, 0x0, 0x0, 0x0, 0x0) sysinfo(&(0x7f0000000000)=""/248) r0 = socket$inet(0x10, 0x3, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$sock_ifreq(r1, 0x89f1, &(0x7f0000000180)={'ip6tnl0\x00', @ifru_flags}) 03:33:21 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x6d00, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:33:21 executing program 3: r0 = syz_open_dev$evdev(&(0x7f0000000080)='/dev/input/event#\x00', 0x0, 0x0) r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/autofs\x00', 0x80, 0x0) getsockopt$netrom_NETROM_T2(r1, 0x103, 0x2, &(0x7f00000000c0)=0x29, &(0x7f0000000100)=0x4) ioctl$EVIOCSREP(r0, 0x40084503, &(0x7f0000000000)=[0x7002, 0xc30e]) ioctl$RNDZAPENTCNT(r1, 0x5204, &(0x7f0000000140)=0xe7) ioctl$EVIOCGBITKEY(r0, 0x80404522, &(0x7f0000000300)=""/224) 03:33:21 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000340)={0x0, 0x8400, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:33:21 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$inet(0x2, 0x2000000080003, 0xc) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f00000000c0)=@broute={'broute\x00\x00\x00\x00\x02\x00\x00\x00\x00t\x00', 0x20, 0x1, 0x178, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000800], 0x2, 0x0, &(0x7f0000000800)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe, 0x1, [{{{0x11, 0x0, 0x0, 'bcsf0\x00\x00\x00\x00\b\x00', 'veth0_to_bond\x00', 'vcan0\x00', 'vlan0\x00', @broadcast, [], @link_local, [], 0xb0, 0xb0, 0xe8, [@devgroup={'devgroup\x00', 0x18, {{0x38}}}]}}, @common=@dnat={'dnat\x00', 0x10, {{@link_local}}}}]}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}]}, 0x1f0) fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0) 03:33:21 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000100)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128l\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000200)="ab553fec94248c32e27d04000000288a", 0x10) r1 = accept$alg(r0, 0x0, 0x0) sendmsg$alg(r1, &(0x7f0000001380)={0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x0) write$binfmt_script(r1, &(0x7f00000000c0)=ANY=[], 0x271) recvmmsg(r1, &(0x7f0000004ec0)=[{{0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=""/84, 0x54}, {&(0x7f0000000780)=""/98, 0x62}], 0x2}}], 0x1, 0x0, 0x0) r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/net/pfkey\x00', 0x80, 0x0) setsockopt$IP6T_SO_SET_ADD_COUNTERS(r2, 0x29, 0x41, &(0x7f0000000180)={'mangle\x00', 0x2, [{}, {}]}, 0x48) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f00000002c0)={{{@in6=@initdev, @in=@empty, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@remote}, 0x0, @in=@initdev}}, &(0x7f00000003c0)=0xe8) lstat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) mount$fuseblk(&(0x7f00000000c0)='/dev/loop0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000280)='fuseblk\x00', 0x280001, &(0x7f0000000500)={{'fd', 0x3d, r2}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {'user_id', 0x3d, r3}, 0x2c, {'group_id', 0x3d, r4}, 0x2c, {[{@blksize={'blksize', 0x3d, 0x400}}, {@allow_other='allow_other'}, {@allow_other='allow_other'}, {@allow_other='allow_other'}, {@blksize={'blksize', 0x3d, 0xa00}}, {@max_read={'max_read', 0x3d, 0x4}}, {@blksize={'blksize', 0x3d, 0xc00}}, {@default_permissions='default_permissions'}, {@default_permissions='default_permissions'}, {@max_read={'max_read'}}], [{@smackfsfloor={'smackfsfloor', 0x3d, 'aegis128l\x00'}}, {@dont_hash='dont_hash'}, {@hash='hash'}]}}) r5 = shmget(0x2, 0x1000, 0x200, &(0x7f0000ffe000/0x1000)=nil) shmctl$SHM_UNLOCK(r5, 0xc) [ 3440.987326][ T6844] Memory cgroup out of memory: Killed process 6844 (syz-executor.5) total-vm:72712kB, anon-rss:172kB, file-rss:35724kB, shmem-rss:0kB [ 3441.003972][ T1044] oom_reaper: reaped process 6844 (syz-executor.5), now anon-rss:0kB, file-rss:34828kB, shmem-rss:0kB 03:33:21 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x6e00, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:33:21 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$inet(0x2, 0x2000000080003, 0xc) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f00000000c0)=@broute={'broute\x00\x00\x00\x00\x02\x00\x00\x00\x00t\x00', 0x20, 0x1, 0x178, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000800], 0x2, 0x0, &(0x7f0000000800)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe, 0x1, [{{{0x11, 0x0, 0x0, 'bcsf0\x00\x00\x00\x00\b\x00', 'veth0_to_bond\x00', 'vcan0\x00', 'vlan0\x00', @broadcast, [], @link_local, [], 0xb0, 0xb0, 0xe8, [@devgroup={'devgroup\x00', 0x18, {{0x38}}}]}}, @common=@dnat={'dnat\x00', 0x10, {{@link_local}}}}]}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}]}, 0x1f0) fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0) 03:33:21 executing program 3: r0 = socket$inet(0xa, 0x801, 0x84) connect$inet(r0, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) listen(r0, 0x593) r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/autofs\x00', 0x103000, 0x0) r2 = syz_genetlink_get_family_id$tipc(&(0x7f0000000100)='TIPC\x00') sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0xc800000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x1c, r2, 0x120, 0x70bd25, 0x25dfdbfd, {}, ["", "", "", "", "", "", ""]}, 0x1c}}, 0x80) r3 = accept4(r0, 0x0, 0x0, 0x0) sendto$unix(r3, &(0x7f0000000480)="48b1902d9f20f37d170d9b1e5209c2c3b3e27b3fc86325463ccec411ec2606354a8aa77c15f8d14067a7bcbf953061a9d7f67ab83d434bb1b753db7a53aa994d92fd4878299f35628dba541ecf1ea4e3de1c4503fb6e38222d26eb88a874bc3daef5ad484e44b789707887f78b8a2257d5461fe37cf28903b4396eb6623012f2549b3493c80eb70f254d6cf0136857c59115aaeeb74bbccc458505c8ca44a8919d5b922fdff1156a5cbc5cf48555d35a2c4d311b2ad8617618ea9ffc604b42455af74fe19fc8ef79b604cf2e0b4f21c10dabe7bdc6963e3e4a93a293861d2c440149a47738d0f5c4ee4d0eab6bb79b8a5554138899abd4f0072e09f1df8402b7c46ea38754176a590a4f05fb974c51cfc9d2146446bea5a6315a2c729a82480a1ddc6de13252772e227dc6e3922d7c9dbb46836040ea5801b54ade34f4c8ff0aef6aa3a066a24371f3c0221065cc65c57bcfc5d347e7b4fdcb1fbecb54d580c7d142120c4198d1858a16370d60909cacf218c8375c5856237eec8b25ef55da2decba76d7211b0e600ad6955a0c9b3ab1f30314ec5cb7c90b68cd99739d11c546a3ab4e8c41094ee101689e95a1c0b1198ee81991d43bb48f4979b0a059157302a7cf77de260bf0293c86233924ff472c52e0fa8bf306cafb4461437bc0bd6e8b43f7cdb87f1f6eba691a77f7e020d178e808071c80d1306a8fe492d6aeae95511f631ba5f73588840e3017ae34fdf8bbd4dd9af2dccbdf0ab1a6b95d68fa35bc59f8e29f61928724c971de3a3813b95f3bff62805ab8c8f2b7737507e445d3200c0d9ff7b7f2f4b75f8f44d095388613b7be3abc477ae70e965f6ab827a3a3ad760cfd64f43a64cc0a673e10d4169934a94c82db7066de0e544f28243467c5e6369a94de2f2d99beca3bac205551ffb2236773b41a6dcdc6b4e551e905a5e9cdae3c7b3e8b921956c6bceb699142f4a363e8af49fa7a2b7b08ecf0460a5efe600e3b3168d68cc52508d0703c2a7b6c4849c7b3f3d0af0ea563ab3c856a37f19cc78774c39aab15ef49b05256e41782ffa1eee585043becb3406fe3423b88b16fd47b38e70d953b8d26ecd8172c8109c19f517f457e58aba06fad2c78f9774252b324bf39bbcc45950e81d4c4ac89bb436840b5a835a0d1d1b86b0464586457bba8df779b50507db73fc61fe1bf80cf2875209539a38ce3fce66981235498ef4a815b468ed3b2d4f25d9b5a010579736d808b70432399e0962737d9d8931d21b610172db52de895018c1b32ba51b105812cbafbd4c8872f4f08a970a0e9555bee1cc707d9565edec086d6f6b6b56a6b649d730fc325408fe5768587403e1209c6e675f5f1e2ccffb6923ff951d7a60af178d7728ec12db0441293f6609105a95903bf9ed50fdf10187bf9064821a4e8e59fdb73d17b63b67dbde223ef67a95d26abef7a278f521ded1cde058503eca14058ed0d0d22c2248406d68d322c9f84b191162fa5516f82e82693e6517741a49533adb0b24085c789f751fc95821a15ff3a36f834c8a45b3bec2f62e5842add40c3b0fbf76c80bb0c9bd19ccd9055d1ef8c91c68c6e2c11f12cfd17b5204c53c4281c4d225ab3bc859917f9c2fb3b36cc65632ad2d6aabea907057111eb4d7c5cb67397886df6da4c750123170024d2128eccb1b3c7bd3f8fde4d7905d96f6812ad57834f533e6c751ff18f1d5a5918e1709ad804fd890c994cb4965c57d746b312", 0x4d1, 0x0, 0x0, 0x0) r4 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r4, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r3, 0x84, 0x7b, &(0x7f0000000080)={0x0, 0x2}, 0x8) shutdown(r3, 0x1) 03:33:21 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000340)={0x0, 0x8500, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:33:21 executing program 1: r0 = syz_open_dev$cec(&(0x7f0000000000)='/dev/cec#\x00', 0x1, 0x2) ioctl$TIOCGPKT(r0, 0x80045438, &(0x7f0000000040)) ioctl$UI_SET_SNDBIT(r0, 0x4004556a, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x5c831, 0xffffffffffffffff, 0x0) r1 = creat(0x0, 0x1) ioctl$PIO_SCRNMAP(r1, 0x4b41, &(0x7f0000000280)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 3441.303712][ T7164] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 03:33:21 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$inet(0x2, 0x2000000080003, 0xc) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f00000000c0)=@broute={'broute\x00\x00\x00\x00\x02\x00\x00\x00\x00t\x00', 0x20, 0x1, 0x178, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000800], 0x2, 0x0, &(0x7f0000000800)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe, 0x1, [{{{0x11, 0x0, 0x0, 'bcsf0\x00\x00\x00\x00\b\x00', 'veth0_to_bond\x00', 'vcan0\x00', 'vlan0\x00', @broadcast, [], @link_local, [], 0xb0, 0xb0, 0xe8, [@devgroup={'devgroup\x00', 0x18, {{0x38}}}]}}, @common=@dnat={'dnat\x00', 0x10, {{@link_local}}}}]}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}]}, 0x1f0) fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0) [ 3441.369715][ T7164] CPU: 0 PID: 7164 Comm: syz-executor.5 Not tainted 5.1.0-rc5-next-20190418 #28 [ 3441.380119][ T7164] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3441.391224][ T7164] Call Trace: [ 3441.394640][ T7164] dump_stack+0x172/0x1f0 [ 3441.399121][ T7164] dump_header+0x10f/0xb6c [ 3441.404060][ T7164] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3441.410457][ T7164] ? ___ratelimit+0x60/0x595 [ 3441.415464][ T7164] ? do_raw_spin_unlock+0x57/0x270 [ 3441.420807][ T7164] oom_kill_process.cold+0x10/0x15 [ 3441.426219][ T7164] out_of_memory+0x79a/0x1280 [ 3441.431072][ T7164] ? lock_downgrade+0x880/0x880 [ 3441.436307][ T7164] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3441.442855][ T7164] ? oom_killer_disable+0x280/0x280 [ 3441.448412][ T7164] ? find_held_lock+0x35/0x130 [ 3441.453661][ T7164] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3441.459972][ T7164] ? memcg_event_wake+0x230/0x230 [ 3441.465565][ T7164] ? do_raw_spin_unlock+0x57/0x270 [ 3441.471119][ T7164] ? _raw_spin_unlock+0x2d/0x50 [ 3441.476205][ T7164] try_charge+0x118d/0x1790 [ 3441.481157][ T7164] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3441.487168][ T7164] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3441.493623][ T7164] ? kasan_check_read+0x11/0x20 [ 3441.499136][ T7164] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3441.505745][ T7164] mem_cgroup_try_charge+0x24d/0x5e0 [ 3441.511642][ T7164] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3441.518075][ T7164] wp_page_copy+0x416/0x1770 [ 3441.522932][ T7164] ? do_wp_page+0x486/0x1500 [ 3441.527925][ T7164] ? pmd_pfn+0x1d0/0x1d0 [ 3441.532746][ T7164] ? lock_downgrade+0x880/0x880 [ 3441.537970][ T7164] ? swp_swapcount+0x540/0x540 [ 3441.544081][ T7164] ? kasan_check_read+0x11/0x20 [ 3441.550462][ T7164] ? do_raw_spin_unlock+0x57/0x270 [ 3441.556874][ T7164] do_wp_page+0x48e/0x1500 [ 3441.561742][ T7164] ? finish_mkwrite_fault+0x540/0x540 [ 3441.568145][ T7164] __handle_mm_fault+0x22e8/0x3ec0 [ 3441.574571][ T7164] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3441.580878][ T7164] ? find_held_lock+0x35/0x130 [ 3441.586706][ T7164] ? handle_mm_fault+0x292/0xa90 [ 3441.593596][ T7164] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3441.601033][ T7164] ? kasan_check_read+0x11/0x20 [ 3441.606777][ T7164] handle_mm_fault+0x3b7/0xa90 [ 3441.611680][ T7164] __do_page_fault+0x5ef/0xda0 [ 3441.616805][ T7164] do_page_fault+0x71/0x581 [ 3441.621608][ T7164] ? page_fault+0x8/0x30 [ 3441.626332][ T7164] page_fault+0x1e/0x30 [ 3441.630711][ T7164] RIP: 0033:0x40de98 [ 3441.630729][ T7164] Code: 8b 34 c6 4a 8d 04 2e 48 3d ff ff ff 7e 0f 86 77 ff ff ff bf 2c e2 4b 00 31 c0 e8 83 3a ff ff 31 ff e8 cc 36 ff ff 0f 1f 40 00 <89> 3c b5 00 00 73 00 eb b6 31 ed 0f 1f 44 00 00 80 3d ce 25 64 00 [ 3441.657142][ T7164] RSP: 002b:00007ffc1533c090 EFLAGS: 00010246 [ 3441.657155][ T7164] RAX: 0000000059009463 RBX: 00000000529323e0 RCX: 0000001b2e620000 [ 3441.657162][ T7164] RDX: 0000000000000000 RSI: 0000000000001463 RDI: ffffffff59009463 [ 3441.657168][ T7164] RBP: 0000000000000003 R08: 0000000059009463 R09: 0000000059009467 [ 3441.657174][ T7164] R10: 00007ffc1533c220 R11: 0000000000000246 R12: 000000000073bf88 [ 3441.657181][ T7164] R13: 0000000080000000 R14: 00007fea32625008 R15: 0000000000000012 [ 3441.677841][ T7164] memory: usage 307200kB, limit 307200kB, failcnt 98433 [ 3441.773428][ T7164] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3441.807162][ T7164] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3441.826620][ T7164] Memory cgroup stats for /syz5: cache:124KB rss:99480KB rss_huge:0KB shmem:132KB mapped_file:0KB dirty:132KB writeback:0KB swap:0KB inactive_anon:132KB active_anon:99468KB inactive_file:4KB active_file:0KB unevictable:0KB [ 3441.855741][ T7164] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=16589,uid=0 [ 3441.878264][ T7164] Memory cgroup out of memory: Killed process 16589 (syz-executor.5) total-vm:72448kB, anon-rss:156kB, file-rss:34816kB, shmem-rss:0kB [ 3441.959329][ T7164] syz-executor.5 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 3441.973909][ T7164] CPU: 1 PID: 7164 Comm: syz-executor.5 Not tainted 5.1.0-rc5-next-20190418 #28 [ 3441.984140][ T7164] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3441.996168][ T7164] Call Trace: [ 3441.999705][ T7164] dump_stack+0x172/0x1f0 [ 3442.004160][ T7164] dump_header+0x10f/0xb6c [ 3442.008643][ T7164] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3442.014557][ T7164] ? ___ratelimit+0x60/0x595 [ 3442.019970][ T7164] ? do_raw_spin_unlock+0x57/0x270 [ 3442.025494][ T7164] oom_kill_process.cold+0x10/0x15 [ 3442.031090][ T7164] out_of_memory+0x79a/0x1280 [ 3442.036550][ T7164] ? lock_downgrade+0x880/0x880 [ 3442.041692][ T7164] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3442.048387][ T7164] ? oom_killer_disable+0x280/0x280 [ 3442.054232][ T7164] ? find_held_lock+0x35/0x130 [ 3442.059143][ T7164] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3442.065391][ T7164] ? memcg_event_wake+0x230/0x230 [ 3442.070985][ T7164] ? do_raw_spin_unlock+0x57/0x270 [ 3442.076597][ T7164] ? _raw_spin_unlock+0x2d/0x50 [ 3442.082333][ T7164] try_charge+0x118d/0x1790 [ 3442.087009][ T7164] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3442.093387][ T7164] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 3442.099244][ T7164] ? find_held_lock+0x35/0x130 [ 3442.104143][ T7164] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 3442.110048][ T7164] __memcg_kmem_charge_memcg+0x7c/0x130 [ 3442.116172][ T7164] ? memcg_kmem_put_cache+0xb0/0xb0 [ 3442.122190][ T7164] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3442.128209][ T7164] __memcg_kmem_charge+0x136/0x300 [ 3442.133619][ T7164] __alloc_pages_nodemask+0x437/0x7e0 [ 3442.139125][ T7164] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3442.145473][ T7164] ? __alloc_pages_slowpath+0x28b0/0x28b0 [ 3442.151489][ T7164] ? copy_process.part.0+0x1d40/0x7a90 [ 3442.157303][ T7164] ? lockdep_hardirqs_on+0x418/0x5d0 [ 3442.163118][ T7164] ? trace_hardirqs_on+0x67/0x230 [ 3442.168513][ T7164] ? kasan_check_read+0x11/0x20 [ 3442.173886][ T7164] copy_process.part.0+0x3e0/0x7a90 [ 3442.179473][ T7164] ? psi_memstall_leave+0x11c/0x180 [ 3442.185383][ T7164] ? kvm_sched_clock_read+0x9/0x20 [ 3442.190963][ T7164] ? psi_memstall_leave+0x12e/0x180 [ 3442.196749][ T7164] ? find_held_lock+0x35/0x130 [ 3442.202035][ T7164] ? psi_memstall_leave+0x12e/0x180 [ 3442.208710][ T7164] ? __cleanup_sighand+0x60/0x60 [ 3442.214336][ T7164] ? __lock_acquire+0x548/0x3fb0 [ 3442.220757][ T7164] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3442.227882][ T7164] _do_fork+0x257/0xfd0 [ 3442.232762][ T7164] ? fork_idle+0x1d0/0x1d0 [ 3442.238003][ T7164] ? blkcg_maybe_throttle_current+0x5e2/0xfc0 [ 3442.245271][ T7164] ? lock_downgrade+0x880/0x880 [ 3442.250410][ T7164] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3442.257131][ T7164] ? blkcg_exit_queue+0x30/0x30 [ 3442.262524][ T7164] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3442.268352][ T7164] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3442.274322][ T7164] ? do_syscall_64+0x26/0x670 [ 3442.279697][ T7164] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3442.286147][ T7164] ? do_syscall_64+0x26/0x670 [ 3442.291017][ T7164] __x64_sys_clone+0xbf/0x150 [ 3442.295996][ T7164] do_syscall_64+0x103/0x670 [ 3442.300910][ T7164] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3442.307358][ T7164] RIP: 0033:0x45b5f9 [ 3442.311592][ T7164] Code: ff 48 85 f6 0f 84 d7 8e fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8e fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 3442.333387][ T7164] RSP: 002b:00007ffc1533c028 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 3442.343014][ T7164] RAX: ffffffffffffffda RBX: 00007fea30603700 RCX: 000000000045b5f9 [ 3442.351678][ T7164] RDX: 00007fea306039d0 RSI: 00007fea30602db0 RDI: 00000000003d0f00 [ 3442.360308][ T7164] RBP: 00007ffc1533c230 R08: 00007fea30603700 R09: 00007fea30603700 [ 3442.370306][ T7164] R10: 00007fea306039d0 R11: 0000000000000202 R12: 0000000000000000 [ 3442.379074][ T7164] R13: 00007ffc1533c0df R14: 00007fea306039c0 R15: 000000000073bfac [ 3442.389934][ T7164] memory: usage 307188kB, limit 307200kB, failcnt 98466 [ 3442.397166][ T7164] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3442.406187][ T7164] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3442.414444][ T7164] Memory cgroup stats for /syz5: cache:124KB rss:99612KB rss_huge:0KB shmem:132KB mapped_file:0KB dirty:132KB writeback:0KB swap:0KB inactive_anon:132KB active_anon:99468KB inactive_file:4KB active_file:0KB unevictable:0KB [ 3442.439474][ T7164] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=7164,uid=0 03:33:23 executing program 5: socket$inet_udplite(0x2, 0x2, 0x88) sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000002300)}, 0x0) clone(0x0, 0x0, 0x0, 0x0, 0x0) sysinfo(&(0x7f0000000000)=""/248) r0 = socket$inet(0x10, 0x3, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$sock_ifreq(r1, 0x89f1, &(0x7f0000000180)={'ip6tnl0\x00', @ifru_flags}) 03:33:23 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$inet(0x2, 0x2000000080003, 0xc) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f00000000c0)=@broute={'broute\x00\x00\x00\x00\x02\x00\x00\x00\x00t\x00', 0x20, 0x1, 0x178, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000800], 0x2, 0x0, &(0x7f0000000800)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe, 0x1, [{{{0x11, 0x0, 0x0, 'bcsf0\x00\x00\x00\x00\b\x00', 'veth0_to_bond\x00', 'vcan0\x00', 'vlan0\x00', @broadcast, [], @link_local, [], 0xb0, 0xb0, 0xe8, [@devgroup={'devgroup\x00', 0x18, {{0x38}}}]}}, @common=@dnat={'dnat\x00', 0x10, {{@link_local}}}}]}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}]}, 0x1f0) fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0) 03:33:23 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000340)={0x0, 0x8600, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:33:23 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = syz_open_dev$admmidi(&(0x7f0000000080)='/dev/admmidi#\x00', 0x8000, 0x0) ioctl$VIDIOC_S_HW_FREQ_SEEK(r2, 0x40305652, &(0x7f0000000100)={0x1ff, 0x7, 0x4, 0x8, 0x101, 0x7, 0x1f}) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r4 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000000)='/dev/video36\x00', 0x2, 0x0) ioctl$VIDIOC_G_SELECTION(r4, 0xc040565e, &(0x7f0000000040)={0x8, 0x102, 0x4, {0x7, 0x3f, 0x4, 0xd2}}) ioctl$KVM_SET_LAPIC(r3, 0x4400ae8f, &(0x7f00000008c0)={"3b9fc8f817fe5c1e7d4695528e43cde4b1db4ed7f1a5b3f09b298be102ab03cc289f554359c1626f6d245fa6a71bff8a15e64f4f865b7a962c842fc4c18dc611ede1ba82c206b550df230e964a79a1a23a6853ee2f86bfa4f224dfd9c571ae79f967bd93a1e1c08e312901ec3e11a89df2d38bff6852ebc081f384b4dda341eb0f65e6d7d4b2cda2c5601028553dbed407f2f4fd986e5ad8340d33b6152b222f6231955f8b125f69180d72c7ca97cc50bf106ef903b7e033c7f96c43de78d48ab95646ffa22146e4dc57c0728037c7c9b21a4c4094b6cfd14211c40891fefd2bd320da985defbedc8a8814ed3d1c70e04565038eaae9bed7815c418dfc8d38f5fc423eeca0472c3ce49353674176a4e9ca431c4311c1b6281b2515b712adb422e544239fc2d90b4665a001ee5e32b7a6834275af8c70ccc5a15763e4155f3de1f8cb0120a4a44f9ced551c2592b7a96961841947cbdafae03f09fe1c4f5d063c4e5c154d83726ddd80d0f08bb6ecac80f29e53d1c364e235d6d954185286313b526b167acc907199750e32ef5bc58d9de2301253918a475cef6f8d1f6a8238dd4053d6d15bbd285074244653084ce3f4140c6c95d93fcf64ca24693ea48d5f4f5867648f1966ec8d5271481d9883c3e0c8df38e055d91babee0b13a44c5bff5d5c578fe981f81c5d142c423d3c01f60a4e877350882f1a6df8adcb7c2a16b0600bf1b229d866ec1db93bcef3f1a95e8161afe8ae866f4b06cb33fbf23ab259e06b3da85b9f313869fea0c12b84643d76801fd11e5d8459f31caf2fd7c1f86f81fe4b7bb325d5e0c713aa0da88e1a345a67a688a99e3f97d47d96c80bbd37d0e5092a7c304527f97827d55c8c601c41b7189d3306f2366309070cb2f237bab9d51f47e1ac9226d3505a3580fb3452114722a1bb9dd547279e1da4d2f47d21d77b7e9db2d45946db2780fe05d7990c257245934105571a621a7553fd0bc4b7c5dd5cd1a00e779ace008ecb11a7504d2b5222e467cde204276d81d62525c0d96fd345afb60d92237ce00bfe3368e20a30065050542858dbd0506b48e357685f30583ce3e7ff62e799337a6a749614f6666f717aeab5e0b99ab316257fac6cc63417d7a7ae8ad0cd53275e8ca57c29017c0cfbb87e3c126f027b7bc3a85229818f11975ab82e0e1c61e47c319d6df332d9b4e601da269ce3ad612454380936c710309da69328f0ca7c7c67d0fe098261209a28256d8ef2fb50159e3d8c6e3a153f27fc3c3cf6e0fe7cc8a908fa1025ee613d1795f66e1d5eec74a8bd1a965b7133091223c25f4125e314f43ac965ab268a39ff98e47daf54271a307e1b54359f4974cf5be1c578c5f8e2eb66dfb4f87137b87bafa264725acfa4dae2e4632e82897dbd395e335d539e9c7bb4c680eb4e76520357034797da806c4f981e9eeb1ae870"}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb], 0x1f000}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 03:33:23 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x6f00, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:33:23 executing program 1: r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm_plock\x00', 0x80, 0x0) write$nbd(r0, &(0x7f0000000080)={0x1000000, 0x3, 0x0, 0x0, 0x0, "82b0cfc4336aa6771538be0633e8bd348061ec82ee1850b35616b17333ad88f7e4a258981e458e96afda2a87223ba7f4"}, 0x40) [ 3442.458448][ T7164] Memory cgroup out of memory: Killed process 7164 (syz-executor.5) total-vm:72580kB, anon-rss:160kB, file-rss:35720kB, shmem-rss:0kB [ 3442.475621][ T1044] oom_reaper: reaped process 7164 (syz-executor.5), now anon-rss:0kB, file-rss:34824kB, shmem-rss:0kB 03:33:23 executing program 1: r0 = socket(0x1e, 0x4, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000080)=@req={0x3fc, 0x0, 0x2}, 0xf6) getsockopt$inet_sctp_SCTP_PR_SUPPORTED(0xffffffffffffffff, 0x84, 0x71, 0x0, &(0x7f0000000040)) prctl$PR_MPX_ENABLE_MANAGEMENT(0x2b) setresuid(0x0, 0xfffe, 0x0) r1 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$inet_int(r1, 0x0, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r0, 0x84, 0x71, 0x0, &(0x7f00000000c0)=0x9d) dup(0xffffffffffffffff) 03:33:23 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x7000, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:33:23 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$inet(0x2, 0x2000000080003, 0xc) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f00000000c0)=@broute={'broute\x00\x00\x00\x00\x02\x00\x00\x00\x00t\x00', 0x20, 0x1, 0x178, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000800], 0x2, 0x0, &(0x7f0000000800)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe, 0x1, [{{{0x11, 0x0, 0x0, 'bcsf0\x00\x00\x00\x00\b\x00', 'veth0_to_bond\x00', 'vcan0\x00', 'vlan0\x00', @broadcast, [], @link_local, [], 0xb0, 0xb0, 0xe8, [@devgroup={'devgroup\x00', 0x18, {{0x38}}}]}}, @common=@dnat={'dnat\x00', 0x10, {{@link_local}}}}]}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}]}, 0x1f0) fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0) [ 3442.695014][ T7411] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 03:33:23 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000340)={0x0, 0x8700, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) [ 3442.786087][ T7411] CPU: 1 PID: 7411 Comm: syz-executor.5 Not tainted 5.1.0-rc5-next-20190418 #28 [ 3442.795620][ T7411] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3442.795627][ T7411] Call Trace: [ 3442.795653][ T7411] dump_stack+0x172/0x1f0 [ 3442.795677][ T7411] dump_header+0x10f/0xb6c [ 3442.818767][ T7411] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3442.824794][ T7411] ? ___ratelimit+0x60/0x595 [ 3442.829510][ T7411] ? do_raw_spin_unlock+0x57/0x270 [ 3442.834847][ T7411] oom_kill_process.cold+0x10/0x15 [ 3442.840142][ T7411] out_of_memory+0x79a/0x1280 [ 3442.840161][ T7411] ? lock_downgrade+0x880/0x880 [ 3442.840175][ T7411] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3442.840207][ T7411] ? oom_killer_disable+0x280/0x280 [ 3442.840217][ T7411] ? find_held_lock+0x35/0x130 [ 3442.840241][ T7411] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3442.840255][ T7411] ? memcg_event_wake+0x230/0x230 [ 3442.840274][ T7411] ? do_raw_spin_unlock+0x57/0x270 03:33:23 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x7100, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) [ 3442.840289][ T7411] ? _raw_spin_unlock+0x2d/0x50 [ 3442.840304][ T7411] try_charge+0x118d/0x1790 [ 3442.840325][ T7411] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3442.840338][ T7411] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3442.840352][ T7411] ? kasan_check_read+0x11/0x20 [ 3442.840371][ T7411] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3442.915792][ T7411] mem_cgroup_try_charge+0x24d/0x5e0 [ 3442.921103][ T7411] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3442.927315][ T7411] wp_page_copy+0x416/0x1770 [ 3442.931937][ T7411] ? do_wp_page+0x486/0x1500 [ 3442.936749][ T7411] ? pmd_pfn+0x1d0/0x1d0 [ 3442.941256][ T7411] ? lock_downgrade+0x880/0x880 [ 3442.946272][ T7411] ? __pte_alloc_kernel+0x220/0x220 [ 3442.951500][ T7411] ? kasan_check_read+0x11/0x20 [ 3442.956539][ T7411] ? do_raw_spin_unlock+0x57/0x270 [ 3442.961777][ T7411] do_wp_page+0x48e/0x1500 [ 3442.966255][ T7411] ? do_raw_spin_lock+0x12a/0x2e0 [ 3442.971352][ T7411] ? rwlock_bug.part.0+0x90/0x90 [ 3442.976314][ T7411] ? finish_mkwrite_fault+0x540/0x540 [ 3442.982149][ T7411] ? add_mm_counter_fast.part.0+0x40/0x40 [ 3442.988014][ T7411] __handle_mm_fault+0x22e8/0x3ec0 [ 3442.993142][ T7411] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3442.998753][ T7411] ? find_held_lock+0x35/0x130 [ 3443.003527][ T7411] ? handle_mm_fault+0x292/0xa90 [ 3443.008725][ T7411] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3443.015243][ T7411] ? kasan_check_read+0x11/0x20 [ 3443.020104][ T7411] handle_mm_fault+0x3b7/0xa90 [ 3443.024884][ T7411] __do_page_fault+0x5ef/0xda0 [ 3443.029752][ T7411] do_page_fault+0x71/0x581 [ 3443.034348][ T7411] ? page_fault+0x8/0x30 [ 3443.038687][ T7411] page_fault+0x1e/0x30 [ 3443.042936][ T7411] RIP: 0033:0x40de98 [ 3443.046834][ T7411] Code: 8b 34 c6 4a 8d 04 2e 48 3d ff ff ff 7e 0f 86 77 ff ff ff bf 2c e2 4b 00 31 c0 e8 83 3a ff ff 31 ff e8 cc 36 ff ff 0f 1f 40 00 <89> 3c b5 00 00 73 00 eb b6 31 ed 0f 1f 44 00 00 80 3d ce 25 64 00 [ 3443.066550][ T7411] RSP: 002b:00007ffc1533c090 EFLAGS: 00010246 [ 3443.072887][ T7411] RAX: 000000003ea6d7e9 RBX: 000000008b2dd9e4 RCX: 0000001b2e620000 03:33:23 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$inet(0x2, 0x2000000080003, 0xc) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f00000000c0)=@broute={'broute\x00\x00\x00\x00\x02\x00\x00\x00\x00t\x00', 0x20, 0x1, 0x178, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000800], 0x2, 0x0, &(0x7f0000000800)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe, 0x1, [{{{0x11, 0x0, 0x0, 'bcsf0\x00\x00\x00\x00\b\x00', 'veth0_to_bond\x00', 'vcan0\x00', 'vlan0\x00', @broadcast, [], @link_local, [], 0xb0, 0xb0, 0xe8, [@devgroup={'devgroup\x00', 0x18, {{0x38}}}]}}, @common=@dnat={'dnat\x00', 0x10, {{@link_local}}}}]}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}]}, 0x1f0) fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0) [ 3443.080858][ T7411] RDX: 0000000000000000 RSI: 00000000000017e9 RDI: ffffffff3ea6d7e9 [ 3443.089030][ T7411] RBP: 0000000000000001 R08: 000000003ea6d7e9 R09: 000000003ea6d7ed [ 3443.097006][ T7411] R10: 00007ffc1533c220 R11: 0000000000000246 R12: 000000000073bf88 [ 3443.105174][ T7411] R13: 0000000080000000 R14: 00007fea32625008 R15: 0000000000000001 [ 3443.249106][ T7411] memory: usage 307200kB, limit 307200kB, failcnt 98499 [ 3443.256308][ T7411] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3443.275433][ T7411] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3443.315168][ T7411] Memory cgroup stats for /syz5: cache:124KB rss:99612KB rss_huge:0KB shmem:132KB mapped_file:0KB dirty:132KB writeback:0KB swap:0KB inactive_anon:132KB active_anon:99600KB inactive_file:4KB active_file:0KB unevictable:0KB [ 3443.351402][ T7411] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=16861,uid=0 [ 3443.380736][ T7411] Memory cgroup out of memory: Killed process 16861 (syz-executor.5) total-vm:72448kB, anon-rss:156kB, file-rss:34816kB, shmem-rss:0kB [ 3443.470108][ T7445] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3443.484967][ T7445] CPU: 0 PID: 7445 Comm: syz-executor.5 Not tainted 5.1.0-rc5-next-20190418 #28 [ 3443.494029][ T7445] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3443.504107][ T7445] Call Trace: [ 3443.507476][ T7445] dump_stack+0x172/0x1f0 [ 3443.511798][ T7445] dump_header+0x10f/0xb6c [ 3443.516242][ T7445] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3443.522035][ T7445] ? ___ratelimit+0x60/0x595 [ 3443.526632][ T7445] ? do_raw_spin_unlock+0x57/0x270 [ 3443.531733][ T7445] oom_kill_process.cold+0x10/0x15 [ 3443.536839][ T7445] out_of_memory+0x79a/0x1280 [ 3443.541505][ T7445] ? lock_downgrade+0x880/0x880 [ 3443.546350][ T7445] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3443.552603][ T7445] ? oom_killer_disable+0x280/0x280 [ 3443.557800][ T7445] ? find_held_lock+0x35/0x130 [ 3443.562617][ T7445] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3443.568152][ T7445] ? memcg_event_wake+0x230/0x230 [ 3443.573187][ T7445] ? do_raw_spin_unlock+0x57/0x270 [ 3443.578299][ T7445] ? _raw_spin_unlock+0x2d/0x50 [ 3443.583146][ T7445] try_charge+0x118d/0x1790 [ 3443.587730][ T7445] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3443.593277][ T7445] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3443.599506][ T7445] ? kasan_check_read+0x11/0x20 [ 3443.604462][ T7445] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3443.609995][ T7445] mem_cgroup_try_charge+0x24d/0x5e0 [ 3443.615291][ T7445] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3443.620939][ T7445] wp_page_copy+0x416/0x1770 [ 3443.625537][ T7445] ? do_wp_page+0x486/0x1500 [ 3443.630137][ T7445] ? pmd_pfn+0x1d0/0x1d0 [ 3443.634563][ T7445] ? find_held_lock+0x35/0x130 [ 3443.639315][ T7445] ? lock_downgrade+0x880/0x880 [ 3443.644156][ T7445] ? swp_swapcount+0x540/0x540 [ 3443.648993][ T7445] ? kasan_check_read+0x11/0x20 [ 3443.653828][ T7445] ? do_raw_spin_unlock+0x57/0x270 [ 3443.658929][ T7445] do_wp_page+0x48e/0x1500 [ 3443.663335][ T7445] ? finish_mkwrite_fault+0x540/0x540 [ 3443.668788][ T7445] __handle_mm_fault+0x22e8/0x3ec0 [ 3443.673890][ T7445] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3443.679560][ T7445] ? find_held_lock+0x35/0x130 [ 3443.684314][ T7445] ? handle_mm_fault+0x292/0xa90 [ 3443.689246][ T7445] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3443.695475][ T7445] ? kasan_check_read+0x11/0x20 [ 3443.700332][ T7445] handle_mm_fault+0x3b7/0xa90 [ 3443.705088][ T7445] __do_page_fault+0x5ef/0xda0 [ 3443.709871][ T7445] do_page_fault+0x71/0x581 [ 3443.714377][ T7445] page_fault+0x1e/0x30 [ 3443.718518][ T7445] RIP: 0010:copy_user_enhanced_fast_string+0xe/0x20 [ 3443.725091][ T7445] Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 89 d1 f3 a4 [ 3443.744890][ T7445] RSP: 0018:ffff8881b13efdc0 EFLAGS: 00010206 [ 3443.750943][ T7445] RAX: ffffed103627dfd5 RBX: 0000000000000070 RCX: 0000000000000070 [ 3443.758925][ T7445] RDX: 0000000000000070 RSI: ffff8881b13efe38 RDI: 0000000020000000 [ 3443.766970][ T7445] RBP: ffff8881b13efdf8 R08: 1ffff1103627dfc7 R09: ffffed103627dfd5 [ 3443.775037][ T7445] R10: ffffed103627dfd4 R11: ffff8881b13efea7 R12: 0000000020000000 [ 3443.783008][ T7445] R13: ffff8881b13efe38 R14: 0000000020000070 R15: 00007ffffffff000 [ 3443.790992][ T7445] ? _copy_to_user+0xf7/0x120 [ 3443.795836][ T7445] __do_sys_sysinfo+0x92/0xf0 [ 3443.800498][ T7445] ? do_sysinfo+0x390/0x390 [ 3443.804997][ T7445] ? lockdep_hardirqs_on+0x418/0x5d0 [ 3443.810443][ T7445] ? trace_hardirqs_on+0x67/0x230 [ 3443.815469][ T7445] __x64_sys_sysinfo+0x31/0x40 [ 3443.820230][ T7445] do_syscall_64+0x103/0x670 [ 3443.824809][ T7445] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3443.830684][ T7445] RIP: 0033:0x458c29 [ 3443.834580][ T7445] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3443.854175][ T7445] RSP: 002b:00007fea30623c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000063 [ 3443.862571][ T7445] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000458c29 [ 3443.870532][ T7445] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000000 [ 3443.878488][ T7445] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 3443.886456][ T7445] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fea306246d4 [ 3443.894436][ T7445] R13: 00000000004c7514 R14: 00000000004dd460 R15: 00000000ffffffff [ 3443.913182][ T7445] memory: usage 307196kB, limit 307200kB, failcnt 98516 [ 3443.928768][ T7445] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3443.937001][ T7445] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3443.946976][ T7445] Memory cgroup stats for /syz5: cache:124KB rss:99480KB rss_huge:0KB shmem:132KB mapped_file:0KB dirty:132KB writeback:0KB swap:0KB inactive_anon:132KB active_anon:99600KB inactive_file:4KB active_file:0KB unevictable:0KB [ 3443.969470][ T7445] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=17136,uid=0 [ 3443.985189][ T7445] Memory cgroup out of memory: Killed process 17136 (syz-executor.5) total-vm:72448kB, anon-rss:156kB, file-rss:34816kB, shmem-rss:0kB [ 3444.000534][ T1044] oom_reaper: reaped process 17136 (syz-executor.5), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 3444.033144][ T7744] syz-executor.5 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 3444.046355][ T7744] CPU: 0 PID: 7744 Comm: syz-executor.5 Not tainted 5.1.0-rc5-next-20190418 #28 [ 3444.055488][ T7744] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3444.065641][ T7744] Call Trace: [ 3444.068984][ T7744] dump_stack+0x172/0x1f0 [ 3444.073321][ T7744] dump_header+0x10f/0xb6c [ 3444.078159][ T7744] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3444.083958][ T7744] ? ___ratelimit+0x60/0x595 [ 3444.088571][ T7744] ? do_raw_spin_unlock+0x57/0x270 [ 3444.093776][ T7744] oom_kill_process.cold+0x10/0x15 [ 3444.099216][ T7744] out_of_memory+0x79a/0x1280 [ 3444.103906][ T7744] ? lock_downgrade+0x880/0x880 [ 3444.108776][ T7744] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3444.115030][ T7744] ? oom_killer_disable+0x280/0x280 [ 3444.120227][ T7744] ? find_held_lock+0x35/0x130 [ 3444.125006][ T7744] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3444.130939][ T7744] ? memcg_event_wake+0x230/0x230 [ 3444.136012][ T7744] ? do_raw_spin_unlock+0x57/0x270 [ 3444.141172][ T7744] ? _raw_spin_unlock+0x2d/0x50 [ 3444.146114][ T7744] try_charge+0x118d/0x1790 [ 3444.150808][ T7744] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3444.156366][ T7744] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 3444.162022][ T7744] ? find_held_lock+0x35/0x130 [ 3444.166780][ T7744] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 3444.172330][ T7744] __memcg_kmem_charge_memcg+0x7c/0x130 [ 3444.177896][ T7744] ? memcg_kmem_put_cache+0xb0/0xb0 [ 3444.183099][ T7744] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3444.188663][ T7744] __memcg_kmem_charge+0x136/0x300 [ 3444.193780][ T7744] __alloc_pages_nodemask+0x437/0x7e0 [ 3444.199272][ T7744] ? __alloc_pages_slowpath+0x28b0/0x28b0 [ 3444.205018][ T7744] ? save_stack+0x45/0xb0 [ 3444.209367][ T7744] ? __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 3444.215174][ T7744] ? kasan_slab_alloc+0xf/0x20 [ 3444.220048][ T7744] ? kmem_cache_alloc+0x11a/0x6f0 [ 3444.225104][ T7744] ? anon_vma_fork+0x1ea/0x4a0 [ 3444.229905][ T7744] ? copy_process.part.0+0x3547/0x7a90 [ 3444.235502][ T7744] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3444.241762][ T7744] alloc_pages_current+0x107/0x210 [ 3444.247424][ T7744] get_zeroed_page+0x14/0x50 [ 3444.252031][ T7744] __pud_alloc+0x3b/0x250 [ 3444.256680][ T7744] pud_alloc+0xde/0x150 [ 3444.260933][ T7744] copy_page_range+0x383/0x1fc0 [ 3444.265819][ T7744] ? __lock_acquire+0x548/0x3fb0 [ 3444.270862][ T7744] ? anon_vma_fork+0x371/0x4a0 [ 3444.275642][ T7744] ? find_held_lock+0x35/0x130 [ 3444.280548][ T7744] ? copy_process.part.0+0x3159/0x7a90 [ 3444.286008][ T7744] ? pmd_alloc+0x180/0x180 [ 3444.290439][ T7744] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 3444.296183][ T7744] ? validate_mm_rb+0xa3/0xc0 [ 3444.300894][ T7744] ? __vma_link_rb+0x279/0x370 [ 3444.305687][ T7744] ? kasan_check_write+0x14/0x20 [ 3444.310644][ T7744] copy_process.part.0+0x5afb/0x7a90 [ 3444.316210][ T7744] ? __cleanup_sighand+0x60/0x60 [ 3444.321228][ T7744] _do_fork+0x257/0xfd0 [ 3444.325396][ T7744] ? fork_idle+0x1d0/0x1d0 [ 3444.330003][ T7744] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3444.335491][ T7744] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3444.340962][ T7744] ? do_syscall_64+0x26/0x670 [ 3444.345653][ T7744] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3444.351762][ T7744] ? do_syscall_64+0x26/0x670 [ 3444.356537][ T7744] __x64_sys_clone+0xbf/0x150 [ 3444.361218][ T7744] do_syscall_64+0x103/0x670 [ 3444.365810][ T7744] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3444.371711][ T7744] RIP: 0033:0x458c29 [ 3444.375703][ T7744] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3444.395464][ T7744] RSP: 002b:00007fea30602c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 3444.403989][ T7744] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000458c29 [ 3444.412239][ T7744] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 3444.420238][ T7744] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 3444.428225][ T7744] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fea306036d4 [ 3444.436662][ T7744] R13: 00000000004befd3 R14: 00000000004d0020 R15: 00000000ffffffff [ 3444.445962][ T7744] memory: usage 307040kB, limit 307200kB, failcnt 98535 [ 3444.453110][ T7744] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3444.460750][ T7744] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 03:33:25 executing program 5: socket$inet_udplite(0x2, 0x2, 0x88) sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000002300)}, 0x0) clone(0x0, 0x0, 0x0, 0x0, 0x0) sysinfo(&(0x7f0000000000)=""/248) r0 = socket$inet(0x10, 0x3, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$sock_ifreq(r1, 0x89f1, &(0x7f0000000180)={'ip6tnl0\x00', @ifru_flags}) 03:33:25 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000340)={0x0, 0x8800, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:33:25 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x7200, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:33:25 executing program 1: r0 = accept4$inet6(0xffffffffffffff9c, &(0x7f00000000c0), &(0x7f0000000100)=0x1c, 0x80800) getsockopt$inet_sctp6_SCTP_CONTEXT(0xffffffffffffffff, 0x84, 0x11, &(0x7f0000000140)={0x0, 0xfff}, &(0x7f0000000180)=0x8) getsockopt$inet_sctp6_SCTP_LOCAL_AUTH_CHUNKS(r0, 0x84, 0x1b, &(0x7f00000001c0)={r1, 0x33, "61a5cce4f8edfbac542802db1be14a105223288d6cbdf3704c051e032492ea21f1cd6ba7391e52f664ace360614bc8e5bddbba"}, &(0x7f0000000200)=0x3b) r2 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer\x00', 0x0, 0x0) r3 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/autofs\x00', 0x0, 0x0) ioctl$KVM_SET_XCRS(r2, 0x4188aea7, &(0x7f00000002c0)={0x5, 0x7ff, [{0x20, 0x0, 0x1000}, {0xfffffffffffeffff, 0x0, 0x7ff}, {0x3f, 0x0, 0xb938}, {0x6, 0x0, 0x7}, {0x6, 0x0, 0x8001}]}) fremovexattr(r3, &(0x7f0000000040)=ANY=[@ANYBLOB='osx.~th1@keyringselinux}):,em1[\x00']) ioctl(r3, 0x800000000000937e, &(0x7f0000000280)="0100000000000000180100000400000000000000000000002f") 03:33:25 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$inet(0x2, 0x2000000080003, 0xc) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f00000000c0)=@broute={'broute\x00\x00\x00\x00\x02\x00\x00\x00\x00t\x00', 0x20, 0x1, 0x178, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000800], 0x2, 0x0, &(0x7f0000000800)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe, 0x1, [{{{0x11, 0x0, 0x0, 'bcsf0\x00\x00\x00\x00\b\x00', 'veth0_to_bond\x00', 'vcan0\x00', 'vlan0\x00', @broadcast, [], @link_local, [], 0xb0, 0xb0, 0xe8, [@devgroup={'devgroup\x00', 0x18, {{0x38}}}]}}, @common=@dnat={'dnat\x00', 0x10, {{@link_local}}}}]}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}]}, 0x1f0) fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0) 03:33:25 executing program 3: r0 = syz_open_dev$sndpcmp(&(0x7f0000000080)='/dev/snd/pcmC#D#p\x00', 0x6, 0x42) getdents64(r0, &(0x7f00000000c0)=""/108, 0x6c) ioctl$sock_bt_hidp_HIDPCONNADD(r0, 0x400448c8, &(0x7f0000000380)={r0, r0, 0x8, 0x38, &(0x7f0000000340)="55e8826864f8dc7b2e38d49a38c9a758d88afeae98c280b3c200e7739f7b17786720290a32df5c86ba70504b6b7ce9a921380d2920a29f41", 0x6, 0x1000, 0x8, 0x5, 0x100, 0x2, 0x794, 'syz0\x00'}) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r2 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r0, 0x84, 0x6, &(0x7f0000000140)={0x0, @in={{0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x18}}}}, &(0x7f0000000200)=0x84) getsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x1f, &(0x7f0000000240)={r3, @in={{0x2, 0x4e20, @multicast1}}, 0x8, 0x7ff}, &(0x7f0000000300)=0x90) ioctl$SCSI_IOCTL_SEND_COMMAND(r2, 0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="000300000000771ca058b149"]) ioctl$VIDIOC_QUERYMENU(r0, 0xc02c5625, &(0x7f0000000440)={0x5, 0x5, @name="9892f420963f34bd2806eb9e5536235fcc3cd74033363f8d5211b284f72487e6"}) [ 3444.467827][ T7744] Memory cgroup stats for /syz5: cache:124KB rss:99480KB rss_huge:0KB shmem:132KB mapped_file:0KB dirty:132KB writeback:0KB swap:0KB inactive_anon:132KB active_anon:99600KB inactive_file:4KB active_file:0KB unevictable:0KB [ 3444.489768][ T7744] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=7411,uid=0 [ 3444.505626][ T7744] Memory cgroup out of memory: Killed process 7411 (syz-executor.5) total-vm:72580kB, anon-rss:160kB, file-rss:35720kB, shmem-rss:0kB 03:33:25 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x10000000000c00, 0x0) r1 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dlm-control\x00', 0x8002, 0x0) ioctl$SG_NEXT_CMD_LEN(r1, 0x2283, &(0x7f00000000c0)=0xd3) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_IOEVENTFD(r2, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0xffffffffffffffff, 0x4}) 03:33:25 executing program 1: syz_init_net_socket$ax25(0x3, 0x0, 0xffff7ffffffffffc) r0 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000000)='/dev/cachefiles\x00', 0x40, 0x0) getsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000003840)={{{@in6=@dev, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{}, 0x0, @in=@broadcast}}, &(0x7f0000003940)=0xe8) ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000003980)={r1, 0x7f, 0x5, 0x2, 0xfffffffffffff447, 0x0, 0x7}) bind$ax25(r0, 0x0, 0x0) syz_init_net_socket$llc(0x1a, 0x3, 0x0) madvise(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x6f) 03:33:25 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x7300, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:33:25 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$inet(0x2, 0x2000000080003, 0xc) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f00000000c0)=@broute={'broute\x00\x00\x00\x00\x02\x00\x00\x00\x00t\x00', 0x20, 0x1, 0x178, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000800], 0x2, 0x0, &(0x7f0000000800)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe, 0x1, [{{{0x11, 0x0, 0x0, 'bcsf0\x00\x00\x00\x00\b\x00', 'veth0_to_bond\x00', 'vcan0\x00', 'vlan0\x00', @broadcast, [], @link_local, [], 0xb0, 0xb0, 0xe8, [@devgroup={'devgroup\x00', 0x18, {{0x38}}}]}}, @common=@dnat={'dnat\x00', 0x10, {{@link_local}}}}]}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}]}, 0x1f0) fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0) 03:33:25 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000340)={0x0, 0x8900, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) [ 3444.785704][ T7889] syz-executor.5 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 03:33:25 executing program 1: mmap(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x0, 0x1b071, 0xffffffffffffffff, 0x0) mremap(&(0x7f000000d000/0x2000)=nil, 0xfffffffffffffe74, 0x1000, 0x3, &(0x7f0000007000/0x1000)=nil) remap_file_pages(&(0x7f0000003000/0x9000)=nil, 0x9000, 0x0, 0x0, 0x0) r0 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/qat_adf_ctl\x00', 0x412103, 0x0) ioctl$KVM_RUN(r0, 0xae80, 0x0) [ 3444.913797][ T7889] CPU: 1 PID: 7889 Comm: syz-executor.5 Not tainted 5.1.0-rc5-next-20190418 #28 [ 3444.923070][ T7889] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3444.933153][ T7889] Call Trace: [ 3444.936475][ T7889] dump_stack+0x172/0x1f0 [ 3444.941024][ T7889] dump_header+0x10f/0xb6c [ 3444.945461][ T7889] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3444.951281][ T7889] ? ___ratelimit+0x60/0x595 [ 3444.955890][ T7889] ? do_raw_spin_unlock+0x57/0x270 [ 3444.961018][ T7889] oom_kill_process.cold+0x10/0x15 [ 3444.961034][ T7889] out_of_memory+0x79a/0x1280 [ 3444.961050][ T7889] ? lock_downgrade+0x880/0x880 [ 3444.961066][ T7889] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3444.961083][ T7889] ? oom_killer_disable+0x280/0x280 [ 3444.970858][ T7889] ? find_held_lock+0x35/0x130 [ 3444.992442][ T7889] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3444.998010][ T7889] ? memcg_event_wake+0x230/0x230 [ 3445.003232][ T7889] ? do_raw_spin_unlock+0x57/0x270 [ 3445.008433][ T7889] ? _raw_spin_unlock+0x2d/0x50 [ 3445.013287][ T7889] try_charge+0x118d/0x1790 [ 3445.017795][ T7889] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3445.023336][ T7889] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 3445.028975][ T7889] ? find_held_lock+0x35/0x130 [ 3445.033918][ T7889] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 3445.039469][ T7889] __memcg_kmem_charge_memcg+0x7c/0x130 [ 3445.045025][ T7889] ? memcg_kmem_put_cache+0xb0/0xb0 [ 3445.050235][ T7889] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3445.055868][ T7889] __memcg_kmem_charge+0x136/0x300 [ 3445.061071][ T7889] __alloc_pages_nodemask+0x437/0x7e0 [ 3445.066456][ T7889] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3445.072708][ T7889] ? __alloc_pages_slowpath+0x28b0/0x28b0 [ 3445.078428][ T7889] ? copy_process.part.0+0x1d40/0x7a90 [ 3445.084249][ T7889] ? lockdep_hardirqs_on+0x418/0x5d0 [ 3445.089556][ T7889] ? trace_hardirqs_on+0x67/0x230 [ 3445.094690][ T7889] ? kasan_check_read+0x11/0x20 [ 3445.099566][ T7889] copy_process.part.0+0x3e0/0x7a90 [ 3445.104882][ T7889] ? __lock_acquire+0x548/0x3fb0 [ 3445.109838][ T7889] ? find_held_lock+0x35/0x130 [ 3445.114599][ T7889] ? kcov_ioctl+0x53/0x200 [ 3445.119024][ T7889] ? __might_fault+0x12b/0x1e0 [ 3445.123817][ T7889] ? __cleanup_sighand+0x60/0x60 [ 3445.128766][ T7889] ? lock_downgrade+0x880/0x880 [ 3445.133645][ T7889] _do_fork+0x257/0xfd0 [ 3445.137831][ T7889] ? fork_idle+0x1d0/0x1d0 [ 3445.142535][ T7889] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3445.147998][ T7889] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3445.153457][ T7889] ? do_syscall_64+0x26/0x670 [ 3445.158269][ T7889] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3445.164330][ T7889] ? do_syscall_64+0x26/0x670 [ 3445.169119][ T7889] __x64_sys_clone+0xbf/0x150 [ 3445.173796][ T7889] do_syscall_64+0x103/0x670 [ 3445.178387][ T7889] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3445.184275][ T7889] RIP: 0033:0x458c29 [ 3445.188294][ T7889] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3445.208721][ T7889] RSP: 002b:00007fea30602c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 3445.217418][ T7889] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000458c29 [ 3445.225389][ T7889] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 3445.233444][ T7889] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 3445.241619][ T7889] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fea306036d4 [ 3445.249622][ T7889] R13: 00000000004befd3 R14: 00000000004d0020 R15: 00000000ffffffff [ 3445.268358][ T7889] memory: usage 307196kB, limit 307200kB, failcnt 98591 [ 3445.290478][ T7889] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3445.301685][ T7889] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3445.310517][ T7889] Memory cgroup stats for /syz5: cache:124KB rss:99612KB rss_huge:0KB shmem:132KB mapped_file:0KB dirty:132KB writeback:0KB swap:0KB inactive_anon:132KB active_anon:99468KB inactive_file:4KB active_file:0KB unevictable:0KB [ 3445.342776][ T7889] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=7771,uid=0 [ 3445.365061][ T7889] Memory cgroup out of memory: Killed process 7771 (syz-executor.5) total-vm:72712kB, anon-rss:160kB, file-rss:35724kB, shmem-rss:0kB 03:33:26 executing program 5: socket$inet_udplite(0x2, 0x2, 0x88) sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000002300)}, 0x0) clone(0x0, 0x0, 0x0, 0x0, 0x0) sysinfo(&(0x7f0000000000)=""/248) r0 = socket$inet(0x10, 0x3, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$sock_ifreq(r1, 0x89f1, &(0x7f0000000180)={'ip6tnl0\x00', @ifru_flags}) 03:33:26 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x7338, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:33:26 executing program 3: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0xa, 0x2, 0x88) sendmsg$kcm(r0, &(0x7f0000000240)={&(0x7f0000000080)=@in6={0xa, 0x4e24, 0x0, @mcast2}, 0x80, 0x0}, 0x8000) r1 = open(&(0x7f0000000480)='./file0\x00', 0x2, 0x100) getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(r1, 0x84, 0x7, &(0x7f00000004c0), &(0x7f0000000500)=0x4) sendmsg(r0, &(0x7f00000027c0)={0x0, 0xb9, &(0x7f0000002580)=[{&(0x7f0000001580), 0xfe65}], 0x1}, 0x0) r2 = syz_open_dev$vcsn(&(0x7f0000000000)='/dev/vcs#\x00', 0xbfd, 0x22000) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000140)='TIPCv2\x00') sendmsg$TIPC_NL_LINK_GET(r2, &(0x7f0000000440)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000200)={&(0x7f0000000280)={0x1ac, r3, 0x0, 0x70bd2c, 0x25dfdbfe, {}, [@TIPC_NLA_MEDIA={0x74, 0x5, [@TIPC_NLA_MEDIA_PROP={0x2c, 0x2, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x2}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x4}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_PROP={0x2c, 0x2, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x6}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x6}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'ib\x00'}]}, @TIPC_NLA_MEDIA={0xb8, 0x5, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_PROP={0x3c, 0x2, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x20}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x5}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x2}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1b}]}, @TIPC_NLA_MEDIA_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0xe00000000}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x18}]}, @TIPC_NLA_MEDIA_PROP={0xc, 0x2, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x11}]}, @TIPC_NLA_MEDIA_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1f}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x6}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x6}]}]}, @TIPC_NLA_LINK={0x10, 0x4, [@TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x24, 0x4, [@TIPC_NLA_LINK_PROP={0xc, 0x7, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1000}]}, @TIPC_NLA_LINK_PROP={0x14, 0x7, [@TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1000}]}]}, @TIPC_NLA_MEDIA={0xc, 0x5, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}]}, @TIPC_NLA_MON={0x1c, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x3}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x4}]}, @TIPC_NLA_SOCK={0x10, 0x2, [@TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x4}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}]}]}, 0x1ac}, 0x1, 0x0, 0x0, 0x4040890}, 0x40088c5) ioctl$TUNGETFILTER(r2, 0x801054db, &(0x7f0000000040)=""/58) 03:33:26 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$inet(0x2, 0x2000000080003, 0xc) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f00000000c0)=@broute={'broute\x00\x00\x00\x00\x02\x00\x00\x00\x00t\x00', 0x20, 0x1, 0x178, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000800], 0x2, 0x0, &(0x7f0000000800)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe, 0x1, [{{{0x11, 0x0, 0x0, 'bcsf0\x00\x00\x00\x00\b\x00', 'veth0_to_bond\x00', 'vcan0\x00', 'vlan0\x00', @broadcast, [], @link_local, [], 0xb0, 0xb0, 0xe8, [@devgroup={'devgroup\x00', 0x18, {{0x38}}}]}}, @common=@dnat={'dnat\x00', 0x10, {{@link_local}}}}]}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}]}, 0x1f0) fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0) 03:33:26 executing program 1: r0 = syz_open_dev$video4linux(&(0x7f00000000c0)='/dev/v4l-subdev#\x00', 0x200000000000000, 0x0) r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x10000, 0x0) ioctl$TIOCSWINSZ(r1, 0x5414, &(0x7f0000000080)={0xffffffffffffffff, 0x10000, 0xa1f2, 0x2}) ioctl$VIDIOC_SUBDEV_G_CROP(r0, 0xc0445624, &(0x7f0000000040)) 03:33:26 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000340)={0x0, 0x8a00, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) [ 3445.424091][ T1044] oom_reaper: reaped process 7771 (syz-executor.5), now anon-rss:0kB, file-rss:34828kB, shmem-rss:0kB 03:33:26 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x7400, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:33:26 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$inet(0x2, 0x2000000080003, 0xc) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f00000000c0)=@broute={'broute\x00\x00\x00\x00\x02\x00\x00\x00\x00t\x00', 0x20, 0x1, 0x178, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000800], 0x2, 0x0, &(0x7f0000000800)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe, 0x1, [{{{0x11, 0x0, 0x0, 'bcsf0\x00\x00\x00\x00\b\x00', 'veth0_to_bond\x00', 'vcan0\x00', 'vlan0\x00', @broadcast, [], @link_local, [], 0xb0, 0xb0, 0xe8, [@devgroup={'devgroup\x00', 0x18, {{0x38}}}]}}, @common=@dnat={'dnat\x00', 0x10, {{@link_local}}}}]}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}]}, 0x1f0) fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0) 03:33:26 executing program 1: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/autofs\x00', 0x103, 0x0) syz_open_dev$amidi(&(0x7f0000000200)='/dev/amidi#\x00', 0x4, 0x40400) openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000280)='/dev/btrfs-control\x00', 0x101000, 0x0) dup(r0) openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/hwrng\x00', 0x8a080, 0x0) syz_open_dev$usbmon(&(0x7f0000000300)='/dev/usbmon#\x00', 0x6, 0x581100) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000340)='/dev/sequencer\x00', 0x400080, 0x0) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000380)='/dev/audio\x00', 0x14b7d0a0e009b6ac, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(r1, 0xc08c5335, &(0x7f0000000500)={0x3, 0x8001, 0x7, 'queue0\x00', 0xffffffffffffffff}) syz_open_dev$dspn(&(0x7f00000003c0)='/dev/dsp#\x00', 0x8fe, 0x1) syz_open_dev$vcsa(&(0x7f0000000400)='/dev/vcsa#\x00', 0x6, 0x2) pipe(&(0x7f0000000440)) openat$audio(0xffffffffffffff9c, &(0x7f0000000480)='/dev/audio\x00', 0x101000, 0x0) r2 = openat$vimc1(0xffffffffffffff9c, 0xffffffffffffffff, 0x2, 0x0) ioctl$VIDIOC_SUBDEV_S_FMT(r2, 0xc0585605, 0x0) r3 = socket$inet(0x2, 0x4000000000000002, 0x40) bind$inet(r3, &(0x7f0000000000)={0x2, 0x4e23, @multicast2}, 0x10) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x2, &(0x7f0000000240)=0xfff, 0x4) sendto$inet(r3, 0x0, 0x0, 0x20000806, &(0x7f0000001180)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, &(0x7f0000000080)='sit0\x00', 0xb) sendto$inet(r3, &(0x7f00000003c0), 0x962be977, 0x0, 0x0, 0x184) shutdown(r3, 0x400000000000001) getsockopt$inet_IP_XFRM_POLICY(r3, 0x0, 0x11, &(0x7f00000000c0)={{{@in=@loopback, @in6=@remote}}, {{@in6=@mcast2}, 0x0, @in=@dev}}, &(0x7f0000000040)=0xe8) 03:33:26 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000340)={0x0, 0x8b00, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:33:26 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$inet(0x2, 0x2000000080003, 0xc) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f00000000c0)=@broute={'broute\x00\x00\x00\x00\x02\x00\x00\x00\x00t\x00', 0x20, 0x1, 0x178, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000800], 0x2, 0x0, &(0x7f0000000800)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe, 0x1, [{{{0x11, 0x0, 0x0, 'bcsf0\x00\x00\x00\x00\b\x00', 'veth0_to_bond\x00', 'vcan0\x00', 'vlan0\x00', @broadcast, [], @link_local, [], 0xb0, 0xb0, 0xe8, [@devgroup={'devgroup\x00', 0x18, {{0x38}}}]}}, @common=@dnat={'dnat\x00', 0x10, {{@link_local}}}}]}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}]}, 0x1f0) fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0) 03:33:26 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x7500, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) [ 3445.839312][ T8119] syz-executor.5 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 3445.919993][ T8119] CPU: 0 PID: 8119 Comm: syz-executor.5 Not tainted 5.1.0-rc5-next-20190418 #28 [ 3445.929223][ T8119] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3445.939285][ T8119] Call Trace: [ 3445.939312][ T8119] dump_stack+0x172/0x1f0 [ 3445.939332][ T8119] dump_header+0x10f/0xb6c [ 3445.939348][ T8119] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3445.939362][ T8119] ? ___ratelimit+0x60/0x595 [ 3445.939378][ T8119] ? do_raw_spin_unlock+0x57/0x270 [ 3445.939393][ T8119] oom_kill_process.cold+0x10/0x15 [ 3445.939409][ T8119] out_of_memory+0x79a/0x1280 [ 3445.939423][ T8119] ? lock_downgrade+0x880/0x880 [ 3445.939446][ T8119] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3445.951595][ T8119] ? oom_killer_disable+0x280/0x280 [ 3445.951616][ T8119] ? find_held_lock+0x35/0x130 [ 3445.988331][ T8119] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3445.988346][ T8119] ? memcg_event_wake+0x230/0x230 [ 3445.988369][ T8119] ? do_raw_spin_unlock+0x57/0x270 [ 3445.988386][ T8119] ? _raw_spin_unlock+0x2d/0x50 [ 3445.988405][ T8119] try_charge+0x118d/0x1790 [ 3445.998397][ T8119] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3445.998416][ T8119] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 3446.014372][ T8119] ? find_held_lock+0x35/0x130 [ 3446.023940][ T8119] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 3446.023968][ T8119] __memcg_kmem_charge_memcg+0x7c/0x130 [ 3446.050904][ T8119] ? memcg_kmem_put_cache+0xb0/0xb0 [ 3446.056137][ T8119] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3446.061707][ T8119] __memcg_kmem_charge+0x136/0x300 [ 3446.066838][ T8119] __alloc_pages_nodemask+0x437/0x7e0 [ 3446.072220][ T8119] ? __pud_alloc+0x1d3/0x250 [ 3446.076983][ T8119] ? __alloc_pages_slowpath+0x28b0/0x28b0 [ 3446.082699][ T8119] ? __pud_alloc+0x1d3/0x250 [ 3446.087311][ T8119] ? lock_downgrade+0x880/0x880 [ 3446.092175][ T8119] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3446.098437][ T8119] alloc_pages_current+0x107/0x210 [ 3446.103600][ T8119] ? do_raw_spin_unlock+0x57/0x270 [ 3446.108755][ T8119] __pmd_alloc+0x41/0x460 [ 3446.113216][ T8119] ? pmd_val+0x100/0x100 [ 3446.117586][ T8119] pmd_alloc+0x10c/0x180 [ 3446.121847][ T8119] copy_page_range+0x63c/0x1fc0 [ 3446.126817][ T8119] ? __lock_acquire+0x548/0x3fb0 [ 3446.131860][ T8119] ? anon_vma_fork+0x371/0x4a0 [ 3446.136656][ T8119] ? find_held_lock+0x35/0x130 [ 3446.141435][ T8119] ? copy_process.part.0+0x3159/0x7a90 [ 3446.146910][ T8119] ? pmd_alloc+0x180/0x180 [ 3446.151491][ T8119] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 3446.157229][ T8119] ? validate_mm_rb+0xa3/0xc0 [ 3446.161953][ T8119] ? __vma_link_rb+0x279/0x370 [ 3446.166811][ T8119] ? kasan_check_write+0x14/0x20 [ 3446.171747][ T8119] copy_process.part.0+0x5afb/0x7a90 [ 3446.177136][ T8119] ? __cleanup_sighand+0x60/0x60 [ 3446.182077][ T8119] _do_fork+0x257/0xfd0 [ 3446.186224][ T8119] ? fork_idle+0x1d0/0x1d0 [ 3446.190637][ T8119] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3446.196085][ T8119] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3446.201556][ T8119] ? do_syscall_64+0x26/0x670 [ 3446.206339][ T8119] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3446.212491][ T8119] ? do_syscall_64+0x26/0x670 [ 3446.217371][ T8119] __x64_sys_clone+0xbf/0x150 [ 3446.222051][ T8119] do_syscall_64+0x103/0x670 [ 3446.226650][ T8119] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3446.232824][ T8119] RIP: 0033:0x458c29 [ 3446.236792][ T8119] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3446.256465][ T8119] RSP: 002b:00007fea30623c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 3446.264965][ T8119] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000458c29 [ 3446.273203][ T8119] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 3446.281190][ T8119] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 3446.289328][ T8119] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fea306246d4 [ 3446.297438][ T8119] R13: 00000000004befd3 R14: 00000000004d0020 R15: 00000000ffffffff [ 3446.306951][ T8119] memory: usage 307168kB, limit 307200kB, failcnt 98624 [ 3446.314207][ T8119] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3446.321895][ T8119] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3446.329138][ T8119] Memory cgroup stats for /syz5: cache:124KB rss:99612KB rss_huge:0KB shmem:132KB mapped_file:0KB dirty:132KB writeback:0KB swap:0KB inactive_anon:132KB active_anon:99600KB inactive_file:4KB active_file:0KB unevictable:0KB [ 3446.350895][ T8119] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=17219,uid=0 [ 3446.366571][ T8119] Memory cgroup out of memory: Killed process 17219 (syz-executor.5) total-vm:72448kB, anon-rss:156kB, file-rss:34816kB, shmem-rss:0kB [ 3446.382087][ T1044] oom_reaper: reaped process 17219 (syz-executor.5), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 3446.410814][ T8055] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3446.421364][ T8055] CPU: 0 PID: 8055 Comm: syz-executor.5 Not tainted 5.1.0-rc5-next-20190418 #28 [ 3446.430485][ T8055] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3446.440667][ T8055] Call Trace: [ 3446.443995][ T8055] dump_stack+0x172/0x1f0 [ 3446.448336][ T8055] dump_header+0x10f/0xb6c [ 3446.452761][ T8055] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3446.458559][ T8055] ? ___ratelimit+0x60/0x595 [ 3446.463144][ T8055] ? do_raw_spin_unlock+0x57/0x270 [ 3446.468289][ T8055] oom_kill_process.cold+0x10/0x15 [ 3446.473401][ T8055] out_of_memory+0x79a/0x1280 [ 3446.478181][ T8055] ? lock_downgrade+0x880/0x880 [ 3446.483050][ T8055] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3446.489389][ T8055] ? oom_killer_disable+0x280/0x280 [ 3446.494588][ T8055] ? find_held_lock+0x35/0x130 [ 3446.499348][ T8055] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3446.504896][ T8055] ? memcg_event_wake+0x230/0x230 [ 3446.509937][ T8055] ? do_raw_spin_unlock+0x57/0x270 [ 3446.515161][ T8055] ? _raw_spin_unlock+0x2d/0x50 [ 3446.520019][ T8055] try_charge+0x118d/0x1790 [ 3446.530276][ T8055] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3446.536073][ T8055] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3446.542341][ T8055] ? kasan_check_read+0x11/0x20 [ 3446.547287][ T8055] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3446.552859][ T8055] mem_cgroup_try_charge+0x24d/0x5e0 [ 3446.558271][ T8055] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3446.563912][ T8055] wp_page_copy+0x416/0x1770 [ 3446.568677][ T8055] ? do_wp_page+0x486/0x1500 [ 3446.579826][ T8055] ? pmd_pfn+0x1d0/0x1d0 [ 3446.588696][ T8055] ? lock_downgrade+0x880/0x880 [ 3446.593549][ T8055] ? swp_swapcount+0x540/0x540 [ 3446.598315][ T8055] ? kasan_check_read+0x11/0x20 [ 3446.603167][ T8055] ? do_raw_spin_unlock+0x57/0x270 [ 3446.608278][ T8055] do_wp_page+0x48e/0x1500 [ 3446.612703][ T8055] ? finish_mkwrite_fault+0x540/0x540 [ 3446.618087][ T8055] __handle_mm_fault+0x22e8/0x3ec0 [ 3446.623205][ T8055] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3446.628777][ T8055] ? find_held_lock+0x35/0x130 [ 3446.633568][ T8055] ? handle_mm_fault+0x292/0xa90 [ 3446.638519][ T8055] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3446.645192][ T8055] ? kasan_check_read+0x11/0x20 [ 3446.650058][ T8055] handle_mm_fault+0x3b7/0xa90 [ 3446.654829][ T8055] __do_page_fault+0x5ef/0xda0 [ 3446.659773][ T8055] do_page_fault+0x71/0x581 [ 3446.664453][ T8055] ? page_fault+0x8/0x30 [ 3446.668708][ T8055] page_fault+0x1e/0x30 [ 3446.673210][ T8055] RIP: 0033:0x42f207 [ 3446.677104][ T8055] Code: 00 be 88 13 4e 00 bf 30 1b 4e 00 e8 e3 b8 ff ff 0f 1f 00 48 83 fe bf 0f 87 63 08 00 00 48 89 f0 41 57 41 56 48 83 c0 17 41 55 <41> 54 55 53 48 89 c5 48 83 e5 f0 48 89 fb 48 81 ec 98 00 00 00 48 [ 3446.696933][ T8055] RSP: 002b:00007ffc1533c000 EFLAGS: 00010206 [ 3446.703005][ T8055] RAX: 0000000000000127 RBX: 0000000000713640 RCX: 0000000000458c7a [ 3446.710984][ T8055] RDX: 0000000000000011 RSI: 0000000000000110 RDI: 0000000000713640 [ 3446.719070][ T8055] RBP: 0000000000000110 R08: ffffffffffffffff R09: 0000000000000000 [ 3446.727317][ T8055] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000000205b0 [ 3446.735299][ T8055] R13: 00005555555cca50 R14: 0000000000000001 R15: 000000000073bfac [ 3446.745553][ T8055] memory: usage 307040kB, limit 307200kB, failcnt 98693 [ 3446.752544][ T8055] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3446.760621][ T8055] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3446.767608][ T8055] Memory cgroup stats for /syz5: cache:124KB rss:99604KB rss_huge:0KB shmem:132KB mapped_file:0KB dirty:132KB writeback:0KB swap:0KB inactive_anon:132KB active_anon:99600KB inactive_file:4KB active_file:0KB unevictable:0KB [ 3446.789900][ T8055] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=17432,uid=0 [ 3446.806473][ T8055] Memory cgroup out of memory: Killed process 17432 (syz-executor.5) total-vm:72448kB, anon-rss:156kB, file-rss:34816kB, shmem-rss:0kB [ 3446.825642][ T1044] oom_reaper: reaped process 17432 (syz-executor.5), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 3446.843962][ T8350] syz-executor.5 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 3446.856201][ T8350] CPU: 0 PID: 8350 Comm: syz-executor.5 Not tainted 5.1.0-rc5-next-20190418 #28 [ 3446.865458][ T8350] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3446.875603][ T8350] Call Trace: [ 3446.878918][ T8350] dump_stack+0x172/0x1f0 [ 3446.883254][ T8350] dump_header+0x10f/0xb6c [ 3446.887938][ T8350] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3446.893748][ T8350] ? ___ratelimit+0x60/0x595 [ 3446.898445][ T8350] ? do_raw_spin_unlock+0x57/0x270 [ 3446.903571][ T8350] oom_kill_process.cold+0x10/0x15 [ 3446.908700][ T8350] out_of_memory+0x79a/0x1280 [ 3446.913385][ T8350] ? lock_downgrade+0x880/0x880 [ 3446.918333][ T8350] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3446.924608][ T8350] ? oom_killer_disable+0x280/0x280 [ 3446.929805][ T8350] ? find_held_lock+0x35/0x130 [ 3446.934598][ T8350] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3446.940236][ T8350] ? memcg_event_wake+0x230/0x230 [ 3446.945268][ T8350] ? do_raw_spin_unlock+0x57/0x270 [ 3446.950389][ T8350] ? _raw_spin_unlock+0x2d/0x50 [ 3446.955324][ T8350] try_charge+0x118d/0x1790 [ 3446.959880][ T8350] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3446.965540][ T8350] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 3446.971088][ T8350] ? find_held_lock+0x35/0x130 [ 3446.975852][ T8350] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 3446.981498][ T8350] __memcg_kmem_charge_memcg+0x7c/0x130 [ 3446.987137][ T8350] ? memcg_kmem_put_cache+0xb0/0xb0 [ 3446.992440][ T8350] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3446.998070][ T8350] __memcg_kmem_charge+0x136/0x300 [ 3447.003183][ T8350] __alloc_pages_nodemask+0x437/0x7e0 [ 3447.008752][ T8350] ? __alloc_pages_slowpath+0x28b0/0x28b0 [ 3447.014550][ T8350] ? copy_page_range+0x128a/0x1fc0 [ 3447.019669][ T8350] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3447.025917][ T8350] alloc_pages_current+0x107/0x210 [ 3447.031042][ T8350] pte_alloc_one+0x1b/0x1a0 [ 3447.035565][ T8350] __pte_alloc+0x20/0x310 [ 3447.039934][ T8350] copy_page_range+0x1561/0x1fc0 [ 3447.044948][ T8350] ? __lock_acquire+0x548/0x3fb0 [ 3447.049945][ T8350] ? pmd_alloc+0x180/0x180 [ 3447.054357][ T8350] ? vma_gap_callbacks_rotate+0x62/0x80 [ 3447.059918][ T8350] ? __rb_insert_augmented+0x231/0xdf0 [ 3447.065497][ T8350] ? validate_mm_rb+0xa3/0xc0 [ 3447.070203][ T8350] ? __vma_link_rb+0x279/0x370 [ 3447.075072][ T8350] ? kasan_check_write+0x14/0x20 [ 3447.080029][ T8350] copy_process.part.0+0x5afb/0x7a90 [ 3447.085332][ T8350] ? __cleanup_sighand+0x60/0x60 [ 3447.090413][ T8350] _do_fork+0x257/0xfd0 [ 3447.094566][ T8350] ? fork_idle+0x1d0/0x1d0 [ 3447.098989][ T8350] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3447.104555][ T8350] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3447.110014][ T8350] ? do_syscall_64+0x26/0x670 [ 3447.114687][ T8350] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3447.120844][ T8350] ? do_syscall_64+0x26/0x670 [ 3447.126136][ T8350] __x64_sys_clone+0xbf/0x150 [ 3447.130925][ T8350] do_syscall_64+0x103/0x670 [ 3447.135730][ T8350] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3447.141621][ T8350] RIP: 0033:0x458c29 [ 3447.145601][ T8350] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3447.165327][ T8350] RSP: 002b:00007fea30602c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 3447.173889][ T8350] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000458c29 [ 3447.181892][ T8350] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 3447.190067][ T8350] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 3447.198050][ T8350] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fea306036d4 [ 3447.206034][ T8350] R13: 00000000004befd3 R14: 00000000004d0020 R15: 00000000ffffffff [ 3447.215477][ T8350] memory: usage 307036kB, limit 307200kB, failcnt 98707 [ 3447.222579][ T8350] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3447.230138][ T8350] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3447.236990][ T8350] Memory cgroup stats for /syz5: cache:124KB rss:99468KB rss_huge:0KB shmem:132KB mapped_file:0KB dirty:132KB writeback:0KB swap:0KB inactive_anon:132KB active_anon:99600KB inactive_file:4KB active_file:0KB unevictable:0KB [ 3447.258939][ T8350] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=8055,uid=0 03:33:27 executing program 5: socket$inet_udplite(0x2, 0x2, 0x88) sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000002300)}, 0x0) clone(0x0, 0x0, 0x0, 0x0, 0x0) sysinfo(&(0x7f0000000000)=""/248) r0 = socket$inet(0x10, 0x3, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$sock_ifreq(r1, 0x89f1, &(0x7f0000000180)={'ip6tnl0\x00', @ifru_flags}) 03:33:27 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) chdir(&(0x7f0000000580)='./file0\x00') r0 = socket$unix(0x1, 0x400040000000001, 0x0) bind$unix(r0, 0x0, 0x0) 03:33:27 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$inet(0x2, 0x2000000080003, 0xc) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f00000000c0)=@broute={'broute\x00\x00\x00\x00\x02\x00\x00\x00\x00t\x00', 0x20, 0x1, 0x178, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000800], 0x2, 0x0, &(0x7f0000000800)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe, 0x1, [{{{0x11, 0x0, 0x0, 'bcsf0\x00\x00\x00\x00\b\x00', 'veth0_to_bond\x00\xff\xff', 'vcan0\x00', 'vlan0\x00', @broadcast, [], @link_local, [], 0xb0, 0xb0, 0xe8, [@devgroup={'devgroup\x00', 0x18, {{0x38}}}]}}, @common=@dnat={'dnat\x00', 0x10, {{@link_local}}}}]}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}]}, 0x1f0) fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0) 03:33:27 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x7600, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:33:27 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000600)={'\x00\xacs\x00\x00\x00\x00\x00\xec\x97?\x82\x0f|@\x00', 0xc201}) ioctl$TUNSETLINK(r1, 0x400454cd, 0x1) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000007c0)={0xffffffffffffffff, 0x0, 0x21, 0x0, &(0x7f0000000000)="3f006671d7af52f647750500080089ea010000000000f109a708f78293c8744e1a", 0x0}, 0xfffffffffffffe98) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r2, 0x8955, &(0x7f0000000000)=0x2) 03:33:27 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000340)={0x0, 0x8c00, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) [ 3447.274703][ T8350] Memory cgroup out of memory: Killed process 8055 (syz-executor.5) total-vm:72580kB, anon-rss:164kB, file-rss:35716kB, shmem-rss:0kB 03:33:28 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x7700, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:33:28 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000340)={0x0, 0x8d00, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:33:28 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$inet(0x2, 0x2000000080003, 0xc) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f00000000c0)=@broute={'broute\x00\x00\x00\x00\x02\x00\x00\x00\x00t\x00', 0x20, 0x1, 0x178, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000800], 0x2, 0x0, &(0x7f0000000800)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe, 0x1, [{{{0x11, 0x0, 0x0, 'bcsf0\x00\x00\x00\x00\b\x00', 'veth0_to_bond\x00', 'vcan0\x00', 'vlan0\x00', @broadcast, [], @link_local, [], 0xb0, 0xb0, 0xe8, [@devgroup={'devgroup\x00', 0x18, {{0x38}}}]}}, @common=@dnat={'dnat\x00', 0x10, {{@link_local}}}}]}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}]}, 0x1f0) fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0) 03:33:28 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0x7) ioctl$TCSETA(r0, 0x5412, &(0x7f0000000000)={0xffffffe9}) r1 = accept(0xffffffffffffffff, &(0x7f0000000240)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @empty}}}, &(0x7f00000002c0)=0x80) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x6d, &(0x7f0000000300)={0x0, 0xe4, "34c5b960d129b02b7970d292140270cf7bd6ed34ca8c7d9cfad503941da17ace1283c2d82563e82883656b9e68e467e4fdc65daa43d79c7853bfd4762e4b98cfa8ac39e779d10fa092e2b987d18fc39a2914a26f492d285e60621113598ca42ad43f311fd7c5cc055650dd6d98545d7440405c65d8ee4fa874634676921ce9c145b72c9d872dfe4992b12e87c496191ae344a95d43170475c92c60e479e15f05c0c49af97c125a45d7e16039eb1e6ceabf544c88891fbe00c8ae5629d04b80ff6fc304bca48b20e9cb7910a1a8b8e26abcb8fafc6ec188697bbd9c00e16ae92bc85e8642"}, &(0x7f0000000400)=0xec) setsockopt$inet_sctp_SCTP_RTOINFO(r1, 0x84, 0x0, &(0x7f0000000440)={r2, 0x3ff, 0x7, 0x9460}, 0x10) r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x0, 0x0) socket$isdn(0x22, 0x3, 0x2) execveat(r3, &(0x7f0000000100)='./file0\x00', &(0x7f0000000180)=[&(0x7f0000000140)='eth1,-[@ppp0posix_acl_accesssystem\xfd\x00'], &(0x7f0000000200)=[&(0x7f00000001c0)='\x00'], 0x1000) 03:33:28 executing program 1: r0 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm-monitor\x00', 0x400000, 0x0) ioctl$KVM_SET_XCRS(r0, 0x4188aea7, &(0x7f0000000140)={0x5, 0x2, [{0x1f, 0x0, 0x8}, {0x9, 0x0, 0x4}, {0xffffffffffffff7f, 0x0, 0x7ff}, {0x8, 0x0, 0x200}, {0x1fd, 0x0, 0xfc}]}) ioctl$KVM_TRANSLATE(r0, 0xc018ae85, &(0x7f0000000040)={0x4, 0x10000, 0x5, 0x1, 0x7ff}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) syz_genetlink_get_family_id$SEG6(&(0x7f0000000200)='SEG6\x00') r2 = fcntl$getown(r0, 0x9) tgkill(r1, r2, 0x2c) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000080)={0x26, 'aead\x00', 0x0, 0x0, 'morus1280-generic\x00'}, 0x58) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000100)="71e67a111fde54fe46b904832c8fff73", 0x10) r4 = accept4$alg(r3, 0x0, 0x0, 0x0) write$binfmt_script(r4, &(0x7f0000000180)=ANY=[], 0x0) inotify_add_watch(r0, &(0x7f00000001c0)='./file0\x00', 0x40000000) recvmmsg(r4, &(0x7f00000086c0)=[{{0x0, 0x0, &(0x7f0000005480)=[{&(0x7f0000004480)=""/4096, 0xfdf8}], 0x1}}], 0x1, 0x0, 0x0) 03:33:28 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x7800, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) [ 3447.594930][ T8465] syz-executor.5 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 3447.694366][ T8465] CPU: 0 PID: 8465 Comm: syz-executor.5 Not tainted 5.1.0-rc5-next-20190418 #28 [ 3447.703979][ T8465] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3447.703986][ T8465] Call Trace: [ 3447.704011][ T8465] dump_stack+0x172/0x1f0 [ 3447.704037][ T8465] dump_header+0x10f/0xb6c [ 3447.726557][ T8465] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3447.732387][ T8465] ? ___ratelimit+0x60/0x595 [ 3447.736996][ T8465] ? do_raw_spin_unlock+0x57/0x270 [ 3447.742217][ T8465] oom_kill_process.cold+0x10/0x15 [ 3447.747367][ T8465] out_of_memory+0x79a/0x1280 [ 3447.752141][ T8465] ? lock_downgrade+0x880/0x880 [ 3447.757085][ T8465] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3447.763341][ T8465] ? oom_killer_disable+0x280/0x280 [ 3447.769019][ T8465] ? find_held_lock+0x35/0x130 [ 3447.774021][ T8465] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3447.779861][ T8465] ? memcg_event_wake+0x230/0x230 [ 3447.784897][ T8465] ? do_raw_spin_unlock+0x57/0x270 [ 3447.784917][ T8465] ? _raw_spin_unlock+0x2d/0x50 [ 3447.794897][ T8465] try_charge+0x118d/0x1790 [ 3447.799426][ T8465] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3447.799441][ T8465] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 3447.799456][ T8465] ? find_held_lock+0x35/0x130 [ 3447.799470][ T8465] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 3447.799493][ T8465] __memcg_kmem_charge_memcg+0x7c/0x130 [ 3447.799507][ T8465] ? memcg_kmem_put_cache+0xb0/0xb0 [ 3447.799525][ T8465] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3447.799543][ T8465] __memcg_kmem_charge+0x136/0x300 [ 3447.799562][ T8465] __alloc_pages_nodemask+0x437/0x7e0 [ 3447.815494][ T8465] ? __pud_alloc+0x1d3/0x250 [ 3447.815512][ T8465] ? __alloc_pages_slowpath+0x28b0/0x28b0 [ 3447.815528][ T8465] ? __pud_alloc+0x1d3/0x250 [ 3447.826891][ T8465] ? lock_downgrade+0x880/0x880 [ 3447.826912][ T8465] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3447.874568][ T8465] alloc_pages_current+0x107/0x210 [ 3447.874590][ T8465] ? do_raw_spin_unlock+0x57/0x270 [ 3447.884943][ T8465] __pmd_alloc+0x41/0x460 [ 3447.889294][ T8465] ? pmd_val+0x100/0x100 [ 3447.893576][ T8465] pmd_alloc+0x10c/0x180 [ 3447.897835][ T8465] copy_page_range+0x63c/0x1fc0 [ 3447.902692][ T8465] ? __lock_acquire+0x548/0x3fb0 [ 3447.902713][ T8465] ? anon_vma_fork+0x371/0x4a0 [ 3447.912408][ T8465] ? find_held_lock+0x35/0x130 [ 3447.917326][ T8465] ? copy_process.part.0+0x3159/0x7a90 [ 3447.922813][ T8465] ? pmd_alloc+0x180/0x180 [ 3447.927244][ T8465] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 3447.933070][ T8465] ? validate_mm_rb+0xa3/0xc0 [ 3447.937778][ T8465] ? __vma_link_rb+0x279/0x370 [ 3447.942560][ T8465] ? kasan_check_write+0x14/0x20 [ 3447.942584][ T8465] copy_process.part.0+0x5afb/0x7a90 [ 3447.942620][ T8465] ? __cleanup_sighand+0x60/0x60 [ 3447.957880][ T8465] _do_fork+0x257/0xfd0 [ 3447.962069][ T8465] ? fork_idle+0x1d0/0x1d0 [ 3447.966510][ T8465] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3447.972163][ T8465] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3447.977639][ T8465] ? do_syscall_64+0x26/0x670 [ 3447.980642][ T8620] sp0: Synchronizing with TNC [ 3447.982433][ T8465] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3447.982450][ T8465] ? do_syscall_64+0x26/0x670 [ 3447.982472][ T8465] __x64_sys_clone+0xbf/0x150 [ 3448.003092][ T8465] do_syscall_64+0x103/0x670 [ 3448.007804][ T8465] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3448.013586][ T8620] sp0: Found TNC [ 3448.013794][ T8465] RIP: 0033:0x458c29 [ 3448.021221][ T8465] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3448.041002][ T8465] RSP: 002b:00007fea30623c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 3448.041016][ T8465] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000458c29 [ 3448.041023][ T8465] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 3448.041029][ T8465] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 3448.041037][ T8465] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fea306246d4 [ 3448.041044][ T8465] R13: 00000000004befd3 R14: 00000000004d0020 R15: 00000000ffffffff [ 3448.357550][ T8465] memory: usage 307200kB, limit 307200kB, failcnt 98737 [ 3448.364916][ T8465] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3448.410739][ T8465] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3448.440275][ T8465] Memory cgroup stats for /syz5: cache:124KB rss:99600KB rss_huge:0KB shmem:132KB mapped_file:0KB dirty:132KB writeback:0KB swap:0KB inactive_anon:132KB active_anon:99600KB inactive_file:4KB active_file:0KB unevictable:0KB 03:33:29 executing program 5: socket$inet_udplite(0x2, 0x2, 0x88) sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000002300)}, 0x0) clone(0x0, 0x0, 0x0, 0x0, 0x0) sysinfo(&(0x7f0000000000)=""/248) r0 = socket$inet(0x10, 0x3, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$sock_ifreq(r1, 0x89f1, &(0x7f0000000180)={'ip6tnl0\x00', @ifru_flags}) 03:33:29 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000340)={0x0, 0x8e00, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:33:29 executing program 1: ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000240)) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000280)=0x0) r1 = perf_event_open(0x0, r0, 0x10, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r2, 0x29, 0x2e, &(0x7f0000000000)={0x1, {{0xa, 0x0, 0x0, @mcast2}}, {{0xa, 0x0, 0x0, @ipv4}}}, 0x108) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x94}], 0x1, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000040)='net/mcfilter6\x00') preadv(r3, &(0x7f0000000100), 0x2df, 0x80000000000) setsockopt$inet_tcp_TLS_RX(0xffffffffffffffff, 0x6, 0x2, 0x0, 0x0) pwritev(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl(0xffffffffffffffff, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) timer_create(0x0, 0x0, 0x0) openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, 0x0, 0x0) getgid() open_by_handle_at(r1, &(0x7f0000000140)=ANY=[@ANYBLOB="c90000006f92720f2b9d0a31a4c0ac00000076376042062419f87cafff8f0bf604a8cfc4fdc5100285e892491acc88b31c921c68f09bb67d521cf725f8cd3aca1e50b1ccdd228213601a7f80252f78919a80c857d4a3bca37bf842f9939aaecab59963609bd27b0edaabcc9a5f3dd936c6f2a2240e348ec928a3360bd7f9c3251ca79a8b7e3fa498ddfbd7d99834a945da0c1c29f7d03ff1180c017ce254979b550cb49ea7853eab435ba45bc7b244112e0733c7181eb371bcb604998f706f590000000000000000"], 0x0) socket$nl_crypto(0x10, 0x3, 0x15) mount$fuse(0x0, 0x0, 0x0, 0x0, 0x0) ioctl$ASHMEM_PURGE_ALL_CACHES(0xffffffffffffffff, 0x770a, 0x0) [ 3448.529888][ T8465] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=8440,uid=0 [ 3448.551198][ T8465] Memory cgroup out of memory: Killed process 8440 (syz-executor.5) total-vm:72580kB, anon-rss:164kB, file-rss:35716kB, shmem-rss:0kB 03:33:29 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$inet(0x2, 0x2000000080003, 0xc) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f00000000c0)=@broute={'broute\x00\x00\x00\x00\x02\x00\x00\x00\x00t\x00', 0x20, 0x1, 0x178, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000800], 0x2, 0x0, &(0x7f0000000800)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe, 0x1, [{{{0x11, 0x0, 0x0, 'bcsf0\x00\x00\x00\x00\b\x00', 'veth0_to_bond\x00\xfe\xff', 'vcan0\x00', 'vlan0\x00', @broadcast, [], @link_local, [], 0xb0, 0xb0, 0xe8, [@devgroup={'devgroup\x00', 0x18, {{0x38}}}]}}, @common=@dnat={'dnat\x00', 0x10, {{@link_local}}}}]}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}]}, 0x1f0) fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0) 03:33:29 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x7900, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:33:29 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000039000/0x18000)=nil, 0x0, 0x65ff72eaa723d081, 0x1, 0x0, 0xfffffffffffffee5) ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000000c0)={0x2, 0x0, @ioapic={0x6002, 0x200, 0x704, 0x2, 0x0, [{0x1000, 0x3, 0x7fffffff, [], 0x3}, {0x8000, 0x6, 0x0, [], 0x200}, {0x7ff, 0x1, 0x2, [], 0x3d}, {0x63, 0x9, 0x0, [], 0x9}, {0x7dbf, 0xc000000, 0xad75, [], 0x10001}, {0x6, 0x8c3, 0x2, [], 0x4}, {0x8001, 0x401, 0xffffffffffffff7f, [], 0x9}, {0xffffffff, 0xffffffffffffffff, 0xe92, [], 0x40}, {0x40, 0x4, 0x9, [], 0x1}, {0x2, 0x3f, 0x3, [], 0x4}, {0x80, 0x62, 0x8, [], 0xde16}, {0x4, 0x3f, 0x2, [], 0x8}, {0xdc5, 0x9, 0x9, [], 0x8}, {0x9, 0x88bf, 0x0, [], 0x9}, {0xfffffffffffffffd, 0x7f, 0x1, [], 0x5}, {0xffff, 0x8, 0x0, [], 0x7ff}, {0x100000001, 0x1ff, 0x6, [], 0xfffffffffffffffa}, {0x6, 0x0, 0x0, [], 0x7}, {0xffff, 0x55d, 0x462, [], 0x7ff}, {0x2, 0x8000, 0x7, [], 0x3}, {0x2, 0x1, 0x1ff, [], 0x1}, {0x7a, 0x92, 0x3, [], 0x8}, {0xbc57, 0x0, 0xffff, [], 0x6}, {0xaa, 0x2, 0x9915, [], 0x8}]}}) ioctl$KVM_SET_NESTED_STATE(r2, 0x4080aebf, &(0x7f0000000380)={0x0, 0x0, 0x2080, {0x103004}, [], "aa01cc0277106b7b7b415c03bf6394aa1e1345360352a7f75fd0f0b109d557498a0e1cd9bda2f05f624fd901229f2381823b4b3c04afcdcbc1d38b2a2dfc78ea4bb8dbb136aa4ac3f8cc2e612d03f60e9e7e29f5af5b7f2f598e04400970dec0bb4588be9c3711abdcb6f3d08fd9805483144dbbd425cfd40a6f056e52d2871a99b41e22a95dd79317d1ee9ae68515e1d94a38451c8f130d5965f21e780885f2cdca8b84b190158dec5ecad68d35da282c95c219f7bf313b20a47fef7e6e86f2962357bbfd42a4457b9f7e09c28ba3c38e4a343cb64bf293920e1a18f72aaa1bacf199d1de5c5d83430c2e812214ccf218325761e894c8b9eb814e581724728076b0d33f28d938b03b336349c7a2ed3b11b187ed85d67f34b323bc0098f6cefee43134d88f04b8eddadaa38a6882a131f30ba5dfde9cfd1e337ac31f798f269ef0f4920a9bb58e837e6dc21c68c9c21681345a573bda8158b0f3366d45522af4da895be63f182c71da3f16bad37d64864474c0c5251d4a55d0a6e30457258031d88dd1367fc21323fdbf50e8c0c90acaf26316fe49d1e0dd54e6bace74f33a165dd6daddf4afe3248dfa761c3692b7bfae4777fa2492b0ce473583106a43f9c37d35dbf480fce722781526eab60bd1b6e5419df605496e5e3648dfc9483ed12a725235f06dc027a22096163a99999ef7f3ec7ed92fa8466f84a1daa73e0adc2c056a3b0af3cf1fc6b6a4b697231c5ec12517a6b88596c4b8ee6da112586a21c3f11d66f81a5694a1544c7c4f0921c512e5e91b4b34ea5f6bd435394e37d4d8da258b2f7a09eac051aee250c359815a75e50b1dc90b6974fba166d1b822cb3c6c184d36d267a655fc990df6f5d1d9fc490820c05f38e7108b42cbf11f8f2ac6ee95604e7e67157cada5aaa806a37aa6026c23cad5e64c8ed5f688ea7de438b35582ce154da99494d8a98348e7d26a02d99487cc893973df3db3913b7f8d1452730536051331363d8c853b0512e9ea987dd8cbf1b01a4fd0f1927e8379bd3d266b6a04644654dddc863025e2c64f5e20aa75aa97517f81ce800712b58e421f8b6bc17e702f69443533cd4e7768dc193308c2c88333c9250a3f6a36933506a90ef5e57dd3a3fa29dc3f586c76649dfb2db00e255a1d430ce927b06e65737ab43d72047fbbf9a7916da27802b75b6204c7f10c7ded170fd2a4abd2fd3a67e8cc01d025b94a46a2431aaf2e04b0985a0f074e1e9f3bbba8e7db091f560e8fec9fd8e17a3df84f63f0d4eb65e55559a2315bbafa3a402c1b6433b02768c92295ca1996f7fe2e658b74d00c42b9a55346a74e348adc2550272aec45ccdff18d3afd5fdc63f06d0ca265e4b97dc94b0efdf19b96e7c6fc2a317b8c0e33693f5d376a1c700aa90270732e73ceb1e2664342c70719cf8103ae1734ba316ceaf456b98a747d8150888c0063a65b7b7e2feb20f9de39b3387895c219137d68515fe1acd5dcb13e9dbd032fb148835591204a40d860f4378274d8ec688813873836bfa36e269f024416c7de6baf09bdc6a9fe0d18ab305e8258eaa1ee01f24353aaf6663f31cd5b4887e1e72e985a4f89955e83468e27e8cb71cfdd67fc081dd01708027cd3f86b859855123d882f569ca517b1b2b2beca95882d3ac25ca8219f348d2e7a0b814629b54917dbb6e292772b23a3f03fffa115c83acfff7071731471c71e83146782c1ae8df77d278553c2d4c267364667fc234fa5f3b3f127856ee9db39c3e031f735446340ae2831b8dc6fe2d8de6d8994d47fe8bd010369579c604b7bf61d89e7e5ceac42ac0d64b4b4d1c7c1bb6309044edac2ffdfa159ecb6febdff736ce370b94caaccffa698b96e6448cc4452b57c2f4dd753ffa3da01d80bdd876743cbf89bc9c8b5c9efb83969fe851dc3199b4a9a959649acebb71c7254eb1e98846dafcfb2c22ed722cf40bbbb860f9948f396de7b5106f16e0391e3be9b08913b73a4bb6f6cf9b9a654749335b404302ce11ec6a3dc62fb64399ebb101fccee24b63d858f30bea865d5abd9fb9692f56b17ff3341c41bbb8689dfcdde14efa5c165b8eb5b6b7de9af9f7624acccd726d13207be7d5774d28646dc6152c1623f17c0a4f573b396c79f560cdbc88b0c957eda6b376160c8745e509a81fe04adf1746487c33a0b5c8e0e4523fcefa6f2ca2ba8660d36f5d72ff2da43a5420bc42098c7f9725a7c27e4991e2338c5fbaf9b0a53a96ce47d26590dda01f8cb9cb2e9b55d5f7ea0c105c6cd54bd681c4ea58f80134cfc49e1fd70fb5ba22dc0b80f91419becd32696f9ef0766354b5d75e5fcd238a6276574db42558a21a09c675bec4a869153e2aa034e75c495b22dff73688672f518945cd582cd2d8caa53d8232bd02f25358d8147120422ff48ba1d38781f8238956f311fc09aa92855cf61d6c3c3c660861528f3b416d512752b625a7ecca9302abb38d27af1cc708d2daf48aa1f3db89f148f94fd02dce38179047314fde2562d22ad76f370c0f54069f7051716c4042181793b7e56f0c7c6a5a2f4ecf0157950fd090accff815994c40e290632ae69159b2d73feb4459d1868a9420b8895ea49184d30180b1e8d0c14febf8fcc0189eed0242b4f8bc5b670dba37a20724931df665dc2083024f11db39844c31968f81ba98c8e0bd4af1074f48273739b46e9c69526759b48f41d34085de951e043f2f2d2327482da0ef985e869acaea1c7b6df2b35aaa629779ca08fb566b7347e0ebfe14a26c43b06978b30709b3dc71ac9bbcbd62e33c920945433d8b6bde5ce52ea579e094190db64e4dcdefb1eb659a5dbd81b1a62b7a7b9d11033f496f17165a097b4f278ce6660a54231df748c3d035b7b768af837a198f3a145f297ca3a67e65de155dbc81c99f0d7fbed712f15f746e69d34c10736bda5da9447b551a900d4bb7af3ba6c76a606609b34fb39396de76c1000f94591a7efd9cae95acb2c8a5efcae15cf6f18f9569820933d6a3839eb4e98998a9f2547b4758895ee84fa0c6ceac3ebd04e5321e0c4a662706b80762e1180bb80e51855537fb9a20c3b94b84443bd0a0fba6b2de22fb7f8f3a58aafd670f88b825cdc06c5229b52610b014556a030fc78fae7e0b8ee3544e7ca817a57a0dfba2120dd3358434002ddd8b3eef051c5c6369aff6cf2ca19d588f68cf6b85e33e05ecbb17b014c37cb46a548ad8786db6a90264d5ae6d0849c7a09e789fafc6c37bfa65b11b37d655dafa3b27391dcc3888f1b36e95311dabe121a02d0d7177ca1f084f1716952adbeb0378f9c0c6fda514b971aabe8083412145f82d3bb0d8df4e487dc04d3b6a9465438f1d88176010d02d6281220f34ddee73c225aac0c72a286906459624d9e38a9016f59bb648916ef7a66ebec566a758504fe4a0976f590eb52a8e8e5efeeac941fd595115c847f70c68231bdfcc2c42ba125ded09273d6162e487841e1ee47c5f52f7880fb9b471648124de2689dbbc4ab3de0acb362392c9cec04935033f85e50c39c23e42eeb8ed1305228dab7b49d23c2798316c7610e2ab7337550b36bb5cbe87ec8ead2b5bb6cc537646af8e66d0d5b27d8bd30819407c3edea9c373bd0f917a66b44233072c53ee7412419a224ca6d6e3e680bf652b0af8b1d2cc797a3e06ced277621bd31cbe9d54e484ecc750adc6b74288a3c09f350ebbb1cfccb0485c5236a70ff06c34be7814605961ed3913c4d54f801fa45a46f1cb366e6e4a821a408b78e624e6ba22a55315e3a0f68bff8b53f58994b1e26380cc5819e20c62e04d2058469affc62f8ae498124e9e6ce8cbc02215c7ec4016d720a87e61c8f582b84da7fa843452f279e1062742bb1fd2f1ac7189425e63c8fc7c36bfd8b40beb8a9ca6f9f338780becdc839b3a463dec6f2aea49fafd1a72683d1e17dc3ef32db06bc4021d71b7a589a622d49a6103f7bbeeec175551297738a5900bd59f16e52b1c708b9a87c7be77cdb1fe11f0651736f474bfe445050f9962a8126f67bd7b85dc0042e4191511ca2553601508e2fd6244c5b567f89e347ea2286139471bdb764f14f931a63564d37bb3fb876d4eb0fbf20d7a8beac1f5c9bffab6246c18604cd2a178191157b8dc22d8e24f8feabf27b20342f52d35c1493a8de1ceb46f85b052519a9e5e338d12114fa94b2804902c0df93794e36d966cc65f2c87822d8a60e33032f5f54ed138d665866cd59b1b2d8904d212ed3aa888aecae9a1e2c2157ea7f512f84a04d277c1d2de083903e09c21fbfff8b862f68a3bcb7e648c33974d84e32230f7554d8e48094a5a8651510ac993016380563f29a7b51740e9c40b8fbba8a088c9d24e556f3f6bb81052e4efe652a42e645687f7bcd0f173f6fc9ee975376368d1581a22170e235c3193d513c7488653d6b498591f208a1b71c76ae9e0f1f1012ec4f1aab551a6c80a1cde58f2221d02722274337d4f37b886feb917b0343081a84ea079dbf184d86102ff44335350ed441c407aaeef525c8d96b9819f141f2611ebc3262dcf6ab92f52363cf2eaf56b3d833238d3d10c59838456c6d31de993d991e5aacd1fb109b0a5e25fb0735fd7404c30ac7f44d3c0eeffdba6966f29b8dd0fd00bae927bd03dd25d79742189c4eaad859edfdbc4da7b294110f46886ffbed7edeb125e1a0cd1650f576f9abb0e810e2c6e36b67b035009199ea2b41735c672d0203fcf07c260ccb5a80144eb0efc82ceba8c1f182fc40bdd8196e055dc966033548b580b37b1e36bb9c3cf22507343c057402eea624f6f5440d7d955f80b7c4e4e8bf3bafb2f797359d5f847423aa60d974ab12745eeff47eac98dbc94ca20aa31f57b51281dae35ad9c60288596a7d81311fe60ec95ec98db44764769f255e675ce1f045b3f8af90e57448c07c4565a754e8f08a1c4fac87541ec2caba09256bdfcdf6879a8347048c44d99d465df5ba59583341d2210f2c4f1388c612f09186385518463bbae178da9e96446feae591a898051204fb382bfcb1ecfd7f867bfa6de8916ecdf0b455f1a2c0d6a6d4534b44a3ed5ac3a5bd5e297a280b05d624702d3bd2340ae6b26929384d6f4606f0b7eeb2970ea94764b5d9d144d3513cf0a809d6a174123a4a7ff7d96d90e3f9cea7f2009cc976b4920e0ace5f029b5b0c208608a8960b3a06a1dd3d94cd64e4aa5e5f39334a4bf2b093ef28681111478fb6cc6b6794798d3df3e4d7dac20fb42286702e6ef5824bc87bae4ffc8f9eda0d9ff21455aa2806af05013caca1e2e9abef5a6582a7612aa64e9f04855aadcb6010fc6f54702ce9353caa76eee9ece14d5d3fd2487ff78515c208cf4df4213064937972a5ba520116526185215c08d7f73c752d7be11fa653fb6a1b90f8632b1d476e9f449808285f0859ab079fd6b3aa09377eae2aa7135c2286d03cfd70c52fff1c40b4896521cbb8655e789d0fc9e0ec647a77e12307a11cd01cd4da404406aaa1156f9aecce1efbf8f26e927d2a96dda6c6244826a74c59c58048697d62d880ccd3a169e0c7aa0907b67f48137e22ef8cedb9dd969cd3f1cd1fb1f03591e6ae5a50b65a56164d30a83ed858d93d333877bdee63d436655761e935a42812ea6b3bf1e2ea13b80664b7a17504c4dae081a2e0ba7aa01d4bbd83979b2d59a6cd93af9514349ef95f44ae2478a8050da5d4bc0ee3b35f2168e2d485403b8cf7856cb4f5e5ca59dbe0ee890b57a65e9eb196b25f816e191c8fca9ac6fbc182663f531d65722fd9ce373870b2dc0d3dc8d271305e2a60e8b5afb3", "c2a9fc1f89d62d0648adee18e967606d825b657f8957508186ab744d1bcbee258a8da15018427dc1b39b057f7bba676143c525d6af43a728749625f91bace5f0ed19f92403c63834f239dbfd3dfb8657ef3ed0ad1c24ba2e640e9d25d38330c1841e38ef4f2a5e22c3c44906fd2a1a8ff8f72649d560f25f5fa2bacc2701ec112994c9e63d0e1932019e1eb55d30cf7a199ef7b9dc6bd7bb599ea5c7113317a31060d0fb668a4a76c5b4a6bf29fb1765001104052dcde2df5f274e8d4f6c173589f095c3714023a25c409d144db9af484ff0af7df59b23ea671522568f3e859af5806c3ea4aa0809a975c92291074767deaa2e5699b8a00cd359801dd63cf60d89d89dd9cfe185ce564a1df15a2a150562a3f6595f5c1fadfecec3b121b9b4548eb3bff8f8fcfd0bd488c1c7afa0ed4a2d6284dec545bd5ee05aee00ea974b5fc46fe26d444e873f309cf52d53c7b485c6a1c3025b827462db0596fd830d3884c7b46dd0ca5cd8449385da568b31fbcdd14eff2454caa23f45ca6565d619fef5d03cfdd0eaead08c4b2ec1b6c5196f7f8f542ba78c03326158a9ea787bdd7938f77b767886af0c409b2049afcfc7b25fb68f82c0885443270d6287988c48ac079b92f8b25f7d833d3676747f358d456f0fc724cd3a2f2f877793a5f47637ee547162da1bb9e77e0dfd201c870e30b38a5fd061ede0846482a9c7c086a528a374c08577c1052fcdd5abcdb9c4cbfbb59f13977d7295ddc5382e78b3ffc6df6a51925a28630e5441e907daafb23a2c115ab32d6555ab587d6c24f0178c62759cafcd93a2d8fc2ab8ed38af9127719d73589d8c42549da278e827e64ca9546f3d762ec3c04cd98989bd10ca1d7f64e47abbdf2d33f7281ade5eef08d3f5227956865b739e1766d18b55db4b4ae0203d7a41baf613ad14911344237128dc62aa0a5d9889782e6dc538249b33a6277301346876c829939c40de714f39461c32ff89377dee7ed2ebe77607eb566885c2a7d8a4fec1dccd1252dce3dff1429b80229f6f04d9ad62db536130269648022545b107f2691bb68690a2d7aca3e72eba25d3c4ea2fccc7772afb2a365086e981bc8ea386c48aa48fe80e2cfcfa5a0831e2303e90a85aefb3b9802278cc8c00b87628ba4141d71eff313ea9ff29303ef0c0c707da1f6b0900b36226e2ee12a993a9dd7a59fbe93b909c378c47b8cc676367abfd313b6611352271cf3244d7a6d36a759f19251d1fa8f836878bd37b3f381838096e9e262cf32525b3e7b1cf839610c484e9df51635d24306cafca4c35776b9d3eb19c6358fb9cd144e0189f7ca31630d1ff5b8cd3b1e227142931312a35ac85fc1de498f3f0748471f62a8fd14e2ecd5a867d13d29d8d27bcd251bc3f9ec09da8e1fc92c7b8e2de2811a0a807b5f0a12fc32f803a660eb5bad9100ec4e09e7da88369e1a26693d13ef8f552b6f56d848a536df0541cbb52088cbee913322dc329367e77ea22122545a370798f9676524005b475951ee241f7b51ec10337a7ca991c1b5c90057d3f3cc91cb03f6ea44a26d73c0d4c8d65360ceea374b7d1371e9dffd1bdee6a5d72e359007d98631906be94afaefceefa5aa048e6439e863ebb07f942882b74eae23e623b85b66b4972eb36d4f4d18570924aa4fe3d32f833bf91178bb74d8e1612681c41f1bdd2ebc43acbf3f001fa7484f82a2cc1f4ebe08c5e94bfa8655d3b9f37df47b0950eaf67642951dcc00eced3747aca20b24aa5b528ce24957aa429e302071d32dc7d1902589ef4a9a659cb26029a397d0ab2bf4d39b83b5eee009e3250ee803882c51507f470acfc7ee3440421773e1285b67fa40279d23fdb3b92c23e5ff543abbb0ad2c2eb124b893cfff60537e50bfab136e55619b31751e98013678dfe21e648e9afbd0238d2e321a854ecdfb14a6a6442693556a3038477898f6c5d758df67460daa5628a764cd6798a6eddb309ae7b94579666ef9e61b66f1cd36cd5e6fc14aef9fd48d160875db293e2679379767632504d0ba2ddf585e7977538b7a7d1dbd5ad198d00c648eac5a25920e9a955247de9f576320426236c44b73c02d3955e6180a684b1df515e94c32b0b5b86e9ad47b9d6034f7ecfe63482ba25494db6c20e299e081f88f29fd49593cd5452aa471a57b4f5014ca5432a10071a39b62121e2914d94450f10d027b35c811faa6e2e4a1225d909a0ecf268b6fb4b070f60b384da2a808da5dd68624f948f1b34e26c59b3b3bf7dd9046c1b2807a5dfedc0ea5365a88699ee7d5f9f3aed789bc20185c6913226e4da3876f2e64de2326840d7e9cdbda246f7203fc9911c2b4688bf24388a1123da74985ffcbf2edf57429f24ced45d4bdc84bd44f766d2f12dd81ea3df481519a56166049cee5dfe17d2e81bc159288918ee6b5abbf38518ad6f7908fa73adea4bef31a65ca9fb599d810c6e2b3b7da4242ef3207e0c8c9d80a059d41a687ae90cdd533b41d225669111f2332033efaaf8210340787f26b9637c46e981a0402ac06d1609b13db1d4be1124950b5523a7e602471ac7223a34dc2ea101ae41250d3caa6c4b6f5f92a432b4b91e96af3b76b5c9aebbc6dc30c66cb95a0668ada84f150749064c6557b1c2f7b1fb6fb251a7682433cf931dc24123ea9f80388c1ee4e488ee1c92ef286db11d87178dba02df2262be7d7b145d8bf4b81fbf7cec468fe22133b30208f0116ff244caf6fa75246f63b0985501f613eb51f4d60a24ed11622d6d3d585ff4d012142107529c4a4eeb88830e5989ce0e4982372b84f6afcc8d9d65f4e92850faa5a4e3dae39fd6376197c6aa31cb86ae624cfda0c6c1a26c4386e5623d527961847cb507cd18b14b49943a06cf233ab8df078725846d3e9287eda7ebd8edb7dd6135571c979a2e41f10858dcab0a5e9a7d1435a27e01cc56ac0c26b35f7e5f3d07728c028254c5d7ec8d09010e9b6aed2b1c6200d76cb28bf484afe23d81027a14227b692f07b5c7d807a61e9ce032ab046c3fcc5323a753f40e675ddf9b37fcf7440b8211852164f3f45816cfee7147181f4cd229b2930c7f0f5526337760649b556ca399a76cd334bf8a950297980c45515e9e7da9b9f3fe73d0cbc05da7d601ac3c473bb3ab8700df8c0c7745d88f92149ae79985c22f2924ff75f5a76b0176895a21f84299f6c3addc2f860553978365c81b64f4c3b0acfaf7c26a5faadef10270cb74240d7ef100cbddc90f43a73aa220944fe33156adb099d7f52c22518ac822497eacf75781f34762df5d06654cdb3d52904585793122afb485a764fc1c8a8361defca6f084a02da5c0eb1ce0dd6046a76bfd3dd2b440c94ad43301fbff1e4f8333c716abadf8c52861643b66f65b0cfd0a70317635ef11585b4eb4f1bc29014b2177cb8e563b282f801acf142a9946b9c337925e0f6040c8756293a4fcd13de281642949d52ecb1c02643dcc1ef55cd55141f781db7ec6d7fa5a495a03f64cce50cf512217314363e9829fcac0a12c74d45a978f0feffc1ffc9fb389ad1a2b27a29c64e591e7a17b8a523260b99549d70d3fd17c18f761df377716c289c830bf16d91933145c924cc36073952fe6d87bf062356fab5f3e233cbde056bc5ba973319a311ddf30bff360c43a6cd4c1f3a73f2e7884f4e6e8318b3058ab0930b521f2677ce611f7cde0800c56c6481a2a49228069e9776a036bf73a4da05d936814bf1c498767ef47986e0eebe1038743d3f072599e9954e39d1619429c9b4e77a49838b2227f8dcbbc62bae93205f2cb804cedcd779b7cee87aee057d686b79cc90e890f7fec18614e63e050bfc05ed1154e34f01ece8510099d05de51ef995f8bdc0709cf89829c62b72d064dc643c3a0f2f82245307f8e23fe207f970fcc233ef9f5bf8a846805cc0e6ee6cba9faec54da36a8e3f5e70dd5f2eab7cdb62539e27e7a12063ca28c6376d0835c14e866ad69cfcc17a6e52852aa6a3775416b2e142e9be9354f386cb569144d726a564243f8f4ca5a41dfa6b49accc5b1f62ee2ebe9d9253c32d1166e37dec7dc10d24b1916b51828e108b937402aeb48c8b9e69f6d2fff5aea4247cc7b3be187427e28b8f7f173f63800c63cc4916076a926d0c27fe8c9db91e0b7c3fb1c7f8f78d8a108e91eb2e3452e425164c7b605bd8953aa7df3de5218c822af73cac03537cc5e08c64c5bc4c0b563358265dc4fdd0fe105dc64e09d1693ae726dd86bd5adfb9769fc0e7d3fbe9adaf8b06c1ec276c88ee517bd86788159af0f3dce35a9305586e7758c54ceeac4317b2ea113e29de7dd6eb9047f7d11c003103930b7d5c312fa8a2475fcee85027a87bec02a875361b7b77cbaf2e448ea4911d54935f8166ee0036fc62bf9244b5768541c9efb8d967ee5df5cda5b42e25a3107cd2d7f463f06f02abb553d3393b04de64da151a4409161f32fe82c8573557d98b4bf1b2ea134d701a39faaba286583895b929de3ecf15953280e5327f7f42700fefd34389cce10f0f86dbdc1791242f354c889bf2dfa936f6604c3da120fc25eba8dfe20e7d3762ae6dd55bc1b331ae9c16a1ec8a0e11e240fd3c2b3074dd2446e46dfd720e3d277360379f2fa31c58cb0750624249f2fa2ae30fccd8a573db3999e24b54248dbd2e43521f570e15def95a5bb61cd1e9470850c40e64c13955c7f60d3416efc2ba3aa224d0322caa0161882a66f229ed7912e458670226531b4c40df0cb1601a9af9f002364d70d473254e144c43aacdaf92e50b0622a1865d73be748f57aea581b8740cf4250b74d1bbf9ae3a58022846b3dc292e0c0f7271d6aaab5390beefa31c0468f11aec5ffe8cf2901875db56373ebd9eee326ddce98d7cefdf4252fe94e1d834f32ceac8ef4c6b0f4631b88b7e915349f8ed8e84921ba30d95b0b471048888fe5cb944950ed490356b7068640a62a41c79803e7af56cb49ad9cf158d80f98060cc37a431263a4e4ef06a7e263ba4011945aaabd2ce10b3feddfc52d884d5491762b10dcbc04699f5cad09ecc5ceb1364dea181f5427b0cadc88bfd5e5e0cb49ccf5498295fa38cf3ee32374d990834739e1b195377981ed2fa1078b9ae50e6d03214b1b169dd38784b959fb18673617817d13e64b1667fe11994a2122664dfc3b7493a64707ea1e8430d2e8a45c9a0552904560f07ed2945ef6a00a47fa682b47955a48b5e748f1fd16f0c36bb524a58f795abf9a491dc83f6f676024299ee5fe3a3b8f32eb37d25b93720a0f462879c5318dffb35b2145f633690cb2733f5368333f26cf97c30bd51aed6c3b4031b414592012e204ad6431f7ecde88e445d5fbf0fe87710ae8682c9a8d4bac011eeb2d03b7a2441161d81c8cd4b7d35b28fed30e6cedb181aa94fe1bd9589def52176c883bd23a779268c043808017acab07f2691e32091692cf937c69defaf4b48efcd3431bc6034018a65ec7f6eb0f93fc3a33127621e8ee88125441362d49160b3b8d7988ceb03cf73cc70135cefc9c570cf15e71d6e0bb225fdfb8df91a7738de288882802c668be60f32dfe8b4e7fe708745ae677090079048095779b753fee9c69fa8bfd7af539bc13189a720ab647096687a2f2ee2a618c791b4159527a4f472852a1676ed380c7d57dcb269686f8bb15e9db1b72f605ea7656ee77f035d233282a674439417945e109e89efc86c0c6c21e20fab22daeeb8fad4f5173bd34b822cecd2048d8e65d52ca7799c9856d1efcaf46960ac1553c38148ca1e990c78dabf7b60e6bb184ef0963eaa0257e38"}) 03:33:29 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$inet(0x2, 0x2000000080003, 0xc) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f00000000c0)=@broute={'broute\x00\x00\x00\x00\x02\x00\x00\x00\x00t\x00', 0x20, 0x1, 0x178, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000800], 0x2, 0x0, &(0x7f0000000800)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe, 0x1, [{{{0x11, 0x0, 0x0, 'bcsf0\x00\x00\x00\x00\b\x00', 'veth0_to_bond\x00', 'vcan0\x00', 'vlan0\x00', @broadcast, [], @link_local, [], 0xb0, 0xb0, 0xe8, [@devgroup={'devgroup\x00', 0x18, {{0x38}}}]}}, @common=@dnat={'dnat\x00', 0x10, {{@link_local}}}}]}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}]}, 0x1f0) fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0) 03:33:29 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000880)='/dev/binder#\x00', 0xffffffffffffffff, 0x2) r1 = socket$inet_udplite(0x2, 0x2, 0x88) prctl$PR_TASK_PERF_EVENTS_DISABLE(0x1f) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10) ioctl$BINDER_THREAD_EXIT(r0, 0xc0046209, 0x70c000) 03:33:29 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x7a00, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:33:29 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000340)={0x0, 0x8f00, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:33:29 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$inet(0x2, 0x2000000080003, 0xc) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f00000000c0)=@broute={'broute\x00\x00\x00\x00\x02\x00\x00\x00\x00t\x00', 0x20, 0x1, 0x178, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000800], 0x2, 0x0, &(0x7f0000000800)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe, 0x1, [{{{0x11, 0x0, 0x0, 'bcsf0\x00\x00\x00\x00\b\x00', 'veth0_to_bond\x00', 'vcan0\x00', 'vlan0\x00', @broadcast, [], @link_local, [], 0xb0, 0xb0, 0xe8, [@devgroup={'devgroup\x00', 0x18, {{0x38}}}]}}, @common=@dnat={'dnat\x00', 0x10, {{@link_local}}}}]}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}]}, 0x1f0) fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0) [ 3448.923403][ T8750] syz-executor.5 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 03:33:29 executing program 3: clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) ioctl$UFFDIO_WAKE(0xffffffffffffffff, 0x8010aa02, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, 0x0, 0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="4800000000000000140100000100"/24, @ANYPTR=&(0x7f0000000040)=ANY=[@ANYBLOB='\x00'/156], @ANYBLOB="9c00000000000000", @ANYPTR=&(0x7f0000000900)=ANY=[@ANYPTR=&(0x7f0000000100)=ANY=[@ANYBLOB='\x00'/44], @ANYBLOB=',\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f00000001c0)=ANY=[@ANYBLOB='\x00'/67], @ANYBLOB='C\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000000240)=ANY=[@ANYBLOB='\x00'/198], @ANYBLOB="c600000000000000", @ANYPTR=&(0x7f0000000140)=ANY=[@ANYBLOB='\x00'/15], @ANYBLOB="0f00000000000000", @ANYPTR=&(0x7f0000000340)=ANY=[@ANYBLOB='\x00'/54], @ANYBLOB='6\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000000380)=ANY=[@ANYBLOB='\x00'/42], @ANYBLOB='*\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f00000003c0)=ANY=[@ANYBLOB='\x00'/77], @ANYBLOB='M\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000000440)=ANY=[@ANYBLOB='\x00'/244], @ANYBLOB="f400000000000000d97a43764fb39b0d6a593f2f093f63fd79639544fc8f07d78100b4a458a538b7c82e6b16b1bf51c8b08321b8d71dfdcd6c23edac18a949baab7f72c1c465d439a38f2da6301f457778a19e8b743c7dbdba6e2cc5e2dbc1585dfeafe83a1d4a7b50d4dcd0889393e913f3a5d3d3ac1b066fdba81f90c855a34334544cbb69c1dc2c6a30168f4b2817467f58bba3d8255868f8a3", @ANYPTR=&(0x7f0000000540)=ANY=[@ANYBLOB='\x00'/219], @ANYBLOB="db00000000000000"], @ANYBLOB='\t\x00\x00\x00\x00\x00\x00\x00`\x00'/24], 0x48}, 0x0) write$nbd(0xffffffffffffffff, &(0x7f00000006c0)=ANY=[@ANYBLOB="67446698000000000300000004000000f50208cffb6a5b8284233d8c2c3667010bbf922f62c67774d69fab2fdc64744887abb2de347935dba9dd8e1db7883ab53a906cabe133e17ccebcd88ebbc71be5e3d70600bea5da614b0ea9c27b6d20a5e0f5e0b1de3fd77d0bb48e35d4d6307f60311b7b22e6824930b6fba9d8633fa7d2c084c8753904548e768be3f99ddf3197de754bec5e2f744a004a7508ee99a6837d0e0a27546348449f00"/186], 0xae) syz_mount_image$iso9660(&(0x7f0000000180)='iso9660\x00', &(0x7f0000000640)='./file0\x00', 0x8, 0x1, &(0x7f0000000dc0)=[{&(0x7f0000000d40)="df7d74b818bb2d1d695f46891fbdf0140c4de91bea207e53929cfce955cb4dceb425b736ae2cd1f9c089d3ebe097f477af42e5e73971236efd2ddc2de37d5130a45d73146478cffdf19e1d904e98cba5baba61ba4c8a7b19ba761b92f12c1b97205846b7cc938017", 0x68}], 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00\x00\x00\x00\x00\x00\x00\t0\x00', 0x1ff) mount$fuse(0x20000000, &(0x7f0000000080)='./file0\x00', 0x0, 0x7a00, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000008c0)='/dev/input/mouse#\x00', 0x2000008000, 0x40000) ioctl$DRM_IOCTL_AGP_ENABLE(r1, 0x40086432, &(0x7f0000000680)=0x9) getsockopt$inet_sctp6_SCTP_I_WANT_MAPPED_V4_ADDR(r1, 0x84, 0xc, &(0x7f0000000800), 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000000040)={0xffffffffffffff9c}) [ 3449.085225][ T8750] CPU: 0 PID: 8750 Comm: syz-executor.5 Not tainted 5.1.0-rc5-next-20190418 #28 [ 3449.094402][ T8750] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3449.104463][ T8750] Call Trace: [ 3449.104493][ T8750] dump_stack+0x172/0x1f0 [ 3449.112088][ T8750] dump_header+0x10f/0xb6c [ 3449.116623][ T8750] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3449.122457][ T8750] ? ___ratelimit+0x60/0x595 [ 3449.127158][ T8750] ? do_raw_spin_unlock+0x57/0x270 [ 3449.132377][ T8750] oom_kill_process.cold+0x10/0x15 [ 3449.137507][ T8750] out_of_memory+0x79a/0x1280 [ 3449.142203][ T8750] ? lock_downgrade+0x880/0x880 [ 3449.147335][ T8750] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3449.153699][ T8750] ? oom_killer_disable+0x280/0x280 [ 3449.158918][ T8750] ? find_held_lock+0x35/0x130 [ 3449.163715][ T8750] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3449.169326][ T8750] ? memcg_event_wake+0x230/0x230 [ 3449.174400][ T8750] ? do_raw_spin_unlock+0x57/0x270 [ 3449.179625][ T8750] ? _raw_spin_unlock+0x2d/0x50 [ 3449.184499][ T8750] try_charge+0x118d/0x1790 [ 3449.189034][ T8750] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3449.194783][ T8750] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 3449.200346][ T8750] ? find_held_lock+0x35/0x130 [ 3449.205129][ T8750] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 3449.210705][ T8750] __memcg_kmem_charge_memcg+0x7c/0x130 [ 3449.216485][ T8750] ? memcg_kmem_put_cache+0xb0/0xb0 [ 3449.221797][ T8750] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3449.227447][ T8750] __memcg_kmem_charge+0x136/0x300 [ 3449.232583][ T8750] __alloc_pages_nodemask+0x437/0x7e0 [ 3449.237980][ T8750] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3449.243460][ T8750] ? __alloc_pages_slowpath+0x28b0/0x28b0 [ 3449.249202][ T8750] ? copy_page_range+0x128a/0x1fc0 [ 3449.254333][ T8750] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3449.260706][ T8750] alloc_pages_current+0x107/0x210 [ 3449.266038][ T8750] pte_alloc_one+0x1b/0x1a0 [ 3449.270741][ T8750] __pte_alloc+0x20/0x310 [ 3449.275356][ T8750] copy_page_range+0x1561/0x1fc0 [ 3449.280539][ T8750] ? __lock_acquire+0x548/0x3fb0 [ 3449.285515][ T8750] ? pmd_alloc+0x180/0x180 [ 3449.290036][ T8750] ? vma_gap_callbacks_rotate+0x62/0x80 [ 3449.295655][ T8750] ? __rb_insert_augmented+0x231/0xdf0 [ 3449.301136][ T8750] ? validate_mm_rb+0xa3/0xc0 [ 3449.305935][ T8750] ? __vma_link_rb+0x279/0x370 [ 3449.310725][ T8750] ? kasan_check_write+0x14/0x20 [ 3449.315725][ T8750] copy_process.part.0+0x5afb/0x7a90 [ 3449.321061][ T8750] ? __cleanup_sighand+0x60/0x60 [ 3449.326171][ T8750] _do_fork+0x257/0xfd0 [ 3449.330363][ T8750] ? fork_idle+0x1d0/0x1d0 [ 3449.334808][ T8750] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3449.340284][ T8750] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3449.345759][ T8750] ? do_syscall_64+0x26/0x670 [ 3449.350463][ T8750] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3449.357021][ T8750] ? do_syscall_64+0x26/0x670 [ 3449.361832][ T8750] __x64_sys_clone+0xbf/0x150 [ 3449.366536][ T8750] do_syscall_64+0x103/0x670 [ 3449.371514][ T8750] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3449.377523][ T8750] RIP: 0033:0x458c29 [ 3449.381512][ T8750] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3449.401348][ T8750] RSP: 002b:00007fea30623c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 3449.409954][ T8750] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000458c29 [ 3449.417954][ T8750] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 3449.425973][ T8750] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 3449.434172][ T8750] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fea306246d4 [ 3449.442244][ T8750] R13: 00000000004befd3 R14: 00000000004d0020 R15: 00000000ffffffff [ 3449.524450][ T8750] memory: usage 307168kB, limit 307200kB, failcnt 98761 [ 3449.550897][ T8750] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3449.565897][ T8750] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3449.576640][ T8750] Memory cgroup stats for /syz5: cache:124KB rss:99600KB rss_huge:0KB shmem:132KB mapped_file:0KB dirty:132KB writeback:0KB swap:0KB inactive_anon:132KB active_anon:99600KB inactive_file:4KB active_file:0KB unevictable:0KB [ 3449.682609][ T8750] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=17804,uid=0 [ 3449.704953][ T8750] Memory cgroup out of memory: Killed process 17804 (syz-executor.5) total-vm:72448kB, anon-rss:156kB, file-rss:34816kB, shmem-rss:0kB [ 3449.767523][ T8953] syz-executor.5 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 3449.788986][ T8953] CPU: 0 PID: 8953 Comm: syz-executor.5 Not tainted 5.1.0-rc5-next-20190418 #28 [ 3449.798440][ T8953] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3449.808600][ T8953] Call Trace: [ 3449.811911][ T8953] dump_stack+0x172/0x1f0 [ 3449.816264][ T8953] dump_header+0x10f/0xb6c [ 3449.820707][ T8953] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3449.826530][ T8953] ? ___ratelimit+0x60/0x595 [ 3449.831145][ T8953] ? do_raw_spin_unlock+0x57/0x270 [ 3449.836489][ T8953] oom_kill_process.cold+0x10/0x15 [ 3449.841619][ T8953] out_of_memory+0x79a/0x1280 [ 3449.846316][ T8953] ? lock_downgrade+0x880/0x880 [ 3449.851206][ T8953] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3449.857561][ T8953] ? oom_killer_disable+0x280/0x280 [ 3449.862955][ T8953] ? find_held_lock+0x35/0x130 [ 3449.867745][ T8953] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3449.873394][ T8953] ? memcg_event_wake+0x230/0x230 [ 3449.878440][ T8953] ? do_raw_spin_unlock+0x57/0x270 [ 3449.883589][ T8953] ? _raw_spin_unlock+0x2d/0x50 [ 3449.888464][ T8953] try_charge+0x118d/0x1790 [ 3449.893013][ T8953] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3449.898601][ T8953] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 3449.904164][ T8953] ? find_held_lock+0x35/0x130 [ 3449.908950][ T8953] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 3449.914521][ T8953] __memcg_kmem_charge_memcg+0x7c/0x130 [ 3449.920184][ T8953] ? memcg_kmem_put_cache+0xb0/0xb0 [ 3449.925483][ T8953] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3449.931044][ T8953] __memcg_kmem_charge+0x136/0x300 [ 3449.936172][ T8953] __alloc_pages_nodemask+0x437/0x7e0 [ 3449.941564][ T8953] ? find_held_lock+0x35/0x130 [ 3449.946437][ T8953] ? __alloc_pages_slowpath+0x28b0/0x28b0 [ 3449.952168][ T8953] ? kasan_check_write+0x14/0x20 [ 3449.957383][ T8953] ? lock_downgrade+0x880/0x880 [ 3449.962463][ T8953] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3449.968732][ T8953] alloc_pages_current+0x107/0x210 [ 3449.973876][ T8953] pte_alloc_one+0x1b/0x1a0 [ 3449.978563][ T8953] __pte_alloc+0x20/0x310 [ 3449.982960][ T8953] copy_page_range+0x1561/0x1fc0 [ 3449.987927][ T8953] ? anon_vma_fork+0x371/0x4a0 [ 3449.992810][ T8953] ? pmd_alloc+0x180/0x180 [ 3449.997239][ T8953] ? vma_gap_callbacks_rotate+0x62/0x80 [ 3450.002828][ T8953] ? validate_mm_rb+0xa3/0xc0 [ 3450.007534][ T8953] ? __vma_link_rb+0x279/0x370 [ 3450.012773][ T8953] copy_process.part.0+0x5afb/0x7a90 [ 3450.018125][ T8953] ? __cleanup_sighand+0x60/0x60 [ 3450.023093][ T8953] _do_fork+0x257/0xfd0 [ 3450.027409][ T8953] ? fork_idle+0x1d0/0x1d0 [ 3450.031848][ T8953] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3450.037318][ T8953] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3450.042790][ T8953] ? do_syscall_64+0x26/0x670 [ 3450.047479][ T8953] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3450.053822][ T8953] ? do_syscall_64+0x26/0x670 [ 3450.058529][ T8953] __x64_sys_clone+0xbf/0x150 [ 3450.063228][ T8953] do_syscall_64+0x103/0x670 [ 3450.067833][ T8953] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3450.073819][ T8953] RIP: 0033:0x458c29 [ 3450.077727][ T8953] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3450.097566][ T8953] RSP: 002b:00007fea30602c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 3450.105999][ T8953] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000458c29 [ 3450.114007][ T8953] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 3450.121988][ T8953] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 3450.129972][ T8953] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fea306036d4 [ 3450.137956][ T8953] R13: 00000000004befd3 R14: 00000000004d0020 R15: 00000000ffffffff [ 3450.158350][ T8953] memory: usage 307164kB, limit 307200kB, failcnt 98769 [ 3450.177987][ T8953] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3450.186069][ T8953] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3450.228032][ T8953] Memory cgroup stats for /syz5: cache:124KB rss:99732KB rss_huge:0KB shmem:132KB mapped_file:0KB dirty:132KB writeback:0KB swap:0KB inactive_anon:132KB active_anon:99600KB inactive_file:4KB active_file:0KB unevictable:0KB [ 3450.268006][ T8953] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=8664,uid=0 [ 3450.298110][ T8953] Memory cgroup out of memory: Killed process 8664 (syz-executor.5) total-vm:72580kB, anon-rss:164kB, file-rss:35716kB, shmem-rss:0kB 03:33:30 executing program 5: socket$inet_udplite(0x2, 0x2, 0x88) sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000002300)}, 0x0) clone(0x0, 0x0, 0x0, 0x0, 0x0) sysinfo(&(0x7f0000000000)=""/248) r0 = socket$inet(0x10, 0x3, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$sock_ifreq(r1, 0x89f1, &(0x7f0000000180)={'ip6tnl0\x00', @ifru_flags}) 03:33:30 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x7b00, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:33:30 executing program 1: r0 = syz_open_dev$evdev(&(0x7f00000000c0)='/dev/input/event#\x00', 0x20, 0x101002) write$evdev(r0, &(0x7f0000000000)=[{{0x77359400}, 0x1, 0x37, 0x2}], 0x7b0) r1 = socket$inet(0x10, 0x3, 0x0) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='attr/sockcreate\x00') ioctl$VIDIOC_G_TUNER(r2, 0xc054561d, &(0x7f0000000080)={0x9, "5475d0fff12d8f4d25d4241bb0a15f651475c476a8b05f6daf96a507a375b4df", 0x5, 0x0, 0x5f, 0x3, 0xe, 0x3, 0x7ff, 0x6}) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000880)="240000005a0007041dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0) prctl$PR_MPX_ENABLE_MANAGEMENT(0x2b) 03:33:30 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$inet(0x2, 0x2000000080003, 0xc) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f00000000c0)=@broute={'broute\x00\x00\x00\x00\x02\x00\x00\x00\x00t\x00', 0x20, 0x1, 0x178, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000800], 0x2, 0x0, &(0x7f0000000800)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe, 0x1, [{{{0x11, 0x0, 0x0, 'bcsf0\x00\x00\x00\x00\b\x00', 'veth0_to_bond\x00', 'vcan0\x00', 'vlan0\x00', @broadcast, [], @link_local, [], 0xb0, 0xb0, 0xe8, [@devgroup={'devgroup\x00', 0x18, {{0x38}}}]}}, @common=@dnat={'dnat\x00', 0x10, {{@link_local}}}}]}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}]}, 0x1f0) fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0) 03:33:30 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000340)={0x0, 0x9000, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:33:30 executing program 3: mkdir(0x0, 0x0) getpeername$ax25(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000180)='.//ile0\x00', 0x22) mkdir(&(0x7f0000000200)='.//ile0/file0\x00', 0x101) r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000280)='/dev/audio\x00', 0x40, 0x0) recvmmsg(r0, &(0x7f0000000e40)=[{{&(0x7f00000003c0)=@sco, 0x80, &(0x7f0000000600)=[{&(0x7f0000000480)=""/156, 0x9c}, {&(0x7f00000000c0)=""/27, 0x1b}, {&(0x7f0000000580)=""/102, 0x66}], 0x3, &(0x7f0000000640)=""/131, 0x83}, 0x2}, {{&(0x7f0000000900)=@nl=@unspec, 0x80, &(0x7f0000000cc0)=[{&(0x7f0000000800)=""/103, 0x67}, {&(0x7f0000000880)=""/116, 0x74}, {&(0x7f00000009c0)=""/135, 0x87}, {&(0x7f0000000a80)=""/245, 0xf5}, {0x0}, {&(0x7f0000000c00)=""/145, 0x91}], 0x6, &(0x7f0000000d40)=""/250, 0xfa}, 0x1}], 0x93, 0x0, &(0x7f0000000780)={0x0, 0x1c9c380}) mkdir(&(0x7f0000000440)='./file1\x00', 0x0) mkdir(&(0x7f0000000340)='./file0\x00', 0x0) lremovexattr(&(0x7f0000000000)='./file1\x00', &(0x7f0000000040)=@known='system.advise\x00') mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) setsockopt$TIPC_MCAST_REPLICAST(r1, 0x10f, 0x86) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') ioctl$VIDIOC_QBUF(r1, 0xc058560f, &(0x7f0000000700)={0x0, 0x0, 0x4, 0x1000000, {}, {0x7, 0xc, 0x5, 0x2, 0xd190, 0x8, "0aa36d53"}, 0x80000001, 0x3, @fd=r1, 0x4}) [ 3450.457866][ T8967] netlink: 'syz-executor.1': attribute type 3 has an invalid length. 03:33:31 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$inet(0x2, 0x2000000080003, 0xc) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f00000000c0)=@broute={'broute\x00\x00\x00\x00\x02\x00\x00\x00\x00t\x00', 0x20, 0x1, 0x178, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000800], 0x2, 0x0, &(0x7f0000000800)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe, 0x1, [{{{0x11, 0x0, 0x0, 'bcsf0\x00\x00\x00\x00\b\x00', 'veth0_to_bond\x00', 'vcan0\x00', 'vlan0\x00', @broadcast, [], @link_local, [], 0xb0, 0xb0, 0xe8, [@devgroup={'devgroup\x00', 0x18, {{0x38}}}]}}, @common=@dnat={'dnat\x00', 0x10, {{@link_local}}}}]}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}]}, 0x1f0) fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0) 03:33:31 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x7c00, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:33:31 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000340)={0x0, 0x9100, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) [ 3450.623892][ T9097] netlink: 'syz-executor.1': attribute type 3 has an invalid length. [ 3450.703902][ T9063] syz-executor.5 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 3450.748657][ T9112] overlayfs: filesystem on './file0' not supported as upperdir [ 3450.772215][ T9063] CPU: 1 PID: 9063 Comm: syz-executor.5 Not tainted 5.1.0-rc5-next-20190418 #28 [ 3450.781675][ T9063] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3450.792039][ T9063] Call Trace: 03:33:31 executing program 1: r0 = socket$inet(0x2, 0x3, 0x1) r1 = io_uring_setup(0x3f2, &(0x7f0000000000)={0x0, 0x0, 0x6, 0x0, 0x253}) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0ad401003c123f319bd070") r2 = dup2(r0, r1) setsockopt$XDP_TX_RING(r2, 0x11b, 0x3, &(0x7f0000000080)=0x8, 0x4) [ 3450.795368][ T9063] dump_stack+0x172/0x1f0 [ 3450.799945][ T9063] dump_header+0x10f/0xb6c [ 3450.804573][ T9063] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3450.810497][ T9063] ? ___ratelimit+0x60/0x595 [ 3450.815102][ T9063] ? do_raw_spin_unlock+0x57/0x270 [ 3450.820229][ T9063] oom_kill_process.cold+0x10/0x15 [ 3450.825355][ T9063] out_of_memory+0x79a/0x1280 [ 3450.830044][ T9063] ? lock_downgrade+0x880/0x880 [ 3450.830062][ T9063] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3450.830082][ T9063] ? oom_killer_disable+0x280/0x280 [ 3450.841140][ T9063] ? find_held_lock+0x35/0x130 [ 3450.841164][ T9063] mem_cgroup_out_of_memory+0x1ca/0x230 [ 3450.841176][ T9063] ? memcg_event_wake+0x230/0x230 [ 3450.841195][ T9063] ? do_raw_spin_unlock+0x57/0x270 [ 3450.841215][ T9063] ? _raw_spin_unlock+0x2d/0x50 [ 3450.872248][ T9063] try_charge+0x118d/0x1790 [ 3450.876897][ T9063] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3450.882556][ T9063] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 3450.888122][ T9063] ? find_held_lock+0x35/0x130 [ 3450.893027][ T9063] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 3450.898610][ T9063] __memcg_kmem_charge_memcg+0x7c/0x130 [ 3450.904636][ T9063] ? memcg_kmem_put_cache+0xb0/0xb0 [ 3450.909854][ T9063] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 3450.915422][ T9063] __memcg_kmem_charge+0x136/0x300 [ 3450.920558][ T9063] __alloc_pages_nodemask+0x437/0x7e0 [ 3450.925963][ T9063] ? __alloc_pages_slowpath+0x28b0/0x28b0 [ 3450.931708][ T9063] ? copy_page_range+0x128a/0x1fc0 [ 3450.937070][ T9063] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3450.943456][ T9063] alloc_pages_current+0x107/0x210 [ 3450.948671][ T9063] pte_alloc_one+0x1b/0x1a0 [ 3450.953190][ T9063] __pte_alloc+0x20/0x310 [ 3450.957540][ T9063] copy_page_range+0x1561/0x1fc0 [ 3450.962496][ T9063] ? __lock_acquire+0x548/0x3fb0 [ 3450.967746][ T9063] ? pmd_alloc+0x180/0x180 [ 3450.972175][ T9063] ? vma_gap_callbacks_rotate+0x62/0x80 [ 3450.977828][ T9063] ? __rb_insert_augmented+0x231/0xdf0 [ 3450.983305][ T9063] ? validate_mm_rb+0xa3/0xc0 [ 3450.988002][ T9063] ? __vma_link_rb+0x279/0x370 [ 3450.992863][ T9063] ? kasan_check_write+0x14/0x20 [ 3450.997819][ T9063] copy_process.part.0+0x5afb/0x7a90 [ 3451.003324][ T9063] ? __cleanup_sighand+0x60/0x60 [ 3451.008300][ T9063] _do_fork+0x257/0xfd0 [ 3451.012481][ T9063] ? fork_idle+0x1d0/0x1d0 [ 3451.016916][ T9063] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3451.022387][ T9063] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3451.027859][ T9063] ? do_syscall_64+0x26/0x670 [ 3451.032550][ T9063] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3451.038630][ T9063] ? do_syscall_64+0x26/0x670 [ 3451.043428][ T9063] __x64_sys_clone+0xbf/0x150 [ 3451.048132][ T9063] do_syscall_64+0x103/0x670 [ 3451.052733][ T9063] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3451.058625][ T9063] RIP: 0033:0x458c29 [ 3451.062524][ T9063] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3451.082563][ T9063] RSP: 002b:00007fea30623c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 3451.091163][ T9063] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000458c29 [ 3451.099140][ T9063] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 3451.107120][ T9063] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 3451.115194][ T9063] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fea306246d4 [ 3451.123464][ T9063] R13: 00000000004befd3 R14: 00000000004d0020 R15: 00000000ffffffff [ 3451.179030][ T9182] WARNING: CPU: 0 PID: 9182 at kernel/kthread.c:399 __kthread_bind_mask+0x3b/0xc0 [ 3451.188552][ T9182] Kernel panic - not syncing: panic_on_warn set ... [ 3451.192487][ T9063] memory: usage 307128kB, limit 307200kB, failcnt 98800 [ 3451.195241][ T9182] CPU: 0 PID: 9182 Comm: syz-executor.1 Not tainted 5.1.0-rc5-next-20190418 #28 [ 3451.202256][ T9063] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3451.211372][ T9182] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3451.211379][ T9182] Call Trace: [ 3451.211409][ T9182] dump_stack+0x172/0x1f0 [ 3451.211438][ T9182] ? __kthread_cancel_work+0x2a0/0x2e0 [ 3451.211456][ T9182] panic+0x2cb/0x72b [ 3451.211475][ T9182] ? __warn_printk+0xf3/0xf3 [ 3451.211496][ T9182] ? __kthread_bind_mask+0x3b/0xc0 [ 3451.211512][ T9182] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3451.211526][ T9182] ? __warn.cold+0x5/0x46 [ 3451.211544][ T9182] ? __kthread_bind_mask+0x3b/0xc0 [ 3451.224094][ T9063] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3451.229298][ T9182] __warn.cold+0x20/0x46 [ 3451.229316][ T9182] ? lockdep_hardirqs_on+0x418/0x5d0 [ 3451.229331][ T9182] ? __kthread_bind_mask+0x3b/0xc0 [ 3451.229349][ T9182] report_bug+0x263/0x2b0 [ 3451.229370][ T9182] do_error_trap+0x11b/0x200 [ 3451.232798][ T9063] Memory cgroup stats for /syz5: cache:124KB rss:99592KB rss_huge:0KB shmem:132KB mapped_file:0KB dirty:132KB writeback:0KB swap:0KB inactive_anon:132KB active_anon:99600KB inactive_file:4KB active_file:0KB unevictable:0KB [ 3451.236989][ T9182] do_invalid_op+0x37/0x50 [ 3451.247209][ T9063] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=17825,uid=0 [ 3451.251160][ T9182] ? __kthread_bind_mask+0x3b/0xc0 [ 3451.251179][ T9182] invalid_op+0x14/0x20 [ 3451.251193][ T9182] RIP: 0010:__kthread_bind_mask+0x3b/0xc0 [ 3451.251207][ T9182] Code: 48 89 fb e8 d7 bc 24 00 4c 89 e6 48 89 df e8 ac e0 02 00 31 ff 49 89 c4 48 89 c6 e8 5f be 24 00 4d 85 e4 75 15 e8 b5 bc 24 00 <0f> 0b e8 ae bc 24 00 5b 41 5c 41 5d 41 5e 5d c3 e8 a0 bc 24 00 4c [ 3451.251219][ T9182] RSP: 0018:ffff88820c44fd10 EFLAGS: 00010216 [ 3451.256667][ T9063] Memory cgroup out of memory: Killed process 17825 (syz-executor.5) total-vm:72448kB, anon-rss:156kB, file-rss:34816kB, shmem-rss:0kB [ 3451.262766][ T9182] RAX: 0000000000040000 RBX: ffff888053ac4340 RCX: ffffc90008209000 [ 3451.262775][ T9182] RDX: 00000000000001bf RSI: ffffffff814c09db RDI: 0000000000000007 [ 3451.262782][ T9182] RBP: ffff88820c44fd30 R08: ffff888063dd2640 R09: 0000000000000000 03:33:31 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x7d00, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 03:33:32 executing program 3: r0 = socket$pppoe(0x18, 0x1, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)=ANY=[@ANYBLOB], 0x1}}, 0x0) connect$pppoe(r0, &(0x7f0000000080)={0x18, 0x0, {0x4, @dev={[], 0xa}, 'lo\x00'}}, 0x1e) ioctl$PPPIOCGCHAN(r0, 0x80047437, &(0x7f0000000200)) sendmmsg(r0, &(0x7f00000000c0)=[{{&(0x7f0000002980)=@rc, 0x80, &(0x7f00000003c0), 0x0, &(0x7f0000000100)}}], 0x69, 0x0) r1 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/vs/am_droprate\x00', 0x2, 0x0) ioctl$TIOCSLCKTRMIOS(r1, 0x5457, &(0x7f0000000180)) r2 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000000)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$KVM_GET_REGS(r2, 0x8090ae81, &(0x7f0000000240)) [ 3451.262789][ T9182] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 3451.262797][ T9182] R13: ffffffff87691648 R14: ffff888053ac4360 R15: ffffffff81c92ca0 [ 3451.262818][ T9182] ? io_ring_ctx_wait_and_kill+0x510/0x510 [ 3451.262839][ T9182] ? __kthread_bind_mask+0x3b/0xc0 [ 3451.262858][ T9182] kthread_unpark+0x123/0x160 [ 3451.262873][ T9182] kthread_stop+0xfa/0x6c0 [ 3451.262890][ T9182] io_finish_async+0xab/0x180 [ 3451.262903][ T9182] io_ring_ctx_wait_and_kill+0x133/0x510 [ 3451.262915][ T9182] io_uring_release+0x42/0x50 [ 3451.262927][ T9182] __fput+0x2e5/0x8d0 [ 3451.262944][ T9182] ____fput+0x16/0x20 [ 3451.262955][ T9182] task_work_run+0x14a/0x1c0 [ 3451.262978][ T9182] exit_to_usermode_loop+0x273/0x2c0 [ 3451.262994][ T9182] do_syscall_64+0x57e/0x670 [ 3451.263014][ T9182] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3451.340702][ T3879] kobject: 'loop0' (000000006ec0e872): kobject_uevent_env [ 3451.344814][ T9182] RIP: 0033:0x458c29 [ 3451.384739][ T3879] kobject: 'loop0' (000000006ec0e872): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 3451.385725][ T9182] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3451.533691][ T8971] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3451.551047][ T9182] RSP: 002b:00007fe1cdf85c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000021 [ 3451.551060][ T9182] RAX: 0000000000000004 RBX: 0000000000000002 RCX: 0000000000458c29 [ 3451.551069][ T9182] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 3451.551077][ T9182] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 3451.551084][ T9182] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe1cdf866d4 [ 3451.551090][ T9182] R13: 00000000004bf189 R14: 00000000004d0350 R15: 00000000ffffffff [ 3451.553025][ T9182] Kernel Offset: disabled [ 3451.616321][ T9182] Rebooting in 86400 seconds..