39bb2c683cf3b052e706ac939dc8ad8682ce33398cdfaace9d346d6b4bde38400285fdecf49496a65928537f2ffe986690243df5dc326c36504ad61ce40d5867ce789e35d8d61a4c51a6abe01d481c46ea0cb80f95657c9c6179c9e43e088e38e57dae59bbb4a15441f9924340ae45042d715946d691f025228827a2432c72bf6484d466b1452a157718a6cd2323d33de4d5c4d0e34c7baacc951f665ae62e743d0d9ed572414c8d2a8c2a52c273349d57730cc0b7da7a5ed7a476d8fdb73f5073eefdb7e76700295eb5875d0356c16041"], 0xa) close(r2) socket(0x10, 0x3, 0x0) writev(r1, &(0x7f0000000600)=[{&(0x7f0000000380)="f98ac693ce6908", 0x7}], 0x1) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000140)=ANY=[], 0xfef0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) splice(r0, 0x0, r2, 0x0, 0x80000001, 0x0) 10:20:31 executing program 2: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0)='NLBL_CIPSOv4\x00') socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000300)) sendmsg$NLBL_CIPSOV4_C_REMOVE(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000240), 0xc, 0x0, 0x1, 0x0, 0x0, 0x40004}, 0x0) sendmsg$NLBL_CIPSOV4_C_LIST(0xffffffffffffffff, &(0x7f00000006c0)={&(0x7f0000000340), 0xc, 0x0}, 0x0) dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ioctl$DRM_IOCTL_WAIT_VBLANK(0xffffffffffffffff, 0xc018643a, &(0x7f0000000440)={0x0, 0x7, 0x36}) setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000480)={0x0, @rand_addr, @local}, 0xc) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000001940)='/dev/qat_adf_ctl\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYRES16=0x0], 0x1}}, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 414.679398][T11195] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 10:20:31 executing program 5: [ 414.736458][T11195] CPU: 1 PID: 11195 Comm: syz-executor.1 Not tainted 5.5.0-rc1-syzkaller #0 [ 414.745491][T11195] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 414.755547][T11195] Call Trace: [ 414.758866][T11195] dump_stack+0x11d/0x181 [ 414.763300][T11195] dump_header+0xaa/0x39c [ 414.767673][T11195] oom_kill_process.cold+0x10/0x15 [ 414.772807][T11195] out_of_memory+0x231/0xa60 [ 414.777477][T11195] ? __rcu_read_unlock+0x66/0x3d0 10:20:31 executing program 4: [ 414.782610][T11195] mem_cgroup_out_of_memory+0x128/0x150 [ 414.788216][T11195] try_charge+0xb6c/0xbf0 [ 414.792570][T11195] ? rcu_note_context_switch+0x720/0x760 [ 414.798585][T11195] mem_cgroup_try_charge+0xd2/0x260 [ 414.804136][T11195] mem_cgroup_try_charge_delay+0x3a/0x80 [ 414.809899][T11195] __handle_mm_fault+0x197f/0x2e00 [ 414.815344][T11195] handle_mm_fault+0x21b/0x530 [ 414.820157][T11195] __get_user_pages+0x485/0x1130 [ 414.825144][T11195] populate_vma_page_range+0xe6/0x100 [ 414.830617][T11195] __mm_populate+0x168/0x2a0 [ 414.835270][T11195] __x64_sys_mlockall+0x2e3/0x320 [ 414.840418][T11195] do_syscall_64+0xcc/0x3a0 [ 414.845005][T11195] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 414.850904][T11195] RIP: 0033:0x45b349 [ 414.854833][T11195] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 414.875043][T11195] RSP: 002b:00007f8c5b479c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 10:20:31 executing program 3: [ 414.883461][T11195] RAX: ffffffffffffffda RBX: 00007f8c5b47a6d4 RCX: 000000000045b349 [ 414.891604][T11195] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 414.899805][T11195] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 414.907953][T11195] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 414.915929][T11195] R13: 0000000000000711 R14: 00000000004c8888 R15: 000000000075bf2c 10:20:31 executing program 0: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=@ipv4_newroute={0x1c, 0x18, 0x331, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff, 0x2}}, 0x1c}}, 0x0) writev(r1, &(0x7f0000000200)=[{&(0x7f00000000c0)="580000001400ad", 0x7}], 0x1) write$binfmt_elf64(r1, &(0x7f00000003c0)=ANY=[@ANYBLOB="edbf259659a927b189017950e3bc25e604851088077877f8f376519576f04f73e3d394a55ec727ff9847524ca3d7b4af1a6e4a80c4807c54283808838692df5950052ddbfb76642184e7529d543580d7fa4e29f837adcba637654384a6216ef0922dc9f2caf2f36534e331f3ee4444533fa8b127d7d299d1507bcbd2d1c9e2ec468e7c8c5602c5a4a41867e9db8bc01b1d20b12be472f2f78b417cc72628c16cd11cebe63d12f702a739e3ff0839bb2c683cf3b052e706ac939dc8ad8682ce33398cdfaace9d346d6b4bde38400285fdecf49496a65928537f2ffe986690243df5dc326c36504ad61ce40d5867ce789e35d8d61a4c51a6abe01d481c46ea0cb80f95657c9c6179c9e43e088e38e57dae59bbb4a15441f9924340ae45042d715946d691f025228827a2432c72bf6484d466b1452a157718a6cd2323d33de4d5c4d0e34c7baacc951f665ae62e743d0d9ed572414c8d2a8c2a52c273349d57730cc0b7da7a5ed7a476d8fdb73f5073eefdb7e76700295eb5875d0356c16041"], 0xa) close(r2) socket(0x10, 0x3, 0x0) writev(r1, &(0x7f0000000600)=[{&(0x7f0000000380)="f98ac693ce6908", 0x7}], 0x1) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000140)=ANY=[], 0xfef0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) splice(r0, 0x0, r2, 0x0, 0x80000001, 0x0) [ 414.942492][T11195] memory: usage 307200kB, limit 307200kB, failcnt 3321 [ 414.950344][T11195] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 415.025419][T11195] Memory cgroup stats for /syz1: [ 415.025671][T11195] anon 306974720 [ 415.025671][T11195] file 0 [ 415.025671][T11195] kernel_stack 294912 [ 415.025671][T11195] slab 3629056 [ 415.025671][T11195] sock 0 [ 415.025671][T11195] shmem 0 [ 415.025671][T11195] file_mapped 0 [ 415.025671][T11195] file_dirty 0 [ 415.025671][T11195] file_writeback 0 [ 415.025671][T11195] anon_thp 249561088 [ 415.025671][T11195] inactive_anon 208113664 [ 415.025671][T11195] active_anon 118784 [ 415.025671][T11195] inactive_file 0 10:20:31 executing program 3: [ 415.025671][T11195] active_file 0 [ 415.025671][T11195] unevictable 99004416 [ 415.025671][T11195] slab_reclaimable 675840 [ 415.025671][T11195] slab_unreclaimable 2953216 [ 415.025671][T11195] pgfault 116952 [ 415.025671][T11195] pgmajfault 0 [ 415.025671][T11195] workingset_refault 0 [ 415.025671][T11195] workingset_activate 0 [ 415.025671][T11195] workingset_nodereclaim 0 [ 415.025671][T11195] pgrefill 232 [ 415.025671][T11195] pgscan 231 [ 415.025671][T11195] pgsteal 33 [ 415.025671][T11195] pgactivate 165 [ 415.146020][T11195] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=11184,uid=0 [ 415.164763][T11195] Memory cgroup out of memory: Killed process 11184 (syz-executor.1) total-vm:72716kB, anon-rss:18332kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:151552kB oom_score_adj:1000 [ 415.707731][T11228] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 415.718153][T11228] CPU: 0 PID: 11228 Comm: syz-executor.1 Not tainted 5.5.0-rc1-syzkaller #0 [ 415.726866][T11228] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 415.737442][T11228] Call Trace: [ 415.740798][T11228] dump_stack+0x11d/0x181 [ 415.745228][T11228] dump_header+0xaa/0x39c [ 415.749585][T11228] oom_kill_process.cold+0x10/0x15 [ 415.754764][T11228] out_of_memory+0x231/0xa60 [ 415.759341][T11228] ? __rcu_read_unlock+0x66/0x3d0 [ 415.764422][T11228] mem_cgroup_out_of_memory+0x128/0x150 [ 415.770032][T11228] try_charge+0xb6c/0xbf0 [ 415.774449][T11228] ? rcu_note_context_switch+0x720/0x760 [ 415.780143][T11228] mem_cgroup_try_charge+0xd2/0x260 [ 415.785347][T11228] mem_cgroup_try_charge_delay+0x3a/0x80 [ 415.790965][T11228] wp_page_copy+0x322/0x1040 [ 415.795888][T11228] ? reuse_swap_page+0x6b/0x4d0 [ 415.801051][T11228] ? __read_once_size+0x41/0xe0 [ 415.805897][T11228] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 415.811853][T11228] do_wp_page+0x192/0xeb0 [ 415.816263][T11228] ? pagevec_lru_move_fn+0x16b/0x180 [ 415.821549][T11228] __handle_mm_fault+0x1d16/0x2e00 [ 415.826742][T11228] handle_mm_fault+0x21b/0x530 [ 415.831518][T11228] __get_user_pages+0x485/0x1130 [ 415.836457][T11228] populate_vma_page_range+0xe6/0x100 [ 415.841835][T11228] __mm_populate+0x168/0x2a0 [ 415.846434][T11228] __x64_sys_mlockall+0x2e3/0x320 [ 415.851517][T11228] do_syscall_64+0xcc/0x3a0 [ 415.856028][T11228] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 415.861903][T11228] RIP: 0033:0x45b349 [ 415.865785][T11228] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 415.885610][T11228] RSP: 002b:00007f8c5b458c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 415.894086][T11228] RAX: ffffffffffffffda RBX: 00007f8c5b4596d4 RCX: 000000000045b349 [ 415.902321][T11228] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 415.910449][T11228] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 415.918409][T11228] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 415.926491][T11228] R13: 0000000000000711 R14: 00000000004c8888 R15: 000000000075bfd4 [ 415.935601][T11228] memory: usage 307200kB, limit 307200kB, failcnt 3379 [ 415.942609][T11228] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 415.949532][T11228] Memory cgroup stats for /syz1: [ 415.950218][T11228] anon 306950144 [ 415.950218][T11228] file 0 [ 415.950218][T11228] kernel_stack 294912 [ 415.950218][T11228] slab 3629056 [ 415.950218][T11228] sock 0 [ 415.950218][T11228] shmem 0 [ 415.950218][T11228] file_mapped 0 [ 415.950218][T11228] file_dirty 0 [ 415.950218][T11228] file_writeback 0 [ 415.950218][T11228] anon_thp 249561088 [ 415.950218][T11228] inactive_anon 195940352 [ 415.950218][T11228] active_anon 118784 [ 415.950218][T11228] inactive_file 0 [ 415.950218][T11228] active_file 0 [ 415.950218][T11228] unevictable 111046656 [ 415.950218][T11228] slab_reclaimable 675840 [ 415.950218][T11228] slab_unreclaimable 2953216 [ 415.950218][T11228] pgfault 118206 [ 415.950218][T11228] pgmajfault 0 [ 415.950218][T11228] workingset_refault 0 [ 415.950218][T11228] workingset_activate 0 [ 415.950218][T11228] workingset_nodereclaim 0 [ 415.950218][T11228] pgrefill 232 [ 415.950218][T11228] pgscan 231 [ 415.950218][T11228] pgsteal 33 [ 415.950218][T11228] pgactivate 165 [ 416.047700][T11228] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=11193,uid=0 [ 416.063566][T11228] Memory cgroup out of memory: Killed process 11193 (syz-executor.1) total-vm:72716kB, anon-rss:18248kB, file-rss:54368kB, shmem-rss:0kB, UID:0 pgtables:192512kB oom_score_adj:1000 [ 416.086046][ T1066] oom_reaper: reaped process 11193 (syz-executor.1), now anon-rss:18332kB, file-rss:54364kB, shmem-rss:0kB 10:20:32 executing program 5: 10:20:32 executing program 4: 10:20:32 executing program 3: 10:20:32 executing program 0: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=@ipv4_newroute={0x1c, 0x18, 0x331, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff, 0x2}}, 0x1c}}, 0x0) writev(r1, &(0x7f0000000200)=[{&(0x7f00000000c0)="580000001400ad", 0x7}], 0x1) write$binfmt_elf64(r1, &(0x7f00000003c0)=ANY=[@ANYBLOB="edbf259659a927b189017950e3bc25e604851088077877f8f376519576f04f73e3d394a55ec727ff9847524ca3d7b4af1a6e4a80c4807c54283808838692df5950052ddbfb76642184e7529d543580d7fa4e29f837adcba637654384a6216ef0922dc9f2caf2f36534e331f3ee4444533fa8b127d7d299d1507bcbd2d1c9e2ec468e7c8c5602c5a4a41867e9db8bc01b1d20b12be472f2f78b417cc72628c16cd11cebe63d12f702a739e3ff0839bb2c683cf3b052e706ac939dc8ad8682ce33398cdfaace9d346d6b4bde38400285fdecf49496a65928537f2ffe986690243df5dc326c36504ad61ce40d5867ce789e35d8d61a4c51a6abe01d481c46ea0cb80f95657c9c6179c9e43e088e38e57dae59bbb4a15441f9924340ae45042d715946d691f025228827a2432c72bf6484d466b1452a157718a6cd2323d33de4d5c4d0e34c7baacc951f665ae62e743d0d9ed572414c8d2a8c2a52c273349d57730cc0b7da7a5ed7a476d8fdb73f5073eefdb7e76700295eb5875d0356c16041"], 0xa) close(r2) socket(0x10, 0x3, 0x0) writev(r1, &(0x7f0000000600)=[{&(0x7f0000000380)="f98ac693ce6908", 0x7}], 0x1) write$binfmt_misc(r1, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) splice(r0, 0x0, r2, 0x0, 0x80000001, 0x0) 10:20:32 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) sched_setattr(0x0, 0x0, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) syz_open_dev$audion(&(0x7f0000000240)='/dev/audio#\x00', 0x9, 0x200840) dup(r1) ioctl$RTC_VL_READ(r1, 0x80047013, &(0x7f00000000c0)) exit(0x7) write$binfmt_script(0xffffffffffffffff, &(0x7f00000003c0)={'#! ', './file0', [{0x20, '/dev/kvm\x00'}, {}, {}, {0x20, 'proc'}], 0xa, "df7c00e09c916729334fbe57a726284a85ae23e7eb165a0922b020a14afa53fc919ed5b5820a609af38acfc21c2cacee2f808e60eafcd3ec51fdb7f62ca135bbf86f9c1bbf9c23db4038c329b0e8d63563439cf1b94606299a6c503abe926decd68a7e671c7dfcc4125e9888fbc8ce452b52"}, 0x8e) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) r2 = syz_open_dev$amidi(&(0x7f0000000280)='/dev/amidi#\x00', 0xaf, 0x428240) ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(r2, 0xc080661a, &(0x7f00000002c0)={{0x2, 0x0, @identifier="8cff7fc81ac6de7927c1c322084eaabd"}}) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) r3 = syz_open_procfs(0x0, &(0x7f0000000180)='net/softnet_stat\x00') close(r3) ioctl$BINDER_GET_NODE_INFO_FOR_REF(0xffffffffffffffff, 0xc018620c, &(0x7f0000000180)={0x2}) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) dup(r4) open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, &(0x7f0000000100)={{0x7f, 0x3, 0x7, 0xa59e}, 'syz0\x00', 0x37}) 10:20:32 executing program 2: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0)='NLBL_CIPSOv4\x00') socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000300)) sendmsg$NLBL_CIPSOV4_C_REMOVE(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000240), 0xc, 0x0, 0x1, 0x0, 0x0, 0x40004}, 0x0) sendmsg$NLBL_CIPSOV4_C_LIST(0xffffffffffffffff, &(0x7f00000006c0)={&(0x7f0000000340), 0xc, 0x0}, 0x0) dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ioctl$DRM_IOCTL_WAIT_VBLANK(0xffffffffffffffff, 0xc018643a, &(0x7f0000000440)={0x0, 0x7, 0x36}) setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000480)={0x0, @rand_addr, @local}, 0xc) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000001940)='/dev/qat_adf_ctl\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYRES16=0x0], 0x1}}, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r3, 0xae80, 0x0) 10:20:32 executing program 0: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=@ipv4_newroute={0x1c, 0x18, 0x331, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff, 0x2}}, 0x1c}}, 0x0) writev(r1, &(0x7f0000000200)=[{&(0x7f00000000c0)="580000001400ad", 0x7}], 0x1) write$binfmt_elf64(r1, &(0x7f00000003c0)=ANY=[@ANYBLOB="edbf259659a927b189017950e3bc25e604851088077877f8f376519576f04f73e3d394a55ec727ff9847524ca3d7b4af1a6e4a80c4807c54283808838692df5950052ddbfb76642184e7529d543580d7fa4e29f837adcba637654384a6216ef0922dc9f2caf2f36534e331f3ee4444533fa8b127d7d299d1507bcbd2d1c9e2ec468e7c8c5602c5a4a41867e9db8bc01b1d20b12be472f2f78b417cc72628c16cd11cebe63d12f702a739e3ff0839bb2c683cf3b052e706ac939dc8ad8682ce33398cdfaace9d346d6b4bde38400285fdecf49496a65928537f2ffe986690243df5dc326c36504ad61ce40d5867ce789e35d8d61a4c51a6abe01d481c46ea0cb80f95657c9c6179c9e43e088e38e57dae59bbb4a15441f9924340ae45042d715946d691f025228827a2432c72bf6484d466b1452a157718a6cd2323d33de4d5c4d0e34c7baacc951f665ae62e743d0d9ed572414c8d2a8c2a52c273349d57730cc0b7da7a5ed7a476d8fdb73f5073eefdb7e76700295eb5875d0356c16041"], 0xa) close(r2) socket(0x10, 0x3, 0x0) writev(r1, &(0x7f0000000600)=[{&(0x7f0000000380)="f98ac693ce6908", 0x7}], 0x1) write$binfmt_misc(r1, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) splice(r0, 0x0, r2, 0x0, 0x80000001, 0x0) 10:20:32 executing program 5: 10:20:32 executing program 3: 10:20:32 executing program 4: [ 416.489983][T11237] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 416.559732][T11237] CPU: 0 PID: 11237 Comm: syz-executor.1 Not tainted 5.5.0-rc1-syzkaller #0 [ 416.568452][T11237] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 416.578516][T11237] Call Trace: [ 416.581817][T11237] dump_stack+0x11d/0x181 [ 416.586172][T11237] dump_header+0xaa/0x39c [ 416.590533][T11237] oom_kill_process.cold+0x10/0x15 [ 416.595710][T11237] out_of_memory+0x231/0xa60 [ 416.600487][T11237] ? __rcu_read_unlock+0x66/0x3d0 10:20:33 executing program 4: 10:20:33 executing program 5: 10:20:33 executing program 3: [ 416.605816][T11237] mem_cgroup_out_of_memory+0x128/0x150 [ 416.611657][T11237] try_charge+0xb6c/0xbf0 [ 416.617533][T11237] ? rcu_note_context_switch+0x720/0x760 [ 416.623271][T11237] mem_cgroup_try_charge+0xd2/0x260 [ 416.628579][T11237] mem_cgroup_try_charge_delay+0x3a/0x80 [ 416.634270][T11237] __handle_mm_fault+0x197f/0x2e00 [ 416.639417][T11237] handle_mm_fault+0x21b/0x530 [ 416.644555][T11237] __get_user_pages+0x485/0x1130 [ 416.649519][T11237] populate_vma_page_range+0xe6/0x100 [ 416.654913][T11237] __mm_populate+0x168/0x2a0 [ 416.659563][T11237] __x64_sys_mlockall+0x2e3/0x320 [ 416.664640][T11237] do_syscall_64+0xcc/0x3a0 [ 416.669176][T11237] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 416.675081][T11237] RIP: 0033:0x45b349 [ 416.679004][T11237] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 416.698625][T11237] RSP: 002b:00007f8c5b479c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 10:20:33 executing program 0: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=@ipv4_newroute={0x1c, 0x18, 0x331, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff, 0x2}}, 0x1c}}, 0x0) writev(r1, &(0x7f0000000200)=[{&(0x7f00000000c0)="580000001400ad", 0x7}], 0x1) write$binfmt_elf64(r1, &(0x7f00000003c0)=ANY=[@ANYBLOB="edbf259659a927b189017950e3bc25e604851088077877f8f376519576f04f73e3d394a55ec727ff9847524ca3d7b4af1a6e4a80c4807c54283808838692df5950052ddbfb76642184e7529d543580d7fa4e29f837adcba637654384a6216ef0922dc9f2caf2f36534e331f3ee4444533fa8b127d7d299d1507bcbd2d1c9e2ec468e7c8c5602c5a4a41867e9db8bc01b1d20b12be472f2f78b417cc72628c16cd11cebe63d12f702a739e3ff0839bb2c683cf3b052e706ac939dc8ad8682ce33398cdfaace9d346d6b4bde38400285fdecf49496a65928537f2ffe986690243df5dc326c36504ad61ce40d5867ce789e35d8d61a4c51a6abe01d481c46ea0cb80f95657c9c6179c9e43e088e38e57dae59bbb4a15441f9924340ae45042d715946d691f025228827a2432c72bf6484d466b1452a157718a6cd2323d33de4d5c4d0e34c7baacc951f665ae62e743d0d9ed572414c8d2a8c2a52c273349d57730cc0b7da7a5ed7a476d8fdb73f5073eefdb7e76700295eb5875d0356c16041"], 0xa) close(r2) socket(0x10, 0x3, 0x0) writev(r1, &(0x7f0000000600)=[{&(0x7f0000000380)="f98ac693ce6908", 0x7}], 0x1) write$binfmt_misc(r1, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) splice(r0, 0x0, r2, 0x0, 0x80000001, 0x0) [ 416.707148][T11237] RAX: ffffffffffffffda RBX: 00007f8c5b47a6d4 RCX: 000000000045b349 [ 416.715195][T11237] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 416.723197][T11237] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 416.731187][T11237] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 416.739172][T11237] R13: 0000000000000711 R14: 00000000004c8888 R15: 000000000075bf2c 10:20:33 executing program 2: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0)='NLBL_CIPSOv4\x00') socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000300)) sendmsg$NLBL_CIPSOV4_C_REMOVE(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000240), 0xc, 0x0, 0x1, 0x0, 0x0, 0x40004}, 0x0) sendmsg$NLBL_CIPSOV4_C_LIST(0xffffffffffffffff, &(0x7f00000006c0)={&(0x7f0000000340), 0xc, 0x0}, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x0) ioctl$DRM_IOCTL_WAIT_VBLANK(0xffffffffffffffff, 0xc018643a, &(0x7f0000000440)={0x0, 0x7, 0x36}) setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000480)={0x0, @rand_addr, @local}, 0xc) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000001940)='/dev/qat_adf_ctl\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYRES16=0x0], 0x1}}, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$KVM_NMI(r4, 0xae9a) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r4, 0xae80, 0x0) 10:20:33 executing program 5: [ 416.832523][T11237] memory: usage 307200kB, limit 307200kB, failcnt 3419 [ 416.839554][T11237] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 416.902474][T11237] Memory cgroup stats for /syz1: [ 416.902639][T11237] anon 306954240 [ 416.902639][T11237] file 0 [ 416.902639][T11237] kernel_stack 331776 [ 416.902639][T11237] slab 3629056 [ 416.902639][T11237] sock 0 [ 416.902639][T11237] shmem 0 [ 416.902639][T11237] file_mapped 0 [ 416.902639][T11237] file_dirty 0 [ 416.902639][T11237] file_writeback 0 [ 416.902639][T11237] anon_thp 249561088 [ 416.902639][T11237] inactive_anon 208150528 [ 416.902639][T11237] active_anon 118784 [ 416.902639][T11237] inactive_file 0 [ 416.902639][T11237] active_file 0 [ 416.902639][T11237] unevictable 98873344 [ 416.902639][T11237] slab_reclaimable 675840 [ 416.902639][T11237] slab_unreclaimable 2953216 [ 416.902639][T11237] pgfault 118899 [ 416.902639][T11237] pgmajfault 0 [ 416.902639][T11237] workingset_refault 0 [ 416.902639][T11237] workingset_activate 0 [ 416.902639][T11237] workingset_nodereclaim 0 [ 416.902639][T11237] pgrefill 232 [ 416.902639][T11237] pgscan 231 [ 416.902639][T11237] pgsteal 33 [ 416.902639][T11237] pgactivate 165 [ 417.006805][T11237] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=11229,uid=0 [ 417.027574][T11237] Memory cgroup out of memory: Killed process 11229 (syz-executor.1) total-vm:72716kB, anon-rss:18332kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:151552kB oom_score_adj:1000 [ 417.074746][ T1066] oom_reaper: reaped process 11229 (syz-executor.1), now anon-rss:0kB, file-rss:34688kB, shmem-rss:0kB 10:20:34 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) sched_setattr(0x0, 0x0, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000200)='/dev/snapshot\x00', 0x288000, 0x0) syz_open_dev$audion(&(0x7f0000000240)='/dev/audio#\x00', 0x9, 0x200840) dup(0xffffffffffffffff) ioctl$RTC_VL_READ(0xffffffffffffffff, 0x80047013, &(0x7f00000000c0)) exit(0x7) write$binfmt_script(0xffffffffffffffff, &(0x7f00000003c0)={'#! ', './file0', [{0x20, '/dev/kvm\x00'}, {}, {}, {0x20, 'proc'}], 0xa, "df7c00e09c916729334fbe57a726284a85ae23e7eb165a0922b020a14afa53fc919ed5b5820a609af38acfc21c2cacee2f808e60eafcd3ec51fdb7f62ca135bbf86f9c1bbf9c23db4038c329b0e8d63563439cf1b94606299a6c503abe926decd68a7e671c7dfcc4125e9888fbc8ce452b52"}, 0x8e) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) r1 = syz_open_dev$amidi(&(0x7f0000000280)='/dev/amidi#\x00', 0xaf, 0x428240) ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(r1, 0xc080661a, &(0x7f00000002c0)={{0x2, 0x0, @identifier="8cff7fc81ac6de7927c1c322084eaabd"}}) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) r2 = syz_open_procfs(0x0, &(0x7f0000000180)='net/softnet_stat\x00') close(r2) ioctl$BINDER_GET_NODE_INFO_FOR_REF(0xffffffffffffffff, 0xc018620c, &(0x7f0000000180)={0x2}) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) dup(r3) open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, &(0x7f0000000100)={{0x7f, 0x3, 0x7, 0xa59e}, 'syz0\x00', 0x37}) 10:20:34 executing program 4: 10:20:34 executing program 3: 10:20:34 executing program 5: 10:20:34 executing program 0: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=@ipv4_newroute={0x1c, 0x18, 0x331, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff, 0x2}}, 0x1c}}, 0x0) writev(r1, &(0x7f0000000200)=[{&(0x7f00000000c0)="580000001400ad", 0x7}], 0x1) write$binfmt_elf64(r1, &(0x7f00000003c0)=ANY=[@ANYBLOB="edbf259659a927b189017950e3bc25e604851088077877f8f376519576f04f73e3d394a55ec727ff9847524ca3d7b4af1a6e4a80c4807c54283808838692df5950052ddbfb76642184e7529d543580d7fa4e29f837adcba637654384a6216ef0922dc9f2caf2f36534e331f3ee4444533fa8b127d7d299d1507bcbd2d1c9e2ec468e7c8c5602c5a4a41867e9db8bc01b1d20b12be472f2f78b417cc72628c16cd11cebe63d12f702a739e3ff0839bb2c683cf3b052e706ac939dc8ad8682ce33398cdfaace9d346d6b4bde38400285fdecf49496a65928537f2ffe986690243df5dc326c36504ad61ce40d5867ce789e35d8d61a4c51a6abe01d481c46ea0cb80f95657c9c6179c9e43e088e38e57dae59bbb4a15441f9924340ae45042d715946d691f025228827a2432c72bf6484d466b1452a157718a6cd2323d33de4d5c4d0e34c7baacc951f665ae62e743d0d9ed572414c8d2a8c2a52c273349d57730cc0b7da7a5ed7a476d8fdb73f5073eefdb7e76700295eb5875d0356c16041"], 0xa) close(r2) socket(0x10, 0x3, 0x0) writev(r1, &(0x7f0000000600)=[{&(0x7f0000000380)="f98ac693ce6908", 0x7}], 0x1) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0xfef0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(0xffffffffffffffff, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) splice(r0, 0x0, r2, 0x0, 0x80000001, 0x0) 10:20:34 executing program 2: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0)='NLBL_CIPSOv4\x00') socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000300)) sendmsg$NLBL_CIPSOV4_C_REMOVE(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000240), 0xc, 0x0, 0x1, 0x0, 0x0, 0x40004}, 0x0) sendmsg$NLBL_CIPSOV4_C_LIST(0xffffffffffffffff, &(0x7f00000006c0)={&(0x7f0000000340), 0xc, 0x0}, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x0) ioctl$DRM_IOCTL_WAIT_VBLANK(0xffffffffffffffff, 0xc018643a, &(0x7f0000000440)={0x0, 0x7, 0x36}) setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000480)={0x0, @rand_addr, @local}, 0xc) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000001940)='/dev/qat_adf_ctl\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYRES16=0x0], 0x1}}, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$KVM_NMI(r4, 0xae9a) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r4, 0xae80, 0x0) 10:20:34 executing program 5: 10:20:34 executing program 4: 10:20:34 executing program 3: 10:20:34 executing program 0: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=@ipv4_newroute={0x1c, 0x18, 0x331, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff, 0x2}}, 0x1c}}, 0x0) writev(r1, &(0x7f0000000200)=[{&(0x7f00000000c0)="580000001400ad", 0x7}], 0x1) write$binfmt_elf64(r1, &(0x7f00000003c0)=ANY=[@ANYBLOB="edbf259659a927b189017950e3bc25e604851088077877f8f376519576f04f73e3d394a55ec727ff9847524ca3d7b4af1a6e4a80c4807c54283808838692df5950052ddbfb76642184e7529d543580d7fa4e29f837adcba637654384a6216ef0922dc9f2caf2f36534e331f3ee4444533fa8b127d7d299d1507bcbd2d1c9e2ec468e7c8c5602c5a4a41867e9db8bc01b1d20b12be472f2f78b417cc72628c16cd11cebe63d12f702a739e3ff0839bb2c683cf3b052e706ac939dc8ad8682ce33398cdfaace9d346d6b4bde38400285fdecf49496a65928537f2ffe986690243df5dc326c36504ad61ce40d5867ce789e35d8d61a4c51a6abe01d481c46ea0cb80f95657c9c6179c9e43e088e38e57dae59bbb4a15441f9924340ae45042d715946d691f025228827a2432c72bf6484d466b1452a157718a6cd2323d33de4d5c4d0e34c7baacc951f665ae62e743d0d9ed572414c8d2a8c2a52c273349d57730cc0b7da7a5ed7a476d8fdb73f5073eefdb7e76700295eb5875d0356c16041"], 0xa) close(r2) socket(0x10, 0x3, 0x0) writev(r1, &(0x7f0000000600)=[{&(0x7f0000000380)="f98ac693ce6908", 0x7}], 0x1) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0xfef0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(0xffffffffffffffff, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) splice(r0, 0x0, r2, 0x0, 0x80000001, 0x0) 10:20:34 executing program 5: [ 417.994853][T11285] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 10:20:34 executing program 2: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0)='NLBL_CIPSOv4\x00') socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000300)) sendmsg$NLBL_CIPSOV4_C_REMOVE(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000240), 0xc, 0x0, 0x1, 0x0, 0x0, 0x40004}, 0x0) sendmsg$NLBL_CIPSOV4_C_LIST(0xffffffffffffffff, &(0x7f00000006c0)={&(0x7f0000000340), 0xc, 0x0}, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x0) ioctl$DRM_IOCTL_WAIT_VBLANK(0xffffffffffffffff, 0xc018643a, &(0x7f0000000440)={0x0, 0x7, 0x36}) setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000480)={0x0, @rand_addr, @local}, 0xc) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000001940)='/dev/qat_adf_ctl\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYRES16=0x0], 0x1}}, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$KVM_NMI(r4, 0xae9a) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r4, 0xae80, 0x0) [ 418.105975][T11285] CPU: 1 PID: 11285 Comm: syz-executor.1 Not tainted 5.5.0-rc1-syzkaller #0 [ 418.114698][T11285] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 418.124832][T11285] Call Trace: [ 418.128130][T11285] dump_stack+0x11d/0x181 [ 418.132494][T11285] dump_header+0xaa/0x39c [ 418.136874][T11285] oom_kill_process.cold+0x10/0x15 [ 418.142018][T11285] out_of_memory+0x231/0xa60 [ 418.146797][T11285] ? __rcu_read_unlock+0x66/0x3d0 [ 418.151937][T11285] mem_cgroup_out_of_memory+0x128/0x150 [ 418.157667][T11285] try_charge+0xb6c/0xbf0 [ 418.162143][T11285] ? rcu_note_context_switch+0x720/0x760 [ 418.167898][T11285] mem_cgroup_try_charge+0xd2/0x260 [ 418.173153][T11285] mem_cgroup_try_charge_delay+0x3a/0x80 [ 418.178948][T11285] __handle_mm_fault+0x197f/0x2e00 [ 418.184092][T11285] handle_mm_fault+0x21b/0x530 [ 418.188862][T11285] __get_user_pages+0x485/0x1130 [ 418.193830][T11285] populate_vma_page_range+0xe6/0x100 [ 418.199272][T11285] __mm_populate+0x168/0x2a0 [ 418.203890][T11285] __x64_sys_mlockall+0x2e3/0x320 [ 418.208961][T11285] do_syscall_64+0xcc/0x3a0 [ 418.213490][T11285] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 418.219387][T11285] RIP: 0033:0x45b349 [ 418.223298][T11285] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 418.242909][T11285] RSP: 002b:00007f8c5b479c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 418.251499][T11285] RAX: ffffffffffffffda RBX: 00007f8c5b47a6d4 RCX: 000000000045b349 [ 418.259505][T11285] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 418.267525][T11285] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 418.275504][T11285] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 418.283482][T11285] R13: 0000000000000711 R14: 00000000004c8888 R15: 000000000075bf2c [ 418.326926][T11285] memory: usage 307200kB, limit 307200kB, failcnt 3519 [ 418.334216][T11285] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 418.341165][T11285] Memory cgroup stats for /syz1: [ 418.341434][T11285] anon 306954240 [ 418.341434][T11285] file 0 [ 418.341434][T11285] kernel_stack 294912 [ 418.341434][T11285] slab 3629056 [ 418.341434][T11285] sock 0 [ 418.341434][T11285] shmem 0 [ 418.341434][T11285] file_mapped 0 [ 418.341434][T11285] file_dirty 0 [ 418.341434][T11285] file_writeback 0 [ 418.341434][T11285] anon_thp 249561088 [ 418.341434][T11285] inactive_anon 208060416 [ 418.341434][T11285] active_anon 90112 [ 418.341434][T11285] inactive_file 0 [ 418.341434][T11285] active_file 0 [ 418.341434][T11285] unevictable 99000320 [ 418.341434][T11285] slab_reclaimable 675840 [ 418.341434][T11285] slab_unreclaimable 2953216 [ 418.341434][T11285] pgfault 120912 [ 418.341434][T11285] pgmajfault 0 [ 418.341434][T11285] workingset_refault 0 [ 418.341434][T11285] workingset_activate 0 [ 418.341434][T11285] workingset_nodereclaim 0 [ 418.341434][T11285] pgrefill 232 [ 418.341434][T11285] pgscan 231 [ 418.341434][T11285] pgsteal 33 [ 418.341434][T11285] pgactivate 165 [ 418.439759][T11285] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=11271,uid=0 [ 418.455328][T11285] Memory cgroup out of memory: Killed process 11271 (syz-executor.1) total-vm:72716kB, anon-rss:18328kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:151552kB oom_score_adj:1000 [ 418.490607][ T1066] oom_reaper: reaped process 11271 (syz-executor.1), now anon-rss:0kB, file-rss:34688kB, shmem-rss:0kB [ 418.909686][T11306] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 418.920013][T11306] CPU: 1 PID: 11306 Comm: syz-executor.1 Not tainted 5.5.0-rc1-syzkaller #0 [ 418.929384][T11306] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 418.939525][T11306] Call Trace: [ 418.942812][T11306] dump_stack+0x11d/0x181 [ 418.947211][T11306] dump_header+0xaa/0x39c [ 418.951628][T11306] oom_kill_process.cold+0x10/0x15 [ 418.956779][T11306] out_of_memory+0x231/0xa60 [ 418.961375][T11306] ? __rcu_read_unlock+0x66/0x3d0 [ 418.966501][T11306] mem_cgroup_out_of_memory+0x128/0x150 [ 418.972043][T11306] try_charge+0xb6c/0xbf0 [ 418.976481][T11306] ? rcu_note_context_switch+0x720/0x760 [ 418.982112][T11306] mem_cgroup_try_charge+0xd2/0x260 [ 418.987450][T11306] mem_cgroup_try_charge_delay+0x3a/0x80 [ 418.993140][T11306] wp_page_copy+0x322/0x1040 [ 418.997807][T11306] ? __read_once_size+0x41/0xe0 [ 419.002693][T11306] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 419.008581][T11306] do_wp_page+0x192/0xeb0 [ 419.012958][T11306] __handle_mm_fault+0x1d16/0x2e00 [ 419.018078][T11306] handle_mm_fault+0x21b/0x530 [ 419.022845][T11306] __get_user_pages+0x485/0x1130 [ 419.027992][T11306] populate_vma_page_range+0xe6/0x100 [ 419.033352][T11306] __mm_populate+0x168/0x2a0 [ 419.037958][T11306] __x64_sys_mlockall+0x2e3/0x320 [ 419.043019][T11306] do_syscall_64+0xcc/0x3a0 [ 419.047616][T11306] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 419.053529][T11306] RIP: 0033:0x45b349 [ 419.057464][T11306] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 419.077309][T11306] RSP: 002b:00007f8c5b458c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 419.085751][T11306] RAX: ffffffffffffffda RBX: 00007f8c5b4596d4 RCX: 000000000045b349 [ 419.093793][T11306] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 419.101764][T11306] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 419.109752][T11306] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 419.117717][T11306] R13: 0000000000000711 R14: 00000000004c8888 R15: 000000000075bfd4 [ 419.127311][T11306] memory: usage 307200kB, limit 307200kB, failcnt 3576 [ 419.134493][T11306] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 419.141388][T11306] Memory cgroup stats for /syz1: [ 419.142181][T11306] anon 306827264 [ 419.142181][T11306] file 0 [ 419.142181][T11306] kernel_stack 294912 [ 419.142181][T11306] slab 3629056 [ 419.142181][T11306] sock 0 [ 419.142181][T11306] shmem 0 [ 419.142181][T11306] file_mapped 0 [ 419.142181][T11306] file_dirty 0 [ 419.142181][T11306] file_writeback 0 [ 419.142181][T11306] anon_thp 249561088 [ 419.142181][T11306] inactive_anon 195915776 [ 419.142181][T11306] active_anon 90112 [ 419.142181][T11306] inactive_file 0 [ 419.142181][T11306] active_file 0 [ 419.142181][T11306] unevictable 111038464 [ 419.142181][T11306] slab_reclaimable 675840 [ 419.142181][T11306] slab_unreclaimable 2953216 [ 419.142181][T11306] pgfault 122166 [ 419.142181][T11306] pgmajfault 0 [ 419.142181][T11306] workingset_refault 0 [ 419.142181][T11306] workingset_activate 0 [ 419.142181][T11306] workingset_nodereclaim 0 [ 419.142181][T11306] pgrefill 232 [ 419.142181][T11306] pgscan 231 [ 419.142181][T11306] pgsteal 33 [ 419.142181][T11306] pgactivate 165 [ 419.239905][T11306] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=11282,uid=0 [ 419.256323][T11306] Memory cgroup out of memory: Killed process 11282 (syz-executor.1) total-vm:72716kB, anon-rss:18332kB, file-rss:54368kB, shmem-rss:0kB, UID:0 pgtables:192512kB oom_score_adj:1000 [ 419.276066][ T1066] oom_reaper: reaped process 11282 (syz-executor.1), now anon-rss:18332kB, file-rss:54364kB, shmem-rss:0kB 10:20:36 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) sched_setattr(0x0, 0x0, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000200)='/dev/snapshot\x00', 0x288000, 0x0) syz_open_dev$audion(&(0x7f0000000240)='/dev/audio#\x00', 0x9, 0x200840) dup(0xffffffffffffffff) ioctl$RTC_VL_READ(0xffffffffffffffff, 0x80047013, &(0x7f00000000c0)) exit(0x7) write$binfmt_script(0xffffffffffffffff, &(0x7f00000003c0)={'#! ', './file0', [{0x20, '/dev/kvm\x00'}, {}, {}, {0x20, 'proc'}], 0xa, "df7c00e09c916729334fbe57a726284a85ae23e7eb165a0922b020a14afa53fc919ed5b5820a609af38acfc21c2cacee2f808e60eafcd3ec51fdb7f62ca135bbf86f9c1bbf9c23db4038c329b0e8d63563439cf1b94606299a6c503abe926decd68a7e671c7dfcc4125e9888fbc8ce452b52"}, 0x8e) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) r1 = syz_open_dev$amidi(&(0x7f0000000280)='/dev/amidi#\x00', 0xaf, 0x428240) ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(r1, 0xc080661a, &(0x7f00000002c0)={{0x2, 0x0, @identifier="8cff7fc81ac6de7927c1c322084eaabd"}}) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) r2 = syz_open_procfs(0x0, &(0x7f0000000180)='net/softnet_stat\x00') close(r2) ioctl$BINDER_GET_NODE_INFO_FOR_REF(0xffffffffffffffff, 0xc018620c, &(0x7f0000000180)={0x2}) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) dup(r3) open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, &(0x7f0000000100)={{0x7f, 0x3, 0x7, 0xa59e}, 'syz0\x00', 0x37}) 10:20:36 executing program 4: 10:20:36 executing program 3: 10:20:36 executing program 0: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=@ipv4_newroute={0x1c, 0x18, 0x331, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff, 0x2}}, 0x1c}}, 0x0) writev(r1, &(0x7f0000000200)=[{&(0x7f00000000c0)="580000001400ad", 0x7}], 0x1) write$binfmt_elf64(r1, &(0x7f00000003c0)=ANY=[@ANYBLOB="edbf259659a927b189017950e3bc25e604851088077877f8f376519576f04f73e3d394a55ec727ff9847524ca3d7b4af1a6e4a80c4807c54283808838692df5950052ddbfb76642184e7529d543580d7fa4e29f837adcba637654384a6216ef0922dc9f2caf2f36534e331f3ee4444533fa8b127d7d299d1507bcbd2d1c9e2ec468e7c8c5602c5a4a41867e9db8bc01b1d20b12be472f2f78b417cc72628c16cd11cebe63d12f702a739e3ff0839bb2c683cf3b052e706ac939dc8ad8682ce33398cdfaace9d346d6b4bde38400285fdecf49496a65928537f2ffe986690243df5dc326c36504ad61ce40d5867ce789e35d8d61a4c51a6abe01d481c46ea0cb80f95657c9c6179c9e43e088e38e57dae59bbb4a15441f9924340ae45042d715946d691f025228827a2432c72bf6484d466b1452a157718a6cd2323d33de4d5c4d0e34c7baacc951f665ae62e743d0d9ed572414c8d2a8c2a52c273349d57730cc0b7da7a5ed7a476d8fdb73f5073eefdb7e76700295eb5875d0356c16041"], 0xa) close(r2) socket(0x10, 0x3, 0x0) writev(r1, &(0x7f0000000600)=[{&(0x7f0000000380)="f98ac693ce6908", 0x7}], 0x1) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0xfef0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(0xffffffffffffffff, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) splice(r0, 0x0, r2, 0x0, 0x80000001, 0x0) 10:20:36 executing program 5: 10:20:36 executing program 2: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0)='NLBL_CIPSOv4\x00') socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000300)) sendmsg$NLBL_CIPSOV4_C_REMOVE(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000240), 0xc, 0x0, 0x1, 0x0, 0x0, 0x40004}, 0x0) sendmsg$NLBL_CIPSOV4_C_LIST(0xffffffffffffffff, &(0x7f00000006c0)={&(0x7f0000000340), 0xc, 0x0}, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$DRM_IOCTL_WAIT_VBLANK(0xffffffffffffffff, 0xc018643a, 0x0) setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000480)={0x0, @rand_addr, @local}, 0xc) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000001940)='/dev/qat_adf_ctl\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYRES16=0x0], 0x1}}, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$KVM_NMI(r4, 0xae9a) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r4, 0xae80, 0x0) 10:20:36 executing program 3: 10:20:36 executing program 5: 10:20:36 executing program 4: 10:20:36 executing program 0: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=@ipv4_newroute={0x1c, 0x18, 0x331, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff, 0x2}}, 0x1c}}, 0x0) writev(r1, &(0x7f0000000200)=[{&(0x7f00000000c0)="580000001400ad", 0x7}], 0x1) write$binfmt_elf64(r1, &(0x7f00000003c0)=ANY=[@ANYBLOB="edbf259659a927b189017950e3bc25e604851088077877f8f376519576f04f73e3d394a55ec727ff9847524ca3d7b4af1a6e4a80c4807c54283808838692df5950052ddbfb76642184e7529d543580d7fa4e29f837adcba637654384a6216ef0922dc9f2caf2f36534e331f3ee4444533fa8b127d7d299d1507bcbd2d1c9e2ec468e7c8c5602c5a4a41867e9db8bc01b1d20b12be472f2f78b417cc72628c16cd11cebe63d12f702a739e3ff0839bb2c683cf3b052e706ac939dc8ad8682ce33398cdfaace9d346d6b4bde38400285fdecf49496a65928537f2ffe986690243df5dc326c36504ad61ce40d5867ce789e35d8d61a4c51a6abe01d481c46ea0cb80f95657c9c6179c9e43e088e38e57dae59bbb4a15441f9924340ae45042d715946d691f025228827a2432c72bf6484d466b1452a157718a6cd2323d33de4d5c4d0e34c7baacc951f665ae62e743d0d9ed572414c8d2a8c2a52c273349d57730cc0b7da7a5ed7a476d8fdb73f5073eefdb7e76700295eb5875d0356c16041"], 0xa) close(r2) socket(0x10, 0x3, 0x0) writev(r1, &(0x7f0000000600)=[{&(0x7f0000000380)="f98ac693ce6908", 0x7}], 0x1) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0xfef0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) splice(r0, 0x0, r2, 0x0, 0x80000001, 0x0) 10:20:36 executing program 2: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0)='NLBL_CIPSOv4\x00') socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000300)) sendmsg$NLBL_CIPSOV4_C_REMOVE(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000240), 0xc, 0x0, 0x1, 0x0, 0x0, 0x40004}, 0x0) sendmsg$NLBL_CIPSOV4_C_LIST(0xffffffffffffffff, &(0x7f00000006c0)={&(0x7f0000000340), 0xc, 0x0}, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$DRM_IOCTL_WAIT_VBLANK(0xffffffffffffffff, 0xc018643a, 0x0) setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000480)={0x0, @rand_addr, @local}, 0xc) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000001940)='/dev/qat_adf_ctl\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYRES16=0x0], 0x1}}, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$KVM_NMI(r4, 0xae9a) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r4, 0xae80, 0x0) 10:20:36 executing program 3: [ 420.122365][T11322] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 420.166832][T11322] CPU: 1 PID: 11322 Comm: syz-executor.1 Not tainted 5.5.0-rc1-syzkaller #0 [ 420.175542][T11322] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 420.185721][T11322] Call Trace: [ 420.189148][T11322] dump_stack+0x11d/0x181 [ 420.193495][T11322] dump_header+0xaa/0x39c [ 420.197918][T11322] oom_kill_process.cold+0x10/0x15 [ 420.203099][T11322] out_of_memory+0x231/0xa60 [ 420.207697][T11322] ? __rcu_read_unlock+0x66/0x3d0 [ 420.212882][T11322] mem_cgroup_out_of_memory+0x128/0x150 [ 420.218448][T11322] try_charge+0xb6c/0xbf0 [ 420.222891][T11322] ? rcu_note_context_switch+0x720/0x760 [ 420.228573][T11322] mem_cgroup_try_charge+0xd2/0x260 [ 420.233797][T11322] mem_cgroup_try_charge_delay+0x3a/0x80 [ 420.239444][T11322] __handle_mm_fault+0x197f/0x2e00 [ 420.244650][T11322] handle_mm_fault+0x21b/0x530 [ 420.249433][T11322] __get_user_pages+0x485/0x1130 [ 420.254395][T11322] populate_vma_page_range+0xe6/0x100 [ 420.259827][T11322] __mm_populate+0x168/0x2a0 [ 420.264448][T11322] __x64_sys_mlockall+0x2e3/0x320 [ 420.269491][T11322] do_syscall_64+0xcc/0x3a0 [ 420.274137][T11322] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 420.280501][T11322] RIP: 0033:0x45b349 [ 420.284431][T11322] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 420.304045][T11322] RSP: 002b:00007f8c5b479c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 420.312468][T11322] RAX: ffffffffffffffda RBX: 00007f8c5b47a6d4 RCX: 000000000045b349 [ 420.320442][T11322] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 420.328651][T11322] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 420.336781][T11322] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 420.344738][T11322] R13: 0000000000000711 R14: 00000000004c8888 R15: 000000000075bf2c [ 420.364898][T11322] memory: usage 307200kB, limit 307200kB, failcnt 3599 [ 420.371830][T11322] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 420.380117][T11322] Memory cgroup stats for /syz1: [ 420.380489][T11322] anon 306958336 [ 420.380489][T11322] file 0 [ 420.380489][T11322] kernel_stack 294912 [ 420.380489][T11322] slab 3629056 [ 420.380489][T11322] sock 0 [ 420.380489][T11322] shmem 0 [ 420.380489][T11322] file_mapped 0 [ 420.380489][T11322] file_dirty 0 [ 420.380489][T11322] file_writeback 0 [ 420.380489][T11322] anon_thp 249561088 [ 420.380489][T11322] inactive_anon 208154624 [ 420.380489][T11322] active_anon 126976 [ 420.380489][T11322] inactive_file 0 [ 420.380489][T11322] active_file 0 [ 420.380489][T11322] unevictable 98836480 [ 420.380489][T11322] slab_reclaimable 675840 [ 420.380489][T11322] slab_unreclaimable 2953216 [ 420.380489][T11322] pgfault 122859 [ 420.380489][T11322] pgmajfault 0 [ 420.380489][T11322] workingset_refault 0 [ 420.380489][T11322] workingset_activate 0 [ 420.380489][T11322] workingset_nodereclaim 0 [ 420.380489][T11322] pgrefill 232 [ 420.380489][T11322] pgscan 231 [ 420.380489][T11322] pgsteal 33 [ 420.380489][T11322] pgactivate 165 [ 420.492168][T11322] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=11307,uid=0 [ 420.522095][T11322] Memory cgroup out of memory: Killed process 11307 (syz-executor.1) total-vm:72716kB, anon-rss:18332kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:151552kB oom_score_adj:1000 [ 420.546195][ T1066] oom_reaper: reaped process 11307 (syz-executor.1), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 10:20:37 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) sched_setattr(0x0, 0x0, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000200)='/dev/snapshot\x00', 0x288000, 0x0) syz_open_dev$audion(&(0x7f0000000240)='/dev/audio#\x00', 0x9, 0x200840) dup(0xffffffffffffffff) ioctl$RTC_VL_READ(0xffffffffffffffff, 0x80047013, &(0x7f00000000c0)) exit(0x7) write$binfmt_script(0xffffffffffffffff, &(0x7f00000003c0)={'#! ', './file0', [{0x20, '/dev/kvm\x00'}, {}, {}, {0x20, 'proc'}], 0xa, "df7c00e09c916729334fbe57a726284a85ae23e7eb165a0922b020a14afa53fc919ed5b5820a609af38acfc21c2cacee2f808e60eafcd3ec51fdb7f62ca135bbf86f9c1bbf9c23db4038c329b0e8d63563439cf1b94606299a6c503abe926decd68a7e671c7dfcc4125e9888fbc8ce452b52"}, 0x8e) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) r1 = syz_open_dev$amidi(&(0x7f0000000280)='/dev/amidi#\x00', 0xaf, 0x428240) ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(r1, 0xc080661a, &(0x7f00000002c0)={{0x2, 0x0, @identifier="8cff7fc81ac6de7927c1c322084eaabd"}}) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) r2 = syz_open_procfs(0x0, &(0x7f0000000180)='net/softnet_stat\x00') close(r2) ioctl$BINDER_GET_NODE_INFO_FOR_REF(0xffffffffffffffff, 0xc018620c, &(0x7f0000000180)={0x2}) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) dup(r3) open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, &(0x7f0000000100)={{0x7f, 0x3, 0x7, 0xa59e}, 'syz0\x00', 0x37}) 10:20:37 executing program 4: 10:20:37 executing program 5: 10:20:37 executing program 3: 10:20:37 executing program 0: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=@ipv4_newroute={0x1c, 0x18, 0x331, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff, 0x2}}, 0x1c}}, 0x0) writev(r1, &(0x7f0000000200)=[{&(0x7f00000000c0)="580000001400ad", 0x7}], 0x1) write$binfmt_elf64(r1, &(0x7f00000003c0)=ANY=[@ANYBLOB="edbf259659a927b189017950e3bc25e604851088077877f8f376519576f04f73e3d394a55ec727ff9847524ca3d7b4af1a6e4a80c4807c54283808838692df5950052ddbfb76642184e7529d543580d7fa4e29f837adcba637654384a6216ef0922dc9f2caf2f36534e331f3ee4444533fa8b127d7d299d1507bcbd2d1c9e2ec468e7c8c5602c5a4a41867e9db8bc01b1d20b12be472f2f78b417cc72628c16cd11cebe63d12f702a739e3ff0839bb2c683cf3b052e706ac939dc8ad8682ce33398cdfaace9d346d6b4bde38400285fdecf49496a65928537f2ffe986690243df5dc326c36504ad61ce40d5867ce789e35d8d61a4c51a6abe01d481c46ea0cb80f95657c9c6179c9e43e088e38e57dae59bbb4a15441f9924340ae45042d715946d691f025228827a2432c72bf6484d466b1452a157718a6cd2323d33de4d5c4d0e34c7baacc951f665ae62e743d0d9ed572414c8d2a8c2a52c273349d57730cc0b7da7a5ed7a476d8fdb73f5073eefdb7e76700295eb5875d0356c16041"], 0xa) close(r2) socket(0x10, 0x3, 0x0) writev(r1, &(0x7f0000000600)=[{&(0x7f0000000380)="f98ac693ce6908", 0x7}], 0x1) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0xfef0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) splice(r0, 0x0, r2, 0x0, 0x80000001, 0x0) 10:20:37 executing program 2: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0)='NLBL_CIPSOv4\x00') socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000300)) sendmsg$NLBL_CIPSOV4_C_REMOVE(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000240), 0xc, 0x0, 0x1, 0x0, 0x0, 0x40004}, 0x0) sendmsg$NLBL_CIPSOV4_C_LIST(0xffffffffffffffff, &(0x7f00000006c0)={&(0x7f0000000340), 0xc, 0x0}, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$DRM_IOCTL_WAIT_VBLANK(0xffffffffffffffff, 0xc018643a, 0x0) setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000480)={0x0, @rand_addr, @local}, 0xc) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000001940)='/dev/qat_adf_ctl\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYRES16=0x0], 0x1}}, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$KVM_NMI(r4, 0xae9a) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r4, 0xae80, 0x0) 10:20:37 executing program 4: 10:20:37 executing program 5: 10:20:37 executing program 3: 10:20:37 executing program 2: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0)='NLBL_CIPSOv4\x00') socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000300)) sendmsg$NLBL_CIPSOV4_C_REMOVE(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000240), 0xc, 0x0, 0x1, 0x0, 0x0, 0x40004}, 0x0) sendmsg$NLBL_CIPSOV4_C_LIST(0xffffffffffffffff, &(0x7f00000006c0)={&(0x7f0000000340), 0xc, 0x0}, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$DRM_IOCTL_WAIT_VBLANK(0xffffffffffffffff, 0xc018643a, &(0x7f0000000440)={0x0, 0x0, 0x36}) setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000480)={0x0, @rand_addr, @local}, 0xc) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000001940)='/dev/qat_adf_ctl\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYRES16=0x0], 0x1}}, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$KVM_NMI(r4, 0xae9a) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r4, 0xae80, 0x0) 10:20:37 executing program 0: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=@ipv4_newroute={0x1c, 0x18, 0x331, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff, 0x2}}, 0x1c}}, 0x0) writev(r1, &(0x7f0000000200)=[{&(0x7f00000000c0)="580000001400ad", 0x7}], 0x1) write$binfmt_elf64(r1, &(0x7f00000003c0)=ANY=[@ANYBLOB="edbf259659a927b189017950e3bc25e604851088077877f8f376519576f04f73e3d394a55ec727ff9847524ca3d7b4af1a6e4a80c4807c54283808838692df5950052ddbfb76642184e7529d543580d7fa4e29f837adcba637654384a6216ef0922dc9f2caf2f36534e331f3ee4444533fa8b127d7d299d1507bcbd2d1c9e2ec468e7c8c5602c5a4a41867e9db8bc01b1d20b12be472f2f78b417cc72628c16cd11cebe63d12f702a739e3ff0839bb2c683cf3b052e706ac939dc8ad8682ce33398cdfaace9d346d6b4bde38400285fdecf49496a65928537f2ffe986690243df5dc326c36504ad61ce40d5867ce789e35d8d61a4c51a6abe01d481c46ea0cb80f95657c9c6179c9e43e088e38e57dae59bbb4a15441f9924340ae45042d715946d691f025228827a2432c72bf6484d466b1452a157718a6cd2323d33de4d5c4d0e34c7baacc951f665ae62e743d0d9ed572414c8d2a8c2a52c273349d57730cc0b7da7a5ed7a476d8fdb73f5073eefdb7e76700295eb5875d0356c16041"], 0xa) close(r2) socket(0x10, 0x3, 0x0) writev(r1, &(0x7f0000000600)=[{&(0x7f0000000380)="f98ac693ce6908", 0x7}], 0x1) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0xfef0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) splice(r0, 0x0, r2, 0x0, 0x80000001, 0x0) 10:20:37 executing program 5: [ 421.480187][T11363] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 421.525959][T11363] CPU: 0 PID: 11363 Comm: syz-executor.1 Not tainted 5.5.0-rc1-syzkaller #0 [ 421.534672][T11363] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 421.544728][T11363] Call Trace: [ 421.548108][T11363] dump_stack+0x11d/0x181 [ 421.552454][T11363] dump_header+0xaa/0x39c [ 421.556919][T11363] oom_kill_process.cold+0x10/0x15 [ 421.562069][T11363] out_of_memory+0x231/0xa60 [ 421.566813][T11363] ? __rcu_read_unlock+0x66/0x3d0 [ 421.571914][T11363] mem_cgroup_out_of_memory+0x128/0x150 [ 421.577591][T11363] try_charge+0xb6c/0xbf0 [ 421.582019][T11363] ? rcu_note_context_switch+0x720/0x760 [ 421.587690][T11363] mem_cgroup_try_charge+0xd2/0x260 [ 421.592922][T11363] mem_cgroup_try_charge_delay+0x3a/0x80 [ 421.598597][T11363] __handle_mm_fault+0x197f/0x2e00 [ 421.604465][T11363] handle_mm_fault+0x21b/0x530 [ 421.609552][T11363] __get_user_pages+0x485/0x1130 [ 421.614532][T11363] populate_vma_page_range+0xe6/0x100 [ 421.619922][T11363] __mm_populate+0x168/0x2a0 [ 421.624548][T11363] __x64_sys_mlockall+0x2e3/0x320 [ 421.629601][T11363] do_syscall_64+0xcc/0x3a0 [ 421.634150][T11363] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 421.640043][T11363] RIP: 0033:0x45b349 [ 421.643952][T11363] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 421.663563][T11363] RSP: 002b:00007f8c5b458c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 421.672070][T11363] RAX: ffffffffffffffda RBX: 00007f8c5b4596d4 RCX: 000000000045b349 [ 421.680054][T11363] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 421.688121][T11363] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 421.696105][T11363] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 421.704183][T11363] R13: 0000000000000711 R14: 00000000004c8888 R15: 000000000075bfd4 [ 421.717728][T11363] memory: usage 307200kB, limit 307200kB, failcnt 3634 [ 421.724873][T11363] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 421.731829][T11363] Memory cgroup stats for /syz1: [ 421.732131][T11363] anon 306974720 [ 421.732131][T11363] file 0 [ 421.732131][T11363] kernel_stack 331776 [ 421.732131][T11363] slab 3629056 [ 421.732131][T11363] sock 0 [ 421.732131][T11363] shmem 0 [ 421.732131][T11363] file_mapped 0 [ 421.732131][T11363] file_dirty 0 [ 421.732131][T11363] file_writeback 0 [ 421.732131][T11363] anon_thp 249561088 [ 421.732131][T11363] inactive_anon 208072704 [ 421.732131][T11363] active_anon 86016 [ 421.732131][T11363] inactive_file 0 [ 421.732131][T11363] active_file 0 [ 421.732131][T11363] unevictable 98902016 [ 421.732131][T11363] slab_reclaimable 675840 [ 421.732131][T11363] slab_unreclaimable 2953216 [ 421.732131][T11363] pgfault 124872 [ 421.732131][T11363] pgmajfault 0 [ 421.732131][T11363] workingset_refault 0 [ 421.732131][T11363] workingset_activate 0 [ 421.732131][T11363] workingset_nodereclaim 0 [ 421.732131][T11363] pgrefill 232 [ 421.732131][T11363] pgscan 231 [ 421.732131][T11363] pgsteal 33 [ 421.732131][T11363] pgactivate 165 [ 421.832539][T11363] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=11344,uid=0 [ 421.862503][T11363] Memory cgroup out of memory: Killed process 11344 (syz-executor.1) total-vm:72716kB, anon-rss:18328kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:151552kB oom_score_adj:1000 [ 421.926838][ T1066] oom_reaper: reaped process 11344 (syz-executor.1), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 10:20:38 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) sched_setattr(0x0, 0x0, 0x0) mlockall(0x3) pipe2(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000200)='/dev/snapshot\x00', 0x288000, 0x0) syz_open_dev$audion(&(0x7f0000000240)='/dev/audio#\x00', 0x9, 0x200840) dup(r1) ioctl$RTC_VL_READ(r1, 0x80047013, &(0x7f00000000c0)) exit(0x7) write$binfmt_script(0xffffffffffffffff, &(0x7f00000003c0)={'#! ', './file0', [{0x20, '/dev/kvm\x00'}, {}, {}, {0x20, 'proc'}], 0xa, "df7c00e09c916729334fbe57a726284a85ae23e7eb165a0922b020a14afa53fc919ed5b5820a609af38acfc21c2cacee2f808e60eafcd3ec51fdb7f62ca135bbf86f9c1bbf9c23db4038c329b0e8d63563439cf1b94606299a6c503abe926decd68a7e671c7dfcc4125e9888fbc8ce452b52"}, 0x8e) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) r2 = syz_open_dev$amidi(&(0x7f0000000280)='/dev/amidi#\x00', 0xaf, 0x428240) ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(r2, 0xc080661a, &(0x7f00000002c0)={{0x2, 0x0, @identifier="8cff7fc81ac6de7927c1c322084eaabd"}}) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) r3 = syz_open_procfs(0x0, &(0x7f0000000180)='net/softnet_stat\x00') close(r3) ioctl$BINDER_GET_NODE_INFO_FOR_REF(0xffffffffffffffff, 0xc018620c, &(0x7f0000000180)={0x2}) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) dup(r4) open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, &(0x7f0000000100)={{0x7f, 0x3, 0x7, 0xa59e}, 'syz0\x00', 0x37}) 10:20:38 executing program 4: 10:20:38 executing program 3: 10:20:38 executing program 5: 10:20:38 executing program 0: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=@ipv4_newroute={0x1c, 0x18, 0x331, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff, 0x2}}, 0x1c}}, 0x0) writev(r1, &(0x7f0000000200)=[{&(0x7f00000000c0)="580000001400ad", 0x7}], 0x1) write$binfmt_elf64(r1, &(0x7f00000003c0)=ANY=[@ANYBLOB="edbf259659a927b189017950e3bc25e604851088077877f8f376519576f04f73e3d394a55ec727ff9847524ca3d7b4af1a6e4a80c4807c54283808838692df5950052ddbfb76642184e7529d543580d7fa4e29f837adcba637654384a6216ef0922dc9f2caf2f36534e331f3ee4444533fa8b127d7d299d1507bcbd2d1c9e2ec468e7c8c5602c5a4a41867e9db8bc01b1d20b12be472f2f78b417cc72628c16cd11cebe63d12f702a739e3ff0839bb2c683cf3b052e706ac939dc8ad8682ce33398cdfaace9d346d6b4bde38400285fdecf49496a65928537f2ffe986690243df5dc326c36504ad61ce40d5867ce789e35d8d61a4c51a6abe01d481c46ea0cb80f95657c9c6179c9e43e088e38e57dae59bbb4a15441f9924340ae45042d715946d691f025228827a2432c72bf6484d466b1452a157718a6cd2323d33de4d5c4d0e34c7baacc951f665ae62e743d0d9ed572414c8d2a8c2a52c273349d57730cc0b7da7a5ed7a476d8fdb73f5073eefdb7e76700295eb5875d0356c16041"], 0xa) close(r2) socket(0x10, 0x3, 0x0) writev(r1, &(0x7f0000000600)=[{&(0x7f0000000380)="f98ac693ce6908", 0x7}], 0x1) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0xfef0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) splice(r0, 0x0, r2, 0x0, 0x80000001, 0x0) 10:20:38 executing program 2: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0)='NLBL_CIPSOv4\x00') socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000300)) sendmsg$NLBL_CIPSOV4_C_REMOVE(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000240), 0xc, 0x0, 0x1, 0x0, 0x0, 0x40004}, 0x0) sendmsg$NLBL_CIPSOV4_C_LIST(0xffffffffffffffff, &(0x7f00000006c0)={&(0x7f0000000340), 0xc, 0x0}, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$DRM_IOCTL_WAIT_VBLANK(0xffffffffffffffff, 0xc018643a, &(0x7f0000000440)={0x0, 0x0, 0x36}) setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000480)={0x0, @rand_addr, @local}, 0xc) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000001940)='/dev/qat_adf_ctl\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYRES16=0x0], 0x1}}, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$KVM_NMI(r4, 0xae9a) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r4, 0xae80, 0x0) 10:20:39 executing program 4: 10:20:39 executing program 3: 10:20:39 executing program 0: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=@ipv4_newroute={0x1c, 0x18, 0x331, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff, 0x2}}, 0x1c}}, 0x0) writev(r1, &(0x7f0000000200)=[{&(0x7f00000000c0)="580000001400ad", 0x7}], 0x1) write$binfmt_elf64(r1, &(0x7f00000003c0)=ANY=[@ANYBLOB="edbf259659a927b189017950e3bc25e604851088077877f8f376519576f04f73e3d394a55ec727ff9847524ca3d7b4af1a6e4a80c4807c54283808838692df5950052ddbfb76642184e7529d543580d7fa4e29f837adcba637654384a6216ef0922dc9f2caf2f36534e331f3ee4444533fa8b127d7d299d1507bcbd2d1c9e2ec468e7c8c5602c5a4a41867e9db8bc01b1d20b12be472f2f78b417cc72628c16cd11cebe63d12f702a739e3ff0839bb2c683cf3b052e706ac939dc8ad8682ce33398cdfaace9d346d6b4bde38400285fdecf49496a65928537f2ffe986690243df5dc326c36504ad61ce40d5867ce789e35d8d61a4c51a6abe01d481c46ea0cb80f95657c9c6179c9e43e088e38e57dae59bbb4a15441f9924340ae45042d715946d691f025228827a2432c72bf6484d466b1452a157718a6cd2323d33de4d5c4d0e34c7baacc951f665ae62e743d0d9ed572414c8d2a8c2a52c273349d57730cc0b7da7a5ed7a476d8fdb73f5073eefdb7e76700295eb5875d0356c16041"], 0xa) close(r2) socket(0x10, 0x3, 0x0) writev(r1, &(0x7f0000000600)=[{&(0x7f0000000380)="f98ac693ce6908", 0x7}], 0x1) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0xfef0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) splice(r0, 0x0, r2, 0x0, 0x80000001, 0x0) 10:20:39 executing program 5: 10:20:39 executing program 2: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0)='NLBL_CIPSOv4\x00') socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000300)) sendmsg$NLBL_CIPSOV4_C_REMOVE(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000240), 0xc, 0x0, 0x1, 0x0, 0x0, 0x40004}, 0x0) sendmsg$NLBL_CIPSOV4_C_LIST(0xffffffffffffffff, &(0x7f00000006c0)={&(0x7f0000000340), 0xc, 0x0}, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$DRM_IOCTL_WAIT_VBLANK(0xffffffffffffffff, 0xc018643a, &(0x7f0000000440)={0x0, 0x0, 0x36}) setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000480)={0x0, @rand_addr, @local}, 0xc) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000001940)='/dev/qat_adf_ctl\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYRES16=0x0], 0x1}}, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$KVM_NMI(r4, 0xae9a) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r4, 0xae80, 0x0) [ 422.661361][T11393] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 422.696128][T11393] CPU: 1 PID: 11393 Comm: syz-executor.1 Not tainted 5.5.0-rc1-syzkaller #0 [ 422.704946][T11393] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 422.715115][T11393] Call Trace: [ 422.718465][T11393] dump_stack+0x11d/0x181 [ 422.722813][T11393] dump_header+0xaa/0x39c [ 422.727255][T11393] oom_kill_process.cold+0x10/0x15 [ 422.732446][T11393] out_of_memory+0x231/0xa60 [ 422.737055][T11393] ? __rcu_read_unlock+0x66/0x3d0 [ 422.742113][T11393] mem_cgroup_out_of_memory+0x128/0x150 [ 422.747725][T11393] try_charge+0xb6c/0xbf0 [ 422.752151][T11393] ? rcu_note_context_switch+0x720/0x760 [ 422.757810][T11393] mem_cgroup_try_charge+0xd2/0x260 [ 422.768188][T11393] mem_cgroup_try_charge_delay+0x3a/0x80 [ 422.773840][T11393] __handle_mm_fault+0x197f/0x2e00 [ 422.779332][T11393] handle_mm_fault+0x21b/0x530 [ 422.784130][T11393] __get_user_pages+0x485/0x1130 [ 422.789275][T11393] populate_vma_page_range+0xe6/0x100 [ 422.794671][T11393] __mm_populate+0x168/0x2a0 [ 422.799276][T11393] __x64_sys_mlockall+0x2e3/0x320 [ 422.804332][T11393] do_syscall_64+0xcc/0x3a0 [ 422.808956][T11393] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 422.814857][T11393] RIP: 0033:0x45b349 [ 422.818856][T11393] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 422.838557][T11393] RSP: 002b:00007f8c5b479c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 422.847007][T11393] RAX: ffffffffffffffda RBX: 00007f8c5b47a6d4 RCX: 000000000045b349 [ 422.854994][T11393] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 10:20:39 executing program 4: [ 422.863043][T11393] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 422.871283][T11393] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 422.879707][T11393] R13: 0000000000000711 R14: 00000000004c8888 R15: 000000000075bf2c [ 422.931888][T11393] memory: usage 307200kB, limit 307200kB, failcnt 3701 [ 422.943265][T11393] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 422.950209][T11393] Memory cgroup stats for /syz1: [ 422.950503][T11393] anon 306909184 [ 422.950503][T11393] file 0 [ 422.950503][T11393] kernel_stack 294912 [ 422.950503][T11393] slab 3629056 [ 422.950503][T11393] sock 0 [ 422.950503][T11393] shmem 0 [ 422.950503][T11393] file_mapped 0 [ 422.950503][T11393] file_dirty 0 [ 422.950503][T11393] file_writeback 0 [ 422.950503][T11393] anon_thp 247463936 [ 422.950503][T11393] inactive_anon 208039936 [ 422.950503][T11393] active_anon 86016 [ 422.950503][T11393] inactive_file 0 [ 422.950503][T11393] active_file 0 [ 422.950503][T11393] unevictable 98856960 [ 422.950503][T11393] slab_reclaimable 675840 [ 422.950503][T11393] slab_unreclaimable 2953216 [ 422.950503][T11393] pgfault 127314 [ 422.950503][T11393] pgmajfault 0 [ 422.950503][T11393] workingset_refault 0 [ 422.950503][T11393] workingset_activate 0 [ 422.950503][T11393] workingset_nodereclaim 0 [ 422.950503][T11393] pgrefill 232 [ 422.950503][T11393] pgscan 231 [ 422.950503][T11393] pgsteal 33 [ 422.950503][T11393] pgactivate 165 [ 423.057175][T11393] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=11382,uid=0 [ 423.085861][T11393] Memory cgroup out of memory: Killed process 11382 (syz-executor.1) total-vm:72716kB, anon-rss:18328kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:151552kB oom_score_adj:1000 [ 423.138452][ T1066] oom_reaper: reaped process 11382 (syz-executor.1), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 10:20:40 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) sched_setattr(0x0, 0x0, 0x0) mlockall(0x3) pipe2(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000200)='/dev/snapshot\x00', 0x288000, 0x0) syz_open_dev$audion(&(0x7f0000000240)='/dev/audio#\x00', 0x9, 0x200840) dup(r1) ioctl$RTC_VL_READ(r1, 0x80047013, &(0x7f00000000c0)) exit(0x7) write$binfmt_script(0xffffffffffffffff, &(0x7f00000003c0)={'#! ', './file0', [{0x20, '/dev/kvm\x00'}, {}, {}, {0x20, 'proc'}], 0xa, "df7c00e09c916729334fbe57a726284a85ae23e7eb165a0922b020a14afa53fc919ed5b5820a609af38acfc21c2cacee2f808e60eafcd3ec51fdb7f62ca135bbf86f9c1bbf9c23db4038c329b0e8d63563439cf1b94606299a6c503abe926decd68a7e671c7dfcc4125e9888fbc8ce452b52"}, 0x8e) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) r2 = syz_open_dev$amidi(&(0x7f0000000280)='/dev/amidi#\x00', 0xaf, 0x428240) ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(r2, 0xc080661a, &(0x7f00000002c0)={{0x2, 0x0, @identifier="8cff7fc81ac6de7927c1c322084eaabd"}}) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) r3 = syz_open_procfs(0x0, &(0x7f0000000180)='net/softnet_stat\x00') close(r3) ioctl$BINDER_GET_NODE_INFO_FOR_REF(0xffffffffffffffff, 0xc018620c, &(0x7f0000000180)={0x2}) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) dup(r4) open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, &(0x7f0000000100)={{0x7f, 0x3, 0x7, 0xa59e}, 'syz0\x00', 0x37}) 10:20:40 executing program 0: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=@ipv4_newroute={0x1c, 0x18, 0x331, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff, 0x2}}, 0x1c}}, 0x0) writev(r1, &(0x7f0000000200)=[{&(0x7f00000000c0)="580000001400ad", 0x7}], 0x1) write$binfmt_elf64(r1, &(0x7f00000003c0)=ANY=[@ANYBLOB="edbf259659a927b189017950e3bc25e604851088077877f8f376519576f04f73e3d394a55ec727ff9847524ca3d7b4af1a6e4a80c4807c54283808838692df5950052ddbfb76642184e7529d543580d7fa4e29f837adcba637654384a6216ef0922dc9f2caf2f36534e331f3ee4444533fa8b127d7d299d1507bcbd2d1c9e2ec468e7c8c5602c5a4a41867e9db8bc01b1d20b12be472f2f78b417cc72628c16cd11cebe63d12f702a739e3ff0839bb2c683cf3b052e706ac939dc8ad8682ce33398cdfaace9d346d6b4bde38400285fdecf49496a65928537f2ffe986690243df5dc326c36504ad61ce40d5867ce789e35d8d61a4c51a6abe01d481c46ea0cb80f95657c9c6179c9e43e088e38e57dae59bbb4a15441f9924340ae45042d715946d691f025228827a2432c72bf6484d466b1452a157718a6cd2323d33de4d5c4d0e34c7baacc951f665ae62e743d0d9ed572414c8d2a8c2a52c273349d57730cc0b7da7a5ed7a476d8fdb73f5073eefdb7e76700295eb5875d0356c16041"], 0xa) close(r2) socket(0x10, 0x3, 0x0) writev(r1, &(0x7f0000000600)=[{&(0x7f0000000380)="f98ac693ce6908", 0x7}], 0x1) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0xfef0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) splice(r0, 0x0, r2, 0x0, 0x80000001, 0x0) 10:20:40 executing program 5: 10:20:40 executing program 2: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0)='NLBL_CIPSOv4\x00') socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000300)) sendmsg$NLBL_CIPSOV4_C_REMOVE(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000240), 0xc, 0x0, 0x1, 0x0, 0x0, 0x40004}, 0x0) sendmsg$NLBL_CIPSOV4_C_LIST(0xffffffffffffffff, &(0x7f00000006c0)={&(0x7f0000000340), 0xc, 0x0}, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$DRM_IOCTL_WAIT_VBLANK(0xffffffffffffffff, 0xc018643a, &(0x7f0000000440)={0x0, 0x7}) setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000480)={0x0, @rand_addr, @local}, 0xc) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000001940)='/dev/qat_adf_ctl\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYRES16=0x0], 0x1}}, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$KVM_NMI(r4, 0xae9a) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r4, 0xae80, 0x0) 10:20:40 executing program 3: 10:20:40 executing program 4: 10:20:40 executing program 3: 10:20:40 executing program 4: 10:20:40 executing program 0: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=@ipv4_newroute={0x1c, 0x18, 0x331, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff, 0x2}}, 0x1c}}, 0x0) writev(r1, &(0x7f0000000200)=[{&(0x7f00000000c0)="580000001400ad", 0x7}], 0x1) write$binfmt_elf64(r1, &(0x7f00000003c0)=ANY=[@ANYBLOB="edbf259659a927b189017950e3bc25e604851088077877f8f376519576f04f73e3d394a55ec727ff9847524ca3d7b4af1a6e4a80c4807c54283808838692df5950052ddbfb76642184e7529d543580d7fa4e29f837adcba637654384a6216ef0922dc9f2caf2f36534e331f3ee4444533fa8b127d7d299d1507bcbd2d1c9e2ec468e7c8c5602c5a4a41867e9db8bc01b1d20b12be472f2f78b417cc72628c16cd11cebe63d12f702a739e3ff0839bb2c683cf3b052e706ac939dc8ad8682ce33398cdfaace9d346d6b4bde38400285fdecf49496a65928537f2ffe986690243df5dc326c36504ad61ce40d5867ce789e35d8d61a4c51a6abe01d481c46ea0cb80f95657c9c6179c9e43e088e38e57dae59bbb4a15441f9924340ae45042d715946d691f025228827a2432c72bf6484d466b1452a157718a6cd2323d33de4d5c4d0e34c7baacc951f665ae62e743d0d9ed572414c8d2a8c2a52c273349d57730cc0b7da7a5ed7a476d8fdb73f5073eefdb7e76700295eb5875d0356c16041"], 0xa) close(r2) socket(0x10, 0x3, 0x0) writev(r1, &(0x7f0000000600)=[{&(0x7f0000000380)="f98ac693ce6908", 0x7}], 0x1) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0xfef0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x0) splice(r0, 0x0, r2, 0x0, 0x80000001, 0x0) 10:20:40 executing program 5: 10:20:40 executing program 3: 10:20:40 executing program 2: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0)='NLBL_CIPSOv4\x00') socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000300)) sendmsg$NLBL_CIPSOV4_C_REMOVE(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000240), 0xc, 0x0, 0x1, 0x0, 0x0, 0x40004}, 0x0) sendmsg$NLBL_CIPSOV4_C_LIST(0xffffffffffffffff, &(0x7f00000006c0)={&(0x7f0000000340), 0xc, 0x0}, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$DRM_IOCTL_WAIT_VBLANK(0xffffffffffffffff, 0xc018643a, &(0x7f0000000440)={0x0, 0x7}) setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000480)={0x0, @rand_addr, @local}, 0xc) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000001940)='/dev/qat_adf_ctl\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYRES16=0x0], 0x1}}, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$KVM_NMI(r4, 0xae9a) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r4, 0xae80, 0x0) 10:20:41 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) sched_setattr(0x0, 0x0, 0x0) mlockall(0x3) pipe2(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000200)='/dev/snapshot\x00', 0x288000, 0x0) syz_open_dev$audion(&(0x7f0000000240)='/dev/audio#\x00', 0x9, 0x200840) dup(r1) ioctl$RTC_VL_READ(r1, 0x80047013, &(0x7f00000000c0)) exit(0x7) write$binfmt_script(0xffffffffffffffff, &(0x7f00000003c0)={'#! ', './file0', [{0x20, '/dev/kvm\x00'}, {}, {}, {0x20, 'proc'}], 0xa, "df7c00e09c916729334fbe57a726284a85ae23e7eb165a0922b020a14afa53fc919ed5b5820a609af38acfc21c2cacee2f808e60eafcd3ec51fdb7f62ca135bbf86f9c1bbf9c23db4038c329b0e8d63563439cf1b94606299a6c503abe926decd68a7e671c7dfcc4125e9888fbc8ce452b52"}, 0x8e) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) r2 = syz_open_dev$amidi(&(0x7f0000000280)='/dev/amidi#\x00', 0xaf, 0x428240) ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(r2, 0xc080661a, &(0x7f00000002c0)={{0x2, 0x0, @identifier="8cff7fc81ac6de7927c1c322084eaabd"}}) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) r3 = syz_open_procfs(0x0, &(0x7f0000000180)='net/softnet_stat\x00') close(r3) ioctl$BINDER_GET_NODE_INFO_FOR_REF(0xffffffffffffffff, 0xc018620c, &(0x7f0000000180)={0x2}) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) dup(r4) open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, &(0x7f0000000100)={{0x7f, 0x3, 0x7, 0xa59e}, 'syz0\x00', 0x37}) 10:20:41 executing program 5: 10:20:41 executing program 4: 10:20:41 executing program 0: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=@ipv4_newroute={0x1c, 0x18, 0x331, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff, 0x2}}, 0x1c}}, 0x0) writev(r1, &(0x7f0000000200)=[{&(0x7f00000000c0)="580000001400ad", 0x7}], 0x1) write$binfmt_elf64(r1, &(0x7f00000003c0)=ANY=[@ANYBLOB="edbf259659a927b189017950e3bc25e604851088077877f8f376519576f04f73e3d394a55ec727ff9847524ca3d7b4af1a6e4a80c4807c54283808838692df5950052ddbfb76642184e7529d543580d7fa4e29f837adcba637654384a6216ef0922dc9f2caf2f36534e331f3ee4444533fa8b127d7d299d1507bcbd2d1c9e2ec468e7c8c5602c5a4a41867e9db8bc01b1d20b12be472f2f78b417cc72628c16cd11cebe63d12f702a739e3ff0839bb2c683cf3b052e706ac939dc8ad8682ce33398cdfaace9d346d6b4bde38400285fdecf49496a65928537f2ffe986690243df5dc326c36504ad61ce40d5867ce789e35d8d61a4c51a6abe01d481c46ea0cb80f95657c9c6179c9e43e088e38e57dae59bbb4a15441f9924340ae45042d715946d691f025228827a2432c72bf6484d466b1452a157718a6cd2323d33de4d5c4d0e34c7baacc951f665ae62e743d0d9ed572414c8d2a8c2a52c273349d57730cc0b7da7a5ed7a476d8fdb73f5073eefdb7e76700295eb5875d0356c16041"], 0xa) close(r2) socket(0x10, 0x3, 0x0) writev(r1, &(0x7f0000000600)=[{&(0x7f0000000380)="f98ac693ce6908", 0x7}], 0x1) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0xfef0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x0) splice(r0, 0x0, r2, 0x0, 0x80000001, 0x0) 10:20:41 executing program 3: 10:20:41 executing program 2: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0)='NLBL_CIPSOv4\x00') socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000300)) sendmsg$NLBL_CIPSOV4_C_REMOVE(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000240), 0xc, 0x0, 0x1, 0x0, 0x0, 0x40004}, 0x0) sendmsg$NLBL_CIPSOV4_C_LIST(0xffffffffffffffff, &(0x7f00000006c0)={&(0x7f0000000340), 0xc, 0x0}, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$DRM_IOCTL_WAIT_VBLANK(0xffffffffffffffff, 0xc018643a, &(0x7f0000000440)={0x0, 0x7}) setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000480)={0x0, @rand_addr, @local}, 0xc) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000001940)='/dev/qat_adf_ctl\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYRES16=0x0], 0x1}}, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$KVM_NMI(r4, 0xae9a) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r4, 0xae80, 0x0) 10:20:41 executing program 4: 10:20:41 executing program 4: 10:20:41 executing program 5: 10:20:41 executing program 3: 10:20:41 executing program 2: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0)='NLBL_CIPSOv4\x00') socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000300)) sendmsg$NLBL_CIPSOV4_C_REMOVE(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000240), 0xc, 0x0, 0x1, 0x0, 0x0, 0x40004}, 0x0) sendmsg$NLBL_CIPSOV4_C_LIST(0xffffffffffffffff, &(0x7f00000006c0)={&(0x7f0000000340), 0xc, 0x0}, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$DRM_IOCTL_WAIT_VBLANK(0xffffffffffffffff, 0xc018643a, &(0x7f0000000440)={0x0, 0x7, 0x36}) setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000001940)='/dev/qat_adf_ctl\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYRES16=0x0], 0x1}}, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$KVM_NMI(r4, 0xae9a) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r4, 0xae80, 0x0) 10:20:41 executing program 0: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=@ipv4_newroute={0x1c, 0x18, 0x331, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff, 0x2}}, 0x1c}}, 0x0) writev(r1, &(0x7f0000000200)=[{&(0x7f00000000c0)="580000001400ad", 0x7}], 0x1) write$binfmt_elf64(r1, &(0x7f00000003c0)=ANY=[@ANYBLOB="edbf259659a927b189017950e3bc25e604851088077877f8f376519576f04f73e3d394a55ec727ff9847524ca3d7b4af1a6e4a80c4807c54283808838692df5950052ddbfb76642184e7529d543580d7fa4e29f837adcba637654384a6216ef0922dc9f2caf2f36534e331f3ee4444533fa8b127d7d299d1507bcbd2d1c9e2ec468e7c8c5602c5a4a41867e9db8bc01b1d20b12be472f2f78b417cc72628c16cd11cebe63d12f702a739e3ff0839bb2c683cf3b052e706ac939dc8ad8682ce33398cdfaace9d346d6b4bde38400285fdecf49496a65928537f2ffe986690243df5dc326c36504ad61ce40d5867ce789e35d8d61a4c51a6abe01d481c46ea0cb80f95657c9c6179c9e43e088e38e57dae59bbb4a15441f9924340ae45042d715946d691f025228827a2432c72bf6484d466b1452a157718a6cd2323d33de4d5c4d0e34c7baacc951f665ae62e743d0d9ed572414c8d2a8c2a52c273349d57730cc0b7da7a5ed7a476d8fdb73f5073eefdb7e76700295eb5875d0356c16041"], 0xa) close(r2) socket(0x10, 0x3, 0x0) writev(r1, &(0x7f0000000600)=[{&(0x7f0000000380)="f98ac693ce6908", 0x7}], 0x1) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0xfef0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x0) splice(r0, 0x0, r2, 0x0, 0x80000001, 0x0) 10:20:42 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) sched_setattr(0x0, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000200)='/dev/snapshot\x00', 0x288000, 0x0) syz_open_dev$audion(&(0x7f0000000240)='/dev/audio#\x00', 0x9, 0x200840) dup(r1) ioctl$RTC_VL_READ(r1, 0x80047013, &(0x7f00000000c0)) exit(0x7) write$binfmt_script(0xffffffffffffffff, &(0x7f00000003c0)={'#! ', './file0', [{0x20, '/dev/kvm\x00'}, {}, {}, {0x20, 'proc'}], 0xa, "df7c00e09c916729334fbe57a726284a85ae23e7eb165a0922b020a14afa53fc919ed5b5820a609af38acfc21c2cacee2f808e60eafcd3ec51fdb7f62ca135bbf86f9c1bbf9c23db4038c329b0e8d63563439cf1b94606299a6c503abe926decd68a7e671c7dfcc4125e9888fbc8ce452b52"}, 0x8e) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) r2 = syz_open_dev$amidi(&(0x7f0000000280)='/dev/amidi#\x00', 0xaf, 0x428240) ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(r2, 0xc080661a, &(0x7f00000002c0)={{0x2, 0x0, @identifier="8cff7fc81ac6de7927c1c322084eaabd"}}) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) r3 = syz_open_procfs(0x0, &(0x7f0000000180)='net/softnet_stat\x00') close(r3) ioctl$BINDER_GET_NODE_INFO_FOR_REF(0xffffffffffffffff, 0xc018620c, &(0x7f0000000180)={0x2}) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) dup(r4) open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, &(0x7f0000000100)={{0x7f, 0x3, 0x7, 0xa59e}, 'syz0\x00', 0x37}) 10:20:42 executing program 3: 10:20:42 executing program 4: 10:20:42 executing program 5: 10:20:42 executing program 0: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=@ipv4_newroute={0x1c, 0x18, 0x331, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff, 0x2}}, 0x1c}}, 0x0) writev(r0, &(0x7f0000000200)=[{&(0x7f00000000c0)="580000001400ad", 0x7}], 0x1) write$binfmt_elf64(r0, &(0x7f00000003c0)=ANY=[@ANYBLOB="edbf259659a927b189017950e3bc25e604851088077877f8f376519576f04f73e3d394a55ec727ff9847524ca3d7b4af1a6e4a80c4807c54283808838692df5950052ddbfb76642184e7529d543580d7fa4e29f837adcba637654384a6216ef0922dc9f2caf2f36534e331f3ee4444533fa8b127d7d299d1507bcbd2d1c9e2ec468e7c8c5602c5a4a41867e9db8bc01b1d20b12be472f2f78b417cc72628c16cd11cebe63d12f702a739e3ff0839bb2c683cf3b052e706ac939dc8ad8682ce33398cdfaace9d346d6b4bde38400285fdecf49496a65928537f2ffe986690243df5dc326c36504ad61ce40d5867ce789e35d8d61a4c51a6abe01d481c46ea0cb80f95657c9c6179c9e43e088e38e57dae59bbb4a15441f9924340ae45042d715946d691f025228827a2432c72bf6484d466b1452a157718a6cd2323d33de4d5c4d0e34c7baacc951f665ae62e743d0d9ed572414c8d2a8c2a52c273349d57730cc0b7da7a5ed7a476d8fdb73f5073eefdb7e76700295eb5875d0356c16041"], 0xa) close(r1) socket(0x10, 0x3, 0x0) writev(r0, &(0x7f0000000600)=[{&(0x7f0000000380)="f98ac693ce6908", 0x7}], 0x1) write$binfmt_misc(r0, &(0x7f0000000140)=ANY=[], 0xfef0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) splice(0xffffffffffffffff, 0x0, r1, 0x0, 0x80000001, 0x0) 10:20:42 executing program 2: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0)='NLBL_CIPSOv4\x00') socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000300)) sendmsg$NLBL_CIPSOV4_C_REMOVE(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000240), 0xc, 0x0, 0x1, 0x0, 0x0, 0x40004}, 0x0) sendmsg$NLBL_CIPSOV4_C_LIST(0xffffffffffffffff, &(0x7f00000006c0)={&(0x7f0000000340), 0xc, 0x0}, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$DRM_IOCTL_WAIT_VBLANK(0xffffffffffffffff, 0xc018643a, &(0x7f0000000440)={0x0, 0x7, 0x36}) setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000001940)='/dev/qat_adf_ctl\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYRES16=0x0], 0x1}}, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$KVM_NMI(r4, 0xae9a) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r4, 0xae80, 0x0) 10:20:42 executing program 4: 10:20:42 executing program 3: 10:20:42 executing program 5: 10:20:42 executing program 0: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=@ipv4_newroute={0x1c, 0x18, 0x331, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff, 0x2}}, 0x1c}}, 0x0) writev(r0, &(0x7f0000000200)=[{&(0x7f00000000c0)="580000001400ad", 0x7}], 0x1) write$binfmt_elf64(r0, &(0x7f00000003c0)=ANY=[@ANYBLOB="edbf259659a927b189017950e3bc25e604851088077877f8f376519576f04f73e3d394a55ec727ff9847524ca3d7b4af1a6e4a80c4807c54283808838692df5950052ddbfb76642184e7529d543580d7fa4e29f837adcba637654384a6216ef0922dc9f2caf2f36534e331f3ee4444533fa8b127d7d299d1507bcbd2d1c9e2ec468e7c8c5602c5a4a41867e9db8bc01b1d20b12be472f2f78b417cc72628c16cd11cebe63d12f702a739e3ff0839bb2c683cf3b052e706ac939dc8ad8682ce33398cdfaace9d346d6b4bde38400285fdecf49496a65928537f2ffe986690243df5dc326c36504ad61ce40d5867ce789e35d8d61a4c51a6abe01d481c46ea0cb80f95657c9c6179c9e43e088e38e57dae59bbb4a15441f9924340ae45042d715946d691f025228827a2432c72bf6484d466b1452a157718a6cd2323d33de4d5c4d0e34c7baacc951f665ae62e743d0d9ed572414c8d2a8c2a52c273349d57730cc0b7da7a5ed7a476d8fdb73f5073eefdb7e76700295eb5875d0356c16041"], 0xa) close(r1) socket(0x10, 0x3, 0x0) writev(r0, &(0x7f0000000600)=[{&(0x7f0000000380)="f98ac693ce6908", 0x7}], 0x1) write$binfmt_misc(r0, &(0x7f0000000140)=ANY=[], 0xfef0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) splice(0xffffffffffffffff, 0x0, r1, 0x0, 0x80000001, 0x0) 10:20:43 executing program 2: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0)='NLBL_CIPSOv4\x00') socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000300)) sendmsg$NLBL_CIPSOV4_C_REMOVE(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000240), 0xc, 0x0, 0x1, 0x0, 0x0, 0x40004}, 0x0) sendmsg$NLBL_CIPSOV4_C_LIST(0xffffffffffffffff, &(0x7f00000006c0)={&(0x7f0000000340), 0xc, 0x0}, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$DRM_IOCTL_WAIT_VBLANK(0xffffffffffffffff, 0xc018643a, &(0x7f0000000440)={0x0, 0x7, 0x36}) setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000001940)='/dev/qat_adf_ctl\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYRES16=0x0], 0x1}}, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$KVM_NMI(r4, 0xae9a) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r4, 0xae80, 0x0) 10:20:43 executing program 4: 10:20:44 executing program 5: 10:20:44 executing program 0: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=@ipv4_newroute={0x1c, 0x18, 0x331, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff, 0x2}}, 0x1c}}, 0x0) writev(r0, &(0x7f0000000200)=[{&(0x7f00000000c0)="580000001400ad", 0x7}], 0x1) write$binfmt_elf64(r0, &(0x7f00000003c0)=ANY=[@ANYBLOB="edbf259659a927b189017950e3bc25e604851088077877f8f376519576f04f73e3d394a55ec727ff9847524ca3d7b4af1a6e4a80c4807c54283808838692df5950052ddbfb76642184e7529d543580d7fa4e29f837adcba637654384a6216ef0922dc9f2caf2f36534e331f3ee4444533fa8b127d7d299d1507bcbd2d1c9e2ec468e7c8c5602c5a4a41867e9db8bc01b1d20b12be472f2f78b417cc72628c16cd11cebe63d12f702a739e3ff0839bb2c683cf3b052e706ac939dc8ad8682ce33398cdfaace9d346d6b4bde38400285fdecf49496a65928537f2ffe986690243df5dc326c36504ad61ce40d5867ce789e35d8d61a4c51a6abe01d481c46ea0cb80f95657c9c6179c9e43e088e38e57dae59bbb4a15441f9924340ae45042d715946d691f025228827a2432c72bf6484d466b1452a157718a6cd2323d33de4d5c4d0e34c7baacc951f665ae62e743d0d9ed572414c8d2a8c2a52c273349d57730cc0b7da7a5ed7a476d8fdb73f5073eefdb7e76700295eb5875d0356c16041"], 0xa) close(r1) socket(0x10, 0x3, 0x0) writev(r0, &(0x7f0000000600)=[{&(0x7f0000000380)="f98ac693ce6908", 0x7}], 0x1) write$binfmt_misc(r0, &(0x7f0000000140)=ANY=[], 0xfef0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) splice(0xffffffffffffffff, 0x0, r1, 0x0, 0x80000001, 0x0) 10:20:44 executing program 3: 10:20:44 executing program 4: 10:20:44 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) sched_setattr(0x0, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000200)='/dev/snapshot\x00', 0x288000, 0x0) syz_open_dev$audion(&(0x7f0000000240)='/dev/audio#\x00', 0x9, 0x200840) dup(r1) ioctl$RTC_VL_READ(r1, 0x80047013, &(0x7f00000000c0)) exit(0x7) write$binfmt_script(0xffffffffffffffff, &(0x7f00000003c0)={'#! ', './file0', [{0x20, '/dev/kvm\x00'}, {}, {}, {0x20, 'proc'}], 0xa, "df7c00e09c916729334fbe57a726284a85ae23e7eb165a0922b020a14afa53fc919ed5b5820a609af38acfc21c2cacee2f808e60eafcd3ec51fdb7f62ca135bbf86f9c1bbf9c23db4038c329b0e8d63563439cf1b94606299a6c503abe926decd68a7e671c7dfcc4125e9888fbc8ce452b52"}, 0x8e) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) r2 = syz_open_dev$amidi(&(0x7f0000000280)='/dev/amidi#\x00', 0xaf, 0x428240) ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(r2, 0xc080661a, &(0x7f00000002c0)={{0x2, 0x0, @identifier="8cff7fc81ac6de7927c1c322084eaabd"}}) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) r3 = syz_open_procfs(0x0, &(0x7f0000000180)='net/softnet_stat\x00') close(r3) ioctl$BINDER_GET_NODE_INFO_FOR_REF(0xffffffffffffffff, 0xc018620c, &(0x7f0000000180)={0x2}) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) dup(r4) open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, &(0x7f0000000100)={{0x7f, 0x3, 0x7, 0xa59e}, 'syz0\x00', 0x37}) 10:20:44 executing program 2: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0)='NLBL_CIPSOv4\x00') socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000300)) sendmsg$NLBL_CIPSOV4_C_REMOVE(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000240), 0xc, 0x0, 0x1, 0x0, 0x0, 0x40004}, 0x0) sendmsg$NLBL_CIPSOV4_C_LIST(0xffffffffffffffff, &(0x7f00000006c0)={&(0x7f0000000340), 0xc, 0x0}, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$DRM_IOCTL_WAIT_VBLANK(0xffffffffffffffff, 0xc018643a, &(0x7f0000000440)={0x0, 0x7, 0x36}) setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000480)={0x0, @rand_addr, @local}, 0xc) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000001940)='/dev/qat_adf_ctl\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYRES16=0x0], 0x1}}, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$KVM_NMI(r4, 0xae9a) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r4, 0xae80, 0x0) 10:20:44 executing program 3: 10:20:44 executing program 5: 10:20:44 executing program 4: 10:20:44 executing program 0: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=@ipv4_newroute={0x1c, 0x18, 0x331, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff, 0x2}}, 0x1c}}, 0x0) writev(r1, &(0x7f0000000200)=[{&(0x7f00000000c0)="580000001400ad", 0x7}], 0x1) write$binfmt_elf64(r1, &(0x7f00000003c0)=ANY=[@ANYBLOB="edbf259659a927b189017950e3bc25e604851088077877f8f376519576f04f73e3d394a55ec727ff9847524ca3d7b4af1a6e4a80c4807c54283808838692df5950052ddbfb76642184e7529d543580d7fa4e29f837adcba637654384a6216ef0922dc9f2caf2f36534e331f3ee4444533fa8b127d7d299d1507bcbd2d1c9e2ec468e7c8c5602c5a4a41867e9db8bc01b1d20b12be472f2f78b417cc72628c16cd11cebe63d12f702a739e3ff0839bb2c683cf3b052e706ac939dc8ad8682ce33398cdfaace9d346d6b4bde38400285fdecf49496a65928537f2ffe986690243df5dc326c36504ad61ce40d5867ce789e35d8d61a4c51a6abe01d481c46ea0cb80f95657c9c6179c9e43e088e38e57dae59bbb4a15441f9924340ae45042d715946d691f025228827a2432c72bf6484d466b1452a157718a6cd2323d33de4d5c4d0e34c7baacc951f665ae62e743d0d9ed572414c8d2a8c2a52c273349d57730cc0b7da7a5ed7a476d8fdb73f5073eefdb7e76700295eb5875d0356c16041"], 0xa) close(r2) socket(0x10, 0x3, 0x0) writev(r1, &(0x7f0000000600)=[{&(0x7f0000000380)="f98ac693ce6908", 0x7}], 0x1) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0xfef0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) splice(r0, 0x0, 0xffffffffffffffff, 0x0, 0x80000001, 0x0) 10:20:44 executing program 3: 10:20:44 executing program 2: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0)='NLBL_CIPSOv4\x00') socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000300)) sendmsg$NLBL_CIPSOV4_C_REMOVE(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000240), 0xc, 0x0, 0x1, 0x0, 0x0, 0x40004}, 0x0) sendmsg$NLBL_CIPSOV4_C_LIST(0xffffffffffffffff, &(0x7f00000006c0)={&(0x7f0000000340), 0xc, 0x0}, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$DRM_IOCTL_WAIT_VBLANK(0xffffffffffffffff, 0xc018643a, &(0x7f0000000440)={0x0, 0x7, 0x36}) setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000480)={0x0, @rand_addr, @local}, 0xc) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000001940)='/dev/qat_adf_ctl\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYRES16=0x0], 0x1}}, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$KVM_NMI(r4, 0xae9a) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r4, 0xae80, 0x0) 10:20:44 executing program 5: 10:20:44 executing program 4: 10:20:44 executing program 0: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=@ipv4_newroute={0x1c, 0x18, 0x331, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff, 0x2}}, 0x1c}}, 0x0) writev(r1, &(0x7f0000000200)=[{&(0x7f00000000c0)="580000001400ad", 0x7}], 0x1) write$binfmt_elf64(r1, &(0x7f00000003c0)=ANY=[@ANYBLOB="edbf259659a927b189017950e3bc25e604851088077877f8f376519576f04f73e3d394a55ec727ff9847524ca3d7b4af1a6e4a80c4807c54283808838692df5950052ddbfb76642184e7529d543580d7fa4e29f837adcba637654384a6216ef0922dc9f2caf2f36534e331f3ee4444533fa8b127d7d299d1507bcbd2d1c9e2ec468e7c8c5602c5a4a41867e9db8bc01b1d20b12be472f2f78b417cc72628c16cd11cebe63d12f702a739e3ff0839bb2c683cf3b052e706ac939dc8ad8682ce33398cdfaace9d346d6b4bde38400285fdecf49496a65928537f2ffe986690243df5dc326c36504ad61ce40d5867ce789e35d8d61a4c51a6abe01d481c46ea0cb80f95657c9c6179c9e43e088e38e57dae59bbb4a15441f9924340ae45042d715946d691f025228827a2432c72bf6484d466b1452a157718a6cd2323d33de4d5c4d0e34c7baacc951f665ae62e743d0d9ed572414c8d2a8c2a52c273349d57730cc0b7da7a5ed7a476d8fdb73f5073eefdb7e76700295eb5875d0356c16041"], 0xa) close(r2) socket(0x10, 0x3, 0x0) writev(r1, &(0x7f0000000600)=[{&(0x7f0000000380)="f98ac693ce6908", 0x7}], 0x1) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0xfef0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) splice(r0, 0x0, 0xffffffffffffffff, 0x0, 0x80000001, 0x0) 10:20:44 executing program 3: [ 428.897820][ T0] NOHZ: local_softirq_pending 08 10:20:45 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) sched_setattr(0x0, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000200)='/dev/snapshot\x00', 0x288000, 0x0) syz_open_dev$audion(&(0x7f0000000240)='/dev/audio#\x00', 0x9, 0x200840) dup(r1) ioctl$RTC_VL_READ(r1, 0x80047013, &(0x7f00000000c0)) exit(0x7) write$binfmt_script(0xffffffffffffffff, &(0x7f00000003c0)={'#! ', './file0', [{0x20, '/dev/kvm\x00'}, {}, {}, {0x20, 'proc'}], 0xa, "df7c00e09c916729334fbe57a726284a85ae23e7eb165a0922b020a14afa53fc919ed5b5820a609af38acfc21c2cacee2f808e60eafcd3ec51fdb7f62ca135bbf86f9c1bbf9c23db4038c329b0e8d63563439cf1b94606299a6c503abe926decd68a7e671c7dfcc4125e9888fbc8ce452b52"}, 0x8e) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) r2 = syz_open_dev$amidi(&(0x7f0000000280)='/dev/amidi#\x00', 0xaf, 0x428240) ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(r2, 0xc080661a, &(0x7f00000002c0)={{0x2, 0x0, @identifier="8cff7fc81ac6de7927c1c322084eaabd"}}) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) r3 = syz_open_procfs(0x0, &(0x7f0000000180)='net/softnet_stat\x00') close(r3) ioctl$BINDER_GET_NODE_INFO_FOR_REF(0xffffffffffffffff, 0xc018620c, &(0x7f0000000180)={0x2}) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) dup(r4) open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, &(0x7f0000000100)={{0x7f, 0x3, 0x7, 0xa59e}, 'syz0\x00', 0x37}) 10:20:45 executing program 5: 10:20:45 executing program 4: 10:20:45 executing program 2: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0)='NLBL_CIPSOv4\x00') socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000300)) sendmsg$NLBL_CIPSOV4_C_REMOVE(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000240), 0xc, 0x0, 0x1, 0x0, 0x0, 0x40004}, 0x0) sendmsg$NLBL_CIPSOV4_C_LIST(0xffffffffffffffff, &(0x7f00000006c0)={&(0x7f0000000340), 0xc, 0x0}, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$DRM_IOCTL_WAIT_VBLANK(0xffffffffffffffff, 0xc018643a, &(0x7f0000000440)={0x0, 0x7, 0x36}) setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000480)={0x0, @rand_addr, @local}, 0xc) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000001940)='/dev/qat_adf_ctl\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYRES16=0x0], 0x1}}, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$KVM_NMI(r4, 0xae9a) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r4, 0xae80, 0x0) 10:20:45 executing program 3: 10:20:45 executing program 0: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=@ipv4_newroute={0x1c, 0x18, 0x331, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff, 0x2}}, 0x1c}}, 0x0) writev(r1, &(0x7f0000000200)=[{&(0x7f00000000c0)="580000001400ad", 0x7}], 0x1) write$binfmt_elf64(r1, &(0x7f00000003c0)=ANY=[@ANYBLOB="edbf259659a927b189017950e3bc25e604851088077877f8f376519576f04f73e3d394a55ec727ff9847524ca3d7b4af1a6e4a80c4807c54283808838692df5950052ddbfb76642184e7529d543580d7fa4e29f837adcba637654384a6216ef0922dc9f2caf2f36534e331f3ee4444533fa8b127d7d299d1507bcbd2d1c9e2ec468e7c8c5602c5a4a41867e9db8bc01b1d20b12be472f2f78b417cc72628c16cd11cebe63d12f702a739e3ff0839bb2c683cf3b052e706ac939dc8ad8682ce33398cdfaace9d346d6b4bde38400285fdecf49496a65928537f2ffe986690243df5dc326c36504ad61ce40d5867ce789e35d8d61a4c51a6abe01d481c46ea0cb80f95657c9c6179c9e43e088e38e57dae59bbb4a15441f9924340ae45042d715946d691f025228827a2432c72bf6484d466b1452a157718a6cd2323d33de4d5c4d0e34c7baacc951f665ae62e743d0d9ed572414c8d2a8c2a52c273349d57730cc0b7da7a5ed7a476d8fdb73f5073eefdb7e76700295eb5875d0356c16041"], 0xa) close(r2) socket(0x10, 0x3, 0x0) writev(r1, &(0x7f0000000600)=[{&(0x7f0000000380)="f98ac693ce6908", 0x7}], 0x1) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0xfef0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) splice(r0, 0x0, 0xffffffffffffffff, 0x0, 0x80000001, 0x0) 10:20:45 executing program 4: 10:20:45 executing program 3: 10:20:45 executing program 5: 10:20:45 executing program 0: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=@ipv4_newroute={0x1c, 0x18, 0x331, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff, 0x2}}, 0x1c}}, 0x0) writev(r1, &(0x7f0000000200)=[{&(0x7f00000000c0)="580000001400ad", 0x7}], 0x1) write$binfmt_elf64(r1, &(0x7f00000003c0)=ANY=[@ANYBLOB="edbf259659a927b189017950e3bc25e604851088077877f8f376519576f04f73e3d394a55ec727ff9847524ca3d7b4af1a6e4a80c4807c54283808838692df5950052ddbfb76642184e7529d543580d7fa4e29f837adcba637654384a6216ef0922dc9f2caf2f36534e331f3ee4444533fa8b127d7d299d1507bcbd2d1c9e2ec468e7c8c5602c5a4a41867e9db8bc01b1d20b12be472f2f78b417cc72628c16cd11cebe63d12f702a739e3ff0839bb2c683cf3b052e706ac939dc8ad8682ce33398cdfaace9d346d6b4bde38400285fdecf49496a65928537f2ffe986690243df5dc326c36504ad61ce40d5867ce789e35d8d61a4c51a6abe01d481c46ea0cb80f95657c9c6179c9e43e088e38e57dae59bbb4a15441f9924340ae45042d715946d691f025228827a2432c72bf6484d466b1452a157718a6cd2323d33de4d5c4d0e34c7baacc951f665ae62e743d0d9ed572414c8d2a8c2a52c273349d57730cc0b7da7a5ed7a476d8fdb73f5073eefdb7e76700295eb5875d0356c16041"], 0xa) close(r2) socket(0x10, 0x3, 0x0) writev(r1, &(0x7f0000000600)=[{&(0x7f0000000380)="f98ac693ce6908", 0x7}], 0x1) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0xfef0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) splice(r0, 0x0, r2, 0x0, 0x0, 0x0) 10:20:46 executing program 2: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0)='NLBL_CIPSOv4\x00') socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000300)) sendmsg$NLBL_CIPSOV4_C_REMOVE(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000240), 0xc, 0x0, 0x1, 0x0, 0x0, 0x40004}, 0x0) sendmsg$NLBL_CIPSOV4_C_LIST(0xffffffffffffffff, &(0x7f00000006c0)={&(0x7f0000000340), 0xc, 0x0}, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$DRM_IOCTL_WAIT_VBLANK(0xffffffffffffffff, 0xc018643a, &(0x7f0000000440)={0x0, 0x7, 0x36}) setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000480)={0x0, @rand_addr, @local}, 0xc) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000001940)='/dev/qat_adf_ctl\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYRES16=0x0], 0x1}}, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$KVM_NMI(r4, 0xae9a) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r4, 0xae80, 0x0) 10:20:46 executing program 4: [ 430.373742][T11590] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 430.384146][T11590] CPU: 0 PID: 11590 Comm: syz-executor.1 Not tainted 5.5.0-rc1-syzkaller #0 [ 430.392923][T11590] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 430.403072][T11590] Call Trace: [ 430.406354][T11590] dump_stack+0x11d/0x181 [ 430.410726][T11590] dump_header+0xaa/0x39c [ 430.415084][T11590] oom_kill_process.cold+0x10/0x15 [ 430.420311][T11590] out_of_memory+0x231/0xa60 [ 430.425036][T11590] ? __rcu_read_unlock+0x66/0x3d0 [ 430.430085][T11590] mem_cgroup_out_of_memory+0x128/0x150 [ 430.435880][T11590] try_charge+0xb6c/0xbf0 [ 430.440208][T11590] ? rcu_note_context_switch+0x720/0x760 [ 430.445839][T11590] mem_cgroup_try_charge+0xd2/0x260 [ 430.451166][T11590] mem_cgroup_try_charge_delay+0x3a/0x80 [ 430.456791][T11590] __handle_mm_fault+0x197f/0x2e00 [ 430.462047][T11590] handle_mm_fault+0x21b/0x530 [ 430.466852][T11590] __get_user_pages+0x485/0x1130 [ 430.471868][T11590] populate_vma_page_range+0xe6/0x100 [ 430.477248][T11590] __mm_populate+0x168/0x2a0 [ 430.481916][T11590] __x64_sys_mlockall+0x2e3/0x320 [ 430.486957][T11590] do_syscall_64+0xcc/0x3a0 [ 430.491457][T11590] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 430.497448][T11590] RIP: 0033:0x45b349 [ 430.501388][T11590] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 430.521028][T11590] RSP: 002b:00007f8c5b458c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 430.529435][T11590] RAX: ffffffffffffffda RBX: 00007f8c5b4596d4 RCX: 000000000045b349 [ 430.537450][T11590] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 430.545426][T11590] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 430.553535][T11590] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 430.561509][T11590] R13: 0000000000000711 R14: 00000000004c8888 R15: 000000000075bfd4 [ 430.570626][T11590] memory: usage 307200kB, limit 307200kB, failcnt 3753 [ 430.577737][T11590] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 430.584781][T11590] Memory cgroup stats for /syz1: [ 430.585690][T11590] anon 306733056 [ 430.585690][T11590] file 0 [ 430.585690][T11590] kernel_stack 331776 [ 430.585690][T11590] slab 3649536 [ 430.585690][T11590] sock 0 [ 430.585690][T11590] shmem 0 [ 430.585690][T11590] file_mapped 0 [ 430.585690][T11590] file_dirty 0 [ 430.585690][T11590] file_writeback 0 [ 430.585690][T11590] anon_thp 253755392 [ 430.585690][T11590] inactive_anon 193671168 [ 430.585690][T11590] active_anon 6750208 [ 430.585690][T11590] inactive_file 0 [ 430.585690][T11590] active_file 0 [ 430.585690][T11590] unevictable 106586112 [ 430.585690][T11590] slab_reclaimable 675840 [ 430.585690][T11590] slab_unreclaimable 2973696 [ 430.585690][T11590] pgfault 132429 [ 430.585690][T11590] pgmajfault 0 [ 430.585690][T11590] workingset_refault 0 [ 430.585690][T11590] workingset_activate 0 [ 430.585690][T11590] workingset_nodereclaim 0 [ 430.585690][T11590] pgrefill 232 [ 430.585690][T11590] pgscan 264 [ 430.585690][T11590] pgsteal 33 [ 430.680347][T11590] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=11581,uid=0 [ 430.696191][T11590] Memory cgroup out of memory: Killed process 11581 (syz-executor.1) total-vm:72716kB, anon-rss:18180kB, file-rss:54356kB, shmem-rss:0kB, UID:0 pgtables:192512kB oom_score_adj:1000 [ 430.716523][ T1066] oom_reaper: reaped process 11581 (syz-executor.1), now anon-rss:18188kB, file-rss:54364kB, shmem-rss:0kB 10:20:47 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000200)='/dev/snapshot\x00', 0x288000, 0x0) syz_open_dev$audion(&(0x7f0000000240)='/dev/audio#\x00', 0x9, 0x200840) dup(r1) ioctl$RTC_VL_READ(r1, 0x80047013, &(0x7f00000000c0)) exit(0x7) write$binfmt_script(0xffffffffffffffff, &(0x7f00000003c0)={'#! ', './file0', [{0x20, '/dev/kvm\x00'}, {}, {}, {0x20, 'proc'}], 0xa, "df7c00e09c916729334fbe57a726284a85ae23e7eb165a0922b020a14afa53fc919ed5b5820a609af38acfc21c2cacee2f808e60eafcd3ec51fdb7f62ca135bbf86f9c1bbf9c23db4038c329b0e8d63563439cf1b94606299a6c503abe926decd68a7e671c7dfcc4125e9888fbc8ce452b52"}, 0x8e) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) r2 = syz_open_dev$amidi(&(0x7f0000000280)='/dev/amidi#\x00', 0xaf, 0x428240) ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(r2, 0xc080661a, &(0x7f00000002c0)={{0x2, 0x0, @identifier="8cff7fc81ac6de7927c1c322084eaabd"}}) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) r3 = syz_open_procfs(0x0, &(0x7f0000000180)='net/softnet_stat\x00') close(r3) ioctl$BINDER_GET_NODE_INFO_FOR_REF(0xffffffffffffffff, 0xc018620c, &(0x7f0000000180)={0x2}) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) dup(r4) open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, &(0x7f0000000100)={{0x7f, 0x3, 0x7, 0xa59e}, 'syz0\x00', 0x37}) 10:20:47 executing program 3: 10:20:47 executing program 5: 10:20:47 executing program 0: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=@ipv4_newroute={0x1c, 0x18, 0x331, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff, 0x2}}, 0x1c}}, 0x0) writev(r1, &(0x7f0000000200)=[{&(0x7f00000000c0)="580000001400ad", 0x7}], 0x1) write$binfmt_elf64(r1, &(0x7f00000003c0)=ANY=[@ANYBLOB="edbf259659a927b189017950e3bc25e604851088077877f8f376519576f04f73e3d394a55ec727ff9847524ca3d7b4af1a6e4a80c4807c54283808838692df5950052ddbfb76642184e7529d543580d7fa4e29f837adcba637654384a6216ef0922dc9f2caf2f36534e331f3ee4444533fa8b127d7d299d1507bcbd2d1c9e2ec468e7c8c5602c5a4a41867e9db8bc01b1d20b12be472f2f78b417cc72628c16cd11cebe63d12f702a739e3ff0839bb2c683cf3b052e706ac939dc8ad8682ce33398cdfaace9d346d6b4bde38400285fdecf49496a65928537f2ffe986690243df5dc326c36504ad61ce40d5867ce789e35d8d61a4c51a6abe01d481c46ea0cb80f95657c9c6179c9e43e088e38e57dae59bbb4a15441f9924340ae45042d715946d691f025228827a2432c72bf6484d466b1452a157718a6cd2323d33de4d5c4d0e34c7baacc951f665ae62e743d0d9ed572414c8d2a8c2a52c273349d57730cc0b7da7a5ed7a476d8fdb73f5073eefdb7e76700295eb5875d0356c16041"], 0xa) close(r2) socket(0x10, 0x3, 0x0) writev(r1, &(0x7f0000000600)=[{&(0x7f0000000380)="f98ac693ce6908", 0x7}], 0x1) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0xfef0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) splice(r0, 0x0, r2, 0x0, 0x0, 0x0) 10:20:47 executing program 4: 10:20:47 executing program 2: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0)='NLBL_CIPSOv4\x00') socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000300)) sendmsg$NLBL_CIPSOV4_C_REMOVE(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000240), 0xc, 0x0, 0x1, 0x0, 0x0, 0x40004}, 0x0) sendmsg$NLBL_CIPSOV4_C_LIST(0xffffffffffffffff, &(0x7f00000006c0)={&(0x7f0000000340), 0xc, 0x0}, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$DRM_IOCTL_WAIT_VBLANK(0xffffffffffffffff, 0xc018643a, &(0x7f0000000440)={0x0, 0x7, 0x36}) setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000480)={0x0, @rand_addr, @local}, 0xc) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000001940)='/dev/qat_adf_ctl\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYRES16=0x0], 0x1}}, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$KVM_NMI(r4, 0xae9a) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r4, 0xae80, 0x0) 10:20:47 executing program 5: 10:20:47 executing program 4: 10:20:47 executing program 3: 10:20:47 executing program 0: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=@ipv4_newroute={0x1c, 0x18, 0x331, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff, 0x2}}, 0x1c}}, 0x0) writev(r1, &(0x7f0000000200)=[{&(0x7f00000000c0)="580000001400ad", 0x7}], 0x1) write$binfmt_elf64(r1, &(0x7f00000003c0)=ANY=[@ANYBLOB="edbf259659a927b189017950e3bc25e604851088077877f8f376519576f04f73e3d394a55ec727ff9847524ca3d7b4af1a6e4a80c4807c54283808838692df5950052ddbfb76642184e7529d543580d7fa4e29f837adcba637654384a6216ef0922dc9f2caf2f36534e331f3ee4444533fa8b127d7d299d1507bcbd2d1c9e2ec468e7c8c5602c5a4a41867e9db8bc01b1d20b12be472f2f78b417cc72628c16cd11cebe63d12f702a739e3ff0839bb2c683cf3b052e706ac939dc8ad8682ce33398cdfaace9d346d6b4bde38400285fdecf49496a65928537f2ffe986690243df5dc326c36504ad61ce40d5867ce789e35d8d61a4c51a6abe01d481c46ea0cb80f95657c9c6179c9e43e088e38e57dae59bbb4a15441f9924340ae45042d715946d691f025228827a2432c72bf6484d466b1452a157718a6cd2323d33de4d5c4d0e34c7baacc951f665ae62e743d0d9ed572414c8d2a8c2a52c273349d57730cc0b7da7a5ed7a476d8fdb73f5073eefdb7e76700295eb5875d0356c16041"], 0xa) close(r2) socket(0x10, 0x3, 0x0) writev(r1, &(0x7f0000000600)=[{&(0x7f0000000380)="f98ac693ce6908", 0x7}], 0x1) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0xfef0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) splice(r0, 0x0, r2, 0x0, 0x0, 0x0) 10:20:47 executing program 5: 10:20:47 executing program 4: [ 431.469116][T11621] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 431.492479][T11621] CPU: 0 PID: 11621 Comm: syz-executor.1 Not tainted 5.5.0-rc1-syzkaller #0 [ 431.501213][T11621] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 431.511273][T11621] Call Trace: [ 431.514578][T11621] dump_stack+0x11d/0x181 [ 431.519000][T11621] dump_header+0xaa/0x39c [ 431.523351][T11621] oom_kill_process.cold+0x10/0x15 [ 431.528605][T11621] out_of_memory+0x231/0xa60 [ 431.533207][T11621] ? __rcu_read_unlock+0x66/0x3d0 [ 431.538301][T11621] mem_cgroup_out_of_memory+0x128/0x150 [ 431.543875][T11621] try_charge+0xb6c/0xbf0 [ 431.548412][T11621] ? rcu_note_context_switch+0x720/0x760 [ 431.554055][T11621] mem_cgroup_try_charge+0xd2/0x260 [ 431.559297][T11621] mem_cgroup_try_charge_delay+0x3a/0x80 [ 431.564930][T11621] __handle_mm_fault+0x197f/0x2e00 [ 431.570043][T11621] handle_mm_fault+0x21b/0x530 [ 431.574803][T11621] __get_user_pages+0x485/0x1130 [ 431.579798][T11621] populate_vma_page_range+0xe6/0x100 [ 431.585279][T11621] __mm_populate+0x168/0x2a0 [ 431.589934][T11621] __x64_sys_mlockall+0x2e3/0x320 [ 431.594949][T11621] do_syscall_64+0xcc/0x3a0 [ 431.599456][T11621] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 431.605351][T11621] RIP: 0033:0x45b349 [ 431.609233][T11621] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 431.628858][T11621] RSP: 002b:00007f8c5b458c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 431.637298][T11621] RAX: ffffffffffffffda RBX: 00007f8c5b4596d4 RCX: 000000000045b349 [ 431.645268][T11621] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 431.653345][T11621] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 431.661318][T11621] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 431.669458][T11621] R13: 0000000000000711 R14: 00000000004c8888 R15: 000000000075bfd4 [ 431.678718][T11621] memory: usage 307200kB, limit 307200kB, failcnt 3771 [ 431.685855][T11621] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 431.692823][T11621] Memory cgroup stats for /syz1: [ 431.693076][T11621] anon 306528256 [ 431.693076][T11621] file 0 [ 431.693076][T11621] kernel_stack 331776 [ 431.693076][T11621] slab 3649536 [ 431.693076][T11621] sock 0 [ 431.693076][T11621] shmem 0 [ 431.693076][T11621] file_mapped 0 [ 431.693076][T11621] file_dirty 0 [ 431.693076][T11621] file_writeback 0 [ 431.693076][T11621] anon_thp 253755392 [ 431.693076][T11621] inactive_anon 193646592 [ 431.693076][T11621] active_anon 6733824 [ 431.693076][T11621] inactive_file 0 [ 431.693076][T11621] active_file 0 [ 431.693076][T11621] unevictable 106483712 [ 431.693076][T11621] slab_reclaimable 675840 [ 431.693076][T11621] slab_unreclaimable 2973696 [ 431.693076][T11621] pgfault 133188 [ 431.693076][T11621] pgmajfault 0 [ 431.693076][T11621] workingset_refault 0 [ 431.693076][T11621] workingset_activate 0 [ 431.693076][T11621] workingset_nodereclaim 0 [ 431.693076][T11621] pgrefill 265 [ 431.693076][T11621] pgscan 264 [ 431.693076][T11621] pgsteal 33 [ 431.787108][T11621] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=11614,uid=0 [ 431.802789][T11621] Memory cgroup out of memory: Killed process 11614 (syz-executor.1) total-vm:72716kB, anon-rss:17912kB, file-rss:52944kB, shmem-rss:0kB, UID:0 pgtables:192512kB oom_score_adj:1000 [ 431.821085][ T1066] oom_reaper: reaped process 11614 (syz-executor.1), now anon-rss:17964kB, file-rss:53852kB, shmem-rss:0kB 10:20:48 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000200)='/dev/snapshot\x00', 0x288000, 0x0) syz_open_dev$audion(&(0x7f0000000240)='/dev/audio#\x00', 0x9, 0x200840) dup(r1) ioctl$RTC_VL_READ(r1, 0x80047013, &(0x7f00000000c0)) exit(0x7) write$binfmt_script(0xffffffffffffffff, &(0x7f00000003c0)={'#! ', './file0', [{0x20, '/dev/kvm\x00'}, {}, {}, {0x20, 'proc'}], 0xa, "df7c00e09c916729334fbe57a726284a85ae23e7eb165a0922b020a14afa53fc919ed5b5820a609af38acfc21c2cacee2f808e60eafcd3ec51fdb7f62ca135bbf86f9c1bbf9c23db4038c329b0e8d63563439cf1b94606299a6c503abe926decd68a7e671c7dfcc4125e9888fbc8ce452b52"}, 0x8e) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) r2 = syz_open_dev$amidi(&(0x7f0000000280)='/dev/amidi#\x00', 0xaf, 0x428240) ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(r2, 0xc080661a, &(0x7f00000002c0)={{0x2, 0x0, @identifier="8cff7fc81ac6de7927c1c322084eaabd"}}) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) r3 = syz_open_procfs(0x0, &(0x7f0000000180)='net/softnet_stat\x00') close(r3) ioctl$BINDER_GET_NODE_INFO_FOR_REF(0xffffffffffffffff, 0xc018620c, &(0x7f0000000180)={0x2}) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) dup(r4) open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, &(0x7f0000000100)={{0x7f, 0x3, 0x7, 0xa59e}, 'syz0\x00', 0x37}) 10:20:48 executing program 2: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0)='NLBL_CIPSOv4\x00') socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000300)) sendmsg$NLBL_CIPSOV4_C_REMOVE(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000240), 0xc, 0x0, 0x1, 0x0, 0x0, 0x40004}, 0x0) sendmsg$NLBL_CIPSOV4_C_LIST(0xffffffffffffffff, &(0x7f00000006c0)={&(0x7f0000000340), 0xc, 0x0}, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$DRM_IOCTL_WAIT_VBLANK(0xffffffffffffffff, 0xc018643a, &(0x7f0000000440)={0x0, 0x7, 0x36}) setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000480)={0x0, @rand_addr, @local}, 0xc) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000001940)='/dev/qat_adf_ctl\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYRES16=0x0], 0x1}}, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$KVM_NMI(r4, 0xae9a) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r4, 0xae80, 0x0) 10:20:48 executing program 3: 10:20:48 executing program 0: 10:20:48 executing program 5: 10:20:48 executing program 4: 10:20:48 executing program 0: 10:20:48 executing program 3: 10:20:48 executing program 5: 10:20:48 executing program 4: 10:20:48 executing program 0: 10:20:48 executing program 2: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0)='NLBL_CIPSOv4\x00') socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000300)) sendmsg$NLBL_CIPSOV4_C_REMOVE(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000240), 0xc, 0x0, 0x1, 0x0, 0x0, 0x40004}, 0x0) sendmsg$NLBL_CIPSOV4_C_LIST(0xffffffffffffffff, &(0x7f00000006c0)={&(0x7f0000000340), 0xc, 0x0}, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$DRM_IOCTL_WAIT_VBLANK(0xffffffffffffffff, 0xc018643a, &(0x7f0000000440)={0x0, 0x7, 0x36}) setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000480)={0x0, @rand_addr, @local}, 0xc) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x0, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000001940)='/dev/qat_adf_ctl\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYRES16=0x0], 0x1}}, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$KVM_NMI(r4, 0xae9a) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r4, 0xae80, 0x0) [ 432.582557][T11650] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 432.611349][T11650] CPU: 1 PID: 11650 Comm: syz-executor.1 Not tainted 5.5.0-rc1-syzkaller #0 [ 432.620062][T11650] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 432.630453][T11650] Call Trace: [ 432.633752][T11650] dump_stack+0x11d/0x181 [ 432.638171][T11650] dump_header+0xaa/0x39c [ 432.642519][T11650] oom_kill_process.cold+0x10/0x15 [ 432.647694][T11650] out_of_memory+0x231/0xa60 [ 432.652541][T11650] ? __rcu_read_unlock+0x66/0x3d0 [ 432.657637][T11650] mem_cgroup_out_of_memory+0x128/0x150 [ 432.663245][T11650] try_charge+0xb6c/0xbf0 [ 432.667590][T11650] ? rcu_note_context_switch+0x720/0x760 [ 432.673237][T11650] mem_cgroup_try_charge+0xd2/0x260 [ 432.678460][T11650] mem_cgroup_try_charge_delay+0x3a/0x80 [ 432.684084][T11650] __handle_mm_fault+0x197f/0x2e00 [ 432.689199][T11650] handle_mm_fault+0x21b/0x530 [ 432.693951][T11650] __get_user_pages+0x485/0x1130 [ 432.699108][T11650] populate_vma_page_range+0xe6/0x100 [ 432.704486][T11650] __mm_populate+0x168/0x2a0 [ 432.709076][T11650] __x64_sys_mlockall+0x2e3/0x320 [ 432.714128][T11650] do_syscall_64+0xcc/0x3a0 [ 432.718639][T11650] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 432.724527][T11650] RIP: 0033:0x45b349 [ 432.728421][T11650] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 432.748030][T11650] RSP: 002b:00007f8c5b479c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 432.756571][T11650] RAX: ffffffffffffffda RBX: 00007f8c5b47a6d4 RCX: 000000000045b349 [ 432.764532][T11650] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 432.772498][T11650] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 432.780759][T11650] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 432.788851][T11650] R13: 0000000000000711 R14: 00000000004c8888 R15: 000000000075bf2c [ 432.804499][T11650] memory: usage 307200kB, limit 307200kB, failcnt 3816 [ 432.811647][T11650] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 432.824275][T11650] Memory cgroup stats for /syz1: [ 432.824660][T11650] anon 306610176 [ 432.824660][T11650] file 0 [ 432.824660][T11650] kernel_stack 331776 [ 432.824660][T11650] slab 3649536 [ 432.824660][T11650] sock 0 [ 432.824660][T11650] shmem 0 [ 432.824660][T11650] file_mapped 0 [ 432.824660][T11650] file_dirty 0 [ 432.824660][T11650] file_writeback 0 [ 432.824660][T11650] anon_thp 253755392 [ 432.824660][T11650] inactive_anon 193519616 [ 432.824660][T11650] active_anon 6762496 [ 432.824660][T11650] inactive_file 0 [ 432.824660][T11650] active_file 0 [ 432.824660][T11650] unevictable 106455040 [ 432.824660][T11650] slab_reclaimable 675840 [ 432.824660][T11650] slab_unreclaimable 2973696 [ 432.824660][T11650] pgfault 133947 [ 432.824660][T11650] pgmajfault 0 [ 432.824660][T11650] workingset_refault 0 [ 432.824660][T11650] workingset_activate 0 [ 432.824660][T11650] workingset_nodereclaim 0 [ 432.824660][T11650] pgrefill 265 [ 432.824660][T11650] pgscan 264 [ 432.824660][T11650] pgsteal 33 [ 432.918939][T11650] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=11648,uid=0 [ 432.934796][T11650] Memory cgroup out of memory: Killed process 11648 (syz-executor.1) total-vm:72584kB, anon-rss:17912kB, file-rss:52880kB, shmem-rss:0kB, UID:0 pgtables:192512kB oom_score_adj:1000 [ 432.953100][ T1066] oom_reaper: reaped process 11648 (syz-executor.1), now anon-rss:17956kB, file-rss:53788kB, shmem-rss:0kB 10:20:49 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000200)='/dev/snapshot\x00', 0x288000, 0x0) syz_open_dev$audion(&(0x7f0000000240)='/dev/audio#\x00', 0x9, 0x200840) dup(r1) ioctl$RTC_VL_READ(r1, 0x80047013, &(0x7f00000000c0)) exit(0x7) write$binfmt_script(0xffffffffffffffff, &(0x7f00000003c0)={'#! ', './file0', [{0x20, '/dev/kvm\x00'}, {}, {}, {0x20, 'proc'}], 0xa, "df7c00e09c916729334fbe57a726284a85ae23e7eb165a0922b020a14afa53fc919ed5b5820a609af38acfc21c2cacee2f808e60eafcd3ec51fdb7f62ca135bbf86f9c1bbf9c23db4038c329b0e8d63563439cf1b94606299a6c503abe926decd68a7e671c7dfcc4125e9888fbc8ce452b52"}, 0x8e) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) r2 = syz_open_dev$amidi(&(0x7f0000000280)='/dev/amidi#\x00', 0xaf, 0x428240) ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(r2, 0xc080661a, &(0x7f00000002c0)={{0x2, 0x0, @identifier="8cff7fc81ac6de7927c1c322084eaabd"}}) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) r3 = syz_open_procfs(0x0, &(0x7f0000000180)='net/softnet_stat\x00') close(r3) ioctl$BINDER_GET_NODE_INFO_FOR_REF(0xffffffffffffffff, 0xc018620c, &(0x7f0000000180)={0x2}) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) dup(r4) open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, &(0x7f0000000100)={{0x7f, 0x3, 0x7, 0xa59e}, 'syz0\x00', 0x37}) 10:20:49 executing program 3: 10:20:49 executing program 5: 10:20:49 executing program 4: 10:20:49 executing program 0: 10:20:49 executing program 2: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0)='NLBL_CIPSOv4\x00') socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000300)) sendmsg$NLBL_CIPSOV4_C_REMOVE(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000240), 0xc, 0x0, 0x1, 0x0, 0x0, 0x40004}, 0x0) sendmsg$NLBL_CIPSOV4_C_LIST(0xffffffffffffffff, &(0x7f00000006c0)={&(0x7f0000000340), 0xc, 0x0}, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$DRM_IOCTL_WAIT_VBLANK(0xffffffffffffffff, 0xc018643a, &(0x7f0000000440)={0x0, 0x7, 0x36}) setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000480)={0x0, @rand_addr, @local}, 0xc) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x0, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000001940)='/dev/qat_adf_ctl\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYRES16=0x0], 0x1}}, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$KVM_NMI(r4, 0xae9a) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r4, 0xae80, 0x0) 10:20:49 executing program 3: 10:20:49 executing program 5: 10:20:49 executing program 0: 10:20:49 executing program 4: 10:20:49 executing program 2: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0)='NLBL_CIPSOv4\x00') socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000300)) sendmsg$NLBL_CIPSOV4_C_REMOVE(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000240), 0xc, 0x0, 0x1, 0x0, 0x0, 0x40004}, 0x0) sendmsg$NLBL_CIPSOV4_C_LIST(0xffffffffffffffff, &(0x7f00000006c0)={&(0x7f0000000340), 0xc, 0x0}, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$DRM_IOCTL_WAIT_VBLANK(0xffffffffffffffff, 0xc018643a, &(0x7f0000000440)={0x0, 0x7, 0x36}) setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000480)={0x0, @rand_addr, @local}, 0xc) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x0, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000001940)='/dev/qat_adf_ctl\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYRES16=0x0], 0x1}}, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$KVM_NMI(r4, 0xae9a) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r4, 0xae80, 0x0) 10:20:49 executing program 3: [ 433.746195][T11681] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 433.775571][T11681] CPU: 1 PID: 11681 Comm: syz-executor.1 Not tainted 5.5.0-rc1-syzkaller #0 [ 433.784318][T11681] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 433.794540][T11681] Call Trace: [ 433.797842][T11681] dump_stack+0x11d/0x181 [ 433.802210][T11681] dump_header+0xaa/0x39c [ 433.806710][T11681] oom_kill_process.cold+0x10/0x15 [ 433.811892][T11681] out_of_memory+0x231/0xa60 [ 433.816471][T11681] ? __rcu_read_unlock+0x66/0x3d0 [ 433.821496][T11681] mem_cgroup_out_of_memory+0x128/0x150 [ 433.827057][T11681] try_charge+0xb6c/0xbf0 [ 433.831438][T11681] ? rcu_note_context_switch+0x720/0x760 [ 433.837247][T11681] mem_cgroup_try_charge+0xd2/0x260 [ 433.842455][T11681] mem_cgroup_try_charge_delay+0x3a/0x80 [ 433.848136][T11681] __handle_mm_fault+0x197f/0x2e00 [ 433.853280][T11681] handle_mm_fault+0x21b/0x530 [ 433.858054][T11681] __get_user_pages+0x485/0x1130 [ 433.863025][T11681] populate_vma_page_range+0xe6/0x100 [ 433.868410][T11681] __mm_populate+0x168/0x2a0 [ 433.873006][T11681] __x64_sys_mlockall+0x2e3/0x320 [ 433.878148][T11681] do_syscall_64+0xcc/0x3a0 [ 433.882662][T11681] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 433.888546][T11681] RIP: 0033:0x45b349 [ 433.892494][T11681] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 433.912196][T11681] RSP: 002b:00007f8c5b479c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 433.920722][T11681] RAX: ffffffffffffffda RBX: 00007f8c5b47a6d4 RCX: 000000000045b349 [ 433.928737][T11681] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 433.936700][T11681] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 433.944802][T11681] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 433.952958][T11681] R13: 0000000000000711 R14: 00000000004c8888 R15: 000000000075bf2c [ 433.962534][T11681] memory: usage 307200kB, limit 307200kB, failcnt 3856 [ 433.971458][T11681] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 433.978358][T11681] Memory cgroup stats for /syz1: [ 433.978507][T11681] anon 306610176 [ 433.978507][T11681] file 0 [ 433.978507][T11681] kernel_stack 331776 [ 433.978507][T11681] slab 3649536 [ 433.978507][T11681] sock 0 [ 433.978507][T11681] shmem 0 [ 433.978507][T11681] file_mapped 0 [ 433.978507][T11681] file_dirty 0 [ 433.978507][T11681] file_writeback 0 [ 433.978507][T11681] anon_thp 253755392 [ 433.978507][T11681] inactive_anon 193515520 [ 433.978507][T11681] active_anon 6762496 [ 433.978507][T11681] inactive_file 0 [ 433.978507][T11681] active_file 0 [ 433.978507][T11681] unevictable 106455040 [ 433.978507][T11681] slab_reclaimable 675840 [ 433.978507][T11681] slab_unreclaimable 2973696 [ 433.978507][T11681] pgfault 134706 [ 433.978507][T11681] pgmajfault 0 [ 433.978507][T11681] workingset_refault 0 [ 433.978507][T11681] workingset_activate 0 [ 433.978507][T11681] workingset_nodereclaim 0 [ 433.978507][T11681] pgrefill 265 [ 433.978507][T11681] pgscan 264 [ 433.978507][T11681] pgsteal 33 [ 434.073967][T11681] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=11680,uid=0 [ 434.089619][T11681] Memory cgroup out of memory: Killed process 11680 (syz-executor.1) total-vm:72584kB, anon-rss:17912kB, file-rss:52880kB, shmem-rss:0kB, UID:0 pgtables:192512kB oom_score_adj:1000 [ 434.108283][ T1066] oom_reaper: reaped process 11680 (syz-executor.1), now anon-rss:17956kB, file-rss:53788kB, shmem-rss:0kB 10:20:50 executing program 1: openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) sched_setattr(0x0, 0x0, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000200)='/dev/snapshot\x00', 0x288000, 0x0) syz_open_dev$audion(&(0x7f0000000240)='/dev/audio#\x00', 0x9, 0x200840) dup(r0) ioctl$RTC_VL_READ(r0, 0x80047013, &(0x7f00000000c0)) exit(0x7) write$binfmt_script(0xffffffffffffffff, &(0x7f00000003c0)={'#! ', './file0', [{0x20, '/dev/kvm\x00'}, {}, {}, {0x20, 'proc'}], 0xa, "df7c00e09c916729334fbe57a726284a85ae23e7eb165a0922b020a14afa53fc919ed5b5820a609af38acfc21c2cacee2f808e60eafcd3ec51fdb7f62ca135bbf86f9c1bbf9c23db4038c329b0e8d63563439cf1b94606299a6c503abe926decd68a7e671c7dfcc4125e9888fbc8ce452b52"}, 0x8e) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) r1 = syz_open_dev$amidi(&(0x7f0000000280)='/dev/amidi#\x00', 0xaf, 0x428240) ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(r1, 0xc080661a, &(0x7f00000002c0)={{0x2, 0x0, @identifier="8cff7fc81ac6de7927c1c322084eaabd"}}) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) r2 = syz_open_procfs(0x0, &(0x7f0000000180)='net/softnet_stat\x00') close(r2) ioctl$BINDER_GET_NODE_INFO_FOR_REF(0xffffffffffffffff, 0xc018620c, &(0x7f0000000180)={0x2}) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) dup(r3) open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, &(0x7f0000000100)={{0x7f, 0x3, 0x7, 0xa59e}, 'syz0\x00', 0x37}) 10:20:50 executing program 4: 10:20:50 executing program 0: 10:20:50 executing program 5: 10:20:50 executing program 3: 10:20:50 executing program 2: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0)='NLBL_CIPSOv4\x00') socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000300)) sendmsg$NLBL_CIPSOV4_C_REMOVE(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000240), 0xc, 0x0, 0x1, 0x0, 0x0, 0x40004}, 0x0) sendmsg$NLBL_CIPSOV4_C_LIST(0xffffffffffffffff, &(0x7f00000006c0)={&(0x7f0000000340), 0xc, 0x0}, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$DRM_IOCTL_WAIT_VBLANK(0xffffffffffffffff, 0xc018643a, &(0x7f0000000440)={0x0, 0x7, 0x36}) setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000480)={0x0, @rand_addr, @local}, 0xc) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x0, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000001940)='/dev/qat_adf_ctl\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYRES16=0x0], 0x1}}, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$KVM_NMI(r4, 0xae9a) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r4, 0xae80, 0x0) 10:20:50 executing program 4: 10:20:50 executing program 5: 10:20:50 executing program 3: r0 = timerfd_create(0x0, 0x0) readv(r0, &(0x7f0000000080)=[{&(0x7f0000000200)=""/4096, 0x1000}], 0x1) timerfd_settime(r0, 0x0, &(0x7f00000000c0)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0) 10:20:50 executing program 0: r0 = socket(0x10, 0x80002, 0x0) ioctl(r0, 0x1000008912, &(0x7f00000001c0)="080db5055e0bcfe8697071") clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000005c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f364602344324", 0x33}], 0x4, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffeff}, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x3c) ptrace$cont(0x18, r1, 0x0, 0x0) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r1, 0x0, 0x0) 10:20:51 executing program 2: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0)='NLBL_CIPSOv4\x00') socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000300)) sendmsg$NLBL_CIPSOV4_C_REMOVE(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000240), 0xc, 0x0, 0x1, 0x0, 0x0, 0x40004}, 0x0) sendmsg$NLBL_CIPSOV4_C_LIST(0xffffffffffffffff, &(0x7f00000006c0)={&(0x7f0000000340), 0xc, 0x0}, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$DRM_IOCTL_WAIT_VBLANK(0xffffffffffffffff, 0xc018643a, &(0x7f0000000440)={0x0, 0x7, 0x36}) setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000480)={0x0, @rand_addr, @local}, 0xc) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x0, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000001940)='/dev/qat_adf_ctl\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYRES16=0x0], 0x1}}, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$KVM_NMI(r4, 0xae9a) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r4, 0xae80, 0x0) 10:20:51 executing program 5: unshare(0x400) r0 = open(&(0x7f000000fffa)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x12, r0, 0x0) read$usbfs(r0, 0x0, 0x0) [ 434.634761][T11724] ptrace attach of "/root/syz-executor.0"[11723] was attempted by "/root/syz-executor.0"[11724] [ 434.826138][T11714] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 434.866679][T11714] CPU: 1 PID: 11714 Comm: syz-executor.1 Not tainted 5.5.0-rc1-syzkaller #0 [ 434.875480][T11714] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 434.885706][T11714] Call Trace: [ 434.889074][T11714] dump_stack+0x11d/0x181 [ 434.893457][T11714] dump_header+0xaa/0x39c [ 434.897977][T11714] oom_kill_process.cold+0x10/0x15 [ 434.903146][T11714] out_of_memory+0x231/0xa60 [ 434.907814][T11714] ? __rcu_read_unlock+0x66/0x3d0 [ 434.912864][T11714] mem_cgroup_out_of_memory+0x128/0x150 [ 434.918499][T11714] try_charge+0xb6c/0xbf0 [ 434.922842][T11714] ? rcu_note_context_switch+0x720/0x760 [ 434.928498][T11714] mem_cgroup_try_charge+0xd2/0x260 [ 434.933718][T11714] mem_cgroup_try_charge_delay+0x3a/0x80 [ 434.939363][T11714] __handle_mm_fault+0x197f/0x2e00 [ 434.944493][T11714] handle_mm_fault+0x21b/0x530 [ 434.949422][T11714] __get_user_pages+0x485/0x1130 [ 434.954390][T11714] populate_vma_page_range+0xe6/0x100 [ 434.959769][T11714] __mm_populate+0x168/0x2a0 [ 434.964590][T11714] __x64_sys_mlockall+0x2e3/0x320 [ 434.969784][T11714] do_syscall_64+0xcc/0x3a0 [ 434.974345][T11714] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 434.980232][T11714] RIP: 0033:0x45b349 [ 434.984218][T11714] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 435.003908][T11714] RSP: 002b:00007f8c5b479c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 435.012329][T11714] RAX: ffffffffffffffda RBX: 00007f8c5b47a6d4 RCX: 000000000045b349 [ 435.020458][T11714] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 435.028436][T11714] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 435.036661][T11714] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 435.044645][T11714] R13: 0000000000000711 R14: 00000000004c8888 R15: 000000000075bf2c [ 435.054308][T11714] memory: usage 307200kB, limit 307200kB, failcnt 3900 [ 435.061365][T11714] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 435.068271][T11714] Memory cgroup stats for /syz1: [ 435.068574][T11714] anon 306622464 [ 435.068574][T11714] file 0 [ 435.068574][T11714] kernel_stack 331776 [ 435.068574][T11714] slab 3649536 [ 435.068574][T11714] sock 0 [ 435.068574][T11714] shmem 0 [ 435.068574][T11714] file_mapped 0 [ 435.068574][T11714] file_dirty 0 [ 435.068574][T11714] file_writeback 0 [ 435.068574][T11714] anon_thp 253755392 [ 435.068574][T11714] inactive_anon 193511424 [ 435.068574][T11714] active_anon 6774784 [ 435.068574][T11714] inactive_file 0 [ 435.068574][T11714] active_file 0 [ 435.068574][T11714] unevictable 106455040 [ 435.068574][T11714] slab_reclaimable 675840 [ 435.068574][T11714] slab_unreclaimable 2973696 [ 435.068574][T11714] pgfault 135465 [ 435.068574][T11714] pgmajfault 0 [ 435.068574][T11714] workingset_refault 0 [ 435.068574][T11714] workingset_activate 0 [ 435.068574][T11714] workingset_nodereclaim 0 [ 435.068574][T11714] pgrefill 265 [ 435.068574][T11714] pgscan 297 [ 435.068574][T11714] pgsteal 33 [ 435.162382][T11714] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=11711,uid=0 [ 435.178855][T11714] Memory cgroup out of memory: Killed process 11711 (syz-executor.1) total-vm:72584kB, anon-rss:17912kB, file-rss:52824kB, shmem-rss:0kB, UID:0 pgtables:192512kB oom_score_adj:1000 [ 435.197451][ T1066] oom_reaper: reaped process 11711 (syz-executor.1), now anon-rss:17956kB, file-rss:53660kB, shmem-rss:0kB 10:20:51 executing program 1: openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) sched_setattr(0x0, 0x0, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000200)='/dev/snapshot\x00', 0x288000, 0x0) syz_open_dev$audion(&(0x7f0000000240)='/dev/audio#\x00', 0x9, 0x200840) dup(r0) ioctl$RTC_VL_READ(r0, 0x80047013, &(0x7f00000000c0)) exit(0x7) write$binfmt_script(0xffffffffffffffff, &(0x7f00000003c0)={'#! ', './file0', [{0x20, '/dev/kvm\x00'}, {}, {}, {0x20, 'proc'}], 0xa, "df7c00e09c916729334fbe57a726284a85ae23e7eb165a0922b020a14afa53fc919ed5b5820a609af38acfc21c2cacee2f808e60eafcd3ec51fdb7f62ca135bbf86f9c1bbf9c23db4038c329b0e8d63563439cf1b94606299a6c503abe926decd68a7e671c7dfcc4125e9888fbc8ce452b52"}, 0x8e) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) r1 = syz_open_dev$amidi(&(0x7f0000000280)='/dev/amidi#\x00', 0xaf, 0x428240) ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(r1, 0xc080661a, &(0x7f00000002c0)={{0x2, 0x0, @identifier="8cff7fc81ac6de7927c1c322084eaabd"}}) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) r2 = syz_open_procfs(0x0, &(0x7f0000000180)='net/softnet_stat\x00') close(r2) ioctl$BINDER_GET_NODE_INFO_FOR_REF(0xffffffffffffffff, 0xc018620c, &(0x7f0000000180)={0x2}) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) dup(r3) open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, &(0x7f0000000100)={{0x7f, 0x3, 0x7, 0xa59e}, 'syz0\x00', 0x37}) 10:20:51 executing program 3: r0 = socket(0x10, 0x80002, 0x0) ioctl(r0, 0x1000008912, &(0x7f00000001c0)="080db5055e0bcfe8697071") clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000005c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47", 0x1b}], 0x4, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffeff}, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x3c) ptrace$cont(0x18, r1, 0x0, 0x0) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r1, 0x0, 0x0) 10:20:51 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) r0 = getpgrp(0x0) sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x7}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002380)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) ptrace$pokeuser(0x6, 0xffffffffffffffff, 0x5, 0x3) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) r3 = socket(0x0, 0x802, 0x0) write(r3, &(0x7f00000000c0), 0x0) sched_setattr(0x0, &(0x7f00000002c0)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2$9p(&(0x7f0000000000), 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f0000000000)='/dev/fuse\x00', 0x2, 0x0) r4 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000100)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000040)='fuse\x00', 0x0, &(0x7f0000000380)={{'fd', 0x3d, r4}, 0x2c, {'rootmode', 0x3d, 0x4003}, 0x2c, {'user_id'}, 0x2c, {'group_id'}, 0x2c, {[{@default_permissions='default_permissions'}]}}) openat$fuse(0xffffffffffffff9c, &(0x7f0000000100)='/dev/fuse\x00', 0x2, 0x0) creat(&(0x7f0000000200)='./file0/bus\x00', 0xbc9dc8fbd81cb4b1) 10:20:51 executing program 5: clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000000)="6653070000053c07bc3376003639405cb4aed1e68f7d368b3fb62f0000000000ae47a825d8680027726539ed010000805ae64f8f82ffffffffffffffd75d492b41fd983f79e65199615607672c59e750050000007ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62e00007cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175a", 0x8a}], 0x4, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 10:20:51 executing program 2: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0)='NLBL_CIPSOv4\x00') socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000300)) sendmsg$NLBL_CIPSOV4_C_REMOVE(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000240), 0xc, 0x0, 0x1, 0x0, 0x0, 0x40004}, 0x0) sendmsg$NLBL_CIPSOV4_C_LIST(0xffffffffffffffff, &(0x7f00000006c0)={&(0x7f0000000340), 0xc, 0x0}, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$DRM_IOCTL_WAIT_VBLANK(0xffffffffffffffff, 0xc018643a, &(0x7f0000000440)={0x0, 0x7, 0x36}) setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000480)={0x0, @rand_addr, @local}, 0xc) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x0, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000001940)='/dev/qat_adf_ctl\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYRES16=0x0], 0x1}}, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$KVM_NMI(r4, 0xae9a) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r4, 0xae80, 0x0) 10:20:51 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpgrp(0x0) sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x7}, 0x0) socket$inet6(0xa, 0x2, 0x0) ptrace$pokeuser(0x6, 0xffffffffffffffff, 0x5, 0x3) pipe(&(0x7f0000000200)={0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) r2 = socket(0x0, 0x802, 0x0) write(r2, &(0x7f00000000c0), 0x0) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_STOP(r1, 0x54a1) sched_setattr(0x0, &(0x7f00000002c0)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$fuse(0xffffffffffffff9c, &(0x7f0000000000)='/dev/fuse\x00', 0x2, 0x0) r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000100)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000040)='fuse\x00', 0x0, &(0x7f0000000380)={{'fd', 0x3d, r3}, 0x2c, {'rootmode', 0x3d, 0x4003}, 0x2c, {'user_id'}, 0x2c, {'group_id'}, 0x2c, {[{@default_permissions='default_permissions'}]}}) r4 = creat(&(0x7f0000000200)='./file0/bus\x00', 0xbc9dc8fbd81cb4b1) fcntl$lock(r4, 0x7, &(0x7f00000003c0)={0x1}) 10:20:51 executing program 5: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000b80)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00') r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) sendfile(r2, r1, 0x0, 0x209) r3 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r3, 0x800) r4 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00') r5 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) sendfile(r5, r4, 0x0, 0x209) r6 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00') r7 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) sendfile(r7, r6, 0x0, 0x209) r8 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00') r9 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) sendfile(r9, r8, 0x0, 0x209) [ 435.352806][T11745] ptrace attach of "/root/syz-executor.5"[11744] was attempted by "/root/syz-executor.5"[11745] 10:20:52 executing program 3: r0 = socket$inet6(0xa, 0x803, 0x2) connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000340)={{{@in=@dev, @in6=@mcast1, 0x0, 0x0, 0x0, 0x0, 0xa}}, {{@in6=@empty, 0x0, 0x3c}, 0x0, @in=@empty}}, 0xe8) [ 435.499121][T11762] ptrace attach of "/root/syz-executor.3"[11756] was attempted by "/root/syz-executor.3"[11762] [ 435.582279][T11764] attempt to access beyond end of device [ 435.591640][T11764] loop5: rw=2049, want=81, limit=63 [ 435.605514][T11764] attempt to access beyond end of device [ 435.611433][T11764] loop5: rw=2049, want=78, limit=63 [ 435.617176][T11764] Buffer I/O error on dev loop5, logical block 77, lost async page write 10:20:52 executing program 4: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000940)='tmpfs\x00', 0x0, 0x0) chdir(&(0x7f0000000300)='./file0\x00') mkdir(&(0x7f0000000300)='./bus\x00', 0x0) r0 = socket$vsock_stream(0x28, 0x1, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) lsetxattr$system_posix_acl(&(0x7f0000000100)='./bus\x00', &(0x7f0000000140)='system.posix_acl_access\x00', &(0x7f0000000440), 0x4, 0x0) [ 435.630880][T11764] attempt to access beyond end of device [ 435.636688][T11764] loop5: rw=0, want=78, limit=63 [ 435.652227][T11770] attempt to access beyond end of device [ 435.665697][T11770] loop5: rw=0, want=78, limit=63 [ 435.711385][T11770] Buffer I/O error on dev loop5, logical block 77, async page read 10:20:52 executing program 2: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0)='NLBL_CIPSOv4\x00') socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000300)) sendmsg$NLBL_CIPSOV4_C_REMOVE(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000240), 0xc, 0x0, 0x1, 0x0, 0x0, 0x40004}, 0x0) sendmsg$NLBL_CIPSOV4_C_LIST(0xffffffffffffffff, &(0x7f00000006c0)={&(0x7f0000000340), 0xc, 0x0}, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$DRM_IOCTL_WAIT_VBLANK(0xffffffffffffffff, 0xc018643a, &(0x7f0000000440)={0x0, 0x7, 0x36}) setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000480)={0x0, @rand_addr, @local}, 0xc) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0x0, 0x1000, &(0x7f0000000000/0x1000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000001940)='/dev/qat_adf_ctl\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYRES16=0x0], 0x1}}, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$KVM_NMI(r4, 0xae9a) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r4, 0xae80, 0x0) 10:20:52 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000280)={0xffffffffffffffff}) close(r2) io_setup(0x6, &(0x7f0000000140)=0x0) socket$pptp(0x18, 0x1, 0x2) io_submit(r3, 0x1e09328e, &(0x7f0000000040)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x1000800000000001, 0x0, r2, 0x0, 0x9}]) 10:20:52 executing program 5: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000b80)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00') r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) sendfile(r2, r1, 0x0, 0x209) r3 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r3, 0x800) r4 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00') r5 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) sendfile(r5, r4, 0x0, 0x209) r6 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00') r7 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) sendfile(r7, r6, 0x0, 0x209) r8 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00') r9 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) sendfile(r9, r8, 0x0, 0x209) [ 435.863174][ T184] attempt to access beyond end of device [ 435.874988][ T184] loop5: rw=1, want=133, limit=63 [ 435.945955][T11742] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 435.995804][T11742] CPU: 0 PID: 11742 Comm: syz-executor.1 Not tainted 5.5.0-rc1-syzkaller #0 [ 436.004507][T11742] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 436.014747][T11742] Call Trace: [ 436.018054][T11742] dump_stack+0x11d/0x181 [ 436.022409][T11742] dump_header+0xaa/0x39c [ 436.026795][T11742] oom_kill_process.cold+0x10/0x15 [ 436.031933][T11742] out_of_memory+0x231/0xa60 [ 436.036537][T11742] ? __rcu_read_unlock+0x66/0x3d0 [ 436.041580][T11742] mem_cgroup_out_of_memory+0x128/0x150 [ 436.047138][T11742] try_charge+0xb6c/0xbf0 [ 436.051488][T11742] ? rcu_note_context_switch+0x720/0x760 [ 436.057195][T11742] mem_cgroup_try_charge+0xd2/0x260 [ 436.062411][T11742] mem_cgroup_try_charge_delay+0x3a/0x80 [ 436.068067][T11742] __handle_mm_fault+0x197f/0x2e00 [ 436.073357][T11742] handle_mm_fault+0x21b/0x530 [ 436.078133][T11742] __get_user_pages+0x485/0x1130 [ 436.083099][T11742] populate_vma_page_range+0xe6/0x100 [ 436.088489][T11742] __mm_populate+0x168/0x2a0 [ 436.093084][T11742] __x64_sys_mlockall+0x2e3/0x320 [ 436.098206][T11742] do_syscall_64+0xcc/0x3a0 [ 436.102919][T11742] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 436.108998][T11742] RIP: 0033:0x45b349 [ 436.112906][T11742] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 436.132522][T11742] RSP: 002b:00007f8c5b479c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 436.140941][T11742] RAX: ffffffffffffffda RBX: 00007f8c5b47a6d4 RCX: 000000000045b349 [ 436.149008][T11742] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 436.156988][T11742] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 436.165025][T11742] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 436.173062][T11742] R13: 0000000000000711 R14: 00000000004c8888 R15: 000000000075bf2c [ 436.264150][T11742] memory: usage 307200kB, limit 307200kB, failcnt 3946 [ 436.271396][T11742] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 436.278490][T11742] Memory cgroup stats for /syz1: [ 436.278762][T11742] anon 306622464 [ 436.278762][T11742] file 0 [ 436.278762][T11742] kernel_stack 331776 [ 436.278762][T11742] slab 3649536 [ 436.278762][T11742] sock 0 [ 436.278762][T11742] shmem 0 [ 436.278762][T11742] file_mapped 0 [ 436.278762][T11742] file_dirty 0 [ 436.278762][T11742] file_writeback 0 [ 436.278762][T11742] anon_thp 253755392 [ 436.278762][T11742] inactive_anon 193540096 [ 436.278762][T11742] active_anon 6774784 [ 436.278762][T11742] inactive_file 0 [ 436.278762][T11742] active_file 0 [ 436.278762][T11742] unevictable 106455040 [ 436.278762][T11742] slab_reclaimable 675840 [ 436.278762][T11742] slab_unreclaimable 2973696 [ 436.278762][T11742] pgfault 136224 [ 436.278762][T11742] pgmajfault 0 [ 436.278762][T11742] workingset_refault 33 [ 436.278762][T11742] workingset_activate 0 [ 436.278762][T11742] workingset_nodereclaim 0 [ 436.278762][T11742] pgrefill 265 [ 436.278762][T11742] pgscan 297 [ 436.278762][T11742] pgsteal 33 [ 436.395566][T11742] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=11741,uid=0 [ 436.435248][T11742] Memory cgroup out of memory: Killed process 11741 (syz-executor.1) total-vm:72584kB, anon-rss:17912kB, file-rss:52824kB, shmem-rss:0kB, UID:0 pgtables:192512kB oom_score_adj:1000 [ 436.470213][ T1066] oom_reaper: reaped process 11741 (syz-executor.1), now anon-rss:17956kB, file-rss:53660kB, shmem-rss:0kB 10:20:53 executing program 1: openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) sched_setattr(0x0, 0x0, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000200)='/dev/snapshot\x00', 0x288000, 0x0) syz_open_dev$audion(&(0x7f0000000240)='/dev/audio#\x00', 0x9, 0x200840) dup(r0) ioctl$RTC_VL_READ(r0, 0x80047013, &(0x7f00000000c0)) exit(0x7) write$binfmt_script(0xffffffffffffffff, &(0x7f00000003c0)={'#! ', './file0', [{0x20, '/dev/kvm\x00'}, {}, {}, {0x20, 'proc'}], 0xa, "df7c00e09c916729334fbe57a726284a85ae23e7eb165a0922b020a14afa53fc919ed5b5820a609af38acfc21c2cacee2f808e60eafcd3ec51fdb7f62ca135bbf86f9c1bbf9c23db4038c329b0e8d63563439cf1b94606299a6c503abe926decd68a7e671c7dfcc4125e9888fbc8ce452b52"}, 0x8e) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) r1 = syz_open_dev$amidi(&(0x7f0000000280)='/dev/amidi#\x00', 0xaf, 0x428240) ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(r1, 0xc080661a, &(0x7f00000002c0)={{0x2, 0x0, @identifier="8cff7fc81ac6de7927c1c322084eaabd"}}) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) r2 = syz_open_procfs(0x0, &(0x7f0000000180)='net/softnet_stat\x00') close(r2) ioctl$BINDER_GET_NODE_INFO_FOR_REF(0xffffffffffffffff, 0xc018620c, &(0x7f0000000180)={0x2}) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) dup(r3) open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, &(0x7f0000000100)={{0x7f, 0x3, 0x7, 0xa59e}, 'syz0\x00', 0x37}) 10:20:53 executing program 3: openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ttyS3\x00', 0x0, 0x0) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ttyS3\x00', 0x0, 0x0) ioctl$TIOCVHANGUP(r0, 0x5437, 0x0) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f00000002c0)={{{@in6, @in6=@dev}}, {{@in=@multicast1}, 0x0, @in6=@local}}, &(0x7f00000003c0)=0xe8) 10:20:53 executing program 4: r0 = syz_open_dev$usbfs(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x4000000000000071, 0x28841) unshare(0x400) ioctl$USBDEVFS_CONNECTINFO(r0, 0x4004550d, 0x0) 10:20:53 executing program 2: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0)='NLBL_CIPSOv4\x00') socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000300)) sendmsg$NLBL_CIPSOV4_C_REMOVE(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000240), 0xc, 0x0, 0x1, 0x0, 0x0, 0x40004}, 0x0) sendmsg$NLBL_CIPSOV4_C_LIST(0xffffffffffffffff, &(0x7f00000006c0)={&(0x7f0000000340), 0xc, 0x0}, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$DRM_IOCTL_WAIT_VBLANK(0xffffffffffffffff, 0xc018643a, &(0x7f0000000440)={0x0, 0x7, 0x36}) setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000480)={0x0, @rand_addr, @local}, 0xc) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0x0, 0x1000, &(0x7f0000000000/0x1000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000001940)='/dev/qat_adf_ctl\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYRES16=0x0], 0x1}}, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$KVM_NMI(r4, 0xae9a) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r4, 0xae80, 0x0) 10:20:53 executing program 0: clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000000)="6653070000053c07bc3376003639405cb4aed1e68f7d368b3fb62f0000000000ae47a825d8680027726539ed010000805ae64f8f82ffffffffffffffd75d492b41fd983f79e65199615607672c59e750050000007ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62e00007cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f75", 0x9d}], 0x4, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 10:20:53 executing program 5: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f0000000380)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000000)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000080)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet6_int(r1, 0x29, 0x2d, 0x0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x2a7) connect$inet6(r2, &(0x7f0000000080), 0x1c) open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0) r3 = open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0) write$binfmt_elf64(r3, &(0x7f00000001c0)=ANY=[@ANYBLOB="715aaaa5b04344c22f11ff4a1c14f200"/27], 0x1b) pipe(&(0x7f0000000100)={0xffffffffffffffff}) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000740)='cgroup.controllers\x00', 0x275a, 0x0) ioctl$FS_IOC_RESVSP(r5, 0x40305828, &(0x7f0000001900)={0x0, 0x0, 0x0, 0x80000000}) ioctl$sock_inet_SIOCGIFNETMASK(r5, 0x891b, &(0x7f0000000000)={'veth1_to_hsr\x00', {0x2, 0x4e24, @multicast2}}) write$cgroup_int(r5, &(0x7f0000000240), 0x12) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000340)=0x80060) r6 = syz_genetlink_get_family_id$ipvs(0x0) r7 = creat(&(0x7f0000000180)='./bus\x00', 0x0) fstat(0xffffffffffffffff, &(0x7f00000002c0)) sendmsg$IPVS_CMD_DEL_DAEMON(r7, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x18, r6, 0x49c8586097ce370b, 0x70bd29, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_DEST={0x4}]}, 0x18}}, 0x801) sendmsg$IPVS_CMD_NEW_DAEMON(r4, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0xa800c000}, 0xc, &(0x7f0000000180)={&(0x7f00000003c0)={0x80, r6, 0x0, 0x70bd26, 0x0, {}, [@IPVS_CMD_ATTR_DAEMON={0x48, 0x3, [@IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @remote}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @ipv4={[], [], @empty}}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'rose0\x00'}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x5, 0x8, 0x20}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x5}, @IPVS_CMD_ATTR_DAEMON={0x1c, 0x3, [@IPVS_DAEMON_ATTR_MCAST_TTL={0x5}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8}]}]}, 0x80}, 0x1, 0x0, 0x0, 0x800}, 0x80) 10:20:53 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpgrp(0x0) sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x7}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002380)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) ptrace$pokeuser(0x6, 0xffffffffffffffff, 0x5, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) write(0xffffffffffffffff, &(0x7f00000000c0), 0x0) getsockname$inet6(0xffffffffffffffff, &(0x7f0000000440)={0xa, 0x0, 0x0, @mcast2}, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$SNDRV_TIMER_IOCTL_STOP(0xffffffffffffffff, 0x54a1) sched_setattr(0x0, &(0x7f00000002c0)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f0000000100)='/dev/fuse\x00', 0x2, 0x0) r4 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000100)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000040)='fuse\x00', 0x0, &(0x7f0000000380)={{'fd', 0x3d, r4}, 0x2c, {'rootmode', 0x3d, 0x4003}, 0x2c, {'user_id'}, 0x2c, {'group_id'}, 0x2c, {[{@default_permissions='default_permissions'}]}}) syz_open_dev$usbfs(0x0, 0x0, 0x1) creat(0x0, 0x0) fcntl$lock(0xffffffffffffffff, 0x7, &(0x7f00000003c0)={0x1}) 10:20:53 executing program 3: openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ttyS3\x00', 0x0, 0x0) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ttyS3\x00', 0x0, 0x0) ioctl$TIOCVHANGUP(r0, 0x5437, 0x0) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f00000002c0)={{{@in6, @in6=@dev}}, {{@in=@multicast1}, 0x0, @in6=@local}}, &(0x7f00000003c0)=0xe8) [ 436.757878][T11819] ptrace attach of "/root/syz-executor.0"[11816] was attempted by "/root/syz-executor.0"[11819] 10:20:53 executing program 0: syz_read_part_table(0x0, 0x1d4, &(0x7f0000000200)=[{&(0x7f0000000080)="0300050000000100001400000000060000000f0000000000000000000500000000004200000000000000000000000000000000000000000000000000000055aa", 0x40, 0x1c0}]) 10:20:53 executing program 2: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0)='NLBL_CIPSOv4\x00') socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000300)) sendmsg$NLBL_CIPSOV4_C_REMOVE(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000240), 0xc, 0x0, 0x1, 0x0, 0x0, 0x40004}, 0x0) sendmsg$NLBL_CIPSOV4_C_LIST(0xffffffffffffffff, &(0x7f00000006c0)={&(0x7f0000000340), 0xc, 0x0}, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$DRM_IOCTL_WAIT_VBLANK(0xffffffffffffffff, 0xc018643a, &(0x7f0000000440)={0x0, 0x7, 0x36}) setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000480)={0x0, @rand_addr, @local}, 0xc) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0x0, 0x1000, &(0x7f0000000000/0x1000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000001940)='/dev/qat_adf_ctl\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYRES16=0x0], 0x1}}, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$KVM_NMI(r4, 0xae9a) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r4, 0xae80, 0x0) 10:20:53 executing program 3: r0 = syz_open_dev$usbfs(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x4000000000000071, 0x28841) unshare(0x400) ioctl$USBDEVFS_CONNECTINFO(r0, 0x4008550d, 0x0) 10:20:53 executing program 3: r0 = syz_open_dev$usbfs(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x4000000000000071, 0x28841) ioctl$USBDEVFS_CONTROL(r0, 0xc0185500, &(0x7f0000000000)={0x23, 0x3, 0x10, 0x0, 0x0, 0x0, 0x0}) r1 = open(0x0, 0x141042, 0x0) open(&(0x7f000000fffa)='./bus\x00', 0x141042, 0x0) ioctl$EVIOCREVOKE(r1, 0x40044591, &(0x7f00000000c0)=0x400) ioctl$USBDEVFS_CONNECTINFO(r0, 0x4004550d, &(0x7f0000000080)) [ 437.223166][T11839] ldm_validate_privheads(): Disk read failed. [ 437.241550][T11839] Dev loop0: unable to read RDB block 1 [ 437.261808][T11839] loop0: unable to read partition table [ 437.268517][T11839] loop0: partition table beyond EOD, truncated [ 437.275097][T11839] loop_reread_partitions: partition scan of loop0 () failed (rc=-5) [ 437.432908][T11839] ldm_validate_privheads(): Disk read failed. [ 437.442554][T11839] Dev loop0: unable to read RDB block 1 [ 437.461886][T11839] loop0: unable to read partition table [ 437.481174][T11839] loop0: partition table beyond EOD, truncated [ 437.502696][T11839] loop_reread_partitions: partition scan of loop0 () failed (rc=-5) [ 437.518545][T11817] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 437.565748][T11817] CPU: 0 PID: 11817 Comm: syz-executor.1 Not tainted 5.5.0-rc1-syzkaller #0 [ 437.574565][T11817] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 437.584620][T11817] Call Trace: [ 437.588024][T11817] dump_stack+0x11d/0x181 [ 437.592485][T11817] dump_header+0xaa/0x39c [ 437.596836][T11817] oom_kill_process.cold+0x10/0x15 [ 437.601964][T11817] out_of_memory+0x231/0xa60 [ 437.606574][T11817] ? __rcu_read_unlock+0x66/0x3d0 [ 437.611619][T11817] mem_cgroup_out_of_memory+0x128/0x150 [ 437.617173][T11817] try_charge+0xb6c/0xbf0 [ 437.621558][T11817] ? rcu_note_context_switch+0x720/0x760 [ 437.627225][T11817] mem_cgroup_try_charge+0xd2/0x260 [ 437.632444][T11817] mem_cgroup_try_charge_delay+0x3a/0x80 [ 437.638104][T11817] __handle_mm_fault+0x197f/0x2e00 [ 437.643245][T11817] handle_mm_fault+0x21b/0x530 [ 437.648076][T11817] __get_user_pages+0x485/0x1130 [ 437.653049][T11817] populate_vma_page_range+0xe6/0x100 [ 437.658423][T11817] __mm_populate+0x168/0x2a0 [ 437.663031][T11817] vm_mmap_pgoff+0x181/0x190 [ 437.667779][T11817] ksys_mmap_pgoff+0x99/0x420 [ 437.672474][T11817] ? debug_smp_processor_id+0x43/0x137 [ 437.677971][T11817] __x64_sys_mmap+0x2e/0x40 [ 437.682536][T11817] do_syscall_64+0xcc/0x3a0 [ 437.687086][T11817] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 437.693087][T11817] RIP: 0033:0x45b39a [ 437.697014][T11817] Code: 89 f5 41 54 49 89 fc 55 53 74 35 49 63 e8 48 63 da 4d 89 f9 49 89 e8 4d 63 d6 48 89 da 4c 89 ee 4c 89 e7 b8 09 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 4e 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 00 [ 437.716629][T11817] RSP: 002b:00007ffc165426c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 437.725125][T11817] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045b39a [ 437.733162][T11817] RDX: 0000000000000003 RSI: 0000000000021000 RDI: 0000000000000000 [ 437.741137][T11817] RBP: ffffffffffffffff R08: ffffffffffffffff R09: 0000000000000000 [ 437.750057][T11817] R10: 0000000000020022 R11: 0000000000000246 R12: 0000000000000000 [ 437.758062][T11817] R13: 0000000000021000 R14: 0000000000020022 R15: 0000000000000000 [ 437.837034][T11817] memory: usage 307200kB, limit 307200kB, failcnt 3991 [ 437.843992][T11817] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 437.851050][T11817] Memory cgroup stats for /syz1: [ 437.851265][T11817] anon 306794496 [ 437.851265][T11817] file 0 [ 437.851265][T11817] kernel_stack 331776 [ 437.851265][T11817] slab 3514368 [ 437.851265][T11817] sock 0 [ 437.851265][T11817] shmem 0 [ 437.851265][T11817] file_mapped 0 [ 437.851265][T11817] file_dirty 0 [ 437.851265][T11817] file_writeback 0 [ 437.851265][T11817] anon_thp 253755392 [ 437.851265][T11817] inactive_anon 193536000 [ 437.851265][T11817] active_anon 6778880 [ 437.851265][T11817] inactive_file 0 [ 437.851265][T11817] active_file 0 [ 437.851265][T11817] unevictable 106622976 [ 437.851265][T11817] slab_reclaimable 675840 [ 437.851265][T11817] slab_unreclaimable 2838528 [ 437.851265][T11817] pgfault 137049 [ 437.851265][T11817] pgmajfault 0 [ 437.851265][T11817] workingset_refault 33 [ 437.851265][T11817] workingset_activate 0 [ 437.851265][T11817] workingset_nodereclaim 0 [ 437.851265][T11817] pgrefill 265 [ 437.851265][T11817] pgscan 297 [ 437.851265][T11817] pgsteal 33 [ 437.950428][T11817] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=11817,uid=0 [ 437.969865][T11817] Memory cgroup out of memory: Killed process 11817 (syz-executor.1) total-vm:72716kB, anon-rss:18248kB, file-rss:54364kB, shmem-rss:0kB, UID:0 pgtables:192512kB oom_score_adj:1000 10:20:54 executing program 1: ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) sched_setattr(0x0, 0x0, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000200)='/dev/snapshot\x00', 0x288000, 0x0) syz_open_dev$audion(&(0x7f0000000240)='/dev/audio#\x00', 0x9, 0x200840) dup(r0) ioctl$RTC_VL_READ(r0, 0x80047013, &(0x7f00000000c0)) exit(0x7) write$binfmt_script(0xffffffffffffffff, &(0x7f00000003c0)={'#! ', './file0', [{0x20, '/dev/kvm\x00'}, {}, {}, {0x20, 'proc'}], 0xa, "df7c00e09c916729334fbe57a726284a85ae23e7eb165a0922b020a14afa53fc919ed5b5820a609af38acfc21c2cacee2f808e60eafcd3ec51fdb7f62ca135bbf86f9c1bbf9c23db4038c329b0e8d63563439cf1b94606299a6c503abe926decd68a7e671c7dfcc4125e9888fbc8ce452b52"}, 0x8e) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) r1 = syz_open_dev$amidi(&(0x7f0000000280)='/dev/amidi#\x00', 0xaf, 0x428240) ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(r1, 0xc080661a, &(0x7f00000002c0)={{0x2, 0x0, @identifier="8cff7fc81ac6de7927c1c322084eaabd"}}) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) r2 = syz_open_procfs(0x0, &(0x7f0000000180)='net/softnet_stat\x00') close(r2) ioctl$BINDER_GET_NODE_INFO_FOR_REF(0xffffffffffffffff, 0xc018620c, &(0x7f0000000180)={0x2}) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) dup(r3) open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, &(0x7f0000000100)={{0x7f, 0x3, 0x7, 0xa59e}, 'syz0\x00', 0x37}) 10:20:54 executing program 2: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0)='NLBL_CIPSOv4\x00') socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000300)) sendmsg$NLBL_CIPSOV4_C_REMOVE(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000240), 0xc, 0x0, 0x1, 0x0, 0x0, 0x40004}, 0x0) sendmsg$NLBL_CIPSOV4_C_LIST(0xffffffffffffffff, &(0x7f00000006c0)={&(0x7f0000000340), 0xc, 0x0}, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$DRM_IOCTL_WAIT_VBLANK(0xffffffffffffffff, 0xc018643a, &(0x7f0000000440)={0x0, 0x7, 0x36}) setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000480)={0x0, @rand_addr, @local}, 0xc) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000001940)='/dev/qat_adf_ctl\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYRES16=0x0], 0x1}}, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$KVM_NMI(r4, 0xae9a) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r4, 0xae80, 0x0) 10:20:54 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpgrp(0x0) sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x7}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002380)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) ptrace$pokeuser(0x6, 0xffffffffffffffff, 0x5, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) r3 = socket(0x0, 0x802, 0x0) write(r3, 0x0, 0x0) sched_setattr(0x0, &(0x7f00000002c0)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2$9p(&(0x7f0000000000), 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f0000000000)='/dev/fuse\x00', 0x2, 0x0) r4 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000100)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000040)='fuse\x00', 0x0, &(0x7f0000000380)={{'fd', 0x3d, r4}, 0x2c, {'rootmode', 0x3d, 0x4003}, 0x2c, {'user_id'}, 0x2c, {'group_id'}, 0x2c, {[{@default_permissions='default_permissions'}]}}) openat$fuse(0xffffffffffffff9c, &(0x7f0000000100)='/dev/fuse\x00', 0x2, 0x0) creat(&(0x7f0000000200)='./file0/bus\x00', 0xbc9dc8fbd81cb4b1) 10:20:54 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') lsetxattr$trusted_overlay_upper(&(0x7f0000000180)='.//ile0\x00', &(0x7f0000000200)='trusted.overlay.upper\x00', 0x0, 0x0, 0x0) unlink(&(0x7f0000000540)='.//ile0\x00') 10:20:54 executing program 3: mlock2(&(0x7f000060f000/0x3000)=nil, 0x3000, 0x1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0) pkey_mprotect(&(0x7f00002d5000/0x1000)=nil, 0x1000, 0x0, 0xffffffffffffffff) pkey_free(0xffffffffffffffff) 10:20:54 executing program 5: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f0000000380)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000000)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000080)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet6_int(r1, 0x29, 0x2d, 0x0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x2a7) connect$inet6(r2, &(0x7f0000000080), 0x1c) open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0) r3 = open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0) write$binfmt_elf64(r3, &(0x7f00000001c0)=ANY=[@ANYBLOB="715aaaa5b04344c22f11ff4a1c14f200"/27], 0x1b) pipe(&(0x7f0000000100)={0xffffffffffffffff}) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000740)='cgroup.controllers\x00', 0x275a, 0x0) ioctl$FS_IOC_RESVSP(r5, 0x40305828, &(0x7f0000001900)={0x0, 0x0, 0x0, 0x80000000}) ioctl$sock_inet_SIOCGIFNETMASK(r5, 0x891b, &(0x7f0000000000)={'veth1_to_hsr\x00', {0x2, 0x4e24, @multicast2}}) write$cgroup_int(r5, &(0x7f0000000240), 0x12) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000340)=0x80060) r6 = syz_genetlink_get_family_id$ipvs(0x0) r7 = creat(&(0x7f0000000180)='./bus\x00', 0x0) fstat(0xffffffffffffffff, &(0x7f00000002c0)) sendmsg$IPVS_CMD_DEL_DAEMON(r7, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x18, r6, 0x49c8586097ce370b, 0x70bd29, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_DEST={0x4}]}, 0x18}}, 0x801) sendmsg$IPVS_CMD_NEW_DAEMON(r4, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0xa800c000}, 0xc, &(0x7f0000000180)={&(0x7f00000003c0)={0x80, r6, 0x0, 0x70bd26, 0x0, {}, [@IPVS_CMD_ATTR_DAEMON={0x48, 0x3, [@IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @remote}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @ipv4={[], [], @empty}}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'rose0\x00'}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x5, 0x8, 0x20}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x5}, @IPVS_CMD_ATTR_DAEMON={0x1c, 0x3, [@IPVS_DAEMON_ATTR_MCAST_TTL={0x5}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8}]}]}, 0x80}, 0x1, 0x0, 0x0, 0x800}, 0x80) [ 438.265218][ T7995] FAT-fs (loop5): error, fat_free_clusters: deleting FAT entry beyond EOF [ 438.274849][ T7995] FAT-fs (loop5): Filesystem has been set read-only 10:20:54 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f0000000380)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000000)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000080)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet6_int(r1, 0x29, 0x2d, 0x0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x2a7) connect$inet6(r2, &(0x7f0000000080), 0x1c) open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0) r3 = open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0) write$binfmt_elf64(r3, &(0x7f00000001c0)=ANY=[@ANYBLOB="715aaaa5b04344c22f11ff4a1c14f200"/27], 0x1b) pipe(&(0x7f0000000100)={0xffffffffffffffff}) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000740)='cgroup.controllers\x00', 0x275a, 0x0) ioctl$FS_IOC_RESVSP(r5, 0x40305828, &(0x7f0000001900)={0x0, 0x0, 0x0, 0x80000000}) ioctl$sock_inet_SIOCGIFNETMASK(r5, 0x891b, &(0x7f0000000000)={'veth1_to_hsr\x00', {0x2, 0x4e24, @multicast2}}) write$cgroup_int(r5, &(0x7f0000000240), 0x12) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000340)=0x80060) r6 = syz_genetlink_get_family_id$ipvs(0x0) r7 = creat(&(0x7f0000000180)='./bus\x00', 0x0) fstat(0xffffffffffffffff, &(0x7f00000002c0)) sendmsg$IPVS_CMD_DEL_DAEMON(r7, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x18, r6, 0x49c8586097ce370b, 0x70bd29, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_DEST={0x4}]}, 0x18}}, 0x801) sendmsg$IPVS_CMD_NEW_DAEMON(r4, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0xa800c000}, 0xc, &(0x7f0000000180)={&(0x7f00000003c0)={0x80, r6, 0x0, 0x70bd26, 0x0, {}, [@IPVS_CMD_ATTR_DAEMON={0x48, 0x3, [@IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @remote}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @ipv4={[], [], @empty}}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'rose0\x00'}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x5, 0x8, 0x20}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x5}, @IPVS_CMD_ATTR_DAEMON={0x1c, 0x3, [@IPVS_DAEMON_ATTR_MCAST_TTL={0x5}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8}]}]}, 0x80}, 0x1, 0x0, 0x0, 0x800}, 0x80) 10:20:54 executing program 4: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f0000000380)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000000)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000080)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet6_int(r1, 0x29, 0x2d, 0x0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x2a7) connect$inet6(r2, &(0x7f0000000080), 0x1c) open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0) r3 = open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0) write$binfmt_elf64(r3, &(0x7f00000001c0)=ANY=[@ANYBLOB="715aaaa5b04344c22f11ff4a1c14f200"/27], 0x1b) pipe(&(0x7f0000000100)={0xffffffffffffffff}) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000740)='cgroup.controllers\x00', 0x275a, 0x0) ioctl$FS_IOC_RESVSP(r5, 0x40305828, &(0x7f0000001900)={0x0, 0x0, 0x0, 0x80000000}) ioctl$sock_inet_SIOCGIFNETMASK(r5, 0x891b, &(0x7f0000000000)={'veth1_to_hsr\x00', {0x2, 0x4e24, @multicast2}}) write$cgroup_int(r5, &(0x7f0000000240), 0x12) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000340)=0x80060) r6 = syz_genetlink_get_family_id$ipvs(0x0) r7 = creat(&(0x7f0000000180)='./bus\x00', 0x0) fstat(0xffffffffffffffff, &(0x7f00000002c0)) sendmsg$IPVS_CMD_DEL_DAEMON(r7, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x18, r6, 0x49c8586097ce370b, 0x70bd29, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_DEST={0x4}]}, 0x18}}, 0x801) sendmsg$IPVS_CMD_NEW_DAEMON(r4, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0xa800c000}, 0xc, &(0x7f0000000180)={&(0x7f00000003c0)={0x80, r6, 0x0, 0x70bd26, 0x0, {}, [@IPVS_CMD_ATTR_DAEMON={0x48, 0x3, [@IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @remote}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @ipv4={[], [], @empty}}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'rose0\x00'}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x5, 0x8, 0x20}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x5}, @IPVS_CMD_ATTR_DAEMON={0x1c, 0x3, [@IPVS_DAEMON_ATTR_MCAST_TTL={0x5}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8}]}]}, 0x80}, 0x1, 0x0, 0x0, 0x800}, 0x80) 10:20:54 executing program 2: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0)='NLBL_CIPSOv4\x00') socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000300)) sendmsg$NLBL_CIPSOV4_C_REMOVE(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000240), 0xc, 0x0, 0x1, 0x0, 0x0, 0x40004}, 0x0) sendmsg$NLBL_CIPSOV4_C_LIST(0xffffffffffffffff, &(0x7f00000006c0)={&(0x7f0000000340), 0xc, 0x0}, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$DRM_IOCTL_WAIT_VBLANK(0xffffffffffffffff, 0xc018643a, &(0x7f0000000440)={0x0, 0x7, 0x36}) setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000480)={0x0, @rand_addr, @local}, 0xc) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000001940)='/dev/qat_adf_ctl\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYRES16=0x0], 0x1}}, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$KVM_NMI(r4, 0xae9a) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r4, 0xae80, 0x0) 10:20:55 executing program 0: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f0000000380)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000000)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000080)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet6_int(r1, 0x29, 0x2d, 0x0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x2a7) connect$inet6(r2, &(0x7f0000000080), 0x1c) open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0) r3 = open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0) write$binfmt_elf64(r3, &(0x7f00000001c0)=ANY=[@ANYBLOB="715aaaa5b04344c22f11ff4a1c14f200"/27], 0x1b) pipe(&(0x7f0000000100)={0xffffffffffffffff}) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000740)='cgroup.controllers\x00', 0x275a, 0x0) ioctl$FS_IOC_RESVSP(r5, 0x40305828, &(0x7f0000001900)={0x0, 0x0, 0x0, 0x80000000}) ioctl$sock_inet_SIOCGIFNETMASK(r5, 0x891b, &(0x7f0000000000)={'veth1_to_hsr\x00', {0x2, 0x4e24, @multicast2}}) write$cgroup_int(r5, &(0x7f0000000240), 0x12) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000340)=0x80060) r6 = syz_genetlink_get_family_id$ipvs(0x0) r7 = creat(&(0x7f0000000180)='./bus\x00', 0x0) fstat(0xffffffffffffffff, &(0x7f00000002c0)) sendmsg$IPVS_CMD_DEL_DAEMON(r7, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x18, r6, 0x49c8586097ce370b, 0x70bd29, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_DEST={0x4}]}, 0x18}}, 0x801) sendmsg$IPVS_CMD_NEW_DAEMON(r4, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0xa800c000}, 0xc, &(0x7f0000000180)={&(0x7f00000003c0)={0x80, r6, 0x0, 0x70bd26, 0x0, {}, [@IPVS_CMD_ATTR_DAEMON={0x48, 0x3, [@IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @remote}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @ipv4={[], [], @empty}}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'rose0\x00'}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x5, 0x8, 0x20}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x5}, @IPVS_CMD_ATTR_DAEMON={0x1c, 0x3, [@IPVS_DAEMON_ATTR_MCAST_TTL={0x5}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8}]}]}, 0x80}, 0x1, 0x0, 0x0, 0x800}, 0x80) 10:20:55 executing program 2: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0)='NLBL_CIPSOv4\x00') socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000300)) sendmsg$NLBL_CIPSOV4_C_REMOVE(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000240), 0xc, 0x0, 0x1, 0x0, 0x0, 0x40004}, 0x0) sendmsg$NLBL_CIPSOV4_C_LIST(0xffffffffffffffff, &(0x7f00000006c0)={&(0x7f0000000340), 0xc, 0x0}, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$DRM_IOCTL_WAIT_VBLANK(0xffffffffffffffff, 0xc018643a, &(0x7f0000000440)={0x0, 0x7, 0x36}) setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000480)={0x0, @rand_addr, @local}, 0xc) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000001940)='/dev/qat_adf_ctl\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYRES16=0x0], 0x1}}, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$KVM_NMI(r4, 0xae9a) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r4, 0xae80, 0x0) 10:20:55 executing program 5: r0 = timerfd_create(0x0, 0x0) readv(r0, &(0x7f0000000080)=[{&(0x7f0000000200)=""/4096, 0x1000}], 0x1) timerfd_settime(r0, 0x0, &(0x7f00000000c0)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x387b1d0849878266, 0x8031, 0xffffffffffffffff, 0x0) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = pkey_alloc(0x0, 0x0) pkey_mprotect(&(0x7f00002d5000/0x1000)=nil, 0x1000, 0x0, 0xffffffffffffffff) pkey_free(r1) [ 439.405001][T11879] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 439.543571][T11879] CPU: 0 PID: 11879 Comm: syz-executor.1 Not tainted 5.5.0-rc1-syzkaller #0 [ 439.552323][T11879] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 439.562381][T11879] Call Trace: [ 439.565715][T11879] dump_stack+0x11d/0x181 [ 439.570067][T11879] dump_header+0xaa/0x39c [ 439.574422][T11879] oom_kill_process.cold+0x10/0x15 [ 439.579550][T11879] out_of_memory+0x231/0xa60 [ 439.584622][T11879] ? __rcu_read_unlock+0x66/0x3d0 [ 439.589758][T11879] mem_cgroup_out_of_memory+0x128/0x150 [ 439.595320][T11879] try_charge+0xb6c/0xbf0 [ 439.599683][T11879] ? setup_fault_attr+0x90/0x120 [ 439.604641][T11879] ? __rcu_read_unlock+0x66/0x3d0 [ 439.609686][T11879] __memcg_kmem_charge_memcg+0x4a/0xe0 [ 439.615188][T11879] __memcg_kmem_charge+0xcf/0x1b0 [ 439.620369][T11879] copy_process+0x11d2/0x3c40 [ 439.625064][T11879] ? __read_once_size+0x5a/0xe0 [ 439.629925][T11879] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 439.636169][T11879] ? perf_event_mmap+0x74/0x960 [ 439.641051][T11879] _do_fork+0xfe/0x7a0 [ 439.645135][T11879] ? mprotect_fixup+0x334/0x510 [ 439.650043][T11879] __x64_sys_clone+0x130/0x170 [ 439.654849][T11879] do_syscall_64+0xcc/0x3a0 [ 439.659380][T11879] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 439.665272][T11879] RIP: 0033:0x45dd19 [ 439.669252][T11879] Code: ff 48 85 f6 0f 84 d7 8c fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8c fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 439.688863][T11879] RSP: 002b:00007ffc165426b8 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 439.697377][T11879] RAX: ffffffffffffffda RBX: 00007f8c5b459700 RCX: 000000000045dd19 [ 439.705391][T11879] RDX: 00007f8c5b4599d0 RSI: 00007f8c5b458db0 RDI: 00000000003d0f00 [ 439.713581][T11879] RBP: 00007ffc165428d0 R08: 00007f8c5b459700 R09: 00007f8c5b459700 [ 439.721611][T11879] R10: 00007f8c5b4599d0 R11: 0000000000000202 R12: 0000000000000000 [ 439.729665][T11879] R13: 00007ffc1654276f R14: 00007f8c5b4599c0 R15: 000000000075bfd4 [ 439.744102][T11879] memory: usage 307200kB, limit 307200kB, failcnt 4038 [ 439.751002][T11879] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 439.784682][T11879] Memory cgroup stats for /syz1: [ 439.784889][T11879] anon 306774016 [ 439.784889][T11879] file 0 [ 439.784889][T11879] kernel_stack 294912 [ 439.784889][T11879] slab 3514368 [ 439.784889][T11879] sock 0 [ 439.784889][T11879] shmem 0 [ 439.784889][T11879] file_mapped 0 [ 439.784889][T11879] file_dirty 0 [ 439.784889][T11879] file_writeback 0 [ 439.784889][T11879] anon_thp 253755392 [ 439.784889][T11879] inactive_anon 193662976 [ 439.784889][T11879] active_anon 6778880 [ 439.784889][T11879] inactive_file 0 [ 439.784889][T11879] active_file 0 [ 439.784889][T11879] unevictable 106594304 [ 439.784889][T11879] slab_reclaimable 675840 [ 439.784889][T11879] slab_unreclaimable 2838528 [ 439.784889][T11879] pgfault 137874 [ 439.784889][T11879] pgmajfault 0 [ 439.784889][T11879] workingset_refault 33 [ 439.784889][T11879] workingset_activate 0 [ 439.784889][T11879] workingset_nodereclaim 0 [ 439.784889][T11879] pgrefill 265 [ 439.784889][T11879] pgscan 297 [ 439.784889][T11879] pgsteal 33 [ 440.044266][T11879] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=11879,uid=0 [ 440.074424][T11879] Memory cgroup out of memory: Killed process 11879 (syz-executor.1) total-vm:72716kB, anon-rss:18248kB, file-rss:54364kB, shmem-rss:0kB, UID:0 pgtables:192512kB oom_score_adj:1000 [ 440.121482][ T1066] oom_reaper: reaped process 11879 (syz-executor.1), now anon-rss:18272kB, file-rss:54364kB, shmem-rss:0kB 10:20:56 executing program 1: ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) sched_setattr(0x0, 0x0, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000200)='/dev/snapshot\x00', 0x288000, 0x0) syz_open_dev$audion(&(0x7f0000000240)='/dev/audio#\x00', 0x9, 0x200840) dup(r0) ioctl$RTC_VL_READ(r0, 0x80047013, &(0x7f00000000c0)) exit(0x7) write$binfmt_script(0xffffffffffffffff, &(0x7f00000003c0)={'#! ', './file0', [{0x20, '/dev/kvm\x00'}, {}, {}, {0x20, 'proc'}], 0xa, "df7c00e09c916729334fbe57a726284a85ae23e7eb165a0922b020a14afa53fc919ed5b5820a609af38acfc21c2cacee2f808e60eafcd3ec51fdb7f62ca135bbf86f9c1bbf9c23db4038c329b0e8d63563439cf1b94606299a6c503abe926decd68a7e671c7dfcc4125e9888fbc8ce452b52"}, 0x8e) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) r1 = syz_open_dev$amidi(&(0x7f0000000280)='/dev/amidi#\x00', 0xaf, 0x428240) ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(r1, 0xc080661a, &(0x7f00000002c0)={{0x2, 0x0, @identifier="8cff7fc81ac6de7927c1c322084eaabd"}}) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) r2 = syz_open_procfs(0x0, &(0x7f0000000180)='net/softnet_stat\x00') close(r2) ioctl$BINDER_GET_NODE_INFO_FOR_REF(0xffffffffffffffff, 0xc018620c, &(0x7f0000000180)={0x2}) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) dup(r3) open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, &(0x7f0000000100)={{0x7f, 0x3, 0x7, 0xa59e}, 'syz0\x00', 0x37}) 10:20:56 executing program 2: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0)='NLBL_CIPSOv4\x00') socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000300)) sendmsg$NLBL_CIPSOV4_C_REMOVE(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000240), 0xc, 0x0, 0x1, 0x0, 0x0, 0x40004}, 0x0) sendmsg$NLBL_CIPSOV4_C_LIST(0xffffffffffffffff, &(0x7f00000006c0)={&(0x7f0000000340), 0xc, 0x0}, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$DRM_IOCTL_WAIT_VBLANK(0xffffffffffffffff, 0xc018643a, &(0x7f0000000440)={0x0, 0x7, 0x36}) setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000480)={0x0, @rand_addr, @local}, 0xc) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYRES16=0x0], 0x1}}, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$KVM_NMI(r4, 0xae9a) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r4, 0xae80, 0x0) 10:20:56 executing program 4: r0 = timerfd_create(0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) perf_event_open(0x0, 0x0, 0xfffffffffffffff9, r2, 0x0) readv(r0, &(0x7f0000000080)=[{&(0x7f0000000200)=""/4096, 0x1000}], 0x1) timerfd_settime(r0, 0x0, &(0x7f00000000c0)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x387b1d0849878266, 0x8031, 0xffffffffffffffff, 0x0) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = pkey_alloc(0x0, 0x0) pkey_free(0xffffffffffffffff) pkey_mprotect(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, r3) 10:20:56 executing program 5: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$inet_icmp_ICMP_FILTER(r0, 0x1, 0x3e, &(0x7f0000000200)={0xfffeffff}, 0x4) 10:20:57 executing program 5: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000b80)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00') r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) sendfile(r2, r1, 0x0, 0x209) r3 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r3, 0x800) lseek(0xffffffffffffffff, 0x0, 0x0) r4 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00') r5 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) sendfile(r5, r4, 0x0, 0x209) r6 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00') r7 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) sendfile(r7, r6, 0x0, 0x209) r8 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00') r9 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) sendfile(r9, r8, 0x0, 0x209) 10:20:57 executing program 2: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0)='NLBL_CIPSOv4\x00') socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000300)) sendmsg$NLBL_CIPSOV4_C_REMOVE(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000240), 0xc, 0x0, 0x1, 0x0, 0x0, 0x40004}, 0x0) sendmsg$NLBL_CIPSOV4_C_LIST(0xffffffffffffffff, &(0x7f00000006c0)={&(0x7f0000000340), 0xc, 0x0}, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$DRM_IOCTL_WAIT_VBLANK(0xffffffffffffffff, 0xc018643a, &(0x7f0000000440)={0x0, 0x7, 0x36}) setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000480)={0x0, @rand_addr, @local}, 0xc) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYRES16=0x0], 0x1}}, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$KVM_NMI(r4, 0xae9a) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r4, 0xae80, 0x0) [ 440.863860][T11960] attempt to access beyond end of device [ 440.901324][T11960] loop5: rw=2049, want=81, limit=63 [ 440.958093][T11960] attempt to access beyond end of device [ 440.964109][ T7977] FAT-fs (loop0): error, fat_free_clusters: deleting FAT entry beyond EOF [ 441.001143][T11960] loop5: rw=2049, want=78, limit=63 [ 441.016661][ T7977] FAT-fs (loop0): Filesystem has been set read-only [ 441.031459][T11953] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 441.053388][T11960] Buffer I/O error on dev loop5, logical block 77, lost async page write [ 441.058416][T11953] CPU: 1 PID: 11953 Comm: syz-executor.1 Not tainted 5.5.0-rc1-syzkaller #0 [ 441.070535][T11953] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 441.080607][T11953] Call Trace: [ 441.083904][T11953] dump_stack+0x11d/0x181 [ 441.084597][T11967] attempt to access beyond end of device [ 441.088305][T11953] dump_header+0xaa/0x39c [ 441.088353][T11953] oom_kill_process.cold+0x10/0x15 [ 441.103410][T11953] out_of_memory+0x231/0xa60 [ 441.108013][T11953] ? __rcu_read_unlock+0x66/0x3d0 [ 441.113142][T11953] mem_cgroup_out_of_memory+0x128/0x150 [ 441.114750][T11967] loop5: rw=0, want=78, limit=63 [ 441.118722][T11953] try_charge+0xb6c/0xbf0 [ 441.118745][T11953] ? setup_fault_attr+0x90/0x120 [ 441.118776][T11953] ? __rcu_read_unlock+0x66/0x3d0 [ 441.137976][T11953] __memcg_kmem_charge_memcg+0x4a/0xe0 [ 441.143457][T11953] __memcg_kmem_charge+0xcf/0x1b0 [ 441.148505][T11953] copy_process+0x11d2/0x3c40 [ 441.153211][T11953] ? __read_once_size+0x5a/0xe0 [ 441.158099][T11953] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 441.164430][T11953] ? perf_event_mmap+0x74/0x960 [ 441.169312][T11953] _do_fork+0xfe/0x7a0 [ 441.173487][T11953] ? mprotect_fixup+0x334/0x510 [ 441.178357][T11953] __x64_sys_clone+0x130/0x170 [ 441.183148][T11953] do_syscall_64+0xcc/0x3a0 [ 441.187671][T11953] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 441.193566][T11953] RIP: 0033:0x45dd19 [ 441.197516][T11953] Code: ff 48 85 f6 0f 84 d7 8c fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8c fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 441.216355][T11967] attempt to access beyond end of device [ 441.217168][T11953] RSP: 002b:00007ffc165426b8 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 441.231213][T11953] RAX: ffffffffffffffda RBX: 00007f8c5b459700 RCX: 000000000045dd19 [ 441.239199][T11953] RDX: 00007f8c5b4599d0 RSI: 00007f8c5b458db0 RDI: 00000000003d0f00 10:20:57 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f0000000380)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000000)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000080)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet6_int(r1, 0x29, 0x2d, 0x0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x2a7) connect$inet6(r2, &(0x7f0000000080), 0x1c) open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0) r3 = open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0) write$binfmt_elf64(r3, &(0x7f00000001c0)=ANY=[@ANYBLOB="715aaaa5b04344c22f11ff4a1c14f200"/27], 0x1b) pipe(&(0x7f0000000100)={0xffffffffffffffff}) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000740)='cgroup.controllers\x00', 0x275a, 0x0) ioctl$FS_IOC_RESVSP(r5, 0x40305828, &(0x7f0000001900)={0x0, 0x0, 0x0, 0x80000000}) ioctl$sock_inet_SIOCGIFNETMASK(r5, 0x891b, &(0x7f0000000000)={'veth1_to_hsr\x00', {0x2, 0x4e24, @multicast2}}) write$cgroup_int(r5, &(0x7f0000000240), 0x12) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000340)=0x80060) r6 = syz_genetlink_get_family_id$ipvs(0x0) r7 = creat(&(0x7f0000000180)='./bus\x00', 0x0) fstat(0xffffffffffffffff, &(0x7f00000002c0)) sendmsg$IPVS_CMD_DEL_DAEMON(r7, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x18, r6, 0x49c8586097ce370b, 0x70bd29, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_DEST={0x4}]}, 0x18}}, 0x801) sendmsg$IPVS_CMD_NEW_DAEMON(r4, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0xa800c000}, 0xc, &(0x7f0000000180)={&(0x7f00000003c0)={0x80, r6, 0x0, 0x70bd26, 0x0, {}, [@IPVS_CMD_ATTR_DAEMON={0x48, 0x3, [@IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @remote}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @ipv4={[], [], @empty}}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'rose0\x00'}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x5, 0x8, 0x20}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x5}, @IPVS_CMD_ATTR_DAEMON={0x1c, 0x3, [@IPVS_DAEMON_ATTR_MCAST_TTL={0x5}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8}]}]}, 0x80}, 0x1, 0x0, 0x0, 0x800}, 0x80) 10:20:57 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpgrp(0x0) sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x7}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002380), 0x0, 0x0, 0x0) ptrace$pokeuser(0x6, 0xffffffffffffffff, 0x5, 0x3) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) r4 = socket(0x0, 0x802, 0x0) write(r4, &(0x7f00000000c0), 0x0) getsockname$inet6(r4, &(0x7f0000000440)={0xa, 0x0, 0x0, @mcast2}, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$SNDRV_TIMER_IOCTL_STOP(r2, 0x54a1) sched_setattr(0x0, &(0x7f00000002c0)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$fuse(0xffffffffffffff9c, &(0x7f0000000000)='/dev/fuse\x00', 0x2, 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f0000000100)='/dev/fuse\x00', 0x2, 0x0) r5 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000100)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000040)='fuse\x00', 0x0, &(0x7f0000000380)={{'fd', 0x3d, r5}, 0x2c, {'rootmode', 0x3d, 0x4003}, 0x2c, {'user_id'}, 0x2c, {'group_id'}, 0x2c, {[{@default_permissions='default_permissions'}]}}) mount$fuse(0x0, 0x0, &(0x7f0000000080)='fuse\x00', 0x0, 0x0) syz_open_dev$usbfs(0x0, 0x0, 0x1) r6 = creat(&(0x7f0000000200)='./file0/bus\x00', 0xbc9dc8fbd81cb4b1) fcntl$lock(r6, 0x7, &(0x7f00000003c0)={0x1}) 10:20:57 executing program 2: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0)='NLBL_CIPSOv4\x00') socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000300)) sendmsg$NLBL_CIPSOV4_C_REMOVE(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000240), 0xc, 0x0, 0x1, 0x0, 0x0, 0x40004}, 0x0) sendmsg$NLBL_CIPSOV4_C_LIST(0xffffffffffffffff, &(0x7f00000006c0)={&(0x7f0000000340), 0xc, 0x0}, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$DRM_IOCTL_WAIT_VBLANK(0xffffffffffffffff, 0xc018643a, &(0x7f0000000440)={0x0, 0x7, 0x36}) setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000480)={0x0, @rand_addr, @local}, 0xc) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYRES16=0x0], 0x1}}, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$KVM_NMI(r4, 0xae9a) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r4, 0xae80, 0x0) [ 441.247195][T11953] RBP: 00007ffc165428d0 R08: 00007f8c5b459700 R09: 00007f8c5b459700 [ 441.249870][T11967] loop5: rw=0, want=78, limit=63 [ 441.257698][T11953] R10: 00007f8c5b4599d0 R11: 0000000000000202 R12: 0000000000000000 [ 441.257709][T11953] R13: 00007ffc1654276f R14: 00007f8c5b4599c0 R15: 000000000075bfd4 [ 441.266701][T11953] memory: usage 307200kB, limit 307200kB, failcnt 4084 [ 441.285961][T11953] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 441.289023][ T7985] FAT-fs (loop3): error, fat_free_clusters: deleting FAT entry beyond EOF [ 441.293619][T11953] Memory cgroup stats for /syz1: [ 441.293770][T11953] anon 306884608 [ 441.293770][T11953] file 0 [ 441.293770][T11953] kernel_stack 331776 [ 441.293770][T11953] slab 3514368 [ 441.293770][T11953] sock 0 [ 441.293770][T11953] shmem 0 [ 441.293770][T11953] file_mapped 0 [ 441.293770][T11953] file_dirty 0 [ 441.293770][T11953] file_writeback 0 [ 441.293770][T11953] anon_thp 253755392 [ 441.293770][T11953] inactive_anon 193662976 [ 441.293770][T11953] active_anon 6778880 [ 441.293770][T11953] inactive_file 0 [ 441.293770][T11953] active_file 0 [ 441.293770][T11953] unevictable 106852352 [ 441.293770][T11953] slab_reclaimable 675840 [ 441.293770][T11953] slab_unreclaimable 2838528 [ 441.293770][T11953] pgfault 138699 [ 441.293770][T11953] pgmajfault 0 [ 441.293770][T11953] workingset_refault 33 [ 441.293770][T11953] workingset_activate 0 [ 441.293770][T11953] workingset_nodereclaim 0 [ 441.293770][T11953] pgrefill 265 [ 441.293770][T11953] pgscan 297 [ 441.293770][T11953] pgsteal 33 [ 441.340722][ T7985] FAT-fs (loop3): Filesystem has been set read-only [ 441.396000][T11953] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=11953,uid=0 [ 441.417262][T11967] Buffer I/O error on dev loop5, logical block 77, async page read [ 441.419006][T11953] Memory cgroup out of memory: Killed process 11953 (syz-executor.1) total-vm:72716kB, anon-rss:18248kB, file-rss:54364kB, shmem-rss:0kB, UID:0 pgtables:192512kB oom_score_adj:1000 [ 441.443590][ T1066] oom_reaper: reaped process 11953 (syz-executor.1), now anon-rss:18248kB, file-rss:54360kB, shmem-rss:0kB [ 441.455715][ T27] audit: type=1800 audit(1579602057.946:32): pid=11967 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed comm="syz-executor.5" name="bus" dev="loop5" ino=38 res=0 [ 441.522564][T11960] attempt to access beyond end of device [ 441.528276][T11960] loop5: rw=2049, want=130, limit=63 10:20:58 executing program 2: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0)='NLBL_CIPSOv4\x00') socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000300)) sendmsg$NLBL_CIPSOV4_C_REMOVE(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000240), 0xc, 0x0, 0x1, 0x0, 0x0, 0x40004}, 0x0) sendmsg$NLBL_CIPSOV4_C_LIST(0xffffffffffffffff, &(0x7f00000006c0)={&(0x7f0000000340), 0xc, 0x0}, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$DRM_IOCTL_WAIT_VBLANK(0xffffffffffffffff, 0xc018643a, &(0x7f0000000440)={0x0, 0x7, 0x36}) setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000480)={0x0, @rand_addr, @local}, 0xc) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000001940)='/dev/qat_adf_ctl\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYRES16=0x0], 0x1}}, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$KVM_NMI(r4, 0xae9a) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r4, 0xae80, 0x0) 10:20:58 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22}, 0x1c) sendto$inet6(r0, 0x0, 0x0, 0x24048000, &(0x7f00000001c0)={0xa, 0x0, 0x0, @remote, 0x3082}, 0x1c) listen(r0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x7d1}, 0x1c) bind$inet6(r1, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) listen(r1, 0x0) 10:20:58 executing program 5: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000b80)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00') r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) sendfile(r2, r1, 0x0, 0x209) r3 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r3, 0x800) lseek(0xffffffffffffffff, 0x0, 0x0) r4 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00') r5 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) sendfile(r5, r4, 0x0, 0x209) r6 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00') r7 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) sendfile(r7, r6, 0x0, 0x209) r8 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00') r9 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) sendfile(r9, r8, 0x0, 0x209) 10:20:58 executing program 1: ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) sched_setattr(0x0, 0x0, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000200)='/dev/snapshot\x00', 0x288000, 0x0) syz_open_dev$audion(&(0x7f0000000240)='/dev/audio#\x00', 0x9, 0x200840) dup(r0) ioctl$RTC_VL_READ(r0, 0x80047013, &(0x7f00000000c0)) exit(0x7) write$binfmt_script(0xffffffffffffffff, &(0x7f00000003c0)={'#! ', './file0', [{0x20, '/dev/kvm\x00'}, {}, {}, {0x20, 'proc'}], 0xa, "df7c00e09c916729334fbe57a726284a85ae23e7eb165a0922b020a14afa53fc919ed5b5820a609af38acfc21c2cacee2f808e60eafcd3ec51fdb7f62ca135bbf86f9c1bbf9c23db4038c329b0e8d63563439cf1b94606299a6c503abe926decd68a7e671c7dfcc4125e9888fbc8ce452b52"}, 0x8e) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) r1 = syz_open_dev$amidi(&(0x7f0000000280)='/dev/amidi#\x00', 0xaf, 0x428240) ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(r1, 0xc080661a, &(0x7f00000002c0)={{0x2, 0x0, @identifier="8cff7fc81ac6de7927c1c322084eaabd"}}) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) r2 = syz_open_procfs(0x0, &(0x7f0000000180)='net/softnet_stat\x00') close(r2) ioctl$BINDER_GET_NODE_INFO_FOR_REF(0xffffffffffffffff, 0xc018620c, &(0x7f0000000180)={0x2}) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) dup(r3) open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, &(0x7f0000000100)={{0x7f, 0x3, 0x7, 0xa59e}, 'syz0\x00', 0x37}) 10:20:58 executing program 2: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0)='NLBL_CIPSOv4\x00') socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000300)) sendmsg$NLBL_CIPSOV4_C_REMOVE(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000240), 0xc, 0x0, 0x1, 0x0, 0x0, 0x40004}, 0x0) sendmsg$NLBL_CIPSOV4_C_LIST(0xffffffffffffffff, &(0x7f00000006c0)={&(0x7f0000000340), 0xc, 0x0}, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$DRM_IOCTL_WAIT_VBLANK(0xffffffffffffffff, 0xc018643a, &(0x7f0000000440)={0x0, 0x7, 0x36}) setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000480)={0x0, @rand_addr, @local}, 0xc) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000001940)='/dev/qat_adf_ctl\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYRES16=0x0], 0x1}}, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$KVM_NMI(r4, 0xae9a) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r4, 0xae80, 0x0) 10:20:58 executing program 4: mkdir(&(0x7f0000000180)='./bus\x00', 0x0) mount$overlay(0x400002, &(0x7f0000000140)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f00000001c0)={[{@redirect_dir={'redirect_dir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './file0'}}]}) 10:20:58 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpgrp(0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x7}, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002380)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) ptrace$pokeuser(0x6, 0xffffffffffffffff, 0x5, 0x3) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) r3 = socket(0x0, 0x802, 0x0) write(r3, 0x0, 0x0) getsockname$inet6(r3, &(0x7f0000000440)={0xa, 0x0, 0x0, @mcast2}, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$SNDRV_TIMER_IOCTL_STOP(r1, 0x54a1) sched_setattr(0x0, &(0x7f00000002c0)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2$9p(&(0x7f0000000000), 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f0000000000)='/dev/fuse\x00', 0x2, 0x0) r4 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000100)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000040)='fuse\x00', 0x0, &(0x7f0000000380)={{'fd', 0x3d, r4}, 0x2c, {'rootmode', 0x3d, 0x4003}, 0x2c, {'user_id'}, 0x2c, {'group_id'}, 0x2c, {[{@default_permissions='default_permissions'}]}}) openat$fuse(0xffffffffffffff9c, &(0x7f0000000100)='/dev/fuse\x00', 0x2, 0x0) creat(&(0x7f0000000200)='./file0/bus\x00', 0xbc9dc8fbd81cb4b1) [ 442.291285][T12022] overlayfs: option "workdir=./file0" is useless in a non-upper mount, ignore [ 442.328437][T12022] overlayfs: bad mount option "redirect_dir=./file0" 10:20:58 executing program 4: r0 = epoll_create1(0x0) epoll_pwait(r0, &(0x7f0000001380)=[{}], 0x1, 0x286, 0x0, 0x0) r1 = socket(0x1e, 0x1, 0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000240)) epoll_ctl$EPOLL_CTL_MOD(r0, 0x3, r1, &(0x7f0000000040)={0xc000201c}) 10:20:58 executing program 2: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0)='NLBL_CIPSOv4\x00') socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000300)) sendmsg$NLBL_CIPSOV4_C_REMOVE(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000240), 0xc, 0x0, 0x1, 0x0, 0x0, 0x40004}, 0x0) sendmsg$NLBL_CIPSOV4_C_LIST(0xffffffffffffffff, &(0x7f00000006c0)={&(0x7f0000000340), 0xc, 0x0}, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$DRM_IOCTL_WAIT_VBLANK(0xffffffffffffffff, 0xc018643a, &(0x7f0000000440)={0x0, 0x7, 0x36}) setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000480)={0x0, @rand_addr, @local}, 0xc) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000001940)='/dev/qat_adf_ctl\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYRES16=0x0], 0x1}}, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$KVM_NMI(r4, 0xae9a) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r4, 0xae80, 0x0) [ 442.440386][T12006] attempt to access beyond end of device [ 442.464154][T12006] loop5: rw=2049, want=81, limit=63 [ 442.524529][T12006] attempt to access beyond end of device [ 442.537958][T12006] loop5: rw=2049, want=78, limit=63 [ 442.551451][T12034] syz-executor.1 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 442.552327][T12006] Buffer I/O error on dev loop5, logical block 77, lost async page write 10:20:59 executing program 3: unshare(0x40000000) r0 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=@ipv4_delrule={0x20, 0x21, 0x1}, 0x20}}, 0x0) mount(0x0, 0x0, 0x0, 0x0, 0x0) [ 442.567634][T12034] CPU: 1 PID: 12034 Comm: syz-executor.1 Not tainted 5.5.0-rc1-syzkaller #0 [ 442.580825][T12034] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 442.590884][T12034] Call Trace: [ 442.594183][T12034] dump_stack+0x11d/0x181 [ 442.598603][T12034] dump_header+0xaa/0x39c [ 442.602993][T12034] oom_kill_process.cold+0x10/0x15 [ 442.608099][T12034] out_of_memory+0x231/0xa60 [ 442.612767][T12034] ? __rcu_read_unlock+0x66/0x3d0 [ 442.618148][T12034] mem_cgroup_out_of_memory+0x128/0x150 [ 442.623687][T12034] try_charge+0xb6c/0xbf0 [ 442.628151][T12034] ? __rcu_read_unlock+0x66/0x3d0 [ 442.633273][T12034] __memcg_kmem_charge_memcg+0x4a/0xe0 [ 442.638730][T12034] __memcg_kmem_charge+0xcf/0x1b0 [ 442.643755][T12034] __alloc_pages_nodemask+0x26c/0x310 [ 442.649117][T12034] alloc_pages_current+0xd1/0x170 [ 442.654182][T12034] pte_alloc_one+0x18/0x50 [ 442.658624][T12034] copy_huge_pmd+0x8f/0x7b0 [ 442.663178][T12034] copy_page_range+0x6a2/0x19b0 [ 442.668140][T12034] ? __read_once_size.constprop.0+0x12/0x20 [ 442.674101][T12034] ? __rcu_read_unlock+0x66/0x3d0 [ 442.679287][T12034] ? vma_gap_callbacks_rotate+0x126/0x190 [ 442.685224][T12034] dup_mm+0x74a/0xba0 [ 442.689338][T12034] copy_process+0x3138/0x3c40 [ 442.694014][T12034] _do_fork+0xfe/0x7a0 [ 442.698088][T12034] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 442.704406][T12034] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 442.710307][T12034] ? __read_once_size+0x5a/0xe0 [ 442.716069][T12034] __x64_sys_clone+0x130/0x170 [ 442.720903][T12034] do_syscall_64+0xcc/0x3a0 [ 442.725438][T12034] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 442.731324][T12034] RIP: 0033:0x45b349 [ 442.735291][T12034] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 442.755074][T12034] RSP: 002b:00007f8c5b458c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 442.763572][T12034] RAX: ffffffffffffffda RBX: 00007f8c5b4596d4 RCX: 000000000045b349 [ 442.771602][T12034] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 442.779586][T12034] RBP: 000000000075bfc8 R08: ffffffffffffffff R09: 0000000000000000 [ 442.787616][T12034] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 442.795607][T12034] R13: 0000000000000070 R14: 00000000004c1bc4 R15: 000000000075bfd4 [ 442.806756][T12034] memory: usage 307200kB, limit 307200kB, failcnt 4115 [ 442.815426][T12034] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 442.853247][T12034] Memory cgroup stats for /syz1: [ 442.853474][T12034] anon 306749440 [ 442.853474][T12034] file 0 [ 442.853474][T12034] kernel_stack 368640 [ 442.853474][T12034] slab 3514368 [ 442.853474][T12034] sock 0 [ 442.853474][T12034] shmem 0 [ 442.853474][T12034] file_mapped 0 [ 442.853474][T12034] file_dirty 0 [ 442.853474][T12034] file_writeback 0 [ 442.853474][T12034] anon_thp 253755392 [ 442.853474][T12034] inactive_anon 193568768 [ 442.853474][T12034] active_anon 6778880 [ 442.853474][T12034] inactive_file 0 10:20:59 executing program 4: mkdir(&(0x7f0000000180)='./bus\x00', 0x0) creat(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mount$overlay(0x400002, &(0x7f0000000000)='./bus\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f0000000280)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './bus'}}, {@workdir={'workdir', 0x3d, './file0'}}]}) chdir(&(0x7f00000002c0)='./bus\x00') creat(&(0x7f00000001c0)='./file0\x00', 0x0) llistxattr(&(0x7f0000000140)='./file0\x00', &(0x7f0000000300)=""/91, 0x5b) [ 442.853474][T12034] active_file 0 [ 442.853474][T12034] unevictable 106721280 [ 442.853474][T12034] slab_reclaimable 675840 [ 442.853474][T12034] slab_unreclaimable 2838528 [ 442.853474][T12034] pgfault 139491 [ 442.853474][T12034] pgmajfault 0 [ 442.853474][T12034] workingset_refault 33 [ 442.853474][T12034] workingset_activate 0 [ 442.853474][T12034] workingset_nodereclaim 0 [ 442.853474][T12034] pgrefill 265 [ 442.853474][T12034] pgscan 297 [ 442.853474][T12034] pgsteal 33 [ 442.985191][T12006] attempt to access beyond end of device [ 442.994294][T12006] loop5: rw=0, want=78, limit=63 10:20:59 executing program 0: r0 = socket(0x10, 0x80002, 0x0) ioctl(r0, 0x1000008912, &(0x7f00000001c0)="080db5055e0bcfe8697071") clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000005c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479", 0x34}], 0x4, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffeff}, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x3c) ptrace$cont(0x18, r1, 0x0, 0x0) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r1, 0x0, 0x0) 10:20:59 executing program 5: mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000380)='./file0\x00', 0x0, 0x0, 0x0) mount$fuse(0x20000000, &(0x7f0000000580)='./file0\x00', 0x0, 0x7a04, 0x0) umount2(&(0x7f00000001c0)='./file0\x00', 0x0) [ 443.069178][T12034] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=12003,uid=0 [ 443.075926][T12043] IPVS: ftp: loaded support on port[0] = 21 [ 443.101722][T12034] Memory cgroup out of memory: Killed process 12003 (syz-executor.1) total-vm:72716kB, anon-rss:18248kB, file-rss:54364kB, shmem-rss:0kB, UID:0 pgtables:192512kB oom_score_adj:1000 10:20:59 executing program 2: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0)='NLBL_CIPSOv4\x00') socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000300)) sendmsg$NLBL_CIPSOV4_C_REMOVE(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000240), 0xc, 0x0, 0x1, 0x0, 0x0, 0x40004}, 0x0) sendmsg$NLBL_CIPSOV4_C_LIST(0xffffffffffffffff, &(0x7f00000006c0)={&(0x7f0000000340), 0xc, 0x0}, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$DRM_IOCTL_WAIT_VBLANK(0xffffffffffffffff, 0xc018643a, &(0x7f0000000440)={0x0, 0x7, 0x36}) setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000480)={0x0, @rand_addr, @local}, 0xc) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000001940)='/dev/qat_adf_ctl\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYRES16=0x0], 0x1}}, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$KVM_NMI(r4, 0xae9a) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r4, 0xae80, 0x0) [ 443.115791][T12046] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 443.197558][T12048] overlayfs: failed to resolve './file1': -2 [ 443.236651][T12043] IPVS: ftp: loaded support on port[0] = 21 [ 443.261137][T12052] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 10:20:59 executing program 4: mkdir(&(0x7f0000000180)='./bus\x00', 0x0) creat(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mount$overlay(0x400002, &(0x7f0000000000)='./bus\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f0000000280)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './bus'}}, {@workdir={'workdir', 0x3d, './file0'}}]}) chdir(&(0x7f00000002c0)='./bus\x00') creat(&(0x7f00000001c0)='./file0\x00', 0x0) llistxattr(&(0x7f0000000140)='./file0\x00', &(0x7f0000000300)=""/91, 0x5b) [ 443.309744][T12058] ptrace attach of "/root/syz-executor.0"[12056] was attempted by "/root/syz-executor.0"[12058] 10:21:00 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) sched_setattr(0x0, 0x0, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000200)='/dev/snapshot\x00', 0x288000, 0x0) syz_open_dev$audion(&(0x7f0000000240)='/dev/audio#\x00', 0x9, 0x200840) dup(r1) ioctl$RTC_VL_READ(r1, 0x80047013, &(0x7f00000000c0)) exit(0x7) write$binfmt_script(0xffffffffffffffff, &(0x7f00000003c0)={'#! ', './file0', [{0x20, '/dev/kvm\x00'}, {}, {}, {0x20, 'proc'}], 0xa, "df7c00e09c916729334fbe57a726284a85ae23e7eb165a0922b020a14afa53fc919ed5b5820a609af38acfc21c2cacee2f808e60eafcd3ec51fdb7f62ca135bbf86f9c1bbf9c23db4038c329b0e8d63563439cf1b94606299a6c503abe926decd68a7e671c7dfcc4125e9888fbc8ce452b52"}, 0x8e) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) r2 = syz_open_dev$amidi(&(0x7f0000000280)='/dev/amidi#\x00', 0xaf, 0x428240) ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(r2, 0xc080661a, &(0x7f00000002c0)={{0x2, 0x0, @identifier="8cff7fc81ac6de7927c1c322084eaabd"}}) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) r3 = syz_open_procfs(0x0, &(0x7f0000000180)='net/softnet_stat\x00') close(r3) ioctl$BINDER_GET_NODE_INFO_FOR_REF(0xffffffffffffffff, 0xc018620c, &(0x7f0000000180)={0x2}) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) dup(r4) open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, &(0x7f0000000100)={{0x7f, 0x3, 0x7, 0xa59e}, 'syz0\x00', 0x37}) 10:21:00 executing program 0: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r4 = open$dir(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) write(r3, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de", 0x1f1) sendfile(r3, r4, 0x0, 0x7fffffa7) truncate(&(0x7f0000000280)='./file0\x00', 0x4626) 10:21:00 executing program 5: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r2 = open$dir(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) write(r1, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de8217", 0x1f3) sendfile(r1, r2, 0x0, 0x7fffffa7) truncate(&(0x7f0000000280)='./file0\x00', 0x4626) 10:21:00 executing program 2: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0)='NLBL_CIPSOv4\x00') socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000300)) sendmsg$NLBL_CIPSOV4_C_REMOVE(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000240), 0xc, 0x0, 0x1, 0x0, 0x0, 0x40004}, 0x0) sendmsg$NLBL_CIPSOV4_C_LIST(0xffffffffffffffff, &(0x7f00000006c0)={&(0x7f0000000340), 0xc, 0x0}, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$DRM_IOCTL_WAIT_VBLANK(0xffffffffffffffff, 0xc018643a, &(0x7f0000000440)={0x0, 0x7, 0x36}) setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000480)={0x0, @rand_addr, @local}, 0xc) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000001940)='/dev/qat_adf_ctl\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYRES16=0x0], 0x1}}, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$KVM_NMI(r4, 0xae9a) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r4, 0xae80, 0x0) 10:21:00 executing program 3: unshare(0x40000000) r0 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=@ipv4_delrule={0x20, 0x21, 0x1}, 0x20}}, 0x0) mount(0x0, 0x0, 0x0, 0x0, 0x0) [ 443.715488][T10734] tipc: TX() has been purged, node left! [ 443.764833][ T27] audit: type=1800 audit(1579602060.256:33): pid=12077 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.5" name="file0" dev="loop5" ino=45 res=0 [ 443.854885][T12081] IPVS: ftp: loaded support on port[0] = 21 [ 443.862632][ T27] audit: type=1804 audit(1579602060.276:34): pid=12077 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir596420966/syzkaller.NtBLMn/191/file0/file0" dev="loop5" ino=45 res=1 10:21:00 executing program 4: r0 = socket$inet6(0xa, 0x2, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='sysfs\x00', 0x0, 0x0) mount(0x0, &(0x7f0000000200)='./file0\x00', 0x0, 0x100000, 0x0) clone(0x70024000, 0x0, 0x0, 0x0, 0x0) mount$fuse(0x20000000, &(0x7f0000000580)='./file0\x00', 0x0, 0x7a04, 0x0) umount2(&(0x7f00000001c0)='./file0\x00', 0x0) 10:21:00 executing program 2: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0)='NLBL_CIPSOv4\x00') socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000300)) sendmsg$NLBL_CIPSOV4_C_REMOVE(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000240), 0xc, 0x0, 0x1, 0x0, 0x0, 0x40004}, 0x0) sendmsg$NLBL_CIPSOV4_C_LIST(0xffffffffffffffff, &(0x7f00000006c0)={&(0x7f0000000340), 0xc, 0x0}, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$DRM_IOCTL_WAIT_VBLANK(0xffffffffffffffff, 0xc018643a, &(0x7f0000000440)={0x0, 0x7, 0x36}) setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000480)={0x0, @rand_addr, @local}, 0xc) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000001940)='/dev/qat_adf_ctl\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYRES16=0x0], 0x1}}, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$KVM_NMI(r4, 0xae9a) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r4, 0xae80, 0x0) [ 444.034006][ T27] audit: type=1800 audit(1579602060.526:35): pid=12091 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="file0" dev="sda1" ino=16533 res=0 [ 444.068630][T12087] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 444.101763][ T27] audit: type=1804 audit(1579602060.526:36): pid=12091 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir511412536/syzkaller.bCjnXx/216/file0/file0" dev="sda1" ino=16533 res=1 10:21:00 executing program 5: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r2 = open$dir(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) write(r1, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de8217", 0x1f3) sendfile(r1, r2, 0x0, 0x7fffffa7) truncate(&(0x7f0000000280)='./file0\x00', 0x4626) 10:21:00 executing program 0: r0 = openat$ion(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000009000)={0x24e2, 0x23}) 10:21:00 executing program 2: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0)='NLBL_CIPSOv4\x00') socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000300)) sendmsg$NLBL_CIPSOV4_C_REMOVE(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000240), 0xc, 0x0, 0x1, 0x0, 0x0, 0x40004}, 0x0) sendmsg$NLBL_CIPSOV4_C_LIST(0xffffffffffffffff, &(0x7f00000006c0)={&(0x7f0000000340), 0xc, 0x0}, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$DRM_IOCTL_WAIT_VBLANK(0xffffffffffffffff, 0xc018643a, &(0x7f0000000440)={0x0, 0x7, 0x36}) setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000480)={0x0, @rand_addr, @local}, 0xc) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000001940)='/dev/qat_adf_ctl\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYRES16=0x0], 0x1}}, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$KVM_NMI(r4, 0xae9a) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r4, 0xae80, 0x0) [ 444.409021][T12104] IPVS: ftp: loaded support on port[0] = 21 10:21:01 executing program 0: r0 = syz_open_dev$usbfs(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x4000000000000071, 0x28841) unshare(0x400) ioctl$USBDEVFS_CLEAR_HALT(r0, 0x80045515, &(0x7f0000000000)) 10:21:01 executing program 0: r0 = syz_open_dev$usbfs(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x4000000000000071, 0x28841) unshare(0x400) ioctl$USBDEVFS_CLEAR_HALT(r0, 0x80045518, 0x0) [ 444.676863][ T27] audit: type=1800 audit(1579602061.166:37): pid=12110 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.5" name="file0" dev="loop5" ino=47 res=0 [ 444.805975][T12129] syz-executor.1 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 444.823478][ T27] audit: type=1804 audit(1579602061.266:38): pid=12110 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir596420966/syzkaller.NtBLMn/192/file0/file0" dev="loop5" ino=47 res=1 [ 444.836164][T12129] CPU: 1 PID: 12129 Comm: syz-executor.1 Not tainted 5.5.0-rc1-syzkaller #0 [ 444.857157][T12129] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 444.867306][T12129] Call Trace: [ 444.870788][T12129] dump_stack+0x11d/0x181 [ 444.875145][T12129] dump_header+0xaa/0x39c [ 444.879489][T12129] oom_kill_process.cold+0x10/0x15 [ 444.884733][T12129] out_of_memory+0x231/0xa60 [ 444.889338][T12129] ? __rcu_read_unlock+0x66/0x3d0 [ 444.894390][T12129] mem_cgroup_out_of_memory+0x128/0x150 [ 444.899971][T12129] try_charge+0xb6c/0xbf0 [ 444.904398][T12129] ? __rcu_read_unlock+0x66/0x3d0 [ 444.909478][T12129] __memcg_kmem_charge_memcg+0x4a/0xe0 [ 444.914988][T12129] __memcg_kmem_charge+0xcf/0x1b0 [ 444.920040][T12129] __alloc_pages_nodemask+0x26c/0x310 [ 444.925441][T12129] alloc_pages_current+0xd1/0x170 [ 444.930550][T12129] pte_alloc_one+0x18/0x50 [ 444.935002][T12129] copy_huge_pmd+0x8f/0x7b0 [ 444.939551][T12129] copy_page_range+0x6a2/0x19b0 [ 444.944430][T12129] ? __read_once_size.constprop.0+0x12/0x20 [ 444.950437][T12129] ? __rcu_read_unlock+0x66/0x3d0 [ 444.955743][T12129] ? vma_gap_callbacks_rotate+0x126/0x190 [ 444.962094][T12129] dup_mm+0x74a/0xba0 [ 444.966113][T12129] copy_process+0x3138/0x3c40 [ 444.970999][T12129] _do_fork+0xfe/0x7a0 [ 444.975183][T12129] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 444.981545][T12129] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 444.987474][T12129] ? __read_once_size+0x5a/0xe0 [ 444.992388][T12129] __x64_sys_clone+0x130/0x170 [ 444.997250][T12129] do_syscall_64+0xcc/0x3a0 [ 445.003239][T12129] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 445.009400][T12129] RIP: 0033:0x45b349 [ 445.013327][T12129] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 445.035620][T12129] RSP: 002b:00007f8c5b458c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 445.044225][T12129] RAX: ffffffffffffffda RBX: 00007f8c5b4596d4 RCX: 000000000045b349 [ 445.052612][T12129] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 445.061724][T12129] RBP: 000000000075bfc8 R08: ffffffffffffffff R09: 0000000000000000 [ 445.072041][T12129] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 445.081097][T12129] R13: 0000000000000070 R14: 00000000004c1bc4 R15: 000000000075bfd4 [ 445.119776][T12132] IPVS: ftp: loaded support on port[0] = 21 [ 445.247569][T12129] memory: usage 307200kB, limit 307200kB, failcnt 4149 [ 445.256707][T12129] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 445.273979][T12129] Memory cgroup stats for /syz1: [ 445.274324][T12129] anon 306814976 [ 445.274324][T12129] file 0 [ 445.274324][T12129] kernel_stack 331776 [ 445.274324][T12129] slab 3514368 [ 445.274324][T12129] sock 0 [ 445.274324][T12129] shmem 0 [ 445.274324][T12129] file_mapped 0 [ 445.274324][T12129] file_dirty 0 [ 445.274324][T12129] file_writeback 0 [ 445.274324][T12129] anon_thp 253755392 [ 445.274324][T12129] inactive_anon 193544192 [ 445.274324][T12129] active_anon 6778880 [ 445.274324][T12129] inactive_file 0 [ 445.274324][T12129] active_file 0 [ 445.274324][T12129] unevictable 106688512 [ 445.274324][T12129] slab_reclaimable 675840 [ 445.274324][T12129] slab_unreclaimable 2838528 [ 445.274324][T12129] pgfault 140349 [ 445.274324][T12129] pgmajfault 0 [ 445.274324][T12129] workingset_refault 33 [ 445.274324][T12129] workingset_activate 0 [ 445.274324][T12129] workingset_nodereclaim 0 [ 445.274324][T12129] pgrefill 265 [ 445.274324][T12129] pgscan 297 [ 445.274324][T12129] pgsteal 33 [ 445.383341][T12129] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=12089,uid=0 [ 445.399197][T12129] Memory cgroup out of memory: Killed process 12089 (syz-executor.1) total-vm:72716kB, anon-rss:18248kB, file-rss:54364kB, shmem-rss:0kB, UID:0 pgtables:192512kB oom_score_adj:1000 10:21:02 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) sched_setattr(0x0, 0x0, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000200)='/dev/snapshot\x00', 0x288000, 0x0) syz_open_dev$audion(&(0x7f0000000240)='/dev/audio#\x00', 0x9, 0x200840) dup(r1) ioctl$RTC_VL_READ(r1, 0x80047013, &(0x7f00000000c0)) exit(0x7) write$binfmt_script(0xffffffffffffffff, &(0x7f00000003c0)={'#! ', './file0', [{0x20, '/dev/kvm\x00'}, {}, {}, {0x20, 'proc'}], 0xa, "df7c00e09c916729334fbe57a726284a85ae23e7eb165a0922b020a14afa53fc919ed5b5820a609af38acfc21c2cacee2f808e60eafcd3ec51fdb7f62ca135bbf86f9c1bbf9c23db4038c329b0e8d63563439cf1b94606299a6c503abe926decd68a7e671c7dfcc4125e9888fbc8ce452b52"}, 0x8e) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) r2 = syz_open_dev$amidi(&(0x7f0000000280)='/dev/amidi#\x00', 0xaf, 0x428240) ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(r2, 0xc080661a, &(0x7f00000002c0)={{0x2, 0x0, @identifier="8cff7fc81ac6de7927c1c322084eaabd"}}) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) r3 = syz_open_procfs(0x0, &(0x7f0000000180)='net/softnet_stat\x00') close(r3) ioctl$BINDER_GET_NODE_INFO_FOR_REF(0xffffffffffffffff, 0xc018620c, &(0x7f0000000180)={0x2}) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) dup(r4) open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, &(0x7f0000000100)={{0x7f, 0x3, 0x7, 0xa59e}, 'syz0\x00', 0x37}) 10:21:02 executing program 3: r0 = syz_open_procfs(0x0, &(0x7f0000000200)='net/tcp6\x00') r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f0000d84000)={0xa, 0x2}, 0x1c) sendto$inet6(r1, &(0x7f0000f6f000), 0xfffffffffffffea7, 0x20000004, &(0x7f0000b63fe4)={0xa, 0x2}, 0x1c) preadv(r0, &(0x7f0000000000)=[{&(0x7f0000000240)=""/158, 0x9e}], 0x1, 0x0) 10:21:02 executing program 0: r0 = timerfd_create(0x0, 0x0) readv(r0, &(0x7f0000000080)=[{&(0x7f0000000200)=""/4096, 0x1000}], 0x1) timerfd_settime(r0, 0x0, &(0x7f00000000c0)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x387b1d0849878266, 0x8031, 0xffffffffffffffff, 0x0) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pkey_mprotect(&(0x7f00002d5000/0x1000)=nil, 0x1000, 0x0, 0xffffffffffffffff) pkey_free(0xffffffffffffffff) 10:21:02 executing program 2: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0)='NLBL_CIPSOv4\x00') socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000300)) sendmsg$NLBL_CIPSOV4_C_REMOVE(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000240), 0xc, 0x0, 0x1, 0x0, 0x0, 0x40004}, 0x0) sendmsg$NLBL_CIPSOV4_C_LIST(0xffffffffffffffff, &(0x7f00000006c0)={&(0x7f0000000340), 0xc, 0x0}, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$DRM_IOCTL_WAIT_VBLANK(0xffffffffffffffff, 0xc018643a, &(0x7f0000000440)={0x0, 0x7, 0x36}) setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000480)={0x0, @rand_addr, @local}, 0xc) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000001940)='/dev/qat_adf_ctl\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYRES16=0x0], 0x1}}, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$KVM_NMI(r4, 0xae9a) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r4, 0xae80, 0x0) 10:21:02 executing program 5: r0 = syz_open_dev$usbfs(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x4000000000000071, 0x28841) unshare(0x400) ioctl$USBDEVFS_CLEAR_HALT(r0, 0x80045505, 0x0) 10:21:02 executing program 4: r0 = syz_open_dev$usbfs(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x4000000000000071, 0x28841) unshare(0x400) ioctl$USBDEVFS_CLEAR_HALT(r0, 0x40085511, 0x0) 10:21:02 executing program 4: r0 = syz_open_dev$usbfs(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x4000000000000071, 0x28841) unshare(0x400) ioctl$USBDEVFS_CLEAR_HALT(r0, 0x40085511, 0x0) 10:21:02 executing program 5: unshare(0x400) r0 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) pwritev(r0, &(0x7f0000001380)=[{&(0x7f0000003040)="02", 0x1}], 0x1, 0x0) 10:21:02 executing program 2: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0)='NLBL_CIPSOv4\x00') socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000300)) sendmsg$NLBL_CIPSOV4_C_REMOVE(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000240), 0xc, 0x0, 0x1, 0x0, 0x0, 0x40004}, 0x0) sendmsg$NLBL_CIPSOV4_C_LIST(0xffffffffffffffff, &(0x7f00000006c0)={&(0x7f0000000340), 0xc, 0x0}, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$DRM_IOCTL_WAIT_VBLANK(0xffffffffffffffff, 0xc018643a, &(0x7f0000000440)={0x0, 0x7, 0x36}) setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000480)={0x0, @rand_addr, @local}, 0xc) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000001940)='/dev/qat_adf_ctl\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYRES16=0x0], 0x1}}, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$KVM_NMI(r4, 0xae9a) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r4, 0xae80, 0x0) 10:21:02 executing program 4: r0 = timerfd_create(0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)) readv(r0, &(0x7f0000000080)=[{&(0x7f0000000200)=""/4096, 0x1000}], 0x1) timerfd_settime(r0, 0x0, &(0x7f00000000c0)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x387b1d0849878266, 0x8031, 0xffffffffffffffff, 0x0) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pkey_mprotect(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 10:21:02 executing program 3: perf_event_open(&(0x7f0000000180)={0x7, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 10:21:02 executing program 5: r0 = syz_open_procfs(0x0, &(0x7f0000000200)='net/tcp6\x00') preadv(r0, &(0x7f0000000500)=[{&(0x7f00000001c0)=""/58, 0x3a}], 0x1, 0xff) [ 446.222451][T10734] tipc: TX() has been purged, node left! [ 446.305468][T10734] tipc: TX() has been purged, node left! [ 446.311512][T10734] tipc: TX() has been purged, node left! [ 446.357808][T12181] syz-executor.1 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 446.389694][T12181] CPU: 0 PID: 12181 Comm: syz-executor.1 Not tainted 5.5.0-rc1-syzkaller #0 [ 446.398425][T12181] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 446.408524][T12181] Call Trace: [ 446.411835][T12181] dump_stack+0x11d/0x181 [ 446.416212][T12181] dump_header+0xaa/0x39c [ 446.420557][T12181] oom_kill_process.cold+0x10/0x15 [ 446.425821][T12181] out_of_memory+0x231/0xa60 [ 446.430438][T12181] ? __rcu_read_unlock+0x66/0x3d0 [ 446.435490][T12181] mem_cgroup_out_of_memory+0x128/0x150 [ 446.441078][T12181] try_charge+0xb6c/0xbf0 [ 446.445443][T12181] ? __rcu_read_unlock+0x66/0x3d0 [ 446.450597][T12181] __memcg_kmem_charge_memcg+0x4a/0xe0 [ 446.456143][T12181] __memcg_kmem_charge+0xcf/0x1b0 [ 446.461560][T12181] __alloc_pages_nodemask+0x26c/0x310 [ 446.469385][T12181] alloc_pages_current+0xd1/0x170 [ 446.474497][T12181] pte_alloc_one+0x18/0x50 [ 446.478963][T12181] copy_huge_pmd+0x8f/0x7b0 [ 446.483493][T12181] copy_page_range+0x6a2/0x19b0 [ 446.488356][T12181] ? __read_once_size.constprop.0+0x12/0x20 [ 446.494320][T12181] ? __rcu_read_unlock+0x66/0x3d0 [ 446.499408][T12181] ? debug_smp_processor_id+0x43/0x137 [ 446.504914][T12181] ? vma_gap_callbacks_rotate+0x126/0x190 [ 446.510652][T12181] dup_mm+0x74a/0xba0 [ 446.514674][T12181] copy_process+0x3138/0x3c40 [ 446.519389][T12181] _do_fork+0xfe/0x7a0 [ 446.523514][T12181] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 446.529770][T12181] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 446.535673][T12181] ? __read_once_size+0x5a/0xe0 [ 446.540629][T12181] __x64_sys_clone+0x130/0x170 [ 446.545434][T12181] do_syscall_64+0xcc/0x3a0 [ 446.550018][T12181] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 446.555932][T12181] RIP: 0033:0x45b349 [ 446.559934][T12181] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 446.579560][T12181] RSP: 002b:00007f8c5b458c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 446.587988][T12181] RAX: ffffffffffffffda RBX: 00007f8c5b4596d4 RCX: 000000000045b349 [ 446.595983][T12181] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 446.603961][T12181] RBP: 000000000075bfc8 R08: ffffffffffffffff R09: 0000000000000000 [ 446.611976][T12181] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 446.619953][T12181] R13: 0000000000000070 R14: 00000000004c1bc4 R15: 000000000075bfd4 [ 446.746737][T12181] memory: usage 307200kB, limit 307200kB, failcnt 4184 [ 446.753695][T12181] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 446.760604][T12181] Memory cgroup stats for /syz1: [ 446.760849][T12181] anon 306786304 [ 446.760849][T12181] file 0 [ 446.760849][T12181] kernel_stack 368640 [ 446.760849][T12181] slab 3514368 [ 446.760849][T12181] sock 0 [ 446.760849][T12181] shmem 0 [ 446.760849][T12181] file_mapped 0 [ 446.760849][T12181] file_dirty 0 [ 446.760849][T12181] file_writeback 0 [ 446.760849][T12181] anon_thp 253755392 [ 446.760849][T12181] inactive_anon 193675264 [ 446.760849][T12181] active_anon 6778880 [ 446.760849][T12181] inactive_file 0 [ 446.760849][T12181] active_file 0 [ 446.760849][T12181] unevictable 106590208 [ 446.760849][T12181] slab_reclaimable 675840 [ 446.760849][T12181] slab_unreclaimable 2838528 [ 446.760849][T12181] pgfault 141141 [ 446.760849][T12181] pgmajfault 0 [ 446.760849][T12181] workingset_refault 33 [ 446.760849][T12181] workingset_activate 0 [ 446.760849][T12181] workingset_nodereclaim 0 [ 446.760849][T12181] pgrefill 265 [ 446.760849][T12181] pgscan 297 [ 446.760849][T12181] pgsteal 33 [ 446.864452][T12181] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=12150,uid=0 [ 446.885244][T12181] Memory cgroup out of memory: Killed process 12150 (syz-executor.1) total-vm:72716kB, anon-rss:18248kB, file-rss:54364kB, shmem-rss:0kB, UID:0 pgtables:192512kB oom_score_adj:1000 10:21:03 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) sched_setattr(0x0, 0x0, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000200)='/dev/snapshot\x00', 0x288000, 0x0) syz_open_dev$audion(&(0x7f0000000240)='/dev/audio#\x00', 0x9, 0x200840) dup(r1) ioctl$RTC_VL_READ(r1, 0x80047013, &(0x7f00000000c0)) exit(0x7) write$binfmt_script(0xffffffffffffffff, &(0x7f00000003c0)={'#! ', './file0', [{0x20, '/dev/kvm\x00'}, {}, {}, {0x20, 'proc'}], 0xa, "df7c00e09c916729334fbe57a726284a85ae23e7eb165a0922b020a14afa53fc919ed5b5820a609af38acfc21c2cacee2f808e60eafcd3ec51fdb7f62ca135bbf86f9c1bbf9c23db4038c329b0e8d63563439cf1b94606299a6c503abe926decd68a7e671c7dfcc4125e9888fbc8ce452b52"}, 0x8e) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) r2 = syz_open_dev$amidi(&(0x7f0000000280)='/dev/amidi#\x00', 0xaf, 0x428240) ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(r2, 0xc080661a, &(0x7f00000002c0)={{0x2, 0x0, @identifier="8cff7fc81ac6de7927c1c322084eaabd"}}) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) r3 = syz_open_procfs(0x0, &(0x7f0000000180)='net/softnet_stat\x00') close(r3) ioctl$BINDER_GET_NODE_INFO_FOR_REF(0xffffffffffffffff, 0xc018620c, &(0x7f0000000180)={0x2}) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) dup(r4) open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, &(0x7f0000000100)={{0x7f, 0x3, 0x7, 0xa59e}, 'syz0\x00', 0x37}) 10:21:03 executing program 2: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0)='NLBL_CIPSOv4\x00') socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000300)) sendmsg$NLBL_CIPSOV4_C_REMOVE(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000240), 0xc, 0x0, 0x1, 0x0, 0x0, 0x40004}, 0x0) sendmsg$NLBL_CIPSOV4_C_LIST(0xffffffffffffffff, &(0x7f00000006c0)={&(0x7f0000000340), 0xc, 0x0}, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$DRM_IOCTL_WAIT_VBLANK(0xffffffffffffffff, 0xc018643a, &(0x7f0000000440)={0x0, 0x7, 0x36}) setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000480)={0x0, @rand_addr, @local}, 0xc) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000001940)='/dev/qat_adf_ctl\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYRES16=0x0], 0x1}}, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$KVM_NMI(r4, 0xae9a) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r4, 0xae80, 0x0) 10:21:03 executing program 3: r0 = syz_open_dev$loop(&(0x7f0000000280)='/dev/loop#\x00', 0x0, 0x8c042) ioctl$BLKFLSBUF(r0, 0x125f, 0x0) 10:21:03 executing program 5: mkdir(&(0x7f0000000180)='./bus\x00', 0x0) creat(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mount$overlay(0x400002, &(0x7f0000000000)='./bus\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f0000000280)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './bus'}}, {@workdir={'workdir', 0x3d, './file0'}}]}) mount$overlay(0x400302, &(0x7f0000000000)='./bus\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './bus'}}, {@workdir={'workdir', 0x3d, './file0'}}]}) lstat(&(0x7f0000000040)='./bus/file0\x00', 0x0) 10:21:03 executing program 0: r0 = timerfd_create(0x0, 0x0) readv(r0, &(0x7f0000000080)=[{&(0x7f0000000200)=""/4096, 0x1000}], 0x1) timerfd_settime(r0, 0x0, &(0x7f00000000c0)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x387b1d0849878266, 0x8031, 0xffffffffffffffff, 0x0) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pkey_mprotect(&(0x7f00002d5000/0x1000)=nil, 0x1000, 0x0, 0xffffffffffffffff) pkey_free(0xffffffffffffffff) 10:21:03 executing program 4: r0 = timerfd_create(0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)) readv(r0, &(0x7f0000000080)=[{&(0x7f0000000200)=""/4096, 0x1000}], 0x1) timerfd_settime(r0, 0x0, &(0x7f00000000c0)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x387b1d0849878266, 0x8031, 0xffffffffffffffff, 0x0) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pkey_mprotect(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) [ 447.157447][T12202] overlayfs: upperdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection. 10:21:03 executing program 3: r0 = syz_open_dev$usbfs(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x4000000000000071, 0x28841) ioctl$USBDEVFS_CONTROL(r0, 0xc0185500, &(0x7f0000000000)={0x23, 0x3, 0x10, 0x0, 0x0, 0x0, 0x0}) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$USBDEVFS_BULK(r0, 0x4b47, 0x0) 10:21:03 executing program 2: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0)='NLBL_CIPSOv4\x00') socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000300)) sendmsg$NLBL_CIPSOV4_C_REMOVE(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000240), 0xc, 0x0, 0x1, 0x0, 0x0, 0x40004}, 0x0) sendmsg$NLBL_CIPSOV4_C_LIST(0xffffffffffffffff, &(0x7f00000006c0)={&(0x7f0000000340), 0xc, 0x0}, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$DRM_IOCTL_WAIT_VBLANK(0xffffffffffffffff, 0xc018643a, &(0x7f0000000440)={0x0, 0x7, 0x36}) setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000480)={0x0, @rand_addr, @local}, 0xc) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000001940)='/dev/qat_adf_ctl\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYRES16=0x0], 0x1}}, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$KVM_NMI(r4, 0xae9a) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r4, 0xae80, 0x0) [ 447.322463][T12214] overlayfs: upperdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection. [ 447.417035][T12213] overlayfs: upperdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection. 10:21:04 executing program 5: unshare(0x400) syz_genetlink_get_family_id$netlbl_unlabel(0x0) r0 = syz_open_dev$loop(&(0x7f0000000280)='/dev/loop#\x00', 0x0, 0x8c042) pwritev(0xffffffffffffffff, 0x0, 0x0, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x10, 0xffffffffffffffff, 0x0) setsockopt$inet6_mtu(0xffffffffffffffff, 0x29, 0x17, &(0x7f0000000040), 0x4) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x10, 0xffffffffffffffff, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) open(0x0, 0x0, 0x0) mmap(&(0x7f000000c000/0x2000)=nil, 0x2000, 0x4, 0x10, 0xffffffffffffffff, 0x0) ioctl$BLKFLSBUF(r0, 0x4c07, 0x0) [ 447.554875][T12223] syz-executor.1 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 447.592824][T12223] CPU: 0 PID: 12223 Comm: syz-executor.1 Not tainted 5.5.0-rc1-syzkaller #0 [ 447.601535][T12223] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 447.611648][T12223] Call Trace: [ 447.615073][T12223] dump_stack+0x11d/0x181 [ 447.619418][T12223] dump_header+0xaa/0x39c [ 447.623767][T12223] oom_kill_process.cold+0x10/0x15 [ 447.628941][T12223] out_of_memory+0x231/0xa60 [ 447.633549][T12223] ? __rcu_read_unlock+0x66/0x3d0 [ 447.638646][T12223] mem_cgroup_out_of_memory+0x128/0x150 [ 447.644412][T12223] try_charge+0xb6c/0xbf0 [ 447.648810][T12223] ? __rcu_read_unlock+0x66/0x3d0 [ 447.654670][T12223] __memcg_kmem_charge_memcg+0x4a/0xe0 [ 447.660310][T12223] __memcg_kmem_charge+0xcf/0x1b0 [ 447.665535][T12223] __alloc_pages_nodemask+0x26c/0x310 [ 447.670950][T12223] alloc_pages_current+0xd1/0x170 [ 447.675994][T12223] pte_alloc_one+0x18/0x50 [ 447.680475][T12223] copy_huge_pmd+0x8f/0x7b0 [ 447.685135][T12223] copy_page_range+0x6a2/0x19b0 [ 447.690037][T12223] ? __read_once_size.constprop.0+0x12/0x20 [ 447.695987][T12223] ? __rcu_read_unlock+0x66/0x3d0 [ 447.701043][T12223] ? vma_gap_callbacks_rotate+0x126/0x190 [ 447.706891][T12223] dup_mm+0x74a/0xba0 [ 447.710923][T12223] copy_process+0x3138/0x3c40 [ 447.715689][T12223] _do_fork+0xfe/0x7a0 [ 447.719800][T12223] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 447.726065][T12223] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 447.731971][T12223] ? __read_once_size+0x5a/0xe0 [ 447.736846][T12223] __x64_sys_clone+0x130/0x170 [ 447.741766][T12223] do_syscall_64+0xcc/0x3a0 [ 447.746330][T12223] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 447.752240][T12223] RIP: 0033:0x45b349 [ 447.756150][T12223] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 447.775915][T12223] RSP: 002b:00007f8c5b458c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 447.784398][T12223] RAX: ffffffffffffffda RBX: 00007f8c5b4596d4 RCX: 000000000045b349 [ 447.792543][T12223] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 447.800536][T12223] RBP: 000000000075bfc8 R08: ffffffffffffffff R09: 0000000000000000 [ 447.808716][T12223] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 447.816715][T12223] R13: 0000000000000070 R14: 00000000004c1bc4 R15: 000000000075bfd4 [ 447.834728][T12223] memory: usage 307200kB, limit 307200kB, failcnt 4223 [ 447.841768][T12223] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 447.849625][T12223] Memory cgroup stats for /syz1: [ 447.849887][T12223] anon 306995200 [ 447.849887][T12223] file 0 [ 447.849887][T12223] kernel_stack 368640 [ 447.849887][T12223] slab 3514368 [ 447.849887][T12223] sock 0 [ 447.849887][T12223] shmem 0 [ 447.849887][T12223] file_mapped 0 [ 447.849887][T12223] file_dirty 0 [ 447.849887][T12223] file_writeback 0 [ 447.849887][T12223] anon_thp 253755392 [ 447.849887][T12223] inactive_anon 193511424 [ 447.849887][T12223] active_anon 6778880 [ 447.849887][T12223] inactive_file 0 [ 447.849887][T12223] active_file 0 [ 447.849887][T12223] unevictable 106749952 10:21:04 executing program 0: r0 = timerfd_create(0x0, 0x0) readv(r0, &(0x7f0000000080)=[{&(0x7f0000000200)=""/4096, 0x1000}], 0x1) timerfd_settime(r0, 0x0, &(0x7f00000000c0)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x387b1d0849878266, 0x8031, 0xffffffffffffffff, 0x0) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pkey_mprotect(&(0x7f00002d5000/0x1000)=nil, 0x1000, 0x0, 0xffffffffffffffff) pkey_free(0xffffffffffffffff) [ 447.849887][T12223] slab_reclaimable 675840 [ 447.849887][T12223] slab_unreclaimable 2838528 [ 447.849887][T12223] pgfault 141999 [ 447.849887][T12223] pgmajfault 0 [ 447.849887][T12223] workingset_refault 33 [ 447.849887][T12223] workingset_activate 0 [ 447.849887][T12223] workingset_nodereclaim 0 [ 447.849887][T12223] pgrefill 265 [ 447.849887][T12223] pgscan 330 [ 447.849887][T12223] pgsteal 33 [ 447.954479][T12223] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=12199,uid=0 [ 448.003744][T12223] Memory cgroup out of memory: Killed process 12199 (syz-executor.1) total-vm:72716kB, anon-rss:18248kB, file-rss:54364kB, shmem-rss:0kB, UID:0 pgtables:192512kB oom_score_adj:1000 10:21:04 executing program 2: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0)='NLBL_CIPSOv4\x00') socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000300)) sendmsg$NLBL_CIPSOV4_C_REMOVE(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000240), 0xc, 0x0, 0x1, 0x0, 0x0, 0x40004}, 0x0) sendmsg$NLBL_CIPSOV4_C_LIST(0xffffffffffffffff, &(0x7f00000006c0)={&(0x7f0000000340), 0xc, 0x0}, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$DRM_IOCTL_WAIT_VBLANK(0xffffffffffffffff, 0xc018643a, &(0x7f0000000440)={0x0, 0x7, 0x36}) setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000480)={0x0, @rand_addr, @local}, 0xc) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000001940)='/dev/qat_adf_ctl\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYRES16=0x0], 0x1}}, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$KVM_NMI(r4, 0xae9a) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r4, 0xae80, 0x0) 10:21:04 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) r2 = inotify_init() r3 = inotify_add_watch(r2, &(0x7f0000000040)='./file0\x00', 0x20000000) r4 = inotify_init() read(r4, 0x0, 0x11) inotify_add_watch(r4, &(0x7f0000000000)='./file0\x00', 0x2000000) inotify_rm_watch(r4, r3) [ 448.192602][ T1066] oom_reaper: reaped process 12199 (syz-executor.1), now anon-rss:18272kB, file-rss:54364kB, shmem-rss:0kB 10:21:05 executing program 1: openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) sched_setattr(0x0, 0x0, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000200)='/dev/snapshot\x00', 0x288000, 0x0) syz_open_dev$audion(&(0x7f0000000240)='/dev/audio#\x00', 0x9, 0x200840) dup(r0) ioctl$RTC_VL_READ(r0, 0x80047013, &(0x7f00000000c0)) exit(0x7) write$binfmt_script(0xffffffffffffffff, &(0x7f00000003c0)={'#! ', './file0', [{0x20, '/dev/kvm\x00'}, {}, {}, {0x20, 'proc'}], 0xa, "df7c00e09c916729334fbe57a726284a85ae23e7eb165a0922b020a14afa53fc919ed5b5820a609af38acfc21c2cacee2f808e60eafcd3ec51fdb7f62ca135bbf86f9c1bbf9c23db4038c329b0e8d63563439cf1b94606299a6c503abe926decd68a7e671c7dfcc4125e9888fbc8ce452b52"}, 0x8e) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) r1 = syz_open_dev$amidi(&(0x7f0000000280)='/dev/amidi#\x00', 0xaf, 0x428240) ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(r1, 0xc080661a, &(0x7f00000002c0)={{0x2, 0x0, @identifier="8cff7fc81ac6de7927c1c322084eaabd"}}) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) r2 = syz_open_procfs(0x0, &(0x7f0000000180)='net/softnet_stat\x00') close(r2) ioctl$BINDER_GET_NODE_INFO_FOR_REF(0xffffffffffffffff, 0xc018620c, &(0x7f0000000180)={0x2}) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) dup(r3) open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, &(0x7f0000000100)={{0x7f, 0x3, 0x7, 0xa59e}, 'syz0\x00', 0x37}) 10:21:05 executing program 4: r0 = timerfd_create(0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)) readv(r0, &(0x7f0000000080)=[{&(0x7f0000000200)=""/4096, 0x1000}], 0x1) timerfd_settime(r0, 0x0, &(0x7f00000000c0)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x387b1d0849878266, 0x8031, 0xffffffffffffffff, 0x0) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pkey_mprotect(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 10:21:05 executing program 3: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) fstatfs(r0, &(0x7f0000000240)=""/55) r2 = open(&(0x7f000000fffa)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x12, r2, 0x0) sendto$inet6(r2, &(0x7f0000000140)="23a2b26551c9fcf2e2a1a43b307d10a9b738bed3369d14056af416dcb47c133e39628f54fa315f33a3944e5566859cff6c06177a998916343a157f93d6", 0x3d, 0x20004080, &(0x7f0000000180)={0xa, 0x4e24, 0xffffffbf, @local, 0x101}, 0x1c) dup(r1) r3 = open(&(0x7f000000fffa)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x12, r3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040)='nl80211\x00') syz_read_part_table(0x0, 0x1d4, &(0x7f0000000200)=[{&(0x7f0000000080)="0300050000000100001400000000000000000f0000000000000000000500000000004200000000000000000000000000000000000000000000000000000055aa", 0x40, 0x1c0}]) 10:21:05 executing program 2: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0)='NLBL_CIPSOv4\x00') socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000300)) sendmsg$NLBL_CIPSOV4_C_REMOVE(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000240), 0xc, 0x0, 0x1, 0x0, 0x0, 0x40004}, 0x0) sendmsg$NLBL_CIPSOV4_C_LIST(0xffffffffffffffff, &(0x7f00000006c0)={&(0x7f0000000340), 0xc, 0x0}, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$DRM_IOCTL_WAIT_VBLANK(0xffffffffffffffff, 0xc018643a, &(0x7f0000000440)={0x0, 0x7, 0x36}) setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000480)={0x0, @rand_addr, @local}, 0xc) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000001940)='/dev/qat_adf_ctl\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYRES16=0x0], 0x1}}, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$KVM_NMI(r4, 0xae9a) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r4, 0xae80, 0x0) [ 448.793867][T12254] ldm_validate_privheads(): Disk read failed. [ 448.817424][T12254] loop3: p2 < > [ 448.845162][T12254] loop3: partition table partially beyond EOD, truncated [ 448.887088][T12265] syz-executor.1 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 448.900057][T12265] CPU: 1 PID: 12265 Comm: syz-executor.1 Not tainted 5.5.0-rc1-syzkaller #0 [ 448.905709][T12254] loop3: p2 size 2 extends beyond EOD, truncated [ 448.908894][T12265] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 448.908948][T12265] Call Trace: [ 448.928978][T12265] dump_stack+0x11d/0x181 [ 448.933353][T12265] dump_header+0xaa/0x39c [ 448.937715][T12265] oom_kill_process.cold+0x10/0x15 [ 448.942877][T12265] out_of_memory+0x231/0xa60 [ 448.947474][T12265] ? __rcu_read_unlock+0x66/0x3d0 [ 448.952522][T12265] mem_cgroup_out_of_memory+0x128/0x150 [ 448.958139][T12265] try_charge+0xb6c/0xbf0 [ 448.962717][T12265] ? __rcu_read_unlock+0x66/0x3d0 [ 448.967758][T12265] __memcg_kmem_charge_memcg+0x4a/0xe0 [ 448.973373][T12265] __memcg_kmem_charge+0xcf/0x1b0 [ 448.978429][T12265] __alloc_pages_nodemask+0x26c/0x310 [ 448.984000][T12265] alloc_pages_current+0xd1/0x170 [ 448.989059][T12265] pte_alloc_one+0x18/0x50 [ 448.993493][T12265] copy_huge_pmd+0x8f/0x7b0 [ 448.998177][T12265] ? _raw_spin_unlock+0x4b/0x60 [ 449.003118][T12265] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 449.009449][T12265] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 449.015708][T12265] copy_page_range+0x6a2/0x19b0 [ 449.020645][T12265] ? __read_once_size.constprop.0+0x12/0x20 [ 449.026553][T12265] ? __rcu_read_unlock+0x66/0x3d0 [ 449.031607][T12265] ? vma_gap_callbacks_rotate+0x126/0x190 [ 449.037424][T12265] dup_mm+0x74a/0xba0 [ 449.041446][T12265] copy_process+0x3138/0x3c40 [ 449.046168][T12265] _do_fork+0xfe/0x7a0 [ 449.050254][T12265] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 449.056618][T12265] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 449.062678][T12265] ? __read_once_size+0x5a/0xe0 [ 449.067645][T12265] __x64_sys_clone+0x130/0x170 [ 449.072474][T12265] do_syscall_64+0xcc/0x3a0 [ 449.077022][T12265] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 449.082921][T12265] RIP: 0033:0x45b349 [ 449.086830][T12265] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 449.106445][T12265] RSP: 002b:00007f8c5b458c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 449.114881][T12265] RAX: ffffffffffffffda RBX: 00007f8c5b4596d4 RCX: 000000000045b349 [ 449.122878][T12265] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 10:21:05 executing program 0: r0 = timerfd_create(0x0, 0x0) readv(r0, &(0x7f0000000080)=[{&(0x7f0000000200)=""/4096, 0x1000}], 0x1) timerfd_settime(r0, 0x0, &(0x7f00000000c0)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x387b1d0849878266, 0x8031, 0xffffffffffffffff, 0x0) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pkey_mprotect(&(0x7f00002d5000/0x1000)=nil, 0x1000, 0x0, 0xffffffffffffffff) pkey_free(0xffffffffffffffff) 10:21:05 executing program 2: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0)='NLBL_CIPSOv4\x00') socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000300)) sendmsg$NLBL_CIPSOV4_C_REMOVE(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000240), 0xc, 0x0, 0x1, 0x0, 0x0, 0x40004}, 0x0) sendmsg$NLBL_CIPSOV4_C_LIST(0xffffffffffffffff, &(0x7f00000006c0)={&(0x7f0000000340), 0xc, 0x0}, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$DRM_IOCTL_WAIT_VBLANK(0xffffffffffffffff, 0xc018643a, &(0x7f0000000440)={0x0, 0x7, 0x36}) setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000480)={0x0, @rand_addr, @local}, 0xc) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000001940)='/dev/qat_adf_ctl\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYRES16=0x0], 0x1}}, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$KVM_NMI(r4, 0xae9a) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r4, 0xae80, 0x0) [ 449.130872][T12265] RBP: 000000000075bfc8 R08: ffffffffffffffff R09: 0000000000000000 [ 449.138859][T12265] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 449.146887][T12265] R13: 0000000000000070 R14: 00000000004c1bc4 R15: 000000000075bfd4 [ 449.202575][T12265] memory: usage 307200kB, limit 307200kB, failcnt 4268 10:21:05 executing program 5: r0 = syz_open_dev$usbfs(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x4000000000000071, 0x28841) unshare(0x400) ioctl$USBDEVFS_RESETEP(r0, 0x80045503, 0x0) [ 449.310078][T12265] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 449.342572][T12265] Memory cgroup stats for /syz1: [ 449.342859][T12265] anon 306880512 [ 449.342859][T12265] file 0 [ 449.342859][T12265] kernel_stack 331776 [ 449.342859][T12265] slab 3514368 [ 449.342859][T12265] sock 0 [ 449.342859][T12265] shmem 0 [ 449.342859][T12265] file_mapped 0 [ 449.342859][T12265] file_dirty 0 [ 449.342859][T12265] file_writeback 0 [ 449.342859][T12265] anon_thp 253755392 [ 449.342859][T12265] inactive_anon 193511424 [ 449.342859][T12265] active_anon 6791168 [ 449.342859][T12265] inactive_file 0 [ 449.342859][T12265] active_file 0 [ 449.342859][T12265] unevictable 106618880 [ 449.342859][T12265] slab_reclaimable 675840 [ 449.342859][T12265] slab_unreclaimable 2838528 [ 449.342859][T12265] pgfault 142824 [ 449.342859][T12265] pgmajfault 0 [ 449.342859][T12265] workingset_refault 33 [ 449.342859][T12265] workingset_activate 0 [ 449.342859][T12265] workingset_nodereclaim 0 [ 449.342859][T12265] pgrefill 265 [ 449.342859][T12265] pgscan 330 [ 449.342859][T12265] pgsteal 33 10:21:06 executing program 3: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) fstatfs(r0, &(0x7f0000000240)=""/55) r2 = open(&(0x7f000000fffa)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x12, r2, 0x0) sendto$inet6(r2, &(0x7f0000000140)="23a2b26551c9fcf2e2a1a43b307d10a9b738bed3369d14056af416dcb47c133e39628f54fa315f33a3944e5566859cff6c06177a998916343a157f93d6", 0x3d, 0x20004080, &(0x7f0000000180)={0xa, 0x4e24, 0xffffffbf, @local, 0x101}, 0x1c) dup(r1) r3 = open(&(0x7f000000fffa)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x12, r3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040)='nl80211\x00') syz_read_part_table(0x0, 0x1d4, &(0x7f0000000200)=[{&(0x7f0000000080)="0300050000000100001400000000000000000f0000000000000000000500000000004200000000000000000000000000000000000000000000000000000055aa", 0x40, 0x1c0}]) 10:21:06 executing program 5: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f0000000040)=0x100000001, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e21, @local}, 0x10) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000000)=[@mss, @mss, @window, @mss={0x2, 0x919f}, @window={0x3, 0x0, 0xcb}, @mss], 0x1e7) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000200), 0x88) sendto$inet(r0, &(0x7f0000000640)="e046385738d0b6e2f17050c3002a9fe3e2f4bbc226e39bf35204d275a8fadde37aab3905bbacaf04d57fb246d660ea69d755b5fa4e9dcdda9919e7cfdd2fd6f2ffd8ca8b450d8b0646e2d9363d42c096c630e57a2bfd2c36cec695821437e9d3554f3eb5c048236b4b4adb7e302a1588fa2daa0101000000000000f38fe3b4bded81207efe8fd987bd3b2cc76b79deb96df13c5456630d4cfb858f6dbcdd4f199a5164ba2fde0014d7f98d9251bbc07bca2b6710308dddc540dfb44b0f9a5f27d73e1c33d091ce5c7f8e57291112231b051a2af634f381203b6b98cb0c0a1291bd094e861061a5a7cd4777d447690e4ce2c07c13e8be18014070681395d0b0c385e39ce7d422637255c6d13229f280b57064ba62d52e7bfe695f75de4854fdef56f93ca9d237175aa0197b0e6850bd4158666d28006da6a35362b29ed6895507ab4064c7fcece12dfb9411b1274080915c0d3a124ae1b77be2d7c8c9c86c4d7a7589d7fc9c922ac84b411d0c219816f586b6fc7d2452ff4c5eb64f913598968cfae6f30fb0dc0ee08865739ed8aef27a1d973860531ae8a8c5dd6263e690a5be08e6732a2d526a6455ab9a9fcd36140462021416cc8d43c5b09215d8e4c221ea58fc6974edb8e258c738811f523b25c3d94c91b7d080b5466cbe699b2123cac02430e01d4b57c0dc794268f9b172694745678fcc68c569d01e821113d76b090ac0740cd35f82bfc027bfd500904bc62e260dc9d60d1545396141cff61bf720d5aff18c58278cc2778eae68f3ead53a4adae3b68c5344c3a982939d84661a042622fc9414ee873a78548299340d8fdef879802c636400"/611, 0xffffffffffffff67, 0x40007bd, 0x0, 0xffffffffffffff4f) [ 449.534752][T12265] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=12259,uid=0 [ 449.559299][T12265] Memory cgroup out of memory: Killed process 12259 (syz-executor.1) total-vm:72716kB, anon-rss:18248kB, file-rss:54364kB, shmem-rss:0kB, UID:0 pgtables:192512kB oom_score_adj:1000 [ 449.832764][T12288] ldm_validate_privheads(): Disk read failed. [ 449.840579][T12288] loop3: p2 < > [ 449.848824][T12288] loop3: partition table partially beyond EOD, truncated [ 449.864224][T12288] loop3: p2 size 2 extends beyond EOD, truncated 10:21:06 executing program 2: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0)='NLBL_CIPSOv4\x00') socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000300)) sendmsg$NLBL_CIPSOV4_C_REMOVE(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000240), 0xc, 0x0, 0x1, 0x0, 0x0, 0x40004}, 0x0) sendmsg$NLBL_CIPSOV4_C_LIST(0xffffffffffffffff, &(0x7f00000006c0)={&(0x7f0000000340), 0xc, 0x0}, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$DRM_IOCTL_WAIT_VBLANK(0xffffffffffffffff, 0xc018643a, &(0x7f0000000440)={0x0, 0x7, 0x36}) setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000480)={0x0, @rand_addr, @local}, 0xc) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000001940)='/dev/qat_adf_ctl\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYRES16=0x0], 0x1}}, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$KVM_NMI(r4, 0xae9a) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r4, 0xae80, 0x0) 10:21:06 executing program 3: syz_mount_image$vfat(&(0x7f0000000440)='vfat\x00', &(0x7f0000000400)='./file0\x00', 0xfffffffffffffffa, 0x1, &(0x7f00000003c0)=[{&(0x7f0000000080)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000300)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) fspick(r0, &(0x7f0000000040)='./file0\x00', 0x0) 10:21:06 executing program 0: r0 = timerfd_create(0x0, 0x0) readv(r0, &(0x7f0000000080)=[{&(0x7f0000000200)=""/4096, 0x1000}], 0x1) timerfd_settime(r0, 0x0, &(0x7f00000000c0)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x387b1d0849878266, 0x8031, 0xffffffffffffffff, 0x0) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pkey_free(0xffffffffffffffff) 10:21:06 executing program 1: openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) sched_setattr(0x0, 0x0, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000200)='/dev/snapshot\x00', 0x288000, 0x0) syz_open_dev$audion(&(0x7f0000000240)='/dev/audio#\x00', 0x9, 0x200840) dup(r0) ioctl$RTC_VL_READ(r0, 0x80047013, &(0x7f00000000c0)) exit(0x7) write$binfmt_script(0xffffffffffffffff, &(0x7f00000003c0)={'#! ', './file0', [{0x20, '/dev/kvm\x00'}, {}, {}, {0x20, 'proc'}], 0xa, "df7c00e09c916729334fbe57a726284a85ae23e7eb165a0922b020a14afa53fc919ed5b5820a609af38acfc21c2cacee2f808e60eafcd3ec51fdb7f62ca135bbf86f9c1bbf9c23db4038c329b0e8d63563439cf1b94606299a6c503abe926decd68a7e671c7dfcc4125e9888fbc8ce452b52"}, 0x8e) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) r1 = syz_open_dev$amidi(&(0x7f0000000280)='/dev/amidi#\x00', 0xaf, 0x428240) ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(r1, 0xc080661a, &(0x7f00000002c0)={{0x2, 0x0, @identifier="8cff7fc81ac6de7927c1c322084eaabd"}}) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) r2 = syz_open_procfs(0x0, &(0x7f0000000180)='net/softnet_stat\x00') close(r2) ioctl$BINDER_GET_NODE_INFO_FOR_REF(0xffffffffffffffff, 0xc018620c, &(0x7f0000000180)={0x2}) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) dup(r3) open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, &(0x7f0000000100)={{0x7f, 0x3, 0x7, 0xa59e}, 'syz0\x00', 0x37}) [ 450.398893][T12308] FAT-fs (loop3): error, invalid access to FAT (entry 0x00006500) 10:21:06 executing program 4: r0 = timerfd_create(0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)) readv(r0, &(0x7f0000000080)=[{&(0x7f0000000200)=""/4096, 0x1000}], 0x1) timerfd_settime(r0, 0x0, &(0x7f00000000c0)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x387b1d0849878266, 0x8031, 0xffffffffffffffff, 0x0) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pkey_mprotect(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 10:21:06 executing program 2: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0)='NLBL_CIPSOv4\x00') socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000300)) sendmsg$NLBL_CIPSOV4_C_REMOVE(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000240), 0xc, 0x0, 0x1, 0x0, 0x0, 0x40004}, 0x0) sendmsg$NLBL_CIPSOV4_C_LIST(0xffffffffffffffff, &(0x7f00000006c0)={&(0x7f0000000340), 0xc, 0x0}, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$DRM_IOCTL_WAIT_VBLANK(0xffffffffffffffff, 0xc018643a, &(0x7f0000000440)={0x0, 0x7, 0x36}) setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000480)={0x0, @rand_addr, @local}, 0xc) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000001940)='/dev/qat_adf_ctl\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYRES16=0x0], 0x1}}, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$KVM_NMI(r4, 0xae9a) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r4, 0xae80, 0x0) [ 450.458044][T12308] FAT-fs (loop3): Filesystem has been set read-only [ 450.525031][T12317] FAT-fs (loop3): error, invalid access to FAT (entry 0x00006500) [ 450.581221][T12308] FAT-fs (loop3): error, invalid access to FAT (entry 0x00006500) 10:21:07 executing program 5: r0 = syz_open_dev$usbfs(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x4000000000000071, 0x28841) ioctl$USBDEVFS_CONTROL(r0, 0xc0185500, &(0x7f0000000000)={0x23, 0x3, 0x10, 0x0, 0x0, 0x0, 0x0}) r1 = open(&(0x7f000000fffa)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x12, r1, 0x0) open(&(0x7f000000fffa)='./bus\x00', 0x141042, 0x0) ioctl$EVIOCREVOKE(r1, 0x40044591, &(0x7f00000000c0)=0x400) ioctl$USBDEVFS_CONNECTINFO(r0, 0x40085511, &(0x7f0000000080)) 10:21:07 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r2, &(0x7f0000000080)={0xa, 0x0, 0x0, @ipv4={[], [], @loopback}}, 0x1c) setsockopt$inet6_IPV6_ADDRFORM(r2, 0x29, 0x1, &(0x7f0000000040), 0x4) 10:21:07 executing program 2: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0)='NLBL_CIPSOv4\x00') socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000300)) sendmsg$NLBL_CIPSOV4_C_REMOVE(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000240), 0xc, 0x0, 0x1, 0x0, 0x0, 0x40004}, 0x0) sendmsg$NLBL_CIPSOV4_C_LIST(0xffffffffffffffff, &(0x7f00000006c0)={&(0x7f0000000340), 0xc, 0x0}, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$DRM_IOCTL_WAIT_VBLANK(0xffffffffffffffff, 0xc018643a, &(0x7f0000000440)={0x0, 0x7, 0x36}) setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000480)={0x0, @rand_addr, @local}, 0xc) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000001940)='/dev/qat_adf_ctl\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYRES16=0x0], 0x1}}, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$KVM_NMI(r4, 0xae9a) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r4, 0xae80, 0x0) [ 450.960718][T12341] syz-executor.1 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 451.002535][T12341] CPU: 0 PID: 12341 Comm: syz-executor.1 Not tainted 5.5.0-rc1-syzkaller #0 [ 451.011262][T12341] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 451.021366][T12341] Call Trace: [ 451.024745][T12341] dump_stack+0x11d/0x181 [ 451.029113][T12341] dump_header+0xaa/0x39c [ 451.033491][T12341] oom_kill_process.cold+0x10/0x15 [ 451.038660][T12341] out_of_memory+0x231/0xa60 [ 451.043269][T12341] ? __rcu_read_unlock+0x66/0x3d0 [ 451.048402][T12341] mem_cgroup_out_of_memory+0x128/0x150 [ 451.053966][T12341] try_charge+0xb6c/0xbf0 [ 451.058319][T12341] ? __rcu_read_unlock+0x66/0x3d0 [ 451.063374][T12341] __memcg_kmem_charge_memcg+0x4a/0xe0 [ 451.068845][T12341] __memcg_kmem_charge+0xcf/0x1b0 [ 451.073997][T12341] __alloc_pages_nodemask+0x26c/0x310 [ 451.079985][T12341] alloc_pages_current+0xd1/0x170 [ 451.085031][T12341] pte_alloc_one+0x18/0x50 [ 451.089521][T12341] __pte_alloc+0x2d/0x220 [ 451.093868][T12341] copy_page_range+0x135a/0x19b0 [ 451.098821][T12341] ? __read_once_size.constprop.0+0x12/0x20 [ 451.104745][T12341] dup_mm+0x74a/0xba0 [ 451.108762][T12341] copy_process+0x3138/0x3c40 [ 451.113656][T12341] _do_fork+0xfe/0x7a0 [ 451.117816][T12341] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 451.124086][T12341] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 451.130115][T12341] ? __read_once_size+0x5a/0xe0 [ 451.135007][T12341] __x64_sys_clone+0x130/0x170 [ 451.139960][T12341] do_syscall_64+0xcc/0x3a0 [ 451.144772][T12341] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 451.150718][T12341] RIP: 0033:0x45b349 [ 451.154682][T12341] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 451.174409][T12341] RSP: 002b:00007f8c5b458c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 451.182916][T12341] RAX: ffffffffffffffda RBX: 00007f8c5b4596d4 RCX: 000000000045b349 [ 451.190915][T12341] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 451.198894][T12341] RBP: 000000000075bfc8 R08: ffffffffffffffff R09: 0000000000000000 [ 451.206955][T12341] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 451.215041][T12341] R13: 0000000000000070 R14: 00000000004c1bc4 R15: 000000000075bfd4 [ 451.243413][T12341] memory: usage 307200kB, limit 307200kB, failcnt 4322 10:21:07 executing program 0: r0 = timerfd_create(0x0, 0x0) readv(r0, &(0x7f0000000080)=[{&(0x7f0000000200)=""/4096, 0x1000}], 0x1) timerfd_settime(r0, 0x0, &(0x7f00000000c0)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x387b1d0849878266, 0x8031, 0xffffffffffffffff, 0x0) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pkey_free(0xffffffffffffffff) [ 451.250771][T12341] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 451.285096][T12341] Memory cgroup stats for /syz1: [ 451.285440][T12341] anon 306905088 [ 451.285440][T12341] file 0 [ 451.285440][T12341] kernel_stack 368640 [ 451.285440][T12341] slab 3514368 [ 451.285440][T12341] sock 0 [ 451.285440][T12341] shmem 0 [ 451.285440][T12341] file_mapped 0 [ 451.285440][T12341] file_dirty 0 [ 451.285440][T12341] file_writeback 0 [ 451.285440][T12341] anon_thp 253755392 [ 451.285440][T12341] inactive_anon 193675264 [ 451.285440][T12341] active_anon 6766592 [ 451.285440][T12341] inactive_file 0 [ 451.285440][T12341] active_file 0 [ 451.285440][T12341] unevictable 106590208 [ 451.285440][T12341] slab_reclaimable 675840 [ 451.285440][T12341] slab_unreclaimable 2838528 [ 451.285440][T12341] pgfault 143649 [ 451.285440][T12341] pgmajfault 0 [ 451.285440][T12341] workingset_refault 33 [ 451.285440][T12341] workingset_activate 0 [ 451.285440][T12341] workingset_nodereclaim 0 [ 451.285440][T12341] pgrefill 265 [ 451.285440][T12341] pgscan 330 [ 451.285440][T12341] pgsteal 33 [ 451.425671][T12341] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=12312,uid=0 [ 451.448413][T12341] Memory cgroup out of memory: Killed process 12312 (syz-executor.1) total-vm:72716kB, anon-rss:18248kB, file-rss:54364kB, shmem-rss:0kB, UID:0 pgtables:192512kB oom_score_adj:1000 10:21:08 executing program 3: r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xfd08283856736a22) setuid(r1) inotify_init1(0x0) 10:21:08 executing program 2: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0)='NLBL_CIPSOv4\x00') socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000300)) sendmsg$NLBL_CIPSOV4_C_REMOVE(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000240), 0xc, 0x0, 0x1, 0x0, 0x0, 0x40004}, 0x0) sendmsg$NLBL_CIPSOV4_C_LIST(0xffffffffffffffff, &(0x7f00000006c0)={&(0x7f0000000340), 0xc, 0x0}, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$DRM_IOCTL_WAIT_VBLANK(0xffffffffffffffff, 0xc018643a, &(0x7f0000000440)={0x0, 0x7, 0x36}) setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000480)={0x0, @rand_addr, @local}, 0xc) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000001940)='/dev/qat_adf_ctl\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYRES16=0x0], 0x1}}, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$KVM_NMI(r4, 0xae9a) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r4, 0xae80, 0x0) 10:21:08 executing program 5: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$inet_icmp_ICMP_FILTER(r0, 0x1, 0x3e, &(0x7f0000000200)={0x2}, 0x4) sendto$inet(r0, &(0x7f0000000000)="ada4", 0x2, 0xfffffffe, &(0x7f0000000180)={0x2, 0x0, @remote}, 0x10) 10:21:08 executing program 5: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f0000000380)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000000)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000080)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x2d, 0x0, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x2a7) connect$inet6(0xffffffffffffffff, &(0x7f0000000080), 0x1c) pipe(&(0x7f0000000100)={0xffffffffffffffff}) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000740)='cgroup.controllers\x00', 0x275a, 0x0) ioctl$FS_IOC_RESVSP(r2, 0x40305828, &(0x7f0000001900)={0x0, 0x0, 0x0, 0x80000000}) ioctl$sock_inet_SIOCGIFNETMASK(r2, 0x891b, &(0x7f0000000000)={'veth1_to_hsr\x00', {0x2, 0x4e24, @multicast2}}) write$cgroup_int(r2, &(0x7f0000000240), 0x12) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000340)=0x80060) syz_genetlink_get_family_id$ipvs(0x0) r3 = creat(&(0x7f0000000180)='./bus\x00', 0x0) fstat(r3, &(0x7f00000002c0)) sendmsg$IPVS_CMD_NEW_DAEMON(r1, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0xa800c000}, 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x800}, 0x80) 10:21:08 executing program 4: r0 = timerfd_create(0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)) readv(r0, &(0x7f0000000080)=[{&(0x7f0000000200)=""/4096, 0x1000}], 0x1) timerfd_settime(r0, 0x0, &(0x7f00000000c0)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x387b1d0849878266, 0x8031, 0xffffffffffffffff, 0x0) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pkey_mprotect(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) 10:21:08 executing program 1: openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) sched_setattr(0x0, 0x0, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000200)='/dev/snapshot\x00', 0x288000, 0x0) syz_open_dev$audion(&(0x7f0000000240)='/dev/audio#\x00', 0x9, 0x200840) dup(r0) ioctl$RTC_VL_READ(r0, 0x80047013, &(0x7f00000000c0)) exit(0x7) write$binfmt_script(0xffffffffffffffff, &(0x7f00000003c0)={'#! ', './file0', [{0x20, '/dev/kvm\x00'}, {}, {}, {0x20, 'proc'}], 0xa, "df7c00e09c916729334fbe57a726284a85ae23e7eb165a0922b020a14afa53fc919ed5b5820a609af38acfc21c2cacee2f808e60eafcd3ec51fdb7f62ca135bbf86f9c1bbf9c23db4038c329b0e8d63563439cf1b94606299a6c503abe926decd68a7e671c7dfcc4125e9888fbc8ce452b52"}, 0x8e) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) r1 = syz_open_dev$amidi(&(0x7f0000000280)='/dev/amidi#\x00', 0xaf, 0x428240) ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(r1, 0xc080661a, &(0x7f00000002c0)={{0x2, 0x0, @identifier="8cff7fc81ac6de7927c1c322084eaabd"}}) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) r2 = syz_open_procfs(0x0, &(0x7f0000000180)='net/softnet_stat\x00') close(r2) ioctl$BINDER_GET_NODE_INFO_FOR_REF(0xffffffffffffffff, 0xc018620c, &(0x7f0000000180)={0x2}) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) dup(r3) open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, &(0x7f0000000100)={{0x7f, 0x3, 0x7, 0xa59e}, 'syz0\x00', 0x37}) 10:21:08 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$inet_icmp_ICMP_FILTER(r0, 0x1, 0x3e, &(0x7f0000000200)={0x2}, 0x4) sendto$inet(r0, &(0x7f0000000000)="ada4", 0x2, 0x0, &(0x7f0000000180)={0x2, 0x0, @remote}, 0x10) 10:21:08 executing program 2: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0)='NLBL_CIPSOv4\x00') socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000300)) sendmsg$NLBL_CIPSOV4_C_REMOVE(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000240), 0xc, 0x0, 0x1, 0x0, 0x0, 0x40004}, 0x0) sendmsg$NLBL_CIPSOV4_C_LIST(0xffffffffffffffff, &(0x7f00000006c0)={&(0x7f0000000340), 0xc, 0x0}, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$DRM_IOCTL_WAIT_VBLANK(0xffffffffffffffff, 0xc018643a, &(0x7f0000000440)={0x0, 0x7, 0x36}) setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000480)={0x0, @rand_addr, @local}, 0xc) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000001940)='/dev/qat_adf_ctl\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYRES16=0x0], 0x1}}, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$KVM_NMI(r4, 0xae9a) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r4, 0xae80, 0x0) 10:21:08 executing program 0: r0 = timerfd_create(0x0, 0x0) readv(r0, &(0x7f0000000080)=[{&(0x7f0000000200)=""/4096, 0x1000}], 0x1) timerfd_settime(r0, 0x0, &(0x7f00000000c0)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x387b1d0849878266, 0x8031, 0xffffffffffffffff, 0x0) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pkey_free(0xffffffffffffffff) 10:21:08 executing program 3: r0 = socket(0xa, 0x1, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$BINDER_GET_NODE_INFO_FOR_REF(0xffffffffffffffff, 0xc018620c, &(0x7f00000002c0)={0x2}) open(&(0x7f0000000400)='./bus\x00', 0x1141042, 0x0) r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ttyS3\x00', 0x0, 0x0) ioctl$TIOCVHANGUP(r2, 0x5437, 0x0) 10:21:08 executing program 2: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0)='NLBL_CIPSOv4\x00') socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000300)) sendmsg$NLBL_CIPSOV4_C_REMOVE(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000240), 0xc, 0x0, 0x1, 0x0, 0x0, 0x40004}, 0x0) sendmsg$NLBL_CIPSOV4_C_LIST(0xffffffffffffffff, &(0x7f00000006c0)={&(0x7f0000000340), 0xc, 0x0}, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$DRM_IOCTL_WAIT_VBLANK(0xffffffffffffffff, 0xc018643a, &(0x7f0000000440)={0x0, 0x7, 0x36}) setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000480)={0x0, @rand_addr, @local}, 0xc) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000001940)='/dev/qat_adf_ctl\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYRES16=0x0], 0x1}}, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$KVM_NMI(r4, 0xae9a) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r4, 0xae80, 0x0) 10:21:09 executing program 3: creat(&(0x7f0000000680)='./bus\x00', 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x27d}, {0x0}, {0x0}, {&(0x7f0000000000)="6653070000053c07bc3376003639405cb4aed1e68f7d368b3fb62f0000000000ae47a825d8680027726539ed010000805ae64f8f82ffffffffffffffd75d492b41fd983f79e65199615607672c59e750050000007ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62e00007cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f086", 0xa7}], 0x4, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x1, 0x0, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff}) dup2(r3, 0xffffffffffffffff) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) r4 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) io_setup(0x3, &(0x7f0000000100)=0x0) io_submit(r5, 0x1, &(0x7f0000000480)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x0, r4, 0x0}]) 10:21:09 executing program 2: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0)='NLBL_CIPSOv4\x00') socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000300)) sendmsg$NLBL_CIPSOV4_C_REMOVE(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000240), 0xc, 0x0, 0x1, 0x0, 0x0, 0x40004}, 0x0) sendmsg$NLBL_CIPSOV4_C_LIST(0xffffffffffffffff, &(0x7f00000006c0)={&(0x7f0000000340), 0xc, 0x0}, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$DRM_IOCTL_WAIT_VBLANK(0xffffffffffffffff, 0xc018643a, &(0x7f0000000440)={0x0, 0x7, 0x36}) setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000480)={0x0, @rand_addr, @local}, 0xc) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000001940)='/dev/qat_adf_ctl\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYRES16=0x0], 0x1}}, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$KVM_NMI(r4, 0xae9a) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r4, 0xae80, 0x0) [ 452.743681][T12402] syz-executor.1 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 452.838724][T12402] CPU: 0 PID: 12402 Comm: syz-executor.1 Not tainted 5.5.0-rc1-syzkaller #0 [ 452.847441][T12402] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 452.857507][T12402] Call Trace: [ 452.860815][T12402] dump_stack+0x11d/0x181 [ 452.865164][T12402] dump_header+0xaa/0x39c [ 452.869646][T12402] oom_kill_process.cold+0x10/0x15 [ 452.875003][T12402] out_of_memory+0x231/0xa60 [ 452.879614][T12402] ? __rcu_read_unlock+0x66/0x3d0 [ 452.884740][T12402] mem_cgroup_out_of_memory+0x128/0x150 [ 452.890640][T12402] try_charge+0xb6c/0xbf0 [ 452.895002][T12402] ? __rcu_read_unlock+0x66/0x3d0 [ 452.900664][T12402] __memcg_kmem_charge_memcg+0x4a/0xe0 [ 452.906155][T12402] __memcg_kmem_charge+0xcf/0x1b0 [ 452.911338][T12402] __alloc_pages_nodemask+0x26c/0x310 [ 452.916728][T12402] alloc_pages_current+0xd1/0x170 [ 452.921776][T12402] pte_alloc_one+0x18/0x50 [ 452.926307][T12402] __pte_alloc+0x2d/0x220 [ 452.930662][T12402] copy_page_range+0x135a/0x19b0 [ 452.935627][T12402] ? __read_once_size.constprop.0+0x12/0x20 [ 452.941545][T12402] ? __rcu_read_unlock+0x66/0x3d0 [ 452.946599][T12402] ? anon_vma_interval_tree_insert+0x1d6/0x260 [ 452.952872][T12402] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 452.959135][T12402] dup_mm+0x74a/0xba0 [ 452.963151][T12402] copy_process+0x3138/0x3c40 [ 452.967972][T12402] _do_fork+0xfe/0x7a0 [ 452.972145][T12402] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 452.978555][T12402] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 452.984478][T12402] ? __read_once_size+0x5a/0xe0 [ 452.989352][T12402] __x64_sys_clone+0x130/0x170 [ 452.994189][T12402] do_syscall_64+0xcc/0x3a0 [ 452.998893][T12402] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 453.004894][T12402] RIP: 0033:0x45b349 [ 453.008869][T12402] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 453.028654][T12402] RSP: 002b:00007f8c5b458c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 10:21:09 executing program 0: r0 = timerfd_create(0x0, 0x0) readv(r0, &(0x7f0000000080)=[{&(0x7f0000000200)=""/4096, 0x1000}], 0x1) timerfd_settime(r0, 0x0, &(0x7f00000000c0)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x387b1d0849878266, 0x8031, 0xffffffffffffffff, 0x0) pkey_mprotect(&(0x7f00002d5000/0x1000)=nil, 0x1000, 0x0, 0xffffffffffffffff) pkey_free(0xffffffffffffffff) 10:21:09 executing program 3: r0 = socket(0xa, 0x1, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ttyS3\x00', 0x0, 0x0) ioctl$TIOCVHANGUP(r2, 0x5437, 0x0) [ 453.037093][T12402] RAX: ffffffffffffffda RBX: 00007f8c5b4596d4 RCX: 000000000045b349 [ 453.045093][T12402] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 453.053077][T12402] RBP: 000000000075bfc8 R08: ffffffffffffffff R09: 0000000000000000 [ 453.061332][T12402] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 453.069409][T12402] R13: 0000000000000070 R14: 00000000004c1bc4 R15: 000000000075bfd4 [ 453.125397][ T27] audit: type=1804 audit(1579602069.616:39): pid=12412 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir523872191/syzkaller.zvtAIu/220/bus" dev="sda1" ino=16595 res=1 [ 453.262524][T12402] memory: usage 307200kB, limit 307200kB, failcnt 4352 [ 453.274022][T12402] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 453.334824][T12402] Memory cgroup stats for /syz1: [ 453.335048][T12402] anon 306884608 [ 453.335048][T12402] file 0 [ 453.335048][T12402] kernel_stack 368640 [ 453.335048][T12402] slab 3514368 [ 453.335048][T12402] sock 0 [ 453.335048][T12402] shmem 0 [ 453.335048][T12402] file_mapped 0 [ 453.335048][T12402] file_dirty 0 [ 453.335048][T12402] file_writeback 0 [ 453.335048][T12402] anon_thp 253755392 [ 453.335048][T12402] inactive_anon 193540096 [ 453.335048][T12402] active_anon 6766592 [ 453.335048][T12402] inactive_file 0 [ 453.335048][T12402] active_file 0 [ 453.335048][T12402] unevictable 106590208 [ 453.335048][T12402] slab_reclaimable 675840 [ 453.335048][T12402] slab_unreclaimable 2838528 [ 453.335048][T12402] pgfault 144474 [ 453.335048][T12402] pgmajfault 0 [ 453.335048][T12402] workingset_refault 33 [ 453.335048][T12402] workingset_activate 0 [ 453.335048][T12402] workingset_nodereclaim 0 [ 453.335048][T12402] pgrefill 265 [ 453.335048][T12402] pgscan 330 [ 453.335048][T12402] pgsteal 33 10:21:09 executing program 5: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x0, 0x2812, r0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) writev(r3, &(0x7f0000000440)=[{&(0x7f0000000180)="4ba2ad433f22b64de6d92fa450931bc8facfc4f3704ec51a7835afb57656e19cc0abde87c3264bc819d6959f61494735fbe21c39f7e4ca698840984a3295534d2131d6d7b7f59d0d840613f3e26b09c0de552d7756f41c60c01473520fab48d771d10ff5051ab7aca8950fb91dcf0f863d6eb70cc3aa4810e36f9de092cc894f705c649986b9dcbcca497293cf5dfc456d81aa00c48ca675c2d79f3929fedb2e201e3a07d8fef2ce364d", 0xaa}, {&(0x7f0000000c00)="53334f2c41c8d686eedc45efbf0474c276b80997924ff681a70a9d3194c117d417eca8b47d04c9631ff32dad6e9cece67b85618613fb8a1e911d7d560a4d51fe2e6dcdf2fc990739aa259aadd3140cda80b5ae38752d5dc5fd0a611da605e23a7afdd3817f3f5782d05fb787f70d90a7b883cfdf9cc44e20ad832494e4add42da6a1c13dbacad360f63803b8c55d711082367dbb9c9893ac4613d8068750a94bba9e39a2b7f5fd94db7db37afedda13713d390ad2e79f282e5fae8722c0d0576a436d690ee0b1bcbff8c1e8abf723d8b82cb3811bba268c3dd24ff0e53a6213b876101125ebbda91106223ff867a58db3d54462307224cdc0c75aeee54e71b737c9e9046b40f894c6baa2f11de61e01b87aa741fad5a74c9e2a62ee59627b62510f847302b09b4b739cc7350a48910fcfaa85c271823c7c12aecd128036e87d80568c4f3998b17f45c8b8e48bc6410e967d856a8c36ec4dee8e10f79e255965fbe8aa003a659a64d3c85aab4c8b008c92b011064cce478b0f383accb4de42d86513b0c4ebae3480885273d8f8c094646e4eaa5c7f589896bdae789796e453a4d1958beebcec4dae18bddab03ff5b4fb08664eadb4ffb34204b28638daaa22e3552dcce607121e9404700721d21e1845c5841f6816e75cf4116c7a6f51f5fd487d3b7c71a2ef49a4d8e46ac3fa79ed8b78fd48233e93573cf2e1de72a12795dc3e4fe339c507e7941f86d35c361a7f6c6bc540f6155a914a4031852c420987eb02a0de8e3d7ba1d1f12f38a9d8276ba83af6069a395c4906e94f697bdc237596df83f16ddd219e853679faea8c73d9785b33389e22ea16416e72bc2dc4a5e1c641cb70497709af5b3ba2ed0ce7d57170d18c82233539dda4d58dab63f76e0851fb6d4b58e69964898a420311a683acaa80bb2c21f494401d925037d47dddd0875b4b2dca161fdc2349075955c8d7b1fba03c79034192b8ad8ececfb5109e195c9ad5ae5691ba77e058002b05b9a3b4ae6b922bc6b25c04297c46b9457cbf60e2bfe197fb14c42d6c57919806b52906f56bd517264b3c1a0e160664d348f51e99256c8773a28e6ca4f4ce297e508b4b1709774ac611543005e3be0e062d1671e9bfc92e4fd6d7174143022a211375e24007c631fa3853f7efa431102de43a4b141e4b073c75f6f56a0d1b8f51d381a1296c23f621e001ff5f4c9168e0390e3b1132444793df2b7edd0c0163ca03e2a79a40e91d7b2f2e563d85ae91367f6347d28055ff84d3d07551419cb2a5ac886dc7fc812fccdb13157738476493488ef12d011d0a65bab61395d65b44c39aceec7704d0a5aa01025dbab159fee78b223dade45a3cb378ec079c65d96a1c30111abc1cabebfb14e945771882ccefe40c7c19c22c571764e6dc8c8be01fb2061113cf215a3e1743ad6adb0ad0392eeb18dde88af7c3d41298da32bbe0b6a4c90de0170f640a4c6355d071577b06f428836ea044c65d51e82fe83485faefe014355c476dcf31453733cb28bdbd717c2700ce5f8b7447d4d98208c0c41f050a97c1c5b401667e45cfdd33e84bdb8e3089795ddf795f5dbb39c7960ee62ffd9f0ab86aa6d6733a5cfe6075cf0e813db5c39bcdba4b1f774ae6c0f0476cbe48696deb0b72d886e028e12cd75e90ab189ed9221f4d4bfdfefcee79985be13331f11712075c6039ab2d5fc0f78208827919698c852e42851a2cb3a05d896d9e66e6cd0c931f2a668d71ed5680dd1a114d517a386316195804c2847972dfc92b94637380a6fcd4fe5e5bbba4f46eecb3b49d9fe6987f0a5f1444272fd0a3e254260206ad148e2503fb0576cb3658f18ba5d732e26a8afcbdca9c06eb4628718280c097dd31ca42708d0fadec59648b4f405c9f75280c2905ca4609649012ca55c426a53e063a2492aa8300f3901ed738f24e0fa66afb1098da20c43c8228b67559debbd4905746c4156f0f69dd89ccf4261ab57c922a7ff4c3112415b1b8d138b2413bb5dbc5707d19af9eeea0a4787cdc2ca3a8ff29bddfc3662fe686d46a200cec107a5b8b71322fdf0eddd8e4fd4a136aff52233990a7dd7a58deadf3837c4c8cfc0116c6175ff0394b09edd3280ed4d64a04df136519fb514252a7c279dcc6f9e9e7f06fa73924dfe5a9f0ab172dbeecf274adb819df540901cf3acaca21775f5c7c5d9d5fb009255684ea81fdd14ba124444af8d861c773e17e57ac326b97e5f84dae7736e8a8df754c525ebb3e7264cd13f6f3f6a987f1f67a78d5449af1467db3445966571d1df3744faaf2f374bf3f73269121e876bd2beb264c0f8dddcb4bffcd7a5f1ae54d86a4add9a3cd6982621a84d52da4160d9ef7ae6384acd44a5011b3ffe9a14a0a54ff3e6f6642a4d951fa155739b851e331a7af74c37d7773fe695d00803c15933353ded2bfe85086657e59c4eaceed59a6a4ecbf14eae91e2359f909bcdb04dbeace9dbc74b1321018b9cb61e58e9ae70a4b414a91706832b15577a7aa4542dc8e19b1487d827b901c09254c5d963603598df5d1de591ed60ef9c10de1b50cb3d9f941335d434ae0dbe1aaa01269dcbcc5b41e582054c808adc753756f65d3a4ca724b71bd7fcd122e5b63b7df3bab3d58e81c2b8a5fa1e5e57410cbe244f53396eae955890938913d06324ea88aab343dc418220f19058b5c53f14ba51cfded88523417d7a56500ada67aba2819b6ec28ccdd1f6c248e015f93e4d755bab3b3e9e85c29a2c50973cf781ddcf5b3f7436ef50208b52a694a17682439f9e44b62d6c1b686adb5cb871a69547da95a5ce9cfb57c854819c70c6af5c59088f03dfcc3743ea9a33b059e9ab574690e8ffc38e19c776ee537026dc5f48f3bdf0f3e39d5baffc9b76dad1bebb07f35877dab72c304ee1b687a7e8c0a6794968e7d7544e12272e32bf1c40e28323361b5cf2f558277fcd4af99c046f1f2b7c1f012a317b6a3874657053b020d8ceab89f5ac716076244b55e8479a6fa2ecb0af0f41b90e749933349393ca45a932c2aab465df702d1b5a3870058951d9aa3820ea1a001c9285616034aca29cf975cd9ad6c80df5be00e66837f9b5d5e4c2da192d0f92c388b1b885dde895b254697db70ddacaa3e52bd90c4a41b772703c1843412c1eac7ae90050c39d9a8bd3df9562260a1774e0d1dc6047b710776d7d3b3888e97d39e6d9f2052b19c3916ffdaf344aefddce471d7b346877565a04ea56e1a488a4128200bdda18a106467eb5bc8f430e26fd1852fb3373ee1ab8548c0ff61ad00eec691d79e03b8f0d3fa543c7f657bd71be9cdd187de150fe768113bf03cbaab0a1420346195e1b9e8f0bd54ad409b09bd6307ee28b6cf37ec678534950dd237452fb8aab247ca1485b02f6b18913707651edd2b718c681f4b9e1ba11ddfb7fa37f0541502e6c1f13476b83ac5fbdb6e65b5d770767acb4367e1131cbc3f81014b519751cbe64081b9a8b2040cdd4e0e521444a695d80fc46ecf36127a206611438517a8469a0d35488d69527a0edf56ffbedfd0af1e01c5260cbe799e63204e29d97214e57b797c2ebde1920bdd3f7ac0906b8d0b44d0b2fbdcfbc720adf862e7c540ab8a885ffb34ddce2bab22119bf9363a28c1081ad427cc9c1555ad4f93c931980bdd78f2b60c04e9b66a59ce96c09443171fb7dab56bc9cff4c57fa368aa90287784b2e3a39a9cec8a3a7028e39ca69b9f19a8a84f8fed8fe923ac8ec4df6852c1a58663db23acd6cacc02b944fa4a1dd4132cb6561efd44c5e996167be88781c047634076377dd17d56dd0f0d8cbfed38c4acb708e3273e7a2ad89ef325194d1dd78ba5cd50f4dbdbac16f69708bd965ca0405fe78bd873bd0500e8def5abb787efdf14a41f01fb50cdc08e6d14154acb2f56f29242d320eb512baed1102804f5d3e9d83b84cd598826faf40faa09d7e8986506c6ca7aeb9334dcd66ba34bbbf3ead9ce3be84264d737fe4a92914a82d1702e93c72248af425fbde40c5397d63f350ae1c39165c5e247b64eb6d1c64f5e1048fa0a2ce3d89d4ef8f1a2353e336379d14403dc5b94b339646d705d1c77ebbe1c384953e9325aa4830a6a0bbca27930a3b91cb76b3948ed649eeea654981608d4780f507c6dd63c7903981b8c21bbd7cc2d8a507339b42b657d2265b66919ae6c7337ee58a9c1ba01880921bce45ecea656a009907bdbcab5e25c562d0765d496c39234e62960d98e5e4bc6c16848947a54e5a7bb339c5e3c084dfdd2c7291457fe50423aa3092075cac66d682a4db1f14827090b0de6d72c8a1496e7a88b609f3d402ca7da05c7b80c4f51415b93dee8e6b07f8c8ee87082eb288fe7e251dbea9e3cfb1e54def7ae1f8e27b8e2c97b7d63ec448b9b29513f04e3bb3378754d36c017c04fdf54556804688053eb24c989c528c81e75d47a8e63b23290cb3eb84a943fd0c812b56131c755459db7f2641e177d272204ed7cc61ef3a035e573715b77e0e943808ef62cf858103e60759f0b9a74044a22d82ffb0fd43c6ea34163a28189541077ff23dece17b28e2dfdcc82001dc4dae2e441d2e514afbd4c0df776f5d68d9979af78498ab1c4b8febcfc3871e73f0ba0f56392d35885e4957b755ac073d2ec712d3264b7f0d58f931e9c64ce25ce13b7f9e62f8357764a90fefa690a2b4e378538cf762faf3dd4057007066c9e34f873862cce4f050cf79e0be42ed07288e34983f95961d0d4477fd230e08ebd3ef66f22af861b23a3728412207e0fa6cf7576ec450010150bc0294c5f256244e519d8065f5977ae72583c8389d0409f93a3b1baa140fa06fdfe94a61876867c7235af5ab3abd4689fc87f282107d539b5d674649b50c2729b76751a7e631f0946af35c84544d3ca2e6f9c70be9915c757ecd771c1119d45127fd21d12b7b65de4e8d3b153915f2b243a69ec0a04db63f7072587774c4cf0d152268ca1b083ad41c6d26704173821165cdf07916447d2539ce1dd6e773aeee4b7907d4792d510f70c90ac82af971db74e99417b0f9cbc8e77e5620b6e38b5046aa96f95410913cbca134ffea1c275dc3539ea16ca9891746e595d047b0a15d6653032863904782dcc7fa7bff1a75fa39b60842a2f40c0e7d1ff9fa86a4c789bddc03613789518b1dd5c4e18df14a70ca45b89db9c658eeccf2f9fbe5b98c8ffcdfc1b6c7080b02c129c223d9c7989fed0506080b6b3818ad714a6f8c33a0c218291eaa584e429c540ffc5a390448da603fbb2513e7aef5926038b3059bd641e198455fa83b1dde5ddb1520034c3dfe5ddae8a67a6e7972607ae34e32ae694b8ec2cce0a1171f2960be4a24d864ffd36b6c5a7d829a16cf0c255c883fc6f586f76c26e132bd84c1c867501c87e4b675d9809042fc92c29316f0bb47b50b7599be53c65d38b1d5187716c2744f072e8624068a0d68b2796ad45699b897963873edaf2262288b1d7ad2563bcefd7d3800a7bd0b58d46ace754aef9a21c67f28cef46ba0ce8f8551ed49fdbe5cf2bb1b2c33cccbaaf1da3e35037062bb4388e527b1214528", 0xf57}, {&(0x7f0000001c00)="abdb17b6f1e5da85ca60da5c7d587fb6e2fba45f5f5e5dfbd4a629682ecea983f646a782d37fe8860965cf912a6b91403af4ccb0af61d3a227b224adb1dc2dc7cfc0e99aaa3047a9f90dd6266628f02c3ec344bac76eaf35fc64e559830bfc1f5f837631e92a2df7ba42fb430f3dd6953f56c5aef1895adbe235effa168f48117503e491abf4e4fe95dd654e8b90b1aebe3a07eed159cac4e5184a1d228cad1fb180d65892ef47505c74ec1c7e8433fc89c040eb01e6a39ff1b7c16dd54237b56efe84b6199f9376efd779140aea659bc6bd9f533074e8e719b8bf4a52d1cc48ad03439025dc110aa9dbe3c772b461e224627b1ff0bb2b6b1c2752a68547d5387ac3150bdc42d6b5f11ecd402ebceb3814675ec791cfbcea3e6ec218022977c94a75b9193486614f87e35111403d4d850957df93f287766962a6c5c0596e15b32ee93ba8f7a945e2b9ed667659ed2dbcb9fa5e143b3c37d336fa4fdaa04016e62321ea6d182f3090311a123106405671e47ea5c1c157ba0c9c1bc9aab769d08ff1e023f0e5c65ce6e0826d93c10addc31eb2b7625bc446e9d48a4401877d1161b2c98e471c44ed84f8681feb3ec22db8866fdacd83fa6906e96828f414a0c937067a4e5834bb76d39a8d2592fda75a273355ba86548c64e2a40543f5810f1bcefc9dec71881d5f39560ac0a35a31a424e660ef81802e4859d384adfc76f48f8f9d8a3de78251582a676fc43941832d4f6b68816666e69190bac6abab43f2b8e3b7ac15bcb4a2b1055cb155ad3bcf87b85a080dfb39b1246896d8d3d2027355aaff945d49b0fb73c75396fc1b87fec9aafd31a979c26622c98d13835937de13d997d1b14ffa16c201341056cc331ff6f9e1c7804acc762a04375b8241ffafc34cb78c007841a9ddc4716bacf31548aa0a84be91d251b9698398052f1f70eed2ac83084d6192a26d3ff6aab0aa2977aa4f25f68455b6cb79eae9dec1a2f63be18c3cfca0c4f7b1f12348e5ac3831eb35088ecc2940e28e9758088a883c2245b8d02a18e6667b398af9c00a53ce8633bdd908038cbdcb52e14452a127e230085055a4bdb88170c87fa5cdc0a02c81a9f1184fde753fcd26f149e129dc997c79399c4def1f9a05f95d816834dab695a98e7ea1560046319d89cbbd1cfca77e081835bb9d9832d74bbbce447aa0458664567a0d7ab34e04dc668fefa63c81635c36436e133c85bb991c14e85a54b21523172741f698431eb7000070f72959f6abe9416f9be1b5d02dc6b2e8886cc27f4c34cda4971ff300b713406a362c05622bfbd9f4bf66897b979b2371fe7b890c9dab8ba7e11d899eca75a43a468451eb405ecd7110649c85e65baa04fc0fc7e34cacc50ae1bd611bb2bd8e3f118f63a1027b26e9b1bd0f073e7478db761e4947ff09d783e27a422ac1225e83040bdb4b97946fa3", 0x401}], 0x3) 10:21:09 executing program 4: r0 = timerfd_create(0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)) readv(r0, &(0x7f0000000080)=[{&(0x7f0000000200)=""/4096, 0x1000}], 0x1) timerfd_settime(r0, 0x0, &(0x7f00000000c0)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x387b1d0849878266, 0x8031, 0xffffffffffffffff, 0x0) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pkey_mprotect(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) [ 453.658015][T12402] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=12381,uid=0 [ 453.982471][T12402] Memory cgroup out of memory: Killed process 12381 (syz-executor.1) total-vm:72716kB, anon-rss:18268kB, file-rss:54368kB, shmem-rss:0kB, UID:0 pgtables:192512kB oom_score_adj:1000 10:21:10 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) sched_setattr(0x0, 0x0, 0x0) mlockall(0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000200)='/dev/snapshot\x00', 0x288000, 0x0) syz_open_dev$audion(&(0x7f0000000240)='/dev/audio#\x00', 0x9, 0x200840) dup(r1) ioctl$RTC_VL_READ(r1, 0x80047013, &(0x7f00000000c0)) exit(0x7) write$binfmt_script(0xffffffffffffffff, &(0x7f00000003c0)={'#! ', './file0', [{0x20, '/dev/kvm\x00'}, {}, {}, {0x20, 'proc'}], 0xa, "df7c00e09c916729334fbe57a726284a85ae23e7eb165a0922b020a14afa53fc919ed5b5820a609af38acfc21c2cacee2f808e60eafcd3ec51fdb7f62ca135bbf86f9c1bbf9c23db4038c329b0e8d63563439cf1b94606299a6c503abe926decd68a7e671c7dfcc4125e9888fbc8ce452b52"}, 0x8e) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) r2 = syz_open_dev$amidi(&(0x7f0000000280)='/dev/amidi#\x00', 0xaf, 0x428240) ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(r2, 0xc080661a, &(0x7f00000002c0)={{0x2, 0x0, @identifier="8cff7fc81ac6de7927c1c322084eaabd"}}) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) r3 = syz_open_procfs(0x0, &(0x7f0000000180)='net/softnet_stat\x00') close(r3) ioctl$BINDER_GET_NODE_INFO_FOR_REF(0xffffffffffffffff, 0xc018620c, &(0x7f0000000180)={0x2}) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) dup(r4) open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, &(0x7f0000000100)={{0x7f, 0x3, 0x7, 0xa59e}, 'syz0\x00', 0x37}) 10:21:10 executing program 2: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0)='NLBL_CIPSOv4\x00') socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000300)) sendmsg$NLBL_CIPSOV4_C_REMOVE(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000240), 0xc, 0x0, 0x1, 0x0, 0x0, 0x40004}, 0x0) sendmsg$NLBL_CIPSOV4_C_LIST(0xffffffffffffffff, &(0x7f00000006c0)={&(0x7f0000000340), 0xc, 0x0}, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$DRM_IOCTL_WAIT_VBLANK(0xffffffffffffffff, 0xc018643a, &(0x7f0000000440)={0x0, 0x7, 0x36}) setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000480)={0x0, @rand_addr, @local}, 0xc) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000001940)='/dev/qat_adf_ctl\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$KVM_NMI(r4, 0xae9a) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r4, 0xae80, 0x0) 10:21:10 executing program 3: r0 = syz_open_dev$usbfs(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x4000000000000071, 0x28841) unshare(0x400) ioctl$USBDEVFS_RESETEP(r0, 0x80045503, &(0x7f0000000000)) 10:21:10 executing program 5: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f0000000380)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000000)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) perf_event_open(&(0x7f0000000080)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x2d, 0x0, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x2a7) connect$inet6(0xffffffffffffffff, &(0x7f0000000080), 0x1c) pipe(&(0x7f0000000100)={0xffffffffffffffff}) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000740)='cgroup.controllers\x00', 0x275a, 0x0) ioctl$FS_IOC_RESVSP(r2, 0x40305828, &(0x7f0000001900)={0x0, 0x0, 0x0, 0x80000000}) ioctl$sock_inet_SIOCGIFNETMASK(0xffffffffffffffff, 0x891b, &(0x7f0000000000)={'veth1_to_hsr\x00', {0x2, 0x0, @multicast2}}) write$cgroup_int(r2, &(0x7f0000000240), 0x12) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000340)=0x80060) syz_genetlink_get_family_id$ipvs(0x0) creat(&(0x7f0000000180)='./bus\x00', 0x0) sendmsg$IPVS_CMD_NEW_DAEMON(r1, 0x0, 0x80) 10:21:10 executing program 0: r0 = timerfd_create(0x0, 0x0) readv(r0, &(0x7f0000000080)=[{&(0x7f0000000200)=""/4096, 0x1000}], 0x1) timerfd_settime(r0, 0x0, &(0x7f00000000c0)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x387b1d0849878266, 0x8031, 0xffffffffffffffff, 0x0) pkey_mprotect(&(0x7f00002d5000/0x1000)=nil, 0x1000, 0x0, 0xffffffffffffffff) pkey_free(0xffffffffffffffff) 10:21:10 executing program 4: r0 = timerfd_create(0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)) readv(r0, &(0x7f0000000080)=[{&(0x7f0000000200)=""/4096, 0x1000}], 0x1) timerfd_settime(r0, 0x0, &(0x7f00000000c0)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x387b1d0849878266, 0x8031, 0xffffffffffffffff, 0x0) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pkey_mprotect(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) 10:21:11 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) truncate(&(0x7f0000000280)='./file0\x00', 0x4626) write$UHID_CREATE(r1, &(0x7f0000000300)={0x0, {'syz0\x00', 'syz0\x00', 'syz0\x00', 0x0}}, 0x120) 10:21:11 executing program 2: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0)='NLBL_CIPSOv4\x00') socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000300)) sendmsg$NLBL_CIPSOV4_C_REMOVE(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000240), 0xc, 0x0, 0x1, 0x0, 0x0, 0x40004}, 0x0) sendmsg$NLBL_CIPSOV4_C_LIST(0xffffffffffffffff, &(0x7f00000006c0)={&(0x7f0000000340), 0xc, 0x0}, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$DRM_IOCTL_WAIT_VBLANK(0xffffffffffffffff, 0xc018643a, &(0x7f0000000440)={0x0, 0x7, 0x36}) setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000480)={0x0, @rand_addr, @local}, 0xc) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000001940)='/dev/qat_adf_ctl\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$KVM_NMI(r4, 0xae9a) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r4, 0xae80, 0x0) [ 454.893883][ T27] audit: type=1800 audit(1579602071.386:40): pid=12470 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="file0" dev="loop3" ino=53 res=0 10:21:11 executing program 3: r0 = socket$packet(0x11, 0x3, 0x300) r1 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000002180)=0xfc, 0x3c3) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) r3 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_int(r3, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4) setsockopt$packet_tx_ring(r3, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) bind$packet(r0, &(0x7f0000000100)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @local}, 0x14) sendto$inet6(r0, &(0x7f0000000080)="030400306c00600000000000fff57b016d2763bd56373780398d537500e50602591f031ee616d5c0184374a7ffe4ec55e0654786a70100935ba514d40808efa000801600002fd08d49a47eff71bc4131fe4c1f99bf00a900000008d1843e770afd6e9ef5837dbd0000000053", 0x3287, 0x4000006, 0x0, 0xffffffffffffff8c) 10:21:11 executing program 2: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0)='NLBL_CIPSOv4\x00') socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000300)) sendmsg$NLBL_CIPSOV4_C_REMOVE(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000240), 0xc, 0x0, 0x1, 0x0, 0x0, 0x40004}, 0x0) sendmsg$NLBL_CIPSOV4_C_LIST(0xffffffffffffffff, &(0x7f00000006c0)={&(0x7f0000000340), 0xc, 0x0}, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$DRM_IOCTL_WAIT_VBLANK(0xffffffffffffffff, 0xc018643a, &(0x7f0000000440)={0x0, 0x7, 0x36}) setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000480)={0x0, @rand_addr, @local}, 0xc) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000001940)='/dev/qat_adf_ctl\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$KVM_NMI(r4, 0xae9a) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r4, 0xae80, 0x0) 10:21:11 executing program 5: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f0000000380)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000000)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) perf_event_open(&(0x7f0000000080)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x2d, 0x0, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x2a7) connect$inet6(0xffffffffffffffff, &(0x7f0000000080), 0x1c) pipe(&(0x7f0000000100)={0xffffffffffffffff}) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000740)='cgroup.controllers\x00', 0x275a, 0x0) ioctl$FS_IOC_RESVSP(r2, 0x40305828, &(0x7f0000001900)={0x0, 0x0, 0x0, 0x80000000}) ioctl$sock_inet_SIOCGIFNETMASK(0xffffffffffffffff, 0x891b, &(0x7f0000000000)={'veth1_to_hsr\x00', {0x2, 0x0, @multicast2}}) write$cgroup_int(r2, &(0x7f0000000240), 0x12) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000340)=0x80060) syz_genetlink_get_family_id$ipvs(0x0) creat(&(0x7f0000000180)='./bus\x00', 0x0) sendmsg$IPVS_CMD_NEW_DAEMON(r1, 0x0, 0x80) [ 455.385210][T12460] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 455.420771][T12460] CPU: 0 PID: 12460 Comm: syz-executor.1 Not tainted 5.5.0-rc1-syzkaller #0 [ 455.429513][T12460] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 455.439603][T12460] Call Trace: [ 455.443041][T12460] dump_stack+0x11d/0x181 [ 455.447416][T12460] dump_header+0xaa/0x39c [ 455.451900][T12460] oom_kill_process.cold+0x10/0x15 [ 455.457039][T12460] out_of_memory+0x231/0xa60 [ 455.461643][T12460] ? __rcu_read_unlock+0x66/0x3d0 [ 455.466988][T12460] mem_cgroup_out_of_memory+0x128/0x150 [ 455.472538][T12460] try_charge+0xb6c/0xbf0 [ 455.476913][T12460] ? rcu_note_context_switch+0x720/0x760 [ 455.482610][T12460] mem_cgroup_try_charge+0xd2/0x260 [ 455.487820][T12460] mem_cgroup_try_charge_delay+0x3a/0x80 [ 455.493647][T12460] __handle_mm_fault+0x197f/0x2e00 [ 455.498785][T12460] handle_mm_fault+0x21b/0x530 [ 455.503678][T12460] __get_user_pages+0x485/0x1130 [ 455.508628][T12460] populate_vma_page_range+0xe6/0x100 [ 455.514010][T12460] __mm_populate+0x168/0x2a0 [ 455.518777][T12460] __x64_sys_mlockall+0x2e3/0x320 [ 455.523806][T12460] do_syscall_64+0xcc/0x3a0 [ 455.528356][T12460] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 455.534255][T12460] RIP: 0033:0x45b349 [ 455.538183][T12460] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 455.557944][T12460] RSP: 002b:00007f8c5b458c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 455.566363][T12460] RAX: ffffffffffffffda RBX: 00007f8c5b4596d4 RCX: 000000000045b349 [ 455.574353][T12460] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 455.582415][T12460] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 455.590509][T12460] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 455.600636][T12460] R13: 0000000000000711 R14: 00000000004c8888 R15: 000000000075bfd4 10:21:12 executing program 4: r0 = timerfd_create(0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)) readv(r0, &(0x7f0000000080)=[{&(0x7f0000000200)=""/4096, 0x1000}], 0x1) timerfd_settime(r0, 0x0, &(0x7f00000000c0)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x387b1d0849878266, 0x8031, 0xffffffffffffffff, 0x0) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pkey_mprotect(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0xffffffffffffffff) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) [ 456.002802][T12460] memory: usage 307200kB, limit 307200kB, failcnt 4384 [ 456.009886][T12460] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 456.021772][T12460] Memory cgroup stats for /syz1: [ 456.023589][T12460] anon 306679808 [ 456.023589][T12460] file 0 [ 456.023589][T12460] kernel_stack 368640 [ 456.023589][T12460] slab 3682304 [ 456.023589][T12460] sock 0 [ 456.023589][T12460] shmem 0 [ 456.023589][T12460] file_mapped 0 [ 456.023589][T12460] file_dirty 0 [ 456.023589][T12460] file_writeback 0 [ 456.023589][T12460] anon_thp 253755392 [ 456.023589][T12460] inactive_anon 193671168 [ 456.023589][T12460] active_anon 8929280 [ 456.023589][T12460] inactive_file 0 [ 456.023589][T12460] active_file 0 [ 456.023589][T12460] unevictable 104222720 [ 456.023589][T12460] slab_reclaimable 675840 [ 456.023589][T12460] slab_unreclaimable 3006464 [ 456.023589][T12460] pgfault 145002 [ 456.023589][T12460] pgmajfault 0 [ 456.023589][T12460] workingset_refault 33 [ 456.023589][T12460] workingset_activate 0 [ 456.023589][T12460] workingset_nodereclaim 0 [ 456.023589][T12460] pgrefill 265 [ 456.023589][T12460] pgscan 330 [ 456.023589][T12460] pgsteal 66 [ 456.119846][T12460] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=12446,uid=0 [ 456.136688][T12460] Memory cgroup out of memory: Killed process 12446 (syz-executor.1) total-vm:72716kB, anon-rss:15868kB, file-rss:37992kB, shmem-rss:0kB, UID:0 pgtables:159744kB oom_score_adj:1000 [ 456.157360][ T1066] oom_reaper: reaped process 12446 (syz-executor.1), now anon-rss:15868kB, file-rss:38004kB, shmem-rss:0kB [ 456.726136][ T7995] FAT-fs (loop5): error, fat_free_clusters: deleting FAT entry beyond EOF [ 456.742548][ T7995] FAT-fs (loop5): Filesystem has been set read-only 10:21:13 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) sched_setattr(0x0, 0x0, 0x0) mlockall(0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000200)='/dev/snapshot\x00', 0x288000, 0x0) syz_open_dev$audion(&(0x7f0000000240)='/dev/audio#\x00', 0x9, 0x200840) dup(r1) ioctl$RTC_VL_READ(r1, 0x80047013, &(0x7f00000000c0)) exit(0x7) write$binfmt_script(0xffffffffffffffff, &(0x7f00000003c0)={'#! ', './file0', [{0x20, '/dev/kvm\x00'}, {}, {}, {0x20, 'proc'}], 0xa, "df7c00e09c916729334fbe57a726284a85ae23e7eb165a0922b020a14afa53fc919ed5b5820a609af38acfc21c2cacee2f808e60eafcd3ec51fdb7f62ca135bbf86f9c1bbf9c23db4038c329b0e8d63563439cf1b94606299a6c503abe926decd68a7e671c7dfcc4125e9888fbc8ce452b52"}, 0x8e) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) r2 = syz_open_dev$amidi(&(0x7f0000000280)='/dev/amidi#\x00', 0xaf, 0x428240) ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(r2, 0xc080661a, &(0x7f00000002c0)={{0x2, 0x0, @identifier="8cff7fc81ac6de7927c1c322084eaabd"}}) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) r3 = syz_open_procfs(0x0, &(0x7f0000000180)='net/softnet_stat\x00') close(r3) ioctl$BINDER_GET_NODE_INFO_FOR_REF(0xffffffffffffffff, 0xc018620c, &(0x7f0000000180)={0x2}) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) dup(r4) open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, &(0x7f0000000100)={{0x7f, 0x3, 0x7, 0xa59e}, 'syz0\x00', 0x37}) 10:21:13 executing program 2: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0)='NLBL_CIPSOv4\x00') socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000300)) sendmsg$NLBL_CIPSOV4_C_REMOVE(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000240), 0xc, 0x0, 0x1, 0x0, 0x0, 0x40004}, 0x0) sendmsg$NLBL_CIPSOV4_C_LIST(0xffffffffffffffff, &(0x7f00000006c0)={&(0x7f0000000340), 0xc, 0x0}, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$DRM_IOCTL_WAIT_VBLANK(0xffffffffffffffff, 0xc018643a, &(0x7f0000000440)={0x0, 0x7, 0x36}) setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000480)={0x0, @rand_addr, @local}, 0xc) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000001940)='/dev/qat_adf_ctl\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$KVM_NMI(r4, 0xae9a) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r4, 0xae80, 0x0) 10:21:13 executing program 0: r0 = timerfd_create(0x0, 0x0) readv(r0, &(0x7f0000000080)=[{&(0x7f0000000200)=""/4096, 0x1000}], 0x1) timerfd_settime(r0, 0x0, &(0x7f00000000c0)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x387b1d0849878266, 0x8031, 0xffffffffffffffff, 0x0) pkey_mprotect(&(0x7f00002d5000/0x1000)=nil, 0x1000, 0x0, 0xffffffffffffffff) pkey_free(0xffffffffffffffff) 10:21:13 executing program 4: r0 = timerfd_create(0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)) readv(r0, &(0x7f0000000080)=[{&(0x7f0000000200)=""/4096, 0x1000}], 0x1) timerfd_settime(r0, 0x0, &(0x7f00000000c0)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x387b1d0849878266, 0x8031, 0xffffffffffffffff, 0x0) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pkey_mprotect(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0xffffffffffffffff) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 10:21:13 executing program 3: r0 = syz_open_dev$usbfs(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x4000000000000071, 0x28841) unshare(0x400) ioctl$USBDEVFS_CLEAR_HALT(r0, 0x802c550a, &(0x7f0000000000)) 10:21:13 executing program 5: r0 = syz_open_dev$usbfs(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x4000000000000071, 0x28841) ioctl$USBDEVFS_CONTROL(r0, 0xc0185500, &(0x7f0000000000)={0x23, 0x3, 0x10, 0x0, 0x0, 0x0, 0x0}) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x12, 0xffffffffffffffff, 0x0) open(0x0, 0x141042, 0x0) ioctl$EVIOCREVOKE(0xffffffffffffffff, 0x40044591, &(0x7f00000000c0)=0x400) ioctl$USBDEVFS_CONNECTINFO(r0, 0x5521, &(0x7f0000000080)) 10:21:13 executing program 2: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0)='NLBL_CIPSOv4\x00') socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000300)) sendmsg$NLBL_CIPSOV4_C_REMOVE(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000240), 0xc, 0x0, 0x1, 0x0, 0x0, 0x40004}, 0x0) sendmsg$NLBL_CIPSOV4_C_LIST(0xffffffffffffffff, &(0x7f00000006c0)={&(0x7f0000000340), 0xc, 0x0}, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$DRM_IOCTL_WAIT_VBLANK(0xffffffffffffffff, 0xc018643a, &(0x7f0000000440)={0x0, 0x7, 0x36}) setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000480)={0x0, @rand_addr, @local}, 0xc) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000001940)='/dev/qat_adf_ctl\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$KVM_NMI(r4, 0xae9a) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r4, 0xae80, 0x0) 10:21:13 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpgrp(0x0) sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x7}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, 0x0, 0x0, 0x0, 0x0) ptrace$pokeuser(0x6, 0xffffffffffffffff, 0x5, 0x3) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) r2 = socket(0x0, 0x802, 0x0) write(r2, &(0x7f00000000c0), 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$SNDRV_TIMER_IOCTL_STOP(0xffffffffffffffff, 0x54a1) sched_setattr(0x0, &(0x7f00000002c0)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$fuse(0xffffffffffffff9c, &(0x7f0000000000)='/dev/fuse\x00', 0x2, 0x0) r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000100)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000040)='fuse\x00', 0x0, &(0x7f0000000380)={{'fd', 0x3d, r3}, 0x2c, {'rootmode', 0x3d, 0x4003}, 0x2c, {'user_id'}, 0x2c, {'group_id'}, 0x2c, {[{@default_permissions='default_permissions'}]}}) creat(&(0x7f0000000200)='./file0/bus\x00', 0x0) 10:21:13 executing program 5: r0 = syz_open_dev$usbfs(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x4000000000000071, 0x28841) ioctl$USBDEVFS_CONTROL(r0, 0xc0185500, &(0x7f0000000000)={0x23, 0x3, 0x10, 0x0, 0x0, 0x0, 0x0}) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x12, 0xffffffffffffffff, 0x0) open(0x0, 0x141042, 0x0) ioctl$EVIOCREVOKE(0xffffffffffffffff, 0x40044591, &(0x7f00000000c0)=0x400) ioctl$USBDEVFS_CONNECTINFO(r0, 0x5521, &(0x7f0000000080)) 10:21:14 executing program 3: creat(&(0x7f0000000680)='./bus\x00', 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000000)="6653070000053c07bc3376003639405cb4aed1e68f7d368b3fb62f0000000000ae47a825d8680027726539ed010000805ae64f8f82ffffffffffffffd75d492b41fd983f79e65199615607672c59e75005000000", 0x54}], 0x4, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) open(0x0, 0x0, 0x0) 10:21:14 executing program 2: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0)='NLBL_CIPSOv4\x00') socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000300)) sendmsg$NLBL_CIPSOV4_C_REMOVE(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000240), 0xc, 0x0, 0x1, 0x0, 0x0, 0x40004}, 0x0) sendmsg$NLBL_CIPSOV4_C_LIST(0xffffffffffffffff, &(0x7f00000006c0)={&(0x7f0000000340), 0xc, 0x0}, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$DRM_IOCTL_WAIT_VBLANK(0xffffffffffffffff, 0xc018643a, &(0x7f0000000440)={0x0, 0x7, 0x36}) setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000480)={0x0, @rand_addr, @local}, 0xc) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000001940)='/dev/qat_adf_ctl\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$KVM_NMI(r4, 0xae9a) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r4, 0xae80, 0x0) [ 457.684212][T12530] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 457.692266][T12551] ptrace attach of "/root/syz-executor.3"[12548] was attempted by "/root/syz-executor.3"[12551] [ 457.694700][ T27] audit: type=1804 audit(1579602074.176:41): pid=12551 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir523872191/syzkaller.zvtAIu/227/bus" dev="sda1" ino=16552 res=1 [ 457.740572][T12530] CPU: 1 PID: 12530 Comm: syz-executor.1 Not tainted 5.5.0-rc1-syzkaller #0 [ 457.749576][T12530] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 457.759747][T12530] Call Trace: [ 457.763047][T12530] dump_stack+0x11d/0x181 [ 457.767533][T12530] dump_header+0xaa/0x39c [ 457.771957][T12530] oom_kill_process.cold+0x10/0x15 [ 457.777088][T12530] out_of_memory+0x231/0xa60 [ 457.781697][T12530] mem_cgroup_out_of_memory+0x128/0x150 10:21:14 executing program 4: r0 = timerfd_create(0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)) readv(r0, &(0x7f0000000080)=[{&(0x7f0000000200)=""/4096, 0x1000}], 0x1) timerfd_settime(r0, 0x0, &(0x7f00000000c0)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x387b1d0849878266, 0x8031, 0xffffffffffffffff, 0x0) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pkey_mprotect(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0xffffffffffffffff) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) [ 457.787315][T12530] try_charge+0xb6c/0xbf0 [ 457.791659][T12530] ? rcu_note_context_switch+0x720/0x760 [ 457.797315][T12530] mem_cgroup_try_charge+0xd2/0x260 [ 457.802544][T12530] mem_cgroup_try_charge_delay+0x3a/0x80 [ 457.808196][T12530] __handle_mm_fault+0x197f/0x2e00 [ 457.813325][T12530] handle_mm_fault+0x21b/0x530 [ 457.818125][T12530] __get_user_pages+0x485/0x1130 [ 457.823173][T12530] populate_vma_page_range+0xe6/0x100 [ 457.828575][T12530] __mm_populate+0x168/0x2a0 [ 457.833253][T12530] __x64_sys_mlockall+0x2e3/0x320 [ 457.838322][T12530] do_syscall_64+0xcc/0x3a0 [ 457.842931][T12530] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 457.848851][T12530] RIP: 0033:0x45b349 [ 457.852773][T12530] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 457.872387][T12530] RSP: 002b:00007f8c5b458c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 457.880806][T12530] RAX: ffffffffffffffda RBX: 00007f8c5b4596d4 RCX: 000000000045b349 [ 457.888778][T12530] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 457.896772][T12530] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 457.904934][T12530] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 457.912995][T12530] R13: 0000000000000711 R14: 00000000004c8888 R15: 000000000075bfd4 [ 457.922662][T12530] memory: usage 307200kB, limit 307200kB, failcnt 4400 [ 457.929796][T12530] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 457.937668][T12530] Memory cgroup stats for /syz1: [ 457.939047][T12530] anon 306307072 [ 457.939047][T12530] file 0 [ 457.939047][T12530] kernel_stack 368640 [ 457.939047][T12530] slab 3682304 [ 457.939047][T12530] sock 0 [ 457.939047][T12530] shmem 0 [ 457.939047][T12530] file_mapped 0 [ 457.939047][T12530] file_dirty 0 [ 457.939047][T12530] file_writeback 0 [ 457.939047][T12530] anon_thp 251658240 [ 457.939047][T12530] inactive_anon 193593344 [ 457.939047][T12530] active_anon 11161600 [ 457.939047][T12530] inactive_file 0 [ 457.939047][T12530] active_file 0 [ 457.939047][T12530] unevictable 101732352 [ 457.939047][T12530] slab_reclaimable 675840 [ 457.939047][T12530] slab_unreclaimable 3006464 [ 457.939047][T12530] pgfault 145926 [ 457.939047][T12530] pgmajfault 0 [ 457.939047][T12530] workingset_refault 33 [ 457.939047][T12530] workingset_activate 0 [ 457.939047][T12530] workingset_nodereclaim 0 [ 457.939047][T12530] pgrefill 265 [ 457.939047][T12530] pgscan 330 [ 457.939047][T12530] pgsteal 66 [ 458.034041][T12530] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=11138,uid=0 [ 458.049955][T12530] Memory cgroup out of memory: Killed process 11138 (syz-executor.1) total-vm:72716kB, anon-rss:18328kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:151552kB oom_score_adj:1000 [ 458.076822][ T1066] oom_reaper: reaped process 11138 (syz-executor.1), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 10:21:15 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) sched_setattr(0x0, 0x0, 0x0) mlockall(0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000200)='/dev/snapshot\x00', 0x288000, 0x0) syz_open_dev$audion(&(0x7f0000000240)='/dev/audio#\x00', 0x9, 0x200840) dup(r1) ioctl$RTC_VL_READ(r1, 0x80047013, &(0x7f00000000c0)) exit(0x7) write$binfmt_script(0xffffffffffffffff, &(0x7f00000003c0)={'#! ', './file0', [{0x20, '/dev/kvm\x00'}, {}, {}, {0x20, 'proc'}], 0xa, "df7c00e09c916729334fbe57a726284a85ae23e7eb165a0922b020a14afa53fc919ed5b5820a609af38acfc21c2cacee2f808e60eafcd3ec51fdb7f62ca135bbf86f9c1bbf9c23db4038c329b0e8d63563439cf1b94606299a6c503abe926decd68a7e671c7dfcc4125e9888fbc8ce452b52"}, 0x8e) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) r2 = syz_open_dev$amidi(&(0x7f0000000280)='/dev/amidi#\x00', 0xaf, 0x428240) ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(r2, 0xc080661a, &(0x7f00000002c0)={{0x2, 0x0, @identifier="8cff7fc81ac6de7927c1c322084eaabd"}}) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) r3 = syz_open_procfs(0x0, &(0x7f0000000180)='net/softnet_stat\x00') close(r3) ioctl$BINDER_GET_NODE_INFO_FOR_REF(0xffffffffffffffff, 0xc018620c, &(0x7f0000000180)={0x2}) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) dup(r4) open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, &(0x7f0000000100)={{0x7f, 0x3, 0x7, 0xa59e}, 'syz0\x00', 0x37}) 10:21:15 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpgrp(0x0) sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x7}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002380)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) ptrace$pokeuser(0x6, 0xffffffffffffffff, 0x5, 0x3) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) r4 = socket(0x0, 0x802, 0x0) write(r4, &(0x7f00000000c0), 0x0) getsockname$inet6(r4, &(0x7f0000000440)={0xa, 0x0, 0x0, @mcast2}, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$SNDRV_TIMER_IOCTL_STOP(r2, 0x54a1) sched_setattr(0x0, &(0x7f00000002c0)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$fuse(0xffffffffffffff9c, &(0x7f0000000000)='/dev/fuse\x00', 0x2, 0x0) r5 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000100)='/dev/fuse\x00', 0x2, 0x0) r6 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000100)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000040)='fuse\x00', 0x0, &(0x7f0000000380)={{'fd', 0x3d, r6}, 0x2c, {'rootmode', 0x3d, 0x4003}, 0x2c, {'user_id'}, 0x2c, {'group_id'}, 0x2c, {[{@default_permissions='default_permissions'}]}}) mount$fuse(0x0, 0x0, &(0x7f0000000080)='fuse\x00', 0x0, &(0x7f0000000180)=ANY=[@ANYRES16=r5, @ANYRES32, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC, @ANYPTR64, @ANYRESDEC=r6]) syz_open_dev$usbfs(0x0, 0x0, 0x1) r7 = creat(&(0x7f0000000200)='./file0/bus\x00', 0xbc9dc8fbd81cb4b1) fcntl$lock(r7, 0x7, &(0x7f00000003c0)={0x1}) 10:21:15 executing program 5: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) pivot_root(&(0x7f0000000380)='./file0\x00', &(0x7f0000000140)='./file0\x00') r0 = inotify_init() inotify_add_watch(r0, &(0x7f0000000040)='./file0\x00', 0x20000000) 10:21:15 executing program 2: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0)='NLBL_CIPSOv4\x00') socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000300)) sendmsg$NLBL_CIPSOV4_C_REMOVE(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000240), 0xc, 0x0, 0x1, 0x0, 0x0, 0x40004}, 0x0) sendmsg$NLBL_CIPSOV4_C_LIST(0xffffffffffffffff, &(0x7f00000006c0)={&(0x7f0000000340), 0xc, 0x0}, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$DRM_IOCTL_WAIT_VBLANK(0xffffffffffffffff, 0xc018643a, &(0x7f0000000440)={0x0, 0x7, 0x36}) setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000480)={0x0, @rand_addr, @local}, 0xc) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000001940)='/dev/qat_adf_ctl\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)}, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$KVM_NMI(r4, 0xae9a) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r4, 0xae80, 0x0) 10:21:15 executing program 0: r0 = timerfd_create(0x0, 0x0) readv(r0, &(0x7f0000000080)=[{&(0x7f0000000200)=""/4096, 0x1000}], 0x1) timerfd_settime(r0, 0x0, &(0x7f00000000c0)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pkey_mprotect(&(0x7f00002d5000/0x1000)=nil, 0x1000, 0x0, 0xffffffffffffffff) pkey_free(0xffffffffffffffff) 10:21:15 executing program 4: r0 = timerfd_create(0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)) readv(r0, &(0x7f0000000080)=[{&(0x7f0000000200)=""/4096, 0x1000}], 0x1) timerfd_settime(r0, 0x0, &(0x7f00000000c0)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x387b1d0849878266, 0x8031, 0xffffffffffffffff, 0x0) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 10:21:15 executing program 0: r0 = timerfd_create(0x0, 0x0) readv(r0, &(0x7f0000000080)=[{&(0x7f0000000200)=""/4096, 0x1000}], 0x1) timerfd_settime(r0, 0x0, &(0x7f00000000c0)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pkey_mprotect(&(0x7f00002d5000/0x1000)=nil, 0x1000, 0x0, 0xffffffffffffffff) pkey_free(0xffffffffffffffff) 10:21:15 executing program 5: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_mreqn(r2, 0x0, 0x27, &(0x7f00007e6000)={@multicast2, @loopback}, 0xc) setsockopt$inet_msfilter(r2, 0x0, 0x29, &(0x7f0000000040)={@multicast2, @local, 0x1}, 0x10) 10:21:15 executing program 2: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0)='NLBL_CIPSOv4\x00') socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000300)) sendmsg$NLBL_CIPSOV4_C_REMOVE(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000240), 0xc, 0x0, 0x1, 0x0, 0x0, 0x40004}, 0x0) sendmsg$NLBL_CIPSOV4_C_LIST(0xffffffffffffffff, &(0x7f00000006c0)={&(0x7f0000000340), 0xc, 0x0}, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$DRM_IOCTL_WAIT_VBLANK(0xffffffffffffffff, 0xc018643a, &(0x7f0000000440)={0x0, 0x7, 0x36}) setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000480)={0x0, @rand_addr, @local}, 0xc) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000001940)='/dev/qat_adf_ctl\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)}, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$KVM_NMI(r4, 0xae9a) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r4, 0xae80, 0x0) 10:21:15 executing program 3: r0 = perf_event_open(&(0x7f0000000040)={0x400000000001, 0x70, 0x5, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000001340)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9a, 0xb01c4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffdffffffffffffd, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x22, 0x200000000011, r1, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, r1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) open(&(0x7f000000fffa)='./bus\x00', 0x141042, 0x0) 10:21:16 executing program 0: r0 = timerfd_create(0x0, 0x0) readv(r0, &(0x7f0000000080)=[{&(0x7f0000000200)=""/4096, 0x1000}], 0x1) timerfd_settime(r0, 0x0, &(0x7f00000000c0)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pkey_mprotect(&(0x7f00002d5000/0x1000)=nil, 0x1000, 0x0, 0xffffffffffffffff) pkey_free(0xffffffffffffffff) 10:21:16 executing program 2: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0)='NLBL_CIPSOv4\x00') socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000300)) sendmsg$NLBL_CIPSOV4_C_REMOVE(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000240), 0xc, 0x0, 0x1, 0x0, 0x0, 0x40004}, 0x0) sendmsg$NLBL_CIPSOV4_C_LIST(0xffffffffffffffff, &(0x7f00000006c0)={&(0x7f0000000340), 0xc, 0x0}, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$DRM_IOCTL_WAIT_VBLANK(0xffffffffffffffff, 0xc018643a, &(0x7f0000000440)={0x0, 0x7, 0x36}) setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000480)={0x0, @rand_addr, @local}, 0xc) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000001940)='/dev/qat_adf_ctl\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)}, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$KVM_NMI(r4, 0xae9a) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r4, 0xae80, 0x0) [ 460.975558][ T184] tipc: TX() has been purged, node left! 10:21:17 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) sched_setattr(0x0, 0x0, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2(0x0, 0x800) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000200)='/dev/snapshot\x00', 0x288000, 0x0) syz_open_dev$audion(&(0x7f0000000240)='/dev/audio#\x00', 0x9, 0x200840) dup(0xffffffffffffffff) ioctl$RTC_VL_READ(0xffffffffffffffff, 0x80047013, &(0x7f00000000c0)) exit(0x7) write$binfmt_script(0xffffffffffffffff, &(0x7f00000003c0)={'#! ', './file0', [{0x20, '/dev/kvm\x00'}, {}, {}, {0x20, 'proc'}], 0xa, "df7c00e09c916729334fbe57a726284a85ae23e7eb165a0922b020a14afa53fc919ed5b5820a609af38acfc21c2cacee2f808e60eafcd3ec51fdb7f62ca135bbf86f9c1bbf9c23db4038c329b0e8d63563439cf1b94606299a6c503abe926decd68a7e671c7dfcc4125e9888fbc8ce452b52"}, 0x8e) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) r1 = syz_open_dev$amidi(&(0x7f0000000280)='/dev/amidi#\x00', 0xaf, 0x428240) ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(r1, 0xc080661a, &(0x7f00000002c0)={{0x2, 0x0, @identifier="8cff7fc81ac6de7927c1c322084eaabd"}}) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) r2 = syz_open_procfs(0x0, &(0x7f0000000180)='net/softnet_stat\x00') close(r2) ioctl$BINDER_GET_NODE_INFO_FOR_REF(0xffffffffffffffff, 0xc018620c, &(0x7f0000000180)={0x2}) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) dup(r3) open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, &(0x7f0000000100)={{0x7f, 0x3, 0x7, 0xa59e}, 'syz0\x00', 0x37}) 10:21:17 executing program 0: r0 = timerfd_create(0x0, 0x0) readv(r0, &(0x7f0000000080)=[{&(0x7f0000000200)=""/4096, 0x1000}], 0x1) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x387b1d0849878266, 0x8031, 0xffffffffffffffff, 0x0) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pkey_mprotect(&(0x7f00002d5000/0x1000)=nil, 0x1000, 0x0, 0xffffffffffffffff) pkey_free(0xffffffffffffffff) 10:21:17 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r2 = open$dir(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) write(r1, &(0x7f0000000600)='4', 0x1) sendfile(r1, r2, 0x0, 0x7fffffa7) truncate(&(0x7f0000000280)='./file0\x00', 0x4626) 10:21:17 executing program 4: r0 = timerfd_create(0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)) readv(r0, &(0x7f0000000080)=[{&(0x7f0000000200)=""/4096, 0x1000}], 0x1) timerfd_settime(r0, 0x0, &(0x7f00000000c0)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x387b1d0849878266, 0x8031, 0xffffffffffffffff, 0x0) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 10:21:17 executing program 5: socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket(0x2, 0x3, 0x100000001) setsockopt$sock_int(r2, 0x1, 0x29, &(0x7f0000000140)=0x4, 0x4) connect$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @multicast2}, 0x10) sendto(r2, &(0x7f0000000000)="0400", 0x2, 0x0, 0x0, 0x0) 10:21:17 executing program 2: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0)='NLBL_CIPSOv4\x00') socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000300)) sendmsg$NLBL_CIPSOV4_C_REMOVE(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000240), 0xc, 0x0, 0x1, 0x0, 0x0, 0x40004}, 0x0) sendmsg$NLBL_CIPSOV4_C_LIST(0xffffffffffffffff, &(0x7f00000006c0)={&(0x7f0000000340), 0xc, 0x0}, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$DRM_IOCTL_WAIT_VBLANK(0xffffffffffffffff, 0xc018643a, &(0x7f0000000440)={0x0, 0x7, 0x36}) setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000480)={0x0, @rand_addr, @local}, 0xc) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000001940)='/dev/qat_adf_ctl\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[]}}, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$KVM_NMI(r4, 0xae9a) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r4, 0xae80, 0x0) [ 461.385468][ T27] audit: type=1804 audit(1579602077.856:42): pid=12648 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir523872191/syzkaller.zvtAIu/230/file0/file0" dev="sda1" ino=17210 res=1 10:21:18 executing program 4: r0 = timerfd_create(0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)) readv(r0, &(0x7f0000000080)=[{&(0x7f0000000200)=""/4096, 0x1000}], 0x1) timerfd_settime(r0, 0x0, &(0x7f00000000c0)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x387b1d0849878266, 0x8031, 0xffffffffffffffff, 0x0) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) [ 461.610689][ T27] audit: type=1804 audit(1579602077.906:43): pid=12657 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir523872191/syzkaller.zvtAIu/230/file0/file0" dev="sda1" ino=17210 res=1 10:21:18 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = socket$inet_udp(0x2, 0x2, 0x0) close(r4) write$binfmt_elf32(r3, &(0x7f0000000400)=ANY=[@ANYRESOCT=0x0], 0x17) r5 = socket$inet(0x2, 0x3, 0x83) bind$inet(r4, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$inet_int(r5, 0x0, 0x3, &(0x7f0000000140)=0x7ff, 0x4) connect$inet(r4, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) setsockopt$SO_TIMESTAMPING(r4, 0x1, 0x41, &(0x7f0000000000)=0x440, 0x4) splice(r2, 0x0, r4, 0x0, 0x10005, 0x0) 10:21:18 executing program 2: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0)='NLBL_CIPSOv4\x00') socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000300)) sendmsg$NLBL_CIPSOV4_C_REMOVE(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000240), 0xc, 0x0, 0x1, 0x0, 0x0, 0x40004}, 0x0) sendmsg$NLBL_CIPSOV4_C_LIST(0xffffffffffffffff, &(0x7f00000006c0)={&(0x7f0000000340), 0xc, 0x0}, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$DRM_IOCTL_WAIT_VBLANK(0xffffffffffffffff, 0xc018643a, &(0x7f0000000440)={0x0, 0x7, 0x36}) setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000480)={0x0, @rand_addr, @local}, 0xc) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000001940)='/dev/qat_adf_ctl\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[]}}, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$KVM_NMI(r4, 0xae9a) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r4, 0xae80, 0x0) 10:21:18 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = socket$inet_udp(0x2, 0x2, 0x0) close(r4) write$binfmt_elf32(r3, &(0x7f0000000400)=ANY=[@ANYRESOCT=0x0], 0x17) r5 = socket$inet(0x2, 0x3, 0x83) bind$inet(r4, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$inet_int(r5, 0x0, 0x3, &(0x7f0000000140)=0x7ff, 0x4) connect$inet(r4, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) setsockopt$SO_TIMESTAMPING(r4, 0x1, 0x41, &(0x7f0000000000)=0x440, 0x4) splice(r2, 0x0, r4, 0x0, 0x10005, 0x0) 10:21:18 executing program 2: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0)='NLBL_CIPSOv4\x00') socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000300)) sendmsg$NLBL_CIPSOV4_C_REMOVE(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000240), 0xc, 0x0, 0x1, 0x0, 0x0, 0x40004}, 0x0) sendmsg$NLBL_CIPSOV4_C_LIST(0xffffffffffffffff, &(0x7f00000006c0)={&(0x7f0000000340), 0xc, 0x0}, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$DRM_IOCTL_WAIT_VBLANK(0xffffffffffffffff, 0xc018643a, &(0x7f0000000440)={0x0, 0x7, 0x36}) setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000480)={0x0, @rand_addr, @local}, 0xc) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000001940)='/dev/qat_adf_ctl\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[]}}, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$KVM_NMI(r4, 0xae9a) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r4, 0xae80, 0x0) 10:21:19 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = socket$inet_udp(0x2, 0x2, 0x0) close(r4) write$binfmt_elf32(r3, &(0x7f0000000400)=ANY=[@ANYRESOCT=0x0], 0x17) r5 = socket$inet(0x2, 0x3, 0x83) bind$inet(r4, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$inet_int(r5, 0x0, 0x3, &(0x7f0000000140)=0x7ff, 0x4) connect$inet(r4, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) setsockopt$SO_TIMESTAMPING(r4, 0x1, 0x41, &(0x7f0000000000)=0x440, 0x4) splice(r2, 0x0, r4, 0x0, 0x10005, 0x0) [ 463.756066][ T184] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 463.789989][ T184] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 463.838812][ T184] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 463.886847][ T184] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 463.928317][ T184] device bridge_slave_1 left promiscuous mode [ 463.960745][T12666] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 463.965505][ T184] bridge0: port 2(bridge_slave_1) entered disabled state [ 464.001605][T12666] CPU: 0 PID: 12666 Comm: syz-executor.1 Not tainted 5.5.0-rc1-syzkaller #0 [ 464.010357][T12666] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 464.020578][T12666] Call Trace: [ 464.023881][T12666] dump_stack+0x11d/0x181 [ 464.028291][T12666] dump_header+0xaa/0x39c [ 464.032675][T12666] oom_kill_process.cold+0x10/0x15 [ 464.037826][T12666] out_of_memory+0x231/0xa60 [ 464.042455][T12666] ? __rcu_read_unlock+0x66/0x3d0 [ 464.047506][T12666] mem_cgroup_out_of_memory+0x128/0x150 [ 464.053073][T12666] try_charge+0xb6c/0xbf0 [ 464.057540][T12666] ? rcu_note_context_switch+0x720/0x760 [ 464.063234][T12666] mem_cgroup_try_charge+0xd2/0x260 [ 464.068506][T12666] mem_cgroup_try_charge_delay+0x3a/0x80 [ 464.074161][T12666] wp_page_copy+0x322/0x1040 [ 464.078764][T12666] ? apic_timer_interrupt+0xa/0x20 [ 464.083892][T12666] ? do_wp_page+0x172/0xeb0 [ 464.088421][T12666] do_wp_page+0x192/0xeb0 [ 464.092764][T12666] ? pagevec_lru_move_fn+0x16b/0x180 [ 464.098089][T12666] __handle_mm_fault+0x1d16/0x2e00 [ 464.103236][T12666] handle_mm_fault+0x21b/0x530 [ 464.108126][T12666] __get_user_pages+0x485/0x1130 [ 464.113273][T12666] populate_vma_page_range+0xe6/0x100 [ 464.118663][T12666] __mm_populate+0x168/0x2a0 [ 464.123388][T12666] __x64_sys_mlockall+0x2e3/0x320 [ 464.128445][T12666] do_syscall_64+0xcc/0x3a0 [ 464.132967][T12666] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 464.138869][T12666] RIP: 0033:0x45b349 [ 464.142864][T12666] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 464.164070][T12666] RSP: 002b:00007f8c5b458c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 464.172506][T12666] RAX: ffffffffffffffda RBX: 00007f8c5b4596d4 RCX: 000000000045b349 [ 464.180489][T12666] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 464.188489][T12666] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 464.196466][T12666] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 464.204452][T12666] R13: 0000000000000711 R14: 00000000004c8888 R15: 000000000075bfd4 [ 464.253140][ T184] device bridge_slave_0 left promiscuous mode [ 464.262546][ T184] bridge0: port 1(bridge_slave_0) entered disabled state [ 464.336574][ T184] device veth1_macvtap left promiscuous mode [ 464.362470][ T184] device veth0_macvtap left promiscuous mode [ 464.368517][ T184] device veth1_vlan left promiscuous mode [ 464.406919][ T184] device veth0_vlan left promiscuous mode [ 464.902501][T12666] memory: usage 297232kB, limit 307200kB, failcnt 4414 [ 464.909476][T12666] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 464.932488][T12666] Memory cgroup stats for /syz1: [ 464.933818][T12666] anon 295952384 [ 464.933818][T12666] file 0 [ 464.933818][T12666] kernel_stack 368640 [ 464.933818][T12666] slab 3862528 [ 464.933818][T12666] sock 0 [ 464.933818][T12666] shmem 0 [ 464.933818][T12666] file_mapped 0 [ 464.933818][T12666] file_dirty 0 [ 464.933818][T12666] file_writeback 0 [ 464.933818][T12666] anon_thp 245366784 [ 464.933818][T12666] inactive_anon 180920320 [ 464.933818][T12666] active_anon 13393920 [ 464.933818][T12666] inactive_file 0 [ 464.933818][T12666] active_file 0 [ 464.933818][T12666] unevictable 101638144 [ 464.933818][T12666] slab_reclaimable 675840 [ 464.933818][T12666] slab_unreclaimable 3186688 [ 464.933818][T12666] pgfault 148863 [ 464.933818][T12666] pgmajfault 0 [ 464.933818][T12666] workingset_refault 33 [ 464.933818][T12666] workingset_activate 0 [ 464.933818][T12666] workingset_nodereclaim 0 [ 464.933818][T12666] pgrefill 265 [ 464.933818][T12666] pgscan 330 [ 464.933818][T12666] pgsteal 66 [ 465.203540][T12666] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=12662,uid=0 [ 465.243304][T12666] Memory cgroup out of memory: Killed process 12666 (syz-executor.1) total-vm:72848kB, anon-rss:18460kB, file-rss:54368kB, shmem-rss:0kB, UID:0 pgtables:192512kB oom_score_adj:1000 [ 465.319928][ T1066] oom_reaper: reaped process 12666 (syz-executor.1), now anon-rss:18460kB, file-rss:54364kB, shmem-rss:0kB 10:21:22 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) sched_setattr(0x0, 0x0, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2(0x0, 0x800) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000200)='/dev/snapshot\x00', 0x288000, 0x0) syz_open_dev$audion(&(0x7f0000000240)='/dev/audio#\x00', 0x9, 0x200840) dup(0xffffffffffffffff) ioctl$RTC_VL_READ(0xffffffffffffffff, 0x80047013, &(0x7f00000000c0)) exit(0x7) write$binfmt_script(0xffffffffffffffff, &(0x7f00000003c0)={'#! ', './file0', [{0x20, '/dev/kvm\x00'}, {}, {}, {0x20, 'proc'}], 0xa, "df7c00e09c916729334fbe57a726284a85ae23e7eb165a0922b020a14afa53fc919ed5b5820a609af38acfc21c2cacee2f808e60eafcd3ec51fdb7f62ca135bbf86f9c1bbf9c23db4038c329b0e8d63563439cf1b94606299a6c503abe926decd68a7e671c7dfcc4125e9888fbc8ce452b52"}, 0x8e) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) r1 = syz_open_dev$amidi(&(0x7f0000000280)='/dev/amidi#\x00', 0xaf, 0x428240) ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(r1, 0xc080661a, &(0x7f00000002c0)={{0x2, 0x0, @identifier="8cff7fc81ac6de7927c1c322084eaabd"}}) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) r2 = syz_open_procfs(0x0, &(0x7f0000000180)='net/softnet_stat\x00') close(r2) ioctl$BINDER_GET_NODE_INFO_FOR_REF(0xffffffffffffffff, 0xc018620c, &(0x7f0000000180)={0x2}) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) dup(r3) open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, &(0x7f0000000100)={{0x7f, 0x3, 0x7, 0xa59e}, 'syz0\x00', 0x37}) 10:21:22 executing program 4: r0 = timerfd_create(0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)) readv(r0, &(0x7f0000000080)=[{&(0x7f0000000200)=""/4096, 0x1000}], 0x1) timerfd_settime(r0, 0x0, &(0x7f00000000c0)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x387b1d0849878266, 0x8031, 0xffffffffffffffff, 0x0) pkey_mprotect(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 10:21:22 executing program 2: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0)='NLBL_CIPSOv4\x00') socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000300)) sendmsg$NLBL_CIPSOV4_C_REMOVE(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000240), 0xc, 0x0, 0x1, 0x0, 0x0, 0x40004}, 0x0) sendmsg$NLBL_CIPSOV4_C_LIST(0xffffffffffffffff, &(0x7f00000006c0)={&(0x7f0000000340), 0xc, 0x0}, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$DRM_IOCTL_WAIT_VBLANK(0xffffffffffffffff, 0xc018643a, &(0x7f0000000440)={0x0, 0x7, 0x36}) setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000480)={0x0, @rand_addr, @local}, 0xc) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000001940)='/dev/qat_adf_ctl\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYRES16=0x0], 0x1}}, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$KVM_NMI(r4, 0xae9a) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r4, 0xae80, 0x0) 10:21:22 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = socket$inet_udp(0x2, 0x2, 0x0) close(r4) write$binfmt_elf32(r3, &(0x7f0000000400)=ANY=[@ANYRESOCT=0x0], 0x17) r5 = socket$inet(0x2, 0x3, 0x83) bind$inet(r4, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$inet_int(r5, 0x0, 0x3, &(0x7f0000000140)=0x7ff, 0x4) connect$inet(r4, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) setsockopt$SO_TIMESTAMPING(r4, 0x1, 0x41, &(0x7f0000000000)=0x440, 0x4) splice(r2, 0x0, r4, 0x0, 0x10005, 0x0) [ 467.082871][ T184] device hsr_slave_0 left promiscuous mode [ 467.152599][ T184] device hsr_slave_1 left promiscuous mode [ 467.168999][T12726] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 467.179629][T12726] CPU: 0 PID: 12726 Comm: syz-executor.1 Not tainted 5.5.0-rc1-syzkaller #0 [ 467.188310][T12726] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 467.198369][T12726] Call Trace: [ 467.201690][T12726] dump_stack+0x11d/0x181 [ 467.206078][T12726] dump_header+0xaa/0x39c [ 467.210573][T12726] oom_kill_process.cold+0x10/0x15 [ 467.215782][T12726] out_of_memory+0x231/0xa60 [ 467.220393][T12726] ? mem_cgroup_out_of_memory+0x85/0x150 [ 467.226052][T12726] ? mutex_lock_killable+0x25/0x60 [ 467.231179][T12726] mem_cgroup_out_of_memory+0x128/0x150 [ 467.236736][T12726] try_charge+0xb6c/0xbf0 [ 467.241070][T12726] ? rcu_note_context_switch+0x720/0x760 [ 467.246727][T12726] mem_cgroup_try_charge+0xd2/0x260 [ 467.252165][T12726] mem_cgroup_try_charge_delay+0x3a/0x80 [ 467.257837][T12726] wp_page_copy+0x322/0x1040 [ 467.262572][T12726] ? __read_once_size+0x41/0xe0 [ 467.267462][T12726] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 467.273468][T12726] do_wp_page+0x192/0xeb0 [ 467.277820][T12726] __handle_mm_fault+0x1d16/0x2e00 [ 467.283077][T12726] handle_mm_fault+0x21b/0x530 [ 467.287855][T12726] __get_user_pages+0x485/0x1130 [ 467.292948][T12726] populate_vma_page_range+0xe6/0x100 [ 467.298424][T12726] __mm_populate+0x168/0x2a0 [ 467.303028][T12726] __x64_sys_mlockall+0x2e3/0x320 [ 467.308091][T12726] do_syscall_64+0xcc/0x3a0 [ 467.312625][T12726] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 467.318547][T12726] RIP: 0033:0x45b349 [ 467.322454][T12726] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 467.342282][T12726] RSP: 002b:00007f8c5b458c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 467.350720][T12726] RAX: ffffffffffffffda RBX: 00007f8c5b4596d4 RCX: 000000000045b349 [ 467.358699][T12726] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 467.366679][T12726] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 467.374668][T12726] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 467.382668][T12726] R13: 0000000000000711 R14: 00000000004c8888 R15: 000000000075bfd4 [ 467.412536][T12726] memory: usage 307200kB, limit 307200kB, failcnt 4445 [ 467.419540][T12726] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 467.427001][T12726] Memory cgroup stats for /syz1: [ 467.428165][T12726] anon 305831936 [ 467.428165][T12726] file 0 [ 467.428165][T12726] kernel_stack 405504 [ 467.428165][T12726] slab 3862528 [ 467.428165][T12726] sock 0 [ 467.428165][T12726] shmem 0 [ 467.428165][T12726] file_mapped 0 [ 467.428165][T12726] file_dirty 0 [ 467.428165][T12726] file_writeback 0 [ 467.428165][T12726] anon_thp 253755392 [ 467.428165][T12726] inactive_anon 182517760 [ 467.428165][T12726] active_anon 13430784 [ 467.428165][T12726] inactive_file 0 [ 467.428165][T12726] active_file 0 [ 467.428165][T12726] unevictable 109903872 [ 467.428165][T12726] slab_reclaimable 675840 [ 467.428165][T12726] slab_unreclaimable 3186688 [ 467.428165][T12726] pgfault 150381 [ 467.428165][T12726] pgmajfault 0 [ 467.428165][T12726] workingset_refault 33 [ 467.428165][T12726] workingset_activate 0 [ 467.428165][T12726] workingset_nodereclaim 0 [ 467.428165][T12726] pgrefill 265 [ 467.428165][T12726] pgscan 330 [ 467.428165][T12726] pgsteal 66 [ 467.522690][ T184] team0 (unregistering): Port device team_slave_1 removed [ 467.522747][T12726] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=12718,uid=0 [ 467.545855][T12726] Memory cgroup out of memory: Killed process 12718 (syz-executor.1) total-vm:72716kB, anon-rss:18248kB, file-rss:54368kB, shmem-rss:0kB, UID:0 pgtables:192512kB oom_score_adj:1000 [ 467.546191][ T184] team0 (unregistering): Port device team_slave_0 removed [ 467.574602][ T1066] oom_reaper: reaped process 12718 (syz-executor.1), now anon-rss:18332kB, file-rss:54364kB, shmem-rss:0kB [ 467.586563][ T184] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 467.638010][ T184] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 467.725035][ T184] bond0 (unregistering): Released all slaves [ 467.878105][T12725] IPVS: ftp: loaded support on port[0] = 21 [ 468.130540][T12725] chnl_net:caif_netlink_parms(): no params data found [ 468.289948][T12725] bridge0: port 1(bridge_slave_0) entered blocking state [ 468.315257][T12725] bridge0: port 1(bridge_slave_0) entered disabled state [ 468.347839][T12725] device bridge_slave_0 entered promiscuous mode [ 468.372993][T12725] bridge0: port 2(bridge_slave_1) entered blocking state [ 468.402941][T12725] bridge0: port 2(bridge_slave_1) entered disabled state [ 468.418592][T12725] device bridge_slave_1 entered promiscuous mode [ 468.494055][T12725] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 468.519445][T12725] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 468.539878][T12725] team0: Port device team_slave_0 added [ 468.547496][T12725] team0: Port device team_slave_1 added [ 468.563626][T12725] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 468.570619][T12725] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 468.597273][T12725] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 468.609210][T12725] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 468.616452][T12725] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 468.642846][T12725] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 468.704949][T12725] device hsr_slave_0 entered promiscuous mode [ 468.742916][T12725] device hsr_slave_1 entered promiscuous mode [ 468.812544][T12725] debugfs: Directory 'hsr0' with parent '/' already present! [ 468.856663][T12725] bridge0: port 2(bridge_slave_1) entered blocking state [ 468.863766][T12725] bridge0: port 2(bridge_slave_1) entered forwarding state [ 468.871110][T12725] bridge0: port 1(bridge_slave_0) entered blocking state [ 468.878199][T12725] bridge0: port 1(bridge_slave_0) entered forwarding state [ 468.893403][ T7988] bridge0: port 1(bridge_slave_0) entered disabled state [ 468.901387][ T7988] bridge0: port 2(bridge_slave_1) entered disabled state [ 468.932604][T12725] 8021q: adding VLAN 0 to HW filter on device bond0 [ 468.944850][ T7991] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 468.952994][ T7991] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 468.963054][T12725] 8021q: adding VLAN 0 to HW filter on device team0 [ 468.973176][ T7986] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 468.981829][ T7986] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 468.990758][ T7986] bridge0: port 1(bridge_slave_0) entered blocking state [ 468.997827][ T7986] bridge0: port 1(bridge_slave_0) entered forwarding state [ 469.032973][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 469.041641][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 469.050130][ T26] bridge0: port 2(bridge_slave_1) entered blocking state [ 469.057181][ T26] bridge0: port 2(bridge_slave_1) entered forwarding state [ 469.065060][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 469.082930][ T7986] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 469.092156][ T7986] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 469.101350][ T7986] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 469.110042][ T7986] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 469.118815][ T7986] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 469.127519][ T7986] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 469.136154][ T7986] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 469.144754][ T7986] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 469.153420][ T7986] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 469.162119][T12725] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 469.170396][ T7986] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 469.186061][ T7991] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 469.193891][ T7991] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 469.205539][T12725] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 469.261874][T12725] device veth0_vlan entered promiscuous mode [ 469.269235][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 469.278109][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 469.286812][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 469.295392][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 469.305557][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 469.313777][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 469.324679][T12725] device veth1_vlan entered promiscuous mode [ 469.340834][ T7986] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 469.349073][ T7986] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 469.357456][ T7986] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 469.366372][ T7986] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 469.376986][T12725] device veth0_macvtap entered promiscuous mode [ 469.386671][T12725] device veth1_macvtap entered promiscuous mode [ 469.399656][T12725] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 469.410169][T12725] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 469.420183][T12725] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 469.430612][T12725] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 469.440721][T12725] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 469.452128][T12725] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 469.462140][T12725] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 469.472572][T12725] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 469.482665][T12725] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 469.493092][T12725] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 469.504424][T12725] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 469.512647][ T7991] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 469.520730][ T7991] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 469.529339][ T7991] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 469.538128][ T7991] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 469.548410][T12725] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 469.561083][T12725] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 469.571057][T12725] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 469.581543][T12725] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 469.591632][T12725] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 469.602089][T12725] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 469.613136][T12725] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 469.623661][T12725] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 469.633519][T12725] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 469.644095][T12725] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 469.655106][T12725] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 469.665937][ T2412] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 469.674769][ T2412] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 10:21:26 executing program 5: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$inet_icmp_ICMP_FILTER(r0, 0x1, 0x3e, &(0x7f0000000200)={0x2}, 0x4) sendto$inet(r0, &(0x7f0000000140)="ada4", 0x2, 0x0, &(0x7f0000000180)={0x2, 0x0, @rand_addr=0xfbd8}, 0x10) 10:21:26 executing program 0: r0 = timerfd_create(0x0, 0x0) readv(r0, &(0x7f0000000080)=[{&(0x7f0000000200)=""/4096, 0x1000}], 0x1) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x387b1d0849878266, 0x8031, 0xffffffffffffffff, 0x0) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pkey_mprotect(&(0x7f00002d5000/0x1000)=nil, 0x1000, 0x0, 0xffffffffffffffff) pkey_free(0xffffffffffffffff) 10:21:26 executing program 2: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0)='NLBL_CIPSOv4\x00') socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000300)) sendmsg$NLBL_CIPSOV4_C_REMOVE(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000240), 0xc, 0x0, 0x1, 0x0, 0x0, 0x40004}, 0x0) sendmsg$NLBL_CIPSOV4_C_LIST(0xffffffffffffffff, &(0x7f00000006c0)={&(0x7f0000000340), 0xc, 0x0}, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$DRM_IOCTL_WAIT_VBLANK(0xffffffffffffffff, 0xc018643a, &(0x7f0000000440)={0x0, 0x7, 0x36}) setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000480)={0x0, @rand_addr, @local}, 0xc) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000001940)='/dev/qat_adf_ctl\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYRES16=0x0], 0x1}}, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$KVM_NMI(r4, 0xae9a) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r4, 0xae80, 0x0) 10:21:26 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = socket$inet_udp(0x2, 0x2, 0x0) close(r4) write$binfmt_elf32(r3, &(0x7f0000000400)=ANY=[@ANYRESOCT=0x0], 0x17) r5 = socket$inet(0x2, 0x3, 0x83) bind$inet(r4, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$inet_int(r5, 0x0, 0x3, &(0x7f0000000140)=0x7ff, 0x4) connect$inet(r4, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) splice(r2, 0x0, r4, 0x0, 0x10005, 0x0) 10:21:26 executing program 4: r0 = timerfd_create(0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)) readv(r0, &(0x7f0000000080)=[{&(0x7f0000000200)=""/4096, 0x1000}], 0x1) timerfd_settime(r0, 0x0, &(0x7f00000000c0)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x387b1d0849878266, 0x8031, 0xffffffffffffffff, 0x0) pkey_mprotect(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 10:21:26 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) sched_setattr(0x0, 0x0, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2(0x0, 0x800) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000200)='/dev/snapshot\x00', 0x288000, 0x0) syz_open_dev$audion(&(0x7f0000000240)='/dev/audio#\x00', 0x9, 0x200840) dup(0xffffffffffffffff) ioctl$RTC_VL_READ(0xffffffffffffffff, 0x80047013, &(0x7f00000000c0)) exit(0x7) write$binfmt_script(0xffffffffffffffff, &(0x7f00000003c0)={'#! ', './file0', [{0x20, '/dev/kvm\x00'}, {}, {}, {0x20, 'proc'}], 0xa, "df7c00e09c916729334fbe57a726284a85ae23e7eb165a0922b020a14afa53fc919ed5b5820a609af38acfc21c2cacee2f808e60eafcd3ec51fdb7f62ca135bbf86f9c1bbf9c23db4038c329b0e8d63563439cf1b94606299a6c503abe926decd68a7e671c7dfcc4125e9888fbc8ce452b52"}, 0x8e) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) r1 = syz_open_dev$amidi(&(0x7f0000000280)='/dev/amidi#\x00', 0xaf, 0x428240) ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(r1, 0xc080661a, &(0x7f00000002c0)={{0x2, 0x0, @identifier="8cff7fc81ac6de7927c1c322084eaabd"}}) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) r2 = syz_open_procfs(0x0, &(0x7f0000000180)='net/softnet_stat\x00') close(r2) ioctl$BINDER_GET_NODE_INFO_FOR_REF(0xffffffffffffffff, 0xc018620c, &(0x7f0000000180)={0x2}) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) dup(r3) open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, &(0x7f0000000100)={{0x7f, 0x3, 0x7, 0xa59e}, 'syz0\x00', 0x37}) 10:21:26 executing program 5: r0 = syz_open_dev$usbfs(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x4000000000000071, 0x28841) unshare(0x400) ioctl$USBDEVFS_CLEAR_HALT(r0, 0x802c550a, 0x0) 10:21:26 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = socket$inet_udp(0x2, 0x2, 0x0) close(r4) write$binfmt_elf32(r3, &(0x7f0000000400)=ANY=[@ANYRESOCT=0x0], 0x17) r5 = socket$inet(0x2, 0x3, 0x83) bind$inet(r4, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$inet_int(r5, 0x0, 0x3, &(0x7f0000000140)=0x7ff, 0x4) connect$inet(r4, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) splice(r2, 0x0, r4, 0x0, 0x10005, 0x0) 10:21:26 executing program 2: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0)='NLBL_CIPSOv4\x00') socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000300)) sendmsg$NLBL_CIPSOV4_C_REMOVE(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000240), 0xc, 0x0, 0x1, 0x0, 0x0, 0x40004}, 0x0) sendmsg$NLBL_CIPSOV4_C_LIST(0xffffffffffffffff, &(0x7f00000006c0)={&(0x7f0000000340), 0xc, 0x0}, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$DRM_IOCTL_WAIT_VBLANK(0xffffffffffffffff, 0xc018643a, &(0x7f0000000440)={0x0, 0x7, 0x36}) setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000480)={0x0, @rand_addr, @local}, 0xc) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000001940)='/dev/qat_adf_ctl\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYRES16=0x0], 0x1}}, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$KVM_NMI(r4, 0xae9a) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r4, 0xae80, 0x0) [ 470.095791][T12754] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 470.123332][T12754] CPU: 1 PID: 12754 Comm: syz-executor.1 Not tainted 5.5.0-rc1-syzkaller #0 [ 470.132188][T12754] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 470.142427][T12754] Call Trace: [ 470.145737][T12754] dump_stack+0x11d/0x181 [ 470.150111][T12754] dump_header+0xaa/0x39c [ 470.154467][T12754] oom_kill_process.cold+0x10/0x15 [ 470.159603][T12754] out_of_memory+0x231/0xa60 [ 470.164208][T12754] ? __rcu_read_unlock+0x66/0x3d0 [ 470.169266][T12754] mem_cgroup_out_of_memory+0x128/0x150 [ 470.174862][T12754] try_charge+0xb6c/0xbf0 [ 470.179254][T12754] ? rcu_note_context_switch+0x720/0x760 [ 470.185049][T12754] mem_cgroup_try_charge+0xd2/0x260 [ 470.190464][T12754] mem_cgroup_try_charge_delay+0x3a/0x80 [ 470.196133][T12754] __handle_mm_fault+0x197f/0x2e00 [ 470.201270][T12754] handle_mm_fault+0x21b/0x530 [ 470.206182][T12754] __get_user_pages+0x485/0x1130 [ 470.211207][T12754] populate_vma_page_range+0xe6/0x100 [ 470.216645][T12754] __mm_populate+0x168/0x2a0 [ 470.221267][T12754] __x64_sys_mlockall+0x2e3/0x320 [ 470.226318][T12754] do_syscall_64+0xcc/0x3a0 [ 470.230876][T12754] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 470.236900][T12754] RIP: 0033:0x45b349 [ 470.240837][T12754] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 470.261096][T12754] RSP: 002b:00007f8c5b479c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 470.269550][T12754] RAX: ffffffffffffffda RBX: 00007f8c5b47a6d4 RCX: 000000000045b349 [ 470.277610][T12754] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 470.285589][T12754] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 10:21:26 executing program 5: r0 = timerfd_create(0x0, 0x0) readv(r0, &(0x7f0000000080)=[{&(0x7f0000000200)=""/4096, 0x1000}], 0x1) timerfd_settime(r0, 0x0, &(0x7f00000000c0)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x387b1d0849878266, 0x8031, 0xffffffffffffffff, 0x0) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x4, 0x4, 0x4, 0xd}, 0x2c) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000100)={r1, 0x28, &(0x7f0000000080)={0x0, 0x0}}, 0x10) r3 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={r2}, 0xc) mmap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0x11, r3, 0x0) pkey_mprotect(&(0x7f00002d5000/0x1000)=nil, 0x1000, 0x0, 0xffffffffffffffff) 10:21:26 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = socket$inet_udp(0x2, 0x2, 0x0) close(r4) write$binfmt_elf32(r3, &(0x7f0000000400)=ANY=[@ANYRESOCT=0x0], 0x17) r5 = socket$inet(0x2, 0x3, 0x83) bind$inet(r4, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$inet_int(r5, 0x0, 0x3, &(0x7f0000000140)=0x7ff, 0x4) connect$inet(r4, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) splice(r2, 0x0, r4, 0x0, 0x10005, 0x0) [ 470.293566][T12754] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 470.301580][T12754] R13: 0000000000000711 R14: 00000000004c8888 R15: 000000000075bf2c 10:21:27 executing program 2: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0)='NLBL_CIPSOv4\x00') socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000300)) sendmsg$NLBL_CIPSOV4_C_REMOVE(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000240), 0xc, 0x0, 0x1, 0x0, 0x0, 0x40004}, 0x0) sendmsg$NLBL_CIPSOV4_C_LIST(0xffffffffffffffff, &(0x7f00000006c0)={&(0x7f0000000340), 0xc, 0x0}, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$DRM_IOCTL_WAIT_VBLANK(0xffffffffffffffff, 0xc018643a, &(0x7f0000000440)={0x0, 0x7, 0x36}) setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000480)={0x0, @rand_addr, @local}, 0xc) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000001940)='/dev/qat_adf_ctl\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYRES16=0x0], 0x1}}, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r4, 0xae9a) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r4, 0xae80, 0x0) 10:21:27 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = socket$inet_udp(0x2, 0x2, 0x0) close(r4) write$binfmt_elf32(r3, &(0x7f0000000400)=ANY=[@ANYRESOCT=0x0], 0x17) r5 = socket$inet(0x2, 0x3, 0x83) bind$inet(r4, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$inet_int(r5, 0x0, 0x3, &(0x7f0000000140)=0x7ff, 0x4) setsockopt$SO_TIMESTAMPING(r4, 0x1, 0x41, &(0x7f0000000000)=0x440, 0x4) splice(r2, 0x0, r4, 0x0, 0x10005, 0x0) [ 470.670589][T12754] memory: usage 307200kB, limit 307200kB, failcnt 4471 [ 470.681196][T12754] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 470.688462][T12754] Memory cgroup stats for /syz1: [ 470.688828][T12754] anon 305836032 [ 470.688828][T12754] file 0 [ 470.688828][T12754] kernel_stack 405504 [ 470.688828][T12754] slab 4014080 [ 470.688828][T12754] sock 0 [ 470.688828][T12754] shmem 0 [ 470.688828][T12754] file_mapped 0 [ 470.688828][T12754] file_dirty 0 [ 470.688828][T12754] file_writeback 0 [ 470.688828][T12754] anon_thp 253755392 [ 470.688828][T12754] inactive_anon 189296640 [ 470.688828][T12754] active_anon 13434880 [ 470.688828][T12754] inactive_file 0 [ 470.688828][T12754] active_file 0 [ 470.688828][T12754] unevictable 103333888 [ 470.688828][T12754] slab_reclaimable 675840 [ 470.688828][T12754] slab_unreclaimable 3338240 [ 470.688828][T12754] pgfault 151074 [ 470.688828][T12754] pgmajfault 0 [ 470.688828][T12754] workingset_refault 33 [ 470.688828][T12754] workingset_activate 0 [ 470.688828][T12754] workingset_nodereclaim 0 [ 470.688828][T12754] pgrefill 265 [ 470.688828][T12754] pgscan 330 [ 470.688828][T12754] pgsteal 66 [ 470.822774][T12754] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=12727,uid=0 [ 470.881961][T12754] Memory cgroup out of memory: Killed process 12727 (syz-executor.1) total-vm:72716kB, anon-rss:18332kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:151552kB oom_score_adj:1000 10:21:27 executing program 0: r0 = timerfd_create(0x0, 0x0) readv(r0, &(0x7f0000000080)=[{&(0x7f0000000200)=""/4096, 0x1000}], 0x1) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x387b1d0849878266, 0x8031, 0xffffffffffffffff, 0x0) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pkey_mprotect(&(0x7f00002d5000/0x1000)=nil, 0x1000, 0x0, 0xffffffffffffffff) pkey_free(0xffffffffffffffff) 10:21:27 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = socket$inet_udp(0x2, 0x2, 0x0) close(r4) write$binfmt_elf32(r3, &(0x7f0000000400)=ANY=[@ANYRESOCT=0x0], 0x17) r5 = socket$inet(0x2, 0x3, 0x83) bind$inet(r4, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$inet_int(r5, 0x0, 0x3, &(0x7f0000000140)=0x7ff, 0x4) setsockopt$SO_TIMESTAMPING(r4, 0x1, 0x41, &(0x7f0000000000)=0x440, 0x4) splice(r2, 0x0, r4, 0x0, 0x10005, 0x0) 10:21:27 executing program 4: r0 = timerfd_create(0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)) readv(r0, &(0x7f0000000080)=[{&(0x7f0000000200)=""/4096, 0x1000}], 0x1) timerfd_settime(r0, 0x0, &(0x7f00000000c0)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x387b1d0849878266, 0x8031, 0xffffffffffffffff, 0x0) pkey_mprotect(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 10:21:27 executing program 2: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0)='NLBL_CIPSOv4\x00') socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000300)) sendmsg$NLBL_CIPSOV4_C_REMOVE(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000240), 0xc, 0x0, 0x1, 0x0, 0x0, 0x40004}, 0x0) sendmsg$NLBL_CIPSOV4_C_LIST(0xffffffffffffffff, &(0x7f00000006c0)={&(0x7f0000000340), 0xc, 0x0}, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$DRM_IOCTL_WAIT_VBLANK(0xffffffffffffffff, 0xc018643a, &(0x7f0000000440)={0x0, 0x7, 0x36}) setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000480)={0x0, @rand_addr, @local}, 0xc) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000001940)='/dev/qat_adf_ctl\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYRES16=0x0], 0x1}}, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r4, 0xae9a) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r4, 0xae80, 0x0) [ 471.948224][T12813] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 471.958613][T12813] CPU: 1 PID: 12813 Comm: syz-executor.1 Not tainted 5.5.0-rc1-syzkaller #0 [ 471.967419][T12813] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 471.978264][T12813] Call Trace: [ 471.981558][T12813] dump_stack+0x11d/0x181 [ 471.985956][T12813] dump_header+0xaa/0x39c [ 471.990330][T12813] oom_kill_process.cold+0x10/0x15 [ 471.995538][T12813] out_of_memory+0x231/0xa60 [ 472.000131][T12813] ? __rcu_read_unlock+0x66/0x3d0 [ 472.005168][T12813] mem_cgroup_out_of_memory+0x128/0x150 [ 472.010795][T12813] try_charge+0xb6c/0xbf0 [ 472.015147][T12813] ? rcu_note_context_switch+0x720/0x760 [ 472.020826][T12813] mem_cgroup_try_charge+0xd2/0x260 [ 472.026179][T12813] mem_cgroup_try_charge_delay+0x3a/0x80 [ 472.031876][T12813] wp_page_copy+0x322/0x1040 [ 472.036493][T12813] ? __read_once_size+0x41/0xe0 [ 472.041401][T12813] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 472.047423][T12813] do_wp_page+0x192/0xeb0 [ 472.051814][T12813] ? __handle_mm_fault+0x6c9/0x2e00 [ 472.057080][T12813] __handle_mm_fault+0x1d16/0x2e00 [ 472.062354][T12813] handle_mm_fault+0x21b/0x530 [ 472.067137][T12813] __get_user_pages+0x485/0x1130 [ 472.072186][T12813] populate_vma_page_range+0xe6/0x100 [ 472.077871][T12813] __mm_populate+0x168/0x2a0 [ 472.082480][T12813] __x64_sys_mlockall+0x2e3/0x320 [ 472.087521][T12813] do_syscall_64+0xcc/0x3a0 [ 472.092144][T12813] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 472.098052][T12813] RIP: 0033:0x45b349 [ 472.102073][T12813] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 472.122941][T12813] RSP: 002b:00007f8c5b458c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 472.131488][T12813] RAX: ffffffffffffffda RBX: 00007f8c5b4596d4 RCX: 000000000045b349 [ 472.139597][T12813] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 472.147746][T12813] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 472.155752][T12813] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 472.163921][T12813] R13: 0000000000000711 R14: 00000000004c8888 R15: 000000000075bfd4 [ 472.175240][T12813] memory: usage 307200kB, limit 307200kB, failcnt 4494 [ 472.182200][T12813] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 472.189856][T12813] Memory cgroup stats for /syz1: [ 472.191257][T12813] anon 305717248 [ 472.191257][T12813] file 0 [ 472.191257][T12813] kernel_stack 368640 [ 472.191257][T12813] slab 4014080 [ 472.191257][T12813] sock 0 [ 472.191257][T12813] shmem 0 [ 472.191257][T12813] file_mapped 0 [ 472.191257][T12813] file_dirty 0 [ 472.191257][T12813] file_writeback 0 [ 472.191257][T12813] anon_thp 251658240 [ 472.191257][T12813] inactive_anon 181460992 [ 472.191257][T12813] active_anon 13434880 [ 472.191257][T12813] inactive_file 0 [ 472.191257][T12813] active_file 0 [ 472.191257][T12813] unevictable 111046656 [ 472.191257][T12813] slab_reclaimable 675840 [ 472.191257][T12813] slab_unreclaimable 3338240 [ 472.191257][T12813] pgfault 152361 [ 472.191257][T12813] pgmajfault 0 [ 472.191257][T12813] workingset_refault 33 [ 472.191257][T12813] workingset_activate 0 [ 472.191257][T12813] workingset_nodereclaim 0 [ 472.191257][T12813] pgrefill 265 [ 472.191257][T12813] pgscan 330 [ 472.191257][T12813] pgsteal 66 [ 472.289362][T12813] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=12749,uid=0 [ 472.305197][T12813] Memory cgroup out of memory: Killed process 12749 (syz-executor.1) total-vm:72716kB, anon-rss:18248kB, file-rss:54368kB, shmem-rss:0kB, UID:0 pgtables:192512kB oom_score_adj:1000 [ 472.325552][ T1066] oom_reaper: reaped process 12749 (syz-executor.1), now anon-rss:18332kB, file-rss:54364kB, shmem-rss:0kB 10:21:29 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) sched_setattr(0x0, 0x0, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000200)='/dev/snapshot\x00', 0x288000, 0x0) syz_open_dev$audion(&(0x7f0000000240)='/dev/audio#\x00', 0x9, 0x200840) dup(r1) ioctl$RTC_VL_READ(r1, 0x80047013, &(0x7f00000000c0)) exit(0x7) write$binfmt_script(0xffffffffffffffff, &(0x7f00000003c0)={'#! ', './file0', [{0x20, '/dev/kvm\x00'}, {}, {}, {0x20, 'proc'}], 0xa, "df7c00e09c916729334fbe57a726284a85ae23e7eb165a0922b020a14afa53fc919ed5b5820a609af38acfc21c2cacee2f808e60eafcd3ec51fdb7f62ca135bbf86f9c1bbf9c23db4038c329b0e8d63563439cf1b94606299a6c503abe926decd68a7e671c7dfcc4125e9888fbc8ce452b52"}, 0x8e) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) r2 = syz_open_dev$amidi(&(0x7f0000000280)='/dev/amidi#\x00', 0xaf, 0x428240) ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(r2, 0xc080661a, &(0x7f00000002c0)={{0x2, 0x0, @identifier="8cff7fc81ac6de7927c1c322084eaabd"}}) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) r3 = syz_open_procfs(0x0, &(0x7f0000000180)='net/softnet_stat\x00') close(r3) ioctl$BINDER_GET_NODE_INFO_FOR_REF(0xffffffffffffffff, 0xc018620c, &(0x7f0000000180)={0x2}) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) dup(r4) open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, &(0x7f0000000100)={{0x7f, 0x3, 0x7, 0xa59e}, 'syz0\x00', 0x37}) 10:21:29 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = socket$inet_udp(0x2, 0x2, 0x0) close(r4) write$binfmt_elf32(r3, &(0x7f0000000400)=ANY=[@ANYRESOCT=0x0], 0x17) r5 = socket$inet(0x2, 0x3, 0x83) bind$inet(r4, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$inet_int(r5, 0x0, 0x3, &(0x7f0000000140)=0x7ff, 0x4) setsockopt$SO_TIMESTAMPING(r4, 0x1, 0x41, &(0x7f0000000000)=0x440, 0x4) splice(r2, 0x0, r4, 0x0, 0x10005, 0x0) 10:21:29 executing program 2: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0)='NLBL_CIPSOv4\x00') socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000300)) sendmsg$NLBL_CIPSOV4_C_REMOVE(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000240), 0xc, 0x0, 0x1, 0x0, 0x0, 0x40004}, 0x0) sendmsg$NLBL_CIPSOV4_C_LIST(0xffffffffffffffff, &(0x7f00000006c0)={&(0x7f0000000340), 0xc, 0x0}, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$DRM_IOCTL_WAIT_VBLANK(0xffffffffffffffff, 0xc018643a, &(0x7f0000000440)={0x0, 0x7, 0x36}) setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000480)={0x0, @rand_addr, @local}, 0xc) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000001940)='/dev/qat_adf_ctl\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYRES16=0x0], 0x1}}, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r4, 0xae9a) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r4, 0xae80, 0x0) 10:21:29 executing program 5: r0 = timerfd_create(0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) readv(r0, &(0x7f0000000080)=[{&(0x7f0000000200)=""/4096, 0x1000}], 0x1) timerfd_settime(r0, 0x0, &(0x7f00000000c0)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x387b1d0849878266, 0x8031, 0xffffffffffffffff, 0x0) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pkey_free(0xffffffffffffffff) pkey_mprotect(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0xffffffffffffffff) 10:21:29 executing program 4: r0 = timerfd_create(0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)) readv(r0, &(0x7f0000000080)=[{&(0x7f0000000200)=""/4096, 0x1000}], 0x1) timerfd_settime(r0, 0x0, &(0x7f00000000c0)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pkey_mprotect(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 10:21:29 executing program 0: r0 = timerfd_create(0x0, 0x0) timerfd_settime(r0, 0x0, &(0x7f00000000c0)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x387b1d0849878266, 0x8031, 0xffffffffffffffff, 0x0) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pkey_mprotect(&(0x7f00002d5000/0x1000)=nil, 0x1000, 0x0, 0xffffffffffffffff) pkey_free(0xffffffffffffffff) 10:21:29 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = socket$inet_udp(0x2, 0x2, 0x0) close(r4) write$binfmt_elf32(r3, &(0x7f0000000400)=ANY=[@ANYRESOCT=0x0], 0x17) socket$inet(0x2, 0x3, 0x83) bind$inet(r4, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) connect$inet(r4, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) setsockopt$SO_TIMESTAMPING(r4, 0x1, 0x41, &(0x7f0000000000)=0x440, 0x4) splice(r2, 0x0, r4, 0x0, 0x10005, 0x0) 10:21:29 executing program 4: r0 = timerfd_create(0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)) readv(r0, &(0x7f0000000080)=[{&(0x7f0000000200)=""/4096, 0x1000}], 0x1) timerfd_settime(r0, 0x0, &(0x7f00000000c0)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pkey_mprotect(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 10:21:29 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = socket$inet_udp(0x2, 0x2, 0x0) close(r4) write$binfmt_elf32(r3, &(0x7f0000000400)=ANY=[@ANYRESOCT=0x0], 0x17) socket$inet(0x2, 0x3, 0x83) bind$inet(r4, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) connect$inet(r4, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) setsockopt$SO_TIMESTAMPING(r4, 0x1, 0x41, &(0x7f0000000000)=0x440, 0x4) splice(r2, 0x0, r4, 0x0, 0x10005, 0x0) 10:21:29 executing program 2: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0)='NLBL_CIPSOv4\x00') socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000300)) sendmsg$NLBL_CIPSOV4_C_REMOVE(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000240), 0xc, 0x0, 0x1, 0x0, 0x0, 0x40004}, 0x0) sendmsg$NLBL_CIPSOV4_C_LIST(0xffffffffffffffff, &(0x7f00000006c0)={&(0x7f0000000340), 0xc, 0x0}, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$DRM_IOCTL_WAIT_VBLANK(0xffffffffffffffff, 0xc018643a, &(0x7f0000000440)={0x0, 0x7, 0x36}) setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000480)={0x0, @rand_addr, @local}, 0xc) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000001940)='/dev/qat_adf_ctl\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYRES16=0x0], 0x1}}, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$KVM_NMI(0xffffffffffffffff, 0xae9a) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r4, 0xae80, 0x0) [ 473.125852][T12836] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 473.161970][T12836] CPU: 1 PID: 12836 Comm: syz-executor.1 Not tainted 5.5.0-rc1-syzkaller #0 [ 473.170677][T12836] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 473.180737][T12836] Call Trace: [ 473.184045][T12836] dump_stack+0x11d/0x181 [ 473.188495][T12836] dump_header+0xaa/0x39c [ 473.192844][T12836] oom_kill_process.cold+0x10/0x15 [ 473.198106][T12836] out_of_memory+0x231/0xa60 [ 473.202745][T12836] ? __rcu_read_unlock+0x66/0x3d0 [ 473.208306][T12836] mem_cgroup_out_of_memory+0x128/0x150 [ 473.213909][T12836] try_charge+0xb6c/0xbf0 [ 473.218274][T12836] ? rcu_note_context_switch+0x720/0x760 [ 473.223934][T12836] mem_cgroup_try_charge+0xd2/0x260 [ 473.229171][T12836] mem_cgroup_try_charge_delay+0x3a/0x80 [ 473.234900][T12836] __handle_mm_fault+0x197f/0x2e00 [ 473.240149][T12836] handle_mm_fault+0x21b/0x530 [ 473.244995][T12836] __get_user_pages+0x485/0x1130 [ 473.249992][T12836] populate_vma_page_range+0xe6/0x100 [ 473.255399][T12836] __mm_populate+0x168/0x2a0 [ 473.261884][T12836] __x64_sys_mlockall+0x2e3/0x320 [ 473.267091][T12836] do_syscall_64+0xcc/0x3a0 [ 473.271617][T12836] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 473.277753][T12836] RIP: 0033:0x45b349 [ 473.281755][T12836] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 473.301400][T12836] RSP: 002b:00007f8c5b479c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 473.309844][T12836] RAX: ffffffffffffffda RBX: 00007f8c5b47a6d4 RCX: 000000000045b349 [ 473.317886][T12836] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 10:21:29 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = socket$inet_udp(0x2, 0x2, 0x0) close(r4) write$binfmt_elf32(r3, &(0x7f0000000400)=ANY=[@ANYRESOCT=0x0], 0x17) socket$inet(0x2, 0x3, 0x83) bind$inet(r4, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) connect$inet(r4, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) setsockopt$SO_TIMESTAMPING(r4, 0x1, 0x41, &(0x7f0000000000)=0x440, 0x4) splice(r2, 0x0, r4, 0x0, 0x10005, 0x0) [ 473.325902][T12836] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 473.333877][T12836] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 473.342228][T12836] R13: 0000000000000711 R14: 00000000004c8888 R15: 000000000075bf2c 10:21:29 executing program 4: r0 = timerfd_create(0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)) readv(r0, &(0x7f0000000080)=[{&(0x7f0000000200)=""/4096, 0x1000}], 0x1) timerfd_settime(r0, 0x0, &(0x7f00000000c0)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pkey_mprotect(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) [ 473.416027][T12836] memory: usage 307200kB, limit 307200kB, failcnt 4532 [ 473.436001][T12836] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 473.496591][T12836] Memory cgroup stats for /syz1: [ 473.496827][T12836] anon 305836032 [ 473.496827][T12836] file 0 [ 473.496827][T12836] kernel_stack 368640 [ 473.496827][T12836] slab 4014080 [ 473.496827][T12836] sock 0 [ 473.496827][T12836] shmem 0 [ 473.496827][T12836] file_mapped 0 [ 473.496827][T12836] file_dirty 0 [ 473.496827][T12836] file_writeback 0 [ 473.496827][T12836] anon_thp 251658240 [ 473.496827][T12836] inactive_anon 189202432 [ 473.496827][T12836] active_anon 13447168 [ 473.496827][T12836] inactive_file 0 [ 473.496827][T12836] active_file 0 [ 473.496827][T12836] unevictable 103333888 [ 473.496827][T12836] slab_reclaimable 675840 [ 473.496827][T12836] slab_unreclaimable 3338240 [ 473.496827][T12836] pgfault 153054 [ 473.496827][T12836] pgmajfault 0 [ 473.496827][T12836] workingset_refault 33 [ 473.496827][T12836] workingset_activate 0 [ 473.496827][T12836] workingset_nodereclaim 0 [ 473.496827][T12836] pgrefill 265 [ 473.496827][T12836] pgscan 330 [ 473.496827][T12836] pgsteal 66 [ 473.637623][T12836] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=12814,uid=0 [ 473.657656][T12836] Memory cgroup out of memory: Killed process 12814 (syz-executor.1) total-vm:72716kB, anon-rss:18332kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:151552kB oom_score_adj:1000 [ 474.360494][T12872] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 474.371320][T12872] CPU: 1 PID: 12872 Comm: syz-executor.1 Not tainted 5.5.0-rc1-syzkaller #0 [ 474.380020][T12872] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 474.390242][T12872] Call Trace: [ 474.393586][T12872] dump_stack+0x11d/0x181 [ 474.397986][T12872] dump_header+0xaa/0x39c [ 474.402425][T12872] oom_kill_process.cold+0x10/0x15 [ 474.407744][T12872] out_of_memory+0x231/0xa60 [ 474.412385][T12872] ? __rcu_read_unlock+0x66/0x3d0 [ 474.417564][T12872] mem_cgroup_out_of_memory+0x128/0x150 [ 474.423302][T12872] try_charge+0xb6c/0xbf0 [ 474.427643][T12872] ? rcu_note_context_switch+0x720/0x760 [ 474.433393][T12872] mem_cgroup_try_charge+0xd2/0x260 [ 474.438615][T12872] mem_cgroup_try_charge_delay+0x3a/0x80 [ 474.444807][T12872] wp_page_copy+0x322/0x1040 [ 474.449466][T12872] ? __read_once_size+0x41/0xe0 [ 474.454323][T12872] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 474.460282][T12872] do_wp_page+0x192/0xeb0 [ 474.464606][T12872] __handle_mm_fault+0x1d16/0x2e00 [ 474.469815][T12872] handle_mm_fault+0x21b/0x530 [ 474.474800][T12872] __get_user_pages+0x485/0x1130 [ 474.479806][T12872] populate_vma_page_range+0xe6/0x100 [ 474.485334][T12872] __mm_populate+0x168/0x2a0 [ 474.489932][T12872] __x64_sys_mlockall+0x2e3/0x320 [ 474.495098][T12872] do_syscall_64+0xcc/0x3a0 [ 474.499784][T12872] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 474.505847][T12872] RIP: 0033:0x45b349 [ 474.509871][T12872] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 474.529479][T12872] RSP: 002b:00007f8c5b458c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 474.538208][T12872] RAX: ffffffffffffffda RBX: 00007f8c5b4596d4 RCX: 000000000045b349 [ 474.546408][T12872] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 474.554410][T12872] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 474.562740][T12872] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 474.571046][T12872] R13: 0000000000000711 R14: 00000000004c8888 R15: 000000000075bfd4 [ 474.583336][T12872] memory: usage 307184kB, limit 307200kB, failcnt 4570 [ 474.590639][T12872] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 474.597647][T12872] Memory cgroup stats for /syz1: [ 474.598628][T12872] anon 305782784 [ 474.598628][T12872] file 0 [ 474.598628][T12872] kernel_stack 368640 [ 474.598628][T12872] slab 4014080 [ 474.598628][T12872] sock 0 [ 474.598628][T12872] shmem 0 [ 474.598628][T12872] file_mapped 0 [ 474.598628][T12872] file_dirty 0 [ 474.598628][T12872] file_writeback 0 [ 474.598628][T12872] anon_thp 251658240 [ 474.598628][T12872] inactive_anon 181276672 [ 474.598628][T12872] active_anon 13447168 [ 474.598628][T12872] inactive_file 0 [ 474.598628][T12872] active_file 0 [ 474.598628][T12872] unevictable 111046656 [ 474.598628][T12872] slab_reclaimable 675840 [ 474.598628][T12872] slab_unreclaimable 3338240 [ 474.598628][T12872] pgfault 154341 [ 474.598628][T12872] pgmajfault 0 [ 474.598628][T12872] workingset_refault 33 [ 474.598628][T12872] workingset_activate 0 [ 474.598628][T12872] workingset_nodereclaim 0 [ 474.598628][T12872] pgrefill 265 [ 474.598628][T12872] pgscan 330 [ 474.598628][T12872] pgsteal 66 [ 474.695416][T12872] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=12831,uid=0 [ 474.711422][T12872] Memory cgroup out of memory: Killed process 12831 (syz-executor.1) total-vm:72716kB, anon-rss:18248kB, file-rss:54368kB, shmem-rss:0kB, UID:0 pgtables:192512kB oom_score_adj:1000 [ 474.732315][ T1066] oom_reaper: reaped process 12831 (syz-executor.1), now anon-rss:18332kB, file-rss:54364kB, shmem-rss:0kB 10:21:31 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) sched_setattr(0x0, 0x0, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000200)='/dev/snapshot\x00', 0x288000, 0x0) syz_open_dev$audion(&(0x7f0000000240)='/dev/audio#\x00', 0x9, 0x200840) dup(r1) ioctl$RTC_VL_READ(r1, 0x80047013, &(0x7f00000000c0)) exit(0x7) write$binfmt_script(0xffffffffffffffff, &(0x7f00000003c0)={'#! ', './file0', [{0x20, '/dev/kvm\x00'}, {}, {}, {0x20, 'proc'}], 0xa, "df7c00e09c916729334fbe57a726284a85ae23e7eb165a0922b020a14afa53fc919ed5b5820a609af38acfc21c2cacee2f808e60eafcd3ec51fdb7f62ca135bbf86f9c1bbf9c23db4038c329b0e8d63563439cf1b94606299a6c503abe926decd68a7e671c7dfcc4125e9888fbc8ce452b52"}, 0x8e) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) r2 = syz_open_dev$amidi(&(0x7f0000000280)='/dev/amidi#\x00', 0xaf, 0x428240) ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(r2, 0xc080661a, &(0x7f00000002c0)={{0x2, 0x0, @identifier="8cff7fc81ac6de7927c1c322084eaabd"}}) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) r3 = syz_open_procfs(0x0, &(0x7f0000000180)='net/softnet_stat\x00') close(r3) ioctl$BINDER_GET_NODE_INFO_FOR_REF(0xffffffffffffffff, 0xc018620c, &(0x7f0000000180)={0x2}) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) dup(r4) open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, &(0x7f0000000100)={{0x7f, 0x3, 0x7, 0xa59e}, 'syz0\x00', 0x37}) 10:21:31 executing program 0: r0 = timerfd_create(0x0, 0x0) timerfd_settime(r0, 0x0, &(0x7f00000000c0)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x387b1d0849878266, 0x8031, 0xffffffffffffffff, 0x0) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pkey_mprotect(&(0x7f00002d5000/0x1000)=nil, 0x1000, 0x0, 0xffffffffffffffff) pkey_free(0xffffffffffffffff) 10:21:31 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = socket$inet_udp(0x2, 0x2, 0x0) close(r4) write$binfmt_elf32(r3, &(0x7f0000000400)=ANY=[@ANYRESOCT=0x0], 0x17) r5 = socket$inet(0x2, 0x3, 0x83) setsockopt$inet_int(r5, 0x0, 0x3, &(0x7f0000000140)=0x7ff, 0x4) connect$inet(r4, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) setsockopt$SO_TIMESTAMPING(r4, 0x1, 0x41, &(0x7f0000000000)=0x440, 0x4) splice(r2, 0x0, r4, 0x0, 0x10005, 0x0) 10:21:31 executing program 2: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0)='NLBL_CIPSOv4\x00') socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000300)) sendmsg$NLBL_CIPSOV4_C_REMOVE(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000240), 0xc, 0x0, 0x1, 0x0, 0x0, 0x40004}, 0x0) sendmsg$NLBL_CIPSOV4_C_LIST(0xffffffffffffffff, &(0x7f00000006c0)={&(0x7f0000000340), 0xc, 0x0}, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$DRM_IOCTL_WAIT_VBLANK(0xffffffffffffffff, 0xc018643a, &(0x7f0000000440)={0x0, 0x7, 0x36}) setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000480)={0x0, @rand_addr, @local}, 0xc) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000001940)='/dev/qat_adf_ctl\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYRES16=0x0], 0x1}}, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$KVM_NMI(0xffffffffffffffff, 0xae9a) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r4, 0xae80, 0x0) 10:21:31 executing program 4: r0 = timerfd_create(0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)) readv(r0, &(0x7f0000000080)=[{&(0x7f0000000200)=""/4096, 0x1000}], 0x1) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x387b1d0849878266, 0x8031, 0xffffffffffffffff, 0x0) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pkey_mprotect(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 10:21:31 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller1\x00', 0x420000015001}) r1 = open(&(0x7f000000fffa)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x12, r1, 0x0) write$tun(r0, &(0x7f00000001c0)={@void, @val={0x0, 0x0, 0x14}, @mpls={[], @ipv4=@icmp={{0x5, 0x4, 0x0, 0x0, 0x90, 0x0, 0x0, 0x0, 0x21, 0x0, @empty, @empty}, @echo_reply={0xc}}}}, 0xfdef) 10:21:31 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = socket$inet_udp(0x2, 0x2, 0x0) close(r4) write$binfmt_elf32(r3, &(0x7f0000000400)=ANY=[@ANYRESOCT=0x0], 0x17) r5 = socket$inet(0x2, 0x3, 0x83) setsockopt$inet_int(r5, 0x0, 0x3, &(0x7f0000000140)=0x7ff, 0x4) connect$inet(r4, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) setsockopt$SO_TIMESTAMPING(r4, 0x1, 0x41, &(0x7f0000000000)=0x440, 0x4) splice(r2, 0x0, r4, 0x0, 0x10005, 0x0) 10:21:31 executing program 5: r0 = socket(0xa, 0x1, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) pipe(0x0) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ttyS3\x00', 0x0, 0x0) [ 475.167055][T12889] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 475.203134][T12889] CPU: 1 PID: 12889 Comm: syz-executor.1 Not tainted 5.5.0-rc1-syzkaller #0 [ 475.211872][T12889] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 475.221936][T12889] Call Trace: [ 475.225277][T12889] dump_stack+0x11d/0x181 [ 475.229631][T12889] dump_header+0xaa/0x39c [ 475.234011][T12889] oom_kill_process.cold+0x10/0x15 [ 475.239160][T12889] out_of_memory+0x231/0xa60 [ 475.243913][T12889] ? __rcu_read_unlock+0x66/0x3d0 [ 475.248991][T12889] mem_cgroup_out_of_memory+0x128/0x150 [ 475.254589][T12889] try_charge+0xb6c/0xbf0 [ 475.258976][T12889] ? rcu_note_context_switch+0x720/0x760 [ 475.264656][T12889] mem_cgroup_try_charge+0xd2/0x260 [ 475.269874][T12889] mem_cgroup_try_charge_delay+0x3a/0x80 [ 475.275544][T12889] __handle_mm_fault+0x197f/0x2e00 [ 475.281028][T12889] handle_mm_fault+0x21b/0x530 [ 475.285810][T12889] __get_user_pages+0x485/0x1130 [ 475.290773][T12889] populate_vma_page_range+0xe6/0x100 [ 475.296192][T12889] __mm_populate+0x168/0x2a0 [ 475.300807][T12889] __x64_sys_mlockall+0x2e3/0x320 [ 475.306048][T12889] do_syscall_64+0xcc/0x3a0 [ 475.310599][T12889] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 475.316534][T12889] RIP: 0033:0x45b349 [ 475.320544][T12889] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 475.340156][T12889] RSP: 002b:00007f8c5b479c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 475.348731][T12889] RAX: ffffffffffffffda RBX: 00007f8c5b47a6d4 RCX: 000000000045b349 [ 475.356771][T12889] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 10:21:31 executing program 2: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0)='NLBL_CIPSOv4\x00') socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000300)) sendmsg$NLBL_CIPSOV4_C_REMOVE(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000240), 0xc, 0x0, 0x1, 0x0, 0x0, 0x40004}, 0x0) sendmsg$NLBL_CIPSOV4_C_LIST(0xffffffffffffffff, &(0x7f00000006c0)={&(0x7f0000000340), 0xc, 0x0}, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$DRM_IOCTL_WAIT_VBLANK(0xffffffffffffffff, 0xc018643a, &(0x7f0000000440)={0x0, 0x7, 0x36}) setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000480)={0x0, @rand_addr, @local}, 0xc) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000001940)='/dev/qat_adf_ctl\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYRES16=0x0], 0x1}}, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$KVM_NMI(0xffffffffffffffff, 0xae9a) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r4, 0xae80, 0x0) 10:21:31 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = socket$inet_udp(0x2, 0x2, 0x0) close(r4) write$binfmt_elf32(r3, &(0x7f0000000400)=ANY=[@ANYRESOCT=0x0], 0x17) r5 = socket$inet(0x2, 0x3, 0x83) setsockopt$inet_int(r5, 0x0, 0x3, &(0x7f0000000140)=0x7ff, 0x4) connect$inet(r4, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) setsockopt$SO_TIMESTAMPING(r4, 0x1, 0x41, &(0x7f0000000000)=0x440, 0x4) splice(r2, 0x0, r4, 0x0, 0x10005, 0x0) [ 475.364838][T12889] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 475.372817][T12889] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 475.380794][T12889] R13: 0000000000000711 R14: 00000000004c8888 R15: 000000000075bf2c 10:21:31 executing program 5: bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB="9feb01001800000000000000240000002400000002000000000000000000000202000000000000000100000400000040000000d1fea03aa7319a1500000039588eeed62cd290c39fa5e7699299068a764c73a7fce5a94b6fc9802bf29d9e41740c88266dcc1ff61a461bd926e12ed70f490de4bbb5becb4226011201093e3f589f82e0033abe4b92bca243241616bb04f911765a17248f502b65eb47e6b00c048d2567d65d39a37b5dc1db5ac1384e41d7cc195b96b11d269e7cb8783e651eb8a740ce3deb08e69657647c8b27cfe0fccf99561594b98d1e2d7ef1eea0a7e7a52680e6c17b6d364eaeb9dfcbdfe07a7b4d46ff06131f6f712a24e4cfc8a4ad1cc3d6b55e2dd1d7c51fc444bdc4bb7d3541b30736230000000000000000"], 0x0, 0x3e}, 0x20) 10:21:32 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = socket$inet_udp(0x2, 0x2, 0x0) close(r4) write$binfmt_elf32(r3, &(0x7f0000000400)=ANY=[@ANYRESOCT=0x0], 0x17) bind$inet(r4, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x3, &(0x7f0000000140)=0x7ff, 0x4) connect$inet(r4, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) setsockopt$SO_TIMESTAMPING(r4, 0x1, 0x41, &(0x7f0000000000)=0x440, 0x4) splice(r2, 0x0, r4, 0x0, 0x10005, 0x0) [ 475.653227][T12889] memory: usage 307200kB, limit 307200kB, failcnt 4583 [ 475.678869][T12889] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 475.733344][T12889] Memory cgroup stats for /syz1: [ 475.735661][T12889] anon 305778688 [ 475.735661][T12889] file 0 [ 475.735661][T12889] kernel_stack 368640 [ 475.735661][T12889] slab 4014080 [ 475.735661][T12889] sock 0 [ 475.735661][T12889] shmem 0 [ 475.735661][T12889] file_mapped 0 [ 475.735661][T12889] file_dirty 0 [ 475.735661][T12889] file_writeback 0 [ 475.735661][T12889] anon_thp 251658240 [ 475.735661][T12889] inactive_anon 189210624 [ 475.735661][T12889] active_anon 13463552 [ 475.735661][T12889] inactive_file 0 [ 475.735661][T12889] active_file 0 [ 475.735661][T12889] unevictable 103202816 [ 475.735661][T12889] slab_reclaimable 675840 [ 475.735661][T12889] slab_unreclaimable 3338240 [ 475.735661][T12889] pgfault 155067 [ 475.735661][T12889] pgmajfault 0 [ 475.735661][T12889] workingset_refault 33 [ 475.735661][T12889] workingset_activate 0 [ 475.735661][T12889] workingset_nodereclaim 0 [ 475.735661][T12889] pgrefill 265 [ 475.735661][T12889] pgscan 330 [ 475.735661][T12889] pgsteal 66 [ 475.832992][T12889] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=12873,uid=0 [ 475.849089][T12889] Memory cgroup out of memory: Killed process 12873 (syz-executor.1) total-vm:72716kB, anon-rss:18332kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:151552kB oom_score_adj:1000 [ 475.876277][ T1066] oom_reaper: reaped process 12873 (syz-executor.1), now anon-rss:0kB, file-rss:34688kB, shmem-rss:0kB [ 476.393243][T12922] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 476.404245][T12922] CPU: 1 PID: 12922 Comm: syz-executor.1 Not tainted 5.5.0-rc1-syzkaller #0 [ 476.412936][T12922] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 476.422988][T12922] Call Trace: [ 476.426273][T12922] dump_stack+0x11d/0x181 [ 476.430740][T12922] dump_header+0xaa/0x39c [ 476.435133][T12922] oom_kill_process.cold+0x10/0x15 [ 476.440263][T12922] out_of_memory+0x231/0xa60 [ 476.444854][T12922] ? __tsan_write_range+0x8a/0x100 [ 476.449998][T12922] mem_cgroup_out_of_memory+0x128/0x150 [ 476.455705][T12922] try_charge+0xb6c/0xbf0 [ 476.460133][T12922] ? rcu_note_context_switch+0x720/0x760 [ 476.465760][T12922] mem_cgroup_try_charge+0xd2/0x260 [ 476.470947][T12922] mem_cgroup_try_charge_delay+0x3a/0x80 [ 476.476687][T12922] wp_page_copy+0x322/0x1040 [ 476.481321][T12922] ? __read_once_size+0x41/0xe0 [ 476.486189][T12922] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 476.492165][T12922] do_wp_page+0x192/0xeb0 [ 476.496516][T12922] ? __handle_mm_fault+0x15ad/0x2e00 [ 476.501827][T12922] __handle_mm_fault+0x1d16/0x2e00 [ 476.507066][T12922] handle_mm_fault+0x21b/0x530 [ 476.511938][T12922] __get_user_pages+0x485/0x1130 [ 476.516997][T12922] populate_vma_page_range+0xe6/0x100 [ 476.522400][T12922] __mm_populate+0x168/0x2a0 [ 476.527007][T12922] __x64_sys_mlockall+0x2e3/0x320 [ 476.532023][T12922] do_syscall_64+0xcc/0x3a0 [ 476.536539][T12922] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 476.542539][T12922] RIP: 0033:0x45b349 [ 476.546421][T12922] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 476.566124][T12922] RSP: 002b:00007f8c5b458c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 476.574682][T12922] RAX: ffffffffffffffda RBX: 00007f8c5b4596d4 RCX: 000000000045b349 [ 476.582938][T12922] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 476.590977][T12922] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 476.599025][T12922] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 476.606990][T12922] R13: 0000000000000711 R14: 00000000004c8888 R15: 000000000075bfd4 [ 476.616530][T12922] memory: usage 307200kB, limit 307200kB, failcnt 4630 [ 476.626650][T12922] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 476.633588][T12922] Memory cgroup stats for /syz1: [ 476.634709][T12922] anon 305754112 [ 476.634709][T12922] file 0 [ 476.634709][T12922] kernel_stack 368640 [ 476.634709][T12922] slab 4014080 [ 476.634709][T12922] sock 0 [ 476.634709][T12922] shmem 0 [ 476.634709][T12922] file_mapped 0 [ 476.634709][T12922] file_dirty 0 [ 476.634709][T12922] file_writeback 0 [ 476.634709][T12922] anon_thp 251658240 [ 476.634709][T12922] inactive_anon 181174272 [ 476.634709][T12922] active_anon 13463552 [ 476.634709][T12922] inactive_file 0 [ 476.634709][T12922] active_file 0 [ 476.634709][T12922] unevictable 111042560 [ 476.634709][T12922] slab_reclaimable 675840 [ 476.634709][T12922] slab_unreclaimable 3338240 [ 476.634709][T12922] pgfault 156354 [ 476.634709][T12922] pgmajfault 0 [ 476.634709][T12922] workingset_refault 33 [ 476.634709][T12922] workingset_activate 0 [ 476.634709][T12922] workingset_nodereclaim 0 [ 476.634709][T12922] pgrefill 265 [ 476.634709][T12922] pgscan 330 [ 476.634709][T12922] pgsteal 66 [ 476.729323][T12922] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=12882,uid=0 [ 476.745474][T12922] Memory cgroup out of memory: Killed process 12882 (syz-executor.1) total-vm:72716kB, anon-rss:18248kB, file-rss:54368kB, shmem-rss:0kB, UID:0 pgtables:192512kB oom_score_adj:1000 [ 476.765829][ T1066] oom_reaper: reaped process 12882 (syz-executor.1), now anon-rss:18332kB, file-rss:54364kB, shmem-rss:0kB 10:21:33 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) sched_setattr(0x0, 0x0, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000200)='/dev/snapshot\x00', 0x288000, 0x0) syz_open_dev$audion(&(0x7f0000000240)='/dev/audio#\x00', 0x9, 0x200840) dup(r1) ioctl$RTC_VL_READ(r1, 0x80047013, &(0x7f00000000c0)) exit(0x7) write$binfmt_script(0xffffffffffffffff, &(0x7f00000003c0)={'#! ', './file0', [{0x20, '/dev/kvm\x00'}, {}, {}, {0x20, 'proc'}], 0xa, "df7c00e09c916729334fbe57a726284a85ae23e7eb165a0922b020a14afa53fc919ed5b5820a609af38acfc21c2cacee2f808e60eafcd3ec51fdb7f62ca135bbf86f9c1bbf9c23db4038c329b0e8d63563439cf1b94606299a6c503abe926decd68a7e671c7dfcc4125e9888fbc8ce452b52"}, 0x8e) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) r2 = syz_open_dev$amidi(&(0x7f0000000280)='/dev/amidi#\x00', 0xaf, 0x428240) ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(r2, 0xc080661a, &(0x7f00000002c0)={{0x2, 0x0, @identifier="8cff7fc81ac6de7927c1c322084eaabd"}}) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) r3 = syz_open_procfs(0x0, &(0x7f0000000180)='net/softnet_stat\x00') close(r3) ioctl$BINDER_GET_NODE_INFO_FOR_REF(0xffffffffffffffff, 0xc018620c, &(0x7f0000000180)={0x2}) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) dup(r4) open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, &(0x7f0000000100)={{0x7f, 0x3, 0x7, 0xa59e}, 'syz0\x00', 0x37}) 10:21:33 executing program 2: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0)='NLBL_CIPSOv4\x00') socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000300)) sendmsg$NLBL_CIPSOV4_C_REMOVE(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000240), 0xc, 0x0, 0x1, 0x0, 0x0, 0x40004}, 0x0) sendmsg$NLBL_CIPSOV4_C_LIST(0xffffffffffffffff, &(0x7f00000006c0)={&(0x7f0000000340), 0xc, 0x0}, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$DRM_IOCTL_WAIT_VBLANK(0xffffffffffffffff, 0xc018643a, &(0x7f0000000440)={0x0, 0x7, 0x36}) setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000480)={0x0, @rand_addr, @local}, 0xc) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000001940)='/dev/qat_adf_ctl\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYRES16=0x0], 0x1}}, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$KVM_NMI(r4, 0xae9a) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r4, 0xae80, 0x0) 10:21:33 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = socket$inet_udp(0x2, 0x2, 0x0) close(r4) write$binfmt_elf32(r3, &(0x7f0000000400)=ANY=[@ANYRESOCT=0x0], 0x17) bind$inet(r4, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x3, &(0x7f0000000140)=0x7ff, 0x4) connect$inet(r4, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) setsockopt$SO_TIMESTAMPING(r4, 0x1, 0x41, &(0x7f0000000000)=0x440, 0x4) splice(r2, 0x0, r4, 0x0, 0x10005, 0x0) 10:21:33 executing program 0: r0 = timerfd_create(0x0, 0x0) timerfd_settime(r0, 0x0, &(0x7f00000000c0)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x387b1d0849878266, 0x8031, 0xffffffffffffffff, 0x0) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pkey_mprotect(&(0x7f00002d5000/0x1000)=nil, 0x1000, 0x0, 0xffffffffffffffff) pkey_free(0xffffffffffffffff) 10:21:33 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22}, 0x1c) sendto$inet6(r0, 0x0, 0x0, 0x24048000, &(0x7f00000001c0)={0xa, 0x0, 0x0, @remote, 0x3082}, 0x1c) listen(r0, 0x0) r1 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r1, &(0x7f0000000080)=[{&(0x7f0000000200)="580000001500add427323b470c45b4560a067fffffff81004e22000d00ff0028925aa80020007b00090080000efffeffe809000000ff0000f03ac710d1070000ffffffffffffffffffe7ee00000000000000000200000000", 0x58}], 0x1) 10:21:33 executing program 4: r0 = timerfd_create(0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)) readv(r0, &(0x7f0000000080)=[{&(0x7f0000000200)=""/4096, 0x1000}], 0x1) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x387b1d0849878266, 0x8031, 0xffffffffffffffff, 0x0) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pkey_mprotect(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 10:21:33 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = socket$inet_udp(0x2, 0x2, 0x0) close(r4) write$binfmt_elf32(r3, &(0x7f0000000400)=ANY=[@ANYRESOCT=0x0], 0x17) bind$inet(r4, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x3, &(0x7f0000000140)=0x7ff, 0x4) connect$inet(r4, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) setsockopt$SO_TIMESTAMPING(r4, 0x1, 0x41, &(0x7f0000000000)=0x440, 0x4) splice(r2, 0x0, r4, 0x0, 0x10005, 0x0) [ 477.040354][T12934] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. 10:21:33 executing program 5: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$inet_icmp_ICMP_FILTER(r0, 0x1, 0x3e, &(0x7f0000000200)={0x3}, 0x4) sendto$inet(r0, &(0x7f0000000000)="ada4", 0x2, 0x0, &(0x7f0000000180)={0x2, 0x0, @remote}, 0x10) 10:21:33 executing program 2: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0)='NLBL_CIPSOv4\x00') socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000300)) sendmsg$NLBL_CIPSOV4_C_REMOVE(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000240), 0xc, 0x0, 0x1, 0x0, 0x0, 0x40004}, 0x0) sendmsg$NLBL_CIPSOV4_C_LIST(0xffffffffffffffff, &(0x7f00000006c0)={&(0x7f0000000340), 0xc, 0x0}, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$DRM_IOCTL_WAIT_VBLANK(0xffffffffffffffff, 0xc018643a, &(0x7f0000000440)={0x0, 0x7, 0x36}) setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000480)={0x0, @rand_addr, @local}, 0xc) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000001940)='/dev/qat_adf_ctl\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYRES16=0x0], 0x1}}, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$KVM_NMI(r4, 0xae9a) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r4, 0xae80, 0x0) [ 477.242176][T12941] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 10:21:33 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) pipe(&(0x7f0000000240)={0xffffffffffffffff}) r3 = socket$inet_udp(0x2, 0x2, 0x0) close(r3) r4 = socket$inet(0x2, 0x3, 0x83) bind$inet(r3, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$inet_int(r4, 0x0, 0x3, &(0x7f0000000140)=0x7ff, 0x4) connect$inet(r3, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) setsockopt$SO_TIMESTAMPING(r3, 0x1, 0x41, &(0x7f0000000000)=0x440, 0x4) splice(r2, 0x0, r3, 0x0, 0x10005, 0x0) 10:21:33 executing program 5: r0 = syz_open_dev$usbfs(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x4000000000000071, 0x28841) unshare(0x400) ioctl$USBDEVFS_CLEAR_HALT(r0, 0x80045519, 0x0) [ 477.347591][T12941] CPU: 0 PID: 12941 Comm: syz-executor.1 Not tainted 5.5.0-rc1-syzkaller #0 [ 477.356315][T12941] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 477.366459][T12941] Call Trace: [ 477.369777][T12941] dump_stack+0x11d/0x181 [ 477.374124][T12941] dump_header+0xaa/0x39c [ 477.378477][T12941] oom_kill_process.cold+0x10/0x15 [ 477.383649][T12941] out_of_memory+0x231/0xa60 [ 477.388256][T12941] ? __rcu_read_unlock+0x66/0x3d0 [ 477.393342][T12941] mem_cgroup_out_of_memory+0x128/0x150 [ 477.398947][T12941] try_charge+0xb6c/0xbf0 [ 477.403302][T12941] ? rcu_note_context_switch+0x720/0x760 [ 477.408975][T12941] mem_cgroup_try_charge+0xd2/0x260 [ 477.414215][T12941] mem_cgroup_try_charge_delay+0x3a/0x80 [ 477.419944][T12941] __handle_mm_fault+0x197f/0x2e00 [ 477.425091][T12941] handle_mm_fault+0x21b/0x530 [ 477.429876][T12941] __get_user_pages+0x485/0x1130 [ 477.434830][T12941] populate_vma_page_range+0xe6/0x100 [ 477.440217][T12941] __mm_populate+0x168/0x2a0 [ 477.444898][T12941] __x64_sys_mlockall+0x2e3/0x320 [ 477.450032][T12941] do_syscall_64+0xcc/0x3a0 [ 477.454554][T12941] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 477.460588][T12941] RIP: 0033:0x45b349 [ 477.464571][T12941] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 477.484180][T12941] RSP: 002b:00007f8c5b479c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 477.492729][T12941] RAX: ffffffffffffffda RBX: 00007f8c5b47a6d4 RCX: 000000000045b349 [ 477.500724][T12941] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 477.508892][T12941] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 477.516969][T12941] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 477.524952][T12941] R13: 0000000000000711 R14: 00000000004c8888 R15: 000000000075bf2c 10:21:34 executing program 0: readv(0xffffffffffffffff, &(0x7f0000000080)=[{&(0x7f0000000200)=""/4096, 0x1000}], 0x1) timerfd_settime(0xffffffffffffffff, 0x0, &(0x7f00000000c0)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x387b1d0849878266, 0x8031, 0xffffffffffffffff, 0x0) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pkey_mprotect(&(0x7f00002d5000/0x1000)=nil, 0x1000, 0x0, 0xffffffffffffffff) pkey_free(0xffffffffffffffff) [ 477.552813][T12941] memory: usage 307200kB, limit 307200kB, failcnt 4647 [ 477.561971][T12941] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 477.629068][T12958] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 477.782473][T12941] Memory cgroup stats for /syz1: [ 477.782709][T12941] anon 305795072 [ 477.782709][T12941] file 0 [ 477.782709][T12941] kernel_stack 368640 [ 477.782709][T12941] slab 4014080 [ 477.782709][T12941] sock 0 [ 477.782709][T12941] shmem 0 [ 477.782709][T12941] file_mapped 0 [ 477.782709][T12941] file_dirty 0 [ 477.782709][T12941] file_writeback 0 [ 477.782709][T12941] anon_thp 251658240 [ 477.782709][T12941] inactive_anon 189140992 [ 477.782709][T12941] active_anon 13434880 [ 477.782709][T12941] inactive_file 0 [ 477.782709][T12941] active_file 0 [ 477.782709][T12941] unevictable 103182336 [ 477.782709][T12941] slab_reclaimable 675840 [ 477.782709][T12941] slab_unreclaimable 3338240 [ 477.782709][T12941] pgfault 157080 [ 477.782709][T12941] pgmajfault 0 [ 477.782709][T12941] workingset_refault 33 [ 477.782709][T12941] workingset_activate 0 [ 477.782709][T12941] workingset_nodereclaim 0 [ 477.782709][T12941] pgrefill 265 [ 477.782709][T12941] pgscan 330 [ 477.782709][T12941] pgsteal 66 [ 477.881980][T12941] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=12923,uid=0 [ 477.901330][T12941] Memory cgroup out of memory: Killed process 12923 (syz-executor.1) total-vm:72716kB, anon-rss:18332kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:151552kB oom_score_adj:1000 [ 477.932731][ T1066] oom_reaper: reaped process 12923 (syz-executor.1), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 478.553779][T12973] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 478.564405][T12973] CPU: 0 PID: 12973 Comm: syz-executor.1 Not tainted 5.5.0-rc1-syzkaller #0 [ 478.573157][T12973] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 478.583282][T12973] Call Trace: [ 478.586566][T12973] dump_stack+0x11d/0x181 [ 478.590889][T12973] dump_header+0xaa/0x39c [ 478.595218][T12973] oom_kill_process.cold+0x10/0x15 [ 478.600370][T12973] out_of_memory+0x231/0xa60 [ 478.604959][T12973] mem_cgroup_out_of_memory+0x128/0x150 [ 478.610516][T12973] try_charge+0xb6c/0xbf0 [ 478.614877][T12973] ? rcu_note_context_switch+0x720/0x760 [ 478.620594][T12973] mem_cgroup_try_charge+0xd2/0x260 [ 478.625785][T12973] mem_cgroup_try_charge_delay+0x3a/0x80 [ 478.631588][T12973] wp_page_copy+0x322/0x1040 [ 478.636168][T12973] ? __read_once_size+0x41/0xe0 [ 478.641016][T12973] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 478.646968][T12973] do_wp_page+0x192/0xeb0 [ 478.651306][T12973] __handle_mm_fault+0x1d16/0x2e00 [ 478.656470][T12973] handle_mm_fault+0x21b/0x530 [ 478.661258][T12973] __get_user_pages+0x485/0x1130 [ 478.666258][T12973] populate_vma_page_range+0xe6/0x100 [ 478.671692][T12973] __mm_populate+0x168/0x2a0 [ 478.676294][T12973] __x64_sys_mlockall+0x2e3/0x320 [ 478.681415][T12973] do_syscall_64+0xcc/0x3a0 [ 478.685911][T12973] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 478.691877][T12973] RIP: 0033:0x45b349 [ 478.695859][T12973] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 478.715550][T12973] RSP: 002b:00007f8c5b458c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 478.723948][T12973] RAX: ffffffffffffffda RBX: 00007f8c5b4596d4 RCX: 000000000045b349 [ 478.731959][T12973] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 478.739915][T12973] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 478.748046][T12973] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 478.756011][T12973] R13: 0000000000000711 R14: 00000000004c8888 R15: 000000000075bfd4 [ 478.765974][T12973] memory: usage 307200kB, limit 307200kB, failcnt 4698 [ 478.773015][T12973] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 478.779898][T12973] Memory cgroup stats for /syz1: [ 478.780644][T12973] anon 305819648 [ 478.780644][T12973] file 0 [ 478.780644][T12973] kernel_stack 368640 [ 478.780644][T12973] slab 4014080 [ 478.780644][T12973] sock 0 [ 478.780644][T12973] shmem 0 [ 478.780644][T12973] file_mapped 0 [ 478.780644][T12973] file_dirty 0 [ 478.780644][T12973] file_writeback 0 [ 478.780644][T12973] anon_thp 251658240 [ 478.780644][T12973] inactive_anon 181452800 [ 478.780644][T12973] active_anon 13434880 [ 478.780644][T12973] inactive_file 0 [ 478.780644][T12973] active_file 0 [ 478.780644][T12973] unevictable 111046656 [ 478.780644][T12973] slab_reclaimable 675840 [ 478.780644][T12973] slab_unreclaimable 3338240 [ 478.780644][T12973] pgfault 158334 [ 478.780644][T12973] pgmajfault 0 [ 478.780644][T12973] workingset_refault 33 [ 478.780644][T12973] workingset_activate 0 [ 478.780644][T12973] workingset_nodereclaim 0 [ 478.780644][T12973] pgrefill 265 [ 478.780644][T12973] pgscan 330 [ 478.780644][T12973] pgsteal 66 [ 478.874880][ T0] NOHZ: local_softirq_pending 08 [ 478.875302][T12973] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=12938,uid=0 [ 478.895760][T12973] Memory cgroup out of memory: Killed process 12938 (syz-executor.1) total-vm:72716kB, anon-rss:18332kB, file-rss:54368kB, shmem-rss:0kB, UID:0 pgtables:192512kB oom_score_adj:1000 [ 478.915859][ T1066] oom_reaper: reaped process 12938 (syz-executor.1), now anon-rss:18332kB, file-rss:54364kB, shmem-rss:0kB 10:21:35 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) sched_setattr(0x0, 0x0, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) openat$snapshot(0xffffffffffffff9c, 0x0, 0x288000, 0x0) syz_open_dev$audion(&(0x7f0000000240)='/dev/audio#\x00', 0x9, 0x200840) dup(r1) ioctl$RTC_VL_READ(r1, 0x80047013, &(0x7f00000000c0)) exit(0x7) write$binfmt_script(0xffffffffffffffff, &(0x7f00000003c0)={'#! ', './file0', [{0x20, '/dev/kvm\x00'}, {}, {}, {0x20, 'proc'}], 0xa, "df7c00e09c916729334fbe57a726284a85ae23e7eb165a0922b020a14afa53fc919ed5b5820a609af38acfc21c2cacee2f808e60eafcd3ec51fdb7f62ca135bbf86f9c1bbf9c23db4038c329b0e8d63563439cf1b94606299a6c503abe926decd68a7e671c7dfcc4125e9888fbc8ce452b52"}, 0x8e) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) r2 = syz_open_dev$amidi(&(0x7f0000000280)='/dev/amidi#\x00', 0xaf, 0x428240) ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(r2, 0xc080661a, &(0x7f00000002c0)={{0x2, 0x0, @identifier="8cff7fc81ac6de7927c1c322084eaabd"}}) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) r3 = syz_open_procfs(0x0, &(0x7f0000000180)='net/softnet_stat\x00') close(r3) ioctl$BINDER_GET_NODE_INFO_FOR_REF(0xffffffffffffffff, 0xc018620c, &(0x7f0000000180)={0x2}) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) dup(r4) open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, &(0x7f0000000100)={{0x7f, 0x3, 0x7, 0xa59e}, 'syz0\x00', 0x37}) 10:21:35 executing program 5: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000b80)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00') r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) sendfile(r2, r1, 0x0, 0x209) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) r3 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r3, 0x800) lseek(r3, 0x0, 0x0) r4 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00') r5 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) sendfile(r5, r4, 0x0, 0x209) unshare(0x20400) r6 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00') r7 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) sendfile(r7, r6, 0x0, 0x209) getitimer(0x2, 0x0) r8 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r3, r8, 0x0, 0x8400fffffffa) 10:21:35 executing program 0: readv(0xffffffffffffffff, &(0x7f0000000080)=[{&(0x7f0000000200)=""/4096, 0x1000}], 0x1) timerfd_settime(0xffffffffffffffff, 0x0, &(0x7f00000000c0)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x387b1d0849878266, 0x8031, 0xffffffffffffffff, 0x0) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pkey_mprotect(&(0x7f00002d5000/0x1000)=nil, 0x1000, 0x0, 0xffffffffffffffff) pkey_free(0xffffffffffffffff) 10:21:35 executing program 4: r0 = timerfd_create(0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)) readv(r0, &(0x7f0000000080)=[{&(0x7f0000000200)=""/4096, 0x1000}], 0x1) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x387b1d0849878266, 0x8031, 0xffffffffffffffff, 0x0) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pkey_mprotect(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 10:21:35 executing program 2: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0)='NLBL_CIPSOv4\x00') socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000300)) sendmsg$NLBL_CIPSOV4_C_REMOVE(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000240), 0xc, 0x0, 0x1, 0x0, 0x0, 0x40004}, 0x0) sendmsg$NLBL_CIPSOV4_C_LIST(0xffffffffffffffff, &(0x7f00000006c0)={&(0x7f0000000340), 0xc, 0x0}, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$DRM_IOCTL_WAIT_VBLANK(0xffffffffffffffff, 0xc018643a, &(0x7f0000000440)={0x0, 0x7, 0x36}) setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000480)={0x0, @rand_addr, @local}, 0xc) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000001940)='/dev/qat_adf_ctl\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYRES16=0x0], 0x1}}, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$KVM_NMI(r4, 0xae9a) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r4, 0xae80, 0x0) 10:21:35 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) pipe(&(0x7f0000000240)={0xffffffffffffffff}) r3 = socket$inet_udp(0x2, 0x2, 0x0) close(r3) r4 = socket$inet(0x2, 0x3, 0x83) bind$inet(r3, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$inet_int(r4, 0x0, 0x3, &(0x7f0000000140)=0x7ff, 0x4) connect$inet(r3, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) setsockopt$SO_TIMESTAMPING(r3, 0x1, 0x41, &(0x7f0000000000)=0x440, 0x4) splice(r2, 0x0, r3, 0x0, 0x10005, 0x0) [ 479.490954][T12985] attempt to access beyond end of device [ 479.529315][T12985] loop5: rw=2049, want=81, limit=63 [ 479.543067][T12988] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 479.591215][T12985] attempt to access beyond end of device [ 479.622647][T12985] loop5: rw=2049, want=78, limit=63 [ 479.637470][ T27] audit: type=1804 audit(1579602096.126:44): pid=12996 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir241202061/syzkaller.eVV3we/11/file0/bus" dev="loop5" ino=56 res=1 [ 479.649373][T12993] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 479.673021][T12985] Buffer I/O error on dev loop5, logical block 77, lost async page write [ 479.686222][T12993] CPU: 1 PID: 12993 Comm: syz-executor.1 Not tainted 5.5.0-rc1-syzkaller #0 [ 479.692515][T12996] attempt to access beyond end of device [ 479.694991][T12993] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 479.700739][T12996] loop5: rw=0, want=78, limit=63 [ 479.710792][T12993] Call Trace: [ 479.710816][T12993] dump_stack+0x11d/0x181 [ 479.710840][T12993] dump_header+0xaa/0x39c [ 479.710943][T12993] oom_kill_process.cold+0x10/0x15 [ 479.732903][T12993] out_of_memory+0x231/0xa60 [ 479.737502][T12993] ? __rcu_read_unlock+0x66/0x3d0 [ 479.742623][T12993] mem_cgroup_out_of_memory+0x128/0x150 [ 479.748193][T12993] try_charge+0xb6c/0xbf0 [ 479.752534][T12993] ? rcu_note_context_switch+0x720/0x760 [ 479.758198][T12993] mem_cgroup_try_charge+0xd2/0x260 [ 479.762587][T12996] Buffer I/O error on dev loop5, logical block 77, async page read [ 479.763569][T12993] mem_cgroup_try_charge_delay+0x3a/0x80 [ 479.763667][T12993] __handle_mm_fault+0x197f/0x2e00 [ 479.782508][T12993] handle_mm_fault+0x21b/0x530 [ 479.787299][T12993] __get_user_pages+0x485/0x1130 [ 479.792267][T12993] populate_vma_page_range+0xe6/0x100 [ 479.797772][T12993] __mm_populate+0x168/0x2a0 [ 479.802375][T12993] __x64_sys_mlockall+0x2e3/0x320 [ 479.807508][T12993] do_syscall_64+0xcc/0x3a0 [ 479.812037][T12993] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 479.812727][ T27] audit: type=1804 audit(1579602096.176:45): pid=12985 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir241202061/syzkaller.eVV3we/11/file0/bus" dev="loop5" ino=56 res=1 [ 479.817953][T12993] RIP: 0033:0x45b349 [ 479.846094][T12993] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 479.865870][T12993] RSP: 002b:00007f8c5b479c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 479.872689][T12996] attempt to access beyond end of device [ 479.874309][T12993] RAX: ffffffffffffffda RBX: 00007f8c5b47a6d4 RCX: 000000000045b349 10:21:36 executing program 2: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0)='NLBL_CIPSOv4\x00') socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000300)) sendmsg$NLBL_CIPSOV4_C_REMOVE(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000240), 0xc, 0x0, 0x1, 0x0, 0x0, 0x40004}, 0x0) sendmsg$NLBL_CIPSOV4_C_LIST(0xffffffffffffffff, &(0x7f00000006c0)={&(0x7f0000000340), 0xc, 0x0}, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$DRM_IOCTL_WAIT_VBLANK(0xffffffffffffffff, 0xc018643a, &(0x7f0000000440)={0x0, 0x7, 0x36}) setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000480)={0x0, @rand_addr, @local}, 0xc) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000001940)='/dev/qat_adf_ctl\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYRES16=0x0], 0x1}}, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$KVM_NMI(r4, 0xae9a) ioctl$KVM_SET_REGS(r4, 0x4090ae82, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) [ 479.879959][T12996] loop5: rw=2049, want=130, limit=63 [ 479.887899][T12993] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 479.887945][T12993] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 479.887955][T12993] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 479.887976][T12993] R13: 0000000000000711 R14: 00000000004c8888 R15: 000000000075bf2c [ 479.962801][ T27] audit: type=1804 audit(1579602096.176:46): pid=12985 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir241202061/syzkaller.eVV3we/11/file0/bus" dev="loop5" ino=56 res=1 [ 480.017786][ T27] audit: type=1804 audit(1579602096.176:47): pid=12996 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir241202061/syzkaller.eVV3we/11/file0/bus" dev="loop5" ino=56 res=1 10:21:36 executing program 5: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000b80)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00') r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) sendfile(r2, r1, 0x0, 0x209) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) r3 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r3, 0x800) lseek(r3, 0x0, 0x0) r4 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00') r5 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) sendfile(r5, r4, 0x0, 0x209) unshare(0x20400) r6 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00') r7 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) sendfile(r7, r6, 0x0, 0x209) getitimer(0x2, 0x0) r8 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r3, r8, 0x0, 0x8400fffffffa) [ 480.072544][ T27] audit: type=1804 audit(1579602096.456:48): pid=12985 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir241202061/syzkaller.eVV3we/11/file0/bus" dev="loop5" ino=56 res=1 [ 480.121085][ T27] audit: type=1804 audit(1579602096.456:49): pid=12998 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir241202061/syzkaller.eVV3we/11/file0/bus" dev="loop5" ino=56 res=1 [ 480.121222][T12993] memory: usage 307200kB, limit 307200kB, failcnt 4737 10:21:36 executing program 0: readv(0xffffffffffffffff, &(0x7f0000000080)=[{&(0x7f0000000200)=""/4096, 0x1000}], 0x1) timerfd_settime(0xffffffffffffffff, 0x0, &(0x7f00000000c0)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x387b1d0849878266, 0x8031, 0xffffffffffffffff, 0x0) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pkey_mprotect(&(0x7f00002d5000/0x1000)=nil, 0x1000, 0x0, 0xffffffffffffffff) pkey_free(0xffffffffffffffff) [ 480.202914][T12993] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 480.229608][T12993] Memory cgroup stats for /syz1: [ 480.230741][T12993] anon 305799168 [ 480.230741][T12993] file 0 [ 480.230741][T12993] kernel_stack 368640 [ 480.230741][T12993] slab 4014080 [ 480.230741][T12993] sock 0 [ 480.230741][T12993] shmem 0 [ 480.230741][T12993] file_mapped 0 [ 480.230741][T12993] file_dirty 0 [ 480.230741][T12993] file_writeback 0 [ 480.230741][T12993] anon_thp 251658240 [ 480.230741][T12993] inactive_anon 189202432 [ 480.230741][T12993] active_anon 13418496 [ 480.230741][T12993] inactive_file 0 [ 480.230741][T12993] active_file 0 [ 480.230741][T12993] unevictable 103206912 [ 480.230741][T12993] slab_reclaimable 675840 [ 480.230741][T12993] slab_unreclaimable 3338240 [ 480.230741][T12993] pgfault 159060 [ 480.230741][T12993] pgmajfault 0 [ 480.230741][T12993] workingset_refault 33 [ 480.230741][T12993] workingset_activate 0 [ 480.230741][T12993] workingset_nodereclaim 0 [ 480.230741][T12993] pgrefill 265 [ 480.230741][T12993] pgscan 330 [ 480.230741][T12993] pgsteal 66 [ 480.239450][T13004] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. 10:21:36 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) pipe(&(0x7f0000000240)={0xffffffffffffffff}) r3 = socket$inet_udp(0x2, 0x2, 0x0) close(r3) r4 = socket$inet(0x2, 0x3, 0x83) bind$inet(r3, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$inet_int(r4, 0x0, 0x3, &(0x7f0000000140)=0x7ff, 0x4) connect$inet(r3, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) setsockopt$SO_TIMESTAMPING(r3, 0x1, 0x41, &(0x7f0000000000)=0x440, 0x4) splice(r2, 0x0, r3, 0x0, 0x10005, 0x0) 10:21:37 executing program 2: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0)='NLBL_CIPSOv4\x00') socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000300)) sendmsg$NLBL_CIPSOV4_C_REMOVE(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000240), 0xc, 0x0, 0x1, 0x0, 0x0, 0x40004}, 0x0) sendmsg$NLBL_CIPSOV4_C_LIST(0xffffffffffffffff, &(0x7f00000006c0)={&(0x7f0000000340), 0xc, 0x0}, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$DRM_IOCTL_WAIT_VBLANK(0xffffffffffffffff, 0xc018643a, &(0x7f0000000440)={0x0, 0x7, 0x36}) setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000480)={0x0, @rand_addr, @local}, 0xc) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000001940)='/dev/qat_adf_ctl\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYRES16=0x0], 0x1}}, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$KVM_NMI(r4, 0xae9a) ioctl$KVM_SET_REGS(r4, 0x4090ae82, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 10:21:37 executing program 4: r0 = timerfd_create(0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)) timerfd_settime(r0, 0x0, &(0x7f00000000c0)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x387b1d0849878266, 0x8031, 0xffffffffffffffff, 0x0) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pkey_mprotect(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) [ 480.620794][T12993] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=12974,uid=0 [ 480.645236][T12993] Memory cgroup out of memory: Killed process 12974 (syz-executor.1) total-vm:72716kB, anon-rss:18332kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:151552kB oom_score_adj:1000 [ 480.675590][T13015] attempt to access beyond end of device [ 480.697669][T13015] loop5: rw=2049, want=81, limit=63 [ 480.775892][T13015] attempt to access beyond end of device [ 480.787440][T13015] loop5: rw=2049, want=78, limit=63 [ 480.821087][T13015] Buffer I/O error on dev loop5, logical block 77, lost async page write [ 480.835080][T13025] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 480.857443][T13015] attempt to access beyond end of device [ 480.862785][ T27] audit: type=1804 audit(1579602097.346:50): pid=13015 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir241202061/syzkaller.eVV3we/12/file0/bus" dev="loop5" ino=57 res=1 [ 480.888008][T13015] loop5: rw=0, want=78, limit=63 [ 480.900951][T13015] Buffer I/O error on dev loop5, logical block 77, async page read [ 481.583641][T13035] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 481.594055][T13035] CPU: 0 PID: 13035 Comm: syz-executor.1 Not tainted 5.5.0-rc1-syzkaller #0 [ 481.602857][T13035] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 481.612948][T13035] Call Trace: [ 481.616254][T13035] dump_stack+0x11d/0x181 [ 481.620637][T13035] dump_header+0xaa/0x39c [ 481.624989][T13035] oom_kill_process.cold+0x10/0x15 [ 481.630202][T13035] out_of_memory+0x231/0xa60 [ 481.634781][T13035] ? __rcu_read_unlock+0x66/0x3d0 [ 481.639805][T13035] mem_cgroup_out_of_memory+0x128/0x150 [ 481.645391][T13035] try_charge+0xb6c/0xbf0 [ 481.649789][T13035] ? rcu_note_context_switch+0x720/0x760 [ 481.655442][T13035] mem_cgroup_try_charge+0xd2/0x260 [ 481.660644][T13035] mem_cgroup_try_charge_delay+0x3a/0x80 [ 481.666380][T13035] wp_page_copy+0x322/0x1040 [ 481.670967][T13035] ? __read_once_size+0x41/0xe0 [ 481.675926][T13035] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 481.681814][T13035] do_wp_page+0x192/0xeb0 [ 481.686154][T13035] ? __handle_mm_fault+0x1530/0x2e00 [ 481.691592][T13035] __handle_mm_fault+0x1d16/0x2e00 [ 481.696861][T13035] handle_mm_fault+0x21b/0x530 [ 481.701653][T13035] __get_user_pages+0x485/0x1130 [ 481.706600][T13035] populate_vma_page_range+0xe6/0x100 [ 481.711986][T13035] __mm_populate+0x168/0x2a0 [ 481.716632][T13035] __x64_sys_mlockall+0x2e3/0x320 [ 481.721679][T13035] do_syscall_64+0xcc/0x3a0 [ 481.726191][T13035] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 481.732083][T13035] RIP: 0033:0x45b349 [ 481.735980][T13035] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 481.755578][T13035] RSP: 002b:00007f8c5b458c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 481.763986][T13035] RAX: ffffffffffffffda RBX: 00007f8c5b4596d4 RCX: 000000000045b349 [ 481.771964][T13035] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 481.779938][T13035] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 481.788094][T13035] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 481.796173][T13035] R13: 0000000000000711 R14: 00000000004c8888 R15: 000000000075bfd4 [ 481.807026][T13035] memory: usage 307200kB, limit 307200kB, failcnt 4751 [ 481.814029][T13035] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 481.820972][T13035] Memory cgroup stats for /syz1: [ 481.821760][T13035] anon 305819648 [ 481.821760][T13035] file 0 [ 481.821760][T13035] kernel_stack 368640 [ 481.821760][T13035] slab 4014080 [ 481.821760][T13035] sock 0 [ 481.821760][T13035] shmem 0 [ 481.821760][T13035] file_mapped 0 [ 481.821760][T13035] file_dirty 0 [ 481.821760][T13035] file_writeback 0 [ 481.821760][T13035] anon_thp 251658240 [ 481.821760][T13035] inactive_anon 181280768 [ 481.821760][T13035] active_anon 13418496 [ 481.821760][T13035] inactive_file 0 [ 481.821760][T13035] active_file 0 [ 481.821760][T13035] unevictable 111042560 [ 481.821760][T13035] slab_reclaimable 675840 [ 481.821760][T13035] slab_unreclaimable 3338240 [ 481.821760][T13035] pgfault 160347 [ 481.821760][T13035] pgmajfault 0 [ 481.821760][T13035] workingset_refault 33 [ 481.821760][T13035] workingset_activate 0 [ 481.821760][T13035] workingset_nodereclaim 0 [ 481.821760][T13035] pgrefill 265 [ 481.821760][T13035] pgscan 330 [ 481.821760][T13035] pgsteal 66 [ 481.916280][T13035] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=12990,uid=0 [ 481.932210][T13035] Memory cgroup out of memory: Killed process 12990 (syz-executor.1) total-vm:72716kB, anon-rss:18248kB, file-rss:54368kB, shmem-rss:0kB, UID:0 pgtables:192512kB oom_score_adj:1000 [ 481.952200][ T1066] oom_reaper: reaped process 12990 (syz-executor.1), now anon-rss:18332kB, file-rss:54364kB, shmem-rss:0kB 10:21:38 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) sched_setattr(0x0, 0x0, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) openat$snapshot(0xffffffffffffff9c, 0x0, 0x288000, 0x0) syz_open_dev$audion(&(0x7f0000000240)='/dev/audio#\x00', 0x9, 0x200840) dup(r1) ioctl$RTC_VL_READ(r1, 0x80047013, &(0x7f00000000c0)) exit(0x7) write$binfmt_script(0xffffffffffffffff, &(0x7f00000003c0)={'#! ', './file0', [{0x20, '/dev/kvm\x00'}, {}, {}, {0x20, 'proc'}], 0xa, "df7c00e09c916729334fbe57a726284a85ae23e7eb165a0922b020a14afa53fc919ed5b5820a609af38acfc21c2cacee2f808e60eafcd3ec51fdb7f62ca135bbf86f9c1bbf9c23db4038c329b0e8d63563439cf1b94606299a6c503abe926decd68a7e671c7dfcc4125e9888fbc8ce452b52"}, 0x8e) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) r2 = syz_open_dev$amidi(&(0x7f0000000280)='/dev/amidi#\x00', 0xaf, 0x428240) ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(r2, 0xc080661a, &(0x7f00000002c0)={{0x2, 0x0, @identifier="8cff7fc81ac6de7927c1c322084eaabd"}}) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) r3 = syz_open_procfs(0x0, &(0x7f0000000180)='net/softnet_stat\x00') close(r3) ioctl$BINDER_GET_NODE_INFO_FOR_REF(0xffffffffffffffff, 0xc018620c, &(0x7f0000000180)={0x2}) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) dup(r4) open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, &(0x7f0000000100)={{0x7f, 0x3, 0x7, 0xa59e}, 'syz0\x00', 0x37}) 10:21:38 executing program 2: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0)='NLBL_CIPSOv4\x00') socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000300)) sendmsg$NLBL_CIPSOV4_C_REMOVE(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000240), 0xc, 0x0, 0x1, 0x0, 0x0, 0x40004}, 0x0) sendmsg$NLBL_CIPSOV4_C_LIST(0xffffffffffffffff, &(0x7f00000006c0)={&(0x7f0000000340), 0xc, 0x0}, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$DRM_IOCTL_WAIT_VBLANK(0xffffffffffffffff, 0xc018643a, &(0x7f0000000440)={0x0, 0x7, 0x36}) setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000480)={0x0, @rand_addr, @local}, 0xc) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000001940)='/dev/qat_adf_ctl\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYRES16=0x0], 0x1}}, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$KVM_NMI(r4, 0xae9a) ioctl$KVM_SET_REGS(r4, 0x4090ae82, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 10:21:38 executing program 0: r0 = timerfd_create(0x0, 0x0) readv(0xffffffffffffffff, &(0x7f0000000080)=[{&(0x7f0000000200)=""/4096, 0x1000}], 0x1) timerfd_settime(r0, 0x0, &(0x7f00000000c0)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x387b1d0849878266, 0x8031, 0xffffffffffffffff, 0x0) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pkey_mprotect(&(0x7f00002d5000/0x1000)=nil, 0x1000, 0x0, 0xffffffffffffffff) pkey_free(0xffffffffffffffff) 10:21:38 executing program 5: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000b80)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00') r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) sendfile(r2, r1, 0x0, 0x209) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) r3 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r3, 0x800) lseek(r3, 0x0, 0x0) r4 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00') r5 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) sendfile(r5, r4, 0x0, 0x209) unshare(0x20400) r6 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00') r7 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) sendfile(r7, r6, 0x0, 0x209) getitimer(0x2, 0x0) r8 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r3, r8, 0x0, 0x8400fffffffa) 10:21:38 executing program 4: r0 = timerfd_create(0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)) timerfd_settime(r0, 0x0, &(0x7f00000000c0)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x387b1d0849878266, 0x8031, 0xffffffffffffffff, 0x0) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pkey_mprotect(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 10:21:38 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = socket$inet_udp(0x2, 0x2, 0x0) write$binfmt_elf32(r3, &(0x7f0000000400)=ANY=[@ANYRESOCT=0x0], 0x17) r5 = socket$inet(0x2, 0x3, 0x83) bind$inet(r4, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$inet_int(r5, 0x0, 0x3, &(0x7f0000000140)=0x7ff, 0x4) connect$inet(r4, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) setsockopt$SO_TIMESTAMPING(r4, 0x1, 0x41, &(0x7f0000000000)=0x440, 0x4) splice(r2, 0x0, r4, 0x0, 0x10005, 0x0) 10:21:38 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = socket$inet_udp(0x2, 0x2, 0x0) write$binfmt_elf32(r3, &(0x7f0000000400)=ANY=[@ANYRESOCT=0x0], 0x17) r5 = socket$inet(0x2, 0x3, 0x83) bind$inet(r4, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$inet_int(r5, 0x0, 0x3, &(0x7f0000000140)=0x7ff, 0x4) connect$inet(r4, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) setsockopt$SO_TIMESTAMPING(r4, 0x1, 0x41, &(0x7f0000000000)=0x440, 0x4) splice(r2, 0x0, r4, 0x0, 0x10005, 0x0) 10:21:38 executing program 2: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0)='NLBL_CIPSOv4\x00') socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000300)) sendmsg$NLBL_CIPSOV4_C_REMOVE(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000240), 0xc, 0x0, 0x1, 0x0, 0x0, 0x40004}, 0x0) sendmsg$NLBL_CIPSOV4_C_LIST(0xffffffffffffffff, &(0x7f00000006c0)={&(0x7f0000000340), 0xc, 0x0}, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$DRM_IOCTL_WAIT_VBLANK(0xffffffffffffffff, 0xc018643a, &(0x7f0000000440)={0x0, 0x7, 0x36}) setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000480)={0x0, @rand_addr, @local}, 0xc) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000001940)='/dev/qat_adf_ctl\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYRES16=0x0], 0x1}}, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$KVM_NMI(r4, 0xae9a) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) [ 482.466279][T13048] attempt to access beyond end of device [ 482.477865][T13048] loop5: rw=2049, want=81, limit=63 [ 482.502686][T13058] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 482.542447][T13058] CPU: 0 PID: 13058 Comm: syz-executor.1 Not tainted 5.5.0-rc1-syzkaller #0 [ 482.551301][T13058] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 482.561620][T13058] Call Trace: [ 482.564925][T13058] dump_stack+0x11d/0x181 [ 482.569273][T13058] dump_header+0xaa/0x39c [ 482.573749][T13058] oom_kill_process.cold+0x10/0x15 [ 482.578888][T13058] out_of_memory+0x231/0xa60 [ 482.583497][T13058] ? __rcu_read_unlock+0x66/0x3d0 [ 482.588621][T13058] mem_cgroup_out_of_memory+0x128/0x150 [ 482.594294][T13058] try_charge+0xb6c/0xbf0 [ 482.598678][T13058] ? rcu_note_context_switch+0x720/0x760 [ 482.605230][T13058] mem_cgroup_try_charge+0xd2/0x260 [ 482.610460][T13058] mem_cgroup_try_charge_delay+0x3a/0x80 [ 482.616140][T13058] __handle_mm_fault+0x197f/0x2e00 [ 482.621320][T13058] handle_mm_fault+0x21b/0x530 [ 482.626101][T13058] __get_user_pages+0x485/0x1130 [ 482.631085][T13058] populate_vma_page_range+0xe6/0x100 [ 482.636502][T13058] __mm_populate+0x168/0x2a0 10:21:39 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = socket$inet_udp(0x2, 0x2, 0x0) write$binfmt_elf32(r3, &(0x7f0000000400)=ANY=[@ANYRESOCT=0x0], 0x17) r5 = socket$inet(0x2, 0x3, 0x83) bind$inet(r4, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$inet_int(r5, 0x0, 0x3, &(0x7f0000000140)=0x7ff, 0x4) connect$inet(r4, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) setsockopt$SO_TIMESTAMPING(r4, 0x1, 0x41, &(0x7f0000000000)=0x440, 0x4) splice(r2, 0x0, r4, 0x0, 0x10005, 0x0) [ 482.641122][T13058] __x64_sys_mlockall+0x2e3/0x320 [ 482.646410][T13058] do_syscall_64+0xcc/0x3a0 [ 482.650943][T13058] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 482.656886][T13058] RIP: 0033:0x45b349 [ 482.660889][T13058] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 482.680835][T13058] RSP: 002b:00007f8c5b479c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 482.689270][T13058] RAX: ffffffffffffffda RBX: 00007f8c5b47a6d4 RCX: 000000000045b349 [ 482.697331][T13058] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 482.705327][T13058] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 482.713332][T13058] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 482.721359][T13058] R13: 0000000000000711 R14: 00000000004c8888 R15: 000000000075bf2c [ 482.735016][T13048] attempt to access beyond end of device 10:21:39 executing program 4: r0 = timerfd_create(0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)) timerfd_settime(r0, 0x0, &(0x7f00000000c0)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x387b1d0849878266, 0x8031, 0xffffffffffffffff, 0x0) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pkey_mprotect(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) [ 482.740689][T13048] loop5: rw=2049, want=78, limit=63 [ 482.757260][T13048] Buffer I/O error on dev loop5, logical block 77, lost async page write 10:21:39 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) close(0xffffffffffffffff) write$binfmt_elf32(r3, &(0x7f0000000400)=ANY=[@ANYRESOCT=0x0], 0x17) r4 = socket$inet(0x2, 0x3, 0x83) bind$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$inet_int(r4, 0x0, 0x3, &(0x7f0000000140)=0x7ff, 0x4) connect$inet(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x41, &(0x7f0000000000)=0x440, 0x4) splice(r2, 0x0, 0xffffffffffffffff, 0x0, 0x10005, 0x0) [ 482.785700][ T27] audit: type=1804 audit(1579602099.276:51): pid=13048 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir241202061/syzkaller.eVV3we/13/file0/bus" dev="loop5" ino=58 res=1 [ 482.814763][T13048] attempt to access beyond end of device [ 482.827518][T13048] loop5: rw=0, want=78, limit=63 [ 482.840611][T13048] Buffer I/O error on dev loop5, logical block 77, async page read 10:21:39 executing program 5: mkdir(&(0x7f0000000180)='./bus\x00', 0x0) creat(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mount$overlay(0x400002, &(0x7f0000000000)='./bus\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f0000000280)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './bus'}}, {@workdir={'workdir', 0x3d, './file0'}}]}) mount$overlay(0x400302, &(0x7f0000000000)='./bus\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './bus'}}, {@workdir={'workdir', 0x3d, './file0'}}]}) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x10, 0xffffffffffffffff, 0x0) lstat(&(0x7f0000000040)='./bus/file0\x00', 0x0) chdir(&(0x7f00000002c0)='./bus\x00') creat(&(0x7f00000001c0)='./file0\x00', 0x0) [ 483.133439][T13058] memory: usage 307200kB, limit 307200kB, failcnt 4769 [ 483.140594][T13058] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 483.190254][T13058] Memory cgroup stats for /syz1: [ 483.190463][T13058] anon 305799168 [ 483.190463][T13058] file 0 [ 483.190463][T13058] kernel_stack 368640 [ 483.190463][T13058] slab 4014080 [ 483.190463][T13058] sock 0 [ 483.190463][T13058] shmem 0 [ 483.190463][T13058] file_mapped 0 [ 483.190463][T13058] file_dirty 0 [ 483.190463][T13058] file_writeback 0 [ 483.190463][T13058] anon_thp 251658240 [ 483.190463][T13058] inactive_anon 189194240 [ 483.190463][T13058] active_anon 13398016 [ 483.190463][T13058] inactive_file 0 [ 483.190463][T13058] active_file 0 [ 483.190463][T13058] unevictable 103333888 [ 483.190463][T13058] slab_reclaimable 675840 [ 483.190463][T13058] slab_unreclaimable 3338240 [ 483.190463][T13058] pgfault 161040 [ 483.190463][T13058] pgmajfault 0 [ 483.190463][T13058] workingset_refault 33 [ 483.190463][T13058] workingset_activate 0 [ 483.190463][T13058] workingset_nodereclaim 0 [ 483.190463][T13058] pgrefill 265 [ 483.190463][T13058] pgscan 330 [ 483.190463][T13058] pgsteal 66 [ 483.336378][T13084] overlayfs: upperdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection. [ 483.426440][T13058] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=13036,uid=0 [ 483.465191][T13058] Memory cgroup out of memory: Killed process 13036 (syz-executor.1) total-vm:72716kB, anon-rss:18332kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:151552kB oom_score_adj:1000 [ 483.499565][ T1066] oom_reaper: reaped process 13036 (syz-executor.1), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 483.927975][T13092] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 483.941055][T13092] CPU: 0 PID: 13092 Comm: syz-executor.1 Not tainted 5.5.0-rc1-syzkaller #0 [ 483.949867][T13092] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 483.959941][T13092] Call Trace: [ 483.963292][T13092] dump_stack+0x11d/0x181 [ 483.967626][T13092] dump_header+0xaa/0x39c [ 483.972071][T13092] oom_kill_process.cold+0x10/0x15 [ 483.977288][T13092] out_of_memory+0x231/0xa60 [ 483.981875][T13092] ? __rcu_read_unlock+0x66/0x3d0 [ 483.987021][T13092] mem_cgroup_out_of_memory+0x128/0x150 [ 483.992584][T13092] try_charge+0xb6c/0xbf0 [ 483.997713][T13092] ? rcu_note_context_switch+0x720/0x760 [ 484.003402][T13092] mem_cgroup_try_charge+0xd2/0x260 [ 484.008616][T13092] mem_cgroup_try_charge_delay+0x3a/0x80 [ 484.014273][T13092] wp_page_copy+0x322/0x1040 [ 484.018863][T13092] ? __read_once_size+0x41/0xe0 [ 484.023827][T13092] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 484.029762][T13092] do_wp_page+0x192/0xeb0 [ 484.034132][T13092] ? pagevec_lru_move_fn+0x16b/0x180 [ 484.039453][T13092] __handle_mm_fault+0x1d16/0x2e00 [ 484.044700][T13092] handle_mm_fault+0x21b/0x530 [ 484.049474][T13092] __get_user_pages+0x485/0x1130 [ 484.054423][T13092] populate_vma_page_range+0xe6/0x100 [ 484.059841][T13092] __mm_populate+0x168/0x2a0 [ 484.064433][T13092] __x64_sys_mlockall+0x2e3/0x320 [ 484.069450][T13092] do_syscall_64+0xcc/0x3a0 [ 484.074013][T13092] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 484.079987][T13092] RIP: 0033:0x45b349 [ 484.083914][T13092] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 484.103520][T13092] RSP: 002b:00007f8c5b458c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 484.111979][T13092] RAX: ffffffffffffffda RBX: 00007f8c5b4596d4 RCX: 000000000045b349 [ 484.119987][T13092] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 484.128009][T13092] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 484.136032][T13092] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 484.144052][T13092] R13: 0000000000000711 R14: 00000000004c8888 R15: 000000000075bfd4 [ 484.154326][T13092] memory: usage 307200kB, limit 307200kB, failcnt 4815 [ 484.161297][T13092] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 484.168485][T13092] Memory cgroup stats for /syz1: [ 484.169477][T13092] anon 305819648 [ 484.169477][T13092] file 0 [ 484.169477][T13092] kernel_stack 368640 [ 484.169477][T13092] slab 4014080 [ 484.169477][T13092] sock 0 [ 484.169477][T13092] shmem 0 [ 484.169477][T13092] file_mapped 0 [ 484.169477][T13092] file_dirty 0 [ 484.169477][T13092] file_writeback 0 [ 484.169477][T13092] anon_thp 251658240 [ 484.169477][T13092] inactive_anon 181460992 [ 484.169477][T13092] active_anon 13398016 [ 484.169477][T13092] inactive_file 0 [ 484.169477][T13092] active_file 0 [ 484.169477][T13092] unevictable 111046656 [ 484.169477][T13092] slab_reclaimable 675840 [ 484.169477][T13092] slab_unreclaimable 3338240 [ 484.169477][T13092] pgfault 162327 [ 484.169477][T13092] pgmajfault 0 [ 484.169477][T13092] workingset_refault 33 [ 484.169477][T13092] workingset_activate 0 [ 484.169477][T13092] workingset_nodereclaim 0 [ 484.169477][T13092] pgrefill 265 [ 484.169477][T13092] pgscan 330 [ 484.169477][T13092] pgsteal 66 [ 484.264657][T13092] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=13053,uid=0 [ 484.281845][T13092] Memory cgroup out of memory: Killed process 13053 (syz-executor.1) total-vm:72716kB, anon-rss:18248kB, file-rss:54368kB, shmem-rss:0kB, UID:0 pgtables:192512kB oom_score_adj:1000 [ 484.301274][ T1066] oom_reaper: reaped process 13053 (syz-executor.1), now anon-rss:18332kB, file-rss:54364kB, shmem-rss:0kB 10:21:41 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) sched_setattr(0x0, 0x0, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) openat$snapshot(0xffffffffffffff9c, 0x0, 0x288000, 0x0) syz_open_dev$audion(&(0x7f0000000240)='/dev/audio#\x00', 0x9, 0x200840) dup(r1) ioctl$RTC_VL_READ(r1, 0x80047013, &(0x7f00000000c0)) exit(0x7) write$binfmt_script(0xffffffffffffffff, &(0x7f00000003c0)={'#! ', './file0', [{0x20, '/dev/kvm\x00'}, {}, {}, {0x20, 'proc'}], 0xa, "df7c00e09c916729334fbe57a726284a85ae23e7eb165a0922b020a14afa53fc919ed5b5820a609af38acfc21c2cacee2f808e60eafcd3ec51fdb7f62ca135bbf86f9c1bbf9c23db4038c329b0e8d63563439cf1b94606299a6c503abe926decd68a7e671c7dfcc4125e9888fbc8ce452b52"}, 0x8e) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) r2 = syz_open_dev$amidi(&(0x7f0000000280)='/dev/amidi#\x00', 0xaf, 0x428240) ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(r2, 0xc080661a, &(0x7f00000002c0)={{0x2, 0x0, @identifier="8cff7fc81ac6de7927c1c322084eaabd"}}) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) r3 = syz_open_procfs(0x0, &(0x7f0000000180)='net/softnet_stat\x00') close(r3) ioctl$BINDER_GET_NODE_INFO_FOR_REF(0xffffffffffffffff, 0xc018620c, &(0x7f0000000180)={0x2}) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) dup(r4) open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, &(0x7f0000000100)={{0x7f, 0x3, 0x7, 0xa59e}, 'syz0\x00', 0x37}) 10:21:41 executing program 2: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0)='NLBL_CIPSOv4\x00') socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000300)) sendmsg$NLBL_CIPSOV4_C_REMOVE(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000240), 0xc, 0x0, 0x1, 0x0, 0x0, 0x40004}, 0x0) sendmsg$NLBL_CIPSOV4_C_LIST(0xffffffffffffffff, &(0x7f00000006c0)={&(0x7f0000000340), 0xc, 0x0}, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$DRM_IOCTL_WAIT_VBLANK(0xffffffffffffffff, 0xc018643a, &(0x7f0000000440)={0x0, 0x7, 0x36}) setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000480)={0x0, @rand_addr, @local}, 0xc) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000001940)='/dev/qat_adf_ctl\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYRES16=0x0], 0x1}}, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$KVM_NMI(r4, 0xae9a) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 10:21:41 executing program 0: r0 = timerfd_create(0x0, 0x0) readv(0xffffffffffffffff, &(0x7f0000000080)=[{&(0x7f0000000200)=""/4096, 0x1000}], 0x1) timerfd_settime(r0, 0x0, &(0x7f00000000c0)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x387b1d0849878266, 0x8031, 0xffffffffffffffff, 0x0) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pkey_mprotect(&(0x7f00002d5000/0x1000)=nil, 0x1000, 0x0, 0xffffffffffffffff) pkey_free(0xffffffffffffffff) 10:21:41 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) close(0xffffffffffffffff) write$binfmt_elf32(r3, &(0x7f0000000400)=ANY=[@ANYRESOCT=0x0], 0x17) r4 = socket$inet(0x2, 0x3, 0x83) bind$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$inet_int(r4, 0x0, 0x3, &(0x7f0000000140)=0x7ff, 0x4) connect$inet(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x41, &(0x7f0000000000)=0x440, 0x4) splice(r2, 0x0, 0xffffffffffffffff, 0x0, 0x10005, 0x0) 10:21:41 executing program 4: r0 = timerfd_create(0x0, 0x0) readv(r0, &(0x7f0000000080)=[{&(0x7f0000000200)=""/4096, 0x1000}], 0x1) timerfd_settime(r0, 0x0, &(0x7f00000000c0)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x387b1d0849878266, 0x8031, 0xffffffffffffffff, 0x0) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pkey_mprotect(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 10:21:41 executing program 5: r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @empty}, 0x1c) r1 = socket$netlink(0x10, 0x3, 0x8000000004) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0xe22, 0x0, @empty}, 0x1c) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) writev(r1, &(0x7f00000001c0)=[{&(0x7f0000000280)="580000001500add427323b4735ffb45602117fffffff81000e22000d00ff0028925aa80020007b00090080000efffeffe809000000ff0000f03ac7100003ffffffffffffffffffffffe7ee00000000000000000200000000", 0x58}], 0x1) 10:21:41 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) close(0xffffffffffffffff) write$binfmt_elf32(r3, &(0x7f0000000400)=ANY=[@ANYRESOCT=0x0], 0x17) r4 = socket$inet(0x2, 0x3, 0x83) bind$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$inet_int(r4, 0x0, 0x3, &(0x7f0000000140)=0x7ff, 0x4) connect$inet(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x41, &(0x7f0000000000)=0x440, 0x4) splice(r2, 0x0, 0xffffffffffffffff, 0x0, 0x10005, 0x0) 10:21:41 executing program 5: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x56b1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000016000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fec68cb7d18ad181867514fe60077d4dd90123d27e7cf43548ee85857ad4a77cb56e0fcb3dfd4e70ebec677d60900000094f72cbf5fe31789e70227bfd8115efd90c8c48258f8dbe82e16cf0000000000000000000000000000000000000000000000000000790ae2fd45d54b107c8c247f195e32f13799d6707432ff48bc085760314166443ce72c74f3db890e1ff15a10d91f27e9a232fe3838fff867ba8fd41b29caad2a986e0e244bd117252647ffda1a869db7e632df4de857ff000000c45c2170fe873692d8255170c16822bdffd3135480dae93c7e33bdef00000000d8fd8c79a5d0967ab7e43686b4d1e03e326beea7905ef7de375ef8bc8143df20d13c37db269971210fab7071cc3094078a044777aab9d86cf50afefd7b72a0950d389bc9cb43aa607b7269561dd50b22bd242ac8c3249582a20d4e04fd1ab7883f656b84137d5f7a6edba86a7b9a4c2f3b3a8abf93b280ea53ce01dcc2d30f4310e8281b0cdc017f9759060ea88a2f6597e966a85c9a74ca196700218f919746bb4b84c16fd56ee450e411d75ab7613b644ba7580b2a0942394ed1737517eed1c892422f54d5a2e1cf1a60fe2dcc1a465aa8d54cb4000053c3f01ea714a7bd96e4fc4b8d2c5a2d380ee55cbf6a9f1e9d39ba471a8651647473557121d6d22b466df7c26cadf5b9d9f8232703c50a91ce9e0af23abe67df82c0da8fb2cac6c07eb4303e"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x24f}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000140)={r0, 0x1800000000000060, 0xe80, 0xfffffffffffffe64, &(0x7f0000000100)="000e003f0000007e5bc5795eca05430800ffffffba000000ffff81", 0x0, 0x100, 0xf2ffffff, 0xfffffe0c, 0x212, &(0x7f0000000280)="f2a134bd13c7bd41a2a738ad8e7625ed330eb46063bd287d832698132e59ef45f8f50845c0ac85604b448e24348e4ae93e68238b7b9d561b349d19b5f5784e031c55c5a4e48926a1526e38640a161fab39732052ee83bc3b9cb625962f3eaf1ed426e6f0442693c16b0ab6a89a5738f5bccd6ae1492f8471a7afec6b", &(0x7f0000000380)="712ae01ebf877f139c8f1b0fcd056310bfa3de7157976d3ff4c82f2e0d1885774c5b7c7c853e5424fbf469ab0726e9f41208f98d20b093ddbb7f52e015b875cea2900b2443348cdf466c18cfae89ce96f0437cb21ca3703f0b94273c7500"/106}, 0x28) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cgroup.controllers\x00', 0x26e1, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x0) 10:21:41 executing program 2: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0)='NLBL_CIPSOv4\x00') socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000300)) sendmsg$NLBL_CIPSOV4_C_REMOVE(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000240), 0xc, 0x0, 0x1, 0x0, 0x0, 0x40004}, 0x0) sendmsg$NLBL_CIPSOV4_C_LIST(0xffffffffffffffff, &(0x7f00000006c0)={&(0x7f0000000340), 0xc, 0x0}, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$DRM_IOCTL_WAIT_VBLANK(0xffffffffffffffff, 0xc018643a, &(0x7f0000000440)={0x0, 0x7, 0x36}) setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000480)={0x0, @rand_addr, @local}, 0xc) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000001940)='/dev/qat_adf_ctl\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYRES16=0x0], 0x1}}, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$KVM_NMI(r4, 0xae9a) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) [ 485.018793][T13108] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 485.100876][T13108] CPU: 1 PID: 13108 Comm: syz-executor.1 Not tainted 5.5.0-rc1-syzkaller #0 [ 485.109643][T13108] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 485.120586][T13108] Call Trace: [ 485.124012][T13108] dump_stack+0x11d/0x181 [ 485.128371][T13108] dump_header+0xaa/0x39c [ 485.132814][T13108] oom_kill_process.cold+0x10/0x15 [ 485.137947][T13108] out_of_memory+0x231/0xa60 [ 485.143482][T13108] ? __rcu_read_unlock+0x66/0x3d0 [ 485.148556][T13108] mem_cgroup_out_of_memory+0x128/0x150 [ 485.154119][T13108] try_charge+0xb6c/0xbf0 [ 485.158525][T13108] ? rcu_note_context_switch+0x720/0x760 [ 485.164401][T13108] mem_cgroup_try_charge+0xd2/0x260 [ 485.170998][T13108] mem_cgroup_try_charge_delay+0x3a/0x80 [ 485.176693][T13108] __handle_mm_fault+0x197f/0x2e00 [ 485.181922][T13108] handle_mm_fault+0x21b/0x530 [ 485.186734][T13108] __get_user_pages+0x485/0x1130 [ 485.191803][T13108] populate_vma_page_range+0xe6/0x100 [ 485.197211][T13108] __mm_populate+0x168/0x2a0 [ 485.201826][T13108] __x64_sys_mlockall+0x2e3/0x320 [ 485.206893][T13108] do_syscall_64+0xcc/0x3a0 [ 485.211447][T13108] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 485.217394][T13108] RIP: 0033:0x45b349 [ 485.221316][T13108] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 485.241085][T13108] RSP: 002b:00007f8c5b479c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 485.249544][T13108] RAX: ffffffffffffffda RBX: 00007f8c5b47a6d4 RCX: 000000000045b349 [ 485.257526][T13108] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 485.265537][T13108] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 485.273601][T13108] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 485.281814][T13108] R13: 0000000000000711 R14: 00000000004c8888 R15: 000000000075bf2c 10:21:41 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_elf32(0xffffffffffffffff, &(0x7f0000000400)=ANY=[@ANYRESOCT=0x0], 0x17) r3 = socket$inet(0x2, 0x3, 0x83) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$inet_int(r3, 0x0, 0x3, &(0x7f0000000140)=0x7ff, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x41, &(0x7f0000000000)=0x440, 0x4) splice(0xffffffffffffffff, 0x0, r2, 0x0, 0x10005, 0x0) 10:21:41 executing program 2: bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x0, 0x4, &(0x7f0000000100)=ANY=[@ANYBLOB="18000000018000000008000005000000d944ece1f0ffffff18290000", @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) bpf$BPF_PROG_GET_FD_BY_ID(0xd, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000700)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fec68cb7d18ad181867514fe60077d4dd90123d27e7cf43548ee85857ad4a77cb56e0fcb3dfd4e70ebec677d6ac14c2c794f72cbf5fe31789e70227bfd8115efd90c8c48258f8dbe82e16cf0000000000000000000000000000000000000000000000000000790ae2fd00004b107c8c8a14195e32f13799d6707432ff48bc085760314166443ce72c74f3db890e1ff15a10d91f27e9a232fe2238fff867ba8fd41b29caad2a986e0e244bd11747ffda1a869db7e632df4de8572344b419c45c2170fe873692d8255170c16822bdffd3135480dae93c7e33bdef00000000d8fd8c79a5d0967ab7e43686b4d1e03e326beea79058f7de375ef8bc8143df20d13c37db269971210fab7071cc3094078a044777aab9d86cf50afefd7b72a0950d381dd50b22bd2491331818a10f2ac8c3249582a20d4e04fd1ab7883f656b84137d5f7a6edba86a7b9a4c2f3b3a8abfb280ea53ce01dcc2d30f4310e8281b0cdc017f9759060ea88a2f6597e966a85c9a74ca196700218f919746bb4b84c16fd56ee450e411d75ab7613b644ba7580b2a0942394ed1737517eed1c892422f54d5a2e1cf1a60fe2dcc1a465aa8d54cb4000053c3f01ea714a7bd4fad615ff6e2991589bbdd1ae0d1bce65c620c4a2527a82afe16e019a5e0b5ec1b1b8aafba090000c3630488edcc4a8cbd3246e962b773a75b28a51cd09cbcb3577fea6f1e9fe8cd2b532c084cbd051b4aeaf0e716b256acf183d8e55580a678c664813354f14a453b093948d49bca31a7170419bb1d32f256ff3010e69b2f0482c63ab78a74dec8b1b4d083c897b42cebf0d9391908bb1953612eb12a471e02bcce75741088d1b4e79511d3408bb130e02671a95a22a1be53969118bd899f3c233b"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x24f}, 0x48) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x107, 0xf, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000140)={r0, 0x6e, 0xe80, 0xfffffe6f, &(0x7f0000000100)="480e003f0000007e5bc5795eca00000800ffffffba0000f0ffff81", 0x0, 0x100, 0xf2ffffff, 0xfffffe0c, 0x212, &(0x7f0000000280)="f2a134bd13c7bd41a2a738ad8e7625ed330eb46063bd287d832698132e59ef45f8f50845c0ac85604b448e24348e4ae93e68238b7b9d561b349d19b5f5784e031c55c5a4e48926a1526e38640a161fab39732052ee83bc3b9cb625962f3eaf1ed426e6f0442693c16b0ab6a89a5738f5bccd6ae1492f8471a7afec6b", &(0x7f0000000380)="712ae01ebf877f139c8f1b0fcd056310bfa3de7157976d3ff4c82f2e0d1885774c5b7c7c853e5424fbf469ab0726e9f41208f98d20b093ddbb7f52e015b875cea2900b2443348cdf466c18cfae89ce96f0437cb21ca3703f0b94273c7500"/106}, 0x28) 10:21:42 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000340)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r0, &(0x7f0000000200), 0x400086) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cgroup.stat\x00', 0x26e1, 0x0) r2 = socket$kcm(0x2, 0x2, 0x0) setsockopt$sock_attach_bpf(r2, 0x1, 0x3e, 0x0, 0x0) ioctl$TUNATTACHFILTER(0xffffffffffffffff, 0x401054d5, &(0x7f00000004c0)={0x1, &(0x7f0000000480)=[{0x0, 0x9, 0x4, 0x80000001}]}) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpid() r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000340)='memory.events\x00', 0x7a05, 0x1700) ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40086602, &(0x7f0000000040)) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000340)='pids.current\x00', 0x26e1, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x4}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000540), 0xc) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000500)={0xffffffffffffffff, 0x0, 0x0}, 0x10) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000100)={0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0}, 0x30) ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x401c5820, &(0x7f0000000040)) close(r1) socket$kcm(0x2b, 0xf, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={0xffffffffffffffff, 0x0, 0x42, 0x0, &(0x7f0000000200)="e460cdfbef24080000000a9386dd6a00000000072feb3014cd3ec8a755c1e1380081ffad000000e8d5000000010000001400000500242b09880bd320d98a61a90057", 0x0, 0x401}, 0x40) r4 = perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x6, 0xfa, 0x44, 0x0, 0x0, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x3, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x4, @perf_bp={&(0x7f0000000080)}, 0x20, 0x4, 0x7, 0x0, 0x10001, 0x0, 0x8}, 0xffffffffffffffff, 0x6, 0xffffffffffffffff, 0x10) perf_event_open(0x0, 0xffffffffffffffff, 0xb, r4, 0x0) socket$kcm(0x29, 0x5, 0x0) [ 485.677114][T13133] batman_adv: batadv0: adding TT local entry ba:00:00:f0:ff:ff to non-existent VLAN 4095 [ 485.702587][T13108] memory: usage 307200kB, limit 307200kB, failcnt 4834 [ 485.710286][T13108] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 485.719065][T13133] batman_adv: batadv0: adding TT local entry ba:00:00:f0:ff:ff to non-existent VLAN 4095 [ 485.729126][T13108] Memory cgroup stats for /syz1: [ 485.729316][T13108] anon 305700864 [ 485.729316][T13108] file 0 [ 485.729316][T13108] kernel_stack 331776 [ 485.729316][T13108] slab 4292608 [ 485.729316][T13108] sock 0 [ 485.729316][T13108] shmem 0 [ 485.729316][T13108] file_mapped 0 [ 485.729316][T13108] file_dirty 0 [ 485.729316][T13108] file_writeback 0 [ 485.729316][T13108] anon_thp 251658240 [ 485.729316][T13108] inactive_anon 189349888 [ 485.729316][T13108] active_anon 13438976 [ 485.729316][T13108] inactive_file 0 [ 485.729316][T13108] active_file 0 [ 485.729316][T13108] unevictable 103198720 [ 485.729316][T13108] slab_reclaimable 811008 [ 485.729316][T13108] slab_unreclaimable 3481600 [ 485.729316][T13108] pgfault 162987 [ 485.729316][T13108] pgmajfault 0 [ 485.729316][T13108] workingset_refault 33 [ 485.729316][T13108] workingset_activate 0 [ 485.729316][T13108] workingset_nodereclaim 0 [ 485.729316][T13108] pgrefill 265 [ 485.729316][T13108] pgscan 330 [ 485.729316][T13108] pgsteal 66 [ 485.833729][T13108] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=13093,uid=0 [ 485.837117][T13133] batman_adv: batadv0: adding TT local entry ba:00:00:f0:ff:ff to non-existent VLAN 4095 [ 485.849477][T13108] Memory cgroup out of memory: Killed process 13093 (syz-executor.1) total-vm:72716kB, anon-rss:18332kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:151552kB oom_score_adj:1000 [ 485.965632][T13133] batman_adv: batadv0: adding TT local entry ba:00:00:f0:ff:ff to non-existent VLAN 4095 [ 485.995416][T13133] batman_adv: batadv0: adding TT local entry ba:00:00:f0:ff:ff to non-existent VLAN 4095 [ 486.026410][T13133] batman_adv: batadv0: adding TT local entry ba:00:00:f0:ff:ff to non-existent VLAN 4095 [ 486.065436][T13133] batman_adv: batadv0: adding TT local entry ba:00:00:f0:ff:ff to non-existent VLAN 4095 [ 486.075506][T13133] batman_adv: batadv0: adding TT local entry ba:00:00:f0:ff:ff to non-existent VLAN 4095 [ 486.092597][T13133] batman_adv: batadv0: adding TT local entry ba:00:00:f0:ff:ff to non-existent VLAN 4095 [ 486.122536][T13133] batman_adv: batadv0: adding TT local entry ba:00:00:f0:ff:ff to non-existent VLAN 4095 [ 486.470710][T13143] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 486.481297][T13143] CPU: 1 PID: 13143 Comm: syz-executor.1 Not tainted 5.5.0-rc1-syzkaller #0 [ 486.490052][T13143] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 486.500183][T13143] Call Trace: [ 486.503528][T13143] dump_stack+0x11d/0x181 [ 486.508643][T13143] dump_header+0xaa/0x39c [ 486.512982][T13143] oom_kill_process.cold+0x10/0x15 [ 486.518310][T13143] out_of_memory+0x231/0xa60 [ 486.523064][T13143] ? __rcu_read_unlock+0x66/0x3d0 [ 486.528103][T13143] mem_cgroup_out_of_memory+0x128/0x150 [ 486.533684][T13143] try_charge+0xb6c/0xbf0 [ 486.539140][T13143] ? rcu_note_context_switch+0x720/0x760 [ 486.544944][T13143] mem_cgroup_try_charge+0xd2/0x260 [ 486.550164][T13143] mem_cgroup_try_charge_delay+0x3a/0x80 [ 486.555786][T13143] wp_page_copy+0x322/0x1040 [ 486.560421][T13143] ? apic_timer_interrupt+0xa/0x20 [ 486.565618][T13143] ? __read_once_size+0x41/0xe0 [ 486.570460][T13143] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 486.576660][T13143] do_wp_page+0x192/0xeb0 [ 486.581016][T13143] __handle_mm_fault+0x1d16/0x2e00 [ 486.586251][T13143] ? apic_timer_interrupt+0xa/0x20 [ 486.591388][T13143] handle_mm_fault+0x21b/0x530 [ 486.596152][T13143] __get_user_pages+0x485/0x1130 [ 486.601106][T13143] populate_vma_page_range+0xe6/0x100 [ 486.606554][T13143] __mm_populate+0x168/0x2a0 [ 486.611194][T13143] __x64_sys_mlockall+0x2e3/0x320 [ 486.616430][T13143] do_syscall_64+0xcc/0x3a0 [ 486.621021][T13143] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 486.626903][T13143] RIP: 0033:0x45b349 [ 486.631455][T13143] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 486.651261][T13143] RSP: 002b:00007f8c5b458c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 486.659839][T13143] RAX: ffffffffffffffda RBX: 00007f8c5b4596d4 RCX: 000000000045b349 [ 486.667876][T13143] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 486.675869][T13143] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 486.683918][T13143] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 486.691890][T13143] R13: 0000000000000711 R14: 00000000004c8888 R15: 000000000075bfd4 [ 486.701220][T13143] memory: usage 307200kB, limit 307200kB, failcnt 4874 [ 486.708289][T13143] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 486.715301][T13143] Memory cgroup stats for /syz1: [ 486.716193][T13143] anon 305684480 [ 486.716193][T13143] file 0 [ 486.716193][T13143] kernel_stack 368640 [ 486.716193][T13143] slab 4292608 [ 486.716193][T13143] sock 0 [ 486.716193][T13143] shmem 0 [ 486.716193][T13143] file_mapped 0 [ 486.716193][T13143] file_dirty 0 [ 486.716193][T13143] file_writeback 0 [ 486.716193][T13143] anon_thp 251658240 [ 486.716193][T13143] inactive_anon 181342208 [ 486.716193][T13143] active_anon 13438976 [ 486.716193][T13143] inactive_file 0 [ 486.716193][T13143] active_file 0 [ 486.716193][T13143] unevictable 111046656 [ 486.716193][T13143] slab_reclaimable 811008 [ 486.716193][T13143] slab_unreclaimable 3481600 [ 486.716193][T13143] pgfault 164274 [ 486.716193][T13143] pgmajfault 0 [ 486.716193][T13143] workingset_refault 33 [ 486.716193][T13143] workingset_activate 0 [ 486.716193][T13143] workingset_nodereclaim 0 [ 486.716193][T13143] pgrefill 265 [ 486.716193][T13143] pgscan 330 [ 486.716193][T13143] pgsteal 66 [ 486.810667][T13143] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=13106,uid=0 [ 486.827322][T13143] Memory cgroup out of memory: Killed process 13106 (syz-executor.1) total-vm:72716kB, anon-rss:18332kB, file-rss:54368kB, shmem-rss:0kB, UID:0 pgtables:192512kB oom_score_adj:1000 [ 486.847899][ T1066] oom_reaper: reaped process 13106 (syz-executor.1), now anon-rss:18332kB, file-rss:54364kB, shmem-rss:0kB 10:21:43 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) sched_setattr(0x0, 0x0, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000200)='/dev/snapshot\x00', 0x0, 0x0) syz_open_dev$audion(&(0x7f0000000240)='/dev/audio#\x00', 0x9, 0x200840) dup(r1) ioctl$RTC_VL_READ(r1, 0x80047013, &(0x7f00000000c0)) exit(0x7) write$binfmt_script(0xffffffffffffffff, &(0x7f00000003c0)={'#! ', './file0', [{0x20, '/dev/kvm\x00'}, {}, {}, {0x20, 'proc'}], 0xa, "df7c00e09c916729334fbe57a726284a85ae23e7eb165a0922b020a14afa53fc919ed5b5820a609af38acfc21c2cacee2f808e60eafcd3ec51fdb7f62ca135bbf86f9c1bbf9c23db4038c329b0e8d63563439cf1b94606299a6c503abe926decd68a7e671c7dfcc4125e9888fbc8ce452b52"}, 0x8e) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) r2 = syz_open_dev$amidi(&(0x7f0000000280)='/dev/amidi#\x00', 0xaf, 0x428240) ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(r2, 0xc080661a, &(0x7f00000002c0)={{0x2, 0x0, @identifier="8cff7fc81ac6de7927c1c322084eaabd"}}) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) r3 = syz_open_procfs(0x0, &(0x7f0000000180)='net/softnet_stat\x00') close(r3) ioctl$BINDER_GET_NODE_INFO_FOR_REF(0xffffffffffffffff, 0xc018620c, &(0x7f0000000180)={0x2}) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) dup(r4) open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, &(0x7f0000000100)={{0x7f, 0x3, 0x7, 0xa59e}, 'syz0\x00', 0x37}) 10:21:43 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_elf32(0xffffffffffffffff, &(0x7f0000000400)=ANY=[@ANYRESOCT=0x0], 0x17) r3 = socket$inet(0x2, 0x3, 0x83) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$inet_int(r3, 0x0, 0x3, &(0x7f0000000140)=0x7ff, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x41, &(0x7f0000000000)=0x440, 0x4) splice(0xffffffffffffffff, 0x0, r2, 0x0, 0x10005, 0x0) 10:21:43 executing program 4: r0 = timerfd_create(0x0, 0x0) readv(r0, &(0x7f0000000080)=[{&(0x7f0000000200)=""/4096, 0x1000}], 0x1) timerfd_settime(r0, 0x0, &(0x7f00000000c0)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x387b1d0849878266, 0x8031, 0xffffffffffffffff, 0x0) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pkey_mprotect(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 10:21:43 executing program 0: r0 = timerfd_create(0x0, 0x0) readv(0xffffffffffffffff, &(0x7f0000000080)=[{&(0x7f0000000200)=""/4096, 0x1000}], 0x1) timerfd_settime(r0, 0x0, &(0x7f00000000c0)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x387b1d0849878266, 0x8031, 0xffffffffffffffff, 0x0) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pkey_mprotect(&(0x7f00002d5000/0x1000)=nil, 0x1000, 0x0, 0xffffffffffffffff) pkey_free(0xffffffffffffffff) 10:21:43 executing program 5: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x202, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x0, 0x4, &(0x7f0000000100)=ANY=[@ANYBLOB="18000000018000000008000005000000d944ece1f0ffffff18290000", @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) bpf$BPF_PROG_GET_FD_BY_ID(0xd, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000700)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fec68cb7d18ad181867514fe60077d4dd90123d27e7cf43548ee85857ad4a77cb56e0fcb3dfd4e70ebec677d6ac14c2c794f72cbf5fe31789e70227bfd8115efd90c8c48258f8dbe82e16cf0000000000000000000000000000000000000000000000000000790ae2fd00004b107c8c8a14195e32f13799d6707432ff48bc085760314166443ce72c74f3db890e1ff15a10d91f27e9a232fe2238fff867ba8fd41b29caad2a986e0e244bd11747ffda1a869db7e632df4de8572344b419c45c2170fe873692d8255170c16822bdffd3135480dae93c7e33bdef00000000d8fd8c79a5d0967ab7e43686b4d1e03e326beea79058f7de375ef8bc8143df20d13c37db269971210fab7071cc3094078a044777aab9d86cf50afefd7b72a0950d381dd50b22bd2491331818a10f2ac8c3249582a20d4e04fd1ab7883f656b84137d5f7a6edba86a7b9a4c2f3b3a8abfb280ea53ce01dcc2d30f4310e8281b0cdc017f9759060ea88a2f6597e966a85c9a74ca196700218f919746bb4b84c16fd56ee450e411d75ab7613b644ba7580b2a0942394ed1737517eed1c892422f54d5a2e1cf1a60fe2dcc1a465aa8d54cb4000053c3f01ea714a7bd4fad615ff6e2991589bbdd1ae0d1bce65c620c4a2527a82afe16e019a5e0b5ec1b1b8aafba090000c3630488edcc4a8cbd3246e962b773a75b28a51cd09cbcb3577fea6f1e9fe8cd2b532c084cbd051b4aeaf0e716b256acf183d8e55580a678c664813354f14a453b093948d49bca31a7170419bb1d32f256ff3010e69b2f0482c63ab78a74dec8b1b4d083c897b42cebf0d9391908bb1953612eb12a471e02bcce75741088d1b4e79511d3408bb130e02671a95a22a1be53969118bd899f3c233b"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x24f}, 0x48) r1 = socket$kcm(0x11, 0x0, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x107, 0xf, 0x0, 0x0) sendmsg$kcm(r1, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000140)={r0, 0x6e, 0xe80, 0xfffffe6f, &(0x7f0000000100)="480e003f0000007e5bc5795eca00000800ffffffba0000f0ffff81", 0x0, 0x100, 0xf2ffffff, 0xfffffe0c, 0x212, &(0x7f0000000280)="f2a134bd13c7bd41a2a738ad8e7625ed330eb46063bd287d832698132e59ef45f8f50845c0ac85604b448e24348e4ae93e68238b7b9d561b349d19b5f5784e031c55c5a4e48926a1526e38640a161fab39732052ee83bc3b9cb625962f3eaf1ed426e6f0442693c16b0ab6a89a5738f5bccd6ae1492f8471a7afec6b", &(0x7f0000000380)="712ae01ebf877f139c8f1b0fcd056310bfa3de7157976d3ff4c82f2e0d1885774c5b7c7c853e5424fbf469ab0726e9f41208f98d20b093ddbb7f52e015b875cea2900b2443348cdf466c18cfae89ce96f0437cb21ca3703f0b94273c7500"/106}, 0x28) 10:21:43 executing program 2: r0 = syz_open_dev$usbfs(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x4000000000000071, 0x28841) unshare(0x400) ioctl$USBDEVFS_CLEAR_HALT(r0, 0x80045510, &(0x7f0000000000)) 10:21:43 executing program 2: r0 = timerfd_create(0x0, 0x0) readv(r0, &(0x7f0000000080)=[{&(0x7f0000000200)=""/4096, 0x1000}], 0x1) timerfd_settime(r0, 0x0, &(0x7f00000000c0)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x387b1d0849878266, 0x8031, 0xffffffffffffffff, 0x0) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x4, 0x4, 0x4, 0xd}, 0x2c) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000100)={r1, 0x28, &(0x7f0000000080)={0x0, 0x0}}, 0x10) r3 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={r2, 0x0, 0x10}, 0xc) mmap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0x11, r3, 0x0) pkey_mprotect(&(0x7f00002d5000/0x1000)=nil, 0x1000, 0x0, 0xffffffffffffffff) 10:21:44 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_elf32(0xffffffffffffffff, &(0x7f0000000400)=ANY=[@ANYRESOCT=0x0], 0x17) r3 = socket$inet(0x2, 0x3, 0x83) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$inet_int(r3, 0x0, 0x3, &(0x7f0000000140)=0x7ff, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x41, &(0x7f0000000000)=0x440, 0x4) splice(0xffffffffffffffff, 0x0, r2, 0x0, 0x10005, 0x0) 10:21:44 executing program 5: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x202, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x0, 0x4, &(0x7f0000000100)=ANY=[@ANYBLOB="18000000018000000008000005000000d944ece1f0ffffff18290000", @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) bpf$BPF_PROG_GET_FD_BY_ID(0xd, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000700)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fec68cb7d18ad181867514fe60077d4dd90123d27e7cf43548ee85857ad4a77cb56e0fcb3dfd4e70ebec677d6ac14c2c794f72cbf5fe31789e70227bfd8115efd90c8c48258f8dbe82e16cf0000000000000000000000000000000000000000000000000000790ae2fd00004b107c8c8a14195e32f13799d6707432ff48bc085760314166443ce72c74f3db890e1ff15a10d91f27e9a232fe2238fff867ba8fd41b29caad2a986e0e244bd11747ffda1a869db7e632df4de8572344b419c45c2170fe873692d8255170c16822bdffd3135480dae93c7e33bdef00000000d8fd8c79a5d0967ab7e43686b4d1e03e326beea79058f7de375ef8bc8143df20d13c37db269971210fab7071cc3094078a044777aab9d86cf50afefd7b72a0950d381dd50b22bd2491331818a10f2ac8c3249582a20d4e04fd1ab7883f656b84137d5f7a6edba86a7b9a4c2f3b3a8abfb280ea53ce01dcc2d30f4310e8281b0cdc017f9759060ea88a2f6597e966a85c9a74ca196700218f919746bb4b84c16fd56ee450e411d75ab7613b644ba7580b2a0942394ed1737517eed1c892422f54d5a2e1cf1a60fe2dcc1a465aa8d54cb4000053c3f01ea714a7bd4fad615ff6e2991589bbdd1ae0d1bce65c620c4a2527a82afe16e019a5e0b5ec1b1b8aafba090000c3630488edcc4a8cbd3246e962b773a75b28a51cd09cbcb3577fea6f1e9fe8cd2b532c084cbd051b4aeaf0e716b256acf183d8e55580a678c664813354f14a453b093948d49bca31a7170419bb1d32f256ff3010e69b2f0482c63ab78a74dec8b1b4d083c897b42cebf0d9391908bb1953612eb12a471e02bcce75741088d1b4e79511d3408bb130e02671a95a22a1be53969118bd899f3c233b"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x24f}, 0x48) r1 = socket$kcm(0x11, 0x0, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x107, 0xf, 0x0, 0x0) sendmsg$kcm(r1, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000140)={r0, 0x6e, 0xe80, 0xfffffe6f, &(0x7f0000000100)="480e003f0000007e5bc5795eca00000800ffffffba0000f0ffff81", 0x0, 0x100, 0xf2ffffff, 0xfffffe0c, 0x212, &(0x7f0000000280)="f2a134bd13c7bd41a2a738ad8e7625ed330eb46063bd287d832698132e59ef45f8f50845c0ac85604b448e24348e4ae93e68238b7b9d561b349d19b5f5784e031c55c5a4e48926a1526e38640a161fab39732052ee83bc3b9cb625962f3eaf1ed426e6f0442693c16b0ab6a89a5738f5bccd6ae1492f8471a7afec6b", &(0x7f0000000380)="712ae01ebf877f139c8f1b0fcd056310bfa3de7157976d3ff4c82f2e0d1885774c5b7c7c853e5424fbf469ab0726e9f41208f98d20b093ddbb7f52e015b875cea2900b2443348cdf466c18cfae89ce96f0437cb21ca3703f0b94273c7500"/106}, 0x28) [ 487.658902][T13165] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 487.687020][T13165] CPU: 1 PID: 13165 Comm: syz-executor.1 Not tainted 5.5.0-rc1-syzkaller #0 [ 487.695738][T13165] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 487.705886][T13165] Call Trace: [ 487.709215][T13165] dump_stack+0x11d/0x181 [ 487.713568][T13165] dump_header+0xaa/0x39c [ 487.717920][T13165] oom_kill_process.cold+0x10/0x15 [ 487.723054][T13165] out_of_memory+0x231/0xa60 [ 487.727693][T13165] ? __rcu_read_unlock+0x66/0x3d0 [ 487.732750][T13165] mem_cgroup_out_of_memory+0x128/0x150 [ 487.738416][T13165] try_charge+0xb6c/0xbf0 [ 487.742895][T13165] ? rcu_note_context_switch+0x720/0x760 [ 487.748545][T13165] mem_cgroup_try_charge+0xd2/0x260 [ 487.753783][T13165] mem_cgroup_try_charge_delay+0x3a/0x80 [ 487.759457][T13165] __handle_mm_fault+0x197f/0x2e00 [ 487.764598][T13165] handle_mm_fault+0x21b/0x530 [ 487.769558][T13165] __get_user_pages+0x485/0x1130 [ 487.774519][T13165] populate_vma_page_range+0xe6/0x100 [ 487.779903][T13165] __mm_populate+0x168/0x2a0 [ 487.784543][T13165] __x64_sys_mlockall+0x2e3/0x320 [ 487.789617][T13165] do_syscall_64+0xcc/0x3a0 [ 487.794263][T13165] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 487.800227][T13165] RIP: 0033:0x45b349 [ 487.804407][T13165] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 487.825246][T13165] RSP: 002b:00007f8c5b458c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 487.833673][T13165] RAX: ffffffffffffffda RBX: 00007f8c5b4596d4 RCX: 000000000045b349 [ 487.841744][T13165] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 487.849724][T13165] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 487.857705][T13165] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 487.865686][T13165] R13: 0000000000000711 R14: 00000000004c8888 R15: 000000000075bfd4 [ 488.074406][T13165] memory: usage 307200kB, limit 307200kB, failcnt 4911 [ 488.088363][T13165] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 10:21:44 executing program 5: r0 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x6, 0x4, &(0x7f0000346fc8)=@framed={{}, [@alu={0x8000000201a7f19, 0x0, 0x6, 0x0, 0x1, 0x4}]}, &(0x7f0000000040)='GPL\x00', 0x1, 0xfb, &(0x7f00001a7f05)=""/251, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) [ 488.135667][T13165] Memory cgroup stats for /syz1: [ 488.135875][T13165] anon 305709056 [ 488.135875][T13165] file 0 [ 488.135875][T13165] kernel_stack 405504 [ 488.135875][T13165] slab 4153344 [ 488.135875][T13165] sock 0 [ 488.135875][T13165] shmem 0 [ 488.135875][T13165] file_mapped 0 [ 488.135875][T13165] file_dirty 0 [ 488.135875][T13165] file_writeback 0 [ 488.135875][T13165] anon_thp 251658240 [ 488.135875][T13165] inactive_anon 189198336 [ 488.135875][T13165] active_anon 13463552 [ 488.135875][T13165] inactive_file 0 10:21:44 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r0) pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = socket$inet_udp(0x2, 0x2, 0x0) close(r3) write$binfmt_elf32(r2, &(0x7f0000000400)=ANY=[@ANYRESOCT=0x0], 0x17) r4 = socket$inet(0x2, 0x3, 0x83) bind$inet(r3, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$inet_int(r4, 0x0, 0x3, &(0x7f0000000140)=0x7ff, 0x4) connect$inet(r3, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) setsockopt$SO_TIMESTAMPING(r3, 0x1, 0x41, &(0x7f0000000000)=0x440, 0x4) splice(r1, 0x0, r3, 0x0, 0x10005, 0x0) [ 488.135875][T13165] active_file 0 [ 488.135875][T13165] unevictable 103198720 [ 488.135875][T13165] slab_reclaimable 811008 [ 488.135875][T13165] slab_unreclaimable 3342336 [ 488.135875][T13165] pgfault 164967 [ 488.135875][T13165] pgmajfault 0 [ 488.135875][T13165] workingset_refault 33 [ 488.135875][T13165] workingset_activate 0 [ 488.135875][T13165] workingset_nodereclaim 0 [ 488.135875][T13165] pgrefill 265 [ 488.135875][T13165] pgscan 330 [ 488.135875][T13165] pgsteal 66 10:21:44 executing program 0: r0 = timerfd_create(0x0, 0x0) readv(r0, 0x0, 0x0) timerfd_settime(r0, 0x0, &(0x7f00000000c0)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x387b1d0849878266, 0x8031, 0xffffffffffffffff, 0x0) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pkey_mprotect(&(0x7f00002d5000/0x1000)=nil, 0x1000, 0x0, 0xffffffffffffffff) pkey_free(0xffffffffffffffff) [ 488.422485][T13165] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=13146,uid=0 [ 488.472526][T13165] Memory cgroup out of memory: Killed process 13146 (syz-executor.1) total-vm:72716kB, anon-rss:18332kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:151552kB oom_score_adj:1000 10:21:45 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) sched_setattr(0x0, 0x0, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000200)='/dev/snapshot\x00', 0x0, 0x0) syz_open_dev$audion(&(0x7f0000000240)='/dev/audio#\x00', 0x9, 0x200840) dup(r1) ioctl$RTC_VL_READ(r1, 0x80047013, &(0x7f00000000c0)) exit(0x7) write$binfmt_script(0xffffffffffffffff, &(0x7f00000003c0)={'#! ', './file0', [{0x20, '/dev/kvm\x00'}, {}, {}, {0x20, 'proc'}], 0xa, "df7c00e09c916729334fbe57a726284a85ae23e7eb165a0922b020a14afa53fc919ed5b5820a609af38acfc21c2cacee2f808e60eafcd3ec51fdb7f62ca135bbf86f9c1bbf9c23db4038c329b0e8d63563439cf1b94606299a6c503abe926decd68a7e671c7dfcc4125e9888fbc8ce452b52"}, 0x8e) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) r2 = syz_open_dev$amidi(&(0x7f0000000280)='/dev/amidi#\x00', 0xaf, 0x428240) ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(r2, 0xc080661a, &(0x7f00000002c0)={{0x2, 0x0, @identifier="8cff7fc81ac6de7927c1c322084eaabd"}}) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) r3 = syz_open_procfs(0x0, &(0x7f0000000180)='net/softnet_stat\x00') close(r3) ioctl$BINDER_GET_NODE_INFO_FOR_REF(0xffffffffffffffff, 0xc018620c, &(0x7f0000000180)={0x2}) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) dup(r4) open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, &(0x7f0000000100)={{0x7f, 0x3, 0x7, 0xa59e}, 'syz0\x00', 0x37}) 10:21:45 executing program 5: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000400)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fec68cb7d18ad181867514fe60077d4dd90123d27e7cf43548ee85857ad4a77cb56e0fcb3dfd4e70ebec677d60900000094f72cbf5fe31789e70227bfd8115efd90c8c48258f8dbe82e16cf0000000000000000000000000000000000000000000000000000790ae2fd45d54b107c8c247f195e32f13799d6707432ff48bc085760314166443ce72c74f3db890e1ff15a10d91f27e9a232fe2238fff867ba8fd41b29caad2a986e0e244bd117252e47ffda1a869db7e632df4de8572344b419c45c2170fe873692d8255170c16822bdffd3135480dae93c7e33bdef00000000d8fd8c79a5d0967ab7e43686b4dbe03e326beea7905ef7de375ef8bc8143df20d13c37db269971210fab7071cc3094078a044777aab9d86cf50afefd7b72a0950d389bc9cb43aa607b7269561dd50b22bd242ac8c3249582a20d4e04fd1ab7883f656b84137d5f7a6edba86a7b9a4c2f3b3a8abf93b280ea53ce01dcc2d30f4310e8281b0cdc017f9759060ea88a2f6597e966a85c9a74ca196700218f919746bb4b84c16fd56ee450e411d75ab7613b644ba7580b2a0942394ed1737517eed1c892422f54d5a2e1cf1a60fe2dcc1a465aa8d54cb4000053c3f01ea714a7bd4a773230487ae21260bd69b650e2ddf42882ac8f02a6ff4df1e0468ef842be6557d04d6d33aed1c4c7514ae76ae438ff8c2c75466611e9805935f7cbc42714215797d8f409492363cab00242c892fba8cbec670dcac8a3ad227d18d9d60b88a5baccce03cfeb0a511e182be3a02320e076208b342e5046700c813759f1b11666bc1a837cc1d9793d7f96095fbb892ab869ff29d43aab922b02511d890a02bc38e3840d65d165bf9969b601d178b5fb15f847e9"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x24f}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000140)={r0, 0x1800000000000060, 0xe80, 0xfffffffffffffe64, &(0x7f0000000100)="000e003f0000007e5bc5795eca0543080000000400000002ffff81", 0x0, 0x100, 0xf2ffffff, 0xfffffe0c, 0x212, &(0x7f0000000280)="f2a134bd13c7bd41a2a738ad8e7625ed330eb46063bd287d832698132e59ef45f8f50845c0ac85604b448e24348e4ae93e68238b7b9d561b349d19b5f5784e031c55c5a4e48926a1526e38640a161fab39732052ee83bc3b9cb625962f3eaf1ed426e6f0442693c16b0ab6a89a5738f5bccd6ae1492f8471a7afec6b", &(0x7f0000000380)="712ae01ebf877f139c8f1b0fcd056310bfa3de7157976d3ff4c82f2e0d1885774c5b7c7c853e5424fbf469ab0726e9f41208f98d20b093ddbb7f52e015b875cea2900b2443348cdf466c18cfae89ce96f0437cb21ca3703f0b94273c7500"/106}, 0x28) 10:21:45 executing program 3: socket$inet_icmp_raw(0x2, 0x3, 0x1) pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_elf32(r1, &(0x7f0000000400)=ANY=[@ANYRESOCT=0x0], 0x17) r3 = socket$inet(0x2, 0x3, 0x83) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$inet_int(r3, 0x0, 0x3, &(0x7f0000000140)=0x7ff, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x41, &(0x7f0000000000)=0x440, 0x4) splice(r0, 0x0, r2, 0x0, 0x10005, 0x0) 10:21:45 executing program 4: readv(0xffffffffffffffff, &(0x7f0000000080)=[{&(0x7f0000000200)=""/4096, 0x1000}], 0x1) timerfd_settime(0xffffffffffffffff, 0x0, &(0x7f00000000c0)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x387b1d0849878266, 0x8031, 0xffffffffffffffff, 0x0) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pkey_mprotect(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 10:21:45 executing program 2: r0 = timerfd_create(0x0, 0x0) readv(r0, &(0x7f0000000080)=[{&(0x7f0000000200)=""/4096, 0x1000}], 0x1) timerfd_settime(r0, 0x0, &(0x7f00000000c0)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x387b1d0849878266, 0x8031, 0xffffffffffffffff, 0x0) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x4, 0x4, 0x4, 0xd}, 0x2c) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000100)={r1, 0x28, &(0x7f0000000080)={0x0, 0x0}}, 0x10) r3 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={r2, 0x0, 0x10}, 0xc) mmap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0x11, r3, 0x0) pkey_mprotect(&(0x7f00002d5000/0x1000)=nil, 0x1000, 0x0, 0xffffffffffffffff) 10:21:45 executing program 0: r0 = timerfd_create(0x0, 0x0) readv(r0, 0x0, 0x0) timerfd_settime(r0, 0x0, &(0x7f00000000c0)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x387b1d0849878266, 0x8031, 0xffffffffffffffff, 0x0) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pkey_mprotect(&(0x7f00002d5000/0x1000)=nil, 0x1000, 0x0, 0xffffffffffffffff) pkey_free(0xffffffffffffffff) 10:21:46 executing program 3: pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_elf32(r1, &(0x7f0000000400)=ANY=[@ANYRESOCT=0x0], 0x17) r3 = socket$inet(0x2, 0x3, 0x83) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$inet_int(r3, 0x0, 0x3, &(0x7f0000000140)=0x7ff, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x41, &(0x7f0000000000)=0x440, 0x4) splice(r0, 0x0, r2, 0x0, 0x10005, 0x0) 10:21:46 executing program 5: r0 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x3, 0xe, &(0x7f0000000380)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x300}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r1, 0x18000000000002a0, 0x42, 0xe000000, &(0x7f00000000c0)="b9ff030000ffffff7f9e14f005051fffffff00004000630677fbac141414e934a0a662079f4b4d2f87e5feca6aab845013f2325f1a390101050a0100010000000000df74e30d7eabe773afef6f6e4798ab117e9f84fa406b913de8ad827a022e1faee50887dc302819a8a3d0cde36b67f337ce8eee124e061f8fea8ab95f1e8f99c7edea980697449b78569ea293c3eed3b28fc3205db63b2c65e77f19ab28c632cc80d9f2f37f9ba67174fffcb5244b0c909eb8e12116bebc47cf97d2ea8acadfb34ca580b64df7c800113e53bae401cd22f50072deabf93dd4d3e626", 0x0, 0x100, 0x0, 0x296, 0x0, &(0x7f0000000000), &(0x7f0000000040)}, 0x28) [ 489.614142][T13216] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 489.665803][T13216] CPU: 0 PID: 13216 Comm: syz-executor.1 Not tainted 5.5.0-rc1-syzkaller #0 [ 489.674515][T13216] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 489.684577][T13216] Call Trace: [ 489.687868][T13216] dump_stack+0x11d/0x181 [ 489.692342][T13216] dump_header+0xaa/0x39c [ 489.696742][T13216] oom_kill_process.cold+0x10/0x15 [ 489.701874][T13216] out_of_memory+0x231/0xa60 [ 489.706515][T13216] ? __rcu_read_unlock+0x66/0x3d0 [ 489.711566][T13216] mem_cgroup_out_of_memory+0x128/0x150 [ 489.717185][T13216] try_charge+0xb6c/0xbf0 [ 489.721681][T13216] ? rcu_note_context_switch+0x720/0x760 [ 489.727363][T13216] mem_cgroup_try_charge+0xd2/0x260 [ 489.732633][T13216] mem_cgroup_try_charge_delay+0x3a/0x80 [ 489.738336][T13216] __handle_mm_fault+0x197f/0x2e00 [ 489.743479][T13216] handle_mm_fault+0x21b/0x530 [ 489.748264][T13216] __get_user_pages+0x485/0x1130 [ 489.753280][T13216] populate_vma_page_range+0xe6/0x100 [ 489.758775][T13216] __mm_populate+0x168/0x2a0 [ 489.763412][T13216] __x64_sys_mlockall+0x2e3/0x320 [ 489.768456][T13216] do_syscall_64+0xcc/0x3a0 [ 489.772973][T13216] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 489.778954][T13216] RIP: 0033:0x45b349 [ 489.782943][T13216] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 489.802686][T13216] RSP: 002b:00007f8c5b479c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 10:21:46 executing program 3: pipe(0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) close(r0) write$binfmt_elf32(0xffffffffffffffff, &(0x7f0000000400)=ANY=[@ANYRESOCT=0x0], 0x17) r1 = socket$inet(0x2, 0x3, 0x83) bind$inet(r0, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$inet_int(r1, 0x0, 0x3, &(0x7f0000000140)=0x7ff, 0x4) connect$inet(r0, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000000)=0x440, 0x4) splice(0xffffffffffffffff, 0x0, r0, 0x0, 0x10005, 0x0) 10:21:46 executing program 3: pipe(0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) close(r0) write$binfmt_elf32(0xffffffffffffffff, &(0x7f0000000400)=ANY=[@ANYRESOCT=0x0], 0x17) r1 = socket$inet(0x2, 0x3, 0x83) bind$inet(r0, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$inet_int(r1, 0x0, 0x3, &(0x7f0000000140)=0x7ff, 0x4) connect$inet(r0, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000000)=0x440, 0x4) splice(0xffffffffffffffff, 0x0, r0, 0x0, 0x10005, 0x0) [ 489.811148][T13216] RAX: ffffffffffffffda RBX: 00007f8c5b47a6d4 RCX: 000000000045b349 [ 489.819177][T13216] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 489.827172][T13216] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 489.835155][T13216] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 489.843186][T13216] R13: 0000000000000711 R14: 00000000004c8888 R15: 000000000075bf2c [ 489.861171][T13216] memory: usage 307200kB, limit 307200kB, failcnt 4937 [ 489.912526][T13216] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 489.932724][T13216] Memory cgroup stats for /syz1: [ 489.932916][T13216] anon 305643520 [ 489.932916][T13216] file 0 [ 489.932916][T13216] kernel_stack 442368 [ 489.932916][T13216] slab 4153344 [ 489.932916][T13216] sock 0 [ 489.932916][T13216] shmem 0 [ 489.932916][T13216] file_mapped 0 [ 489.932916][T13216] file_dirty 0 [ 489.932916][T13216] file_writeback 0 [ 489.932916][T13216] anon_thp 251658240 [ 489.932916][T13216] inactive_anon 189235200 [ 489.932916][T13216] active_anon 13467648 [ 489.932916][T13216] inactive_file 0 [ 489.932916][T13216] active_file 0 [ 489.932916][T13216] unevictable 103071744 [ 489.932916][T13216] slab_reclaimable 811008 [ 489.932916][T13216] slab_unreclaimable 3342336 [ 489.932916][T13216] pgfault 166881 [ 489.932916][T13216] pgmajfault 0 [ 489.932916][T13216] workingset_refault 33 [ 489.932916][T13216] workingset_activate 0 10:21:46 executing program 3: pipe(0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) close(r0) write$binfmt_elf32(0xffffffffffffffff, &(0x7f0000000400)=ANY=[@ANYRESOCT=0x0], 0x17) r1 = socket$inet(0x2, 0x3, 0x83) bind$inet(r0, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$inet_int(r1, 0x0, 0x3, &(0x7f0000000140)=0x7ff, 0x4) connect$inet(r0, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000000)=0x440, 0x4) splice(0xffffffffffffffff, 0x0, r0, 0x0, 0x10005, 0x0) [ 489.932916][T13216] workingset_nodereclaim 0 [ 489.932916][T13216] pgrefill 265 [ 489.932916][T13216] pgscan 330 [ 489.932916][T13216] pgsteal 66 [ 490.152496][T13216] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=13199,uid=0 10:21:46 executing program 3: pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(0xffffffffffffffff) write$binfmt_elf32(r1, &(0x7f0000000400)=ANY=[@ANYRESOCT=0x0], 0x17) r3 = socket$inet(0x2, 0x3, 0x83) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$inet_int(r3, 0x0, 0x3, &(0x7f0000000140)=0x7ff, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x41, &(0x7f0000000000)=0x440, 0x4) splice(r0, 0x0, r2, 0x0, 0x10005, 0x0) [ 490.185721][T13216] Memory cgroup out of memory: Killed process 13199 (syz-executor.1) total-vm:72716kB, anon-rss:18328kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:151552kB oom_score_adj:1000 [ 490.268604][ T1066] oom_reaper: reaped process 13199 (syz-executor.1), now anon-rss:0kB, file-rss:34688kB, shmem-rss:0kB 10:21:47 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) sched_setattr(0x0, 0x0, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000200)='/dev/snapshot\x00', 0x0, 0x0) syz_open_dev$audion(&(0x7f0000000240)='/dev/audio#\x00', 0x9, 0x200840) dup(r1) ioctl$RTC_VL_READ(r1, 0x80047013, &(0x7f00000000c0)) exit(0x7) write$binfmt_script(0xffffffffffffffff, &(0x7f00000003c0)={'#! ', './file0', [{0x20, '/dev/kvm\x00'}, {}, {}, {0x20, 'proc'}], 0xa, "df7c00e09c916729334fbe57a726284a85ae23e7eb165a0922b020a14afa53fc919ed5b5820a609af38acfc21c2cacee2f808e60eafcd3ec51fdb7f62ca135bbf86f9c1bbf9c23db4038c329b0e8d63563439cf1b94606299a6c503abe926decd68a7e671c7dfcc4125e9888fbc8ce452b52"}, 0x8e) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) r2 = syz_open_dev$amidi(&(0x7f0000000280)='/dev/amidi#\x00', 0xaf, 0x428240) ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(r2, 0xc080661a, &(0x7f00000002c0)={{0x2, 0x0, @identifier="8cff7fc81ac6de7927c1c322084eaabd"}}) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) r3 = syz_open_procfs(0x0, &(0x7f0000000180)='net/softnet_stat\x00') close(r3) ioctl$BINDER_GET_NODE_INFO_FOR_REF(0xffffffffffffffff, 0xc018620c, &(0x7f0000000180)={0x2}) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) dup(r4) open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, &(0x7f0000000100)={{0x7f, 0x3, 0x7, 0xa59e}, 'syz0\x00', 0x37}) 10:21:47 executing program 5: socketpair(0x1e, 0x1, 0x0, &(0x7f0000000140)={0x0, 0x0}) close(r0) bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x0, 0x0, 0x3, 0xfffffffd}, 0x3c) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) openat$cgroup_type(0xffffffffffffffff, 0x0, 0x2, 0x0) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000540)='cgroup.controllers\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) setsockopt$sock_attach_bpf(r1, 0x10f, 0x87, &(0x7f0000000180), 0x4bd) socketpair(0x1e, 0x80005, 0x0, &(0x7f0000000340)={0x0, 0x0}) close(r3) setsockopt$sock_attach_bpf(r4, 0x10f, 0x87, &(0x7f0000000180), 0x127) sendmsg$tipc(r4, &(0x7f0000000500)={&(0x7f0000000280), 0x10, &(0x7f00000002c0)=[{&(0x7f0000001580)="276c5bd6f0db828036f59b152925d176a9e51a4722f8fd829657ff48969c3c5f309ceaf42e7b242b7fe4fa128061aec9827004000c31fd9e31cb1c79990c2b89045ea4dc3ad63a775c80850ea10827e8a40a6c8b5fa7cc514639bb99f13c6a3d0825a738a1a53433042c75230d368c95f8a0b5562b58ecf50fd78e5def7375cd62fb5728535bf371b2ffc7d8058398075e1d0a7a4451395c39f79c26b7287cebd130de7737e77714686b9d67d87a3cf8da02cc70fdc99c1a7c916ae542b9d5baaf1f9daa4fb845fd5d5cad2073a61ce51c345150f84b3900997296d55c7d394af17b01d445465ef377508a1a29a5d6b03b0da22c973f22814fb2a802d50fb1f051e7d95d53d598a0599ec79cd27123fa1d13b7996609d4548e81ef7b1e8de8f32593ef46c3081ab55929a3c1cb1fa28a485518391a76b7b80d5941aa42222cb6f25be29ebc938af75971ffffdd4dea114ac37f38e69cb670020a7448d99b7b5e3d09bcf2625c94d6599182ce9edb0bbfea111dae3b1c9d6cd3162ce0aaebcdcf22a8d29dca0d04ebf5944168f398c500915579070586dff7a2ec6d345d1f69a8c749740aea0dbb2d30c9f7e3afd498a886c906fe09a83322d8e94b3ebe288ec1601e6a16122fa44191b6b3f5315eb0b35cb628540438919b906502eeb7cacc7d15753e456b056e6145ab65ac7c01253f3c5663495a74a0598feed07436a72d3ee1185d0fbcf89e8c5d449e0216cab8110efe923be24366dffc65bb386e7f015bb40b6fd9abbf7180b217f88d99f168c113f3ff187c202e2ae32a0238e43af612678a44a3d8373b6dc6bf820f8bf73e6411c51152f51993c66effe25c6e72a3127da6996f13691ded659e1f9d6eab1124435750dfeb60de2b2d59d9196bda3a3c5cd5054b2960481d50ce28ac4159b54f3f26a9decfc8ab36b6110eda741e21c95e3631b3de40fd3c7828fb0e3c85070eb233d4d4b1b75e0167ec62e81f1a12a0cd2e02a7a43edb384e4d0d59744bbe86611575966efe25b4191f14a368a72c13aeb4de7caff7a9439b583d08714fd22a9b1ff08297a562a859e2d21dd4f8ecf6701bcd9a30d28909c52c56a8ef739f0841ae895ad858121b1ec82ae1bbec856730aba8e2f42841c33caa862fdf8b651d90055b6725e5bf0af348ec550ad23c5a3c15c7455fdb13a57a6e452bdebbeb32200ab7dce3fab98b206ec2571e3de8904bea2265288dbaec64359cb5cd926dc025343fff78e7bdab6f541a3d2b569f37b8339d14e706163854d01ba5380d648391740e1fc2e118557692796acf6e0fa8ab21c5657259bf05a8b510eb285f306c8cdd6e185094b0ff46ec71d5a9b8e344176f263730468db893eaba00c32bdafdb1ebdc3ec441abaf4e7b2db744411ae02f33b340a373ea1a485b88073c2da7bd6828bbe4028fef4c30088c9b28daf899741029da8f52d2927250c582f16ca173c0761ad74364f562f3106a15d17d34ff27abc49b8a7d9aa3d2d2bd5c406c9fe21e59ffad1a85c3d1283f983efaab087a92ce4bc66c934605b658f56857301278b09f5e22ba0034a3944ae27bd20cf9cd4a7d1973d4818716d0bf71d922d74ef68ede2604a98f6db652206e0a34ceed21cb950eebbee9686fc368e2b42f9417b22ab84c1a341630f962560900e02f20cc0ed618e657fe4ede15f9a105620dd2206dbd74ba7f061f2d058a127f5ecb72ad12264d81816d82169d668adf80bbdd279c684e11980f72ba126d0326dbfe6736d2b737069e0c5efb7e76276f10fa915907d91282084fa9a12c5636fd265ef705f49adc9924ffcc68742b17c9212fe8abcc49e4db91ee543a7fd438e59d030d6fa1c31ebe151f9c44af0069df608f0395159c41339aaf31b4c3e67526036c7f4d96fdd5afa5c4c85f2a6648098dccd6a49a8250e26bce3ca0e78976c961432783947e3a8ff5430af9cfebf3d2ee72153b7bd4d7f2cce79da6defba02cc5a73f7fa137c01a2cea52a961d9504d959aec7e2627fc33d07ef45bb8afbded876bee54c7f2feacf548bbab68a782e7bbcb6140d6c6b3fbe1108a6f4dd750c0424a9e1e0b8f239c4739f28463a23fe011cb8c98e25126c5693f19f16ab8a4b6351ff2955a397c3618ae47c78b2d123c334082f9aae0d7f9e7b761d58ef7e1f6dd20a23c7bcc3e84dbc75551573c425e5d56ca84e263b22c2ed5ff1255e500c1810574ff1af28114221fa6e72439d5fc117700bf5a7e01e2ffc0cfeabfddb8ae217a7033c9c8dce5a685ca7a0f4ceeb153ab2ae77652e1d73e9510f868b70270e386664ab4c45ddf353e61aef1ac0c673502b7e7faae557df3eaa5fd0a3a00c54f23723ce6406f616f678b6f789c57e09864895dd8a1e5da9ff0bc7be9f9174af99e157e4c71ed69c71783abb3ad18141d99e49ef32614b8ac29eb50f64b2355f4b599acbdf039877d68275a2ebeb0729791412dfd3194cc2cb4f045a4d2ac74afffec582df03ce4afd2aedc594c6cd34a4cd21d4ea653b04d49a8aa1e942df36b530c90d0c2c62ef8369677ce2ffd4304b0410ff9ef86be8afbf55adc6abca02acf03dcab2fe5339ab0eb9d79dfc4817c5e2c10676904192395d9b8552760b0fa79add2769284a0ef5ebc4d61e64dc9a8b2d4770cdb4be4345026f6d04549140f4bb01e8252eb06d70afd84247f8023a0cc31329499a0efcd8a79e0832992a96b437258ab186c6a9c8f2e55fe7319605453b888d928730a11a11b4f56eec25b4c18b2205aad508a9f6850e6e23103a517cf43af019d54593803b76a3529777a58441d781d2eb509fcb723ba3be91d12c809f0148095e2066e1b0f0656ceeb751ad610e265bd4bc1b67f5e521ef420420e9b7e137f29240d63a42d678c1739f33f39a09a0f4c5249f808f41152a07ce9bfcc94e35683bea83f82a5e34e1fef3f8ea2cf4c9f1c8ccef87d7f58fc1b4ace6cb667e62ed1f54f72b3a156551d96f9a16ff4864ae3a01dc86b5c65e6676493f07d7257b34d8c6c5851334a4542dd2bea4aef4f444b5f26ac89a27e3313a4a66bdad09382357f1adbd61d526a2541022814cc4b2515aec30f74729d1a5826a3206c02ccd6adfb6c2b6c7aee33b7213bdbc5878151b50d1a8fdc1b2b9b44a01606770028723c848e1faf60b89de5a2e72b7d19f7745f7c89989ab2a8174291ad7d0f2b172672aba9f4a1b42df53baf6d353b45d755eff7526efa8a87a2aeaf84d9a434e8844a98eab172fa474b353f19e1231aca846d93eb24e650e015a42c578d23d794c02304ff72e358ea5c75f6709e587951d3900b3b1066ddd4a2fe9186d0cfcfcc7e33e9b882e8c2242ba990face580f94d66bb6a5212190fba3c1f1e046738c422d9e94ed6671157af9145bcfe7fd0d431a7a7c84a3eec802794286e2dc2b59e93fcb09ea22a1e47ee8f0b3cf756fb67bc3676819cbc67396322ea6be61552533b52a2fd258e82dc7c57a09211cce3e785f5b4deacae7b9dcd48080c9edb03d935c9c9a426bb6d3ec71e559af61b796827b5e425c991d3485381e0842b35cb0ad91154f4a13117b35d2a9ebfcf0ef68d73093dd483923f7b3a00e9c04c0eec31effc9f908f38949e1766409fc9c8cc48f95d4d537520159dd794edb56e824d31c67d9c7cbefdb51860a8d1f859baa9bf5c2752d00b6969e94d47a88be798f6df9e6b5977a56206c33a38e74ac5de0b23489c9f5a037e13ae0194beb9f954c6b8ebefa78194a4e891c12ddb43019e60d9b8e7fe78df65a83671b76fd1a9c7be064c6d822bb0749d2162168821484ab78f906cb990167a2f9e19a33be2086dd55e54cb8b6dbcd6d1cc9b4c828472d55db6f175547f73db54d142f290ef99e8e26f2c6ebc7a53bfe31fe1eb2ac6a13dd0081debcc346cc0d3407ff158bc48a314a18b7fa781e32b66f9eaa792031567fa8d5c33fd85ebf85af958ef84c0c69f2bc3f842bff08b4b3112a6ac24a78c9476f15d40de489e50fb5e426167a10739db436cb1a63f5e7b3baf7c21c3506d3021c487ce4625f66a18468c89c3a9c94c7c1c2676e1f21a26bc393cf83e7bdf9bf66c2e9dd080574e1a80fe152124e5191c9367f22b4a712322986165964ccc2b016f0fc52e69d009a2f9fc13f344153f17bcebf937f59714f44dfdc11e69c7216cdb4f4d2143222e41d7415b3ef52e45477f62def841cea29c6258a2a2d8c7895712c51025ed7fd5d68bf8aa5a96fbbba98090dac42ad69522f47288af9f6f7acd2406c42706a940300ab41a59488966dc63f4ce8a6e6e7b18c1cf7b3e5013441ad0d7f201343e4a64da2cd513782877cb35d00f2113147ec4d7410971968daa76b1b9ad115c9ef6e8fe6abeb8b372806dbccb26f504f3fb8fb26c97fc6dcc7091f2f940e76fc121b39f215cb5ee96383b0ad5dcb2f7671e1d75612b3992a8bfd9ef25545b75845991f64a26c87a8abbdde668be3e6fb8ebdc31e73eb4eafda15215e0b545907a86c0fa3d5f1af4cf096cd7ec9c31dd57851203a2ce0c4cfecefe63e43ec9335f00fe3195965d0602bdf0fb36a8b4c6a538f18c002895f4d33968901c0228fbbfd250ae07075c9c3d8e3233027ca1ba82586797b9c3fd5c256c9562789f4393908ecba4bbd26a49672d71098198efe77b3661a2114c3b919330e67cd0ae6e90d88e1922750b6d36bde8926f9c635fbe0b1016f016af69965d762ebcab348ea4fe695007c9e1f91b8f7019a3206627751c8216dae9857569f152888ba8876b51d5d73bffb3c5544500e1121d72a0d2ca9b382bae36c36fdb5680b5973ec3529eefc2077654f5ec0021d473c221d544d6c0b56c48926ece451f01bd3b2746f6ccb0a44a2e934eefbc24c8f4ced796e4941bb6363d2bf0af8834e0dde49632c228477fcbae8d6667c5996aeb14eac620e35a1b3a3b29c4122c91f92a2f9917291c04cfb9ef91215d8b0dffccd082474c9a2ee26ab2139d4428c74efd41f820d671b4255253abad18028b4d19715ba084eaa884dcc975da4c316ac3f8c056a2dc1215bd1db2fd504169e6dab0494bc8e02d4374f061c517d424b0050b678fb240df83d19c0f9a71465541f706cf976f6f653a216dc290698158864c941067577cc0b54c8ccae532de0ec0d", 0xe2d}], 0x1}, 0x0) 10:21:47 executing program 3: pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(0xffffffffffffffff) write$binfmt_elf32(r1, &(0x7f0000000400)=ANY=[@ANYRESOCT=0x0], 0x17) r3 = socket$inet(0x2, 0x3, 0x83) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$inet_int(r3, 0x0, 0x3, &(0x7f0000000140)=0x7ff, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x41, &(0x7f0000000000)=0x440, 0x4) splice(r0, 0x0, r2, 0x0, 0x10005, 0x0) 10:21:47 executing program 0: r0 = timerfd_create(0x0, 0x0) readv(r0, 0x0, 0x0) timerfd_settime(r0, 0x0, &(0x7f00000000c0)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x387b1d0849878266, 0x8031, 0xffffffffffffffff, 0x0) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pkey_mprotect(&(0x7f00002d5000/0x1000)=nil, 0x1000, 0x0, 0xffffffffffffffff) pkey_free(0xffffffffffffffff) 10:21:47 executing program 2: bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x0, 0x4, &(0x7f0000000100)=ANY=[@ANYBLOB="18000000018000000008000005000000d944ece1f0ffffff18290000", @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) bpf$BPF_PROG_GET_FD_BY_ID(0xd, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000700)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fec68cb7d18ad181867514fe60077d4dd90123d27e7cf43548ee85857ad4a77cb56e0fcb3dfd4e70ebec677d6ac14c2c794f72cbf5fe31789e70227bfd8115efd90c8c48258f8dbe82e16cf0000000000000000000000000000000000000000000000000000790ae2fd00004b107c8c8a14195e32f13799d6707432ff48bc085760314166443ce72c74f3db890e1ff15a10d91f27e9a232fe2238fff867ba8fd41b29caad2a986e0e244bd11747ffda1a869db7e632df4de8572344b419c45c2170fe873692d8255170c16822bdffd3135480dae93c7e33bdef00000000d8fd8c79a5d0967ab7e43686b4d1e03e326beea79058f7de375ef8bc8143df20d13c37db269971210fab7071cc3094078a044777aab9d86cf50afefd7b72a0950d381dd50b22bd2491331818a10f2ac8c3249582a20d4e04fd1ab7883f656b84137d5f7a6edba86a7b9a4c2f3b3a8abfb280ea53ce01dcc2d30f4310e8281b0cdc017f9759060ea88a2f6597e966a85c9a74ca196700218f919746bb4b84c16fd56ee450e411d75ab7613b644ba7580b2a0942394ed1737517eed1c892422f54d5a2e1cf1a60fe2dcc1a465aa8d54cb4000053c3f01ea714a7bd4fad615ff6e2991589bbdd1ae0d1bce65c620c4a2527a82afe16e019a5e0b5ec1b1b8aafba090000c3630488edcc4a8cbd3246e962b773a75b28a51cd09cbcb3577fea6f1e9fe8cd2b532c084cbd051b4aeaf0e716b256acf183d8e55580a678c664813354f14a453b093948d49bca31a7170419bb1d32f256ff3010e69b2f0482c63ab78a74dec8b1b4d083c897b42cebf0d9391908bb1953612eb12a471e02bcce75741088d1b4e79511d3408bb130e02671a95a22a1be53969118bd899f3c233b"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x24f}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000140)={r0, 0x6e, 0xe80, 0xfffffe6f, &(0x7f0000000100)="480e003f0000007e5bc5795eca00000800ffffffba0000f0ffff81", 0x0, 0x100, 0xf2ffffff, 0xfffffe0c, 0x212, &(0x7f0000000280)="f2a134bd13c7bd41a2a738ad8e7625ed330eb46063bd287d832698132e59ef45f8f50845c0ac85604b448e24348e4ae93e68238b7b9d561b349d19b5f5784e031c55c5a4e48926a1526e38640a161fab39732052ee83bc3b9cb625962f3eaf1ed426e6f0442693c16b0ab6a89a5738f5bccd6ae1492f8471a7afec6b", &(0x7f0000000380)="712ae01ebf877f139c8f1b0fcd056310bfa3de7157976d3ff4c82f2e0d1885774c5b7c7c853e5424fbf469ab0726e9f41208f98d20b093ddbb7f52e015b875cea2900b2443348cdf466c18cfae89ce96f0437cb21ca3703f0b94273c7500"/106}, 0x28) 10:21:47 executing program 4: readv(0xffffffffffffffff, &(0x7f0000000080)=[{&(0x7f0000000200)=""/4096, 0x1000}], 0x1) timerfd_settime(0xffffffffffffffff, 0x0, &(0x7f00000000c0)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x387b1d0849878266, 0x8031, 0xffffffffffffffff, 0x0) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pkey_mprotect(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 10:21:47 executing program 3: pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(0xffffffffffffffff) write$binfmt_elf32(r1, &(0x7f0000000400)=ANY=[@ANYRESOCT=0x0], 0x17) r3 = socket$inet(0x2, 0x3, 0x83) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$inet_int(r3, 0x0, 0x3, &(0x7f0000000140)=0x7ff, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x41, &(0x7f0000000000)=0x440, 0x4) splice(r0, 0x0, r2, 0x0, 0x10005, 0x0) [ 491.050714][T13262] net_ratelimit: 1014 callbacks suppressed [ 491.050731][T13262] batman_adv: batadv0: adding TT local entry ba:00:00:f0:ff:ff to non-existent VLAN 4095 [ 491.111579][T13262] batman_adv: batadv0: adding TT local entry ba:00:00:f0:ff:ff to non-existent VLAN 4095 [ 491.137429][T13262] batman_adv: batadv0: adding TT local entry ba:00:00:f0:ff:ff to non-existent VLAN 4095 10:21:47 executing program 5: bpf$BPF_GET_BTF_INFO(0xf, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$kcm(0x11, 0xa, 0x300) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000800)) socket$kcm(0x2, 0x1000000000000002, 0x0) socket$kcm(0x29, 0x2, 0x0) socket$kcm(0x10, 0x2, 0x4) socket$kcm(0x11, 0x200000000000002, 0x300) sendmsg$inet(0xffffffffffffffff, 0x0, 0x0) socket$kcm(0x29, 0x5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700) recvmsg(r0, 0x0, 0x2001) ioctl$TUNSETTXFILTER(r0, 0x400454d1, &(0x7f0000000000)) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/syz0\x00', 0x200002, 0x0) openat$cgroup_procs(r1, &(0x7f0000000280)='cgroup.threads\x00', 0x2, 0x0) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) ioctl$TUNSETPERSIST(0xffffffffffffffff, 0x400454cb, 0x1) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cgroup.stat\x00', 0x26e1, 0x0) r3 = socket$kcm(0x2, 0x2, 0x0) setsockopt$sock_attach_bpf(r3, 0x1, 0x3e, &(0x7f00000002c0)=r2, 0x161) sendmsg$kcm(r3, &(0x7f0000003d00)={&(0x7f0000000380)=@in={0x2, 0x4e23, @multicast1}, 0x80, 0x0}, 0xfd00) write$cgroup_subtree(r3, &(0x7f0000000280)={[{0x0, 'memory'}]}, 0xfdef) [ 491.165649][T13262] batman_adv: batadv0: adding TT local entry ba:00:00:f0:ff:ff to non-existent VLAN 4095 [ 491.208752][T13262] batman_adv: batadv0: adding TT local entry ba:00:00:f0:ff:ff to non-existent VLAN 4095 [ 491.219194][T13262] batman_adv: batadv0: adding TT local entry ba:00:00:f0:ff:ff to non-existent VLAN 4095 [ 491.262510][T13262] batman_adv: batadv0: adding TT local entry ba:00:00:f0:ff:ff to non-existent VLAN 4095 [ 491.313072][T13262] batman_adv: batadv0: adding TT local entry ba:00:00:f0:ff:ff to non-existent VLAN 4095 [ 491.328765][T13266] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 491.342915][T13266] CPU: 0 PID: 13266 Comm: syz-executor.1 Not tainted 5.5.0-rc1-syzkaller #0 [ 491.351603][T13266] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 491.361522][T13262] batman_adv: batadv0: adding TT local entry ba:00:00:f0:ff:ff to non-existent VLAN 4095 [ 491.361681][T13266] Call Trace: [ 491.375149][T13266] dump_stack+0x11d/0x181 [ 491.379498][T13266] dump_header+0xaa/0x39c [ 491.383844][T13266] oom_kill_process.cold+0x10/0x15 [ 491.389076][T13266] out_of_memory+0x231/0xa60 [ 491.393692][T13266] ? __rcu_read_unlock+0x66/0x3d0 [ 491.398746][T13266] mem_cgroup_out_of_memory+0x128/0x150 [ 491.404329][T13266] try_charge+0xb6c/0xbf0 [ 491.408706][T13266] ? rcu_note_context_switch+0x720/0x760 [ 491.414542][T13266] mem_cgroup_try_charge+0xd2/0x260 [ 491.419776][T13266] mem_cgroup_try_charge_delay+0x3a/0x80 [ 491.420391][T13262] batman_adv: batadv0: adding TT local entry ba:00:00:f0:ff:ff to non-existent VLAN 4095 [ 491.425450][T13266] __handle_mm_fault+0x197f/0x2e00 [ 491.425502][T13266] handle_mm_fault+0x21b/0x530 [ 491.445208][T13266] __get_user_pages+0x485/0x1130 [ 491.450181][T13266] populate_vma_page_range+0xe6/0x100 [ 491.455668][T13266] __mm_populate+0x168/0x2a0 [ 491.460400][T13266] __x64_sys_mlockall+0x2e3/0x320 [ 491.465450][T13266] do_syscall_64+0xcc/0x3a0 [ 491.470032][T13266] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 491.475968][T13266] RIP: 0033:0x45b349 [ 491.479913][T13266] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 491.499522][T13266] RSP: 002b:00007f8c5b479c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 10:21:48 executing program 3: pipe(&(0x7f0000000240)={0xffffffffffffffff}) r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) write$binfmt_elf32(0xffffffffffffffff, &(0x7f0000000400)=ANY=[@ANYRESOCT=0x0], 0x17) r2 = socket$inet(0x2, 0x3, 0x83) bind$inet(r1, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$inet_int(r2, 0x0, 0x3, &(0x7f0000000140)=0x7ff, 0x4) connect$inet(r1, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) setsockopt$SO_TIMESTAMPING(r1, 0x1, 0x41, &(0x7f0000000000)=0x440, 0x4) splice(r0, 0x0, r1, 0x0, 0x10005, 0x0) [ 491.508013][T13266] RAX: ffffffffffffffda RBX: 00007f8c5b47a6d4 RCX: 000000000045b349 [ 491.515991][T13266] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 491.523991][T13266] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 491.532009][T13266] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 491.540073][T13266] R13: 0000000000000711 R14: 00000000004c8888 R15: 000000000075bf2c [ 491.553248][T13266] memory: usage 307200kB, limit 307200kB, failcnt 4965 [ 491.560142][T13266] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 491.577339][T13266] Memory cgroup stats for /syz1: [ 491.577560][T13266] anon 305438720 [ 491.577560][T13266] file 0 [ 491.577560][T13266] kernel_stack 405504 [ 491.577560][T13266] slab 4313088 [ 491.577560][T13266] sock 0 [ 491.577560][T13266] shmem 0 [ 491.577560][T13266] file_mapped 0 [ 491.577560][T13266] file_dirty 0 [ 491.577560][T13266] file_writeback 0 [ 491.577560][T13266] anon_thp 251658240 [ 491.577560][T13266] inactive_anon 191287296 [ 491.577560][T13266] active_anon 13479936 [ 491.577560][T13266] inactive_file 0 [ 491.577560][T13266] active_file 0 [ 491.577560][T13266] unevictable 100839424 [ 491.577560][T13266] slab_reclaimable 811008 [ 491.577560][T13266] slab_unreclaimable 3502080 [ 491.577560][T13266] pgfault 168663 [ 491.577560][T13266] pgmajfault 0 [ 491.577560][T13266] workingset_refault 33 [ 491.577560][T13266] workingset_activate 0 [ 491.577560][T13266] workingset_nodereclaim 0 [ 491.577560][T13266] pgrefill 265 [ 491.577560][T13266] pgscan 330 [ 491.577560][T13266] pgsteal 66 10:21:48 executing program 4: readv(0xffffffffffffffff, &(0x7f0000000080)=[{&(0x7f0000000200)=""/4096, 0x1000}], 0x1) timerfd_settime(0xffffffffffffffff, 0x0, &(0x7f00000000c0)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x387b1d0849878266, 0x8031, 0xffffffffffffffff, 0x0) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pkey_mprotect(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 10:21:48 executing program 2: bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x0, 0x4, &(0x7f0000000100)=ANY=[@ANYBLOB="18000000018000000008000005000000d944ece1f0ffffff18290000", @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) bpf$BPF_PROG_GET_FD_BY_ID(0xd, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000700)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fec68cb7d18ad181867514fe60077d4dd90123d27e7cf43548ee85857ad4a77cb56e0fcb3dfd4e70ebec677d6ac14c2c794f72cbf5fe31789e70227bfd8115efd90c8c48258f8dbe82e16cf0000000000000000000000000000000000000000000000000000790ae2fd00004b107c8c8a14195e32f13799d6707432ff48bc085760314166443ce72c74f3db890e1ff15a10d91f27e9a232fe2238fff867ba8fd41b29caad2a986e0e244bd11747ffda1a869db7e632df4de8572344b419c45c2170fe873692d8255170c16822bdffd3135480dae93c7e33bdef00000000d8fd8c79a5d0967ab7e43686b4d1e03e326beea79058f7de375ef8bc8143df20d13c37db269971210fab7071cc3094078a044777aab9d86cf50afefd7b72a0950d381dd50b22bd2491331818a10f2ac8c3249582a20d4e04fd1ab7883f656b84137d5f7a6edba86a7b9a4c2f3b3a8abfb280ea53ce01dcc2d30f4310e8281b0cdc017f9759060ea88a2f6597e966a85c9a74ca196700218f919746bb4b84c16fd56ee450e411d75ab7613b644ba7580b2a0942394ed1737517eed1c892422f54d5a2e1cf1a60fe2dcc1a465aa8d54cb4000053c3f01ea714a7bd4fad615ff6e2991589bbdd1ae0d1bce65c620c4a2527a82afe16e019a5e0b5ec1b1b8aafba090000c3630488edcc4a8cbd3246e962b773a75b28a51cd09cbcb3577fea6f1e9fe8cd2b532c084cbd051b4aeaf0e716b256acf183d8e55580a678c664813354f14a453b093948d49bca31a7170419bb1d32f256ff3010e69b2f0482c63ab78a74dec8b1b4d083c897b42cebf0d9391908bb1953612eb12a471e02bcce75741088d1b4e79511d3408bb130e02671a95a22a1be53969118bd899f3c233b"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x24f}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000140)={r0, 0x6e, 0xe80, 0xfffffe6f, &(0x7f0000000100)="480e003f0000007e5bc5795eca00000800ffffffba0000f0ffff81", 0x0, 0x100, 0xf2ffffff, 0xfffffe0c, 0x212, &(0x7f0000000280)="f2a134bd13c7bd41a2a738ad8e7625ed330eb46063bd287d832698132e59ef45f8f50845c0ac85604b448e24348e4ae93e68238b7b9d561b349d19b5f5784e031c55c5a4e48926a1526e38640a161fab39732052ee83bc3b9cb625962f3eaf1ed426e6f0442693c16b0ab6a89a5738f5bccd6ae1492f8471a7afec6b", &(0x7f0000000380)="712ae01ebf877f139c8f1b0fcd056310bfa3de7157976d3ff4c82f2e0d1885774c5b7c7c853e5424fbf469ab0726e9f41208f98d20b093ddbb7f52e015b875cea2900b2443348cdf466c18cfae89ce96f0437cb21ca3703f0b94273c7500"/106}, 0x28) [ 491.782889][T13266] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=13248,uid=0 10:21:48 executing program 5: bpf$BPF_GET_BTF_INFO(0xf, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$kcm(0x11, 0xa, 0x300) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000800)) socket$kcm(0x2, 0x1000000000000002, 0x0) socket$kcm(0x29, 0x2, 0x0) socket$kcm(0x10, 0x2, 0x4) socket$kcm(0x11, 0x200000000000002, 0x300) sendmsg$inet(0xffffffffffffffff, 0x0, 0x0) socket$kcm(0x29, 0x5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700) ioctl$TUNSETTXFILTER(r0, 0x400454d1, &(0x7f0000000000)) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/syz0\x00', 0x200002, 0x0) openat$cgroup_procs(r1, &(0x7f0000000280)='cgroup.threads\x00', 0x2, 0x0) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000004ec0)={0xffffffffffffffff, 0x0, 0x0}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) ioctl$TUNSETPERSIST(0xffffffffffffffff, 0x400454cb, 0x1) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cgroup.stat\x00', 0x26e1, 0x0) r3 = socket$kcm(0x2, 0x2, 0x0) setsockopt$sock_attach_bpf(r3, 0x1, 0x3e, &(0x7f00000002c0)=r2, 0x161) sendmsg$kcm(r3, &(0x7f0000003d00)={&(0x7f0000000380)=@in={0x2, 0x4e23, @multicast1}, 0x80, 0x0}, 0xfd00) write$cgroup_subtree(r3, &(0x7f0000000280)={[{0x0, 'memory'}]}, 0xfdef) [ 491.922607][T13266] Memory cgroup out of memory: Killed process 13248 (syz-executor.1) total-vm:72716kB, anon-rss:18328kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:151552kB oom_score_adj:1000 [ 491.977247][ T1066] oom_reaper: reaped process 13248 (syz-executor.1), now anon-rss:0kB, file-rss:34688kB, shmem-rss:0kB 10:21:49 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) sched_setattr(0x0, 0x0, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000200)='/dev/snapshot\x00', 0x288000, 0x0) syz_open_dev$audion(0x0, 0x9, 0x200840) dup(r1) ioctl$RTC_VL_READ(r1, 0x80047013, &(0x7f00000000c0)) exit(0x7) write$binfmt_script(0xffffffffffffffff, &(0x7f00000003c0)={'#! ', './file0', [{0x20, '/dev/kvm\x00'}, {}, {}, {0x20, 'proc'}], 0xa, "df7c00e09c916729334fbe57a726284a85ae23e7eb165a0922b020a14afa53fc919ed5b5820a609af38acfc21c2cacee2f808e60eafcd3ec51fdb7f62ca135bbf86f9c1bbf9c23db4038c329b0e8d63563439cf1b94606299a6c503abe926decd68a7e671c7dfcc4125e9888fbc8ce452b52"}, 0x8e) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) r2 = syz_open_dev$amidi(&(0x7f0000000280)='/dev/amidi#\x00', 0xaf, 0x428240) ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(r2, 0xc080661a, &(0x7f00000002c0)={{0x2, 0x0, @identifier="8cff7fc81ac6de7927c1c322084eaabd"}}) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) r3 = syz_open_procfs(0x0, &(0x7f0000000180)='net/softnet_stat\x00') close(r3) ioctl$BINDER_GET_NODE_INFO_FOR_REF(0xffffffffffffffff, 0xc018620c, &(0x7f0000000180)={0x2}) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) dup(r4) open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, &(0x7f0000000100)={{0x7f, 0x3, 0x7, 0xa59e}, 'syz0\x00', 0x37}) 10:21:49 executing program 2: r0 = socket$kcm(0x2, 0x200000000000001, 0x0) sendmsg(r0, &(0x7f0000000140)={&(0x7f00000003c0)=@in={0x2, 0x0, @loopback}, 0x80, 0x0}, 0x20000000) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000b7a000)={0x1, 0x3, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000021000000000000000000001e950000000000000089b92baa38e52e2f0722efede4bb2a3becc3dc61b55087949ea6ab1df71c61413dabd4c3c846f8ba85d1f6fec494d7f4cf3bd6e5368bad7b74ede7172801e60d03384aa6158f83f46e966ec4c0910bbf834940441c215ebdfb0f05f3da15dd69e1ebea17b315713c2855d599bf3022ba3a861dfb49865e0e7e17d5eb603025193df1b3428662c87121fb42f2260000000000000059d1ac2a9494e1b7c29c955e11849a25001b5e040aeb60ddfe65dad349d07333df793efe774847ec3727c127a7439d629fce7d46c407198f7b8285fed483c936997dac49234ef81f8fb905331dc8c7c7dd07e56ed28944b6a067c00ba300"/276], &(0x7f0000f6bffb)='GPL\x00', 0x1, 0xfb, &(0x7f00000002c0)=""/251}, 0x48) r2 = socket$kcm(0x29, 0x2, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000100)={r0, r1}) r3 = socket$kcm(0x10, 0x2, 0x10) ioctl$sock_kcm_SIOCKCMUNATTACH(r2, 0x89e1, &(0x7f0000000040)={r3}) 10:21:49 executing program 5: socket$kcm(0xa, 0x0, 0x11) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x80087601, &(0x7f0000000080)) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$kcm(0x2b, 0x0, 0x0) bpf$MAP_LOOKUP_ELEM(0x1, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x4030582a, 0x0) openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0) 10:21:49 executing program 0: r0 = timerfd_create(0x0, 0x0) readv(r0, &(0x7f0000000080), 0x0) timerfd_settime(r0, 0x0, &(0x7f00000000c0)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x387b1d0849878266, 0x8031, 0xffffffffffffffff, 0x0) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pkey_mprotect(&(0x7f00002d5000/0x1000)=nil, 0x1000, 0x0, 0xffffffffffffffff) pkey_free(0xffffffffffffffff) 10:21:49 executing program 3: pipe(&(0x7f0000000240)={0xffffffffffffffff}) r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) write$binfmt_elf32(0xffffffffffffffff, &(0x7f0000000400)=ANY=[@ANYRESOCT=0x0], 0x17) r2 = socket$inet(0x2, 0x3, 0x83) bind$inet(r1, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$inet_int(r2, 0x0, 0x3, &(0x7f0000000140)=0x7ff, 0x4) connect$inet(r1, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) setsockopt$SO_TIMESTAMPING(r1, 0x1, 0x41, &(0x7f0000000000)=0x440, 0x4) splice(r0, 0x0, r1, 0x0, 0x10005, 0x0) 10:21:49 executing program 4: r0 = timerfd_create(0x0, 0x0) readv(0xffffffffffffffff, &(0x7f0000000080)=[{&(0x7f0000000200)=""/4096, 0x1000}], 0x1) timerfd_settime(r0, 0x0, &(0x7f00000000c0)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x387b1d0849878266, 0x8031, 0xffffffffffffffff, 0x0) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pkey_mprotect(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 10:21:49 executing program 2: socketpair(0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x0}) socket$kcm(0x11, 0x8000000002, 0x300) socket$kcm(0x2b, 0x8000000000001, 0x0) r0 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) socket$kcm(0x29, 0x5, 0x0) socket$kcm(0x11, 0x8000000002, 0x300) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz0\x00', 0x200002, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cgroup.stat\x00', 0x26e1, 0x0) r2 = socket$kcm(0x2, 0x1000000000000002, 0x0) setsockopt$sock_attach_bpf(r2, 0x1, 0x3e, &(0x7f00000002c0)=r1, 0x161) sendmsg$kcm(r2, &(0x7f0000003d00)={&(0x7f0000000380)=@in={0x2, 0x4e23, @multicast1}, 0x80, 0x0}, 0xfd00) write$cgroup_subtree(r2, &(0x7f0000000280)={[{0x0, 'memory'}]}, 0xfdef) 10:21:49 executing program 5: bpf$BPF_GET_BTF_INFO(0xf, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$kcm(0x11, 0xa, 0x300) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000800)) socket$kcm(0x2, 0x1000000000000002, 0x0) socket$kcm(0x29, 0x2, 0x0) socket$kcm(0x10, 0x2, 0x4) socket$kcm(0x11, 0x200000000000002, 0x300) sendmsg$inet(0xffffffffffffffff, 0x0, 0x0) socket$kcm(0x29, 0x5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700) ioctl$TUNSETTXFILTER(r0, 0x400454d1, &(0x7f0000000000)) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/syz0\x00', 0x200002, 0x0) openat$cgroup_procs(r1, &(0x7f0000000280)='cgroup.threads\x00', 0x2, 0x0) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000004ec0)={0xffffffffffffffff, 0xc0, &(0x7f0000004e00)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000004d00)={0x3, 0x3}, 0x0, 0x0, 0x0, &(0x7f0000004d80), 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) ioctl$TUNSETPERSIST(0xffffffffffffffff, 0x400454cb, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cgroup.stat\x00', 0x26e1, 0x0) r3 = socket$kcm(0x2, 0x2, 0x0) setsockopt$sock_attach_bpf(r3, 0x1, 0x3e, &(0x7f00000002c0)=r2, 0x161) sendmsg$kcm(r3, &(0x7f0000003d00)={&(0x7f0000000380)=@in={0x2, 0x4e23, @multicast1}, 0x80, 0x0}, 0xfd00) write$cgroup_subtree(r3, &(0x7f0000000280)={[{0x0, 'memory'}]}, 0xfdef) [ 493.002350][T13318] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 493.052463][T13318] CPU: 0 PID: 13318 Comm: syz-executor.1 Not tainted 5.5.0-rc1-syzkaller #0 [ 493.061472][T13318] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 493.071854][T13318] Call Trace: [ 493.075155][T13318] dump_stack+0x11d/0x181 [ 493.079503][T13318] dump_header+0xaa/0x39c [ 493.083951][T13318] oom_kill_process.cold+0x10/0x15 [ 493.089099][T13318] out_of_memory+0x231/0xa60 [ 493.093834][T13318] ? __rcu_read_unlock+0x66/0x3d0 [ 493.098884][T13318] mem_cgroup_out_of_memory+0x128/0x150 [ 493.104721][T13318] try_charge+0xb6c/0xbf0 [ 493.109077][T13318] ? rcu_note_context_switch+0x720/0x760 [ 493.114745][T13318] mem_cgroup_try_charge+0xd2/0x260 [ 493.119971][T13318] mem_cgroup_try_charge_delay+0x3a/0x80 [ 493.125641][T13318] __handle_mm_fault+0x197f/0x2e00 [ 493.130779][T13318] handle_mm_fault+0x21b/0x530 [ 493.135563][T13318] __get_user_pages+0x485/0x1130 [ 493.140577][T13318] populate_vma_page_range+0xe6/0x100 [ 493.145976][T13318] __mm_populate+0x168/0x2a0 [ 493.150589][T13318] __x64_sys_mlockall+0x2e3/0x320 [ 493.155767][T13318] do_syscall_64+0xcc/0x3a0 [ 493.160344][T13318] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 493.166240][T13318] RIP: 0033:0x45b349 [ 493.170292][T13318] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 493.189912][T13318] RSP: 002b:00007f8c5b479c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 493.198338][T13318] RAX: ffffffffffffffda RBX: 00007f8c5b47a6d4 RCX: 000000000045b349 [ 493.206324][T13318] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 493.214442][T13318] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 493.222522][T13318] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 493.230666][T13318] R13: 0000000000000711 R14: 00000000004c8888 R15: 000000000075bf2c [ 493.245062][T13318] memory: usage 307200kB, limit 307200kB, failcnt 4974 [ 493.252141][T13318] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 493.259514][T13318] Memory cgroup stats for /syz1: [ 493.259745][T13318] anon 305504256 [ 493.259745][T13318] file 0 [ 493.259745][T13318] kernel_stack 405504 [ 493.259745][T13318] slab 4313088 [ 493.259745][T13318] sock 0 [ 493.259745][T13318] shmem 0 [ 493.259745][T13318] file_mapped 0 [ 493.259745][T13318] file_dirty 0 [ 493.259745][T13318] file_writeback 0 [ 493.259745][T13318] anon_thp 251658240 [ 493.259745][T13318] inactive_anon 195379200 10:21:49 executing program 4: r0 = timerfd_create(0x0, 0x0) readv(0xffffffffffffffff, &(0x7f0000000080)=[{&(0x7f0000000200)=""/4096, 0x1000}], 0x1) timerfd_settime(r0, 0x0, &(0x7f00000000c0)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x387b1d0849878266, 0x8031, 0xffffffffffffffff, 0x0) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pkey_mprotect(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) [ 493.259745][T13318] active_anon 13467648 [ 493.259745][T13318] inactive_file 0 [ 493.259745][T13318] active_file 0 [ 493.259745][T13318] unevictable 96641024 [ 493.259745][T13318] slab_reclaimable 811008 [ 493.259745][T13318] slab_unreclaimable 3502080 [ 493.259745][T13318] pgfault 170313 [ 493.259745][T13318] pgmajfault 0 [ 493.259745][T13318] workingset_refault 33 [ 493.259745][T13318] workingset_activate 0 [ 493.259745][T13318] workingset_nodereclaim 0 [ 493.259745][T13318] pgrefill 265 [ 493.259745][T13318] pgscan 330 [ 493.259745][T13318] pgsteal 66 [ 493.355847][T13318] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=13297,uid=0 [ 493.372424][T13318] Memory cgroup out of memory: Killed process 13297 (syz-executor.1) total-vm:72716kB, anon-rss:18328kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:151552kB oom_score_adj:1000 10:21:50 executing program 2: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000300)='cgroup.controllers\x00', 0x0, 0x0) openat$cgroup(r0, 0x0, 0x200002, 0x0) ioctl$TUNSETCARRIER(r0, 0x400454e2, &(0x7f0000000080)) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000400)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fec68cb7d18ad181867514fe60077d4dd90123d27e7cf43548ee85857ad4a77cb56e0fcb3dfd4e70ebec677d60900000094f72cbf5fe31789e70227bfd8115efd90c8c48258f8dbe82e16cf0000000000000000000000000000000000000000000000000000790ae2fd45d54b107c8c247f195e32f13799d6707432ff48bc085760314166443ce72c74f3db890e1ff15a10d91f27e9a232fe2238fff867ba8fd41b29caad2a986e0e244bd117252e47ffda1a869db7e632df4de8572344b419c45c2170fe873692d8255170c16822bdffd3135480dae93c7e33bdef00000000d8fd8c79a5d0967ab7e43686b4dbe03e326beea7905ef7de375ef8bc8143df20d13c37db269971210fab7071cc3094078a044777aab9d86cf50afefd7b72a0950d389bc9cb43aa607b7269561dd50b22bd242ac8c3249582a20d4e04fd1ab7883f656b84137d5f7a6edba86a7b9a4c2f3b3a8abf93b280ea53ce01dcc2d30f4310e8281b0cdc017f9759060ea88a2f6597e966a85c9a74ca196700218f919746bb4b84c16fd56ee450e411d75ab7613b644ba7580b2a0942394ed1737517eed1c892422f54d5a2e1cf1a60fe2dcc1a465aa8d54cb4000053c3f01ea714a7bd4a773230487ae21260bd69b650e2ddf42882ac8f02a6ff4df1e0468ef842be6557d04d6d33aed1c4c7514ae76ae438ff8c2c75466611e9805935f7cbc42714215797d8f409492363cab00242c892fba8cbec670dcac8a3ad227d18d9d60b88a5baccce03cfeb0a511e182be3a02320e076208b342e5046700c813759f1b11666bc1a837cc1d9793d7f96095fbb892ab869ff29d43aab922b02511d890a02bc38e3840d65d165bf9969b601d178b5fb15f847e9"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x24f}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000140)={r1, 0x1800000000000060, 0xe80, 0xfffffffffffffe64, &(0x7f0000000100)="000e003f0000007e5bc5795eca0543080000000400000002ffff81", 0x0, 0x100, 0xf2ffffff, 0xfffffe0c, 0x212, &(0x7f0000000280)="f2a134bd13c7bd41a2a738ad8e7625ed330eb46063bd287d832698132e59ef45f8f50845c0ac85604b448e24348e4ae93e68238b7b9d561b349d19b5f5784e031c55c5a4e48926a1526e38640a161fab39732052ee83bc3b9cb625962f3eaf1ed426e6f0442693c16b0ab6a89a5738f5bccd6ae1492f8471a7afec6b", &(0x7f0000000380)="712ae01ebf877f139c8f1b0fcd056310bfa3de7157976d3ff4c82f2e0d1885774c5b7c7c853e5424fbf469ab0726e9f41208f98d20b093ddbb7f52e015b875cea2900b2443348cdf466c18cfae89ce96f0437cb21ca3703f0b94273c7500"/106}, 0x28) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000040)) 10:21:50 executing program 5: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) close(r0) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0}}, 0x0) 10:21:50 executing program 3: pipe(&(0x7f0000000240)={0xffffffffffffffff}) r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) write$binfmt_elf32(0xffffffffffffffff, &(0x7f0000000400)=ANY=[@ANYRESOCT=0x0], 0x17) r2 = socket$inet(0x2, 0x3, 0x83) bind$inet(r1, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$inet_int(r2, 0x0, 0x3, &(0x7f0000000140)=0x7ff, 0x4) connect$inet(r1, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) setsockopt$SO_TIMESTAMPING(r1, 0x1, 0x41, &(0x7f0000000000)=0x440, 0x4) splice(r0, 0x0, r1, 0x0, 0x10005, 0x0) 10:21:50 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) sched_setattr(0x0, 0x0, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000200)='/dev/snapshot\x00', 0x288000, 0x0) syz_open_dev$audion(0x0, 0x9, 0x200840) dup(r1) ioctl$RTC_VL_READ(r1, 0x80047013, &(0x7f00000000c0)) exit(0x7) write$binfmt_script(0xffffffffffffffff, &(0x7f00000003c0)={'#! ', './file0', [{0x20, '/dev/kvm\x00'}, {}, {}, {0x20, 'proc'}], 0xa, "df7c00e09c916729334fbe57a726284a85ae23e7eb165a0922b020a14afa53fc919ed5b5820a609af38acfc21c2cacee2f808e60eafcd3ec51fdb7f62ca135bbf86f9c1bbf9c23db4038c329b0e8d63563439cf1b94606299a6c503abe926decd68a7e671c7dfcc4125e9888fbc8ce452b52"}, 0x8e) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) r2 = syz_open_dev$amidi(&(0x7f0000000280)='/dev/amidi#\x00', 0xaf, 0x428240) ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(r2, 0xc080661a, &(0x7f00000002c0)={{0x2, 0x0, @identifier="8cff7fc81ac6de7927c1c322084eaabd"}}) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) r3 = syz_open_procfs(0x0, &(0x7f0000000180)='net/softnet_stat\x00') close(r3) ioctl$BINDER_GET_NODE_INFO_FOR_REF(0xffffffffffffffff, 0xc018620c, &(0x7f0000000180)={0x2}) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) dup(r4) open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, &(0x7f0000000100)={{0x7f, 0x3, 0x7, 0xa59e}, 'syz0\x00', 0x37}) 10:21:50 executing program 0: r0 = timerfd_create(0x0, 0x0) readv(r0, &(0x7f0000000080), 0x0) timerfd_settime(r0, 0x0, &(0x7f00000000c0)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x387b1d0849878266, 0x8031, 0xffffffffffffffff, 0x0) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pkey_mprotect(&(0x7f00002d5000/0x1000)=nil, 0x1000, 0x0, 0xffffffffffffffff) pkey_free(0xffffffffffffffff) 10:21:50 executing program 2: bpf$BPF_GET_BTF_INFO(0xf, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$kcm(0x11, 0xa, 0x300) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000800)) socket$kcm(0x2, 0x1000000000000002, 0x0) socket$kcm(0x29, 0x2, 0x0) socket$kcm(0x10, 0x2, 0x4) socket$kcm(0x11, 0x200000000000002, 0x300) socket$kcm(0x29, 0x5, 0x0) recvmsg(0xffffffffffffffff, 0x0, 0x2001) ioctl$TUNSETTXFILTER(0xffffffffffffffff, 0x400454d1, &(0x7f0000000000)) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/syz0\x00', 0x200002, 0x0) openat$cgroup_procs(r0, &(0x7f0000000280)='cgroup.threads\x00', 0x2, 0x0) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000004ec0)={0xffffffffffffffff, 0x0, 0x0}, 0x10) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cgroup.stat\x00', 0x26e1, 0x0) r2 = socket$kcm(0x2, 0x2, 0x0) setsockopt$sock_attach_bpf(r2, 0x1, 0x3e, &(0x7f00000002c0)=r1, 0x161) sendmsg$kcm(r2, &(0x7f0000003d00)={&(0x7f0000000380)=@in={0x2, 0x4e23, @multicast1}, 0x80, 0x0}, 0xfd00) write$cgroup_subtree(r2, &(0x7f0000000280)={[{0x0, 'memory'}]}, 0xfdef) 10:21:50 executing program 5: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$kcm(0x11, 0xa, 0x300) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000800)) socket$kcm(0x2, 0x1000000000000002, 0x0) socket$kcm(0x29, 0x2, 0x0) socket$kcm(0x10, 0x2, 0x4) socket$kcm(0x11, 0x200000000000002, 0x300) sendmsg$inet(0xffffffffffffffff, 0x0, 0x0) socket$kcm(0x29, 0x5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700) ioctl$TUNSETTXFILTER(r0, 0x400454d1, &(0x7f0000000000)) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/syz0\x00', 0x200002, 0x0) openat$cgroup_procs(r1, &(0x7f0000000280)='cgroup.threads\x00', 0x2, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cgroup.stat\x00', 0x26e1, 0x0) r3 = socket$kcm(0x2, 0x2, 0x0) setsockopt$sock_attach_bpf(r3, 0x1, 0x3e, &(0x7f00000002c0)=r2, 0x161) sendmsg$kcm(r3, &(0x7f0000003d00)={&(0x7f0000000380)=@in={0x2, 0x4e23, @multicast1}, 0x80, 0x0}, 0xfd00) write$cgroup_subtree(r3, &(0x7f0000000280)={[{0x0, 'memory'}]}, 0xfdef) 10:21:50 executing program 4: r0 = timerfd_create(0x0, 0x0) readv(0xffffffffffffffff, &(0x7f0000000080)=[{&(0x7f0000000200)=""/4096, 0x1000}], 0x1) timerfd_settime(r0, 0x0, &(0x7f00000000c0)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x387b1d0849878266, 0x8031, 0xffffffffffffffff, 0x0) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pkey_mprotect(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 10:21:51 executing program 5: gettid() r0 = gettid() perf_event_open(&(0x7f00000002c0)={0x0, 0x70, 0x1, 0x8, 0x0, 0x0, 0x0, 0x2, 0x1000, 0x3, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0xe, @perf_config_ext={0xd4, 0x81}, 0x0, 0x70000, 0x0, 0x0, 0x5a14, 0x3}, r0, 0x5, 0xffffffffffffffff, 0x2) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1fe, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x2}}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x0) recvmsg$kcm(0xffffffffffffffff, 0x0, 0x0) r1 = socket$kcm(0xa, 0x2, 0x11) sendmsg$kcm(r1, &(0x7f0000000480)={&(0x7f0000000080)=@in6={0xa, 0x4e20, 0x0, @mcast2={0xff, 0x2, [0xe803, 0x0, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x10]}}, 0x80, 0x0}, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r2, 0xc0185879, &(0x7f0000000080)) socket$kcm(0x10, 0x2, 0x0) socket$kcm(0x10, 0x2, 0x10) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='cgroup.controllers\x00', 0x2761, 0x0) ioctl$TUNDETACHFILTER(r3, 0x401054d6, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000400)={0x0, 0xffffffffffffffff, 0x0, 0xd, &(0x7f00000003c0)='cgroupcgroup\x00'}, 0x30) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000340)='memory.events\x00', 0x7a05, 0x1700) ioctl$PERF_EVENT_IOC_PERIOD(r5, 0x40086602, 0x0) ioctl$TUNDETACHFILTER(0xffffffffffffffff, 0x401054d6, 0x0) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000340)='memory.events\x00', 0x7a05, 0x1700) ioctl$PERF_EVENT_IOC_PERIOD(r6, 0x40086602, 0x0) r7 = gettid() write$cgroup_pid(r4, 0x0, 0x0) write$cgroup_pid(0xffffffffffffffff, &(0x7f0000000280)=r7, 0x12) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xe) r8 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='cgroup.controllers\x00', 0x2761, 0x0) ioctl$TUNDETACHFILTER(r8, 0x401054d6, 0x0) openat$cgroup_ro(r8, &(0x7f0000000100)='cpu.stat\x00', 0x0, 0x0) [ 494.661656][T13375] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 494.703593][T13375] CPU: 1 PID: 13375 Comm: syz-executor.1 Not tainted 5.5.0-rc1-syzkaller #0 [ 494.712330][T13375] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 494.718326][T13380] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 494.722442][T13375] Call Trace: [ 494.722473][T13375] dump_stack+0x11d/0x181 [ 494.722507][T13375] dump_header+0xaa/0x39c 10:21:51 executing program 2: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000100)="1400000052008102a00f80854a36b8ab959916fb", 0x14}], 0x1}, 0x0) recvmsg$kcm(r0, &(0x7f0000000540)={0x0, 0xff9a, 0x0, 0x0, 0x0, 0xfffffffffffffff0}, 0x0) recvmsg(r0, &(0x7f00000006c0)={0x0, 0x0, 0x0}, 0x0) [ 494.722565][T13375] oom_kill_process.cold+0x10/0x15 [ 494.757906][T13375] out_of_memory+0x231/0xa60 [ 494.762661][T13375] ? __rcu_read_unlock+0x66/0x3d0 [ 494.767705][T13375] mem_cgroup_out_of_memory+0x128/0x150 [ 494.773278][T13375] try_charge+0xb6c/0xbf0 [ 494.777632][T13375] ? rcu_note_context_switch+0x720/0x760 [ 494.783281][T13375] mem_cgroup_try_charge+0xd2/0x260 [ 494.788670][T13375] mem_cgroup_try_charge_delay+0x3a/0x80 [ 494.794330][T13375] __handle_mm_fault+0x197f/0x2e00 [ 494.799543][T13375] handle_mm_fault+0x21b/0x530 [ 494.804336][T13375] __get_user_pages+0x485/0x1130 [ 494.809306][T13375] populate_vma_page_range+0xe6/0x100 [ 494.814712][T13375] __mm_populate+0x168/0x2a0 [ 494.819585][T13375] __x64_sys_mlockall+0x2e3/0x320 [ 494.824671][T13375] do_syscall_64+0xcc/0x3a0 [ 494.829252][T13375] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 494.835150][T13375] RIP: 0033:0x45b349 [ 494.839121][T13375] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 494.858738][T13375] RSP: 002b:00007f8c5b479c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 494.867326][T13375] RAX: ffffffffffffffda RBX: 00007f8c5b47a6d4 RCX: 000000000045b349 [ 494.875481][T13375] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 494.883632][T13375] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 494.891668][T13375] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff 10:21:51 executing program 3: pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_elf32(r1, 0x0, 0x0) r3 = socket$inet(0x2, 0x3, 0x83) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$inet_int(r3, 0x0, 0x3, &(0x7f0000000140)=0x7ff, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x41, &(0x7f0000000000)=0x440, 0x4) splice(r0, 0x0, r2, 0x0, 0x10005, 0x0) [ 494.899655][T13375] R13: 0000000000000711 R14: 00000000004c8888 R15: 000000000075bf2c 10:21:51 executing program 0: r0 = timerfd_create(0x0, 0x0) readv(r0, &(0x7f0000000080), 0x0) timerfd_settime(r0, 0x0, &(0x7f00000000c0)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x387b1d0849878266, 0x8031, 0xffffffffffffffff, 0x0) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pkey_mprotect(&(0x7f00002d5000/0x1000)=nil, 0x1000, 0x0, 0xffffffffffffffff) pkey_free(0xffffffffffffffff) 10:21:51 executing program 2: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000012000)={0x10, 0x4, 0x4, 0x8}, 0x2c) bpf$BPF_MAP_FREEZE(0x16, &(0x7f0000000000)=r0, 0x4) 10:21:51 executing program 4: r0 = timerfd_create(0x0, 0x0) readv(r0, 0x0, 0x0) timerfd_settime(r0, 0x0, &(0x7f00000000c0)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x387b1d0849878266, 0x8031, 0xffffffffffffffff, 0x0) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pkey_mprotect(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) [ 495.062487][T13375] memory: usage 307200kB, limit 307200kB, failcnt 4998 [ 495.069638][T13375] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 495.122485][T13375] Memory cgroup stats for /syz1: [ 495.122699][T13375] anon 305500160 [ 495.122699][T13375] file 0 [ 495.122699][T13375] kernel_stack 368640 [ 495.122699][T13375] slab 4313088 [ 495.122699][T13375] sock 0 [ 495.122699][T13375] shmem 0 [ 495.122699][T13375] file_mapped 0 [ 495.122699][T13375] file_dirty 0 [ 495.122699][T13375] file_writeback 0 [ 495.122699][T13375] anon_thp 251658240 [ 495.122699][T13375] inactive_anon 195604480 [ 495.122699][T13375] active_anon 13426688 [ 495.122699][T13375] inactive_file 0 10:21:51 executing program 5: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f00000000c0)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000fefff67a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001000000b7050000370000006a0a00fe002000008500000027000000b7000000200000009500000000000000"], &(0x7f0000000340)='GPL\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000400)={r0, 0x0, 0x10, 0x0, &(0x7f0000000140)="a673f3ce05f1a282eeab0500000800f08102e63238f9cf8c0ccade00556e97d003cc298613f230d6841f3099e19fd903b2ffa5106c71ac91c7457b2d7f4157f069737d63ab32be2a651d7cee2970a9df488cae6702031c92a8b4b6376f9972f3848c104d413745d4c57253b2d61d64787c4de49fc5", 0x0, 0x3ff, 0x0, 0x0, 0xffffffffffffffbc, &(0x7f0000000040)="15396af9a72e96da8129ed1653da4c7f58430968e943c7415c1135cc832d158cfe31f78128c0f6ced392de7b250aa16a0837c05297e7c9d3db2466761815aeb216c263f7010b0d4de72c5f199f0be260a48e8c37d2ea3a52026012d3"}, 0x28) [ 495.122699][T13375] active_file 0 [ 495.122699][T13375] unevictable 96616448 [ 495.122699][T13375] slab_reclaimable 811008 [ 495.122699][T13375] slab_unreclaimable 3502080 [ 495.122699][T13375] pgfault 171996 [ 495.122699][T13375] pgmajfault 0 [ 495.122699][T13375] workingset_refault 33 [ 495.122699][T13375] workingset_activate 0 [ 495.122699][T13375] workingset_nodereclaim 0 [ 495.122699][T13375] pgrefill 265 [ 495.122699][T13375] pgscan 330 [ 495.122699][T13375] pgsteal 66 [ 495.291308][T13375] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=13357,uid=0 [ 495.331942][T13375] Memory cgroup out of memory: Killed process 13357 (syz-executor.1) total-vm:72716kB, anon-rss:18328kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:151552kB oom_score_adj:1000 [ 495.396791][ T1066] oom_reaper: reaped process 13357 (syz-executor.1), now anon-rss:0kB, file-rss:34688kB, shmem-rss:0kB [ 496.137481][T13408] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 496.148112][T13408] CPU: 0 PID: 13408 Comm: syz-executor.1 Not tainted 5.5.0-rc1-syzkaller #0 [ 496.157574][T13408] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 496.167948][T13408] Call Trace: [ 496.171303][T13408] dump_stack+0x11d/0x181 [ 496.175695][T13408] dump_header+0xaa/0x39c [ 496.180017][T13408] oom_kill_process.cold+0x10/0x15 [ 496.185129][T13408] out_of_memory+0x231/0xa60 [ 496.189764][T13408] ? mem_cgroup_out_of_memory+0x85/0x150 [ 496.195383][T13408] ? mutex_lock_killable+0x25/0x60 [ 496.200483][T13408] mem_cgroup_out_of_memory+0x128/0x150 [ 496.206078][T13408] try_charge+0xb6c/0xbf0 [ 496.210508][T13408] ? rcu_note_context_switch+0x720/0x760 [ 496.216147][T13408] mem_cgroup_try_charge+0xd2/0x260 [ 496.221382][T13408] mem_cgroup_try_charge_delay+0x3a/0x80 [ 496.226994][T13408] wp_page_copy+0x322/0x1040 [ 496.231623][T13408] ? __read_once_size+0x41/0xe0 [ 496.236660][T13408] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 496.242549][T13408] do_wp_page+0x192/0xeb0 [ 496.246927][T13408] __handle_mm_fault+0x1d16/0x2e00 [ 496.252063][T13408] handle_mm_fault+0x21b/0x530 [ 496.256824][T13408] __get_user_pages+0x485/0x1130 [ 496.261866][T13408] populate_vma_page_range+0xe6/0x100 [ 496.267306][T13408] __mm_populate+0x168/0x2a0 [ 496.271922][T13408] __x64_sys_mlockall+0x2e3/0x320 [ 496.277091][T13408] do_syscall_64+0xcc/0x3a0 [ 496.281889][T13408] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 496.287819][T13408] RIP: 0033:0x45b349 [ 496.291758][T13408] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 496.311536][T13408] RSP: 002b:00007f8c5b458c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 496.319942][T13408] RAX: ffffffffffffffda RBX: 00007f8c5b4596d4 RCX: 000000000045b349 [ 496.328058][T13408] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 496.336030][T13408] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 496.343993][T13408] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 496.352091][T13408] R13: 0000000000000711 R14: 00000000004c8888 R15: 000000000075bfd4 [ 496.362889][T13408] memory: usage 307068kB, limit 307200kB, failcnt 5015 [ 496.369835][T13408] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 496.376840][T13408] Memory cgroup stats for /syz1: [ 496.377657][T13408] anon 305549312 [ 496.377657][T13408] file 0 [ 496.377657][T13408] kernel_stack 405504 [ 496.377657][T13408] slab 4313088 [ 496.377657][T13408] sock 0 [ 496.377657][T13408] shmem 0 [ 496.377657][T13408] file_mapped 0 [ 496.377657][T13408] file_dirty 0 [ 496.377657][T13408] file_writeback 0 [ 496.377657][T13408] anon_thp 251658240 [ 496.377657][T13408] inactive_anon 181202944 [ 496.377657][T13408] active_anon 13426688 [ 496.377657][T13408] inactive_file 0 [ 496.377657][T13408] active_file 0 [ 496.377657][T13408] unevictable 111046656 [ 496.377657][T13408] slab_reclaimable 811008 [ 496.377657][T13408] slab_unreclaimable 3502080 [ 496.377657][T13408] pgfault 173283 [ 496.377657][T13408] pgmajfault 0 [ 496.377657][T13408] workingset_refault 33 [ 496.377657][T13408] workingset_activate 0 [ 496.377657][T13408] workingset_nodereclaim 0 [ 496.377657][T13408] pgrefill 265 [ 496.377657][T13408] pgscan 330 [ 496.377657][T13408] pgsteal 66 [ 496.472091][T13408] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=13372,uid=0 [ 496.488209][T13408] Memory cgroup out of memory: Killed process 13372 (syz-executor.1) total-vm:72716kB, anon-rss:18248kB, file-rss:54368kB, shmem-rss:0kB, UID:0 pgtables:192512kB oom_score_adj:1000 [ 496.508520][ T1066] oom_reaper: reaped process 13372 (syz-executor.1), now anon-rss:18332kB, file-rss:54364kB, shmem-rss:0kB 10:21:53 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) sched_setattr(0x0, 0x0, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000200)='/dev/snapshot\x00', 0x288000, 0x0) syz_open_dev$audion(0x0, 0x9, 0x200840) dup(r1) ioctl$RTC_VL_READ(r1, 0x80047013, &(0x7f00000000c0)) exit(0x7) write$binfmt_script(0xffffffffffffffff, &(0x7f00000003c0)={'#! ', './file0', [{0x20, '/dev/kvm\x00'}, {}, {}, {0x20, 'proc'}], 0xa, "df7c00e09c916729334fbe57a726284a85ae23e7eb165a0922b020a14afa53fc919ed5b5820a609af38acfc21c2cacee2f808e60eafcd3ec51fdb7f62ca135bbf86f9c1bbf9c23db4038c329b0e8d63563439cf1b94606299a6c503abe926decd68a7e671c7dfcc4125e9888fbc8ce452b52"}, 0x8e) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) r2 = syz_open_dev$amidi(&(0x7f0000000280)='/dev/amidi#\x00', 0xaf, 0x428240) ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(r2, 0xc080661a, &(0x7f00000002c0)={{0x2, 0x0, @identifier="8cff7fc81ac6de7927c1c322084eaabd"}}) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) r3 = syz_open_procfs(0x0, &(0x7f0000000180)='net/softnet_stat\x00') close(r3) ioctl$BINDER_GET_NODE_INFO_FOR_REF(0xffffffffffffffff, 0xc018620c, &(0x7f0000000180)={0x2}) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) dup(r4) open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, &(0x7f0000000100)={{0x7f, 0x3, 0x7, 0xa59e}, 'syz0\x00', 0x37}) 10:21:53 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x14, 0x19, 0xffffffffffffffff, 0x0, 0x0, {0xd}}, 0x14}}, 0x0) 10:21:53 executing program 5: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f00000000c0)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000fefff67a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001000000b7050000370000006a0a00fe002000008500000027000000b7000000200000009500000000000000"], &(0x7f0000000340)='GPL\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000400)={r0, 0x0, 0x10, 0x0, &(0x7f0000000140)="a673f3ce05f1a282eeab0500000800f08102e63238f9cf8c0ccade00556e97d003cc298613f230d6841f3099e19fd903b2ffa5106c71ac91c7457b2d7f4157f069737d63ab32be2a651d7cee2970a9df488cae6702031c92a8b4b6376f9972f3848c104d413745d4c57253b2d61d64787c4de49fc5", 0x0, 0x3ff, 0x0, 0x0, 0xffffffffffffffbc, &(0x7f0000000040)="15396af9a72e96da8129ed1653da4c7f58430968e943c7415c1135cc832d158cfe31f78128c0f6ced392de7b250aa16a0837c05297e7c9d3db2466761815aeb216c263f7010b0d4de72c5f199f0be260a48e8c37d2ea3a52026012d3"}, 0x28) 10:21:53 executing program 3: pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_elf32(r1, 0x0, 0x0) r3 = socket$inet(0x2, 0x3, 0x83) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$inet_int(r3, 0x0, 0x3, &(0x7f0000000140)=0x7ff, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x41, &(0x7f0000000000)=0x440, 0x4) splice(r0, 0x0, r2, 0x0, 0x10005, 0x0) 10:21:53 executing program 4: r0 = timerfd_create(0x0, 0x0) readv(r0, 0x0, 0x0) timerfd_settime(r0, 0x0, &(0x7f00000000c0)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x387b1d0849878266, 0x8031, 0xffffffffffffffff, 0x0) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pkey_mprotect(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 10:21:53 executing program 0: r0 = timerfd_create(0x0, 0x0) readv(r0, &(0x7f0000000080)=[{0x0}], 0x1) timerfd_settime(r0, 0x0, &(0x7f00000000c0)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x387b1d0849878266, 0x8031, 0xffffffffffffffff, 0x0) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pkey_mprotect(&(0x7f00002d5000/0x1000)=nil, 0x1000, 0x0, 0xffffffffffffffff) pkey_free(0xffffffffffffffff) 10:21:53 executing program 2: perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) r0 = getpid() write$P9_RAUTH(0xffffffffffffffff, 0x0, 0x0) tkill(r0, 0x9) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r2, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4) setsockopt$packet_tx_ring(r2, 0x107, 0x5, &(0x7f0000000000)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) dup3(r1, r2, 0x0) 10:21:53 executing program 5: openat$hwrng(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/hwrng\x00', 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf64(r0, &(0x7f0000000640)=ANY=[@ANYBLOB="88bf259659a927b1928b9ba4ede63a447592f257922018418901fa42fddd618eb6a1a4d98f1d7f6801da69f924999c01625a77006543cfc56c83e1e8f5460d62abd8ae69496a0fe7c3000000000000a835c967b9fc7735aeaad6717c226fe345493d11fef924ec36080001000000000000e35876adf33b088694a803cf484a8c1daead95121cc813690b0576eadfcfb9460f486ac5bc0e61c693afb10e05ded9f5ca08409cb928e42d9d7b1e8876fd772151ac883c909eabda032fe8876bbea07246fcd3d3f84f47ee27cdfd220487fa755507"], 0xd3) writev(r0, 0x0, 0x0) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000140)=ANY=[], 0xfef0) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) writev(r1, &(0x7f0000000200), 0x0) write$binfmt_elf64(r1, &(0x7f0000000640)=ANY=[@ANYBLOB="88bf259659a927b1928b9ba4ede63a447592f257922018418901fa42fddd618eb6a1a4d98f1d7f6801da69f924999c01625a77006543cfc56c83e1e8f5460d62abd8ae69496a0fe7c3000000000000a835c967b9fc7735aeaad6717c226fe345493d11fef924ec36080001000000000000e35876adf33b088694a803cf484a8c1daead95121cc813690b0576eadfcfb9460f486ac5bc0e61c693afb10e05ded9f5ca08409cb928e42d9d7b1e8876fd772151ac883c909eabda032fe8876bbea07246fcd3d3f84f47ee27cdfd220487fa755507e98cc878f140d629d22c311164ca18fbea7d30d4d271db587ed379d476ed45a5ad54f8917a4337a5ff4dbb7e9221e993232288521a80ef1940f1b35d905cffb29770f18f82154faed3cd4c458223c38f32083a5536c952f8f659057737205aa6fdb514029e4f313432b4f4f99e7f381ba41cd8e186be4bac00ae0963d2013b022dd8f8d85b12552ffadef9f8b6452840540739e00ec9841754223a5c9b0dadbc8b9b3e454b23fc43a07c4a46bf82c463bb873a08447c5fe1ae7dd90729739fc7af6551"], 0x196) writev(r1, 0x0, 0x0) write$binfmt_misc(r1, 0x0, 0x0) openat$cgroup_type(r1, &(0x7f0000000340)='cgroup.type\x00', 0x2, 0x0) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, &(0x7f0000000280)={0x8, 0x42, 0x0, 0x1ff, 0x80}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000)={0x0}, &(0x7f0000000040)=0xc) r3 = syz_open_dev$vcsn(&(0x7f0000000080)='/dev/vcs#\x00', 0x5, 0x200000) unshare(0x2040400) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) open(&(0x7f0000000040)='.\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x1, @perf_bp={0x0}, 0x0, 0x0, 0x4, 0x4, 0x0, 0x0, 0xffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000003c0)='./cgroup/syz0\x00', 0x200002, 0x0) fchdir(r5) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f00000004c0)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) dup(r4) ioctl$TIOCSISO7816(0xffffffffffffffff, 0xc0285443, &(0x7f0000000200)={0xffff, 0x200, 0xf28f, 0x4}) umount2(&(0x7f0000000540)='./file0\x00', 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000240)) renameat2(0xffffffffffffffff, &(0x7f0000000000)='./file1\x00', 0xffffffffffffffff, &(0x7f0000000100)='./file0\x00', 0x0) bpf$BPF_MAP_GET_NEXT_ID(0xc, &(0x7f00000000c0)={0x7ff, 0x7f}, 0xc) kcmp(r2, 0x0, 0x0, r3, 0xffffffffffffffff) syz_open_procfs(0x0, &(0x7f0000000140)='net/rt_acct\x00') [ 497.019129][T13431] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 497.049522][T13431] CPU: 1 PID: 13431 Comm: syz-executor.1 Not tainted 5.5.0-rc1-syzkaller #0 [ 497.058239][T13431] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 497.068413][T13431] Call Trace: [ 497.071715][T13431] dump_stack+0x11d/0x181 [ 497.076066][T13431] dump_header+0xaa/0x39c [ 497.080410][T13431] oom_kill_process.cold+0x10/0x15 [ 497.085777][T13431] out_of_memory+0x231/0xa60 [ 497.090435][T13431] ? __rcu_read_unlock+0x66/0x3d0 [ 497.095613][T13431] mem_cgroup_out_of_memory+0x128/0x150 [ 497.101300][T13431] try_charge+0xb6c/0xbf0 [ 497.105650][T13431] ? rcu_note_context_switch+0x720/0x760 [ 497.111409][T13431] mem_cgroup_try_charge+0xd2/0x260 [ 497.116637][T13431] mem_cgroup_try_charge_delay+0x3a/0x80 [ 497.122337][T13431] __handle_mm_fault+0x197f/0x2e00 [ 497.127627][T13431] handle_mm_fault+0x21b/0x530 [ 497.132416][T13431] __get_user_pages+0x485/0x1130 [ 497.137381][T13431] populate_vma_page_range+0xe6/0x100 [ 497.142787][T13431] __mm_populate+0x168/0x2a0 [ 497.148799][T13431] __x64_sys_mlockall+0x2e3/0x320 [ 497.153912][T13431] do_syscall_64+0xcc/0x3a0 [ 497.158550][T13431] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 497.164452][T13431] RIP: 0033:0x45b349 [ 497.168448][T13431] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 497.188058][T13431] RSP: 002b:00007f8c5b458c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 497.196495][T13431] RAX: ffffffffffffffda RBX: 00007f8c5b4596d4 RCX: 000000000045b349 [ 497.204474][T13431] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 10:21:53 executing program 2: r0 = epoll_create(0xb8f5) close(r0) socketpair$unix(0x1, 0x2, 0x0, 0x0) setsockopt$inet_tcp_buf(r0, 0x6, 0x0, 0x0, 0x0) 10:21:53 executing program 4: r0 = timerfd_create(0x0, 0x0) readv(r0, 0x0, 0x0) timerfd_settime(r0, 0x0, &(0x7f00000000c0)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x387b1d0849878266, 0x8031, 0xffffffffffffffff, 0x0) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pkey_mprotect(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) [ 497.212476][T13431] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 497.220458][T13431] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 497.228443][T13431] R13: 0000000000000711 R14: 00000000004c8888 R15: 000000000075bfd4 [ 497.278141][T13431] memory: usage 307200kB, limit 307200kB, failcnt 5045 [ 497.288379][T13431] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 497.296218][T13431] Memory cgroup stats for /syz1: [ 497.296407][T13431] anon 305614848 [ 497.296407][T13431] file 0 [ 497.296407][T13431] kernel_stack 405504 [ 497.296407][T13431] slab 4313088 [ 497.296407][T13431] sock 0 [ 497.296407][T13431] shmem 0 [ 497.296407][T13431] file_mapped 0 [ 497.296407][T13431] file_dirty 0 [ 497.296407][T13431] file_writeback 0 [ 497.296407][T13431] anon_thp 251658240 [ 497.296407][T13431] inactive_anon 189194240 [ 497.296407][T13431] active_anon 13369344 [ 497.296407][T13431] inactive_file 0 [ 497.296407][T13431] active_file 0 [ 497.296407][T13431] unevictable 103071744 [ 497.296407][T13431] slab_reclaimable 811008 [ 497.296407][T13431] slab_unreclaimable 3502080 [ 497.296407][T13431] pgfault 173976 [ 497.296407][T13431] pgmajfault 0 [ 497.296407][T13431] workingset_refault 33 [ 497.296407][T13431] workingset_activate 0 10:21:53 executing program 2: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = socket$nl_route(0x10, 0x3, 0x0) dup2(r1, r0) sendmsg$NLBL_UNLABEL_C_STATICREMOVEDEF(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)}, 0x0) [ 497.296407][T13431] workingset_nodereclaim 0 [ 497.296407][T13431] pgrefill 265 [ 497.296407][T13431] pgscan 330 [ 497.296407][T13431] pgsteal 66 [ 497.392654][T13431] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=13409,uid=0 10:21:54 executing program 2: syz_mount_image$tmpfs(&(0x7f00000002c0)='tmpfs\x00', &(0x7f0000000480)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)={[{@mpol={'mpol', 0x3d, {'default', '=relative'}}}]}) [ 497.709473][T13463] tmpfs: Bad value for 'mpol' [ 497.752465][T13431] Memory cgroup out of memory: Killed process 13409 (syz-executor.1) total-vm:72716kB, anon-rss:18332kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:151552kB oom_score_adj:1000 [ 497.801707][T13463] tmpfs: Bad value for 'mpol' [ 497.833359][ T1066] oom_reaper: reaped process 13409 (syz-executor.1), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 10:21:54 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) sched_setattr(0x0, 0x0, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000200)='/dev/snapshot\x00', 0x288000, 0x0) syz_open_dev$audion(&(0x7f0000000240)='/dev/audio#\x00', 0x0, 0x200840) dup(r1) ioctl$RTC_VL_READ(r1, 0x80047013, &(0x7f00000000c0)) exit(0x7) write$binfmt_script(0xffffffffffffffff, &(0x7f00000003c0)={'#! ', './file0', [{0x20, '/dev/kvm\x00'}, {}, {}, {0x20, 'proc'}], 0xa, "df7c00e09c916729334fbe57a726284a85ae23e7eb165a0922b020a14afa53fc919ed5b5820a609af38acfc21c2cacee2f808e60eafcd3ec51fdb7f62ca135bbf86f9c1bbf9c23db4038c329b0e8d63563439cf1b94606299a6c503abe926decd68a7e671c7dfcc4125e9888fbc8ce452b52"}, 0x8e) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) r2 = syz_open_dev$amidi(&(0x7f0000000280)='/dev/amidi#\x00', 0xaf, 0x428240) ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(r2, 0xc080661a, &(0x7f00000002c0)={{0x2, 0x0, @identifier="8cff7fc81ac6de7927c1c322084eaabd"}}) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) r3 = syz_open_procfs(0x0, &(0x7f0000000180)='net/softnet_stat\x00') close(r3) ioctl$BINDER_GET_NODE_INFO_FOR_REF(0xffffffffffffffff, 0xc018620c, &(0x7f0000000180)={0x2}) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) dup(r4) open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, &(0x7f0000000100)={{0x7f, 0x3, 0x7, 0xa59e}, 'syz0\x00', 0x37}) 10:21:54 executing program 3: pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_elf32(r1, 0x0, 0x0) r3 = socket$inet(0x2, 0x3, 0x83) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$inet_int(r3, 0x0, 0x3, &(0x7f0000000140)=0x7ff, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x41, &(0x7f0000000000)=0x440, 0x4) splice(r0, 0x0, r2, 0x0, 0x10005, 0x0) 10:21:54 executing program 5: openat$hwrng(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/hwrng\x00', 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf64(r0, &(0x7f0000000640)=ANY=[@ANYBLOB="88bf259659a927b1928b9ba4ede63a447592f257922018418901fa42fddd618eb6a1a4d98f1d7f6801da69f924999c01625a77006543cfc56c83e1e8f5460d62abd8ae69496a0fe7c3000000000000a835c967b9fc7735aeaad6717c226fe345493d11fef924ec36080001000000000000e35876adf33b088694a803cf484a8c1daead95121cc813690b0576eadfcfb9460f486ac5bc0e61c693afb10e05ded9f5ca08409cb928e42d9d7b1e8876fd772151ac883c909eabda032fe8876bbea07246fcd3d3f84f47ee27cdfd220487fa755507"], 0xd3) writev(r0, 0x0, 0x0) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000140)=ANY=[], 0xfef0) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) writev(r1, &(0x7f0000000200), 0x0) write$binfmt_elf64(r1, &(0x7f0000000640)=ANY=[@ANYBLOB="88bf259659a927b1928b9ba4ede63a447592f257922018418901fa42fddd618eb6a1a4d98f1d7f6801da69f924999c01625a77006543cfc56c83e1e8f5460d62abd8ae69496a0fe7c3000000000000a835c967b9fc7735aeaad6717c226fe345493d11fef924ec36080001000000000000e35876adf33b088694a803cf484a8c1daead95121cc813690b0576eadfcfb9460f486ac5bc0e61c693afb10e05ded9f5ca08409cb928e42d9d7b1e8876fd772151ac883c909eabda032fe8876bbea07246fcd3d3f84f47ee27cdfd220487fa755507e98cc878f140d629d22c311164ca18fbea7d30d4d271db587ed379d476ed45a5ad54f8917a4337a5ff4dbb7e9221e993232288521a80ef1940f1b35d905cffb29770f18f82154faed3cd4c458223c38f32083a5536c952f8f659057737205aa6fdb514029e4f313432b4f4f99e7f381ba41cd8e186be4bac00ae0963d2013b022dd8f8d85b12552ffadef9f8b6452840540739e00ec9841754223a5c9b0dadbc8b9b3e454b23fc43a07c4a46bf82c463bb873a08447c5fe1ae7dd90729739fc7af6551"], 0x196) writev(r1, 0x0, 0x0) write$binfmt_misc(r1, 0x0, 0x0) openat$cgroup_type(r1, &(0x7f0000000340)='cgroup.type\x00', 0x2, 0x0) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, &(0x7f0000000280)={0x8, 0x42, 0x0, 0x1ff, 0x80}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000)={0x0}, &(0x7f0000000040)=0xc) r3 = syz_open_dev$vcsn(&(0x7f0000000080)='/dev/vcs#\x00', 0x5, 0x200000) unshare(0x2040400) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) open(&(0x7f0000000040)='.\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x1, @perf_bp={0x0}, 0x0, 0x0, 0x4, 0x4, 0x0, 0x0, 0xffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000003c0)='./cgroup/syz0\x00', 0x200002, 0x0) fchdir(r5) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f00000004c0)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) dup(r4) ioctl$TIOCSISO7816(0xffffffffffffffff, 0xc0285443, &(0x7f0000000200)={0xffff, 0x200, 0xf28f, 0x4}) umount2(&(0x7f0000000540)='./file0\x00', 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000240)) renameat2(0xffffffffffffffff, &(0x7f0000000000)='./file1\x00', 0xffffffffffffffff, &(0x7f0000000100)='./file0\x00', 0x0) bpf$BPF_MAP_GET_NEXT_ID(0xc, &(0x7f00000000c0)={0x7ff, 0x7f}, 0xc) kcmp(r2, 0x0, 0x0, r3, 0xffffffffffffffff) syz_open_procfs(0x0, &(0x7f0000000140)='net/rt_acct\x00') 10:21:54 executing program 0: r0 = timerfd_create(0x0, 0x0) readv(r0, &(0x7f0000000080)=[{0x0}], 0x1) timerfd_settime(r0, 0x0, &(0x7f00000000c0)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x387b1d0849878266, 0x8031, 0xffffffffffffffff, 0x0) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pkey_mprotect(&(0x7f00002d5000/0x1000)=nil, 0x1000, 0x0, 0xffffffffffffffff) pkey_free(0xffffffffffffffff) 10:21:54 executing program 2: openat$hwrng(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/hwrng\x00', 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) writev(r0, &(0x7f0000000200)=[{&(0x7f00000000c0)="5800000014", 0x5}], 0x1) write$binfmt_elf64(r0, &(0x7f0000000640)=ANY=[@ANYBLOB="88bf259659a927b1928b9ba4ede63a447592f257922018418901fa42fddd618eb6a1a4d98f1d7f6801da69f924999c01625a77006543cfc56c83e1e8f5460d62abd8ae69496a0fe7c3000000000000a835c967b9fc7735aeaad6717c226fe345493d11fef924ec36080001000000000000e35876adf33b088694a803cf484a8c1daead95121cc813690b0576eadfcfb9460f486ac5bc0e61c693afb10e05ded9f5ca08409cb928e42d9d7b1e8876fd772151ac883c909eabda032fe8876bbea07246fcd3d3f84f47ee27cdfd220487fa755507"], 0xd3) writev(r0, 0x0, 0x0) write$binfmt_misc(r0, &(0x7f0000000140)=ANY=[], 0xfef0) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) writev(r1, &(0x7f0000000200)=[{0x0}], 0x1) write$binfmt_elf64(r1, &(0x7f0000000640)=ANY=[@ANYBLOB="88bf259659a927b1928b9ba4ede63a447592f257922018418901fa42fddd618eb6a1a4d98f1d7f6801da69f924999c01625a77006543cfc56c83e1e8f5460d62abd8ae69496a0fe7c3000000000000a835c967b9fc7735aeaad6717c226fe345493d11fef924ec36080001000000000000e35876adf33b088694a803cf484a8c1daead95121cc813690b0576eadfcfb9460f486ac5bc0e61c693afb10e05ded9f5ca08409cb928e42d9d7b1e8876fd772151ac883c909eabda032fe8876bbea07246fcd3d3f84f47ee27cdfd220487fa755507e98cc878f140d629d22c311164ca18fbea7d30d4d271db587ed379d476ed45a5ad54f8917a4337a5ff4dbb7e9221e993232288521a80ef1940f1b35d905cffb29770f18f82154faed3cd4c458223c38f32083a5536c952f8f659057737205aa6fdb514029e4f313432b4f4f99e7f381ba41cd8e186be4bac00ae0963d2013b022dd8f8d85b12552ffadef9f8b6452840540739e00ec98417"], 0x16b) writev(r1, &(0x7f0000000600)=[{&(0x7f0000000380)="f98ac693ce6908", 0x7}], 0x1) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0xfef0) r2 = openat$cgroup_type(r1, &(0x7f0000000340)='cgroup.type\x00', 0x2, 0x0) ioctl$FS_IOC_FSSETXATTR(r2, 0x401c5820, &(0x7f0000000280)={0x8, 0x42, 0x0, 0x1ff, 0x80}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000)={0x0}, &(0x7f0000000040)=0xc) r4 = syz_open_dev$vcsn(&(0x7f0000000080)='/dev/vcs#\x00', 0x5, 0x200000) unshare(0x2040400) open(&(0x7f0000000040)='.\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x4, 0x4, 0x0, 0x0, 0xffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000003c0)='./cgroup/syz0\x00', 0x200002, 0x0) fchdir(r6) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f00000004c0)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) dup(r5) ioctl$TIOCSISO7816(0xffffffffffffffff, 0xc0285443, &(0x7f0000000200)={0xffff, 0x200, 0xf28f, 0x4}) umount2(&(0x7f0000000540)='./file0\x00', 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) pipe(0x0) renameat2(0xffffffffffffffff, &(0x7f0000000000)='./file1\x00', 0xffffffffffffffff, &(0x7f0000000100)='./file0\x00', 0x0) bpf$BPF_MAP_GET_NEXT_ID(0xc, &(0x7f00000000c0)={0x7ff, 0x7f}, 0xc) kcmp(r3, 0x0, 0x0, r4, 0xffffffffffffffff) syz_open_procfs(0x0, &(0x7f0000000140)='net/rt_acct\x00') 10:21:54 executing program 4: r0 = timerfd_create(0x0, 0x0) readv(r0, &(0x7f0000000080), 0x0) timerfd_settime(r0, 0x0, &(0x7f00000000c0)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x387b1d0849878266, 0x8031, 0xffffffffffffffff, 0x0) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pkey_mprotect(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) [ 498.813665][T13491] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 498.828788][T13491] CPU: 1 PID: 13491 Comm: syz-executor.1 Not tainted 5.5.0-rc1-syzkaller #0 [ 498.837483][T13491] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 498.847552][T13491] Call Trace: [ 498.850944][T13491] dump_stack+0x11d/0x181 [ 498.855305][T13491] dump_header+0xaa/0x39c [ 498.859656][T13491] oom_kill_process.cold+0x10/0x15 [ 498.864853][T13491] out_of_memory+0x231/0xa60 [ 498.869467][T13491] ? __rcu_read_unlock+0x66/0x3d0 [ 498.874595][T13491] mem_cgroup_out_of_memory+0x128/0x150 [ 498.880166][T13491] try_charge+0xb6c/0xbf0 [ 498.884602][T13491] ? rcu_note_context_switch+0x720/0x760 [ 498.890265][T13491] mem_cgroup_try_charge+0xd2/0x260 [ 498.895568][T13491] mem_cgroup_try_charge_delay+0x3a/0x80 [ 498.901207][T13491] __handle_mm_fault+0x197f/0x2e00 [ 498.906334][T13491] handle_mm_fault+0x21b/0x530 [ 498.911140][T13491] __get_user_pages+0x485/0x1130 [ 498.916102][T13491] populate_vma_page_range+0xe6/0x100 [ 498.921500][T13491] __mm_populate+0x168/0x2a0 [ 498.926159][T13491] __x64_sys_mlockall+0x2e3/0x320 [ 498.931772][T13491] do_syscall_64+0xcc/0x3a0 [ 498.936296][T13491] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 498.942222][T13491] RIP: 0033:0x45b349 [ 498.946265][T13491] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 498.965991][T13491] RSP: 002b:00007f8c5b479c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 498.974404][T13491] RAX: ffffffffffffffda RBX: 00007f8c5b47a6d4 RCX: 000000000045b349 [ 498.982492][T13491] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 498.990478][T13491] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 498.998554][T13491] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 499.006546][T13491] R13: 0000000000000711 R14: 00000000004c8888 R15: 000000000075bf2c 10:21:55 executing program 5: openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) writev(r0, &(0x7f0000000200)=[{&(0x7f00000000c0)="580000001400ad", 0x7}], 0x1) write$binfmt_elf64(r0, &(0x7f0000000640)=ANY=[@ANYBLOB="88bf259659a927b1928b9ba4ede63a447592f257922018418901fa42fddd618eb6a1a4d98f1d7f6801da69f924999c01625a77006543cfc56c83e1e8f5460d62abd8ae69496a0fe7c3000000000000a835c967b9fc7735aeaad6717c226fe345493d11fef924ec36080001000000000000e35876adf33b088694a803cf484a8c1daead95121cc813690b0576eadfcfb9460f"], 0x92) writev(r0, 0x0, 0x0) write$binfmt_misc(r0, &(0x7f0000000140)=ANY=[], 0xfef0) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) writev(r1, 0x0, 0x0) write$binfmt_elf64(r1, &(0x7f0000000640)=ANY=[@ANYBLOB="88bf259659a927b1928b9ba4ede63a447592f257922018418901fa42fddd618eb6a1a4d98f1d7f6801da69f924999c01625a77006543cfc56c83e1e8f5460d62abd8ae69496a0fe7c3000000000000a835c967b9fc7735aeaad6717c226fe345493d11fef924ec36080001000000000000e35876adf33b088694a803cf484a8c1daead95121cc813690b0576eadfcfb9460f486ac5bc0e61c693afb10e05ded9f5ca08409cb928e42d9d7b1e8876fd772151ac883c909eabda032fe8876bbea07246fcd3d3f84f47ee27cdfd220487fa755507e98cc878f140d629d22c311164ca18fbea7d30d4d271db587ed379d476ed45a5ad54f8917a4337a5ff4dbb7e9221e993232288521a80ef1940f1b35d905cffb29770f18f82154faed3cd4c458223c38f32083a5536c952f8f659057737205aa6fdb514029e4f313432b4f4f99e7f381ba41cd8e186be4bac00ae0963d2013b022dd8f8d85b12552ffadef9f8b6452840540739e00ec9841754223a5c9b0dadbc8b9b3e454b23fc43a07c4a46bf82c463bb873a08447c5fe1ae7dd90729739fc7af655162485e6598e8aa7cf7fa2e5d4a742847ef419dba999066f7997e061b93da3c6bdd7e1e545906d4e163bd21973cefa59fa793376179c48e708d62116b0270cf9f9f7b87e6959998ecabadd8"], 0x1e1) writev(r1, 0x0, 0x0) write$binfmt_misc(r1, 0x0, 0x0) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000)={0x0}, &(0x7f0000000040)=0xc) r3 = syz_open_dev$vcsn(&(0x7f0000000080)='/dev/vcs#\x00', 0x5, 0x200000) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) open(&(0x7f0000000040)='.\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x1, @perf_bp={0x0}, 0x0, 0x0, 0x4, 0x4, 0x0, 0x0, 0xffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000003c0)='./cgroup/syz0\x00', 0x200002, 0x0) fchdir(r5) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f00000004c0)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) dup(r4) ioctl$TIOCSISO7816(0xffffffffffffffff, 0xc0285443, &(0x7f0000000200)={0xffff, 0x200, 0xf28f, 0x4}) umount2(&(0x7f0000000540)='./file0\x00', 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000240)) renameat2(0xffffffffffffffff, &(0x7f0000000000)='./file1\x00', 0xffffffffffffffff, &(0x7f0000000100)='./file0\x00', 0x0) bpf$BPF_MAP_GET_NEXT_ID(0xc, &(0x7f00000000c0)={0x7ff, 0x7f}, 0xc) kcmp(r2, 0x0, 0x0, r3, 0xffffffffffffffff) [ 499.106902][T13491] memory: usage 307200kB, limit 307200kB, failcnt 5088 [ 499.117742][T13491] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 499.128007][T13491] Memory cgroup stats for /syz1: [ 499.128189][T13491] anon 305635328 [ 499.128189][T13491] file 0 [ 499.128189][T13491] kernel_stack 368640 [ 499.128189][T13491] slab 4313088 [ 499.128189][T13491] sock 0 [ 499.128189][T13491] shmem 0 [ 499.128189][T13491] file_mapped 0 [ 499.128189][T13491] file_dirty 0 [ 499.128189][T13491] file_writeback 0 [ 499.128189][T13491] anon_thp 251658240 [ 499.128189][T13491] inactive_anon 189190144 [ 499.128189][T13491] active_anon 13426688 [ 499.128189][T13491] inactive_file 0 [ 499.128189][T13491] active_file 0 [ 499.128189][T13491] unevictable 103047168 [ 499.128189][T13491] slab_reclaimable 811008 [ 499.128189][T13491] slab_unreclaimable 3502080 [ 499.128189][T13491] pgfault 175890 [ 499.128189][T13491] pgmajfault 0 [ 499.128189][T13491] workingset_refault 33 [ 499.128189][T13491] workingset_activate 0 [ 499.128189][T13491] workingset_nodereclaim 0 [ 499.128189][T13491] pgrefill 298 [ 499.128189][T13491] pgscan 330 [ 499.128189][T13491] pgsteal 66 [ 499.231486][T13491] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=13477,uid=0 [ 499.247411][T13491] Memory cgroup out of memory: Killed process 13477 (syz-executor.1) total-vm:72716kB, anon-rss:18328kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:151552kB oom_score_adj:1000 [ 499.271497][ T1066] oom_reaper: reaped process 13477 (syz-executor.1), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 10:21:55 executing program 3: pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_elf32(r1, &(0x7f0000000400)=ANY=[], 0x0) r3 = socket$inet(0x2, 0x3, 0x83) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$inet_int(r3, 0x0, 0x3, &(0x7f0000000140)=0x7ff, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x41, &(0x7f0000000000)=0x440, 0x4) splice(r0, 0x0, r2, 0x0, 0x10005, 0x0) 10:21:56 executing program 0: r0 = timerfd_create(0x0, 0x0) readv(r0, &(0x7f0000000080)=[{0x0}], 0x1) timerfd_settime(r0, 0x0, &(0x7f00000000c0)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x387b1d0849878266, 0x8031, 0xffffffffffffffff, 0x0) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pkey_mprotect(&(0x7f00002d5000/0x1000)=nil, 0x1000, 0x0, 0xffffffffffffffff) pkey_free(0xffffffffffffffff) 10:21:56 executing program 2: openat$hwrng(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/hwrng\x00', 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) writev(r0, &(0x7f0000000200)=[{&(0x7f00000000c0)="5800000014", 0x5}], 0x1) write$binfmt_elf64(r0, &(0x7f0000000640)=ANY=[@ANYBLOB="88bf259659a927b1928b9ba4ede63a447592f257922018418901fa42fddd618eb6a1a4d98f1d7f6801da69f924999c01625a77006543cfc56c83e1e8f5460d62abd8ae69496a0fe7c3000000000000a835c967b9fc7735aeaad6717c226fe345493d11fef924ec36080001000000000000e35876adf33b088694a803cf484a8c1daead95121cc813690b0576eadfcfb9460f486ac5bc0e61c693afb10e05ded9f5ca08409cb928e42d9d7b1e8876fd772151ac883c909eabda032fe8876bbea07246fcd3d3f84f47ee27cdfd220487fa755507"], 0xd3) writev(r0, 0x0, 0x0) write$binfmt_misc(r0, &(0x7f0000000140)=ANY=[], 0xfef0) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) writev(r1, &(0x7f0000000200)=[{0x0}], 0x1) write$binfmt_elf64(r1, &(0x7f0000000640)=ANY=[@ANYBLOB="88bf259659a927b1928b9ba4ede63a447592f257922018418901fa42fddd618eb6a1a4d98f1d7f6801da69f924999c01625a77006543cfc56c83e1e8f5460d62abd8ae69496a0fe7c3000000000000a835c967b9fc7735aeaad6717c226fe345493d11fef924ec36080001000000000000e35876adf33b088694a803cf484a8c1daead95121cc813690b0576eadfcfb9460f486ac5bc0e61c693afb10e05ded9f5ca08409cb928e42d9d7b1e8876fd772151ac883c909eabda032fe8876bbea07246fcd3d3f84f47ee27cdfd220487fa755507e98cc878f140d629d22c311164ca18fbea7d30d4d271db587ed379d476ed45a5ad54f8917a4337a5ff4dbb7e9221e993232288521a80ef1940f1b35d905cffb29770f18f82154faed3cd4c458223c38f32083a5536c952f8f659057737205aa6fdb514029e4f313432b4f4f99e7f381ba41cd8e186be4bac00ae0963d2013b022dd8f8d85b12552ffadef9f8b6452840540739e00ec98417"], 0x16b) writev(r1, &(0x7f0000000600)=[{&(0x7f0000000380)="f98ac693ce6908", 0x7}], 0x1) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0xfef0) r2 = openat$cgroup_type(r1, &(0x7f0000000340)='cgroup.type\x00', 0x2, 0x0) ioctl$FS_IOC_FSSETXATTR(r2, 0x401c5820, &(0x7f0000000280)={0x8, 0x42, 0x0, 0x1ff, 0x80}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000)={0x0}, &(0x7f0000000040)=0xc) r4 = syz_open_dev$vcsn(&(0x7f0000000080)='/dev/vcs#\x00', 0x5, 0x200000) unshare(0x2040400) open(&(0x7f0000000040)='.\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x4, 0x4, 0x0, 0x0, 0xffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000003c0)='./cgroup/syz0\x00', 0x200002, 0x0) fchdir(r6) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f00000004c0)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) dup(r5) ioctl$TIOCSISO7816(0xffffffffffffffff, 0xc0285443, &(0x7f0000000200)={0xffff, 0x200, 0xf28f, 0x4}) umount2(&(0x7f0000000540)='./file0\x00', 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) pipe(0x0) renameat2(0xffffffffffffffff, &(0x7f0000000000)='./file1\x00', 0xffffffffffffffff, &(0x7f0000000100)='./file0\x00', 0x0) bpf$BPF_MAP_GET_NEXT_ID(0xc, &(0x7f00000000c0)={0x7ff, 0x7f}, 0xc) kcmp(r3, 0x0, 0x0, r4, 0xffffffffffffffff) syz_open_procfs(0x0, &(0x7f0000000140)='net/rt_acct\x00') 10:21:56 executing program 4: r0 = timerfd_create(0x0, 0x0) readv(r0, &(0x7f0000000080), 0x0) timerfd_settime(r0, 0x0, &(0x7f00000000c0)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x387b1d0849878266, 0x8031, 0xffffffffffffffff, 0x0) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pkey_mprotect(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 10:21:56 executing program 5: syz_open_pts(0xffffffffffffffff, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000080)={0x0, 0x0, 0x3, 0x8001}) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x10001}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$IPSET_CMD_TYPE(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40}, 0x0) ioctl$FIONREAD(0xffffffffffffffff, 0x80045432, &(0x7f0000000180)) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000200)=0x7fff, 0x4) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000003500), 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000000)=ANY=[], 0x0) socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x4000000000000, 0x40, &(0x7f0000000780)=ANY=[@ANYBLOB], 0x1) write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) r1 = openat$md(0xffffffffffffff9c, &(0x7f0000000080)='/dev/md0\x00', 0x0, 0x0) ioctl$BLKPG(r1, 0x40140921, &(0x7f0000001200)={0x47, 0x0, 0x0, 0x0}) [ 499.989780][T13541] md: could not open unknown-block(0,0). [ 500.009004][T13541] md: md_import_device returned -6 [ 500.468237][T13537] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 500.493696][T13537] CPU: 1 PID: 13537 Comm: syz-executor.1 Not tainted 5.5.0-rc1-syzkaller #0 [ 500.502480][T13537] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 500.512656][T13537] Call Trace: [ 500.515965][T13537] dump_stack+0x11d/0x181 [ 500.520566][T13537] dump_header+0xaa/0x39c [ 500.524904][T13537] oom_kill_process.cold+0x10/0x15 [ 500.530032][T13537] out_of_memory+0x231/0xa60 [ 500.534742][T13537] ? __rcu_read_unlock+0x66/0x3d0 [ 500.539871][T13537] mem_cgroup_out_of_memory+0x128/0x150 [ 500.545444][T13537] try_charge+0xb6c/0xbf0 [ 500.549806][T13537] mem_cgroup_try_charge+0xd2/0x260 [ 500.555134][T13537] mem_cgroup_try_charge_delay+0x3a/0x80 [ 500.560816][T13537] wp_page_copy+0x322/0x1040 [ 500.565425][T13537] ? __read_once_size+0x41/0xe0 [ 500.570282][T13537] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 500.576259][T13537] do_wp_page+0x192/0xeb0 [ 500.580657][T13537] ? __handle_mm_fault+0xbd5/0x2e00 [ 500.585865][T13537] __handle_mm_fault+0x1d16/0x2e00 [ 500.591005][T13537] handle_mm_fault+0x21b/0x530 [ 500.595788][T13537] __get_user_pages+0x485/0x1130 [ 500.600774][T13537] populate_vma_page_range+0xe6/0x100 [ 500.606165][T13537] __mm_populate+0x168/0x2a0 [ 500.610772][T13537] __x64_sys_mlockall+0x2e3/0x320 [ 500.615917][T13537] do_syscall_64+0xcc/0x3a0 [ 500.620427][T13537] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 500.626321][T13537] RIP: 0033:0x45b349 [ 500.630250][T13537] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 500.649991][T13537] RSP: 002b:00007f8c5b458c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 500.658417][T13537] RAX: ffffffffffffffda RBX: 00007f8c5b4596d4 RCX: 000000000045b349 [ 500.666453][T13537] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 500.674431][T13537] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 500.682497][T13537] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 500.691007][T13537] R13: 0000000000000711 R14: 00000000004c8888 R15: 000000000075bfd4 [ 500.797664][T13537] memory: usage 307200kB, limit 307200kB, failcnt 5104 [ 500.804794][T13537] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 500.811713][T13537] Memory cgroup stats for /syz1: [ 500.814173][T13537] anon 305582080 [ 500.814173][T13537] file 0 [ 500.814173][T13537] kernel_stack 368640 [ 500.814173][T13537] slab 4313088 [ 500.814173][T13537] sock 0 [ 500.814173][T13537] shmem 0 [ 500.814173][T13537] file_mapped 0 [ 500.814173][T13537] file_dirty 0 [ 500.814173][T13537] file_writeback 0 [ 500.814173][T13537] anon_thp 251658240 [ 500.814173][T13537] inactive_anon 181063680 [ 500.814173][T13537] active_anon 13426688 [ 500.814173][T13537] inactive_file 0 [ 500.814173][T13537] active_file 0 [ 500.814173][T13537] unevictable 110915584 [ 500.814173][T13537] slab_reclaimable 811008 [ 500.814173][T13537] slab_unreclaimable 3502080 [ 500.814173][T13537] pgfault 177144 [ 500.814173][T13537] pgmajfault 0 [ 500.814173][T13537] workingset_refault 33 [ 500.814173][T13537] workingset_activate 0 [ 500.814173][T13537] workingset_nodereclaim 0 [ 500.814173][T13537] pgrefill 298 [ 500.814173][T13537] pgscan 330 [ 500.814173][T13537] pgsteal 66 [ 500.909495][T13537] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=13490,uid=0 [ 500.927070][T13537] Memory cgroup out of memory: Killed process 13490 (syz-executor.1) total-vm:72716kB, anon-rss:18248kB, file-rss:54368kB, shmem-rss:0kB, UID:0 pgtables:192512kB oom_score_adj:1000 [ 500.947351][ T1066] oom_reaper: reaped process 13490 (syz-executor.1), now anon-rss:18332kB, file-rss:54364kB, shmem-rss:0kB 10:21:57 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) sched_setattr(0x0, 0x0, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000200)='/dev/snapshot\x00', 0x288000, 0x0) syz_open_dev$audion(&(0x7f0000000240)='/dev/audio#\x00', 0x0, 0x200840) dup(r1) ioctl$RTC_VL_READ(r1, 0x80047013, &(0x7f00000000c0)) exit(0x7) write$binfmt_script(0xffffffffffffffff, &(0x7f00000003c0)={'#! ', './file0', [{0x20, '/dev/kvm\x00'}, {}, {}, {0x20, 'proc'}], 0xa, "df7c00e09c916729334fbe57a726284a85ae23e7eb165a0922b020a14afa53fc919ed5b5820a609af38acfc21c2cacee2f808e60eafcd3ec51fdb7f62ca135bbf86f9c1bbf9c23db4038c329b0e8d63563439cf1b94606299a6c503abe926decd68a7e671c7dfcc4125e9888fbc8ce452b52"}, 0x8e) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) r2 = syz_open_dev$amidi(&(0x7f0000000280)='/dev/amidi#\x00', 0xaf, 0x428240) ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(r2, 0xc080661a, &(0x7f00000002c0)={{0x2, 0x0, @identifier="8cff7fc81ac6de7927c1c322084eaabd"}}) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) r3 = syz_open_procfs(0x0, &(0x7f0000000180)='net/softnet_stat\x00') close(r3) ioctl$BINDER_GET_NODE_INFO_FOR_REF(0xffffffffffffffff, 0xc018620c, &(0x7f0000000180)={0x2}) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) dup(r4) open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, &(0x7f0000000100)={{0x7f, 0x3, 0x7, 0xa59e}, 'syz0\x00', 0x37}) 10:21:57 executing program 5: syz_open_pts(0xffffffffffffffff, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000080)={0x0, 0x0, 0x3, 0x8001}) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x10001}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$IPSET_CMD_TYPE(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40}, 0x0) ioctl$FIONREAD(0xffffffffffffffff, 0x80045432, &(0x7f0000000180)) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000200)=0x7fff, 0x4) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000003500), 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000000)=ANY=[], 0x0) socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x4000000000000, 0x40, &(0x7f0000000780)=ANY=[@ANYBLOB], 0x1) write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) r1 = openat$md(0xffffffffffffff9c, &(0x7f0000000080)='/dev/md0\x00', 0x0, 0x0) ioctl$BLKPG(r1, 0x40140921, &(0x7f0000001200)={0x47, 0x0, 0x0, 0x0}) 10:21:57 executing program 4: r0 = timerfd_create(0x0, 0x0) readv(r0, &(0x7f0000000080), 0x0) timerfd_settime(r0, 0x0, &(0x7f00000000c0)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x387b1d0849878266, 0x8031, 0xffffffffffffffff, 0x0) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pkey_mprotect(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 10:21:57 executing program 3: pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_elf32(r1, &(0x7f0000000400)=ANY=[], 0x0) r3 = socket$inet(0x2, 0x3, 0x83) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$inet_int(r3, 0x0, 0x3, &(0x7f0000000140)=0x7ff, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x41, &(0x7f0000000000)=0x440, 0x4) splice(r0, 0x0, r2, 0x0, 0x10005, 0x0) 10:21:57 executing program 0: r0 = timerfd_create(0x0, 0x0) readv(r0, &(0x7f0000000080)=[{&(0x7f0000000200)=""/4096, 0x1000}], 0x1) timerfd_settime(0xffffffffffffffff, 0x0, &(0x7f00000000c0)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x387b1d0849878266, 0x8031, 0xffffffffffffffff, 0x0) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pkey_mprotect(&(0x7f00002d5000/0x1000)=nil, 0x1000, 0x0, 0xffffffffffffffff) pkey_free(0xffffffffffffffff) 10:21:57 executing program 2: openat$hwrng(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/hwrng\x00', 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) writev(r0, &(0x7f0000000200)=[{&(0x7f00000000c0)="5800000014", 0x5}], 0x1) write$binfmt_elf64(r0, &(0x7f0000000640)=ANY=[@ANYBLOB="88bf259659a927b1928b9ba4ede63a447592f257922018418901fa42fddd618eb6a1a4d98f1d7f6801da69f924999c01625a77006543cfc56c83e1e8f5460d62abd8ae69496a0fe7c3000000000000a835c967b9fc7735aeaad6717c226fe345493d11fef924ec36080001000000000000e35876adf33b088694a803cf484a8c1daead95121cc813690b0576eadfcfb9460f486ac5bc0e61c693afb10e05ded9f5ca08409cb928e42d9d7b1e8876fd772151ac883c909eabda032fe8876bbea07246fcd3d3f84f47ee27cdfd220487fa755507"], 0xd3) writev(r0, 0x0, 0x0) write$binfmt_misc(r0, &(0x7f0000000140)=ANY=[], 0xfef0) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) writev(r1, &(0x7f0000000200)=[{0x0}], 0x1) write$binfmt_elf64(r1, &(0x7f0000000640)=ANY=[@ANYBLOB="88bf259659a927b1928b9ba4ede63a447592f257922018418901fa42fddd618eb6a1a4d98f1d7f6801da69f924999c01625a77006543cfc56c83e1e8f5460d62abd8ae69496a0fe7c3000000000000a835c967b9fc7735aeaad6717c226fe345493d11fef924ec36080001000000000000e35876adf33b088694a803cf484a8c1daead95121cc813690b0576eadfcfb9460f486ac5bc0e61c693afb10e05ded9f5ca08409cb928e42d9d7b1e8876fd772151ac883c909eabda032fe8876bbea07246fcd3d3f84f47ee27cdfd220487fa755507e98cc878f140d629d22c311164ca18fbea7d30d4d271db587ed379d476ed45a5ad54f8917a4337a5ff4dbb7e9221e993232288521a80ef1940f1b35d905cffb29770f18f82154faed3cd4c458223c38f32083a5536c952f8f659057737205aa6fdb514029e4f313432b4f4f99e7f381ba41cd8e186be4bac00ae0963d2013b022dd8f8d85b12552ffadef9f8b6452840540739e00ec98417"], 0x16b) writev(r1, &(0x7f0000000600)=[{&(0x7f0000000380)="f98ac693ce6908", 0x7}], 0x1) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0xfef0) r2 = openat$cgroup_type(r1, &(0x7f0000000340)='cgroup.type\x00', 0x2, 0x0) ioctl$FS_IOC_FSSETXATTR(r2, 0x401c5820, &(0x7f0000000280)={0x8, 0x42, 0x0, 0x1ff, 0x80}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000)={0x0}, &(0x7f0000000040)=0xc) r4 = syz_open_dev$vcsn(&(0x7f0000000080)='/dev/vcs#\x00', 0x5, 0x200000) unshare(0x2040400) open(&(0x7f0000000040)='.\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x4, 0x4, 0x0, 0x0, 0xffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000003c0)='./cgroup/syz0\x00', 0x200002, 0x0) fchdir(r6) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f00000004c0)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) dup(r5) ioctl$TIOCSISO7816(0xffffffffffffffff, 0xc0285443, &(0x7f0000000200)={0xffff, 0x200, 0xf28f, 0x4}) umount2(&(0x7f0000000540)='./file0\x00', 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) pipe(0x0) renameat2(0xffffffffffffffff, &(0x7f0000000000)='./file1\x00', 0xffffffffffffffff, &(0x7f0000000100)='./file0\x00', 0x0) bpf$BPF_MAP_GET_NEXT_ID(0xc, &(0x7f00000000c0)={0x7ff, 0x7f}, 0xc) kcmp(r3, 0x0, 0x0, r4, 0xffffffffffffffff) syz_open_procfs(0x0, &(0x7f0000000140)='net/rt_acct\x00') 10:21:58 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) writev(r0, &(0x7f0000000000)=[{&(0x7f00000002c0)="390000001300034700bb65e1c3e4ffff06000003040000005c0000002500000019000a000400000007fd17e5ffff0606040000000000000000", 0x39}], 0x1) [ 501.649866][T13568] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 501.665252][T13568] CPU: 1 PID: 13568 Comm: syz-executor.1 Not tainted 5.5.0-rc1-syzkaller #0 [ 501.673964][T13568] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 501.684125][T13568] Call Trace: [ 501.687429][T13568] dump_stack+0x11d/0x181 [ 501.691796][T13568] dump_header+0xaa/0x39c [ 501.696150][T13568] oom_kill_process.cold+0x10/0x15 [ 501.701329][T13568] out_of_memory+0x231/0xa60 [ 501.706053][T13568] ? __rcu_read_unlock+0x66/0x3d0 [ 501.711107][T13568] mem_cgroup_out_of_memory+0x128/0x150 [ 501.716667][T13568] try_charge+0xb6c/0xbf0 [ 501.721015][T13568] ? rcu_note_context_switch+0x720/0x760 [ 501.726685][T13568] mem_cgroup_try_charge+0xd2/0x260 [ 501.731950][T13568] mem_cgroup_try_charge_delay+0x3a/0x80 [ 501.737621][T13568] __handle_mm_fault+0x197f/0x2e00 [ 501.742825][T13568] handle_mm_fault+0x21b/0x530 [ 501.747621][T13568] __get_user_pages+0x485/0x1130 [ 501.752586][T13568] populate_vma_page_range+0xe6/0x100 [ 501.757976][T13568] __mm_populate+0x168/0x2a0 [ 501.758749][T13576] netlink: 'syz-executor.5': attribute type 10 has an invalid length. [ 501.762582][T13568] __x64_sys_mlockall+0x2e3/0x320 [ 501.762606][T13568] do_syscall_64+0xcc/0x3a0 [ 501.762641][T13568] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 501.762654][T13568] RIP: 0033:0x45b349 [ 501.762826][T13568] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 501.810082][T13568] RSP: 002b:00007f8c5b479c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 501.818661][T13568] RAX: ffffffffffffffda RBX: 00007f8c5b47a6d4 RCX: 000000000045b349 [ 501.826663][T13568] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 501.834653][T13568] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 501.842737][T13568] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 501.850790][T13568] R13: 0000000000000711 R14: 00000000004c8888 R15: 000000000075bf2c [ 501.871616][T13568] memory: usage 307200kB, limit 307200kB, failcnt 5137 [ 501.905898][T13568] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 10:21:58 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c0000001900ffff00000000000000000500000008000300041f0000"], 0x1c}}, 0x0) [ 502.102475][T13568] Memory cgroup stats for /syz1: [ 502.102911][T13568] anon 305668096 [ 502.102911][T13568] file 0 [ 502.102911][T13568] kernel_stack 368640 [ 502.102911][T13568] slab 4177920 [ 502.102911][T13568] sock 0 [ 502.102911][T13568] shmem 0 [ 502.102911][T13568] file_mapped 0 [ 502.102911][T13568] file_dirty 0 [ 502.102911][T13568] file_writeback 0 [ 502.102911][T13568] anon_thp 251658240 [ 502.102911][T13568] inactive_anon 189157376 [ 502.102911][T13568] active_anon 13422592 [ 502.102911][T13568] inactive_file 0 [ 502.102911][T13568] active_file 0 [ 502.102911][T13568] unevictable 102936576 [ 502.102911][T13568] slab_reclaimable 811008 [ 502.102911][T13568] slab_unreclaimable 3366912 [ 502.102911][T13568] pgfault 177837 [ 502.102911][T13568] pgmajfault 0 [ 502.102911][T13568] workingset_refault 33 [ 502.102911][T13568] workingset_activate 0 [ 502.102911][T13568] workingset_nodereclaim 0 [ 502.102911][T13568] pgrefill 298 [ 502.102911][T13568] pgscan 330 [ 502.102911][T13568] pgsteal 66 10:21:58 executing program 5: ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000080)={0x0, 0x0, 0x3}) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$IPSET_CMD_TYPE(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40}, 0x0) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x4000000000000, 0x40, &(0x7f0000000000)=ANY=[], 0x0) r0 = openat$md(0xffffffffffffff9c, &(0x7f0000000080)='/dev/md0\x00', 0x0, 0x0) ioctl$BLKPG(r0, 0x4004092b, &(0x7f0000001200)={0x0, 0x0, 0x0, 0x0}) [ 502.210466][T13568] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=13539,uid=0 [ 502.227852][T13568] Memory cgroup out of memory: Killed process 13539 (syz-executor.1) total-vm:72716kB, anon-rss:18332kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:151552kB oom_score_adj:1000 10:21:58 executing program 3: pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_elf32(r1, &(0x7f0000000400)=ANY=[], 0x0) r3 = socket$inet(0x2, 0x3, 0x83) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$inet_int(r3, 0x0, 0x3, &(0x7f0000000140)=0x7ff, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x41, &(0x7f0000000000)=0x440, 0x4) splice(r0, 0x0, r2, 0x0, 0x10005, 0x0) 10:21:58 executing program 2: openat$hwrng(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/hwrng\x00', 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) writev(r0, &(0x7f0000000200)=[{&(0x7f00000000c0)="5800000014", 0x5}], 0x1) write$binfmt_elf64(r0, &(0x7f0000000640)=ANY=[@ANYBLOB="88bf259659a927b1928b9ba4ede63a447592f257922018418901fa42fddd618eb6a1a4d98f1d7f6801da69f924999c01625a77006543cfc56c83e1e8f5460d62abd8ae69496a0fe7c3000000000000a835c967b9fc7735aeaad6717c226fe345493d11fef924ec36080001000000000000e35876adf33b088694a803cf484a8c1daead95121cc813690b0576eadfcfb9460f486ac5bc0e61c693afb10e05ded9f5ca08409cb928e42d9d7b1e8876fd772151ac883c909eabda032fe8876bbea07246fcd3d3f84f47ee27cdfd220487fa755507"], 0xd3) writev(r0, 0x0, 0x0) write$binfmt_misc(r0, &(0x7f0000000140)=ANY=[], 0xfef0) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) writev(r1, &(0x7f0000000200)=[{0x0}], 0x1) write$binfmt_elf64(r1, &(0x7f0000000640)=ANY=[@ANYBLOB="88bf259659a927b1928b9ba4ede63a447592f257922018418901fa42fddd618eb6a1a4d98f1d7f6801da69f924999c01625a77006543cfc56c83e1e8f5460d62abd8ae69496a0fe7c3000000000000a835c967b9fc7735aeaad6717c226fe345493d11fef924ec36080001000000000000e35876adf33b088694a803cf484a8c1daead95121cc813690b0576eadfcfb9460f486ac5bc0e61c693afb10e05ded9f5ca08409cb928e42d9d7b1e8876fd772151ac883c909eabda032fe8876bbea07246fcd3d3f84f47ee27cdfd220487fa755507e98cc878f140d629d22c311164ca18fbea7d30d4d271db587ed379d476ed45a5ad54f8917a4337a5ff4dbb7e9221e993232288521a80ef1940f1b35d905cffb29770f18f82154faed3cd4c458223c38f32083a5536c952f8f659057737205aa6fdb514029e4f313432b4f4f99e7f381ba41cd8e186be4bac00ae0963d2013b022dd8f8d85b12552ffadef9f8b6452840540739e00ec98417"], 0x16b) writev(r1, &(0x7f0000000600)=[{&(0x7f0000000380)="f98ac693ce6908", 0x7}], 0x1) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0xfef0) r2 = openat$cgroup_type(r1, &(0x7f0000000340)='cgroup.type\x00', 0x2, 0x0) ioctl$FS_IOC_FSSETXATTR(r2, 0x401c5820, &(0x7f0000000280)={0x8, 0x42, 0x0, 0x1ff, 0x80}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000)={0x0}, &(0x7f0000000040)=0xc) r4 = syz_open_dev$vcsn(&(0x7f0000000080)='/dev/vcs#\x00', 0x5, 0x200000) unshare(0x2040400) open(&(0x7f0000000040)='.\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x4, 0x4, 0x0, 0x0, 0xffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000003c0)='./cgroup/syz0\x00', 0x200002, 0x0) fchdir(r6) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f00000004c0)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) dup(r5) ioctl$TIOCSISO7816(0xffffffffffffffff, 0xc0285443, &(0x7f0000000200)={0xffff, 0x200, 0xf28f, 0x4}) umount2(&(0x7f0000000540)='./file0\x00', 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) pipe(0x0) renameat2(0xffffffffffffffff, &(0x7f0000000000)='./file1\x00', 0xffffffffffffffff, &(0x7f0000000100)='./file0\x00', 0x0) bpf$BPF_MAP_GET_NEXT_ID(0xc, &(0x7f00000000c0)={0x7ff, 0x7f}, 0xc) kcmp(r3, 0x0, 0x0, r4, 0xffffffffffffffff) syz_open_procfs(0x0, &(0x7f0000000140)='net/rt_acct\x00') 10:21:58 executing program 5: r0 = openat$md(0xffffffffffffff9c, &(0x7f0000000080)='/dev/md0\x00', 0x0, 0x0) open(0x0, 0x0, 0x0) writev(0xffffffffffffffff, 0x0, 0x0) memfd_create(&(0x7f00000000c0)='\xe62\xfb\xb2\xb8 .\xa2\x91\xe0\xa5\xb6\xe8\t@D\x82\x84gn\xd3v \xe0*\x1b\xb1\x13\x91\xcf\xa1\xb6\xb45\xa97\xd0\x17(\a$?\x00\x00\x00\x00\x00\x00\x01\x00ft\xc5Bmt\xb3\x04\x85?\xb06I\x8d\xce\xe8\xb1\x03]\xde\x1b\xdb\xda\x8fQA\x81h\xdd\xe51\xf4\xec\x86?p\x1c\xdb\xddp\x99P\x01\x00\x01\x00\xb0i\xca\xae\x05\xc7\x00'/112, 0x0) ioctl$BLKPG(r0, 0x407412ec, &(0x7f00000000c0)={0x0, 0x0, 0x33, 0x0}) [ 503.035476][T13609] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 503.045871][T13609] CPU: 1 PID: 13609 Comm: syz-executor.1 Not tainted 5.5.0-rc1-syzkaller #0 [ 503.054601][T13609] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 503.064671][T13609] Call Trace: [ 503.068438][T13609] dump_stack+0x11d/0x181 [ 503.072775][T13609] dump_header+0xaa/0x39c [ 503.077257][T13609] oom_kill_process.cold+0x10/0x15 [ 503.082370][T13609] out_of_memory+0x231/0xa60 [ 503.087003][T13609] ? __rcu_read_unlock+0x66/0x3d0 [ 503.092042][T13609] mem_cgroup_out_of_memory+0x128/0x150 [ 503.097704][T13609] try_charge+0xb6c/0xbf0 [ 503.102134][T13609] ? rcu_note_context_switch+0x720/0x760 [ 503.107846][T13609] mem_cgroup_try_charge+0xd2/0x260 [ 503.113291][T13609] mem_cgroup_try_charge_delay+0x3a/0x80 [ 503.118921][T13609] wp_page_copy+0x322/0x1040 [ 503.123543][T13609] ? __read_once_size+0x41/0xe0 [ 503.128489][T13609] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 503.134428][T13609] do_wp_page+0x192/0xeb0 [ 503.138861][T13609] ? pagevec_lru_move_fn+0x16b/0x180 [ 503.144211][T13609] __handle_mm_fault+0x1d16/0x2e00 [ 503.149339][T13609] handle_mm_fault+0x21b/0x530 [ 503.154094][T13609] __get_user_pages+0x485/0x1130 [ 503.159169][T13609] populate_vma_page_range+0xe6/0x100 [ 503.164536][T13609] __mm_populate+0x168/0x2a0 [ 503.169161][T13609] __x64_sys_mlockall+0x2e3/0x320 [ 503.174188][T13609] do_syscall_64+0xcc/0x3a0 [ 503.178695][T13609] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 503.184740][T13609] RIP: 0033:0x45b349 [ 503.188705][T13609] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 503.208495][T13609] RSP: 002b:00007f8c5b458c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 503.217182][T13609] RAX: ffffffffffffffda RBX: 00007f8c5b4596d4 RCX: 000000000045b349 [ 503.225254][T13609] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 503.233300][T13609] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 503.241293][T13609] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 503.249283][T13609] R13: 0000000000000711 R14: 00000000004c8888 R15: 000000000075bfd4 [ 503.260651][T13609] memory: usage 307200kB, limit 307200kB, failcnt 5173 [ 503.270942][T13609] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 503.278388][T13609] Memory cgroup stats for /syz1: [ 503.279770][T13609] anon 305680384 [ 503.279770][T13609] file 0 [ 503.279770][T13609] kernel_stack 331776 [ 503.279770][T13609] slab 4177920 [ 503.279770][T13609] sock 0 [ 503.279770][T13609] shmem 0 [ 503.279770][T13609] file_mapped 0 [ 503.279770][T13609] file_dirty 0 [ 503.279770][T13609] file_writeback 0 [ 503.279770][T13609] anon_thp 251658240 [ 503.279770][T13609] inactive_anon 181235712 [ 503.279770][T13609] active_anon 13422592 [ 503.279770][T13609] inactive_file 0 [ 503.279770][T13609] active_file 0 [ 503.279770][T13609] unevictable 110972928 [ 503.279770][T13609] slab_reclaimable 811008 [ 503.279770][T13609] slab_unreclaimable 3366912 [ 503.279770][T13609] pgfault 179124 [ 503.279770][T13609] pgmajfault 0 [ 503.279770][T13609] workingset_refault 33 [ 503.279770][T13609] workingset_activate 0 [ 503.279770][T13609] workingset_nodereclaim 0 [ 503.279770][T13609] pgrefill 298 [ 503.279770][T13609] pgscan 330 [ 503.279770][T13609] pgsteal 66 [ 503.374881][T13609] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=13567,uid=0 [ 503.391275][T13609] Memory cgroup out of memory: Killed process 13567 (syz-executor.1) total-vm:72716kB, anon-rss:18248kB, file-rss:54368kB, shmem-rss:0kB, UID:0 pgtables:192512kB oom_score_adj:1000 [ 503.411714][ T1066] oom_reaper: reaped process 13567 (syz-executor.1), now anon-rss:18332kB, file-rss:54364kB, shmem-rss:0kB 10:22:00 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) sched_setattr(0x0, 0x0, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000200)='/dev/snapshot\x00', 0x288000, 0x0) syz_open_dev$audion(&(0x7f0000000240)='/dev/audio#\x00', 0x0, 0x200840) dup(r1) ioctl$RTC_VL_READ(r1, 0x80047013, &(0x7f00000000c0)) exit(0x7) write$binfmt_script(0xffffffffffffffff, &(0x7f00000003c0)={'#! ', './file0', [{0x20, '/dev/kvm\x00'}, {}, {}, {0x20, 'proc'}], 0xa, "df7c00e09c916729334fbe57a726284a85ae23e7eb165a0922b020a14afa53fc919ed5b5820a609af38acfc21c2cacee2f808e60eafcd3ec51fdb7f62ca135bbf86f9c1bbf9c23db4038c329b0e8d63563439cf1b94606299a6c503abe926decd68a7e671c7dfcc4125e9888fbc8ce452b52"}, 0x8e) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) r2 = syz_open_dev$amidi(&(0x7f0000000280)='/dev/amidi#\x00', 0xaf, 0x428240) ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(r2, 0xc080661a, &(0x7f00000002c0)={{0x2, 0x0, @identifier="8cff7fc81ac6de7927c1c322084eaabd"}}) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) r3 = syz_open_procfs(0x0, &(0x7f0000000180)='net/softnet_stat\x00') close(r3) ioctl$BINDER_GET_NODE_INFO_FOR_REF(0xffffffffffffffff, 0xc018620c, &(0x7f0000000180)={0x2}) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) dup(r4) open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, &(0x7f0000000100)={{0x7f, 0x3, 0x7, 0xa59e}, 'syz0\x00', 0x37}) 10:22:00 executing program 0: r0 = timerfd_create(0x0, 0x0) readv(r0, &(0x7f0000000080)=[{&(0x7f0000000200)=""/4096, 0x1000}], 0x1) timerfd_settime(0xffffffffffffffff, 0x0, &(0x7f00000000c0)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x387b1d0849878266, 0x8031, 0xffffffffffffffff, 0x0) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pkey_mprotect(&(0x7f00002d5000/0x1000)=nil, 0x1000, 0x0, 0xffffffffffffffff) pkey_free(0xffffffffffffffff) 10:22:00 executing program 5: r0 = gettid() clone(0x200, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = memfd_create(&(0x7f0000000100)='\x97&\x89\\\xd0\xe7\xca\x16ZO\x94:\xe1\x01\xe5`iq@Nse;\xa8Fpj\x0e\x04!\xd5\xc5YBz\x94\xaf\x13\xe9\xd2\x0f\xc2G\x86Xe\xf1/V\x8cvS\xa6K&u\x9dX\xcc\r\x12\x11\x99\xe7\xce\xaeA\xb8-E\xa1\xf8\xe4~IS\xc1\x04\xf78\xf1\'\xdfv\x90\xbc\xd1\xda\x88j\x16\xeb>\x8c\xa1\x03\xf3\xaf\xfd\xf4&a?\xcaG\n\xe5j\x9b}\xc6G\x86\xb2\xdeY\x17yX $\xfcU\x9d\x80dX\xcc\xab\x84\xd1\x01_\x7f\xf4tW.\x81\n\xf3\v\x8d\x12pa\x91\x9b\x8cxd\x06\xa7k\n\x86\xc3\xb6\x910\xf2L\xf0\xaf\xe1jd\xda\x1f>Vrd\xa4\xb34\xfcUj\x1ad:#\x96\xf9\xd3\x1c]ImZlU\".\x18)\xcf\x1am\xd5\xe0\xdb\xdc\xd7\x8e\xe0\xa3\x82\xec\x9b\xfb\xc9\x81\x9c\xdc\xb7\x0f\xdd\xd3\xd7\xbe\x89\x7f3\x1d\x1c@\x8eu\x85\xces\x89\x95&3FX\xb1\xaf\xa6\x96\xa2\x13\x1f-\b\xcf', 0x0) fcntl$setlease(r1, 0x400, 0x1) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_inet_SIOCSIFFLAGS(r2, 0x8914, &(0x7f0000000040)={'ipvlan0\x00', 0x800}) fcntl$setown(r1, 0x8, 0x0) execveat(r1, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000) timer_create(0x0, &(0x7f0000000080)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000300)) execve(0x0, 0x0, &(0x7f00000003c0)=[&(0x7f0000000000)='em0posix_acl_accessvboxnet0\x00']) stat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x4, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext, 0x0, 0xfffffffffffffffd, 0x7fffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) 10:22:00 executing program 4: r0 = timerfd_create(0x0, 0x0) readv(r0, &(0x7f0000000080)=[{0x0}], 0x1) timerfd_settime(r0, 0x0, &(0x7f00000000c0)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x387b1d0849878266, 0x8031, 0xffffffffffffffff, 0x0) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pkey_mprotect(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 10:22:00 executing program 3: pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_elf32(r1, &(0x7f0000000400)=ANY=[@ANYRESOCT=0x0], 0x17) r3 = socket$inet(0x2, 0x0, 0x83) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$inet_int(r3, 0x0, 0x3, &(0x7f0000000140)=0x7ff, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x41, &(0x7f0000000000)=0x440, 0x4) splice(r0, 0x0, r2, 0x0, 0x10005, 0x0) 10:22:00 executing program 2: syz_open_pts(0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$FIONREAD(0xffffffffffffffff, 0x80045432, 0x0) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) socket$inet_udp(0x2, 0x2, 0x0) socket$inet_udp(0x2, 0x2, 0x0) write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) r0 = openat$md(0xffffffffffffff9c, &(0x7f0000000080)='/dev/md0\x00', 0x0, 0x0) ioctl$BLKPG(r0, 0x932, &(0x7f0000001200)={0x47, 0x0, 0x0, 0x0}) [ 504.067032][T13623] ERROR: Domain ' /sbin/init /etc/init.d/rc /sbin/startpar /etc/init.d/ssh /sbin/start-stop-daemon /usr/sbin/sshd /usr/sbin/sshd /bin/bash /root/syz-fuzzer /root/syz-executor.5 proc:/self/fd/3' not defined. [ 504.115603][T13617] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 504.140343][T13617] CPU: 0 PID: 13617 Comm: syz-executor.1 Not tainted 5.5.0-rc1-syzkaller #0 [ 504.149214][T13617] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 504.159295][T13617] Call Trace: [ 504.162771][T13617] dump_stack+0x11d/0x181 [ 504.167118][T13617] dump_header+0xaa/0x39c [ 504.171516][T13617] oom_kill_process.cold+0x10/0x15 [ 504.176648][T13617] out_of_memory+0x231/0xa60 [ 504.181254][T13617] ? __rcu_read_unlock+0x66/0x3d0 [ 504.186297][T13617] mem_cgroup_out_of_memory+0x128/0x150 [ 504.191878][T13617] try_charge+0xb6c/0xbf0 [ 504.196285][T13617] ? rcu_note_context_switch+0x720/0x760 [ 504.201928][T13617] mem_cgroup_try_charge+0xd2/0x260 [ 504.207250][T13617] mem_cgroup_try_charge_delay+0x3a/0x80 [ 504.212984][T13617] __handle_mm_fault+0x197f/0x2e00 [ 504.218255][T13617] handle_mm_fault+0x21b/0x530 [ 504.223044][T13617] __get_user_pages+0x485/0x1130 [ 504.228107][T13617] populate_vma_page_range+0xe6/0x100 [ 504.233507][T13617] __mm_populate+0x168/0x2a0 [ 504.238347][T13617] __x64_sys_mlockall+0x2e3/0x320 [ 504.243492][T13617] do_syscall_64+0xcc/0x3a0 [ 504.248085][T13617] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 504.254115][T13617] RIP: 0033:0x45b349 [ 504.258044][T13617] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 504.277652][T13617] RSP: 002b:00007f8c5b479c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 504.286218][T13617] RAX: ffffffffffffffda RBX: 00007f8c5b47a6d4 RCX: 000000000045b349 [ 504.294622][T13617] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 504.302707][T13617] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 10:22:00 executing program 3: pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_elf32(r1, &(0x7f0000000400)=ANY=[@ANYRESOCT=0x0], 0x17) r3 = socket$inet(0x2, 0x0, 0x83) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$inet_int(r3, 0x0, 0x3, &(0x7f0000000140)=0x7ff, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x41, &(0x7f0000000000)=0x440, 0x4) splice(r0, 0x0, r2, 0x0, 0x10005, 0x0) [ 504.310799][T13617] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 504.318808][T13617] R13: 0000000000000711 R14: 00000000004c8888 R15: 000000000075bf2c [ 504.352541][T13617] memory: usage 307200kB, limit 307200kB, failcnt 5206 [ 504.385338][T13617] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 504.428758][T13617] Memory cgroup stats for /syz1: [ 504.428985][T13617] anon 305537024 [ 504.428985][T13617] file 0 [ 504.428985][T13617] kernel_stack 368640 [ 504.428985][T13617] slab 4177920 [ 504.428985][T13617] sock 0 [ 504.428985][T13617] shmem 0 [ 504.428985][T13617] file_mapped 0 [ 504.428985][T13617] file_dirty 0 [ 504.428985][T13617] file_writeback 0 [ 504.428985][T13617] anon_thp 251658240 [ 504.428985][T13617] inactive_anon 189247488 [ 504.428985][T13617] active_anon 13438976 [ 504.428985][T13617] inactive_file 0 [ 504.428985][T13617] active_file 0 [ 504.428985][T13617] unevictable 102916096 [ 504.428985][T13617] slab_reclaimable 811008 [ 504.428985][T13617] slab_unreclaimable 3366912 [ 504.428985][T13617] pgfault 179784 [ 504.428985][T13617] pgmajfault 0 [ 504.428985][T13617] workingset_refault 33 [ 504.428985][T13617] workingset_activate 0 [ 504.428985][T13617] workingset_nodereclaim 0 [ 504.428985][T13617] pgrefill 298 [ 504.428985][T13617] pgscan 330 [ 504.428985][T13617] pgsteal 66 10:22:01 executing program 2: r0 = openat$vcsu(0xffffffffffffff9c, 0x0, 0x40, 0x0) read$FUSE(r0, &(0x7f00000004c0), 0x1000) timer_create(0x5, &(0x7f00000000c0)={0x0, 0x1b, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000380)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = inotify_init() inotify_add_watch(r1, &(0x7f0000000080)='.\x00', 0xfe) r2 = open(&(0x7f0000000040)='./file0\x00', 0x200c2, 0x0) write$binfmt_elf64(r2, &(0x7f00000002c0)=ANY=[@ANYRES64], 0x8) sendfile(r2, r2, &(0x7f00000001c0), 0xa198) open$dir(&(0x7f0000000040)='./file0\x00', 0x8027e, 0x0) [ 504.546732][T13617] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=13610,uid=0 [ 504.576740][T13617] Memory cgroup out of memory: Killed process 13610 (syz-executor.1) total-vm:72716kB, anon-rss:18332kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:151552kB oom_score_adj:1000 10:22:01 executing program 5: r0 = socket$unix(0x1, 0x1, 0x0) r1 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, 0x0}, &(0x7f0000cab000)=0xc) setregid(r2, 0x0) sendmsg$unix(r0, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000740)=[@cred={{0x18}}], 0x18}, 0x0) 10:22:01 executing program 3: pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_elf32(r1, &(0x7f0000000400)=ANY=[@ANYRESOCT=0x0], 0x17) r3 = socket$inet(0x2, 0x0, 0x83) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$inet_int(r3, 0x0, 0x3, &(0x7f0000000140)=0x7ff, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x41, &(0x7f0000000000)=0x440, 0x4) splice(r0, 0x0, r2, 0x0, 0x10005, 0x0) 10:22:01 executing program 4: r0 = timerfd_create(0x0, 0x0) readv(r0, &(0x7f0000000080)=[{0x0}], 0x1) timerfd_settime(r0, 0x0, &(0x7f00000000c0)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x387b1d0849878266, 0x8031, 0xffffffffffffffff, 0x0) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pkey_mprotect(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 10:22:01 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'\x00', 0x6102}) r1 = ioctl$TUNGETDEVNETNS(r0, 0x54e3, 0x0) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000240)={r1, 0x11, 0x0, 0x0, 0x0, 0x193}, 0x20) syz_genetlink_get_family_id$ipvs(0x0) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, &(0x7f00000002c0)) 10:22:02 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) sched_setattr(0x0, 0x0, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000200)='/dev/snapshot\x00', 0x288000, 0x0) syz_open_dev$audion(&(0x7f0000000240)='/dev/audio#\x00', 0x9, 0x0) dup(r1) ioctl$RTC_VL_READ(r1, 0x80047013, &(0x7f00000000c0)) exit(0x7) write$binfmt_script(0xffffffffffffffff, &(0x7f00000003c0)={'#! ', './file0', [{0x20, '/dev/kvm\x00'}, {}, {}, {0x20, 'proc'}], 0xa, "df7c00e09c916729334fbe57a726284a85ae23e7eb165a0922b020a14afa53fc919ed5b5820a609af38acfc21c2cacee2f808e60eafcd3ec51fdb7f62ca135bbf86f9c1bbf9c23db4038c329b0e8d63563439cf1b94606299a6c503abe926decd68a7e671c7dfcc4125e9888fbc8ce452b52"}, 0x8e) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) r2 = syz_open_dev$amidi(&(0x7f0000000280)='/dev/amidi#\x00', 0xaf, 0x428240) ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(r2, 0xc080661a, &(0x7f00000002c0)={{0x2, 0x0, @identifier="8cff7fc81ac6de7927c1c322084eaabd"}}) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) r3 = syz_open_procfs(0x0, &(0x7f0000000180)='net/softnet_stat\x00') close(r3) ioctl$BINDER_GET_NODE_INFO_FOR_REF(0xffffffffffffffff, 0xc018620c, &(0x7f0000000180)={0x2}) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) dup(r4) open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, &(0x7f0000000100)={{0x7f, 0x3, 0x7, 0xa59e}, 'syz0\x00', 0x37}) 10:22:02 executing program 2: perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r0, &(0x7f0000000140)=[{0x0}], 0x1, 0x0) 10:22:02 executing program 3: pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_elf32(r1, &(0x7f0000000400)=ANY=[@ANYRESOCT=0x0], 0x17) r3 = socket$inet(0x2, 0x3, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$inet_int(r3, 0x0, 0x3, &(0x7f0000000140)=0x7ff, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x41, &(0x7f0000000000)=0x440, 0x4) splice(r0, 0x0, r2, 0x0, 0x10005, 0x0) 10:22:02 executing program 0: r0 = timerfd_create(0x0, 0x0) readv(r0, &(0x7f0000000080)=[{&(0x7f0000000200)=""/4096, 0x1000}], 0x1) timerfd_settime(0xffffffffffffffff, 0x0, &(0x7f00000000c0)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x387b1d0849878266, 0x8031, 0xffffffffffffffff, 0x0) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pkey_mprotect(&(0x7f00002d5000/0x1000)=nil, 0x1000, 0x0, 0xffffffffffffffff) pkey_free(0xffffffffffffffff) 10:22:02 executing program 5: openat$autofs(0xffffffffffffff9c, 0x0, 0x80000, 0x0) timer_create(0x5, &(0x7f00000000c0)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000380)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = inotify_init() inotify_add_watch(r0, &(0x7f0000000080)='.\x00', 0xfe) r1 = open(&(0x7f0000000040)='./file0\x00', 0x200c2, 0x0) write$binfmt_elf64(r1, &(0x7f00000002c0)=ANY=[@ANYRES64], 0x8) r2 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nvram\x00', 0x400000, 0x0) ioctl$KDENABIO(r2, 0x4b36) sendfile(r1, r1, &(0x7f00000001c0), 0xa198) open$dir(&(0x7f0000000040)='./file0\x00', 0x8027e, 0x0) 10:22:02 executing program 4: r0 = timerfd_create(0x0, 0x0) readv(r0, &(0x7f0000000080)=[{0x0}], 0x1) timerfd_settime(r0, 0x0, &(0x7f00000000c0)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x387b1d0849878266, 0x8031, 0xffffffffffffffff, 0x0) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pkey_mprotect(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 10:22:02 executing program 2: syz_open_pts(0xffffffffffffffff, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$FIONREAD(0xffffffffffffffff, 0x80045432, &(0x7f0000000180)) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socket$inet_udp(0x2, 0x2, 0x0) write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) r0 = openat$md(0xffffffffffffff9c, &(0x7f0000000080)='/dev/md0\x00', 0x0, 0x0) ioctl$BLKPG(r0, 0x932, &(0x7f0000001200)={0x47, 0x0, 0x0, 0x0}) 10:22:02 executing program 3: pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_elf32(r1, &(0x7f0000000400)=ANY=[@ANYRESOCT=0x0], 0x17) r3 = socket$inet(0x2, 0x3, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$inet_int(r3, 0x0, 0x3, &(0x7f0000000140)=0x7ff, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x41, &(0x7f0000000000)=0x440, 0x4) splice(r0, 0x0, r2, 0x0, 0x10005, 0x0) [ 506.052725][T13707] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 506.072618][T13707] CPU: 0 PID: 13707 Comm: syz-executor.1 Not tainted 5.5.0-rc1-syzkaller #0 [ 506.081564][T13707] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 506.091758][T13707] Call Trace: [ 506.095069][T13707] dump_stack+0x11d/0x181 [ 506.099492][T13707] dump_header+0xaa/0x39c [ 506.104190][T13707] oom_kill_process.cold+0x10/0x15 [ 506.109494][T13707] out_of_memory+0x231/0xa60 [ 506.114122][T13707] ? __rcu_read_unlock+0x66/0x3d0 [ 506.119372][T13707] mem_cgroup_out_of_memory+0x128/0x150 [ 506.124938][T13707] try_charge+0xb6c/0xbf0 [ 506.129713][T13707] ? rcu_note_context_switch+0x720/0x760 [ 506.135490][T13707] mem_cgroup_try_charge+0xd2/0x260 [ 506.140739][T13707] mem_cgroup_try_charge_delay+0x3a/0x80 [ 506.146418][T13707] __handle_mm_fault+0x197f/0x2e00 [ 506.151553][T13707] handle_mm_fault+0x21b/0x530 [ 506.156349][T13707] __get_user_pages+0x485/0x1130 [ 506.161308][T13707] populate_vma_page_range+0xe6/0x100 [ 506.166759][T13707] __mm_populate+0x168/0x2a0 [ 506.171496][T13707] __x64_sys_mlockall+0x2e3/0x320 [ 506.176601][T13707] do_syscall_64+0xcc/0x3a0 [ 506.181200][T13707] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 506.187097][T13707] RIP: 0033:0x45b349 [ 506.191000][T13707] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 506.210775][T13707] RSP: 002b:00007f8c5b458c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 506.219203][T13707] RAX: ffffffffffffffda RBX: 00007f8c5b4596d4 RCX: 000000000045b349 [ 506.227333][T13707] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 506.235584][T13707] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 506.243595][T13707] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 506.251795][T13707] R13: 0000000000000711 R14: 00000000004c8888 R15: 000000000075bfd4 [ 506.279517][T13707] memory: usage 307200kB, limit 307200kB, failcnt 5221 [ 506.287579][T13707] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 506.296832][T13707] Memory cgroup stats for /syz1: [ 506.297013][T13707] anon 305524736 [ 506.297013][T13707] file 0 [ 506.297013][T13707] kernel_stack 405504 [ 506.297013][T13707] slab 4177920 [ 506.297013][T13707] sock 0 [ 506.297013][T13707] shmem 0 [ 506.297013][T13707] file_mapped 0 [ 506.297013][T13707] file_dirty 0 [ 506.297013][T13707] file_writeback 0 [ 506.297013][T13707] anon_thp 251658240 [ 506.297013][T13707] inactive_anon 195469312 [ 506.297013][T13707] active_anon 13438976 [ 506.297013][T13707] inactive_file 0 [ 506.297013][T13707] active_file 0 [ 506.297013][T13707] unevictable 96620544 10:22:02 executing program 3: pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_elf32(r1, &(0x7f0000000400)=ANY=[@ANYRESOCT=0x0], 0x17) r3 = socket$inet(0x2, 0x3, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$inet_int(r3, 0x0, 0x3, &(0x7f0000000140)=0x7ff, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x41, &(0x7f0000000000)=0x440, 0x4) splice(r0, 0x0, r2, 0x0, 0x10005, 0x0) 10:22:02 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f00000007c0)=@raw={'raw\x00', 0x2, 0x3, 0x1fc, 0x0, 0xb8, 0xb8, 0x0, 0xb8, 0x168, 0x168, 0x168, 0x168, 0x168, 0x3, 0x0, {[{{@ip={@multicast1, @remote}, 0x0, 0x70, 0xb8}, @unspec=@CT0={0x48, 'CT\x00'}}, {{@ip={@remote, @multicast1, 0x0, 0x0, '\x00', 'bridge_slave_0\x00'}, 0x0, 0x70, 0xb0}, @common=@inet=@LOG={0x40, 'LOG\x00', 0x0, {0x9, 0x0, "5e959089fbb56913c4ee19c893a885802d4c597deca6ced4eed0f411c491"}}}], {{[], 0x0, 0x70, 0x94}, {0x24}}}}, 0x258) [ 506.297013][T13707] slab_reclaimable 811008 [ 506.297013][T13707] slab_unreclaimable 3366912 [ 506.297013][T13707] pgfault 181401 [ 506.297013][T13707] pgmajfault 0 [ 506.297013][T13707] workingset_refault 33 [ 506.297013][T13707] workingset_activate 0 [ 506.297013][T13707] workingset_nodereclaim 0 [ 506.297013][T13707] pgrefill 298 [ 506.297013][T13707] pgscan 330 [ 506.297013][T13707] pgsteal 66 10:22:03 executing program 5: timer_create(0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000380)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = inotify_init() inotify_add_watch(r0, &(0x7f0000000080)='.\x00', 0xfe) r1 = open(&(0x7f0000000040)='./file0\x00', 0x200c2, 0x0) write$binfmt_elf64(r1, &(0x7f00000002c0)=ANY=[@ANYRES64], 0x8) sendfile(r1, r1, &(0x7f00000001c0), 0xa198) [ 506.542543][T13707] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=13680,uid=0 10:22:03 executing program 4: r0 = timerfd_create(0x0, 0x0) readv(r0, &(0x7f0000000080)=[{&(0x7f0000000200)=""/4096, 0x1000}], 0x1) timerfd_settime(0xffffffffffffffff, 0x0, &(0x7f00000000c0)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x387b1d0849878266, 0x8031, 0xffffffffffffffff, 0x0) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pkey_mprotect(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) [ 506.597619][T13707] Memory cgroup out of memory: Killed process 13680 (syz-executor.1) total-vm:72716kB, anon-rss:18328kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:151552kB oom_score_adj:1000 10:22:03 executing program 2: openat$vcsu(0xffffffffffffff9c, 0x0, 0x0, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f00000004c0), 0x1000) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x1b, 0x2, @tid=0xffffffffffffffff}, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000380)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = inotify_init() inotify_add_watch(r0, &(0x7f0000000080)='.\x00', 0xfe) r1 = open(&(0x7f0000000040)='./file0\x00', 0x200c2, 0x0) write$binfmt_elf64(r1, &(0x7f00000002c0)=ANY=[@ANYRES64], 0x8) sendfile(r1, r1, &(0x7f00000001c0), 0xa198) open$dir(&(0x7f0000000040)='./file0\x00', 0x8027e, 0x0) 10:22:03 executing program 3: pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_elf32(r1, &(0x7f0000000400)=ANY=[@ANYRESOCT=0x0], 0x17) r3 = socket$inet(0x2, 0x3, 0x83) bind$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$inet_int(r3, 0x0, 0x3, &(0x7f0000000140)=0x7ff, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x41, &(0x7f0000000000)=0x440, 0x4) splice(r0, 0x0, r2, 0x0, 0x10005, 0x0) 10:22:03 executing program 0: r0 = timerfd_create(0x0, 0x0) readv(r0, &(0x7f0000000080)=[{&(0x7f0000000200)=""/4096, 0x1000}], 0x1) timerfd_settime(r0, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x387b1d0849878266, 0x8031, 0xffffffffffffffff, 0x0) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pkey_mprotect(&(0x7f00002d5000/0x1000)=nil, 0x1000, 0x0, 0xffffffffffffffff) pkey_free(0xffffffffffffffff) 10:22:03 executing program 5: timer_create(0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000380)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = inotify_init() inotify_add_watch(r0, &(0x7f0000000080)='.\x00', 0xfe) r1 = open(&(0x7f0000000040)='./file0\x00', 0x200c2, 0x0) write$binfmt_elf64(r1, &(0x7f00000002c0)=ANY=[@ANYRES64], 0x8) sendfile(r1, r1, &(0x7f00000001c0), 0xa198) 10:22:03 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) sched_setattr(0x0, 0x0, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000200)='/dev/snapshot\x00', 0x288000, 0x0) syz_open_dev$audion(&(0x7f0000000240)='/dev/audio#\x00', 0x9, 0x0) dup(r1) ioctl$RTC_VL_READ(r1, 0x80047013, &(0x7f00000000c0)) exit(0x7) write$binfmt_script(0xffffffffffffffff, &(0x7f00000003c0)={'#! ', './file0', [{0x20, '/dev/kvm\x00'}, {}, {}, {0x20, 'proc'}], 0xa, "df7c00e09c916729334fbe57a726284a85ae23e7eb165a0922b020a14afa53fc919ed5b5820a609af38acfc21c2cacee2f808e60eafcd3ec51fdb7f62ca135bbf86f9c1bbf9c23db4038c329b0e8d63563439cf1b94606299a6c503abe926decd68a7e671c7dfcc4125e9888fbc8ce452b52"}, 0x8e) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) r2 = syz_open_dev$amidi(&(0x7f0000000280)='/dev/amidi#\x00', 0xaf, 0x428240) ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(r2, 0xc080661a, &(0x7f00000002c0)={{0x2, 0x0, @identifier="8cff7fc81ac6de7927c1c322084eaabd"}}) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) r3 = syz_open_procfs(0x0, &(0x7f0000000180)='net/softnet_stat\x00') close(r3) ioctl$BINDER_GET_NODE_INFO_FOR_REF(0xffffffffffffffff, 0xc018620c, &(0x7f0000000180)={0x2}) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) dup(r4) open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, &(0x7f0000000100)={{0x7f, 0x3, 0x7, 0xa59e}, 'syz0\x00', 0x37}) 10:22:04 executing program 3: pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_elf32(r1, &(0x7f0000000400)=ANY=[@ANYRESOCT=0x0], 0x17) r3 = socket$inet(0x2, 0x3, 0x83) bind$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$inet_int(r3, 0x0, 0x3, &(0x7f0000000140)=0x7ff, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x41, &(0x7f0000000000)=0x440, 0x4) splice(r0, 0x0, r2, 0x0, 0x10005, 0x0) 10:22:04 executing program 2: ioctl$TIOCSSERIAL(0xffffffffffffffff, 0x541e, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xabb, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000020000000001000000004000000040000080000000101308006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4802, 0x0) 10:22:04 executing program 5: syz_open_pts(0xffffffffffffffff, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000080)={0x0, 0x0, 0x3, 0x8001}) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x10001}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$IPSET_CMD_TYPE(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40}, 0x0) ioctl$FIONREAD(0xffffffffffffffff, 0x80045432, &(0x7f0000000180)) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000200)=0x7fff, 0x4) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000003500), 0x0) socket$inet_udp(0x2, 0x2, 0x0) r0 = openat$md(0xffffffffffffff9c, &(0x7f0000000080)='/dev/md0\x00', 0x0, 0x0) ioctl$BLKPG(r0, 0x4004092b, &(0x7f0000001200)={0x0, 0x0, 0x0, 0x0}) 10:22:04 executing program 3: pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_elf32(r1, &(0x7f0000000400)=ANY=[@ANYRESOCT=0x0], 0x17) r3 = socket$inet(0x2, 0x3, 0x83) bind$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$inet_int(r3, 0x0, 0x3, &(0x7f0000000140)=0x7ff, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x41, &(0x7f0000000000)=0x440, 0x4) splice(r0, 0x0, r2, 0x0, 0x10005, 0x0) [ 507.789177][T13765] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 507.845781][T13765] CPU: 0 PID: 13765 Comm: syz-executor.1 Not tainted 5.5.0-rc1-syzkaller #0 [ 507.854606][T13765] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 507.865361][T13765] Call Trace: [ 507.868710][T13765] dump_stack+0x11d/0x181 [ 507.873142][T13765] dump_header+0xaa/0x39c [ 507.877512][T13765] oom_kill_process.cold+0x10/0x15 [ 507.882687][T13765] out_of_memory+0x231/0xa60 [ 507.887514][T13765] ? __rcu_read_unlock+0x66/0x3d0 [ 507.892756][T13765] mem_cgroup_out_of_memory+0x128/0x150 [ 507.898332][T13765] try_charge+0xb6c/0xbf0 [ 507.903263][T13765] ? rcu_note_context_switch+0x720/0x760 [ 507.908932][T13765] mem_cgroup_try_charge+0xd2/0x260 [ 507.914256][T13765] mem_cgroup_try_charge_delay+0x3a/0x80 [ 507.919917][T13765] __handle_mm_fault+0x197f/0x2e00 [ 507.925063][T13765] handle_mm_fault+0x21b/0x530 [ 507.929871][T13765] __get_user_pages+0x485/0x1130 [ 507.934847][T13765] populate_vma_page_range+0xe6/0x100 [ 507.940240][T13765] __mm_populate+0x168/0x2a0 [ 507.944893][T13765] __x64_sys_mlockall+0x2e3/0x320 [ 507.949941][T13765] do_syscall_64+0xcc/0x3a0 [ 507.954499][T13765] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 507.960423][T13765] RIP: 0033:0x45b349 [ 507.964333][T13765] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 507.984069][T13765] RSP: 002b:00007f8c5b479c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 507.992523][T13765] RAX: ffffffffffffffda RBX: 00007f8c5b47a6d4 RCX: 000000000045b349 [ 507.996231][T13773] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended [ 508.000520][T13765] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 508.000531][T13765] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 508.000554][T13765] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 508.033592][T13765] R13: 0000000000000711 R14: 00000000004c8888 R15: 000000000075bf2c 10:22:04 executing program 4: r0 = timerfd_create(0x0, 0x0) readv(r0, &(0x7f0000000080)=[{&(0x7f0000000200)=""/4096, 0x1000}], 0x1) timerfd_settime(0xffffffffffffffff, 0x0, &(0x7f00000000c0)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x387b1d0849878266, 0x8031, 0xffffffffffffffff, 0x0) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pkey_mprotect(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 10:22:04 executing program 3: pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_elf32(r1, &(0x7f0000000400)=ANY=[@ANYRESOCT=0x0], 0x17) r3 = socket$inet(0x2, 0x3, 0x83) bind$inet(r2, 0x0, 0x0) setsockopt$inet_int(r3, 0x0, 0x3, &(0x7f0000000140)=0x7ff, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x41, &(0x7f0000000000)=0x440, 0x4) splice(r0, 0x0, r2, 0x0, 0x10005, 0x0) [ 508.053785][T13773] EXT4-fs (loop2): fragment/cluster size (2048) != block size (1024) 10:22:04 executing program 2: ioctl$TCSETS(0xffffffffffffffff, 0x5402, 0x0) sendmsg$IPSET_CMD_TYPE(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, 0x0}, 0x0) ioctl$FIONREAD(0xffffffffffffffff, 0x80045432, 0x0) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0) r0 = openat$md(0xffffffffffffff9c, &(0x7f0000000080)='/dev/md0\x00', 0x0, 0x0) ioctl$BLKPG(r0, 0x4004092b, 0x0) [ 508.212545][T13765] memory: usage 307200kB, limit 307200kB, failcnt 5250 [ 508.225937][T13765] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 508.248782][T13765] Memory cgroup stats for /syz1: [ 508.248957][T13765] anon 305532928 [ 508.248957][T13765] file 0 [ 508.248957][T13765] kernel_stack 405504 [ 508.248957][T13765] slab 4177920 [ 508.248957][T13765] sock 0 [ 508.248957][T13765] shmem 0 [ 508.248957][T13765] file_mapped 0 [ 508.248957][T13765] file_dirty 0 [ 508.248957][T13765] file_writeback 0 [ 508.248957][T13765] anon_thp 251658240 [ 508.248957][T13765] inactive_anon 189177856 [ 508.248957][T13765] active_anon 13455360 [ 508.248957][T13765] inactive_file 0 [ 508.248957][T13765] active_file 0 [ 508.248957][T13765] unevictable 102887424 [ 508.248957][T13765] slab_reclaimable 811008 [ 508.248957][T13765] slab_unreclaimable 3366912 [ 508.248957][T13765] pgfault 183315 [ 508.248957][T13765] pgmajfault 0 [ 508.248957][T13765] workingset_refault 33 [ 508.248957][T13765] workingset_activate 0 [ 508.248957][T13765] workingset_nodereclaim 0 [ 508.248957][T13765] pgrefill 298 [ 508.248957][T13765] pgscan 330 [ 508.248957][T13765] pgsteal 66 10:22:04 executing program 3: pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_elf32(r1, &(0x7f0000000400)=ANY=[@ANYRESOCT=0x0], 0x17) r3 = socket$inet(0x2, 0x3, 0x83) bind$inet(r2, 0x0, 0x0) setsockopt$inet_int(r3, 0x0, 0x3, &(0x7f0000000140)=0x7ff, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x41, &(0x7f0000000000)=0x440, 0x4) splice(r0, 0x0, r2, 0x0, 0x10005, 0x0) [ 508.409256][T13765] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=13749,uid=0 10:22:04 executing program 2: syz_open_pts(0xffffffffffffffff, 0x0) r0 = openat$md(0xffffffffffffff9c, &(0x7f0000000080)='/dev/md0\x00', 0x0, 0x0) ioctl$BLKPG(r0, 0x40480923, &(0x7f0000001200)={0x47, 0x0, 0x0, 0x0}) [ 508.443040][T13765] Memory cgroup out of memory: Killed process 13749 (syz-executor.1) total-vm:72716kB, anon-rss:18328kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:151552kB oom_score_adj:1000 10:22:05 executing program 0: r0 = timerfd_create(0x0, 0x0) readv(r0, &(0x7f0000000080)=[{&(0x7f0000000200)=""/4096, 0x1000}], 0x1) timerfd_settime(r0, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x387b1d0849878266, 0x8031, 0xffffffffffffffff, 0x0) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pkey_mprotect(&(0x7f00002d5000/0x1000)=nil, 0x1000, 0x0, 0xffffffffffffffff) pkey_free(0xffffffffffffffff) 10:22:05 executing program 5: syz_open_pts(0xffffffffffffffff, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000080)={0x0, 0x0, 0x3, 0x8001}) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x10001}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$IPSET_CMD_TYPE(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40}, 0x0) ioctl$FIONREAD(0xffffffffffffffff, 0x80045432, &(0x7f0000000180)) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000200)=0x7fff, 0x4) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000003500), 0x0) socket$inet_udp(0x2, 0x2, 0x0) r0 = openat$md(0xffffffffffffff9c, &(0x7f0000000080)='/dev/md0\x00', 0x0, 0x0) ioctl$BLKPG(r0, 0x4004092b, &(0x7f0000001200)={0x0, 0x0, 0x0, 0x0}) 10:22:05 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) sched_setattr(0x0, 0x0, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000200)='/dev/snapshot\x00', 0x288000, 0x0) syz_open_dev$audion(&(0x7f0000000240)='/dev/audio#\x00', 0x9, 0x0) dup(r1) ioctl$RTC_VL_READ(r1, 0x80047013, &(0x7f00000000c0)) exit(0x7) write$binfmt_script(0xffffffffffffffff, &(0x7f00000003c0)={'#! ', './file0', [{0x20, '/dev/kvm\x00'}, {}, {}, {0x20, 'proc'}], 0xa, "df7c00e09c916729334fbe57a726284a85ae23e7eb165a0922b020a14afa53fc919ed5b5820a609af38acfc21c2cacee2f808e60eafcd3ec51fdb7f62ca135bbf86f9c1bbf9c23db4038c329b0e8d63563439cf1b94606299a6c503abe926decd68a7e671c7dfcc4125e9888fbc8ce452b52"}, 0x8e) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) r2 = syz_open_dev$amidi(&(0x7f0000000280)='/dev/amidi#\x00', 0xaf, 0x428240) ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(r2, 0xc080661a, &(0x7f00000002c0)={{0x2, 0x0, @identifier="8cff7fc81ac6de7927c1c322084eaabd"}}) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) r3 = syz_open_procfs(0x0, &(0x7f0000000180)='net/softnet_stat\x00') close(r3) ioctl$BINDER_GET_NODE_INFO_FOR_REF(0xffffffffffffffff, 0xc018620c, &(0x7f0000000180)={0x2}) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) dup(r4) open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, &(0x7f0000000100)={{0x7f, 0x3, 0x7, 0xa59e}, 'syz0\x00', 0x37}) 10:22:05 executing program 3: pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_elf32(r1, &(0x7f0000000400)=ANY=[@ANYRESOCT=0x0], 0x17) r3 = socket$inet(0x2, 0x3, 0x83) bind$inet(r2, 0x0, 0x0) setsockopt$inet_int(r3, 0x0, 0x3, &(0x7f0000000140)=0x7ff, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x41, &(0x7f0000000000)=0x440, 0x4) splice(r0, 0x0, r2, 0x0, 0x10005, 0x0) 10:22:05 executing program 5: r0 = socket(0x10, 0x2, 0x0) setsockopt$netlink_NETLINK_PKTINFO(r0, 0x10e, 0x3, &(0x7f0000000040)=0x80000000, 0x4) sendto(r0, &(0x7f0000000140)="120000001200e7ef007b1a3fcd00000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{0x0, 0x14e, 0x0, 0x0, 0x0, 0x24b, 0xb6c}}], 0x2, 0x0, 0x0) 10:22:05 executing program 2: r0 = openat$md(0xffffffffffffff9c, &(0x7f0000000080)='/dev/md0\x00', 0x0, 0x0) memfd_create(&(0x7f00000000c0)='\xe62\xfb\xb2\xb8 .\xa2\x91\xe0\xa5\xb6\xe8\t@D\x82\x84gn\xd3v \xe0*\x1b\xb1\x13\x91\xcf\xa1\xb6\xb45\xa97\xd0\x17(\a$?\x00\x00\x00\x00\x00\x00\x01\x00ft\xc5Bmt\xb3\x04\x85?\xb06I\x8d\xce\xe8\xb1\x03]\xde\x1b\xdb\xda\x8fQA\x81h\xdd\xe51\xf4\xec\x86?p\x1c\xdb\xddp\x99P\x01\x00\x01\x00\xb0i\xca\xae\x05\xc7\x00'/112, 0x0) ioctl$BLKPG(r0, 0x407412ec, &(0x7f00000000c0)={0x0, 0x0, 0x33, 0x0}) 10:22:05 executing program 4: r0 = timerfd_create(0x0, 0x0) readv(r0, &(0x7f0000000080)=[{&(0x7f0000000200)=""/4096, 0x1000}], 0x1) timerfd_settime(0xffffffffffffffff, 0x0, &(0x7f00000000c0)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x387b1d0849878266, 0x8031, 0xffffffffffffffff, 0x0) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pkey_mprotect(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 10:22:06 executing program 5: openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000340)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) 10:22:06 executing program 3: pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_elf32(r1, &(0x7f0000000400)=ANY=[@ANYRESOCT=0x0], 0x17) socket$inet(0x2, 0x3, 0x83) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x3, &(0x7f0000000140)=0x7ff, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x41, &(0x7f0000000000)=0x440, 0x4) splice(r0, 0x0, r2, 0x0, 0x10005, 0x0) 10:22:06 executing program 2: r0 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r1 = open$dir(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) write(r0, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200) perf_event_open(&(0x7f0000000340)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = syz_open_dev$tty1(0xc, 0x4, 0x1) sendfile(r2, r1, 0x0, 0x7fffffa8) [ 509.703995][ T27] audit: type=1800 audit(1579602126.196:52): pid=13851 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="file0" dev="sda1" ino=17371 res=0 [ 509.747893][T13840] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 10:22:06 executing program 5: r0 = socket(0x10, 0x2, 0x0) setsockopt$netlink_NETLINK_PKTINFO(r0, 0x10e, 0x3, &(0x7f0000000040)=0x80000000, 0x4) sendto(r0, &(0x7f0000000140)="120000001200e7ef007b1a3fcd00000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{0x0, 0x14e, 0x0, 0x0, 0x0, 0x24b, 0xb6c}}], 0x34, 0x0, 0x0) 10:22:06 executing program 3: pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_elf32(r1, &(0x7f0000000400)=ANY=[@ANYRESOCT=0x0], 0x17) socket$inet(0x2, 0x3, 0x83) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x3, &(0x7f0000000140)=0x7ff, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x41, &(0x7f0000000000)=0x440, 0x4) splice(r0, 0x0, r2, 0x0, 0x10005, 0x0) [ 509.797511][T13840] CPU: 1 PID: 13840 Comm: syz-executor.1 Not tainted 5.5.0-rc1-syzkaller #0 [ 509.797523][T13840] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 509.797528][T13840] Call Trace: [ 509.797554][T13840] dump_stack+0x11d/0x181 [ 509.797695][T13840] dump_header+0xaa/0x39c [ 509.797726][T13840] oom_kill_process.cold+0x10/0x15 [ 509.797768][T13840] out_of_memory+0x231/0xa60 [ 509.797790][T13840] ? __rcu_read_unlock+0x66/0x3d0 [ 509.797822][T13840] mem_cgroup_out_of_memory+0x128/0x150 [ 509.797846][T13840] try_charge+0xb6c/0xbf0 [ 509.797870][T13840] ? rcu_note_context_switch+0x720/0x760 [ 509.797930][T13840] mem_cgroup_try_charge+0xd2/0x260 10:22:06 executing program 0: r0 = timerfd_create(0x0, 0x0) readv(r0, &(0x7f0000000080)=[{&(0x7f0000000200)=""/4096, 0x1000}], 0x1) timerfd_settime(r0, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x387b1d0849878266, 0x8031, 0xffffffffffffffff, 0x0) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pkey_mprotect(&(0x7f00002d5000/0x1000)=nil, 0x1000, 0x0, 0xffffffffffffffff) pkey_free(0xffffffffffffffff) 10:22:06 executing program 3: pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_elf32(r1, &(0x7f0000000400)=ANY=[@ANYRESOCT=0x0], 0x17) socket$inet(0x2, 0x3, 0x83) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x3, &(0x7f0000000140)=0x7ff, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x41, &(0x7f0000000000)=0x440, 0x4) splice(r0, 0x0, r2, 0x0, 0x10005, 0x0) [ 509.797951][T13840] mem_cgroup_try_charge_delay+0x3a/0x80 [ 509.797974][T13840] __handle_mm_fault+0x197f/0x2e00 [ 509.798006][T13840] handle_mm_fault+0x21b/0x530 [ 509.798028][T13840] __get_user_pages+0x485/0x1130 [ 509.798115][T13840] populate_vma_page_range+0xe6/0x100 [ 509.798137][T13840] __mm_populate+0x168/0x2a0 [ 509.798163][T13840] __x64_sys_mlockall+0x2e3/0x320 [ 509.798243][T13840] do_syscall_64+0xcc/0x3a0 [ 509.798270][T13840] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 509.798284][T13840] RIP: 0033:0x45b349 [ 509.798309][T13840] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 509.798374][T13840] RSP: 002b:00007f8c5b479c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 509.798391][T13840] RAX: ffffffffffffffda RBX: 00007f8c5b47a6d4 RCX: 000000000045b349 [ 509.798401][T13840] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 509.798410][T13840] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 509.798421][T13840] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 509.798433][T13840] R13: 0000000000000711 R14: 00000000004c8888 R15: 000000000075bf2c [ 509.798455][T13840] memory: usage 307200kB, limit 307200kB, failcnt 5268 [ 509.798466][T13840] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 509.798470][T13840] Memory cgroup stats for /syz1: [ 509.798733][T13840] anon 305618944 [ 509.798733][T13840] file 0 [ 509.798733][T13840] kernel_stack 368640 [ 509.798733][T13840] slab 4177920 [ 509.798733][T13840] sock 0 [ 509.798733][T13840] shmem 0 [ 509.798733][T13840] file_mapped 0 [ 509.798733][T13840] file_dirty 0 [ 509.798733][T13840] file_writeback 0 [ 509.798733][T13840] anon_thp 251658240 [ 509.798733][T13840] inactive_anon 195485696 [ 509.798733][T13840] active_anon 13438976 [ 509.798733][T13840] inactive_file 0 [ 509.798733][T13840] active_file 0 [ 509.798733][T13840] unevictable 96706560 [ 509.798733][T13840] slab_reclaimable 811008 [ 509.798733][T13840] slab_unreclaimable 3366912 [ 509.798733][T13840] pgfault 184998 [ 509.798733][T13840] pgmajfault 0 [ 509.798733][T13840] workingset_refault 33 [ 509.798733][T13840] workingset_activate 0 [ 509.798733][T13840] workingset_nodereclaim 0 [ 509.798733][T13840] pgrefill 298 [ 509.798733][T13840] pgscan 330 [ 509.798733][T13840] pgsteal 66 [ 509.798744][T13840] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=13820,uid=0 [ 509.798885][T13840] Memory cgroup out of memory: Killed process 13820 (syz-executor.1) total-vm:72716kB, anon-rss:18328kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:151552kB oom_score_adj:1000 [ 509.815233][ T27] audit: type=1804 audit(1579602126.226:53): pid=13851 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir259522558/syzkaller.EQx2Ph/257/file0" dev="sda1" ino=17371 res=1 10:22:07 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) sched_setattr(0x0, 0x0, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000200)='/dev/snapshot\x00', 0x288000, 0x0) syz_open_dev$audion(&(0x7f0000000240)='/dev/audio#\x00', 0x9, 0x200840) dup(0xffffffffffffffff) ioctl$RTC_VL_READ(r1, 0x80047013, &(0x7f00000000c0)) exit(0x7) write$binfmt_script(0xffffffffffffffff, &(0x7f00000003c0)={'#! ', './file0', [{0x20, '/dev/kvm\x00'}, {}, {}, {0x20, 'proc'}], 0xa, "df7c00e09c916729334fbe57a726284a85ae23e7eb165a0922b020a14afa53fc919ed5b5820a609af38acfc21c2cacee2f808e60eafcd3ec51fdb7f62ca135bbf86f9c1bbf9c23db4038c329b0e8d63563439cf1b94606299a6c503abe926decd68a7e671c7dfcc4125e9888fbc8ce452b52"}, 0x8e) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) r2 = syz_open_dev$amidi(&(0x7f0000000280)='/dev/amidi#\x00', 0xaf, 0x428240) ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(r2, 0xc080661a, &(0x7f00000002c0)={{0x2, 0x0, @identifier="8cff7fc81ac6de7927c1c322084eaabd"}}) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) r3 = syz_open_procfs(0x0, &(0x7f0000000180)='net/softnet_stat\x00') close(r3) ioctl$BINDER_GET_NODE_INFO_FOR_REF(0xffffffffffffffff, 0xc018620c, &(0x7f0000000180)={0x2}) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) dup(r4) open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, &(0x7f0000000100)={{0x7f, 0x3, 0x7, 0xa59e}, 'syz0\x00', 0x37}) 10:22:07 executing program 3: pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_elf32(r1, &(0x7f0000000400)=ANY=[@ANYRESOCT=0x0], 0x17) r3 = socket$inet(0x2, 0x3, 0x83) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$inet_int(r3, 0x0, 0x0, &(0x7f0000000140)=0x7ff, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x41, &(0x7f0000000000)=0x440, 0x4) splice(r0, 0x0, r2, 0x0, 0x10005, 0x0) 10:22:07 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(r0, 0x7) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r1, 0x0, 0x0, 0x20000004, &(0x7f0000b63fe4)={0xa, 0x4e22}, 0x1c) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x20000004, &(0x7f0000000000)={0xa, 0x4e22}, 0x1c) close(r1) close(r0) 10:22:07 executing program 4: r0 = timerfd_create(0x0, 0x0) readv(r0, &(0x7f0000000080)=[{&(0x7f0000000200)=""/4096, 0x1000}], 0x1) timerfd_settime(r0, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x387b1d0849878266, 0x8031, 0xffffffffffffffff, 0x0) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pkey_mprotect(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 10:22:07 executing program 2: perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x0, 0x2, 0x0, 0x0, 0x0, 0x3, 0x600, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) pipe(0x0) r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x4000000000000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = socket$inet_udp(0x2, 0x2, 0x0) close(r3) geteuid() perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r4 = socket(0x11, 0x800000003, 0x81) r5 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bind(r4, &(0x7f0000000000)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) write$binfmt_misc(r2, &(0x7f0000000100)=ANY=[@ANYRESHEX], 0xffe8) splice(r1, 0x0, r3, 0x0, 0x10005, 0x0) r6 = creat(&(0x7f0000000240)='./bus\x00', 0x0) io_setup(0x40000100000003, &(0x7f0000000200)=0x0) r8 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) io_submit(r7, 0x2, &(0x7f0000000080)=[&(0x7f0000000540)={0x804000000000000, 0x0, 0x8, 0x1, 0x0, r6, 0x0}, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x8, 0x0, r8, 0x0, 0x0, 0xfffffffffffffffc}]) r9 = creat(&(0x7f0000000240)='./bus\x00', 0x0) io_setup(0x40000100000003, &(0x7f0000000200)=0x0) r11 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) io_submit(r10, 0x2, &(0x7f0000000080)=[&(0x7f0000000540)={0x804000000000000, 0x0, 0x8, 0x1, 0x0, r9, 0x0}, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x8, 0x0, r11, 0x0, 0x0, 0xfffffffffffffffc}]) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f00000001c0)={0x0, 0x1, 0x3, 0x0, 0x0, [{{r8}, 0x100000000}, {{r9}, 0x5}, {{r5}, 0x7f}]}) r12 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0) inotify_init() renameat2(r12, &(0x7f0000000100)='./file0\x00', r12, 0x0, 0x0) r13 = creat(&(0x7f0000000240)='./bus\x00', 0x0) io_setup(0x40000100000003, &(0x7f0000000200)=0x0) r15 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) io_submit(r14, 0x2, &(0x7f0000000080)=[&(0x7f0000000540)={0x804000000000000, 0x0, 0x8, 0x1, 0x0, r13, 0x0}, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x8, 0x0, r15, 0x0, 0x0, 0xfffffffffffffffc}]) sendmsg(r15, &(0x7f0000000400)={&(0x7f0000000280)=@alg={0x26, 'hash\x00', 0x0, 0x0, 'blake2s-256-x86\x00'}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000300)="e8eee603be71963e5e31dfd10f5a285ceaad0ea7c906add79774f0b8a9ad2a29e546a36912add24b4ea7f83d8cc3993628b942453a9d3d2d80c8c404dcbbf1eb81b3187433b0be801da560ae3356e9373b5b4691a9b302db612e97ee5631a08957ed7eb281abb57bdf9ffbc9d745c6f492d252588c347b94b75da1a822949c53117a8d682cb2e7bef5612c2a3b2d37b15776166362ae3238cee72d33d343baa1e9145a09d5ba1f4ba02e4453598984b1f285cbe7088bf321c3a6f6c40fc5ee65242d92def7e45010b83926e7d42a953e4e272a5f", 0xd4}], 0x1, &(0x7f0000000580)=[{0x40, 0x1, 0x5, "66c1aca62e7b53043f1955a268115c6d91bc5c4807d33a87012b71ad29ce16347100be3959c0ab21f497e38dbf1b77f1b4"}, {0x30, 0x29, 0x5, "d1c294705c66fab8910d7e81baee78f4561c077de49aa949d47e1006913d263f01e8"}, {0x10, 0x107, 0x7, ';'}, {0x74, 0x102, 0x1ff, "d389ff5dab676409cfe204882e259d9c72cc69d901d3b8e0fa05edd3c259b7aa4f991942a026c5b4fe5aa550e5c19325e5fc7d42d46d6c95f59cf3d7598ca8f385dafdaa59ea86f2bd5d99c545f68172b4612be7e4eaaa840b2311298a8effb5c35a11b4d0"}, {0xec, 0x10a, 0x8001, "95387a6142b7e904a42d3ab067cd2dc329a67c59db9611d0d0c7e69723abbf6f6010de97c9b4f0537b9b6de9147980f464b47652065e2d7db3322e864effc517cccfe04500e80ce9cd33c17b58de130ec5106693123250be40bb1d7188eab4b4eb60dc6110e2400aef398e12bd45a89989a18a26523ef5e9fbb7efae90cb3087206b360d86f2931f0eabf1e152103f1058b9534d4249918f7af79da856a5fafc11e8303c7d76be322ccdb197d6eea4494964decab97d660a23eb33762b6c647c9be8c13bdeb2884d35835f932afc3063127c4506d8492886e01da7f0cec059b1"}], 0x1e0}, 0x20044810) 10:22:07 executing program 3: pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_elf32(r1, &(0x7f0000000400)=ANY=[@ANYRESOCT=0x0], 0x17) r3 = socket$inet(0x2, 0x3, 0x83) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$inet_int(r3, 0x0, 0x0, &(0x7f0000000140)=0x7ff, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x41, &(0x7f0000000000)=0x440, 0x4) splice(r0, 0x0, r2, 0x0, 0x10005, 0x0) 10:22:07 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000280)=ANY=[@ANYBLOB="a80000001000010800"/20, @ANYRES32=0x0, @ANYBLOB="000000000000000008001b000000000080002b007c00020026ca5ad1ae00"/88, @ANYRES32=0x0, @ANYBLOB="00ff1300", @ANYRES32, @ANYBLOB="080000000000000000000000000000001000"/32, @ANYRES32, @ANYRES32, @ANYBLOB='\x00\x00\x00\x00'], 0xa8}}, 0x0) 10:22:07 executing program 3: pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_elf32(r1, &(0x7f0000000400)=ANY=[@ANYRESOCT=0x0], 0x17) r3 = socket$inet(0x2, 0x3, 0x83) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$inet_int(r3, 0x0, 0x0, &(0x7f0000000140)=0x7ff, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x41, &(0x7f0000000000)=0x440, 0x4) splice(r0, 0x0, r2, 0x0, 0x10005, 0x0) [ 511.189982][T13889] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 511.223769][T13889] CPU: 0 PID: 13889 Comm: syz-executor.1 Not tainted 5.5.0-rc1-syzkaller #0 [ 511.232488][T13889] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 511.242745][T13889] Call Trace: [ 511.246063][T13889] dump_stack+0x11d/0x181 [ 511.250421][T13889] dump_header+0xaa/0x39c [ 511.254793][T13889] oom_kill_process.cold+0x10/0x15 [ 511.259922][T13889] out_of_memory+0x231/0xa60 [ 511.264599][T13889] ? __rcu_read_unlock+0x66/0x3d0 [ 511.269690][T13889] mem_cgroup_out_of_memory+0x128/0x150 [ 511.275264][T13889] try_charge+0xb6c/0xbf0 [ 511.279716][T13889] ? rcu_note_context_switch+0x720/0x760 [ 511.285449][T13889] mem_cgroup_try_charge+0xd2/0x260 [ 511.290691][T13889] mem_cgroup_try_charge_delay+0x3a/0x80 [ 511.296613][T13889] __handle_mm_fault+0x197f/0x2e00 [ 511.301753][T13889] handle_mm_fault+0x21b/0x530 [ 511.306665][T13889] __get_user_pages+0x485/0x1130 [ 511.312140][T13889] populate_vma_page_range+0xe6/0x100 [ 511.317721][T13889] __mm_populate+0x168/0x2a0 [ 511.322463][T13889] __x64_sys_mlockall+0x2e3/0x320 [ 511.327552][T13889] do_syscall_64+0xcc/0x3a0 [ 511.332079][T13889] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 511.338027][T13889] RIP: 0033:0x45b349 [ 511.342002][T13889] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 511.362253][T13889] RSP: 002b:00007f8c5b479c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 511.370799][T13889] RAX: ffffffffffffffda RBX: 00007f8c5b47a6d4 RCX: 000000000045b349 [ 511.378810][T13889] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 10:22:07 executing program 0: r0 = timerfd_create(0x0, 0x0) readv(r0, &(0x7f0000000080)=[{&(0x7f0000000200)=""/4096, 0x1000}], 0x1) timerfd_settime(r0, 0x0, &(0x7f00000000c0)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pkey_mprotect(&(0x7f00002d5000/0x1000)=nil, 0x1000, 0x0, 0xffffffffffffffff) pkey_free(0xffffffffffffffff) [ 511.386792][T13889] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 511.394774][T13889] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 511.402756][T13889] R13: 0000000000000711 R14: 00000000004c8888 R15: 000000000075bf2c [ 511.425273][T13898] netlink: 'syz-executor.5': attribute type 2 has an invalid length. [ 511.434228][T13898] net_ratelimit: 514 callbacks suppressed [ 511.434242][T13898] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. 10:22:07 executing program 5: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000f80)={0x50, 0x2, 0x6, 0x1, 0x0, 0x0, {}, [@IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_TIMEOUT={0x8, 0x6, 0x1, 0x0, 0x3}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x50}}, 0x0) [ 511.485940][T13889] memory: usage 307200kB, limit 307200kB, failcnt 5294 [ 511.507521][T13889] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 511.554198][T13889] Memory cgroup stats for /syz1: [ 511.554421][T13889] anon 305672192 [ 511.554421][T13889] file 0 [ 511.554421][T13889] kernel_stack 368640 [ 511.554421][T13889] slab 4177920 [ 511.554421][T13889] sock 0 [ 511.554421][T13889] shmem 0 [ 511.554421][T13889] file_mapped 0 [ 511.554421][T13889] file_dirty 0 [ 511.554421][T13889] file_writeback 0 [ 511.554421][T13889] anon_thp 251658240 [ 511.554421][T13889] inactive_anon 195604480 [ 511.554421][T13889] active_anon 13430784 [ 511.554421][T13889] inactive_file 0 10:22:08 executing program 3: pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_elf32(r1, &(0x7f0000000400)=ANY=[@ANYRESOCT=0x0], 0x17) r3 = socket$inet(0x2, 0x3, 0x83) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$inet_int(r3, 0x0, 0x3, 0x0, 0x0) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x41, &(0x7f0000000000)=0x440, 0x4) splice(r0, 0x0, r2, 0x0, 0x10005, 0x0) [ 511.554421][T13889] active_file 0 [ 511.554421][T13889] unevictable 96776192 [ 511.554421][T13889] slab_reclaimable 811008 [ 511.554421][T13889] slab_unreclaimable 3366912 [ 511.554421][T13889] pgfault 186714 [ 511.554421][T13889] pgmajfault 0 [ 511.554421][T13889] workingset_refault 33 [ 511.554421][T13889] workingset_activate 0 [ 511.554421][T13889] workingset_nodereclaim 0 [ 511.554421][T13889] pgrefill 298 [ 511.554421][T13889] pgscan 330 [ 511.554421][T13889] pgsteal 66 [ 511.689294][T13889] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=13869,uid=0 [ 511.705949][T13889] Memory cgroup out of memory: Killed process 13869 (syz-executor.1) total-vm:72716kB, anon-rss:18328kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:151552kB oom_score_adj:1000 10:22:08 executing program 0: r0 = timerfd_create(0x0, 0x0) readv(r0, &(0x7f0000000080)=[{&(0x7f0000000200)=""/4096, 0x1000}], 0x1) timerfd_settime(r0, 0x0, &(0x7f00000000c0)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pkey_mprotect(&(0x7f00002d5000/0x1000)=nil, 0x1000, 0x0, 0xffffffffffffffff) pkey_free(0xffffffffffffffff) 10:22:08 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) sched_setattr(0x0, 0x0, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000200)='/dev/snapshot\x00', 0x288000, 0x0) syz_open_dev$audion(&(0x7f0000000240)='/dev/audio#\x00', 0x9, 0x200840) dup(0xffffffffffffffff) ioctl$RTC_VL_READ(r1, 0x80047013, &(0x7f00000000c0)) exit(0x7) write$binfmt_script(0xffffffffffffffff, &(0x7f00000003c0)={'#! ', './file0', [{0x20, '/dev/kvm\x00'}, {}, {}, {0x20, 'proc'}], 0xa, "df7c00e09c916729334fbe57a726284a85ae23e7eb165a0922b020a14afa53fc919ed5b5820a609af38acfc21c2cacee2f808e60eafcd3ec51fdb7f62ca135bbf86f9c1bbf9c23db4038c329b0e8d63563439cf1b94606299a6c503abe926decd68a7e671c7dfcc4125e9888fbc8ce452b52"}, 0x8e) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) r2 = syz_open_dev$amidi(&(0x7f0000000280)='/dev/amidi#\x00', 0xaf, 0x428240) ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(r2, 0xc080661a, &(0x7f00000002c0)={{0x2, 0x0, @identifier="8cff7fc81ac6de7927c1c322084eaabd"}}) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) r3 = syz_open_procfs(0x0, &(0x7f0000000180)='net/softnet_stat\x00') close(r3) ioctl$BINDER_GET_NODE_INFO_FOR_REF(0xffffffffffffffff, 0xc018620c, &(0x7f0000000180)={0x2}) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) dup(r4) open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, &(0x7f0000000100)={{0x7f, 0x3, 0x7, 0xa59e}, 'syz0\x00', 0x37}) 10:22:08 executing program 5: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x2, 0x3, 0x21c, 0x0, 0x0, 0xb8, 0x0, 0x0, 0x188, 0x188, 0x188, 0x188, 0x188, 0x3, 0x0, {[{{@ip={@multicast1, @remote}, 0x0, 0x70, 0xb8}, @unspec=@CT0={0x48, 'CT\x00'}}, {{@ip={@remote, @empty, 0x0, 0x0, '\x00', 'bridge_slave_0\x00'}, 0x0, 0x70, 0xd0}, @common=@SET={0x60, 'SET\x00', 0x0, {{0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}, {0xffff}}}}], {{[], 0x0, 0x70, 0x94}, {0x24}}}}, 0x278) 10:22:08 executing program 3: pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_elf32(r1, &(0x7f0000000400)=ANY=[@ANYRESOCT=0x0], 0x17) r3 = socket$inet(0x2, 0x3, 0x83) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$inet_int(r3, 0x0, 0x3, 0x0, 0x0) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x41, &(0x7f0000000000)=0x440, 0x4) splice(r0, 0x0, r2, 0x0, 0x10005, 0x0) 10:22:08 executing program 0: r0 = timerfd_create(0x0, 0x0) readv(r0, &(0x7f0000000080)=[{&(0x7f0000000200)=""/4096, 0x1000}], 0x1) timerfd_settime(r0, 0x0, &(0x7f00000000c0)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pkey_mprotect(&(0x7f00002d5000/0x1000)=nil, 0x1000, 0x0, 0xffffffffffffffff) pkey_free(0xffffffffffffffff) 10:22:08 executing program 2: perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x0, 0x2, 0x0, 0x0, 0x0, 0x3, 0x600, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) pipe(0x0) r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x4000000000000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = socket$inet_udp(0x2, 0x2, 0x0) close(r3) geteuid() perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r4 = socket(0x11, 0x800000003, 0x81) r5 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bind(r4, &(0x7f0000000000)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) write$binfmt_misc(r2, &(0x7f0000000100)=ANY=[@ANYRESHEX], 0xffe8) splice(r1, 0x0, r3, 0x0, 0x10005, 0x0) r6 = creat(&(0x7f0000000240)='./bus\x00', 0x0) io_setup(0x40000100000003, &(0x7f0000000200)=0x0) r8 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) io_submit(r7, 0x2, &(0x7f0000000080)=[&(0x7f0000000540)={0x804000000000000, 0x0, 0x8, 0x1, 0x0, r6, 0x0}, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x8, 0x0, r8, 0x0, 0x0, 0xfffffffffffffffc}]) r9 = creat(&(0x7f0000000240)='./bus\x00', 0x0) io_setup(0x40000100000003, &(0x7f0000000200)=0x0) r11 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) io_submit(r10, 0x2, &(0x7f0000000080)=[&(0x7f0000000540)={0x804000000000000, 0x0, 0x8, 0x1, 0x0, r9, 0x0}, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x8, 0x0, r11, 0x0, 0x0, 0xfffffffffffffffc}]) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f00000001c0)={0x0, 0x1, 0x3, 0x0, 0x0, [{{r8}, 0x100000000}, {{r9}, 0x5}, {{r5}, 0x7f}]}) r12 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0) inotify_init() renameat2(r12, &(0x7f0000000100)='./file0\x00', r12, 0x0, 0x0) r13 = creat(&(0x7f0000000240)='./bus\x00', 0x0) io_setup(0x40000100000003, &(0x7f0000000200)=0x0) r15 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) io_submit(r14, 0x2, &(0x7f0000000080)=[&(0x7f0000000540)={0x804000000000000, 0x0, 0x8, 0x1, 0x0, r13, 0x0}, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x8, 0x0, r15, 0x0, 0x0, 0xfffffffffffffffc}]) sendmsg(r15, &(0x7f0000000400)={&(0x7f0000000280)=@alg={0x26, 'hash\x00', 0x0, 0x0, 'blake2s-256-x86\x00'}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000300)="e8eee603be71963e5e31dfd10f5a285ceaad0ea7c906add79774f0b8a9ad2a29e546a36912add24b4ea7f83d8cc3993628b942453a9d3d2d80c8c404dcbbf1eb81b3187433b0be801da560ae3356e9373b5b4691a9b302db612e97ee5631a08957ed7eb281abb57bdf9ffbc9d745c6f492d252588c347b94b75da1a822949c53117a8d682cb2e7bef5612c2a3b2d37b15776166362ae3238cee72d33d343baa1e9145a09d5ba1f4ba02e4453598984b1f285cbe7088bf321c3a6f6c40fc5ee65242d92def7e45010b83926e7d42a953e4e272a5f", 0xd4}], 0x1, &(0x7f0000000580)=[{0x40, 0x1, 0x5, "66c1aca62e7b53043f1955a268115c6d91bc5c4807d33a87012b71ad29ce16347100be3959c0ab21f497e38dbf1b77f1b4"}, {0x30, 0x29, 0x5, "d1c294705c66fab8910d7e81baee78f4561c077de49aa949d47e1006913d263f01e8"}, {0x10, 0x107, 0x7, ';'}, {0x74, 0x102, 0x1ff, "d389ff5dab676409cfe204882e259d9c72cc69d901d3b8e0fa05edd3c259b7aa4f991942a026c5b4fe5aa550e5c19325e5fc7d42d46d6c95f59cf3d7598ca8f385dafdaa59ea86f2bd5d99c545f68172b4612be7e4eaaa840b2311298a8effb5c35a11b4d0"}, {0xec, 0x10a, 0x8001, "95387a6142b7e904a42d3ab067cd2dc329a67c59db9611d0d0c7e69723abbf6f6010de97c9b4f0537b9b6de9147980f464b47652065e2d7db3322e864effc517cccfe04500e80ce9cd33c17b58de130ec5106693123250be40bb1d7188eab4b4eb60dc6110e2400aef398e12bd45a89989a18a26523ef5e9fbb7efae90cb3087206b360d86f2931f0eabf1e152103f1058b9534d4249918f7af79da856a5fafc11e8303c7d76be322ccdb197d6eea4494964decab97d660a23eb33762b6c647c9be8c13bdeb2884d35835f932afc3063127c4506d8492886e01da7f0cec059b1"}], 0x1e0}, 0x20044810) 10:22:08 executing program 4: r0 = timerfd_create(0x0, 0x0) readv(r0, &(0x7f0000000080)=[{&(0x7f0000000200)=""/4096, 0x1000}], 0x1) timerfd_settime(r0, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x387b1d0849878266, 0x8031, 0xffffffffffffffff, 0x0) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pkey_mprotect(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 10:22:09 executing program 3: pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_elf32(r1, &(0x7f0000000400)=ANY=[@ANYRESOCT=0x0], 0x17) r3 = socket$inet(0x2, 0x3, 0x83) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$inet_int(r3, 0x0, 0x3, 0x0, 0x0) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x41, &(0x7f0000000000)=0x440, 0x4) splice(r0, 0x0, r2, 0x0, 0x10005, 0x0) 10:22:09 executing program 5: perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x0, 0x2, 0x0, 0x0, 0x0, 0x3, 0x600, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) pipe(0x0) r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x4000000000000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = socket$inet_udp(0x2, 0x2, 0x0) close(r3) geteuid() perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r4 = socket(0x11, 0x800000003, 0x81) r5 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bind(r4, &(0x7f0000000000)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) write$binfmt_misc(r2, &(0x7f0000000100)=ANY=[@ANYRESHEX], 0xffe8) splice(r1, 0x0, r3, 0x0, 0x10005, 0x0) r6 = creat(&(0x7f0000000240)='./bus\x00', 0x0) io_setup(0x40000100000003, &(0x7f0000000200)=0x0) r8 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) io_submit(r7, 0x2, &(0x7f0000000080)=[&(0x7f0000000540)={0x804000000000000, 0x0, 0x8, 0x1, 0x0, r6, 0x0}, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x8, 0x0, r8, 0x0, 0x0, 0xfffffffffffffffc}]) r9 = creat(&(0x7f0000000240)='./bus\x00', 0x0) io_setup(0x40000100000003, &(0x7f0000000200)=0x0) r11 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) io_submit(r10, 0x2, &(0x7f0000000080)=[&(0x7f0000000540)={0x804000000000000, 0x0, 0x8, 0x1, 0x0, r9, 0x0}, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x8, 0x0, r11, 0x0, 0x0, 0xfffffffffffffffc}]) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f00000001c0)={0x0, 0x1, 0x3, 0x0, 0x0, [{{r8}, 0x100000000}, {{r9}, 0x5}, {{r5}, 0x7f}]}) r12 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0) inotify_init() renameat2(r12, &(0x7f0000000100)='./file0\x00', r12, 0x0, 0x0) r13 = creat(&(0x7f0000000240)='./bus\x00', 0x0) io_setup(0x40000100000003, &(0x7f0000000200)=0x0) r15 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) io_submit(r14, 0x2, &(0x7f0000000080)=[&(0x7f0000000540)={0x804000000000000, 0x0, 0x8, 0x1, 0x0, r13, 0x0}, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x8, 0x0, r15, 0x0, 0x0, 0xfffffffffffffffc}]) sendmsg(r15, &(0x7f0000000400)={&(0x7f0000000280)=@alg={0x26, 'hash\x00', 0x0, 0x0, 'blake2s-256-x86\x00'}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000300)="e8eee603be71963e5e31dfd10f5a285ceaad0ea7c906add79774f0b8a9ad2a29e546a36912add24b4ea7f83d8cc3993628b942453a9d3d2d80c8c404dcbbf1eb81b3187433b0be801da560ae3356e9373b5b4691a9b302db612e97ee5631a08957ed7eb281abb57bdf9ffbc9d745c6f492d252588c347b94b75da1a822949c53117a8d682cb2e7bef5612c2a3b2d37b15776166362ae3238cee72d33d343baa1e9145a09d5ba1f4ba02e4453598984b1f285cbe7088bf321c3a6f6c40fc5ee65242d92def7e45010b83926e7d42a953e4e272a5f", 0xd4}], 0x1, &(0x7f0000000580)=[{0x40, 0x1, 0x5, "66c1aca62e7b53043f1955a268115c6d91bc5c4807d33a87012b71ad29ce16347100be3959c0ab21f497e38dbf1b77f1b4"}, {0x30, 0x29, 0x5, "d1c294705c66fab8910d7e81baee78f4561c077de49aa949d47e1006913d263f01e8"}, {0x10, 0x107, 0x7, ';'}, {0x74, 0x102, 0x1ff, "d389ff5dab676409cfe204882e259d9c72cc69d901d3b8e0fa05edd3c259b7aa4f991942a026c5b4fe5aa550e5c19325e5fc7d42d46d6c95f59cf3d7598ca8f385dafdaa59ea86f2bd5d99c545f68172b4612be7e4eaaa840b2311298a8effb5c35a11b4d0"}, {0xec, 0x10a, 0x8001, "95387a6142b7e904a42d3ab067cd2dc329a67c59db9611d0d0c7e69723abbf6f6010de97c9b4f0537b9b6de9147980f464b47652065e2d7db3322e864effc517cccfe04500e80ce9cd33c17b58de130ec5106693123250be40bb1d7188eab4b4eb60dc6110e2400aef398e12bd45a89989a18a26523ef5e9fbb7efae90cb3087206b360d86f2931f0eabf1e152103f1058b9534d4249918f7af79da856a5fafc11e8303c7d76be322ccdb197d6eea4494964decab97d660a23eb33762b6c647c9be8c13bdeb2884d35835f932afc3063127c4506d8492886e01da7f0cec059b1"}], 0x1e0}, 0x20044810) 10:22:09 executing program 0: r0 = timerfd_create(0x0, 0x0) readv(r0, &(0x7f0000000080)=[{&(0x7f0000000200)=""/4096, 0x1000}], 0x1) timerfd_settime(r0, 0x0, &(0x7f00000000c0)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x387b1d0849878266, 0x10, 0xffffffffffffffff, 0x0) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pkey_mprotect(&(0x7f00002d5000/0x1000)=nil, 0x1000, 0x0, 0xffffffffffffffff) pkey_free(0xffffffffffffffff) 10:22:09 executing program 3: pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_elf32(r1, &(0x7f0000000400)=ANY=[@ANYRESOCT=0x0], 0x17) r3 = socket$inet(0x2, 0x3, 0x83) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$inet_int(r3, 0x0, 0x3, &(0x7f0000000140), 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x41, &(0x7f0000000000)=0x440, 0x4) splice(r0, 0x0, r2, 0x0, 0x10005, 0x0) [ 512.777961][T13940] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 512.803725][T13940] CPU: 0 PID: 13940 Comm: syz-executor.1 Not tainted 5.5.0-rc1-syzkaller #0 [ 512.812563][T13940] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 512.822647][T13940] Call Trace: [ 512.825964][T13940] dump_stack+0x11d/0x181 [ 512.830440][T13940] dump_header+0xaa/0x39c [ 512.834918][T13940] oom_kill_process.cold+0x10/0x15 [ 512.840051][T13940] out_of_memory+0x231/0xa60 [ 512.845145][T13940] ? __rcu_read_unlock+0x66/0x3d0 [ 512.850406][T13940] mem_cgroup_out_of_memory+0x128/0x150 [ 512.856151][T13940] try_charge+0xb6c/0xbf0 [ 512.860519][T13940] ? rcu_note_context_switch+0x720/0x760 [ 512.866185][T13940] mem_cgroup_try_charge+0xd2/0x260 [ 512.871521][T13940] mem_cgroup_try_charge_delay+0x3a/0x80 [ 512.877484][T13940] __handle_mm_fault+0x197f/0x2e00 [ 512.882629][T13940] handle_mm_fault+0x21b/0x530 [ 512.887482][T13940] __get_user_pages+0x485/0x1130 [ 512.892587][T13940] populate_vma_page_range+0xe6/0x100 [ 512.897977][T13940] __mm_populate+0x168/0x2a0 [ 512.902655][T13940] __x64_sys_mlockall+0x2e3/0x320 [ 512.907716][T13940] do_syscall_64+0xcc/0x3a0 [ 512.912250][T13940] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 512.918158][T13940] RIP: 0033:0x45b349 [ 512.922072][T13940] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 512.941896][T13940] RSP: 002b:00007f8c5b479c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 512.950454][T13940] RAX: ffffffffffffffda RBX: 00007f8c5b47a6d4 RCX: 000000000045b349 [ 512.960472][T13940] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 512.968459][T13940] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 512.976637][T13940] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 512.984682][T13940] R13: 0000000000000711 R14: 00000000004c8888 R15: 000000000075bf2c [ 513.001841][T13940] memory: usage 307200kB, limit 307200kB, failcnt 5352 [ 513.016627][T13940] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 10:22:09 executing program 3: pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_elf32(r1, &(0x7f0000000400)=ANY=[@ANYRESOCT=0x0], 0x17) r3 = socket$inet(0x2, 0x3, 0x83) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$inet_int(r3, 0x0, 0x3, &(0x7f0000000140), 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x41, &(0x7f0000000000)=0x440, 0x4) splice(r0, 0x0, r2, 0x0, 0x10005, 0x0) [ 513.033529][T13940] Memory cgroup stats for /syz1: [ 513.033795][T13940] anon 305627136 [ 513.033795][T13940] file 0 [ 513.033795][T13940] kernel_stack 368640 [ 513.033795][T13940] slab 4177920 [ 513.033795][T13940] sock 0 [ 513.033795][T13940] shmem 0 [ 513.033795][T13940] file_mapped 0 [ 513.033795][T13940] file_dirty 0 [ 513.033795][T13940] file_writeback 0 [ 513.033795][T13940] anon_thp 251658240 [ 513.033795][T13940] inactive_anon 189120512 [ 513.033795][T13940] active_anon 13398016 [ 513.033795][T13940] inactive_file 0 10:22:09 executing program 0: r0 = timerfd_create(0x0, 0x0) readv(r0, &(0x7f0000000080)=[{&(0x7f0000000200)=""/4096, 0x1000}], 0x1) timerfd_settime(r0, 0x0, &(0x7f00000000c0)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x387b1d0849878266, 0x10, 0xffffffffffffffff, 0x0) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pkey_mprotect(&(0x7f00002d5000/0x1000)=nil, 0x1000, 0x0, 0xffffffffffffffff) pkey_free(0xffffffffffffffff) [ 513.033795][T13940] active_file 0 [ 513.033795][T13940] unevictable 103071744 [ 513.033795][T13940] slab_reclaimable 811008 [ 513.033795][T13940] slab_unreclaimable 3366912 [ 513.033795][T13940] pgfault 188661 [ 513.033795][T13940] pgmajfault 0 [ 513.033795][T13940] workingset_refault 33 [ 513.033795][T13940] workingset_activate 0 [ 513.033795][T13940] workingset_nodereclaim 0 [ 513.033795][T13940] pgrefill 298 [ 513.033795][T13940] pgscan 330 [ 513.033795][T13940] pgsteal 66 [ 513.142936][T13940] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=13924,uid=0 [ 513.175226][T13940] Memory cgroup out of memory: Killed process 13924 (syz-executor.1) total-vm:72716kB, anon-rss:18328kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:151552kB oom_score_adj:1000 [ 513.206894][ T1066] oom_reaper: reaped process 13924 (syz-executor.1), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 10:22:10 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) sched_setattr(0x0, 0x0, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000200)='/dev/snapshot\x00', 0x288000, 0x0) syz_open_dev$audion(&(0x7f0000000240)='/dev/audio#\x00', 0x9, 0x200840) dup(0xffffffffffffffff) ioctl$RTC_VL_READ(r1, 0x80047013, &(0x7f00000000c0)) exit(0x7) write$binfmt_script(0xffffffffffffffff, &(0x7f00000003c0)={'#! ', './file0', [{0x20, '/dev/kvm\x00'}, {}, {}, {0x20, 'proc'}], 0xa, "df7c00e09c916729334fbe57a726284a85ae23e7eb165a0922b020a14afa53fc919ed5b5820a609af38acfc21c2cacee2f808e60eafcd3ec51fdb7f62ca135bbf86f9c1bbf9c23db4038c329b0e8d63563439cf1b94606299a6c503abe926decd68a7e671c7dfcc4125e9888fbc8ce452b52"}, 0x8e) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) r2 = syz_open_dev$amidi(&(0x7f0000000280)='/dev/amidi#\x00', 0xaf, 0x428240) ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(r2, 0xc080661a, &(0x7f00000002c0)={{0x2, 0x0, @identifier="8cff7fc81ac6de7927c1c322084eaabd"}}) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) r3 = syz_open_procfs(0x0, &(0x7f0000000180)='net/softnet_stat\x00') close(r3) ioctl$BINDER_GET_NODE_INFO_FOR_REF(0xffffffffffffffff, 0xc018620c, &(0x7f0000000180)={0x2}) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) dup(r4) open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, &(0x7f0000000100)={{0x7f, 0x3, 0x7, 0xa59e}, 'syz0\x00', 0x37}) 10:22:10 executing program 3: pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_elf32(r1, &(0x7f0000000400)=ANY=[@ANYRESOCT=0x0], 0x17) r3 = socket$inet(0x2, 0x3, 0x83) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$inet_int(r3, 0x0, 0x3, &(0x7f0000000140), 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x41, &(0x7f0000000000)=0x440, 0x4) splice(r0, 0x0, r2, 0x0, 0x10005, 0x0) 10:22:10 executing program 0: r0 = timerfd_create(0x0, 0x0) readv(r0, &(0x7f0000000080)=[{&(0x7f0000000200)=""/4096, 0x1000}], 0x1) timerfd_settime(r0, 0x0, &(0x7f00000000c0)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x387b1d0849878266, 0x10, 0xffffffffffffffff, 0x0) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pkey_mprotect(&(0x7f00002d5000/0x1000)=nil, 0x1000, 0x0, 0xffffffffffffffff) pkey_free(0xffffffffffffffff) 10:22:10 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0xb, 0x11, r2, 0x0) write$FUSE_INTERRUPT(0xffffffffffffffff, &(0x7f0000000000)={0x10}, 0x10) ioctl$KVM_RUN(r2, 0xae80, 0x0) 10:22:10 executing program 5: perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r0, &(0x7f0000000140)=[{&(0x7f0000000040)="f5", 0x1}, {&(0x7f0000000000)="643175501e063ec063015c6b25a3d51668f2c81ba26f8d019c21d0c0aaa752373a", 0x21}], 0x200000000000007d, 0x0) 10:22:10 executing program 4: r0 = timerfd_create(0x0, 0x0) readv(r0, &(0x7f0000000080)=[{&(0x7f0000000200)=""/4096, 0x1000}], 0x1) timerfd_settime(r0, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x387b1d0849878266, 0x8031, 0xffffffffffffffff, 0x0) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pkey_mprotect(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 10:22:10 executing program 3: pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_elf32(r1, &(0x7f0000000400)=ANY=[@ANYRESOCT=0x0], 0x17) r3 = socket$inet(0x2, 0x3, 0x83) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$inet_int(r3, 0x0, 0x3, &(0x7f0000000140)=0x7ff, 0x4) connect$inet(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x41, &(0x7f0000000000)=0x440, 0x4) splice(r0, 0x0, r2, 0x0, 0x10005, 0x0) 10:22:10 executing program 0: r0 = timerfd_create(0x0, 0x0) readv(r0, &(0x7f0000000080)=[{&(0x7f0000000200)=""/4096, 0x1000}], 0x1) timerfd_settime(r0, 0x0, &(0x7f00000000c0)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x387b1d0849878266, 0x8031, 0xffffffffffffffff, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pkey_mprotect(&(0x7f00002d5000/0x1000)=nil, 0x1000, 0x0, 0xffffffffffffffff) pkey_free(0xffffffffffffffff) 10:22:10 executing program 3: pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_elf32(r1, &(0x7f0000000400)=ANY=[@ANYRESOCT=0x0], 0x17) r3 = socket$inet(0x2, 0x3, 0x83) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$inet_int(r3, 0x0, 0x3, &(0x7f0000000140)=0x7ff, 0x4) connect$inet(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x41, &(0x7f0000000000)=0x440, 0x4) splice(r0, 0x0, r2, 0x0, 0x10005, 0x0) 10:22:10 executing program 2: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$IPSET_CMD_TYPE(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, 0x0}, 0x0) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) socket$inet_udp(0x2, 0x2, 0x0) r0 = openat$md(0xffffffffffffff9c, &(0x7f0000000080)='/dev/md0\x00', 0x0, 0x0) ioctl$BLKPG(r0, 0x4004092b, &(0x7f0000001200)={0x0, 0x0, 0x0, 0x0}) 10:22:10 executing program 5: socket$inet6(0xa, 0x80003, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000f80)={0x44, 0x2, 0x6, 0x1, 0x0, 0x0, {}, [@IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x44}}, 0x0) [ 514.120860][T13988] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 514.166000][T13988] CPU: 0 PID: 13988 Comm: syz-executor.1 Not tainted 5.5.0-rc1-syzkaller #0 [ 514.174737][T13988] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 514.184914][T13988] Call Trace: [ 514.188220][T13988] dump_stack+0x11d/0x181 [ 514.192622][T13988] dump_header+0xaa/0x39c [ 514.196981][T13988] oom_kill_process.cold+0x10/0x15 [ 514.202275][T13988] out_of_memory+0x231/0xa60 [ 514.206973][T13988] ? __rcu_read_unlock+0x66/0x3d0 [ 514.212144][T13988] mem_cgroup_out_of_memory+0x128/0x150 [ 514.217853][T13988] try_charge+0xb6c/0xbf0 [ 514.222243][T13988] ? rcu_note_context_switch+0x720/0x760 [ 514.227985][T13988] mem_cgroup_try_charge+0xd2/0x260 [ 514.233208][T13988] mem_cgroup_try_charge_delay+0x3a/0x80 [ 514.238861][T13988] __handle_mm_fault+0x197f/0x2e00 [ 514.244040][T13988] handle_mm_fault+0x21b/0x530 [ 514.248855][T13988] __get_user_pages+0x485/0x1130 [ 514.254051][T13988] populate_vma_page_range+0xe6/0x100 [ 514.259439][T13988] __mm_populate+0x168/0x2a0 [ 514.264123][T13988] __x64_sys_mlockall+0x2e3/0x320 [ 514.269187][T13988] do_syscall_64+0xcc/0x3a0 [ 514.273730][T13988] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 514.279635][T13988] RIP: 0033:0x45b349 [ 514.283635][T13988] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 514.303245][T13988] RSP: 002b:00007f8c5b479c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 10:22:10 executing program 3: pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_elf32(r1, &(0x7f0000000400)=ANY=[@ANYRESOCT=0x0], 0x17) r3 = socket$inet(0x2, 0x3, 0x83) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$inet_int(r3, 0x0, 0x3, &(0x7f0000000140)=0x7ff, 0x4) connect$inet(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x41, &(0x7f0000000000)=0x440, 0x4) splice(r0, 0x0, r2, 0x0, 0x10005, 0x0) [ 514.311671][T13988] RAX: ffffffffffffffda RBX: 00007f8c5b47a6d4 RCX: 000000000045b349 [ 514.319830][T13988] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 514.327918][T13988] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 514.335905][T13988] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 514.343972][T13988] R13: 0000000000000711 R14: 00000000004c8888 R15: 000000000075bf2c [ 514.468134][T13988] memory: usage 307200kB, limit 307200kB, failcnt 5373 [ 514.486933][T13988] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 514.532448][T13988] Memory cgroup stats for /syz1: [ 514.532696][T13988] anon 305659904 [ 514.532696][T13988] file 0 [ 514.532696][T13988] kernel_stack 368640 [ 514.532696][T13988] slab 4313088 [ 514.532696][T13988] sock 0 [ 514.532696][T13988] shmem 0 [ 514.532696][T13988] file_mapped 0 [ 514.532696][T13988] file_dirty 0 [ 514.532696][T13988] file_writeback 0 [ 514.532696][T13988] anon_thp 251658240 [ 514.532696][T13988] inactive_anon 189157376 [ 514.532696][T13988] active_anon 13365248 [ 514.532696][T13988] inactive_file 0 [ 514.532696][T13988] active_file 0 [ 514.532696][T13988] unevictable 103067648 [ 514.532696][T13988] slab_reclaimable 811008 [ 514.532696][T13988] slab_unreclaimable 3502080 [ 514.532696][T13988] pgfault 190443 [ 514.532696][T13988] pgmajfault 0 [ 514.532696][T13988] workingset_refault 33 [ 514.532696][T13988] workingset_activate 0 [ 514.532696][T13988] workingset_nodereclaim 0 [ 514.532696][T13988] pgrefill 298 [ 514.532696][T13988] pgscan 330 [ 514.532696][T13988] pgsteal 66 [ 514.733119][T13988] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=13972,uid=0 [ 514.771811][T13988] Memory cgroup out of memory: Killed process 13972 (syz-executor.1) total-vm:72716kB, anon-rss:18328kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:151552kB oom_score_adj:1000 [ 514.811822][ T1066] oom_reaper: reaped process 13972 (syz-executor.1), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 10:22:11 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) sched_setattr(0x0, 0x0, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000200)='/dev/snapshot\x00', 0x288000, 0x0) syz_open_dev$audion(&(0x7f0000000240)='/dev/audio#\x00', 0x9, 0x200840) dup(r1) ioctl$RTC_VL_READ(0xffffffffffffffff, 0x80047013, &(0x7f00000000c0)) exit(0x7) write$binfmt_script(0xffffffffffffffff, &(0x7f00000003c0)={'#! ', './file0', [{0x20, '/dev/kvm\x00'}, {}, {}, {0x20, 'proc'}], 0xa, "df7c00e09c916729334fbe57a726284a85ae23e7eb165a0922b020a14afa53fc919ed5b5820a609af38acfc21c2cacee2f808e60eafcd3ec51fdb7f62ca135bbf86f9c1bbf9c23db4038c329b0e8d63563439cf1b94606299a6c503abe926decd68a7e671c7dfcc4125e9888fbc8ce452b52"}, 0x8e) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) r2 = syz_open_dev$amidi(&(0x7f0000000280)='/dev/amidi#\x00', 0xaf, 0x428240) ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(r2, 0xc080661a, &(0x7f00000002c0)={{0x2, 0x0, @identifier="8cff7fc81ac6de7927c1c322084eaabd"}}) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) r3 = syz_open_procfs(0x0, &(0x7f0000000180)='net/softnet_stat\x00') close(r3) ioctl$BINDER_GET_NODE_INFO_FOR_REF(0xffffffffffffffff, 0xc018620c, &(0x7f0000000180)={0x2}) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) dup(r4) open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, &(0x7f0000000100)={{0x7f, 0x3, 0x7, 0xa59e}, 'syz0\x00', 0x37}) 10:22:11 executing program 5: socket$inet6(0xa, 0x80003, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000f80)={0x44, 0x2, 0x6, 0x1, 0x0, 0x0, {}, [@IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x44}}, 0x0) 10:22:11 executing program 2: clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) getpid() tkill(0x0, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_DEL(r0, &(0x7f0000000240)={&(0x7f0000000040), 0xc, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[@ANYBLOB="380100000a06030000000000000000000a000006780008800c000780060004404e2200001000078009001a007070703100000000100007800a001a0027626465760000000c000780080006400000001f0c00078008000840000000000c000780060004404e2300000c000780060004404e2200000c00078008000640000000080c000780050007005c0000000900020073797a30000000000500010007000000800008800c000780060004404e210000100007800c0018400000000000000005100007800c009e2df3c9473c52b5c305f316800800014000000000100007800a001100aaaaaaaaaabb00000c00078005001500080000000c00078008000b40800000000c0007800500150003000000100007800a001100aaaaaaaaaaaa00000c000780060005404e2300000900020073797a30000000000900020073797a3200000000"], 0x138}, 0x1, 0x0, 0x0, 0x4000}, 0x0) 10:22:11 executing program 3: pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_elf32(r1, &(0x7f0000000400)=ANY=[@ANYRESOCT=0x0], 0x17) r3 = socket$inet(0x2, 0x3, 0x83) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$inet_int(r3, 0x0, 0x3, &(0x7f0000000140)=0x7ff, 0x4) connect$inet(r2, 0x0, 0x0) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x41, &(0x7f0000000000)=0x440, 0x4) splice(r0, 0x0, r2, 0x0, 0x10005, 0x0) 10:22:11 executing program 0: r0 = timerfd_create(0x0, 0x0) readv(r0, &(0x7f0000000080)=[{&(0x7f0000000200)=""/4096, 0x1000}], 0x1) timerfd_settime(r0, 0x0, &(0x7f00000000c0)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x387b1d0849878266, 0x8031, 0xffffffffffffffff, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pkey_mprotect(&(0x7f00002d5000/0x1000)=nil, 0x1000, 0x0, 0xffffffffffffffff) pkey_free(0xffffffffffffffff) 10:22:11 executing program 4: r0 = timerfd_create(0x0, 0x0) readv(r0, &(0x7f0000000080)=[{&(0x7f0000000200)=""/4096, 0x1000}], 0x1) timerfd_settime(r0, 0x0, &(0x7f00000000c0)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pkey_mprotect(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 10:22:12 executing program 3: pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_elf32(r1, &(0x7f0000000400)=ANY=[@ANYRESOCT=0x0], 0x17) r3 = socket$inet(0x2, 0x3, 0x83) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$inet_int(r3, 0x0, 0x3, &(0x7f0000000140)=0x7ff, 0x4) connect$inet(r2, 0x0, 0x0) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x41, &(0x7f0000000000)=0x440, 0x4) splice(r0, 0x0, r2, 0x0, 0x10005, 0x0) [ 515.457489][T14053] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. 10:22:12 executing program 5: socket$inet6(0xa, 0x80003, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000f80)={0x44, 0x2, 0x6, 0x1, 0x0, 0x0, {}, [@IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x44}}, 0x0) 10:22:12 executing program 4: r0 = timerfd_create(0x0, 0x0) readv(r0, &(0x7f0000000080)=[{&(0x7f0000000200)=""/4096, 0x1000}], 0x1) timerfd_settime(r0, 0x0, &(0x7f00000000c0)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pkey_mprotect(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) [ 515.661063][T14048] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 515.712976][T14048] CPU: 1 PID: 14048 Comm: syz-executor.1 Not tainted 5.5.0-rc1-syzkaller #0 [ 515.721676][T14048] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 515.731735][T14048] Call Trace: [ 515.735170][T14048] dump_stack+0x11d/0x181 [ 515.739571][T14048] dump_header+0xaa/0x39c [ 515.743919][T14048] oom_kill_process.cold+0x10/0x15 [ 515.749062][T14048] out_of_memory+0x231/0xa60 [ 515.753667][T14048] ? __rcu_read_unlock+0x66/0x3d0 [ 515.758728][T14048] mem_cgroup_out_of_memory+0x128/0x150 [ 515.764404][T14048] try_charge+0xb6c/0xbf0 [ 515.768797][T14048] ? rcu_note_context_switch+0x720/0x760 [ 515.774460][T14048] mem_cgroup_try_charge+0xd2/0x260 [ 515.779786][T14048] mem_cgroup_try_charge_delay+0x3a/0x80 [ 515.785455][T14048] __handle_mm_fault+0x197f/0x2e00 [ 515.790592][T14048] handle_mm_fault+0x21b/0x530 [ 515.795372][T14048] __get_user_pages+0x485/0x1130 [ 515.800393][T14048] populate_vma_page_range+0xe6/0x100 [ 515.805873][T14048] __mm_populate+0x168/0x2a0 [ 515.810481][T14048] __x64_sys_mlockall+0x2e3/0x320 [ 515.815711][T14048] do_syscall_64+0xcc/0x3a0 [ 515.820352][T14048] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 515.826288][T14048] RIP: 0033:0x45b349 [ 515.830213][T14048] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 515.850031][T14048] RSP: 002b:00007f8c5b479c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 10:22:12 executing program 3: pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_elf32(r1, &(0x7f0000000400)=ANY=[@ANYRESOCT=0x0], 0x17) r3 = socket$inet(0x2, 0x3, 0x83) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$inet_int(r3, 0x0, 0x3, &(0x7f0000000140)=0x7ff, 0x4) connect$inet(r2, 0x0, 0x0) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x41, &(0x7f0000000000)=0x440, 0x4) splice(r0, 0x0, r2, 0x0, 0x10005, 0x0) 10:22:12 executing program 5: socket$inet6(0xa, 0x80003, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000f80)={0x44, 0x2, 0x6, 0x1, 0x0, 0x0, {}, [@IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x44}}, 0x0) [ 515.858798][T14048] RAX: ffffffffffffffda RBX: 00007f8c5b47a6d4 RCX: 000000000045b349 [ 515.866864][T14048] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 515.874956][T14048] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 515.883100][T14048] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 515.891751][T14048] R13: 0000000000000711 R14: 00000000004c8888 R15: 000000000075bf2c 10:22:12 executing program 4: r0 = timerfd_create(0x0, 0x0) readv(r0, &(0x7f0000000080)=[{&(0x7f0000000200)=""/4096, 0x1000}], 0x1) timerfd_settime(r0, 0x0, &(0x7f00000000c0)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pkey_mprotect(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) [ 516.088885][T14048] memory: usage 307200kB, limit 307200kB, failcnt 5393 [ 516.096118][T14048] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 516.108147][T14048] Memory cgroup stats for /syz1: [ 516.108426][T14048] anon 305434624 [ 516.108426][T14048] file 0 [ 516.108426][T14048] kernel_stack 368640 [ 516.108426][T14048] slab 4313088 [ 516.108426][T14048] sock 0 [ 516.108426][T14048] shmem 0 [ 516.108426][T14048] file_mapped 0 [ 516.108426][T14048] file_dirty 0 [ 516.108426][T14048] file_writeback 0 [ 516.108426][T14048] anon_thp 251658240 [ 516.108426][T14048] inactive_anon 189145088 [ 516.108426][T14048] active_anon 13475840 [ 516.108426][T14048] inactive_file 0 [ 516.108426][T14048] active_file 0 [ 516.108426][T14048] unevictable 102936576 [ 516.108426][T14048] slab_reclaimable 811008 [ 516.108426][T14048] slab_unreclaimable 3502080 [ 516.108426][T14048] pgfault 192390 [ 516.108426][T14048] pgmajfault 0 [ 516.108426][T14048] workingset_refault 33 [ 516.108426][T14048] workingset_activate 0 [ 516.108426][T14048] workingset_nodereclaim 0 [ 516.108426][T14048] pgrefill 298 [ 516.108426][T14048] pgscan 330 [ 516.108426][T14048] pgsteal 66 [ 516.211190][T14048] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=14033,uid=0 [ 516.236427][T14048] Memory cgroup out of memory: Killed process 14033 (syz-executor.1) total-vm:72716kB, anon-rss:18328kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:151552kB oom_score_adj:1000 10:22:13 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) sched_setattr(0x0, 0x0, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000200)='/dev/snapshot\x00', 0x288000, 0x0) syz_open_dev$audion(&(0x7f0000000240)='/dev/audio#\x00', 0x9, 0x200840) dup(r1) ioctl$RTC_VL_READ(0xffffffffffffffff, 0x80047013, &(0x7f00000000c0)) exit(0x7) write$binfmt_script(0xffffffffffffffff, &(0x7f00000003c0)={'#! ', './file0', [{0x20, '/dev/kvm\x00'}, {}, {}, {0x20, 'proc'}], 0xa, "df7c00e09c916729334fbe57a726284a85ae23e7eb165a0922b020a14afa53fc919ed5b5820a609af38acfc21c2cacee2f808e60eafcd3ec51fdb7f62ca135bbf86f9c1bbf9c23db4038c329b0e8d63563439cf1b94606299a6c503abe926decd68a7e671c7dfcc4125e9888fbc8ce452b52"}, 0x8e) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) r2 = syz_open_dev$amidi(&(0x7f0000000280)='/dev/amidi#\x00', 0xaf, 0x428240) ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(r2, 0xc080661a, &(0x7f00000002c0)={{0x2, 0x0, @identifier="8cff7fc81ac6de7927c1c322084eaabd"}}) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) r3 = syz_open_procfs(0x0, &(0x7f0000000180)='net/softnet_stat\x00') close(r3) ioctl$BINDER_GET_NODE_INFO_FOR_REF(0xffffffffffffffff, 0xc018620c, &(0x7f0000000180)={0x2}) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) dup(r4) open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, &(0x7f0000000100)={{0x7f, 0x3, 0x7, 0xa59e}, 'syz0\x00', 0x37}) 10:22:13 executing program 3: pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_elf32(r1, &(0x7f0000000400)=ANY=[@ANYRESOCT=0x0], 0x17) r3 = socket$inet(0x2, 0x3, 0x83) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$inet_int(r3, 0x0, 0x3, &(0x7f0000000140)=0x7ff, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x41, &(0x7f0000000000)=0x440, 0x4) splice(r0, 0x0, r2, 0x0, 0x10005, 0x0) 10:22:13 executing program 5: socket$inet6(0xa, 0x80003, 0x0) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000f80)={0x44, 0x2, 0x6, 0x1, 0x0, 0x0, {}, [@IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x44}}, 0x0) 10:22:13 executing program 0: r0 = timerfd_create(0x0, 0x0) readv(r0, &(0x7f0000000080)=[{&(0x7f0000000200)=""/4096, 0x1000}], 0x1) timerfd_settime(r0, 0x0, &(0x7f00000000c0)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x387b1d0849878266, 0x8031, 0xffffffffffffffff, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pkey_mprotect(&(0x7f00002d5000/0x1000)=nil, 0x1000, 0x0, 0xffffffffffffffff) pkey_free(0xffffffffffffffff) 10:22:13 executing program 2: sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) unshare(0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f00000004c0)='./file0\x00', 0x0, 0x2503, 0x0, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)) kcmp(0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff) 10:22:13 executing program 4: r0 = timerfd_create(0x0, 0x0) readv(r0, &(0x7f0000000080)=[{&(0x7f0000000200)=""/4096, 0x1000}], 0x1) timerfd_settime(r0, 0x0, &(0x7f00000000c0)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x387b1d0849878266, 0x10, 0xffffffffffffffff, 0x0) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pkey_mprotect(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 10:22:13 executing program 5: socket$inet6(0xa, 0x80003, 0x0) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000f80)={0x44, 0x2, 0x6, 0x1, 0x0, 0x0, {}, [@IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x44}}, 0x0) 10:22:13 executing program 4: r0 = timerfd_create(0x0, 0x0) readv(r0, &(0x7f0000000080)=[{&(0x7f0000000200)=""/4096, 0x1000}], 0x1) timerfd_settime(r0, 0x0, &(0x7f00000000c0)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x387b1d0849878266, 0x10, 0xffffffffffffffff, 0x0) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pkey_mprotect(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 10:22:13 executing program 3: pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_elf32(r1, &(0x7f0000000400)=ANY=[@ANYRESOCT=0x0], 0x17) r3 = socket$inet(0x2, 0x3, 0x83) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$inet_int(r3, 0x0, 0x3, &(0x7f0000000140)=0x7ff, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x41, &(0x7f0000000000)=0x440, 0x4) splice(r0, 0x0, r2, 0x0, 0x10005, 0x0) 10:22:13 executing program 3: pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_elf32(r1, &(0x7f0000000400)=ANY=[@ANYRESOCT=0x0], 0x17) r3 = socket$inet(0x2, 0x3, 0x83) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$inet_int(r3, 0x0, 0x3, &(0x7f0000000140)=0x7ff, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x41, &(0x7f0000000000)=0x440, 0x4) splice(r0, 0x0, r2, 0x0, 0x10005, 0x0) 10:22:13 executing program 4: r0 = timerfd_create(0x0, 0x0) readv(r0, &(0x7f0000000080)=[{&(0x7f0000000200)=""/4096, 0x1000}], 0x1) timerfd_settime(r0, 0x0, &(0x7f00000000c0)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x387b1d0849878266, 0x10, 0xffffffffffffffff, 0x0) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pkey_mprotect(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) [ 517.251070][T14114] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 517.273876][T14114] CPU: 0 PID: 14114 Comm: syz-executor.1 Not tainted 5.5.0-rc1-syzkaller #0 [ 517.283419][T14114] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 517.294048][T14114] Call Trace: [ 517.297483][T14114] dump_stack+0x11d/0x181 [ 517.302085][T14114] dump_header+0xaa/0x39c [ 517.306512][T14114] oom_kill_process.cold+0x10/0x15 [ 517.312396][T14114] out_of_memory+0x231/0xa60 [ 517.317117][T14114] ? __rcu_read_unlock+0x66/0x3d0 [ 517.322540][T14114] mem_cgroup_out_of_memory+0x128/0x150 [ 517.328215][T14114] try_charge+0xb6c/0xbf0 [ 517.332693][T14114] ? rcu_note_context_switch+0x720/0x760 [ 517.338719][T14114] mem_cgroup_try_charge+0xd2/0x260 [ 517.345155][T14114] mem_cgroup_try_charge_delay+0x3a/0x80 [ 517.350903][T14114] __handle_mm_fault+0x197f/0x2e00 [ 517.356183][T14114] handle_mm_fault+0x21b/0x530 [ 517.361048][T14114] __get_user_pages+0x485/0x1130 [ 517.366363][T14114] populate_vma_page_range+0xe6/0x100 [ 517.371911][T14114] __mm_populate+0x168/0x2a0 [ 517.379026][T14114] __x64_sys_mlockall+0x2e3/0x320 [ 517.384075][T14114] do_syscall_64+0xcc/0x3a0 [ 517.388679][T14114] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 517.395284][T14114] RIP: 0033:0x45b349 [ 517.399275][T14114] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 517.420146][T14114] RSP: 002b:00007f8c5b479c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 517.428596][T14114] RAX: ffffffffffffffda RBX: 00007f8c5b47a6d4 RCX: 000000000045b349 [ 517.436759][T14114] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 10:22:13 executing program 3: pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_elf32(r1, &(0x7f0000000400)=ANY=[@ANYRESOCT=0x0], 0x17) r3 = socket$inet(0x2, 0x3, 0x83) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$inet_int(r3, 0x0, 0x3, &(0x7f0000000140)=0x7ff, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x0, &(0x7f0000000000)=0x440, 0x4) splice(r0, 0x0, r2, 0x0, 0x10005, 0x0) [ 517.444778][T14114] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 517.452791][T14114] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 517.460947][T14114] R13: 0000000000000711 R14: 00000000004c8888 R15: 000000000075bf2c [ 517.735017][T14114] memory: usage 307196kB, limit 307200kB, failcnt 5407 [ 517.752447][T14114] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 517.759804][T14114] Memory cgroup stats for /syz1: [ 517.760014][T14114] anon 305401856 [ 517.760014][T14114] file 0 [ 517.760014][T14114] kernel_stack 368640 [ 517.760014][T14114] slab 4452352 [ 517.760014][T14114] sock 0 [ 517.760014][T14114] shmem 0 [ 517.760014][T14114] file_mapped 0 [ 517.760014][T14114] file_dirty 0 [ 517.760014][T14114] file_writeback 0 [ 517.760014][T14114] anon_thp 251658240 [ 517.760014][T14114] inactive_anon 189120512 [ 517.760014][T14114] active_anon 13430784 [ 517.760014][T14114] inactive_file 0 [ 517.760014][T14114] active_file 0 [ 517.760014][T14114] unevictable 102797312 [ 517.760014][T14114] slab_reclaimable 811008 [ 517.760014][T14114] slab_unreclaimable 3641344 [ 517.760014][T14114] pgfault 194271 [ 517.760014][T14114] pgmajfault 0 [ 517.760014][T14114] workingset_refault 33 [ 517.760014][T14114] workingset_activate 0 [ 517.760014][T14114] workingset_nodereclaim 0 [ 517.760014][T14114] pgrefill 298 [ 517.760014][T14114] pgscan 330 [ 517.760014][T14114] pgsteal 66 [ 517.877378][T14114] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=14094,uid=0 [ 517.905873][T14114] Memory cgroup out of memory: Killed process 14094 (syz-executor.1) total-vm:72716kB, anon-rss:18328kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:151552kB oom_score_adj:1000 [ 517.955472][T14104] FAT-fs (loop2): bogus number of reserved sectors [ 517.977963][T14104] FAT-fs (loop2): Can't find a valid FAT filesystem 10:22:14 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) sched_setattr(0x0, 0x0, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000200)='/dev/snapshot\x00', 0x288000, 0x0) syz_open_dev$audion(&(0x7f0000000240)='/dev/audio#\x00', 0x9, 0x200840) dup(r1) ioctl$RTC_VL_READ(0xffffffffffffffff, 0x80047013, &(0x7f00000000c0)) exit(0x7) write$binfmt_script(0xffffffffffffffff, &(0x7f00000003c0)={'#! ', './file0', [{0x20, '/dev/kvm\x00'}, {}, {}, {0x20, 'proc'}], 0xa, "df7c00e09c916729334fbe57a726284a85ae23e7eb165a0922b020a14afa53fc919ed5b5820a609af38acfc21c2cacee2f808e60eafcd3ec51fdb7f62ca135bbf86f9c1bbf9c23db4038c329b0e8d63563439cf1b94606299a6c503abe926decd68a7e671c7dfcc4125e9888fbc8ce452b52"}, 0x8e) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) r2 = syz_open_dev$amidi(&(0x7f0000000280)='/dev/amidi#\x00', 0xaf, 0x428240) ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(r2, 0xc080661a, &(0x7f00000002c0)={{0x2, 0x0, @identifier="8cff7fc81ac6de7927c1c322084eaabd"}}) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) r3 = syz_open_procfs(0x0, &(0x7f0000000180)='net/softnet_stat\x00') close(r3) ioctl$BINDER_GET_NODE_INFO_FOR_REF(0xffffffffffffffff, 0xc018620c, &(0x7f0000000180)={0x2}) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) dup(r4) open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, &(0x7f0000000100)={{0x7f, 0x3, 0x7, 0xa59e}, 'syz0\x00', 0x37}) 10:22:14 executing program 5: socket$inet6(0xa, 0x80003, 0x0) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000f80)={0x44, 0x2, 0x6, 0x1, 0x0, 0x0, {}, [@IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x44}}, 0x0) 10:22:14 executing program 3: pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_elf32(r1, &(0x7f0000000400)=ANY=[@ANYRESOCT=0x0], 0x17) r3 = socket$inet(0x2, 0x3, 0x83) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$inet_int(r3, 0x0, 0x3, &(0x7f0000000140)=0x7ff, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x0, &(0x7f0000000000)=0x440, 0x4) splice(r0, 0x0, r2, 0x0, 0x10005, 0x0) 10:22:14 executing program 4: r0 = timerfd_create(0x0, 0x0) readv(r0, &(0x7f0000000080)=[{&(0x7f0000000200)=""/4096, 0x1000}], 0x1) timerfd_settime(r0, 0x0, &(0x7f00000000c0)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x387b1d0849878266, 0x8031, 0xffffffffffffffff, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pkey_mprotect(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 10:22:14 executing program 0: syz_open_dev$evdev(&(0x7f0000000440)='/dev/input/event#\x00', 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) openat$cuse(0xffffffffffffff9c, &(0x7f0000000040)='/dev/cuse\x00', 0x2, 0x0) syz_genetlink_get_family_id$batadv(0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r0, &(0x7f0000000140)=[{&(0x7f0000000040)="f5", 0x1}, {&(0x7f0000000000)="643175501e063ec063015c6b25a3d51668f2c81ba26f8d019c21d0c0aaa752373a", 0x21}], 0x200000000000007d, 0x0) 10:22:14 executing program 2: openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) writev(0xffffffffffffffff, &(0x7f0000000200)=[{&(0x7f00000000c0)="5800000014", 0x5}], 0x1) write$binfmt_elf64(0xffffffffffffffff, &(0x7f0000000640)=ANY=[@ANYBLOB="88bf259659a927b1928b9ba4ede63a447592f257922018418901fa42fddd618eb6a1a4d98f1d7f6801da69f924999c01625a77006543cfc56c83e1e8f5460d62abd8ae69496a0fe7c3000000000000a835c967b9fc7735aeaad6717c226fe345493d11fef924ec36080001000000000000e35876adf33b088694a803cf484a8c1daead95121cc813690b0576eadfcfb9460f486ac5bc0e61c693afb10e05ded9f5ca08409cb928e42d9d7b1e8876fd772151ac883c909eabda032fe8876bbea07246fcd3d3f84f47ee27cdfd220487fa755507"], 0xd3) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) writev(r0, &(0x7f0000000200), 0x0) write$binfmt_elf64(r0, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000600)=[{0x0}], 0x1) write$binfmt_misc(r0, 0x0, 0x0) openat$cgroup_type(r0, &(0x7f0000000340)='cgroup.type\x00', 0x2, 0x0) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, &(0x7f0000000280)={0x8, 0x42, 0x0, 0x1ff, 0x80}) r1 = syz_open_dev$vcsn(&(0x7f0000000080)='/dev/vcs#\x00', 0x5, 0x200000) unshare(0x2040400) open(&(0x7f0000000040)='.\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x1, @perf_bp={0x0}, 0x0, 0x0, 0x4, 0x4, 0x0, 0x0, 0xffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000003c0)='./cgroup/syz0\x00', 0x200002, 0x0) fchdir(r3) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f00000004c0)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) dup(r2) ioctl$TIOCSISO7816(0xffffffffffffffff, 0xc0285443, &(0x7f0000000200)={0xffff, 0x200, 0x0, 0x4}) umount2(&(0x7f0000000540)='./file0\x00', 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000240)) renameat2(0xffffffffffffffff, &(0x7f0000000000)='./file1\x00', 0xffffffffffffffff, 0x0, 0x0) bpf$BPF_MAP_GET_NEXT_ID(0xc, &(0x7f00000000c0)={0x7ff, 0x7f}, 0xc) kcmp(0x0, 0x0, 0x0, r1, 0xffffffffffffffff) syz_open_procfs(0x0, &(0x7f0000000140)='net/rt_acct\x00') 10:22:15 executing program 3: pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_elf32(r1, &(0x7f0000000400)=ANY=[@ANYRESOCT=0x0], 0x17) r3 = socket$inet(0x2, 0x3, 0x83) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$inet_int(r3, 0x0, 0x3, &(0x7f0000000140)=0x7ff, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x0, &(0x7f0000000000)=0x440, 0x4) splice(r0, 0x0, r2, 0x0, 0x10005, 0x0) 10:22:15 executing program 5: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000f80)={0x44, 0x2, 0x6, 0x1, 0x0, 0x0, {}, [@IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x44}}, 0x0) [ 518.749724][T14166] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 518.768972][T14166] CPU: 1 PID: 14166 Comm: syz-executor.1 Not tainted 5.5.0-rc1-syzkaller #0 [ 518.778241][T14166] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 518.788496][T14166] Call Trace: [ 518.792227][T14166] dump_stack+0x11d/0x181 [ 518.797193][T14166] dump_header+0xaa/0x39c [ 518.801663][T14166] oom_kill_process.cold+0x10/0x15 [ 518.806857][T14166] out_of_memory+0x231/0xa60 [ 518.811465][T14166] ? __rcu_read_unlock+0x66/0x3d0 [ 518.816694][T14166] mem_cgroup_out_of_memory+0x128/0x150 [ 518.822596][T14166] try_charge+0xb6c/0xbf0 [ 518.827068][T14166] ? rcu_note_context_switch+0x720/0x760 [ 518.832990][T14166] mem_cgroup_try_charge+0xd2/0x260 [ 518.838515][T14166] mem_cgroup_try_charge_delay+0x3a/0x80 [ 518.844334][T14166] __handle_mm_fault+0x197f/0x2e00 [ 518.849586][T14166] handle_mm_fault+0x21b/0x530 [ 518.854364][T14166] __get_user_pages+0x485/0x1130 [ 518.859391][T14166] populate_vma_page_range+0xe6/0x100 [ 518.865410][T14166] __mm_populate+0x168/0x2a0 [ 518.870193][T14166] __x64_sys_mlockall+0x2e3/0x320 [ 518.875324][T14166] do_syscall_64+0xcc/0x3a0 [ 518.880090][T14166] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 518.886107][T14166] RIP: 0033:0x45b349 10:22:15 executing program 5: socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000f80)={0x44, 0x2, 0x6, 0x1, 0x0, 0x0, {}, [@IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x44}}, 0x0) [ 518.890166][T14166] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 518.910033][T14166] RSP: 002b:00007f8c5b479c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 518.922134][T14166] RAX: ffffffffffffffda RBX: 00007f8c5b47a6d4 RCX: 000000000045b349 [ 518.930605][T14166] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 518.938584][T14166] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 10:22:15 executing program 3: pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_elf32(r1, &(0x7f0000000400)=ANY=[@ANYRESOCT=0x0], 0x17) r3 = socket$inet(0x2, 0x3, 0x83) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$inet_int(r3, 0x0, 0x3, &(0x7f0000000140)=0x7ff, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x41, 0x0, 0x0) splice(r0, 0x0, r2, 0x0, 0x10005, 0x0) [ 518.946612][T14166] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 518.954729][T14166] R13: 0000000000000711 R14: 00000000004c8888 R15: 000000000075bf2c [ 518.973865][T14166] memory: usage 307200kB, limit 307200kB, failcnt 5456 [ 518.980876][T14166] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 519.011424][T14166] Memory cgroup stats for /syz1: [ 519.011722][T14166] anon 305319936 [ 519.011722][T14166] file 0 [ 519.011722][T14166] kernel_stack 405504 [ 519.011722][T14166] slab 4587520 [ 519.011722][T14166] sock 0 [ 519.011722][T14166] shmem 0 [ 519.011722][T14166] file_mapped 0 [ 519.011722][T14166] file_dirty 0 [ 519.011722][T14166] file_writeback 0 [ 519.011722][T14166] anon_thp 251658240 [ 519.011722][T14166] inactive_anon 189263872 [ 519.011722][T14166] active_anon 13426688 [ 519.011722][T14166] inactive_file 0 [ 519.011722][T14166] active_file 0 [ 519.011722][T14166] unevictable 102715392 [ 519.011722][T14166] slab_reclaimable 811008 [ 519.011722][T14166] slab_unreclaimable 3776512 [ 519.011722][T14166] pgfault 196119 [ 519.011722][T14166] pgmajfault 0 [ 519.011722][T14166] workingset_refault 33 [ 519.011722][T14166] workingset_activate 0 [ 519.011722][T14166] workingset_nodereclaim 0 [ 519.011722][T14166] pgrefill 298 [ 519.011722][T14166] pgscan 330 [ 519.011722][T14166] pgsteal 66 10:22:15 executing program 0: perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r0, &(0x7f0000000140)=[{&(0x7f0000000040)="f5", 0x1}, {&(0x7f0000000000)="643175501e063ec063015c6b25a3d51668f2c81ba26f8d019c21d0c0aaa752373a", 0x21}], 0x200000000000007d, 0x0) 10:22:15 executing program 3: pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_elf32(r1, &(0x7f0000000400)=ANY=[@ANYRESOCT=0x0], 0x17) r3 = socket$inet(0x2, 0x3, 0x83) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$inet_int(r3, 0x0, 0x3, &(0x7f0000000140)=0x7ff, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x41, 0x0, 0x0) splice(r0, 0x0, r2, 0x0, 0x10005, 0x0) [ 519.204968][T14166] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=14152,uid=0 [ 519.235975][T14166] Memory cgroup out of memory: Killed process 14152 (syz-executor.1) total-vm:72716kB, anon-rss:18328kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:151552kB oom_score_adj:1000 [ 519.375948][T14175] syz-executor.1 invoked oom-killer: gfp_mask=0x40cc0(GFP_KERNEL|__GFP_COMP), order=0, oom_score_adj=1000 [ 519.464266][T14175] CPU: 0 PID: 14175 Comm: syz-executor.1 Not tainted 5.5.0-rc1-syzkaller #0 [ 519.473039][T14175] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 519.483100][T14175] Call Trace: [ 519.486399][T14175] dump_stack+0x11d/0x181 [ 519.490815][T14175] dump_header+0xaa/0x39c [ 519.495255][T14175] oom_kill_process.cold+0x10/0x15 [ 519.500391][T14175] out_of_memory+0x231/0xa60 [ 519.505015][T14175] mem_cgroup_out_of_memory+0x128/0x150 [ 519.510686][T14175] try_charge+0x800/0xbf0 [ 519.515187][T14175] __memcg_kmem_charge_memcg+0x4a/0xe0 [ 519.520679][T14175] cache_grow_begin+0x3bb/0x5c0 [ 519.525570][T14175] fallback_alloc+0x161/0x1f0 [ 519.530291][T14175] ____cache_alloc_node+0x1b1/0x1c0 [ 519.535571][T14175] ? memcg_kmem_get_cache+0x1b1/0x320 [ 519.540973][T14175] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 519.547265][T14175] kmem_cache_alloc_node+0xbb/0x660 [ 519.552488][T14175] copy_process+0x2dd/0x3c40 [ 519.557178][T14175] ? do_futex+0xf6/0x18d0 [ 519.561529][T14175] _do_fork+0xfe/0x7a0 [ 519.565616][T14175] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 519.571909][T14175] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 519.577813][T14175] ? __read_once_size+0x5a/0xe0 [ 519.582745][T14175] __x64_sys_clone+0x130/0x170 [ 519.587522][T14175] do_syscall_64+0xcc/0x3a0 [ 519.592050][T14175] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 519.598031][T14175] RIP: 0033:0x45b349 [ 519.602127][T14175] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 519.621829][T14175] RSP: 002b:00007f8c5b458c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 519.630288][T14175] RAX: ffffffffffffffda RBX: 00007f8c5b4596d4 RCX: 000000000045b349 [ 519.638325][T14175] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 519.646478][T14175] RBP: 000000000075bfc8 R08: ffffffffffffffff R09: 0000000000000000 [ 519.654463][T14175] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 519.662440][T14175] R13: 0000000000000070 R14: 00000000004c1bc4 R15: 000000000075bfd4 [ 519.697856][T14175] memory: usage 296968kB, limit 307200kB, failcnt 5456 [ 519.704815][T14175] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 519.711663][T14175] Memory cgroup stats for /syz1: [ 519.711848][T14175] anon 294907904 [ 519.711848][T14175] file 0 [ 519.711848][T14175] kernel_stack 405504 [ 519.711848][T14175] slab 4587520 [ 519.711848][T14175] sock 0 [ 519.711848][T14175] shmem 0 [ 519.711848][T14175] file_mapped 0 [ 519.711848][T14175] file_dirty 0 [ 519.711848][T14175] file_writeback 0 [ 519.711848][T14175] anon_thp 243269632 [ 519.711848][T14175] inactive_anon 179011584 [ 519.711848][T14175] active_anon 13426688 [ 519.711848][T14175] inactive_file 0 [ 519.711848][T14175] active_file 0 [ 519.711848][T14175] unevictable 102662144 [ 519.711848][T14175] slab_reclaimable 811008 [ 519.711848][T14175] slab_unreclaimable 3776512 [ 519.711848][T14175] pgfault 196878 [ 519.711848][T14175] pgmajfault 0 [ 519.711848][T14175] workingset_refault 33 [ 519.711848][T14175] workingset_activate 0 [ 519.711848][T14175] workingset_nodereclaim 0 [ 519.711848][T14175] pgrefill 298 [ 519.711848][T14175] pgscan 330 [ 519.711848][T14175] pgsteal 66 [ 519.807245][T14175] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=9686,uid=0 [ 519.823115][T14175] Memory cgroup out of memory: Killed process 9686 (syz-executor.1) total-vm:72716kB, anon-rss:18328kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:151552kB oom_score_adj:1000 [ 519.848394][ T1066] oom_reaper: reaped process 9686 (syz-executor.1), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 10:22:17 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) sched_setattr(0x0, 0x0, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000200)='/dev/snapshot\x00', 0x288000, 0x0) syz_open_dev$audion(&(0x7f0000000240)='/dev/audio#\x00', 0x9, 0x200840) dup(r1) ioctl$RTC_VL_READ(r1, 0x80047013, 0x0) exit(0x7) write$binfmt_script(0xffffffffffffffff, &(0x7f00000003c0)={'#! ', './file0', [{0x20, '/dev/kvm\x00'}, {}, {}, {0x20, 'proc'}], 0xa, "df7c00e09c916729334fbe57a726284a85ae23e7eb165a0922b020a14afa53fc919ed5b5820a609af38acfc21c2cacee2f808e60eafcd3ec51fdb7f62ca135bbf86f9c1bbf9c23db4038c329b0e8d63563439cf1b94606299a6c503abe926decd68a7e671c7dfcc4125e9888fbc8ce452b52"}, 0x8e) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) r2 = syz_open_dev$amidi(&(0x7f0000000280)='/dev/amidi#\x00', 0xaf, 0x428240) ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(r2, 0xc080661a, &(0x7f00000002c0)={{0x2, 0x0, @identifier="8cff7fc81ac6de7927c1c322084eaabd"}}) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) r3 = syz_open_procfs(0x0, &(0x7f0000000180)='net/softnet_stat\x00') close(r3) ioctl$BINDER_GET_NODE_INFO_FOR_REF(0xffffffffffffffff, 0xc018620c, &(0x7f0000000180)={0x2}) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) dup(r4) open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, &(0x7f0000000100)={{0x7f, 0x3, 0x7, 0xa59e}, 'syz0\x00', 0x37}) 10:22:17 executing program 5: socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000f80)={0x44, 0x2, 0x6, 0x1, 0x0, 0x0, {}, [@IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x44}}, 0x0) 10:22:17 executing program 2: openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) writev(0xffffffffffffffff, &(0x7f0000000200)=[{&(0x7f00000000c0)="5800000014", 0x5}], 0x1) write$binfmt_elf64(0xffffffffffffffff, &(0x7f0000000640)=ANY=[@ANYBLOB="88bf259659a927b1928b9ba4ede63a447592f257922018418901fa42fddd618eb6a1a4d98f1d7f6801da69f924999c01625a77006543cfc56c83e1e8f5460d62abd8ae69496a0fe7c3000000000000a835c967b9fc7735aeaad6717c226fe345493d11fef924ec36080001000000000000e35876adf33b088694a803cf484a8c1daead95121cc813690b0576eadfcfb9460f486ac5bc0e61c693afb10e05ded9f5ca08409cb928e42d9d7b1e8876fd772151ac883c909eabda032fe8876bbea07246fcd3d3f84f47ee27cdfd220487fa755507"], 0xd3) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) writev(r0, &(0x7f0000000200), 0x0) write$binfmt_elf64(r0, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000600)=[{0x0}], 0x1) write$binfmt_misc(r0, 0x0, 0x0) openat$cgroup_type(r0, &(0x7f0000000340)='cgroup.type\x00', 0x2, 0x0) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, &(0x7f0000000280)={0x8, 0x42, 0x0, 0x1ff, 0x80}) r1 = syz_open_dev$vcsn(&(0x7f0000000080)='/dev/vcs#\x00', 0x5, 0x200000) unshare(0x2040400) open(&(0x7f0000000040)='.\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x1, @perf_bp={0x0}, 0x0, 0x0, 0x4, 0x4, 0x0, 0x0, 0xffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000003c0)='./cgroup/syz0\x00', 0x200002, 0x0) fchdir(r3) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f00000004c0)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) dup(r2) ioctl$TIOCSISO7816(0xffffffffffffffff, 0xc0285443, &(0x7f0000000200)={0xffff, 0x200, 0x0, 0x4}) umount2(&(0x7f0000000540)='./file0\x00', 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000240)) renameat2(0xffffffffffffffff, &(0x7f0000000000)='./file1\x00', 0xffffffffffffffff, 0x0, 0x0) bpf$BPF_MAP_GET_NEXT_ID(0xc, &(0x7f00000000c0)={0x7ff, 0x7f}, 0xc) kcmp(0x0, 0x0, 0x0, r1, 0xffffffffffffffff) syz_open_procfs(0x0, &(0x7f0000000140)='net/rt_acct\x00') 10:22:17 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) recvmmsg(r0, &(0x7f0000003b40)=[{{&(0x7f0000002d80)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @local}}}, 0x80, 0x0}}], 0x1, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x541b, &(0x7f0000000080)={'batadv_slave_0\x00'}) 10:22:17 executing program 3: pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_elf32(r1, &(0x7f0000000400)=ANY=[@ANYRESOCT=0x0], 0x17) r3 = socket$inet(0x2, 0x3, 0x83) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$inet_int(r3, 0x0, 0x3, &(0x7f0000000140)=0x7ff, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x41, 0x0, 0x0) splice(r0, 0x0, r2, 0x0, 0x10005, 0x0) 10:22:17 executing program 4: r0 = timerfd_create(0x0, 0x0) readv(r0, &(0x7f0000000080)=[{&(0x7f0000000200)=""/4096, 0x1000}], 0x1) timerfd_settime(r0, 0x0, &(0x7f00000000c0)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x387b1d0849878266, 0x8031, 0xffffffffffffffff, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pkey_mprotect(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 10:22:17 executing program 3: pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_elf32(r1, &(0x7f0000000400)=ANY=[@ANYRESOCT=0x0], 0x17) r3 = socket$inet(0x2, 0x3, 0x83) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$inet_int(r3, 0x0, 0x3, &(0x7f0000000140)=0x7ff, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x41, &(0x7f0000000000), 0x4) splice(r0, 0x0, r2, 0x0, 0x10005, 0x0) 10:22:17 executing program 3: pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_elf32(r1, &(0x7f0000000400)=ANY=[@ANYRESOCT=0x0], 0x17) r3 = socket$inet(0x2, 0x3, 0x83) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$inet_int(r3, 0x0, 0x3, &(0x7f0000000140)=0x7ff, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x41, &(0x7f0000000000), 0x4) splice(r0, 0x0, r2, 0x0, 0x10005, 0x0) 10:22:17 executing program 5: socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000f80)={0x44, 0x2, 0x6, 0x1, 0x0, 0x0, {}, [@IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x44}}, 0x0) 10:22:17 executing program 2: r0 = creat(&(0x7f0000000080)='./bus\x00', 0x0) close(r0) socketpair$unix(0x1, 0x5, 0x0, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x17, 0x0, 0x0) 10:22:17 executing program 3: pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_elf32(r1, &(0x7f0000000400)=ANY=[@ANYRESOCT=0x0], 0x17) r3 = socket$inet(0x2, 0x3, 0x83) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$inet_int(r3, 0x0, 0x3, &(0x7f0000000140)=0x7ff, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x41, &(0x7f0000000000), 0x4) splice(r0, 0x0, r2, 0x0, 0x10005, 0x0) 10:22:17 executing program 5: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, 0x0, 0x0) 10:22:18 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) sched_setattr(0x0, 0x0, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000200)='/dev/snapshot\x00', 0x288000, 0x0) syz_open_dev$audion(&(0x7f0000000240)='/dev/audio#\x00', 0x9, 0x200840) dup(r1) ioctl$RTC_VL_READ(r1, 0x80047013, 0x0) exit(0x7) write$binfmt_script(0xffffffffffffffff, &(0x7f00000003c0)={'#! ', './file0', [{0x20, '/dev/kvm\x00'}, {}, {}, {0x20, 'proc'}], 0xa, "df7c00e09c916729334fbe57a726284a85ae23e7eb165a0922b020a14afa53fc919ed5b5820a609af38acfc21c2cacee2f808e60eafcd3ec51fdb7f62ca135bbf86f9c1bbf9c23db4038c329b0e8d63563439cf1b94606299a6c503abe926decd68a7e671c7dfcc4125e9888fbc8ce452b52"}, 0x8e) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) r2 = syz_open_dev$amidi(&(0x7f0000000280)='/dev/amidi#\x00', 0xaf, 0x428240) ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(r2, 0xc080661a, &(0x7f00000002c0)={{0x2, 0x0, @identifier="8cff7fc81ac6de7927c1c322084eaabd"}}) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) r3 = syz_open_procfs(0x0, &(0x7f0000000180)='net/softnet_stat\x00') close(r3) ioctl$BINDER_GET_NODE_INFO_FOR_REF(0xffffffffffffffff, 0xc018620c, &(0x7f0000000180)={0x2}) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) dup(r4) open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, &(0x7f0000000100)={{0x7f, 0x3, 0x7, 0xa59e}, 'syz0\x00', 0x37}) 10:22:18 executing program 3: pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) write$binfmt_elf32(r0, &(0x7f0000000400)=ANY=[@ANYRESOCT=0x0], 0x17) r2 = socket$inet(0x2, 0x3, 0x83) bind$inet(r1, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$inet_int(r2, 0x0, 0x3, &(0x7f0000000140)=0x7ff, 0x4) connect$inet(r1, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) setsockopt$SO_TIMESTAMPING(r1, 0x1, 0x41, &(0x7f0000000000)=0x440, 0x4) splice(0xffffffffffffffff, 0x0, r1, 0x0, 0x10005, 0x0) 10:22:18 executing program 2: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) setsockopt$inet_MCAST_MSFILTER(r0, 0x0, 0x30, 0x0, 0x0) 10:22:18 executing program 5: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, 0x0, 0x0) 10:22:18 executing program 0: r0 = creat(&(0x7f0000000080)='./bus\x00', 0x0) close(r0) socketpair$unix(0x1, 0x5, 0x0, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x0, 0x0, 0x0) 10:22:18 executing program 4: r0 = timerfd_create(0x0, 0x0) readv(r0, &(0x7f0000000080)=[{&(0x7f0000000200)=""/4096, 0x1000}], 0x1) timerfd_settime(r0, 0x0, &(0x7f00000000c0)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x387b1d0849878266, 0x8031, 0xffffffffffffffff, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pkey_mprotect(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 10:22:18 executing program 5: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, 0x0, 0x0) 10:22:18 executing program 0: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$md(0xffffffffffffff9c, &(0x7f0000000080)='/dev/md0\x00', 0x0, 0x0) ioctl$BLKPG(r0, 0x407412ec, &(0x7f0000001200)={0x47, 0x0, 0x0, 0x0}) 10:22:18 executing program 2: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)={0xa4, 0x0, 0x1, 0x519, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x3c, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @remote}}}, @CTA_TUPLE_PROTO={0xc, 0x2, {0x5}}]}, @CTA_TUPLE_REPLY={0x3c, 0x2, [@CTA_TUPLE_PROTO={0xc, 0x2, {0x5}}, @CTA_TUPLE_IP={0x2c, 0x1, @ipv6={{0x14, 0x3, @initdev={0xfe, 0x88, [], 0x0, 0x0}}, {0x14, 0x4, @mcast1}}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, [@CTA_NAT_PROTO={0xc, 0x3, [@CTA_PROTONAT_PORT_MIN={0x6}]}]}]}, 0xa4}}, 0x0) 10:22:18 executing program 3: pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) write$binfmt_elf32(r0, &(0x7f0000000400)=ANY=[@ANYRESOCT=0x0], 0x17) r2 = socket$inet(0x2, 0x3, 0x83) bind$inet(r1, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$inet_int(r2, 0x0, 0x3, &(0x7f0000000140)=0x7ff, 0x4) connect$inet(r1, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) setsockopt$SO_TIMESTAMPING(r1, 0x1, 0x41, &(0x7f0000000000)=0x440, 0x4) splice(0xffffffffffffffff, 0x0, r1, 0x0, 0x10005, 0x0) 10:22:18 executing program 0: 10:22:18 executing program 2: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)={0xa4, 0x0, 0x1, 0x519, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x3c, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @remote}}}, @CTA_TUPLE_PROTO={0xc, 0x2, {0x5}}]}, @CTA_TUPLE_REPLY={0x3c, 0x2, [@CTA_TUPLE_PROTO={0xc, 0x2, {0x5}}, @CTA_TUPLE_IP={0x2c, 0x1, @ipv6={{0x14, 0x3, @initdev={0xfe, 0x88, [], 0x0, 0x0}}, {0x14, 0x4, @mcast1}}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, [@CTA_NAT_PROTO={0xc, 0x3, [@CTA_PROTONAT_PORT_MIN={0x6}]}]}]}, 0xa4}}, 0x0) [ 522.073984][T14268] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 522.094301][T14268] CPU: 1 PID: 14268 Comm: syz-executor.1 Not tainted 5.5.0-rc1-syzkaller #0 [ 522.103336][T14268] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 522.113496][T14268] Call Trace: [ 522.116795][T14268] dump_stack+0x11d/0x181 [ 522.121145][T14268] dump_header+0xaa/0x39c [ 522.125608][T14268] oom_kill_process.cold+0x10/0x15 [ 522.130746][T14268] out_of_memory+0x231/0xa60 [ 522.135369][T14268] ? __rcu_read_unlock+0x66/0x3d0 [ 522.140552][T14268] mem_cgroup_out_of_memory+0x128/0x150 [ 522.146241][T14268] try_charge+0xb6c/0xbf0 [ 522.150592][T14268] ? rcu_note_context_switch+0x720/0x760 [ 522.156243][T14268] mem_cgroup_try_charge+0xd2/0x260 [ 522.161478][T14268] mem_cgroup_try_charge_delay+0x3a/0x80 [ 522.167114][T14268] __handle_mm_fault+0x197f/0x2e00 [ 522.172360][T14268] handle_mm_fault+0x21b/0x530 [ 522.177206][T14268] __get_user_pages+0x485/0x1130 [ 522.182197][T14268] populate_vma_page_range+0xe6/0x100 [ 522.187736][T14268] __mm_populate+0x168/0x2a0 [ 522.192352][T14268] __x64_sys_mlockall+0x2e3/0x320 [ 522.197496][T14268] do_syscall_64+0xcc/0x3a0 [ 522.202015][T14268] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 522.207905][T14268] RIP: 0033:0x45b349 [ 522.211865][T14268] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 522.231483][T14268] RSP: 002b:00007f8c5b479c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 522.239995][T14268] RAX: ffffffffffffffda RBX: 00007f8c5b47a6d4 RCX: 000000000045b349 [ 522.248040][T14268] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 522.256131][T14268] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 522.264106][T14268] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 522.272114][T14268] R13: 0000000000000711 R14: 00000000004c8888 R15: 000000000075bf2c [ 522.330298][T14268] memory: usage 307200kB, limit 307200kB, failcnt 5474 [ 522.337367][T14268] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 522.344263][T14268] Memory cgroup stats for /syz1: [ 522.344480][T14268] anon 305238016 [ 522.344480][T14268] file 0 [ 522.344480][T14268] kernel_stack 405504 [ 522.344480][T14268] slab 4587520 [ 522.344480][T14268] sock 0 [ 522.344480][T14268] shmem 0 [ 522.344480][T14268] file_mapped 0 [ 522.344480][T14268] file_dirty 0 [ 522.344480][T14268] file_writeback 0 [ 522.344480][T14268] anon_thp 253755392 [ 522.344480][T14268] inactive_anon 197881856 [ 522.344480][T14268] active_anon 13430784 [ 522.344480][T14268] inactive_file 0 [ 522.344480][T14268] active_file 0 [ 522.344480][T14268] unevictable 93962240 [ 522.344480][T14268] slab_reclaimable 811008 [ 522.344480][T14268] slab_unreclaimable 3776512 [ 522.344480][T14268] pgfault 198759 [ 522.344480][T14268] pgmajfault 0 [ 522.344480][T14268] workingset_refault 33 [ 522.344480][T14268] workingset_activate 0 [ 522.344480][T14268] workingset_nodereclaim 0 [ 522.344480][T14268] pgrefill 298 [ 522.344480][T14268] pgscan 330 [ 522.344480][T14268] pgsteal 66 [ 522.448217][T14268] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=14206,uid=0 [ 522.482495][T14268] Memory cgroup out of memory: Killed process 14206 (syz-executor.1) total-vm:72980kB, anon-rss:18592kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:155648kB oom_score_adj:1000 [ 522.537823][ T1066] oom_reaper: reaped process 14206 (syz-executor.1), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 10:22:19 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) sched_setattr(0x0, 0x0, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000200)='/dev/snapshot\x00', 0x288000, 0x0) syz_open_dev$audion(&(0x7f0000000240)='/dev/audio#\x00', 0x9, 0x200840) dup(r1) ioctl$RTC_VL_READ(r1, 0x80047013, 0x0) exit(0x7) write$binfmt_script(0xffffffffffffffff, &(0x7f00000003c0)={'#! ', './file0', [{0x20, '/dev/kvm\x00'}, {}, {}, {0x20, 'proc'}], 0xa, "df7c00e09c916729334fbe57a726284a85ae23e7eb165a0922b020a14afa53fc919ed5b5820a609af38acfc21c2cacee2f808e60eafcd3ec51fdb7f62ca135bbf86f9c1bbf9c23db4038c329b0e8d63563439cf1b94606299a6c503abe926decd68a7e671c7dfcc4125e9888fbc8ce452b52"}, 0x8e) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) r2 = syz_open_dev$amidi(&(0x7f0000000280)='/dev/amidi#\x00', 0xaf, 0x428240) ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(r2, 0xc080661a, &(0x7f00000002c0)={{0x2, 0x0, @identifier="8cff7fc81ac6de7927c1c322084eaabd"}}) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) r3 = syz_open_procfs(0x0, &(0x7f0000000180)='net/softnet_stat\x00') close(r3) ioctl$BINDER_GET_NODE_INFO_FOR_REF(0xffffffffffffffff, 0xc018620c, &(0x7f0000000180)={0x2}) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) dup(r4) open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, &(0x7f0000000100)={{0x7f, 0x3, 0x7, 0xa59e}, 'syz0\x00', 0x37}) 10:22:19 executing program 5: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000001080)={0x0, 0x0, 0x0}, 0x0) 10:22:19 executing program 3: pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) write$binfmt_elf32(r0, &(0x7f0000000400)=ANY=[@ANYRESOCT=0x0], 0x17) r2 = socket$inet(0x2, 0x3, 0x83) bind$inet(r1, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$inet_int(r2, 0x0, 0x3, &(0x7f0000000140)=0x7ff, 0x4) connect$inet(r1, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) setsockopt$SO_TIMESTAMPING(r1, 0x1, 0x41, &(0x7f0000000000)=0x440, 0x4) splice(0xffffffffffffffff, 0x0, r1, 0x0, 0x10005, 0x0) 10:22:19 executing program 0: r0 = socket$unix(0x1, 0x5, 0x0) r1 = socket$unix(0x1, 0x5, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) getsockopt$inet6_int(r2, 0x29, 0x43, 0x0, &(0x7f0000000080)) 10:22:19 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='task\x00') socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r1, r0, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000080), &(0x7f00000000c0)=0xc) 10:22:19 executing program 4: r0 = timerfd_create(0x0, 0x0) readv(r0, &(0x7f0000000080)=[{&(0x7f0000000200)=""/4096, 0x1000}], 0x1) timerfd_settime(r0, 0x0, &(0x7f00000000c0)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x387b1d0849878266, 0x8031, 0xffffffffffffffff, 0x0) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pkey_mprotect(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x0, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 10:22:19 executing program 3: pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_elf32(r1, &(0x7f0000000400)=ANY=[@ANYRESOCT=0x0], 0x17) r3 = socket$inet(0x2, 0x3, 0x83) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$inet_int(r3, 0x0, 0x3, &(0x7f0000000140)=0x7ff, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x41, &(0x7f0000000000)=0x440, 0x4) splice(r0, 0x0, 0xffffffffffffffff, 0x0, 0x10005, 0x0) 10:22:19 executing program 0: r0 = semget(0x3, 0x0, 0x0) semctl$GETPID(r0, 0x3, 0xb, 0x0) 10:22:19 executing program 5: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000001080)={0x0, 0x0, 0x0}, 0x0) 10:22:19 executing program 2: r0 = socket(0x1, 0x1, 0x0) getsockopt$inet6_int(r0, 0x29, 0x43, 0x0, &(0x7f0000000000)) 10:22:19 executing program 0: r0 = socket$unix(0x1, 0x5, 0x0) r1 = socket$unix(0x1, 0x5, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) setsockopt$IP_VS_SO_SET_EDIT(r2, 0x0, 0x483, 0x0, 0x0) [ 523.358818][T14311] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 523.392535][T14311] CPU: 0 PID: 14311 Comm: syz-executor.1 Not tainted 5.5.0-rc1-syzkaller #0 [ 523.401243][T14311] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 523.411303][T14311] Call Trace: [ 523.414615][T14311] dump_stack+0x11d/0x181 [ 523.419027][T14311] dump_header+0xaa/0x39c [ 523.423386][T14311] oom_kill_process.cold+0x10/0x15 [ 523.428514][T14311] out_of_memory+0x231/0xa60 [ 523.433184][T14311] ? __rcu_read_unlock+0x66/0x3d0 [ 523.438242][T14311] mem_cgroup_out_of_memory+0x128/0x150 [ 523.444147][T14311] try_charge+0xb6c/0xbf0 [ 523.448529][T14311] ? rcu_note_context_switch+0x720/0x760 [ 523.454208][T14311] mem_cgroup_try_charge+0xd2/0x260 [ 523.459524][T14311] mem_cgroup_try_charge_delay+0x3a/0x80 [ 523.465373][T14311] __handle_mm_fault+0x197f/0x2e00 [ 523.470643][T14311] handle_mm_fault+0x21b/0x530 [ 523.475420][T14311] __get_user_pages+0x485/0x1130 [ 523.480372][T14311] populate_vma_page_range+0xe6/0x100 [ 523.485757][T14311] __mm_populate+0x168/0x2a0 [ 523.490386][T14311] __x64_sys_mlockall+0x2e3/0x320 [ 523.495429][T14311] do_syscall_64+0xcc/0x3a0 [ 523.499956][T14311] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 523.505860][T14311] RIP: 0033:0x45b349 [ 523.509830][T14311] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 523.529700][T14311] RSP: 002b:00007f8c5b479c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 523.538132][T14311] RAX: ffffffffffffffda RBX: 00007f8c5b47a6d4 RCX: 000000000045b349 [ 523.546307][T14311] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 10:22:20 executing program 2: [ 523.554347][T14311] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 523.562327][T14311] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 523.570360][T14311] R13: 0000000000000711 R14: 00000000004c8888 R15: 000000000075bf2c [ 523.732469][T14311] memory: usage 307200kB, limit 307200kB, failcnt 5547 [ 523.739355][T14311] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 523.767845][T14311] Memory cgroup stats for /syz1: [ 523.768173][T14311] anon 305291264 [ 523.768173][T14311] file 0 [ 523.768173][T14311] kernel_stack 405504 [ 523.768173][T14311] slab 4587520 [ 523.768173][T14311] sock 0 [ 523.768173][T14311] shmem 0 [ 523.768173][T14311] file_mapped 0 [ 523.768173][T14311] file_dirty 0 [ 523.768173][T14311] file_writeback 0 [ 523.768173][T14311] anon_thp 253755392 [ 523.768173][T14311] inactive_anon 191205376 [ 523.768173][T14311] active_anon 13447168 [ 523.768173][T14311] inactive_file 0 [ 523.768173][T14311] active_file 0 [ 523.768173][T14311] unevictable 100691968 [ 523.768173][T14311] slab_reclaimable 811008 [ 523.768173][T14311] slab_unreclaimable 3776512 [ 523.768173][T14311] pgfault 200706 [ 523.768173][T14311] pgmajfault 0 [ 523.768173][T14311] workingset_refault 33 [ 523.768173][T14311] workingset_activate 0 [ 523.768173][T14311] workingset_nodereclaim 0 [ 523.768173][T14311] pgrefill 298 [ 523.768173][T14311] pgscan 330 [ 523.768173][T14311] pgsteal 66 [ 523.864601][T14311] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=14296,uid=0 [ 523.880225][T14311] Memory cgroup out of memory: Killed process 14296 (syz-executor.1) total-vm:72716kB, anon-rss:18328kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:151552kB oom_score_adj:1000 [ 523.901817][ T1066] oom_reaper: reaped process 14296 (syz-executor.1), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 10:22:20 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) sched_setattr(0x0, 0x0, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000200)='/dev/snapshot\x00', 0x288000, 0x0) syz_open_dev$audion(&(0x7f0000000240)='/dev/audio#\x00', 0x9, 0x200840) dup(r1) ioctl$RTC_VL_READ(r1, 0x80047013, &(0x7f00000000c0)) exit(0x0) write$binfmt_script(0xffffffffffffffff, &(0x7f00000003c0)={'#! ', './file0', [{0x20, '/dev/kvm\x00'}, {}, {}, {0x20, 'proc'}], 0xa, "df7c00e09c916729334fbe57a726284a85ae23e7eb165a0922b020a14afa53fc919ed5b5820a609af38acfc21c2cacee2f808e60eafcd3ec51fdb7f62ca135bbf86f9c1bbf9c23db4038c329b0e8d63563439cf1b94606299a6c503abe926decd68a7e671c7dfcc4125e9888fbc8ce452b52"}, 0x8e) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) r2 = syz_open_dev$amidi(&(0x7f0000000280)='/dev/amidi#\x00', 0xaf, 0x428240) ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(r2, 0xc080661a, &(0x7f00000002c0)={{0x2, 0x0, @identifier="8cff7fc81ac6de7927c1c322084eaabd"}}) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) r3 = syz_open_procfs(0x0, &(0x7f0000000180)='net/softnet_stat\x00') close(r3) ioctl$BINDER_GET_NODE_INFO_FOR_REF(0xffffffffffffffff, 0xc018620c, &(0x7f0000000180)={0x2}) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) dup(r4) open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, &(0x7f0000000100)={{0x7f, 0x3, 0x7, 0xa59e}, 'syz0\x00', 0x37}) 10:22:20 executing program 0: 10:22:20 executing program 3: pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_elf32(r1, &(0x7f0000000400)=ANY=[@ANYRESOCT=0x0], 0x17) r3 = socket$inet(0x2, 0x3, 0x83) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$inet_int(r3, 0x0, 0x3, &(0x7f0000000140)=0x7ff, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x41, &(0x7f0000000000)=0x440, 0x4) splice(r0, 0x0, 0xffffffffffffffff, 0x0, 0x10005, 0x0) 10:22:20 executing program 5: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000001080)={0x0, 0x0, 0x0}, 0x0) 10:22:20 executing program 2: 10:22:20 executing program 4: r0 = timerfd_create(0x0, 0x0) readv(r0, &(0x7f0000000080)=[{&(0x7f0000000200)=""/4096, 0x1000}], 0x1) timerfd_settime(r0, 0x0, &(0x7f00000000c0)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x387b1d0849878266, 0x8031, 0xffffffffffffffff, 0x0) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pkey_mprotect(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x0, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 10:22:20 executing program 2: 10:22:21 executing program 3: pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_elf32(r1, &(0x7f0000000400)=ANY=[@ANYRESOCT=0x0], 0x17) r3 = socket$inet(0x2, 0x3, 0x83) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$inet_int(r3, 0x0, 0x3, &(0x7f0000000140)=0x7ff, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x41, &(0x7f0000000000)=0x440, 0x4) splice(r0, 0x0, 0xffffffffffffffff, 0x0, 0x10005, 0x0) 10:22:21 executing program 5: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000080)={0x0}}, 0x0) 10:22:21 executing program 0: 10:22:21 executing program 2: [ 524.722652][T14350] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 10:22:21 executing program 5: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000080)={0x0}}, 0x0) [ 524.769210][T14350] CPU: 1 PID: 14350 Comm: syz-executor.1 Not tainted 5.5.0-rc1-syzkaller #0 [ 524.778006][T14350] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 524.788064][T14350] Call Trace: [ 524.791895][T14350] dump_stack+0x11d/0x181 [ 524.796250][T14350] dump_header+0xaa/0x39c [ 524.800604][T14350] oom_kill_process.cold+0x10/0x15 [ 524.805977][T14350] out_of_memory+0x231/0xa60 [ 524.810593][T14350] ? __rcu_read_unlock+0x66/0x3d0 [ 524.815945][T14350] mem_cgroup_out_of_memory+0x128/0x150 [ 524.821605][T14350] try_charge+0xb6c/0xbf0 [ 524.826096][T14350] ? rcu_note_context_switch+0x720/0x760 [ 524.832239][T14350] mem_cgroup_try_charge+0xd2/0x260 [ 524.838483][T14350] mem_cgroup_try_charge_delay+0x3a/0x80 [ 524.844358][T14350] __handle_mm_fault+0x197f/0x2e00 [ 524.849641][T14350] handle_mm_fault+0x21b/0x530 [ 524.854541][T14350] __get_user_pages+0x485/0x1130 [ 524.859530][T14350] populate_vma_page_range+0xe6/0x100 [ 524.865116][T14350] __mm_populate+0x168/0x2a0 [ 524.869993][T14350] __x64_sys_mlockall+0x2e3/0x320 [ 524.875239][T14350] do_syscall_64+0xcc/0x3a0 [ 524.879909][T14350] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 524.885824][T14350] RIP: 0033:0x45b349 [ 524.889906][T14350] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 524.909765][T14350] RSP: 002b:00007f8c5b479c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 524.919048][T14350] RAX: ffffffffffffffda RBX: 00007f8c5b47a6d4 RCX: 000000000045b349 [ 524.927236][T14350] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 524.935280][T14350] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 524.943384][T14350] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 524.951999][T14350] R13: 0000000000000711 R14: 00000000004c8888 R15: 000000000075bf2c [ 524.982754][T14350] memory: usage 307200kB, limit 307200kB, failcnt 5603 [ 525.001390][T14350] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 525.053731][T14350] Memory cgroup stats for /syz1: [ 525.053893][T14350] anon 305291264 [ 525.053893][T14350] file 0 [ 525.053893][T14350] kernel_stack 405504 [ 525.053893][T14350] slab 4587520 [ 525.053893][T14350] sock 0 [ 525.053893][T14350] shmem 0 [ 525.053893][T14350] file_mapped 0 [ 525.053893][T14350] file_dirty 0 [ 525.053893][T14350] file_writeback 0 [ 525.053893][T14350] anon_thp 253755392 [ 525.053893][T14350] inactive_anon 191242240 [ 525.053893][T14350] active_anon 13471744 [ 525.053893][T14350] inactive_file 0 [ 525.053893][T14350] active_file 0 [ 525.053893][T14350] unevictable 100691968 [ 525.053893][T14350] slab_reclaimable 811008 [ 525.053893][T14350] slab_unreclaimable 3776512 [ 525.053893][T14350] pgfault 202587 [ 525.053893][T14350] pgmajfault 0 [ 525.053893][T14350] workingset_refault 33 [ 525.053893][T14350] workingset_activate 0 [ 525.053893][T14350] workingset_nodereclaim 0 [ 525.053893][T14350] pgrefill 298 [ 525.053893][T14350] pgscan 363 [ 525.053893][T14350] pgsteal 66 [ 525.162071][T14350] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=14336,uid=0 [ 525.178148][T14350] Memory cgroup out of memory: Killed process 14336 (syz-executor.1) total-vm:72716kB, anon-rss:18328kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:151552kB oom_score_adj:1000 10:22:22 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) sched_setattr(0x0, 0x0, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000200)='/dev/snapshot\x00', 0x288000, 0x0) syz_open_dev$audion(&(0x7f0000000240)='/dev/audio#\x00', 0x9, 0x200840) dup(r1) ioctl$RTC_VL_READ(r1, 0x80047013, &(0x7f00000000c0)) exit(0x0) write$binfmt_script(0xffffffffffffffff, &(0x7f00000003c0)={'#! ', './file0', [{0x20, '/dev/kvm\x00'}, {}, {}, {0x20, 'proc'}], 0xa, "df7c00e09c916729334fbe57a726284a85ae23e7eb165a0922b020a14afa53fc919ed5b5820a609af38acfc21c2cacee2f808e60eafcd3ec51fdb7f62ca135bbf86f9c1bbf9c23db4038c329b0e8d63563439cf1b94606299a6c503abe926decd68a7e671c7dfcc4125e9888fbc8ce452b52"}, 0x8e) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) r2 = syz_open_dev$amidi(&(0x7f0000000280)='/dev/amidi#\x00', 0xaf, 0x428240) ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(r2, 0xc080661a, &(0x7f00000002c0)={{0x2, 0x0, @identifier="8cff7fc81ac6de7927c1c322084eaabd"}}) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) r3 = syz_open_procfs(0x0, &(0x7f0000000180)='net/softnet_stat\x00') close(r3) ioctl$BINDER_GET_NODE_INFO_FOR_REF(0xffffffffffffffff, 0xc018620c, &(0x7f0000000180)={0x2}) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) dup(r4) open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, &(0x7f0000000100)={{0x7f, 0x3, 0x7, 0xa59e}, 'syz0\x00', 0x37}) 10:22:22 executing program 5: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000080)={0x0}}, 0x0) 10:22:22 executing program 2: 10:22:22 executing program 0: 10:22:22 executing program 3: pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_elf32(r1, &(0x7f0000000400)=ANY=[@ANYRESOCT=0x0], 0x17) r3 = socket$inet(0x2, 0x3, 0x83) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$inet_int(r3, 0x0, 0x3, &(0x7f0000000140)=0x7ff, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x41, &(0x7f0000000000)=0x440, 0x4) splice(r0, 0x0, r2, 0x0, 0x0, 0x0) 10:22:22 executing program 4: r0 = timerfd_create(0x0, 0x0) readv(r0, &(0x7f0000000080)=[{&(0x7f0000000200)=""/4096, 0x1000}], 0x1) timerfd_settime(r0, 0x0, &(0x7f00000000c0)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x387b1d0849878266, 0x8031, 0xffffffffffffffff, 0x0) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pkey_mprotect(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x0, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 10:22:22 executing program 2: 10:22:22 executing program 0: 10:22:22 executing program 5: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000f80)={0x44, 0x2, 0x6, 0x0, 0x0, 0x0, {}, [@IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x44}}, 0x0) 10:22:22 executing program 3: pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_elf32(r1, &(0x7f0000000400)=ANY=[@ANYRESOCT=0x0], 0x17) r3 = socket$inet(0x2, 0x3, 0x83) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$inet_int(r3, 0x0, 0x3, &(0x7f0000000140)=0x7ff, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x41, &(0x7f0000000000)=0x440, 0x4) splice(r0, 0x0, r2, 0x0, 0x0, 0x0) 10:22:22 executing program 5: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000f80)={0x44, 0x2, 0x6, 0x0, 0x0, 0x0, {}, [@IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x44}}, 0x0) [ 525.977423][T14385] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 526.002474][T14385] CPU: 0 PID: 14385 Comm: syz-executor.1 Not tainted 5.5.0-rc1-syzkaller #0 [ 526.011251][T14385] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 526.022090][T14385] Call Trace: [ 526.025435][T14385] dump_stack+0x11d/0x181 [ 526.029844][T14385] dump_header+0xaa/0x39c [ 526.034218][T14385] oom_kill_process.cold+0x10/0x15 [ 526.039719][T14385] out_of_memory+0x231/0xa60 [ 526.044329][T14385] ? __rcu_read_unlock+0x66/0x3d0 [ 526.050033][T14385] mem_cgroup_out_of_memory+0x128/0x150 [ 526.055651][T14385] try_charge+0xb6c/0xbf0 [ 526.060966][T14385] ? rcu_note_context_switch+0x720/0x760 [ 526.066975][T14385] mem_cgroup_try_charge+0xd2/0x260 [ 526.072417][T14385] mem_cgroup_try_charge_delay+0x3a/0x80 [ 526.078912][T14385] __handle_mm_fault+0x197f/0x2e00 [ 526.084147][T14385] handle_mm_fault+0x21b/0x530 [ 526.088935][T14385] __get_user_pages+0x485/0x1130 [ 526.094591][T14385] populate_vma_page_range+0xe6/0x100 [ 526.099988][T14385] __mm_populate+0x168/0x2a0 [ 526.104604][T14385] __x64_sys_mlockall+0x2e3/0x320 [ 526.109758][T14385] do_syscall_64+0xcc/0x3a0 [ 526.114411][T14385] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 526.120344][T14385] RIP: 0033:0x45b349 [ 526.124291][T14385] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 526.148937][T14385] RSP: 002b:00007f8c5b458c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 526.159054][T14385] RAX: ffffffffffffffda RBX: 00007f8c5b4596d4 RCX: 000000000045b349 [ 526.167045][T14385] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 10:22:22 executing program 5: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000f80)={0x44, 0x2, 0x6, 0x0, 0x0, 0x0, {}, [@IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x44}}, 0x0) [ 526.175423][T14385] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 526.183414][T14385] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 526.191474][T14385] R13: 0000000000000711 R14: 00000000004c8888 R15: 000000000075bfd4 [ 526.300779][T14385] memory: usage 307200kB, limit 307200kB, failcnt 5677 [ 526.315373][T14385] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 526.345664][T14385] Memory cgroup stats for /syz1: [ 526.345865][T14385] anon 305192960 [ 526.345865][T14385] file 0 [ 526.345865][T14385] kernel_stack 405504 [ 526.345865][T14385] slab 4452352 [ 526.345865][T14385] sock 0 [ 526.345865][T14385] shmem 0 [ 526.345865][T14385] file_mapped 0 [ 526.345865][T14385] file_dirty 0 [ 526.345865][T14385] file_writeback 0 [ 526.345865][T14385] anon_thp 253755392 [ 526.345865][T14385] inactive_anon 191373312 [ 526.345865][T14385] active_anon 13496320 [ 526.345865][T14385] inactive_file 0 [ 526.345865][T14385] active_file 0 [ 526.345865][T14385] unevictable 100569088 [ 526.345865][T14385] slab_reclaimable 811008 [ 526.345865][T14385] slab_unreclaimable 3641344 [ 526.345865][T14385] pgfault 204501 [ 526.345865][T14385] pgmajfault 0 [ 526.345865][T14385] workingset_refault 33 [ 526.345865][T14385] workingset_activate 0 [ 526.345865][T14385] workingset_nodereclaim 0 [ 526.345865][T14385] pgrefill 298 [ 526.345865][T14385] pgscan 363 [ 526.345865][T14385] pgsteal 66 [ 526.456409][T14385] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=14370,uid=0 [ 526.475506][T14385] Memory cgroup out of memory: Killed process 14370 (syz-executor.1) total-vm:72716kB, anon-rss:18328kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:151552kB oom_score_adj:1000 [ 526.499249][ T1066] oom_reaper: reaped process 14370 (syz-executor.1), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 10:22:23 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) sched_setattr(0x0, 0x0, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000200)='/dev/snapshot\x00', 0x288000, 0x0) syz_open_dev$audion(&(0x7f0000000240)='/dev/audio#\x00', 0x9, 0x200840) dup(r1) ioctl$RTC_VL_READ(r1, 0x80047013, &(0x7f00000000c0)) exit(0x0) write$binfmt_script(0xffffffffffffffff, &(0x7f00000003c0)={'#! ', './file0', [{0x20, '/dev/kvm\x00'}, {}, {}, {0x20, 'proc'}], 0xa, "df7c00e09c916729334fbe57a726284a85ae23e7eb165a0922b020a14afa53fc919ed5b5820a609af38acfc21c2cacee2f808e60eafcd3ec51fdb7f62ca135bbf86f9c1bbf9c23db4038c329b0e8d63563439cf1b94606299a6c503abe926decd68a7e671c7dfcc4125e9888fbc8ce452b52"}, 0x8e) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) r2 = syz_open_dev$amidi(&(0x7f0000000280)='/dev/amidi#\x00', 0xaf, 0x428240) ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(r2, 0xc080661a, &(0x7f00000002c0)={{0x2, 0x0, @identifier="8cff7fc81ac6de7927c1c322084eaabd"}}) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) r3 = syz_open_procfs(0x0, &(0x7f0000000180)='net/softnet_stat\x00') close(r3) ioctl$BINDER_GET_NODE_INFO_FOR_REF(0xffffffffffffffff, 0xc018620c, &(0x7f0000000180)={0x2}) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) dup(r4) open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, &(0x7f0000000100)={{0x7f, 0x3, 0x7, 0xa59e}, 'syz0\x00', 0x37}) 10:22:23 executing program 2: 10:22:23 executing program 3: pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_elf32(r1, &(0x7f0000000400)=ANY=[@ANYRESOCT=0x0], 0x17) r3 = socket$inet(0x2, 0x3, 0x83) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$inet_int(r3, 0x0, 0x3, &(0x7f0000000140)=0x7ff, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x41, &(0x7f0000000000)=0x440, 0x4) splice(r0, 0x0, r2, 0x0, 0x0, 0x0) 10:22:23 executing program 0: 10:22:23 executing program 5: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000f80)={0x3c, 0x2, 0x6, 0x1, 0x0, 0x0, {}, [@IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}]}, 0x3c}}, 0x0) 10:22:23 executing program 4: r0 = timerfd_create(0x0, 0x0) readv(r0, &(0x7f0000000080)=[{&(0x7f0000000200)=""/4096, 0x1000}], 0x1) timerfd_settime(r0, 0x0, &(0x7f00000000c0)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x387b1d0849878266, 0x8031, 0xffffffffffffffff, 0x0) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pkey_mprotect(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x5, 0x0, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 10:22:23 executing program 2: 10:22:23 executing program 5: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000f80)={0x3c, 0x2, 0x6, 0x1, 0x0, 0x0, {}, [@IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}]}, 0x3c}}, 0x0) 10:22:23 executing program 0: 10:22:23 executing program 2: 10:22:23 executing program 3: 10:22:23 executing program 5: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000f80)={0x3c, 0x2, 0x6, 0x1, 0x0, 0x0, {}, [@IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}]}, 0x3c}}, 0x0) [ 527.385269][T14427] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 527.421176][T14427] CPU: 0 PID: 14427 Comm: syz-executor.1 Not tainted 5.5.0-rc1-syzkaller #0 [ 527.431079][T14427] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 527.442141][T14427] Call Trace: [ 527.445703][T14427] dump_stack+0x11d/0x181 [ 527.450275][T14427] dump_header+0xaa/0x39c [ 527.454992][T14427] oom_kill_process.cold+0x10/0x15 [ 527.461094][T14427] out_of_memory+0x231/0xa60 [ 527.465793][T14427] ? __rcu_read_unlock+0x66/0x3d0 [ 527.471183][T14427] mem_cgroup_out_of_memory+0x128/0x150 [ 527.478706][T14427] try_charge+0xb6c/0xbf0 [ 527.483244][T14427] ? rcu_note_context_switch+0x720/0x760 [ 527.489023][T14427] mem_cgroup_try_charge+0xd2/0x260 [ 527.494559][T14427] mem_cgroup_try_charge_delay+0x3a/0x80 [ 527.500731][T14427] __handle_mm_fault+0x197f/0x2e00 [ 527.506088][T14427] handle_mm_fault+0x21b/0x530 [ 527.510948][T14427] __get_user_pages+0x485/0x1130 [ 527.515962][T14427] populate_vma_page_range+0xe6/0x100 [ 527.521441][T14427] __mm_populate+0x168/0x2a0 [ 527.526212][T14427] __x64_sys_mlockall+0x2e3/0x320 [ 527.531305][T14427] do_syscall_64+0xcc/0x3a0 [ 527.535831][T14427] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 527.542104][T14427] RIP: 0033:0x45b349 [ 527.546112][T14427] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 527.566839][T14427] RSP: 002b:00007f8c5b458c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 527.575778][T14427] RAX: ffffffffffffffda RBX: 00007f8c5b4596d4 RCX: 000000000045b349 [ 527.583998][T14427] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 527.592251][T14427] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 527.600343][T14427] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 527.608336][T14427] R13: 0000000000000711 R14: 00000000004c8888 R15: 000000000075bfd4 [ 527.627951][T14427] memory: usage 307200kB, limit 307200kB, failcnt 5724 [ 527.635175][T14427] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 527.642325][T14427] Memory cgroup stats for /syz1: [ 527.642681][T14427] anon 305561600 [ 527.642681][T14427] file 0 [ 527.642681][T14427] kernel_stack 405504 [ 527.642681][T14427] slab 4452352 [ 527.642681][T14427] sock 0 [ 527.642681][T14427] shmem 0 [ 527.642681][T14427] file_mapped 0 [ 527.642681][T14427] file_dirty 0 [ 527.642681][T14427] file_writeback 0 [ 527.642681][T14427] anon_thp 253755392 [ 527.642681][T14427] inactive_anon 191348736 [ 527.642681][T14427] active_anon 13475840 [ 527.642681][T14427] inactive_file 0 [ 527.642681][T14427] active_file 0 [ 527.642681][T14427] unevictable 100958208 [ 527.642681][T14427] slab_reclaimable 811008 [ 527.642681][T14427] slab_unreclaimable 3641344 [ 527.642681][T14427] pgfault 206448 [ 527.642681][T14427] pgmajfault 0 [ 527.642681][T14427] workingset_refault 33 [ 527.642681][T14427] workingset_activate 0 [ 527.642681][T14427] workingset_nodereclaim 0 [ 527.642681][T14427] pgrefill 298 [ 527.642681][T14427] pgscan 363 [ 527.642681][T14427] pgsteal 66 [ 527.752501][T14427] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=14407,uid=0 [ 527.768537][T14427] Memory cgroup out of memory: Killed process 14407 (syz-executor.1) total-vm:72716kB, anon-rss:18328kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:151552kB oom_score_adj:1000 10:22:24 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) sched_setattr(0x0, 0x0, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000200)='/dev/snapshot\x00', 0x288000, 0x0) syz_open_dev$audion(&(0x7f0000000240)='/dev/audio#\x00', 0x9, 0x200840) dup(r1) ioctl$RTC_VL_READ(r1, 0x80047013, &(0x7f00000000c0)) exit(0x7) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) r2 = syz_open_dev$amidi(&(0x7f0000000280)='/dev/amidi#\x00', 0xaf, 0x428240) ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(r2, 0xc080661a, &(0x7f00000002c0)={{0x2, 0x0, @identifier="8cff7fc81ac6de7927c1c322084eaabd"}}) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) r3 = syz_open_procfs(0x0, &(0x7f0000000180)='net/softnet_stat\x00') close(r3) ioctl$BINDER_GET_NODE_INFO_FOR_REF(0xffffffffffffffff, 0xc018620c, &(0x7f0000000180)={0x2}) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) dup(r4) open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, &(0x7f0000000100)={{0x7f, 0x3, 0x7, 0xa59e}, 'syz0\x00', 0x37}) 10:22:24 executing program 0: 10:22:24 executing program 2: 10:22:24 executing program 3: 10:22:24 executing program 5: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000f80)={0x3c, 0x2, 0x6, 0x1, 0x0, 0x0, {}, [@IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x3c}}, 0x0) 10:22:24 executing program 4: r0 = timerfd_create(0x0, 0x0) readv(r0, &(0x7f0000000080)=[{&(0x7f0000000200)=""/4096, 0x1000}], 0x1) timerfd_settime(r0, 0x0, &(0x7f00000000c0)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x387b1d0849878266, 0x8031, 0xffffffffffffffff, 0x0) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pkey_mprotect(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x5, 0x0, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 10:22:24 executing program 0: 10:22:24 executing program 2: 10:22:24 executing program 0: 10:22:24 executing program 5: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000f80)={0x3c, 0x2, 0x6, 0x1, 0x0, 0x0, {}, [@IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x3c}}, 0x0) 10:22:25 executing program 3: [ 528.660426][T14457] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 528.685880][T14457] CPU: 1 PID: 14457 Comm: syz-executor.1 Not tainted 5.5.0-rc1-syzkaller #0 [ 528.694785][T14457] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 528.704935][T14457] Call Trace: [ 528.708348][T14457] dump_stack+0x11d/0x181 [ 528.712772][T14457] dump_header+0xaa/0x39c [ 528.717245][T14457] oom_kill_process.cold+0x10/0x15 [ 528.722400][T14457] out_of_memory+0x231/0xa60 [ 528.726997][T14457] ? __rcu_read_unlock+0x66/0x3d0 [ 528.732052][T14457] mem_cgroup_out_of_memory+0x128/0x150 [ 528.737708][T14457] try_charge+0xb6c/0xbf0 [ 528.742105][T14457] ? rcu_note_context_switch+0x720/0x760 [ 528.747923][T14457] mem_cgroup_try_charge+0xd2/0x260 [ 528.753309][T14457] mem_cgroup_try_charge_delay+0x3a/0x80 [ 528.758955][T14457] __handle_mm_fault+0x197f/0x2e00 [ 528.764112][T14457] handle_mm_fault+0x21b/0x530 [ 528.768962][T14457] __get_user_pages+0x485/0x1130 [ 528.774084][T14457] populate_vma_page_range+0xe6/0x100 [ 528.779914][T14457] __mm_populate+0x168/0x2a0 [ 528.784537][T14457] __x64_sys_mlockall+0x2e3/0x320 [ 528.789684][T14457] do_syscall_64+0xcc/0x3a0 [ 528.794454][T14457] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 528.800596][T14457] RIP: 0033:0x45b349 [ 528.804786][T14457] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 528.824689][T14457] RSP: 002b:00007f8c5b479c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 528.833214][T14457] RAX: ffffffffffffffda RBX: 00007f8c5b47a6d4 RCX: 000000000045b349 [ 528.841385][T14457] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 528.849670][T14457] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 10:22:25 executing program 5: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000f80)={0x3c, 0x2, 0x6, 0x1, 0x0, 0x0, {}, [@IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x3c}}, 0x0) [ 528.857883][T14457] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 528.865871][T14457] R13: 0000000000000711 R14: 00000000004c8888 R15: 000000000075bf2c [ 528.918664][T14457] memory: usage 307200kB, limit 307200kB, failcnt 5768 [ 528.929149][T14457] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 528.936833][T14457] Memory cgroup stats for /syz1: [ 528.937001][T14457] anon 305451008 [ 528.937001][T14457] file 0 [ 528.937001][T14457] kernel_stack 405504 [ 528.937001][T14457] slab 4452352 [ 528.937001][T14457] sock 0 [ 528.937001][T14457] shmem 0 [ 528.937001][T14457] file_mapped 0 [ 528.937001][T14457] file_dirty 0 [ 528.937001][T14457] file_writeback 0 [ 528.937001][T14457] anon_thp 253755392 [ 528.937001][T14457] inactive_anon 191524864 [ 528.937001][T14457] active_anon 13451264 [ 528.937001][T14457] inactive_file 0 [ 528.937001][T14457] active_file 0 [ 528.937001][T14457] unevictable 100691968 [ 528.937001][T14457] slab_reclaimable 811008 [ 528.937001][T14457] slab_unreclaimable 3641344 [ 528.937001][T14457] pgfault 208329 [ 528.937001][T14457] pgmajfault 0 [ 528.937001][T14457] workingset_refault 33 [ 528.937001][T14457] workingset_activate 0 [ 528.937001][T14457] workingset_nodereclaim 0 [ 528.937001][T14457] pgrefill 298 [ 528.937001][T14457] pgscan 363 [ 528.937001][T14457] pgsteal 66 [ 529.035521][T14457] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=14443,uid=0 [ 529.051740][T14457] Memory cgroup out of memory: Killed process 14443 (syz-executor.1) total-vm:72848kB, anon-rss:18460kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:151552kB oom_score_adj:1000 [ 529.079989][ T1066] oom_reaper: reaped process 14443 (syz-executor.1), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 10:22:26 executing program 3: 10:22:26 executing program 0: 10:22:26 executing program 2: getpid() sched_setscheduler(0x0, 0x5, 0x0) capget(0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c5, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$unix(0x1, 0x0, 0x0) r0 = socket$unix(0x1, 0x1, 0x0) connect$unix(r0, &(0x7f00000001c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r1 = accept4$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$sock_SIOCGIFVLAN_GET_VLAN_VID_CMD(r1, 0x8982, &(0x7f0000000000)) getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x1c, 0x0, &(0x7f0000000080)) setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f00000000c0)={0x0, 0x800}, 0x8) bind$inet(0xffffffffffffffff, 0x0, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0xfffffffffffffffe) bind$inet(r2, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r2, 0x0, 0x0, 0x200007fa, &(0x7f0000000140)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000200)='sit0\x00', 0x10) r3 = syz_open_dev$loop(&(0x7f00000001c0)='/dev/loop#\x00', 0x2, 0x105084) r4 = memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x8c\x00'/15, 0x0) pwritev(r4, &(0x7f0000f50f90)=[{&(0x7f0000000100)="a3", 0x1}], 0x1, 0x81003) ioctl$LOOP_CHANGE_FD(r3, 0x4c00, r4) sendfile(r2, r3, 0x0, 0x102000004) sendmsg$key(0xffffffffffffffff, 0x0, 0x20004850) r5 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r5, &(0x7f00000067c0)=[{{&(0x7f0000000000)={0xa, 0x4e22, 0x0, @loopback}, 0x1c, &(0x7f0000002200)}}], 0x1, 0x0) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDR_INFO(r5, 0x84, 0xf, &(0x7f0000000040)={0x0, @in6={{0xa, 0x4e22, 0x0, @loopback}}}, &(0x7f0000000140)=0x98) 10:22:26 executing program 5: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000f80)={0x44, 0x2, 0x6, 0x1, 0x0, 0x0, {}, [@IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x44}}, 0x0) 10:22:26 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) sched_setattr(0x0, 0x0, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000200)='/dev/snapshot\x00', 0x288000, 0x0) syz_open_dev$audion(&(0x7f0000000240)='/dev/audio#\x00', 0x9, 0x200840) dup(r1) ioctl$RTC_VL_READ(r1, 0x80047013, &(0x7f00000000c0)) exit(0x7) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) r2 = syz_open_dev$amidi(&(0x7f0000000280)='/dev/amidi#\x00', 0xaf, 0x428240) ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(r2, 0xc080661a, &(0x7f00000002c0)={{0x2, 0x0, @identifier="8cff7fc81ac6de7927c1c322084eaabd"}}) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) r3 = syz_open_procfs(0x0, &(0x7f0000000180)='net/softnet_stat\x00') close(r3) ioctl$BINDER_GET_NODE_INFO_FOR_REF(0xffffffffffffffff, 0xc018620c, &(0x7f0000000180)={0x2}) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) dup(r4) open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, &(0x7f0000000100)={{0x7f, 0x3, 0x7, 0xa59e}, 'syz0\x00', 0x37}) 10:22:26 executing program 4: r0 = timerfd_create(0x0, 0x0) readv(r0, &(0x7f0000000080)=[{&(0x7f0000000200)=""/4096, 0x1000}], 0x1) timerfd_settime(r0, 0x0, &(0x7f00000000c0)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x387b1d0849878266, 0x8031, 0xffffffffffffffff, 0x0) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pkey_mprotect(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x5, 0x0, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 10:22:26 executing program 5: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000f80)={0x44, 0x2, 0x6, 0x1, 0x0, 0x0, {}, [@IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x44}}, 0x0) 10:22:26 executing program 0: 10:22:26 executing program 3: [ 529.950067][T14484] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 10:22:26 executing program 5: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000f80)={0x44, 0x2, 0x6, 0x1, 0x0, 0x0, {}, [@IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x44}}, 0x0) [ 530.002713][T14484] CPU: 1 PID: 14484 Comm: syz-executor.1 Not tainted 5.5.0-rc1-syzkaller #0 [ 530.011531][T14484] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 530.021610][T14484] Call Trace: [ 530.024919][T14484] dump_stack+0x11d/0x181 [ 530.029346][T14484] dump_header+0xaa/0x39c [ 530.033774][T14484] oom_kill_process.cold+0x10/0x15 [ 530.038910][T14484] out_of_memory+0x231/0xa60 [ 530.043532][T14484] ? __rcu_read_unlock+0x66/0x3d0 10:22:26 executing program 0: 10:22:26 executing program 3: [ 530.048580][T14484] mem_cgroup_out_of_memory+0x128/0x150 [ 530.054195][T14484] try_charge+0xb6c/0xbf0 [ 530.058728][T14484] ? rcu_note_context_switch+0x720/0x760 [ 530.064409][T14484] mem_cgroup_try_charge+0xd2/0x260 [ 530.069700][T14484] mem_cgroup_try_charge_delay+0x3a/0x80 [ 530.075359][T14484] __handle_mm_fault+0x197f/0x2e00 [ 530.080571][T14484] handle_mm_fault+0x21b/0x530 [ 530.085394][T14484] __get_user_pages+0x485/0x1130 [ 530.090398][T14484] populate_vma_page_range+0xe6/0x100 [ 530.095843][T14484] __mm_populate+0x168/0x2a0 [ 530.100751][T14484] __x64_sys_mlockall+0x2e3/0x320 [ 530.106873][T14484] do_syscall_64+0xcc/0x3a0 [ 530.111392][T14484] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 530.117503][T14484] RIP: 0033:0x45b349 [ 530.121521][T14484] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 530.147691][T14484] RSP: 002b:00007f8c5b479c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 530.156959][T14484] RAX: ffffffffffffffda RBX: 00007f8c5b47a6d4 RCX: 000000000045b349 [ 530.169126][T14484] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 530.177941][T14484] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 530.186214][T14484] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 530.194511][T14484] R13: 0000000000000711 R14: 00000000004c8888 R15: 000000000075bf2c 10:22:26 executing program 2: getpid() sched_setscheduler(0x0, 0x5, 0x0) capget(0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c5, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$unix(0x1, 0x0, 0x0) r0 = socket$unix(0x1, 0x1, 0x0) connect$unix(r0, &(0x7f00000001c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r1 = accept4$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$sock_SIOCGIFVLAN_GET_VLAN_VID_CMD(r1, 0x8982, &(0x7f0000000000)) getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x1c, 0x0, &(0x7f0000000080)) setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f00000000c0)={0x0, 0x800}, 0x8) bind$inet(0xffffffffffffffff, 0x0, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0xfffffffffffffffe) bind$inet(r2, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r2, 0x0, 0x0, 0x200007fa, &(0x7f0000000140)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000200)='sit0\x00', 0x10) r3 = syz_open_dev$loop(&(0x7f00000001c0)='/dev/loop#\x00', 0x2, 0x105084) r4 = memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x8c\x00'/15, 0x0) pwritev(r4, &(0x7f0000f50f90)=[{&(0x7f0000000100)="a3", 0x1}], 0x1, 0x81003) ioctl$LOOP_CHANGE_FD(r3, 0x4c00, r4) sendfile(r2, r3, 0x0, 0x102000004) sendmsg$key(0xffffffffffffffff, 0x0, 0x20004850) r5 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r5, &(0x7f00000067c0)=[{{&(0x7f0000000000)={0xa, 0x4e22, 0x0, @loopback}, 0x1c, &(0x7f0000002200)}}], 0x1, 0x0) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDR_INFO(r5, 0x84, 0xf, &(0x7f0000000040)={0x0, @in6={{0xa, 0x4e22, 0x0, @loopback}}}, &(0x7f0000000140)=0x98) [ 530.215969][T14488] syz-executor.2 (14488) used greatest stack depth: 9568 bytes left 10:22:26 executing program 0: 10:22:26 executing program 3: [ 530.373968][T14484] memory: usage 307176kB, limit 307200kB, failcnt 5833 [ 530.381001][T14484] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 10:22:26 executing program 5: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000f80)={0x38, 0x2, 0x6, 0x1, 0x0, 0x0, {}, [@IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x38}}, 0x0) [ 530.557502][T14484] Memory cgroup stats for /syz1: [ 530.557774][T14484] anon 305238016 [ 530.557774][T14484] file 0 [ 530.557774][T14484] kernel_stack 405504 [ 530.557774][T14484] slab 4587520 [ 530.557774][T14484] sock 0 [ 530.557774][T14484] shmem 0 [ 530.557774][T14484] file_mapped 0 [ 530.557774][T14484] file_dirty 0 [ 530.557774][T14484] file_writeback 0 [ 530.557774][T14484] anon_thp 253755392 [ 530.557774][T14484] inactive_anon 191250432 [ 530.557774][T14484] active_anon 13430784 [ 530.557774][T14484] inactive_file 0 [ 530.557774][T14484] active_file 0 [ 530.557774][T14484] unevictable 100524032 [ 530.557774][T14484] slab_reclaimable 811008 [ 530.557774][T14484] slab_unreclaimable 3776512 [ 530.557774][T14484] pgfault 210243 [ 530.557774][T14484] pgmajfault 0 [ 530.557774][T14484] workingset_refault 33 [ 530.557774][T14484] workingset_activate 0 [ 530.557774][T14484] workingset_nodereclaim 0 [ 530.557774][T14484] pgrefill 298 [ 530.557774][T14484] pgscan 363 [ 530.557774][T14484] pgsteal 66 [ 530.694363][T14484] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=14476,uid=0 [ 530.714514][T14484] Memory cgroup out of memory: Killed process 14476 (syz-executor.1) total-vm:72716kB, anon-rss:18328kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:151552kB oom_score_adj:1000 10:22:27 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) sched_setattr(0x0, 0x0, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000200)='/dev/snapshot\x00', 0x288000, 0x0) syz_open_dev$audion(&(0x7f0000000240)='/dev/audio#\x00', 0x9, 0x200840) dup(r1) ioctl$RTC_VL_READ(r1, 0x80047013, &(0x7f00000000c0)) exit(0x7) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) r2 = syz_open_dev$amidi(&(0x7f0000000280)='/dev/amidi#\x00', 0xaf, 0x428240) ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(r2, 0xc080661a, &(0x7f00000002c0)={{0x2, 0x0, @identifier="8cff7fc81ac6de7927c1c322084eaabd"}}) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) r3 = syz_open_procfs(0x0, &(0x7f0000000180)='net/softnet_stat\x00') close(r3) ioctl$BINDER_GET_NODE_INFO_FOR_REF(0xffffffffffffffff, 0xc018620c, &(0x7f0000000180)={0x2}) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) dup(r4) open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, &(0x7f0000000100)={{0x7f, 0x3, 0x7, 0xa59e}, 'syz0\x00', 0x37}) 10:22:27 executing program 0: 10:22:27 executing program 5: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000f80)={0x38, 0x2, 0x6, 0x1, 0x0, 0x0, {}, [@IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x38}}, 0x0) 10:22:27 executing program 4: r0 = timerfd_create(0x0, 0x0) readv(r0, &(0x7f0000000080)=[{&(0x7f0000000200)=""/4096, 0x1000}], 0x1) timerfd_settime(r0, 0x0, &(0x7f00000000c0)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x387b1d0849878266, 0x8031, 0xffffffffffffffff, 0x0) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pkey_mprotect(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 10:22:27 executing program 3: 10:22:27 executing program 2: 10:22:27 executing program 0: 10:22:27 executing program 3: 10:22:27 executing program 5: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000f80)={0x38, 0x2, 0x6, 0x1, 0x0, 0x0, {}, [@IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x38}}, 0x0) 10:22:27 executing program 2: 10:22:28 executing program 2: 10:22:28 executing program 0: [ 531.739445][T14537] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 531.757623][T14537] CPU: 0 PID: 14537 Comm: syz-executor.1 Not tainted 5.5.0-rc1-syzkaller #0 [ 531.766599][T14537] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 531.776851][T14537] Call Trace: [ 531.780290][T14537] dump_stack+0x11d/0x181 [ 531.784668][T14537] dump_header+0xaa/0x39c [ 531.789033][T14537] oom_kill_process.cold+0x10/0x15 [ 531.794258][T14537] out_of_memory+0x231/0xa60 [ 531.798991][T14537] ? __rcu_read_unlock+0x66/0x3d0 [ 531.804136][T14537] mem_cgroup_out_of_memory+0x128/0x150 [ 531.809714][T14537] try_charge+0xb6c/0xbf0 [ 531.814054][T14537] ? rcu_note_context_switch+0x720/0x760 [ 531.819759][T14537] mem_cgroup_try_charge+0xd2/0x260 [ 531.824982][T14537] mem_cgroup_try_charge_delay+0x3a/0x80 [ 531.830640][T14537] __handle_mm_fault+0x197f/0x2e00 [ 531.835784][T14537] handle_mm_fault+0x21b/0x530 [ 531.840570][T14537] __get_user_pages+0x485/0x1130 [ 531.845605][T14537] populate_vma_page_range+0xe6/0x100 [ 531.851008][T14537] __mm_populate+0x168/0x2a0 [ 531.855648][T14537] __x64_sys_mlockall+0x2e3/0x320 [ 531.860709][T14537] do_syscall_64+0xcc/0x3a0 [ 531.865575][T14537] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 531.871483][T14537] RIP: 0033:0x45b349 [ 531.875391][T14537] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 531.894993][T14537] RSP: 002b:00007f8c5b479c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 531.903416][T14537] RAX: ffffffffffffffda RBX: 00007f8c5b47a6d4 RCX: 000000000045b349 [ 531.911480][T14537] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 531.919533][T14537] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 531.927582][T14537] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 531.935664][T14537] R13: 0000000000000711 R14: 00000000004c8888 R15: 000000000075bf2c [ 531.955298][T14537] memory: usage 307200kB, limit 307200kB, failcnt 5876 [ 531.962189][T14537] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 531.971783][T14537] Memory cgroup stats for /syz1: [ 531.972185][T14537] anon 305430528 [ 531.972185][T14537] file 0 [ 531.972185][T14537] kernel_stack 405504 [ 531.972185][T14537] slab 4587520 [ 531.972185][T14537] sock 0 [ 531.972185][T14537] shmem 0 [ 531.972185][T14537] file_mapped 0 [ 531.972185][T14537] file_dirty 0 [ 531.972185][T14537] file_writeback 0 [ 531.972185][T14537] anon_thp 253755392 [ 531.972185][T14537] inactive_anon 191401984 [ 531.972185][T14537] active_anon 13438976 [ 531.972185][T14537] inactive_file 0 [ 531.972185][T14537] active_file 0 [ 531.972185][T14537] unevictable 100827136 [ 531.972185][T14537] slab_reclaimable 811008 [ 531.972185][T14537] slab_unreclaimable 3776512 [ 531.972185][T14537] pgfault 212157 [ 531.972185][T14537] pgmajfault 0 [ 531.972185][T14537] workingset_refault 33 [ 531.972185][T14537] workingset_activate 0 [ 531.972185][T14537] workingset_nodereclaim 0 [ 531.972185][T14537] pgrefill 298 [ 531.972185][T14537] pgscan 363 [ 531.972185][T14537] pgsteal 66 [ 532.068740][T14537] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=14525,uid=0 [ 532.084435][T14537] Memory cgroup out of memory: Killed process 14525 (syz-executor.1) total-vm:72716kB, anon-rss:18328kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:151552kB oom_score_adj:1000 [ 532.106227][ T1066] oom_reaper: reaped process 14525 (syz-executor.1), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 10:22:29 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) sched_setattr(0x0, 0x0, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000200)='/dev/snapshot\x00', 0x288000, 0x0) syz_open_dev$audion(&(0x7f0000000240)='/dev/audio#\x00', 0x9, 0x200840) dup(r1) ioctl$RTC_VL_READ(r1, 0x80047013, &(0x7f00000000c0)) exit(0x7) write$binfmt_script(0xffffffffffffffff, &(0x7f00000003c0)={'#! ', './file0', [{0x20, '/dev/kvm\x00'}, {}, {}], 0xa, "df7c00e09c916729334fbe57a726284a85ae23e7eb165a0922b020a14afa53fc919ed5b5820a609af38acfc21c2cacee2f808e60eafcd3ec51fdb7f62ca135bbf86f9c1bbf9c23db4038c329b0e8d63563439cf1b94606299a6c503abe926decd68a7e671c7dfcc4125e9888fbc8ce452b52"}, 0x89) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) r2 = syz_open_dev$amidi(&(0x7f0000000280)='/dev/amidi#\x00', 0xaf, 0x428240) ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(r2, 0xc080661a, &(0x7f00000002c0)={{0x2, 0x0, @identifier="8cff7fc81ac6de7927c1c322084eaabd"}}) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) r3 = syz_open_procfs(0x0, &(0x7f0000000180)='net/softnet_stat\x00') close(r3) ioctl$BINDER_GET_NODE_INFO_FOR_REF(0xffffffffffffffff, 0xc018620c, &(0x7f0000000180)={0x2}) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) dup(r4) open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, &(0x7f0000000100)={{0x7f, 0x3, 0x7, 0xa59e}, 'syz0\x00', 0x37}) 10:22:29 executing program 3: 10:22:29 executing program 5: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000f80)={0x3c, 0x2, 0x6, 0x1, 0x0, 0x0, {}, [@IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x3c}}, 0x0) 10:22:29 executing program 2: 10:22:29 executing program 0: 10:22:29 executing program 4: r0 = timerfd_create(0x0, 0x0) readv(r0, &(0x7f0000000080)=[{&(0x7f0000000200)=""/4096, 0x1000}], 0x1) timerfd_settime(r0, 0x0, &(0x7f00000000c0)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x387b1d0849878266, 0x8031, 0xffffffffffffffff, 0x0) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pkey_mprotect(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 10:22:29 executing program 3: 10:22:29 executing program 5: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000f80)={0x3c, 0x2, 0x6, 0x1, 0x0, 0x0, {}, [@IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x3c}}, 0x0) 10:22:29 executing program 0: 10:22:29 executing program 2: 10:22:29 executing program 0: 10:22:29 executing program 3: [ 532.842480][T14567] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 532.905817][T14567] CPU: 1 PID: 14567 Comm: syz-executor.1 Not tainted 5.5.0-rc1-syzkaller #0 [ 532.914529][T14567] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 532.924843][T14567] Call Trace: [ 532.928151][T14567] dump_stack+0x11d/0x181 [ 532.932574][T14567] dump_header+0xaa/0x39c [ 532.937005][T14567] oom_kill_process.cold+0x10/0x15 [ 532.942141][T14567] out_of_memory+0x231/0xa60 [ 532.946759][T14567] ? __rcu_read_unlock+0x66/0x3d0 [ 532.951812][T14567] mem_cgroup_out_of_memory+0x128/0x150 [ 532.957379][T14567] try_charge+0xb6c/0xbf0 [ 532.961919][T14567] ? rcu_note_context_switch+0x720/0x760 [ 532.967666][T14567] mem_cgroup_try_charge+0xd2/0x260 [ 532.972881][T14567] mem_cgroup_try_charge_delay+0x3a/0x80 [ 532.978549][T14567] __handle_mm_fault+0x197f/0x2e00 [ 532.983693][T14567] handle_mm_fault+0x21b/0x530 [ 532.988501][T14567] __get_user_pages+0x485/0x1130 [ 532.993476][T14567] populate_vma_page_range+0xe6/0x100 [ 532.998897][T14567] __mm_populate+0x168/0x2a0 [ 533.003564][T14567] __x64_sys_mlockall+0x2e3/0x320 [ 533.008694][T14567] do_syscall_64+0xcc/0x3a0 [ 533.013251][T14567] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 533.019203][T14567] RIP: 0033:0x45b349 [ 533.023144][T14567] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 533.043076][T14567] RSP: 002b:00007f8c5b479c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 533.051502][T14567] RAX: ffffffffffffffda RBX: 00007f8c5b47a6d4 RCX: 000000000045b349 [ 533.059555][T14567] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 533.067531][T14567] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 533.075512][T14567] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 533.083501][T14567] R13: 0000000000000711 R14: 00000000004c8888 R15: 000000000075bf2c [ 533.193036][T14567] memory: usage 307200kB, limit 307200kB, failcnt 5908 [ 533.220447][T14567] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 533.233924][T14567] Memory cgroup stats for /syz1: [ 533.234155][T14567] anon 305295360 [ 533.234155][T14567] file 0 [ 533.234155][T14567] kernel_stack 405504 [ 533.234155][T14567] slab 4587520 [ 533.234155][T14567] sock 0 [ 533.234155][T14567] shmem 0 [ 533.234155][T14567] file_mapped 0 [ 533.234155][T14567] file_dirty 0 [ 533.234155][T14567] file_writeback 0 [ 533.234155][T14567] anon_thp 253755392 [ 533.234155][T14567] inactive_anon 191266816 [ 533.234155][T14567] active_anon 13479936 [ 533.234155][T14567] inactive_file 0 [ 533.234155][T14567] active_file 0 [ 533.234155][T14567] unevictable 100691968 [ 533.234155][T14567] slab_reclaimable 811008 [ 533.234155][T14567] slab_unreclaimable 3776512 [ 533.234155][T14567] pgfault 214005 [ 533.234155][T14567] pgmajfault 0 [ 533.234155][T14567] workingset_refault 33 [ 533.234155][T14567] workingset_activate 0 [ 533.234155][T14567] workingset_nodereclaim 0 [ 533.234155][T14567] pgrefill 298 [ 533.234155][T14567] pgscan 363 [ 533.234155][T14567] pgsteal 66 [ 533.334356][T14567] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=14557,uid=0 [ 533.350197][T14567] Memory cgroup out of memory: Killed process 14557 (syz-executor.1) total-vm:72716kB, anon-rss:18328kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:151552kB oom_score_adj:1000 [ 533.374413][ T1066] oom_reaper: reaped process 14557 (syz-executor.1), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 10:22:30 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) sched_setattr(0x0, 0x0, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000200)='/dev/snapshot\x00', 0x288000, 0x0) syz_open_dev$audion(&(0x7f0000000240)='/dev/audio#\x00', 0x9, 0x200840) dup(r1) ioctl$RTC_VL_READ(r1, 0x80047013, &(0x7f00000000c0)) exit(0x7) write$binfmt_script(0xffffffffffffffff, &(0x7f00000003c0)={'#! ', './file0', [{0x20, '/dev/kvm\x00'}, {}, {}], 0xa, "df7c00e09c916729334fbe57a726284a85ae23e7eb165a0922b020a14afa53fc919ed5b5820a609af38acfc21c2cacee2f808e60eafcd3ec51fdb7f62ca135bbf86f9c1bbf9c23db4038c329b0e8d63563439cf1b94606299a6c503abe926decd68a7e671c7dfcc4125e9888fbc8ce452b52"}, 0x89) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) r2 = syz_open_dev$amidi(&(0x7f0000000280)='/dev/amidi#\x00', 0xaf, 0x428240) ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(r2, 0xc080661a, &(0x7f00000002c0)={{0x2, 0x0, @identifier="8cff7fc81ac6de7927c1c322084eaabd"}}) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) r3 = syz_open_procfs(0x0, &(0x7f0000000180)='net/softnet_stat\x00') close(r3) ioctl$BINDER_GET_NODE_INFO_FOR_REF(0xffffffffffffffff, 0xc018620c, &(0x7f0000000180)={0x2}) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) dup(r4) open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, &(0x7f0000000100)={{0x7f, 0x3, 0x7, 0xa59e}, 'syz0\x00', 0x37}) 10:22:30 executing program 2: 10:22:30 executing program 5: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000f80)={0x3c, 0x2, 0x6, 0x1, 0x0, 0x0, {}, [@IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x3c}}, 0x0) 10:22:30 executing program 3: 10:22:30 executing program 0: 10:22:30 executing program 4: r0 = timerfd_create(0x0, 0x0) readv(r0, &(0x7f0000000080)=[{&(0x7f0000000200)=""/4096, 0x1000}], 0x1) timerfd_settime(r0, 0x0, &(0x7f00000000c0)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x387b1d0849878266, 0x8031, 0xffffffffffffffff, 0x0) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pkey_mprotect(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 10:22:30 executing program 0: 10:22:30 executing program 3: 10:22:30 executing program 2: 10:22:30 executing program 5: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000f80)={0x38, 0x2, 0x6, 0x1, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x38}}, 0x0) [ 534.034728][T14598] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 534.046765][T14598] CPU: 1 PID: 14598 Comm: syz-executor.1 Not tainted 5.5.0-rc1-syzkaller #0 [ 534.055457][T14598] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 534.065518][T14598] Call Trace: [ 534.068884][T14598] dump_stack+0x11d/0x181 [ 534.073244][T14598] dump_header+0xaa/0x39c [ 534.077591][T14598] oom_kill_process.cold+0x10/0x15 [ 534.082724][T14598] out_of_memory+0x231/0xa60 [ 534.087403][T14598] ? preempt_schedule_common+0x37/0x90 [ 534.093018][T14598] mem_cgroup_out_of_memory+0x128/0x150 [ 534.098657][T14598] try_charge+0xb6c/0xbf0 [ 534.103003][T14598] ? rcu_note_context_switch+0x720/0x760 [ 534.108722][T14598] mem_cgroup_try_charge+0xd2/0x260 [ 534.113940][T14598] mem_cgroup_try_charge_delay+0x3a/0x80 [ 534.119660][T14598] __handle_mm_fault+0x197f/0x2e00 [ 534.124904][T14598] handle_mm_fault+0x21b/0x530 [ 534.129761][T14598] __get_user_pages+0x485/0x1130 [ 534.134769][T14598] populate_vma_page_range+0xe6/0x100 [ 534.140199][T14598] __mm_populate+0x168/0x2a0 [ 534.144901][T14598] __x64_sys_mlockall+0x2e3/0x320 [ 534.149940][T14598] do_syscall_64+0xcc/0x3a0 [ 534.154543][T14598] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 534.160444][T14598] RIP: 0033:0x45b349 [ 534.164358][T14598] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 10:22:30 executing program 0: 10:22:30 executing program 2: [ 534.183968][T14598] RSP: 002b:00007f8c5b479c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 534.192551][T14598] RAX: ffffffffffffffda RBX: 00007f8c5b47a6d4 RCX: 000000000045b349 [ 534.200656][T14598] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 534.208754][T14598] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 534.216761][T14598] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 534.224748][T14598] R13: 0000000000000711 R14: 00000000004c8888 R15: 000000000075bf2c [ 534.252642][T14598] memory: usage 307200kB, limit 307200kB, failcnt 5976 [ 534.259740][T14598] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 534.275670][T14598] Memory cgroup stats for /syz1: [ 534.275821][T14598] anon 305422336 [ 534.275821][T14598] file 0 [ 534.275821][T14598] kernel_stack 368640 [ 534.275821][T14598] slab 4587520 [ 534.275821][T14598] sock 0 [ 534.275821][T14598] shmem 0 [ 534.275821][T14598] file_mapped 0 [ 534.275821][T14598] file_dirty 0 [ 534.275821][T14598] file_writeback 0 [ 534.275821][T14598] anon_thp 253755392 [ 534.275821][T14598] inactive_anon 191311872 [ 534.275821][T14598] active_anon 13496320 [ 534.275821][T14598] inactive_file 0 [ 534.275821][T14598] active_file 0 [ 534.275821][T14598] unevictable 100827136 [ 534.275821][T14598] slab_reclaimable 811008 [ 534.275821][T14598] slab_unreclaimable 3776512 [ 534.275821][T14598] pgfault 215919 [ 534.275821][T14598] pgmajfault 0 [ 534.275821][T14598] workingset_refault 33 [ 534.275821][T14598] workingset_activate 0 [ 534.275821][T14598] workingset_nodereclaim 0 [ 534.275821][T14598] pgrefill 298 [ 534.275821][T14598] pgscan 363 [ 534.275821][T14598] pgsteal 66 [ 534.506037][T14598] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=14588,uid=0 [ 534.534195][T14598] Memory cgroup out of memory: Killed process 14588 (syz-executor.1) total-vm:72716kB, anon-rss:18328kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:151552kB oom_score_adj:1000 [ 534.937247][T14616] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 534.948245][T14616] CPU: 1 PID: 14616 Comm: syz-executor.1 Not tainted 5.5.0-rc1-syzkaller #0 [ 534.956913][T14616] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 534.966973][T14616] Call Trace: [ 534.970554][T14616] dump_stack+0x11d/0x181 [ 534.974973][T14616] dump_header+0xaa/0x39c [ 534.979316][T14616] oom_kill_process.cold+0x10/0x15 [ 534.984443][T14616] out_of_memory+0x231/0xa60 [ 534.989031][T14616] ? mem_cgroup_out_of_memory+0x85/0x150 [ 534.994711][T14616] ? mutex_lock_killable+0x25/0x60 [ 534.999962][T14616] mem_cgroup_out_of_memory+0x128/0x150 [ 535.005533][T14616] try_charge+0xb6c/0xbf0 [ 535.009869][T14616] ? rcu_note_context_switch+0x720/0x760 [ 535.015553][T14616] mem_cgroup_try_charge+0xd2/0x260 [ 535.020741][T14616] mem_cgroup_try_charge_delay+0x3a/0x80 [ 535.026433][T14616] wp_page_copy+0x322/0x1040 [ 535.031015][T14616] ? apic_timer_interrupt+0xa/0x20 [ 535.036151][T14616] ? do_wp_page+0x172/0xeb0 [ 535.040719][T14616] ? __tsan_read8+0x2b/0x100 [ 535.045306][T14616] do_wp_page+0x192/0xeb0 [ 535.049633][T14616] __handle_mm_fault+0x1d16/0x2e00 [ 535.054841][T14616] handle_mm_fault+0x21b/0x530 [ 535.059643][T14616] __get_user_pages+0x485/0x1130 [ 535.064661][T14616] populate_vma_page_range+0xe6/0x100 [ 535.070106][T14616] __mm_populate+0x168/0x2a0 [ 535.074872][T14616] __x64_sys_mlockall+0x2e3/0x320 [ 535.079943][T14616] do_syscall_64+0xcc/0x3a0 [ 535.084559][T14616] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 535.090450][T14616] RIP: 0033:0x45b349 [ 535.094394][T14616] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 535.114050][T14616] RSP: 002b:00007f8c5b458c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 535.129053][T14616] RAX: ffffffffffffffda RBX: 00007f8c5b4596d4 RCX: 000000000045b349 [ 535.137114][T14616] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 535.145093][T14616] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 535.153173][T14616] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 535.161178][T14616] R13: 0000000000000711 R14: 00000000004c8888 R15: 000000000075bfd4 [ 535.170599][T14616] memory: usage 307200kB, limit 307200kB, failcnt 6002 [ 535.177672][T14616] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 535.184628][T14616] Memory cgroup stats for /syz1: [ 535.185601][T14616] anon 305631232 [ 535.185601][T14616] file 0 [ 535.185601][T14616] kernel_stack 368640 [ 535.185601][T14616] slab 4280320 [ 535.185601][T14616] sock 0 [ 535.185601][T14616] shmem 0 [ 535.185601][T14616] file_mapped 0 [ 535.185601][T14616] file_dirty 0 [ 535.185601][T14616] file_writeback 0 [ 535.185601][T14616] anon_thp 253755392 [ 535.185601][T14616] inactive_anon 183148544 [ 535.185601][T14616] active_anon 13496320 [ 535.185601][T14616] inactive_file 0 [ 535.185601][T14616] active_file 0 [ 535.185601][T14616] unevictable 108945408 [ 535.185601][T14616] slab_reclaimable 811008 [ 535.185601][T14616] slab_unreclaimable 3469312 [ 535.185601][T14616] pgfault 217239 [ 535.185601][T14616] pgmajfault 0 [ 535.185601][T14616] workingset_refault 33 [ 535.185601][T14616] workingset_activate 0 [ 535.185601][T14616] workingset_nodereclaim 0 [ 535.185601][T14616] pgrefill 298 [ 535.185601][T14616] pgscan 363 [ 535.185601][T14616] pgsteal 66 [ 535.279535][T14616] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=14597,uid=0 [ 535.296390][T14616] Memory cgroup out of memory: Killed process 14597 (syz-executor.1) total-vm:72716kB, anon-rss:18248kB, file-rss:54368kB, shmem-rss:0kB, UID:0 pgtables:192512kB oom_score_adj:1000 [ 535.317529][ T1066] oom_reaper: reaped process 14597 (syz-executor.1), now anon-rss:18332kB, file-rss:54364kB, shmem-rss:0kB 10:22:31 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) sched_setattr(0x0, 0x0, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000200)='/dev/snapshot\x00', 0x288000, 0x0) syz_open_dev$audion(&(0x7f0000000240)='/dev/audio#\x00', 0x9, 0x200840) dup(r1) ioctl$RTC_VL_READ(r1, 0x80047013, &(0x7f00000000c0)) exit(0x7) write$binfmt_script(0xffffffffffffffff, &(0x7f00000003c0)={'#! ', './file0', [{0x20, '/dev/kvm\x00'}, {}, {}], 0xa, "df7c00e09c916729334fbe57a726284a85ae23e7eb165a0922b020a14afa53fc919ed5b5820a609af38acfc21c2cacee2f808e60eafcd3ec51fdb7f62ca135bbf86f9c1bbf9c23db4038c329b0e8d63563439cf1b94606299a6c503abe926decd68a7e671c7dfcc4125e9888fbc8ce452b52"}, 0x89) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) r2 = syz_open_dev$amidi(&(0x7f0000000280)='/dev/amidi#\x00', 0xaf, 0x428240) ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(r2, 0xc080661a, &(0x7f00000002c0)={{0x2, 0x0, @identifier="8cff7fc81ac6de7927c1c322084eaabd"}}) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) r3 = syz_open_procfs(0x0, &(0x7f0000000180)='net/softnet_stat\x00') close(r3) ioctl$BINDER_GET_NODE_INFO_FOR_REF(0xffffffffffffffff, 0xc018620c, &(0x7f0000000180)={0x2}) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) dup(r4) open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, &(0x7f0000000100)={{0x7f, 0x3, 0x7, 0xa59e}, 'syz0\x00', 0x37}) 10:22:31 executing program 3: 10:22:31 executing program 5: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000f80)={0x38, 0x2, 0x6, 0x1, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x38}}, 0x0) 10:22:31 executing program 0: 10:22:31 executing program 2: 10:22:31 executing program 4: r0 = timerfd_create(0x0, 0x0) readv(r0, &(0x7f0000000080)=[{&(0x7f0000000200)=""/4096, 0x1000}], 0x1) timerfd_settime(r0, 0x0, &(0x7f00000000c0)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x387b1d0849878266, 0x8031, 0xffffffffffffffff, 0x0) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pkey_mprotect(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) 10:22:32 executing program 2: 10:22:32 executing program 0: 10:22:32 executing program 5: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000f80)={0x38, 0x2, 0x6, 0x1, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x38}}, 0x0) 10:22:32 executing program 3: 10:22:32 executing program 0: 10:22:32 executing program 2: [ 535.849426][T14627] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 535.895303][T14627] CPU: 0 PID: 14627 Comm: syz-executor.1 Not tainted 5.5.0-rc1-syzkaller #0 [ 535.904099][T14627] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 535.914154][T14627] Call Trace: [ 535.917460][T14627] dump_stack+0x11d/0x181 [ 535.921960][T14627] dump_header+0xaa/0x39c [ 535.926328][T14627] oom_kill_process.cold+0x10/0x15 [ 535.931479][T14627] out_of_memory+0x231/0xa60 [ 535.936360][T14627] ? __rcu_read_unlock+0x66/0x3d0 [ 535.941528][T14627] mem_cgroup_out_of_memory+0x128/0x150 [ 535.947106][T14627] try_charge+0xb6c/0xbf0 [ 535.951585][T14627] ? rcu_note_context_switch+0x720/0x760 [ 535.957349][T14627] mem_cgroup_try_charge+0xd2/0x260 [ 535.962587][T14627] mem_cgroup_try_charge_delay+0x3a/0x80 [ 535.968244][T14627] __handle_mm_fault+0x197f/0x2e00 [ 535.973474][T14627] handle_mm_fault+0x21b/0x530 [ 535.978306][T14627] __get_user_pages+0x485/0x1130 [ 535.983342][T14627] populate_vma_page_range+0xe6/0x100 [ 535.988745][T14627] __mm_populate+0x168/0x2a0 [ 535.993401][T14627] __x64_sys_mlockall+0x2e3/0x320 [ 535.998460][T14627] do_syscall_64+0xcc/0x3a0 [ 536.002996][T14627] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 536.008972][T14627] RIP: 0033:0x45b349 [ 536.012888][T14627] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 536.032545][T14627] RSP: 002b:00007f8c5b479c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 536.040965][T14627] RAX: ffffffffffffffda RBX: 00007f8c5b47a6d4 RCX: 000000000045b349 [ 536.049017][T14627] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 536.057065][T14627] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 536.065057][T14627] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 536.073048][T14627] R13: 0000000000000711 R14: 00000000004c8888 R15: 000000000075bf2c [ 536.172461][T14627] memory: usage 307200kB, limit 307200kB, failcnt 6023 [ 536.179458][T14627] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 536.189865][T14627] Memory cgroup stats for /syz1: [ 536.190092][T14627] anon 305491968 [ 536.190092][T14627] file 0 [ 536.190092][T14627] kernel_stack 405504 [ 536.190092][T14627] slab 4280320 [ 536.190092][T14627] sock 0 [ 536.190092][T14627] shmem 0 [ 536.190092][T14627] file_mapped 0 [ 536.190092][T14627] file_dirty 0 [ 536.190092][T14627] file_writeback 0 [ 536.190092][T14627] anon_thp 253755392 [ 536.190092][T14627] inactive_anon 191152128 [ 536.190092][T14627] active_anon 13389824 [ 536.190092][T14627] inactive_file 0 [ 536.190092][T14627] active_file 0 [ 536.190092][T14627] unevictable 100835328 [ 536.190092][T14627] slab_reclaimable 811008 [ 536.190092][T14627] slab_unreclaimable 3469312 [ 536.190092][T14627] pgfault 217899 [ 536.190092][T14627] pgmajfault 0 [ 536.190092][T14627] workingset_refault 33 [ 536.190092][T14627] workingset_activate 0 [ 536.190092][T14627] workingset_nodereclaim 0 [ 536.190092][T14627] pgrefill 298 [ 536.190092][T14627] pgscan 363 [ 536.190092][T14627] pgsteal 66 [ 536.284247][T14627] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=14617,uid=0 [ 536.299794][T14627] Memory cgroup out of memory: Killed process 14617 (syz-executor.1) total-vm:72716kB, anon-rss:18332kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:151552kB oom_score_adj:1000 [ 536.327616][ T1066] oom_reaper: reaped process 14617 (syz-executor.1), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 10:22:33 executing program 3: 10:22:33 executing program 5: 10:22:33 executing program 0: 10:22:33 executing program 2: 10:22:33 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) sched_setattr(0x0, 0x0, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000200)='/dev/snapshot\x00', 0x288000, 0x0) syz_open_dev$audion(&(0x7f0000000240)='/dev/audio#\x00', 0x9, 0x200840) dup(r1) ioctl$RTC_VL_READ(r1, 0x80047013, &(0x7f00000000c0)) exit(0x7) write$binfmt_script(0xffffffffffffffff, &(0x7f00000003c0)={'#! ', './file0', [{0x20, '/dev/kvm\x00'}, {}, {0x20, 'proc'}], 0xa, "df7c00e09c916729334fbe57a726284a85ae23e7eb165a0922b020a14afa53fc919ed5b5820a609af38acfc21c2cacee2f808e60eafcd3ec51fdb7f62ca135bbf86f9c1bbf9c23db4038c329b0e8d63563439cf1b94606299a6c503abe926decd68a7e671c7dfcc4125e9888fbc8ce452b52"}, 0x8d) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) r2 = syz_open_dev$amidi(&(0x7f0000000280)='/dev/amidi#\x00', 0xaf, 0x428240) ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(r2, 0xc080661a, &(0x7f00000002c0)={{0x2, 0x0, @identifier="8cff7fc81ac6de7927c1c322084eaabd"}}) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) r3 = syz_open_procfs(0x0, &(0x7f0000000180)='net/softnet_stat\x00') close(r3) ioctl$BINDER_GET_NODE_INFO_FOR_REF(0xffffffffffffffff, 0xc018620c, &(0x7f0000000180)={0x2}) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) dup(r4) open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, &(0x7f0000000100)={{0x7f, 0x3, 0x7, 0xa59e}, 'syz0\x00', 0x37}) 10:22:33 executing program 4: r0 = timerfd_create(0x0, 0x0) readv(r0, &(0x7f0000000080)=[{&(0x7f0000000200)=""/4096, 0x1000}], 0x1) timerfd_settime(r0, 0x0, &(0x7f00000000c0)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x387b1d0849878266, 0x8031, 0xffffffffffffffff, 0x0) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pkey_mprotect(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) 10:22:33 executing program 5: 10:22:33 executing program 3: 10:22:33 executing program 0: 10:22:33 executing program 2: 10:22:33 executing program 0: 10:22:33 executing program 3: 10:22:33 executing program 5: 10:22:33 executing program 2: [ 537.136688][T14659] ================================================================== [ 537.144823][T14659] BUG: KCSAN: data-race in drain_all_stock / refill_stock [ 537.151953][T14659] [ 537.154294][T14659] write to 0xffff88812c02a108 of 4 bytes by task 14657 on cpu 0: [ 537.162028][T14659] refill_stock+0xc3/0x110 [ 537.166458][T14659] try_charge+0xa60/0xbf0 [ 537.170912][T14659] mem_cgroup_try_charge+0xd2/0x260 [ 537.176239][T14659] mem_cgroup_try_charge_delay+0x3a/0x80 [ 537.181883][T14659] shmem_getpage_gfp+0x3bf/0x1390 [ 537.186914][T14659] shmem_fault+0x114/0x470 [ 537.191346][T14659] __do_fault+0xae/0x1f0 [ 537.195616][T14659] __handle_mm_fault+0x270d/0x2e00 [ 537.200728][T14659] handle_mm_fault+0x21b/0x530 [ 537.205537][T14659] __get_user_pages+0x485/0x1130 [ 537.210506][T14659] populate_vma_page_range+0xe6/0x100 [ 537.215893][T14659] __mm_populate+0x168/0x2a0 [ 537.220498][T14659] vm_mmap_pgoff+0x181/0x190 [ 537.225108][T14659] ksys_mmap_pgoff+0x99/0x420 [ 537.230300][T14659] __x64_sys_mmap+0x2e/0x40 [ 537.234828][T14659] do_syscall_64+0xcc/0x3a0 [ 537.239495][T14659] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 537.245386][T14659] [ 537.247726][T14659] read to 0xffff88812c02a108 of 4 bytes by task 14659 on cpu 1: [ 537.255394][T14659] drain_all_stock+0xe5/0x250 [ 537.260081][T14659] try_charge+0x79b/0xbf0 [ 537.264419][T14659] mem_cgroup_try_charge+0xd2/0x260 [ 537.269866][T14659] mem_cgroup_try_charge_delay+0x3a/0x80 [ 537.275611][T14659] __handle_mm_fault+0x197f/0x2e00 [ 537.280725][T14659] handle_mm_fault+0x21b/0x530 [ 537.285507][T14659] __get_user_pages+0x485/0x1130 [ 537.290467][T14659] populate_vma_page_range+0xe6/0x100 [ 537.296299][T14659] __mm_populate+0x168/0x2a0 [ 537.301048][T14659] __x64_sys_mlockall+0x2e3/0x320 [ 537.306092][T14659] do_syscall_64+0xcc/0x3a0 [ 537.310637][T14659] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 537.316528][T14659] [ 537.318888][T14659] Reported by Kernel Concurrency Sanitizer on: [ 537.325149][T14659] CPU: 1 PID: 14659 Comm: syz-executor.1 Not tainted 5.5.0-rc1-syzkaller #0 10:22:33 executing program 5: 10:22:33 executing program 2: [ 537.333911][T14659] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 537.344005][T14659] ================================================================== [ 537.352086][T14659] Kernel panic - not syncing: panic_on_warn set ... [ 537.358683][T14659] CPU: 1 PID: 14659 Comm: syz-executor.1 Not tainted 5.5.0-rc1-syzkaller #0 [ 537.367590][T14659] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 537.377703][T14659] Call Trace: [ 537.381008][T14659] dump_stack+0x11d/0x181 [ 537.385368][T14659] panic+0x210/0x640 [ 537.389285][T14659] ? vprintk_func+0x8d/0x140 [ 537.393895][T14659] kcsan_report.cold+0xc/0xd [ 537.398514][T14659] kcsan_setup_watchpoint+0x3fe/0x460 [ 537.403914][T14659] __tsan_read4+0xc6/0x100 [ 537.408341][T14659] drain_all_stock+0xe5/0x250 [ 537.413036][T14659] ? cgroup_file_notify+0xff/0x130 [ 537.418157][T14659] try_charge+0x79b/0xbf0 [ 537.422524][T14659] ? rcu_note_context_switch+0x720/0x760 [ 537.428181][T14659] mem_cgroup_try_charge+0xd2/0x260 [ 537.433399][T14659] mem_cgroup_try_charge_delay+0x3a/0x80 [ 537.439060][T14659] __handle_mm_fault+0x197f/0x2e00 [ 537.444197][T14659] handle_mm_fault+0x21b/0x530 [ 537.448976][T14659] __get_user_pages+0x485/0x1130 [ 537.454128][T14659] populate_vma_page_range+0xe6/0x100 [ 537.459519][T14659] __mm_populate+0x168/0x2a0 [ 537.464131][T14659] __x64_sys_mlockall+0x2e3/0x320 [ 537.469265][T14659] do_syscall_64+0xcc/0x3a0 [ 537.473803][T14659] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 537.479695][T14659] RIP: 0033:0x45b349 [ 537.483602][T14659] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 537.503328][T14659] RSP: 002b:00007f8c5b479c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 537.511753][T14659] RAX: ffffffffffffffda RBX: 00007f8c5b47a6d4 RCX: 000000000045b349 [ 537.519904][T14659] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 537.527898][T14659] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 537.535921][T14659] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 537.544039][T14659] R13: 0000000000000711 R14: 00000000004c8888 R15: 000000000075bf2c [ 537.553529][T14659] Kernel Offset: disabled [ 537.558010][T14659] Rebooting in 86400 seconds..