19], @ANYBLOB='&\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000000e00)=ANY=[@ANYBLOB='\x00'/85], @ANYBLOB="aa00000000000000"], @ANYBLOB="040000000000000040000000000000000400000000000000580000000000000014010000070000000100000000fcffff", @ANYPTR=&(0x7f0000000f00)=ANY=[@ANYBLOB="0400000000000000"], @ANYPTR=&(0x7f0000000f40)=ANY=[@ANYBLOB="00000080000000"], @ANYBLOB="2a000000000000000000000000000000010001000000000003000000000000000200000000000000060000000000000030000000000000001401000003000000", @ANYPTR=&(0x7f0000000f80)=ANY=[@ANYBLOB='\x00'/18], @ANYBLOB="1700000000000000", @ANYPTR=&(0x7f0000000fc0)=ANY=[@ANYBLOB='\x00'], @ANYBLOB="100000000000000058000000000000001401000007000000ff03000005000000", @ANYPTR=&(0x7f0000001000)=ANY=[@ANYBLOB="0300000000000000"], @ANYPTR=&(0x7f0000001040)=ANY=[@ANYBLOB="ffffff7f00000000"], @ANYBLOB="05000000000000000600000000000000570000000000000006000000000000000800000000000000090000000000000048000000000000001401000001000000e31e000005000000", @ANYPTR=&(0x7f0000001080)=ANY=[@ANYBLOB='\x00'/14], @ANYBLOB="0e00000000000000", @ANYPTR=&(0x7f00000012c0)=ANY=[@ANYPTR=&(0x7f00000010c0)=ANY=[@ANYBLOB='\x00'/60], @ANYBLOB='<\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000001100)=ANY=[@ANYBLOB='\x00'/48], @ANYBLOB='0\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000001140)=ANY=[@ANYBLOB]], @ANYBLOB="040000000000000009000000000000000300"], 0x198, 0x40}, 0x1) r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000180)={0x2, 0x0, @loopback}, 0x10) perf_event_open(&(0x7f0000000880)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$midi(&(0x7f0000000680)='/dev/midi#\x00', 0x7, 0x8000) ioctl$DRM_IOCTL_AGP_ALLOC(0xffffffffffffffff, 0xc0206434, &(0x7f0000000800)={0x8001, 0x0, 0x10000, 0xffff}) ioctl$DRM_IOCTL_AGP_ALLOC(r1, 0xc0206434, &(0x7f0000000840)={0x3, r2, 0x10001}) sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000100), 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {&(0x7f0000000040)=""/156, 0x80305}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x2c}, {&(0x7f00000001c0)=""/67, 0x43}, {&(0x7f0000000240)=""/198, 0xc6}, {&(0x7f0000000140)=""/15, 0xf}, {&(0x7f0000000340)=""/54, 0x7ffff}, {&(0x7f0000000380)=""/42, 0x2a}, {&(0x7f00000003c0)=""/77, 0x4d}, {&(0x7f0000000440)=""/244, 0xf4}, {&(0x7f0000000540)=""/219, 0xdb}], 0x7}}], 0x48}, 0x0) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000640)={0x52, 0x9, 0x3, {0x9, 0x8}, {0x5, 0x9bf}, @rumble={0x7, 0x7}}) 11:06:43 executing program 3: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff038000000800395032303030264c"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000400)={0xa0}, 0xa0) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) chdir(&(0x7f0000000000)='./file0\x00') mknod(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) [ 1119.356813][ T9520] ? finish_task_switch+0x119/0x720 [ 1119.356826][ T9520] ? lock_downgrade+0x920/0x920 [ 1119.356840][ T9520] ? swp_swapcount+0x540/0x540 [ 1119.356852][ T9520] ? __kasan_check_read+0x11/0x20 [ 1119.356866][ T9520] ? do_raw_spin_unlock+0x57/0x270 [ 1119.381678][ T9520] do_wp_page+0x499/0x14d0 [ 1119.386084][ T9520] ? finish_mkwrite_fault+0x570/0x570 [ 1119.391487][ T9520] __handle_mm_fault+0x22f1/0x3f20 [ 1119.396598][ T9520] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1119.402147][ T9520] ? __kasan_check_read+0x11/0x20 [ 1119.407190][ T9520] ? trace_hardirqs_on+0x67/0x240 [ 1119.412212][ T9520] handle_mm_fault+0x1b5/0x6b0 [ 1119.414346][ T9553] netlink: 'syz-executor.5': attribute type 4 has an invalid length. [ 1119.416967][ T9520] __do_page_fault+0x536/0xdd0 [ 1119.416984][ T9520] do_page_fault+0x38/0x590 [ 1119.416997][ T9520] page_fault+0x39/0x40 [ 1119.417011][ T9520] RIP: 0033:0x4051d2 [ 1119.442453][ T9520] Code: 8d bf 88 00 00 00 31 d2 e8 cb ea ff ff 48 8d 5d 08 4c 8d 65 0c eb 18 90 45 31 c0 31 c9 ba 80 00 00 00 48 89 de bf ca 00 00 00 89 46 05 00 8b 03 85 c0 74 e3 48 89 ef c7 45 08 00 00 00 00 e8 [ 1119.452906][ T9554] rdma_op 00000000b90b79c3 conn xmit_rdma 00000000d8f1147d [ 1119.462035][ T9520] RSP: 002b:00007fd57adf7d00 EFLAGS: 00010246 [ 1119.462046][ T9520] RAX: 0000000000000000 RBX: 000000000075c078 RCX: 0000000000000000 [ 1119.462053][ T9520] RDX: 0000000000000080 RSI: 000000000075c078 RDI: 00000000000000ca [ 1119.462060][ T9520] RBP: 000000000075c070 R08: 0000000000000000 R09: 0000000000000000 [ 1119.462066][ T9520] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000075c07c [ 1119.462073][ T9520] R13: 00007ffd9399f4cf R14: 00007fd57adf89c0 R15: 000000000075c07c [ 1119.500204][ T9520] memory: usage 304900kB, limit 307200kB, failcnt 2123 [ 1119.522488][ T23] audit: type=1804 audit(1566904003.964:1027): pid=9551 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir582042889/syzkaller.EPHjOp/2320/bus" dev="sda1" ino=16730 res=1 [ 1119.525396][ T9520] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1119.555374][ T9520] Memory cgroup stats for /syz4: [ 1119.555473][ T9520] anon 247087104 [ 1119.555473][ T9520] file 8192 [ 1119.555473][ T9520] kernel_stack 9633792 [ 1119.555473][ T9520] slab 16044032 [ 1119.555473][ T9520] sock 0 [ 1119.555473][ T9520] shmem 0 [ 1119.555473][ T9520] file_mapped 0 [ 1119.555473][ T9520] file_dirty 0 [ 1119.555473][ T9520] file_writeback 0 [ 1119.555473][ T9520] anon_thp 192937984 [ 1119.555473][ T9520] inactive_anon 135168 [ 1119.555473][ T9520] active_anon 247054336 [ 1119.555473][ T9520] inactive_file 0 [ 1119.555473][ T9520] active_file 0 [ 1119.555473][ T9520] unevictable 135168 [ 1119.555473][ T9520] slab_reclaimable 2973696 [ 1119.555473][ T9520] slab_unreclaimable 13070336 [ 1119.555473][ T9520] pgfault 225786 [ 1119.555473][ T9520] pgmajfault 0 [ 1119.555473][ T9520] workingset_refault 363 [ 1119.555473][ T9520] workingset_activate 66 [ 1119.555473][ T9520] workingset_nodereclaim 0 [ 1119.555473][ T9520] pgrefill 3803 [ 1119.555473][ T9520] pgscan 3743 [ 1119.555473][ T9520] pgsteal 642 [ 1119.727850][ T9520] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=9453,uid=0 [ 1119.756271][ T9520] Memory cgroup out of memory: Killed process 9453 (syz-executor.4) total-vm:72840kB, anon-rss:2208kB, file-rss:34816kB, shmem-rss:0kB 11:06:44 executing program 4: ioctl$SNDRV_TIMER_IOCTL_STATUS(0xffffffffffffffff, 0x80605414, &(0x7f0000001500)=""/172) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$rds(0xffffffffffffffff, &(0x7f00000014c0)={0x0, 0x0, &(0x7f0000000bc0)=[{0x0}], 0x1, &(0x7f0000001300)=ANY=[@ANYBLOB, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYBLOB="17000000", @ANYPTR, @ANYBLOB], 0x2c}, 0x1) r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000180)={0x2, 0x0, @loopback}, 0x10) perf_event_open(&(0x7f0000000880)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000100), 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {&(0x7f0000000040)=""/156, 0x80305}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x2c}, {&(0x7f00000001c0)=""/67, 0x43}, {&(0x7f0000000240)=""/198, 0xc6}, {&(0x7f0000000140)=""/15, 0xf}, {&(0x7f0000000340)=""/54, 0x7ffff}, {&(0x7f0000000380)=""/42, 0x2a}, {&(0x7f00000003c0)=""/77, 0x4d}, {&(0x7f0000000440)=""/244, 0xf4}, {&(0x7f0000000540)=""/219, 0xdb}], 0x7}}], 0x48}, 0x0) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000640)={0x52, 0x9, 0x3, {0x9, 0x8}, {0x5}, @rumble={0x7, 0x7}}) 11:06:44 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c0000000000ffffa888000000", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) 11:06:44 executing program 0: r0 = socket$kcm(0xa, 0x2, 0x73) close(r0) r1 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x3, 0x2) lsetxattr$trusted_overlay_redirect(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='trusted.overlay.redirect\x00', &(0x7f0000000100)='./file0\x00', 0x8, 0x2) ioctl$TIOCSERGETLSR(r1, 0x5459, &(0x7f0000000040)) 11:06:44 executing program 2: ioctl$SNDRV_TIMER_IOCTL_STATUS(0xffffffffffffffff, 0x80605414, &(0x7f0000001500)=""/172) sendmsg$rds(0xffffffffffffffff, &(0x7f00000014c0)={&(0x7f0000000900)={0x2, 0x4e21, @remote}, 0x10, &(0x7f0000000bc0)=[{&(0x7f0000000940)=""/192, 0xc0}, {&(0x7f0000000a00)=""/158, 0x9e}, {&(0x7f0000000ac0)=""/209, 0xd1}], 0x3, &(0x7f0000001300)=ANY=[@ANYBLOB="1800000000000000140100000200000068000000fbffffff180000000000000014010000020000000800000003000000480000000000000014010000010000000000000000000100", @ANYPTR=&(0x7f0000000c00)=ANY=[@ANYBLOB='\x00'/111], @ANYBLOB='o\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000000ec0)=ANY=[@ANYPTR=&(0x7f0000000c80)=ANY=[@ANYBLOB='\x00'/91], @ANYBLOB="9b4dd4c02f7ffc70", @ANYPTR=&(0x7f0000000d00)=ANY=[@ANYBLOB='\x00'/132], @ANYBLOB="8400000000000000", @ANYPTR=&(0x7f0000000dc0)=ANY=[@ANYBLOB='\x00'/19], @ANYBLOB='&\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000000e00)=ANY=[@ANYBLOB='\x00'/85], @ANYBLOB="aa00000000000000"], @ANYBLOB="040000000000000040000000000000000400000000000000580000000000000014010000070000000100000000fcffff", @ANYPTR=&(0x7f0000000f00)=ANY=[@ANYBLOB="0400000000000000"], @ANYPTR=&(0x7f0000000f40)=ANY=[@ANYBLOB="00000080000000"], @ANYBLOB="2a000000000000000000000000000000010001000000000003000000000000000200000000000000060000000000000030000000000000001401000003000000", @ANYPTR=&(0x7f0000000f80)=ANY=[@ANYBLOB='\x00'/18], @ANYBLOB="1700000000000000", @ANYRES32, @ANYBLOB="100000000000000058000000000000001401000007000000ff03000005000000", @ANYPTR=&(0x7f0000001000)=ANY=[@ANYBLOB="0300000000000000"], @ANYPTR=&(0x7f0000001040)=ANY=[@ANYBLOB="ffffff7f00000000"], @ANYBLOB="05000000000000000600000000000000570000000000000006000000000000000800000000000000090000000000000048000000000000001401000001000000e31e000005000000", @ANYPTR=&(0x7f0000001080)=ANY=[@ANYBLOB='\x00'/14], @ANYBLOB="0e00000000000000", @ANYPTR=&(0x7f00000012c0)=ANY=[@ANYPTR=&(0x7f00000010c0)=ANY=[@ANYBLOB='\x00'/60], @ANYBLOB='<\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000001100)=ANY=[@ANYBLOB='\x00'/48], @ANYBLOB='0\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000001140)=ANY=[@ANYBLOB]], @ANYBLOB="040000000000000009000000000000000300"], 0x194, 0x40}, 0x1) r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000180)={0x2, 0x0, @loopback}, 0x10) r1 = perf_event_open(&(0x7f0000000880)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TIOCVHANGUP(r1, 0x5437, 0x0) sendmsg$rds(r0, &(0x7f0000000800)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, &(0x7f0000001800)=[{&(0x7f0000000840)=""/58, 0x3a}, {&(0x7f0000000e80)=""/8, 0x8}, {&(0x7f0000001140)=""/183, 0xb7}, {&(0x7f0000001640)=""/217, 0xd9}, {&(0x7f0000001200)=""/12, 0xc}, {&(0x7f0000001740)=""/178, 0xb2}, {&(0x7f0000001240)=""/72, 0x48}], 0x7, &(0x7f0000000780)=ANY=[@ANYBLOB="4800000000000000140100000100"/24, @ANYPTR=&(0x7f0000000040)=ANY=[@ANYBLOB='\x00'/156], @ANYBLOB="9c00000000000000", @ANYPTR=&(0x7f00000006c0)=ANY=[@ANYPTR=&(0x7f0000000100)=ANY=[@ANYBLOB='\x00'/44], @ANYBLOB=',\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f00000001c0)=ANY=[@ANYBLOB='\x00'/67], @ANYBLOB='C\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000000240)=ANY=[@ANYBLOB='\x00'/198], @ANYBLOB="c600000000000000", @ANYPTR=&(0x7f0000000140)=ANY=[@ANYBLOB='\x00'/15], @ANYBLOB="0f00000000000000", @ANYPTR=&(0x7f0000000340)=ANY=[@ANYBLOB='\x00'/54], @ANYBLOB='6\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000000380)=ANY=[@ANYBLOB="000000000000000000000000000000000000000000000000000000000000000400"/42], @ANYBLOB='*\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f00000003c0)=ANY=[@ANYBLOB='\x00'/77], @ANYBLOB='M\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000000440)=ANY=[@ANYBLOB='\x00'/244], @ANYBLOB="f400000000000000", @ANYPTR=&(0x7f0000000540)=ANY=[@ANYBLOB='\x00'/219], @ANYBLOB="db00000000000000"], @ANYBLOB='\t\x00'/24], 0x48}, 0x0) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000640)={0x52, 0x9, 0x3, {0x9, 0x8}, {0x5, 0x9bf}, @rumble={0x7, 0x7}}) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000680)={'bpq0\x00', {0x2, 0x4e24, @loopback}}) 11:06:44 executing program 3: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff038000000800395032303030264c"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000400)={0xa0}, 0xa0) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) chdir(&(0x7f0000000000)='./file0\x00') mknod(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) [ 1119.792021][ T1058] oom_reaper: reaped process 9453 (syz-executor.4), now anon-rss:0kB, file-rss:34688kB, shmem-rss:0kB [ 1119.840046][ T9575] netlink: 'syz-executor.5': attribute type 4 has an invalid length. 11:06:44 executing program 0: ioctl$EXT4_IOC_PRECACHE_EXTENTS(0xffffffffffffffff, 0x6612) ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x81009431, &(0x7f0000000380)) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r0 = syz_open_dev$admmidi(&(0x7f0000000000)='/dev/admmidi#\x00', 0x4, 0x400) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x4000000000, 0x0, 0x0, 0x1, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, &(0x7f0000000140), 0x4) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000180)=[@in={0x2, 0x4e23, @remote}, @in6={0xa, 0x4e22, 0x7, @mcast1, 0x4}, @in6={0xa, 0x4e20, 0x0, @rand_addr="40e9017b260dc1e6bc04ad67534b449e", 0x5}, @in6={0xa, 0x4e21, 0x0, @local, 0x1}, @in6={0xa, 0x4e22, 0x99, @loopback, 0x1000}, @in={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x14}}], 0x90) connect$inet(0xffffffffffffffff, &(0x7f00000002c0)={0x2, 0x0, @multicast1}, 0xf) ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000240)={0x750, {0x2, 0x0, @multicast1}, {0x2, 0x0, @remote}, {0x2, 0x0, @broadcast}, 0x0, 0x0, 0x2, 0x46a, 0x2, 0x0, 0x0, 0x3, 0xffffffffffffffff}) listen(0xffffffffffffffff, 0x10001) getsockname$inet6(0xffffffffffffffff, 0x0, &(0x7f0000000300)) socket$key(0xf, 0x3, 0x2) unshare(0x60000000) socket$inet_tcp(0x2, 0x1, 0x0) [ 1119.868049][ T23] audit: type=1804 audit(1566904004.314:1028): pid=9577 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir582042889/syzkaller.EPHjOp/2320/bus" dev="sda1" ino=16730 res=1 11:06:44 executing program 2: r0 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000680)='/dev/qat_adf_ctl\x00', 0x44c0, 0x0) bind$rds(r0, &(0x7f0000000800)={0x2, 0x4e23, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10) ioctl$PPPIOCSNPMODE(r0, 0x4008744b, &(0x7f0000000840)={0xc0ff}) ioctl$SNDRV_TIMER_IOCTL_STATUS(0xffffffffffffffff, 0x80605414, &(0x7f0000001500)=""/172) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$rds(0xffffffffffffffff, &(0x7f00000014c0)={&(0x7f0000000900)={0x2, 0x4e21, @remote}, 0x10, &(0x7f0000000bc0)=[{&(0x7f0000000940)=""/192, 0xc0}, {&(0x7f0000000a00)=""/158, 0x9e}, {&(0x7f0000000ac0)=""/209, 0xd1}], 0x3, &(0x7f0000001300)=ANY=[@ANYBLOB="1800000000000000140100000200000068000000fbffffff180000000000000014010000020000000800000003000000480000000000000014010000010000000000000000000100", @ANYPTR=&(0x7f0000000c00)=ANY=[@ANYBLOB='\x00'/111], @ANYBLOB='o\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000000ec0)=ANY=[@ANYPTR=&(0x7f0000000c80)=ANY=[@ANYBLOB='\x00'/91], @ANYBLOB="9b4dd4c02f7ffc70", @ANYPTR=&(0x7f0000000d00)=ANY=[@ANYBLOB='\x00'/132], @ANYBLOB="8400000000000000", @ANYPTR=&(0x7f0000000dc0)=ANY=[@ANYBLOB='\x00'/19], @ANYBLOB='&\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000000e00)=ANY=[@ANYBLOB='\x00'/85], @ANYBLOB="aa00000000000000"], @ANYBLOB="040000000000000040000000000000000400000000000000580000000000000014010000070000000100000000fcffff", @ANYPTR=&(0x7f0000000f00)=ANY=[@ANYBLOB="0400000000000000"], @ANYPTR=&(0x7f0000000f40)=ANY=[@ANYBLOB="00000080000000"], @ANYBLOB="2a000000000000000000000000000000010001000000000003000000000000000200000000000000060000000000000030000000000000001401000003000000", @ANYPTR=&(0x7f0000000f80)=ANY=[@ANYBLOB='\x00'/18], @ANYBLOB="1700000000000000", @ANYPTR=&(0x7f0000000fc0)=ANY=[@ANYBLOB='\x00'], @ANYBLOB="100000000000000058000000000000001401000007000000ff03000005000000", @ANYPTR=&(0x7f0000001000)=ANY=[@ANYBLOB="0300000000000000"], @ANYPTR=&(0x7f0000001040)=ANY=[@ANYBLOB="ffffff7f00000000"], @ANYBLOB="05000000000000000600000000000000570000000000000006000000000000000800000000000000090000000000000048000000000000001401000001000000e31e000005000000", @ANYPTR=&(0x7f0000001080)=ANY=[@ANYBLOB='\x00'/14], @ANYBLOB="0e00000000000000", @ANYPTR=&(0x7f00000012c0)=ANY=[@ANYPTR=&(0x7f00000010c0)=ANY=[@ANYBLOB='\x00'/60], @ANYBLOB='<\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000001100)=ANY=[@ANYBLOB='\x00'/48], @ANYBLOB='0\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000001140)=ANY=[@ANYBLOB]], @ANYBLOB="040000000000000009000000000000000300"], 0x198, 0x40}, 0x1) accept4$tipc(r0, &(0x7f0000000e80)=@id, &(0x7f0000001140)=0x10, 0x80000) r1 = socket$rds(0x15, 0x5, 0x0) bind$rds(r1, &(0x7f0000000180)={0x2, 0x0, @loopback}, 0x10) perf_event_open(&(0x7f0000000880)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$rds(r1, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000100), 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {&(0x7f0000000040)=""/156, 0x80305}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x2c}, {&(0x7f00000001c0)=""/67, 0x43}, {&(0x7f0000000240)=""/198, 0xc6}, {&(0x7f0000000140)=""/15, 0xf}, {&(0x7f0000000340)=""/54, 0x7ffff}, {&(0x7f0000000380)=""/42, 0x2a}, {&(0x7f00000003c0)=""/77, 0x4d}, {&(0x7f0000000440)=""/244, 0xf4}, {&(0x7f0000000540)=""/219, 0xdb}], 0x7}}], 0x48}, 0x0) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000640)={0x52, 0x9, 0x3, {0x9, 0x8}, {0x5, 0x9bf}, @rumble={0x7, 0x7}}) 11:06:44 executing program 1: r0 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r0, 0x8003f1) open(&(0x7f00000004c0)='./bus\x00', 0x0, 0xa00) 11:06:44 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c0000000000ffffff9e000000", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) [ 1120.011487][ T23] audit: type=1800 audit(1566904004.354:1029): pid=9577 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed comm="syz-executor.1" name="bus" dev="sda1" ino=16730 res=0 [ 1120.047956][ T9582] rdma_op 00000000dc032930 conn xmit_rdma 00000000d8f1147d 11:06:44 executing program 3: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff038000000800395032303030264c"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000400)={0xa0}, 0xa0) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) chdir(&(0x7f0000000000)='./file0\x00') mknod(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) [ 1120.098633][ T9599] netlink: 'syz-executor.5': attribute type 4 has an invalid length. [ 1120.138691][ T23] audit: type=1804 audit(1566904004.584:1030): pid=9604 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir582042889/syzkaller.EPHjOp/2321/bus" dev="sda1" ino=16731 res=1 [ 1120.145826][ T9596] rdma_op 00000000528ece89 conn xmit_rdma 00000000d8f1147d 11:06:44 executing program 4: ioctl$SNDRV_TIMER_IOCTL_STATUS(0xffffffffffffffff, 0x80605414, &(0x7f0000001500)=""/172) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$rds(0xffffffffffffffff, &(0x7f00000014c0)={0x0, 0x0, &(0x7f0000000bc0)=[{0x0}], 0x1, &(0x7f0000001300)=ANY=[@ANYBLOB, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYBLOB="17000000", @ANYPTR, @ANYBLOB], 0x2c}, 0x1) r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000180)={0x2, 0x0, @loopback}, 0x10) perf_event_open(&(0x7f0000000880)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000100), 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {&(0x7f0000000040)=""/156, 0x80305}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x2c}, {&(0x7f00000001c0)=""/67, 0x43}, {&(0x7f0000000240)=""/198, 0xc6}, {&(0x7f0000000140)=""/15, 0xf}, {&(0x7f0000000340)=""/54, 0x7ffff}, {&(0x7f0000000380)=""/42, 0x2a}, {&(0x7f00000003c0)=""/77, 0x4d}, {&(0x7f0000000440)=""/244, 0xf4}, {&(0x7f0000000540)=""/219, 0xdb}], 0x7}}], 0x48}, 0x0) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000640)={0x52, 0x9, 0x3, {0x9, 0x8}, {0x5}, @rumble={0x7, 0x7}}) [ 1120.202146][ T9587] IPVS: ftp: loaded support on port[0] = 21 11:06:44 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c0000000000008000a0000000", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) 11:06:44 executing program 3: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff038000000800395032303030264c"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000400)={0xa0}, 0xa0) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) chdir(&(0x7f0000000000)='./file0\x00') mknod(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) 11:06:44 executing program 2: ioctl$SNDRV_TIMER_IOCTL_STATUS(0xffffffffffffffff, 0x80605414, &(0x7f0000001500)=""/172) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$rds(0xffffffffffffffff, &(0x7f00000014c0)={&(0x7f0000001c00)={0x2, 0x4e21, @remote}, 0x10, &(0x7f0000000bc0)=[{&(0x7f0000000940)=""/192, 0xc0}, {&(0x7f0000000a00)=""/158, 0x9e}, {&(0x7f0000000ac0)=""/209, 0xd1}], 0x3, &(0x7f0000001a40)=ANY=[@ANYBLOB="1800000000000000140100000200000068000000fbffffff180000000000000014010000020000000800000003000000480000000000000014010000010000000000000000000100", @ANYPTR=&(0x7f0000000c00)=ANY=[@ANYBLOB='\x00'/111], @ANYRESHEX, @ANYPTR=&(0x7f0000000ec0)=ANY=[@ANYPTR=&(0x7f0000000c80)=ANY=[@ANYBLOB='\x00'/91], @ANYBLOB="7f82f113eec708c2", @ANYPTR=&(0x7f0000000d00)=ANY=[@ANYBLOB='\x00'/132], @ANYBLOB, @ANYPTR=&(0x7f0000000dc0)=ANY=[@ANYBLOB='\x00'/19], @ANYBLOB='&\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000000e00)=ANY=[@ANYBLOB='\x00'/85], @ANYBLOB="aa00000000000000"], @ANYBLOB="040000000000000040000000000000000400000000000000580000000000000014010000070000000100000000fcffff", @ANYPTR=&(0x7f0000000f00)=ANY=[@ANYBLOB="0400000000000000"], @ANYPTR=&(0x7f0000000f40)=ANY=[@ANYBLOB="00000080000000"], @ANYBLOB="2a000000000000000000000000000000010001000000000003000000000000000200000000000000060000000000000030000000000000001401000003000000", @ANYPTR=&(0x7f0000000f80)=ANY=[@ANYBLOB='\x00'/18], @ANYBLOB="1700000000000000", @ANYPTR=&(0x7f0000000fc0)=ANY=[@ANYBLOB='\x00'], @ANYBLOB="100000000000000058000000000000001401000007000000ff03000005000000", @ANYPTR=&(0x7f0000001000)=ANY=[@ANYBLOB="0300000000000000"], @ANYPTR=&(0x7f0000001040)=ANY=[@ANYBLOB="ffffff7f00000000"], @ANYBLOB="05000000000000000600000000000000570000000000000006000000000000000800000000000000090000000000000048000000000000001401000001000000e31e000005000000", @ANYPTR=&(0x7f0000001080)=ANY=[@ANYBLOB='\x00'/14], @ANYBLOB="0e00000000000000", @ANYPTR=&(0x7f00000012c0)=ANY=[@ANYPTR=&(0x7f00000010c0)=ANY=[@ANYBLOB='\x00'/60], @ANYBLOB='<\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000001100)=ANY=[@ANYBLOB='\x00'/48], @ANYBLOB='0\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000001140)=ANY=[@ANYBLOB]], @ANYBLOB="040000000000000009000000000000000300"], 0x1a4, 0x40}, 0x1) r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f00000019c0)={0x2, 0x5e22, @rand_addr=0x9}, 0x3) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000180)='/dev/dsp\x00', 0x1, 0x0) setsockopt$SO_VM_SOCKETS_BUFFER_SIZE(r1, 0x28, 0x0, &(0x7f0000001a00)=0x8, 0x8) r2 = syz_open_dev$vcsa(&(0x7f0000000680)='/dev/vcsa#\x00', 0x3, 0x40000) ioctl$VHOST_RESET_OWNER(r2, 0xaf02, 0x0) r3 = shmget$private(0x0, 0x2000, 0x78000000, &(0x7f0000ffc000/0x2000)=nil) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000800)={0x0, 0x0}, &(0x7f0000000840)=0xc) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000e80)={0x0, 0x0, 0x0}, &(0x7f0000001240)=0xc) fstat(r2, &(0x7f0000001640)={0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$KDENABIO(r1, 0x4b36) getsockopt$ARPT_SO_GET_REVISION_TARGET(r2, 0x0, 0x63, &(0x7f00000017c0)={'TPROXY\x00'}, &(0x7f0000001800)=0x1e) lstat(&(0x7f0000001280)='./file0\x00', &(0x7f00000016c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$TIOCGSID(r2, 0x5429, &(0x7f00000015c0)=0x0) r9 = gettid() shmctl$IPC_SET(r3, 0x1, &(0x7f0000001740)={{0x4, r4, r5, r6, r7, 0x20, 0xe7}, 0x2, 0xfffffffffffffffb, 0x3e97, 0x745918b9, r8, r9, 0x2}) getsockopt$inet_sctp_SCTP_GET_ASSOC_STATS(r2, 0x84, 0x70, &(0x7f0000001840)={0x0, @in6={{0xa, 0x4e24, 0x80000001, @mcast2, 0x9}}, [0x8000, 0x1, 0x80000001, 0x400, 0x3, 0x101, 0x1, 0x200, 0xba5, 0x8001, 0x57ae550a, 0x4, 0x7ff, 0x1, 0x5]}, &(0x7f0000001940)=0x100) setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r2, 0x84, 0x77, &(0x7f0000001980)={r10, 0x7, 0x4, [0xfffffffffffffeff, 0x9, 0xffffffff, 0x0]}, 0x10) sendto(r0, &(0x7f0000001140)="d436e87b7c18d29683af256785050fdce03c557330542c8a61a6ee0f5595877f2de295e07be81d274e3b9b3905b4c94f9813905989a9def584bb8b04c989538e6f72af001192c937d753c6c8aff8ad3a5116ca61ecff759f497acfab45c13163c7d4890b09a6d6e88d0466b3a7d8c75e3269b02cbea09f880356be26536b3361e6389edfd5174d9980cd2c794cf3c063ead40984daa7e44f55a6a035cf3e665ed7f9e0195edf7dad60ab50c8c326079cbfdc868bd73ed50eefdc07047f264c4124a1fd899136376f703ca5b4a578b4cee7c535924dbb1550781eafb593ff2ad82399c30ce8aac849", 0xe8, 0x4040000, 0x0, 0x0) perf_event_open(&(0x7f0000000880)={0x5, 0x70, 0x0, 0x0, 0x0, 0x1, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x100) sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000100), 0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="4800000000000000140100000100"/24, @ANYPTR=&(0x7f0000000040)=ANY=[@ANYBLOB='\x00'/156], @ANYBLOB="0503080000000000", @ANYPTR=&(0x7f00000006c0)=ANY=[@ANYPTR=&(0x7f0000000100)=ANY=[@ANYBLOB='\x00'/44], @ANYBLOB=',\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f00000001c0)=ANY=[@ANYBLOB='\x00'/67], @ANYBLOB='C\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000000240)=ANY=[@ANYBLOB='\x00'/198], @ANYBLOB="c600000000000000", @ANYPTR=&(0x7f0000000140)=ANY=[@ANYBLOB='\x00'/15], @ANYBLOB="0f00000000000000", @ANYPTR=&(0x7f0000000340)=ANY=[@ANYBLOB='\x00'/54], @ANYBLOB="ffff070000000000", @ANYPTR=&(0x7f0000000380)=ANY=[@ANYBLOB='\x00'/42], @ANYBLOB='\x00\x00\x00', @ANYPTR=&(0x7f00000003c0)=ANY=[@ANYBLOB='\x00'/77], @ANYBLOB='M\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000000440)=ANY=[@ANYBLOB='\x00'/244], @ANYBLOB="f400000000000000", @ANYPTR=&(0x7f0000000540)=ANY=[@ANYBLOB='\x00'/219], @ANYBLOB="db00000000000000"], @ANYBLOB='\a\x00'/24], 0x48}, 0x0) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000640)={0x52, 0x9, 0x3, {0x9, 0x8}, {0x5, 0x9bf}, @rumble={0x7, 0x7}}) restart_syscall() [ 1120.363563][ T9616] netlink: 'syz-executor.5': attribute type 4 has an invalid length. 11:06:44 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c0000000000fffffff0000000", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) 11:06:44 executing program 4: ioctl$SNDRV_TIMER_IOCTL_STATUS(0xffffffffffffffff, 0x80605414, &(0x7f0000001500)=""/172) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$rds(0xffffffffffffffff, &(0x7f00000014c0)={0x0, 0x0, &(0x7f0000000bc0)=[{0x0}], 0x1, &(0x7f0000001300)=ANY=[@ANYBLOB, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYBLOB="17000000", @ANYPTR, @ANYBLOB], 0x2c}, 0x1) r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000180)={0x2, 0x0, @loopback}, 0x10) perf_event_open(&(0x7f0000000880)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000100), 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {&(0x7f0000000040)=""/156, 0x80305}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x2c}, {&(0x7f00000001c0)=""/67, 0x43}, {&(0x7f0000000240)=""/198, 0xc6}, {&(0x7f0000000140)=""/15, 0xf}, {&(0x7f0000000340)=""/54, 0x7ffff}, {&(0x7f0000000380)=""/42, 0x2a}, {&(0x7f00000003c0)=""/77, 0x4d}, {&(0x7f0000000440)=""/244, 0xf4}, {&(0x7f0000000540)=""/219, 0xdb}], 0x7}}], 0x48}, 0x0) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000640)={0x52, 0x9, 0x3, {0x9, 0x8}, {0x5}, @rumble={0x7, 0x7}}) 11:06:45 executing program 2: ioctl$SNDRV_TIMER_IOCTL_STATUS(0xffffffffffffffff, 0x80605414, &(0x7f0000001500)=""/172) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$rds(0xffffffffffffffff, &(0x7f00000014c0)={&(0x7f0000000900)={0x2, 0x4e21, @remote}, 0x10, &(0x7f0000000bc0)=[{&(0x7f0000000940)=""/192, 0xc0}, {&(0x7f0000000a00)=""/158, 0x9e}, {&(0x7f0000000ac0)=""/209, 0xd1}], 0x3, &(0x7f0000001300)=ANY=[@ANYBLOB="1800000000000000140100000200000068000000fbffffff180000000000000014010000020000000800000003000000480000000000000014010000010000000000000000000100", @ANYPTR=&(0x7f0000000c00)=ANY=[@ANYBLOB='\x00'/111], @ANYBLOB='o\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000000ec0)=ANY=[@ANYPTR=&(0x7f0000000c80)=ANY=[@ANYBLOB='\x00'/91], @ANYBLOB="9b4dd4c02f7ffc70", @ANYPTR=&(0x7f0000000d00)=ANY=[@ANYBLOB='\x00'/132], @ANYBLOB="8400000000000000", @ANYPTR=&(0x7f0000000dc0)=ANY=[@ANYBLOB='\x00'/19], @ANYBLOB='&\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000000e00)=ANY=[@ANYBLOB='\x00'/85], @ANYBLOB="aa00000000000000"], @ANYBLOB="040000000000000040000000000000000400000000000000580000000000000014010000070000000100000000fcffff", @ANYPTR=&(0x7f0000000f00)=ANY=[@ANYBLOB="0400000000000000"], @ANYPTR=&(0x7f0000000f40)=ANY=[@ANYBLOB="00000080000000"], @ANYBLOB="2a000000000000000000000000000000010001000000000003000000000000000200000000000000060000000000000030000000000000001401000003000000", @ANYPTR=&(0x7f0000000f80)=ANY=[@ANYBLOB='\x00'/18], @ANYBLOB="1700000000000000", @ANYPTR=&(0x7f0000000fc0)=ANY=[@ANYBLOB='\x00'], @ANYBLOB="100000000000000058000000000000001401000007000000ff03000005000000", @ANYPTR=&(0x7f0000001000)=ANY=[@ANYBLOB="0300000000000000"], @ANYPTR=&(0x7f0000001040)=ANY=[@ANYBLOB="ffffff7f00000000"], @ANYBLOB="05000000000000000600000000000000570000000000000006000000000000000800000000000000090000000000000048000000000000001401000001000000e31e000005000000", @ANYPTR=&(0x7f0000001080)=ANY=[@ANYBLOB='\x00'/14], @ANYBLOB="0e00000000000000", @ANYPTR=&(0x7f00000012c0)=ANY=[@ANYPTR=&(0x7f00000010c0)=ANY=[@ANYBLOB='\x00'/60], @ANYBLOB='<\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000001100)=ANY=[@ANYBLOB='\x00'/48], @ANYBLOB='0\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000001140)=ANY=[@ANYBLOB]], @ANYBLOB="040000000000000009000000000000000300"], 0x198, 0x40}, 0x1) r0 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000800)='/dev/vsock\x00', 0x80, 0x0) ioctl$RTC_UIE_ON(r0, 0x7003) r1 = socket$rds(0x15, 0x5, 0x0) bind$rds(r1, &(0x7f0000000180)={0x2, 0x0, @loopback}, 0x10) perf_event_open(&(0x7f0000000880)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) pipe2(&(0x7f0000000680)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80000) ioctl$TIOCSCTTY(r2, 0x540e, 0x3) sendmsg$rds(r1, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000100), 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {&(0x7f0000000040)=""/156, 0x80305}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x2c}, {&(0x7f00000001c0)=""/67, 0x43}, {&(0x7f0000000240)=""/198, 0xc6}, {&(0x7f0000000140)=""/15, 0xf}, {&(0x7f0000000340)=""/54, 0x7ffff}, {&(0x7f0000000380)=""/42, 0x2a}, {&(0x7f00000003c0)=""/77, 0x4d}, {&(0x7f0000000440)=""/244, 0xf4}, {&(0x7f0000000540)=""/219, 0xdb}], 0x7}}], 0x48}, 0x0) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000640)={0x52, 0x9, 0x3, {0x9, 0x8}, {0x5, 0x9bf}, @rumble={0x7, 0x7}}) [ 1120.681764][ T23] audit: type=1804 audit(1566904005.124:1031): pid=9658 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir582042889/syzkaller.EPHjOp/2321/bus" dev="sda1" ino=16731 res=1 [ 1120.700759][ T9659] Unknown ioctl 28675 [ 1120.720861][ T9637] netlink: 'syz-executor.5': attribute type 4 has an invalid length. [ 1120.826175][ T9664] Unknown ioctl 28675 [ 1120.900302][ T9589] IPVS: ftp: loaded support on port[0] = 21 11:06:45 executing program 0: r0 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x476, 0x101002) write$evdev(r0, &(0x7f0000000340)=[{{0x0, 0x7530}, 0x14, 0x1000}], 0x18) r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/autofs\x00', 0x100, 0x0) ioctl$FIGETBSZ(r1, 0x2, &(0x7f00000000c0)) setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r1, 0x10e, 0x2, &(0x7f0000000080), 0x4) ioctl$NBD_SET_BLKSIZE(r1, 0xab01, 0x3) ioctl$VHOST_RESET_OWNER(r1, 0xaf02, 0x0) 11:06:45 executing program 3: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff038000000800395032303030264c"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000400)={0xa0}, 0xa0) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) chdir(&(0x7f0000000000)='./file0\x00') mknod(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) 11:06:45 executing program 4: ioctl$SNDRV_TIMER_IOCTL_STATUS(0xffffffffffffffff, 0x80605414, &(0x7f0000001500)=""/172) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$rds(0xffffffffffffffff, &(0x7f00000014c0)={0x0, 0x0, &(0x7f0000000bc0)=[{0x0}], 0x1, &(0x7f0000001300)=ANY=[@ANYBLOB, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYBLOB="17000000", @ANYPTR, @ANYBLOB], 0x2c}, 0x1) r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000180)={0x2, 0x0, @loopback}, 0x10) perf_event_open(&(0x7f0000000880)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000100), 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {&(0x7f0000000040)=""/156, 0x80305}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x2c}, {&(0x7f00000001c0)=""/67, 0x43}, {&(0x7f0000000240)=""/198, 0xc6}, {&(0x7f0000000140)=""/15, 0xf}, {&(0x7f0000000340)=""/54, 0x7ffff}, {&(0x7f0000000380)=""/42, 0x2a}, {&(0x7f00000003c0)=""/77, 0x4d}, {&(0x7f0000000440)=""/244, 0xf4}, {&(0x7f0000000540)=""/219, 0xdb}], 0x7}}], 0x48}, 0x0) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000640)={0x52, 0x9, 0x3, {0x9, 0x8}, {0x5}, @rumble={0x7, 0x7}}) 11:06:45 executing program 1: r0 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r0, 0x8003f1) open(&(0x7f00000004c0)='./bus\x00', 0x0, 0xb00) 11:06:45 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c00000000000000fffe000000", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) 11:06:45 executing program 2: ioctl$SNDRV_TIMER_IOCTL_STATUS(0xffffffffffffffff, 0x80605414, &(0x7f0000001500)=""/172) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$rds(0xffffffffffffffff, &(0x7f00000014c0)={&(0x7f0000000900)={0x2, 0x4e21, @remote}, 0x10, &(0x7f0000000bc0)=[{&(0x7f0000000940)=""/192, 0xc0}, {&(0x7f0000000a00)=""/158, 0x9e}, {&(0x7f0000000ac0)=""/209, 0xd1}], 0x3, &(0x7f0000001300)=ANY=[@ANYBLOB="1800000000000000140100000200000068000000fbffffff180000000000000014010000020000000800000003000000480000000000000014010000010000000000000000000100", @ANYPTR=&(0x7f0000000c00)=ANY=[@ANYBLOB='\x00'/111], @ANYBLOB='o\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000000ec0)=ANY=[@ANYPTR=&(0x7f0000000c80)=ANY=[@ANYBLOB='\x00'/91], @ANYBLOB="9b4dd4c02f7ffc70", @ANYPTR=&(0x7f0000000d00)=ANY=[@ANYBLOB='\x00'/132], @ANYBLOB="8400000000000000", @ANYPTR=&(0x7f0000000dc0)=ANY=[@ANYBLOB='\x00'/19], @ANYBLOB='&\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000000e00)=ANY=[@ANYBLOB='\x00'/85], @ANYBLOB="aa00000000000000"], @ANYBLOB="040000000000000040000000000000000400000000000000580000000000000014010000070000000100000000fcffff", @ANYPTR=&(0x7f0000000f00)=ANY=[@ANYBLOB="0400000000000000"], @ANYPTR=&(0x7f0000000f40)=ANY=[@ANYBLOB="00000080000000"], @ANYBLOB="2a000000000000000000000000000000010001000000000003000000000000000200000000000000060000000000000030000000000000001401000003000000", @ANYPTR=&(0x7f0000000f80)=ANY=[@ANYBLOB='\x00'/18], @ANYBLOB="1700000000000000", @ANYPTR=&(0x7f0000000fc0)=ANY=[@ANYBLOB='\x00'], @ANYBLOB="100000000000000058000000000000001401000007000000ff03000005000000", @ANYPTR=&(0x7f0000001000)=ANY=[@ANYBLOB="0300000000000000"], @ANYPTR=&(0x7f0000001040)=ANY=[@ANYBLOB="ffffff7f00000000"], @ANYBLOB="05000000000000000600000000000000570000000000000006000000000000000800000000000000090000000000000048000000000000001401000001000000e31e000005000000", @ANYPTR=&(0x7f0000001080)=ANY=[@ANYBLOB='\x00'/14], @ANYBLOB="0e00000000000000", @ANYPTR=&(0x7f00000012c0)=ANY=[@ANYPTR=&(0x7f00000010c0)=ANY=[@ANYBLOB='\x00'/60], @ANYBLOB='<\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000000800)=ANY=[@ANYBLOB="000000000000000000aa3aa736ce09add6a800"/57], @ANYBLOB='0\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000001140)=ANY=[@ANYBLOB]], @ANYBLOB="040000000000000009000000000000000300"], 0x198, 0x40}, 0x1) openat$ppp(0xffffffffffffff9c, &(0x7f0000000680)='/dev/ppp\x00', 0x101000, 0x0) r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000180)={0x2, 0x0, @loopback}, 0x10) perf_event_open(&(0x7f0000000880)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000100), 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {&(0x7f0000000040)=""/156, 0x80305}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x2c}, {&(0x7f00000001c0)=""/67, 0x43}, {&(0x7f0000000240)=""/198, 0xc6}, {&(0x7f0000000140)=""/15, 0xf}, {&(0x7f0000000340)=""/54, 0x7ffff}, {&(0x7f0000000380)=""/42, 0x2a}, {&(0x7f00000003c0)=""/77, 0x4d}, {&(0x7f0000000440)=""/244, 0xf4}, {&(0x7f0000000540)=""/219, 0xdb}], 0x7}}], 0x48}, 0x0) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000640)={0x52, 0x9, 0x3, {0x9, 0x8}, {0x5, 0x9bf}, @rumble={0x7, 0x7}}) 11:06:45 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c000000000000000fff000000", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) [ 1121.034802][ T23] audit: type=1804 audit(1566904005.474:1032): pid=9684 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir582042889/syzkaller.EPHjOp/2322/bus" dev="sda1" ino=16731 res=1 11:06:45 executing program 2: ioctl$SNDRV_TIMER_IOCTL_STATUS(0xffffffffffffffff, 0x80605414, &(0x7f0000001500)=""/172) clone(0x8000000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$rds(0xffffffffffffffff, &(0x7f00000014c0)={&(0x7f0000000680)={0x2, 0x4e21, @remote}, 0xb, &(0x7f0000000bc0)=[{&(0x7f0000000940)=""/192, 0xc0}, {&(0x7f0000000a00)=""/158, 0x9e}, {&(0x7f0000000ac0)=""/209, 0xd1}], 0x3, &(0x7f0000001140)=ANY=[@ANYBLOB="1800000000000000140100000200000068000000fbffffff180000000000000014010000020000000800000003000000480000000000000014010000010000000000000000000100", @ANYPTR=&(0x7f0000000c00)=ANY=[@ANYBLOB='\x00'/111], @ANYBLOB='o\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000000ec0)=ANY=[@ANYPTR=&(0x7f0000000c80)=ANY=[@ANYBLOB='\x00'/91], @ANYBLOB="9b4dd4c02f7ffc70", @ANYPTR=&(0x7f0000000d00)=ANY=[@ANYBLOB='\x00'/132], @ANYBLOB="8400000000000000", @ANYPTR=&(0x7f0000000dc0)=ANY=[@ANYBLOB='\x00'/19], @ANYBLOB='&\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000000e00)=ANY=[@ANYBLOB='\x00'/85], @ANYBLOB="aa00000000000000"], @ANYRES64, @ANYPTR64, @ANYPTR=&(0x7f0000000f40)=ANY=[@ANYBLOB="00000080000000"], @ANYBLOB="2a000000000000000000000000000000010001000000000003000000000000000200000000000000060000000000000030000000000000001401000003000000", @ANYPTR=&(0x7f0000000f80)=ANY=[@ANYBLOB='\x00'/18], @ANYBLOB="1700000000000000", @ANYPTR=&(0x7f0000000fc0)=ANY=[@ANYBLOB='\x00'], @ANYBLOB="100000000000000058000000000000001401000007000000ff03000005000000", @ANYRESHEX, @ANYPTR=&(0x7f0000001040)=ANY=[@ANYBLOB="ffffff7f00000000"], @ANYBLOB="05000000000000000600000000000000570000000000000006000000000000000800000000000000090000000000000048000000000000001401000001000000e31e000005000000", @ANYPTR=&(0x7f0000001080)=ANY=[@ANYBLOB='\x00'/14], @ANYBLOB="0e00000000000000", @ANYPTR=&(0x7f00000012c0)=ANY=[@ANYPTR=&(0x7f00000010c0)=ANY=[@ANYBLOB='\x00'/60], @ANYBLOB='<\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000001100)=ANY=[@ANYBLOB='\x00'/48], @ANYBLOB='0\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000001140)=ANY=[@ANYBLOB]], @ANYBLOB="040000000000000009000000000000000300"], 0x198, 0x40}, 0x1) r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000180)={0x2, 0x0, @local}, 0xfffffffffffffe9a) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$DRM_IOCTL_CONTROL(r1, 0x40086414, &(0x7f0000000800)={0x3, 0x5}) ioctl$SIOCAX25OPTRT(r1, 0x89e7, &(0x7f0000000840)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @bcast, 0x2, 0x56}) perf_event_open(&(0x7f0000000880)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000100), 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {&(0x7f0000000040)=""/156, 0x80305}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x2c}, {&(0x7f00000001c0)=""/67, 0x43}, {&(0x7f0000000240)=""/198, 0xc6}, {&(0x7f0000000140)=""/15, 0xf}, {&(0x7f0000000340)=""/54, 0x7ffff}, {&(0x7f0000000380)=""/42, 0x2a}, {&(0x7f00000003c0)=""/77, 0x4d}, {&(0x7f0000000440)=""/244, 0xf4}, {&(0x7f0000000540)=""/219, 0xdb}], 0x7}}], 0x48}, 0x0) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000640)={0x52, 0x9, 0x3, {0x9, 0x8}, {0x5, 0x9bf}, @rumble={0x7, 0x7}}) ioctl$UDMABUF_CREATE(r1, 0x40187542, &(0x7f0000000900)={r1, 0x0, 0x2000, 0x2000}) setsockopt$XDP_TX_RING(r1, 0x11b, 0x3, &(0x7f0000000e80)=0x301001, 0x4) 11:06:45 executing program 3: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff038000000800395032303030264c"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000400)={0xa0}, 0xa0) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) chdir(&(0x7f0000000000)='./file0\x00') mknod(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) 11:06:45 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c0000000000056cfeff000000", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) [ 1121.230518][ T9712] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1121.255572][ T9712] CPU: 1 PID: 9712 Comm: syz-executor.4 Not tainted 5.3.0-rc6 #127 [ 1121.263469][ T9712] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1121.273510][ T9712] Call Trace: [ 1121.276791][ T9712] dump_stack+0x172/0x1f0 [ 1121.281115][ T9712] dump_header+0x10b/0x82d [ 1121.285517][ T9712] oom_kill_process.cold+0x10/0x15 [ 1121.285550][ T9712] out_of_memory+0x79a/0x12c0 [ 1121.295364][ T9712] ? lock_downgrade+0x920/0x920 [ 1121.295378][ T9712] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1121.295394][ T9712] ? oom_killer_disable+0x280/0x280 [ 1121.311598][ T9712] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1121.317218][ T9712] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1121.322912][ T9712] ? do_raw_spin_unlock+0x57/0x270 [ 1121.327997][ T9712] ? _raw_spin_unlock+0x2d/0x50 [ 1121.332815][ T9712] try_charge+0xf4b/0x1440 [ 1121.337226][ T9712] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1121.342746][ T9712] ? percpu_ref_tryget_live+0x111/0x290 [ 1121.348264][ T9712] ? get_mem_cgroup_from_mm+0x16/0x320 [ 1121.353701][ T9712] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1121.359229][ T9712] mem_cgroup_try_charge+0x136/0x590 [ 1121.364482][ T9712] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1121.370691][ T9712] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1121.376294][ T9712] wp_page_copy+0x41e/0x15e0 [ 1121.380854][ T9712] ? page_trans_huge_mapcount+0x166/0x450 [ 1121.386715][ T9712] ? pmd_pfn+0x1d0/0x1d0 [ 1121.390928][ T9712] ? lock_downgrade+0x920/0x920 [ 1121.395748][ T9712] ? swp_swapcount+0x540/0x540 [ 1121.400485][ T9712] ? __kasan_check_read+0x11/0x20 [ 1121.405483][ T9712] ? do_raw_spin_unlock+0x57/0x270 [ 1121.410686][ T9712] do_wp_page+0x499/0x14d0 [ 1121.415075][ T9712] ? finish_mkwrite_fault+0x570/0x570 [ 1121.420438][ T9712] __handle_mm_fault+0x22f1/0x3f20 [ 1121.425521][ T9712] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1121.431161][ T9712] ? __kasan_check_read+0x11/0x20 [ 1121.436163][ T9712] ? do_raw_spin_unlock+0x57/0x270 [ 1121.441259][ T9712] ? trace_hardirqs_on+0x67/0x240 [ 1121.446263][ T9712] handle_mm_fault+0x1b5/0x6b0 [ 1121.450996][ T9712] __get_user_pages+0x7d4/0x1b30 [ 1121.455906][ T9712] ? follow_page_mask+0x19b0/0x19b0 [ 1121.461161][ T9712] ? __kasan_check_write+0x14/0x20 [ 1121.466244][ T9712] ? gup_pgd_range+0x1e1/0x2d10 [ 1121.471068][ T9712] get_user_pages_unlocked+0x2ae/0x4a0 [ 1121.476504][ T9712] ? get_user_pages_locked+0x4d0/0x4d0 [ 1121.481939][ T9712] ? should_fail+0x1de/0x852 [ 1121.486501][ T9712] ? trace_hardirqs_on+0x67/0x240 [ 1121.491501][ T9712] get_user_pages_fast+0x4c0/0x570 [ 1121.496586][ T9712] ? __get_user_pages_fast+0x410/0x410 [ 1121.502015][ T9712] ? memset+0x32/0x40 [ 1121.505991][ T9712] rds_pin_pages+0x33/0x1f0 [ 1121.510469][ T9712] rds_cmsg_rdma_args+0x879/0x1150 [ 1121.515556][ T9712] ? rds_rdma_extra_size+0x390/0x390 [ 1121.520813][ T9712] ? rds_conn_create_outgoing+0x4b/0x60 [ 1121.526334][ T9712] rds_sendmsg+0x1f32/0x35b0 [ 1121.530896][ T9712] ? rw_copy_check_uvector+0x2ce/0x390 [ 1121.536332][ T9712] ? rds_send_drop_to+0x1640/0x1640 [ 1121.541516][ T9712] ? aa_sk_perm+0x288/0x880 [ 1121.545994][ T9712] ? lock_downgrade+0x920/0x920 [ 1121.550819][ T9712] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 1121.556352][ T9712] ? apparmor_socket_sendmsg+0x2a/0x30 [ 1121.561784][ T9712] ? rds_send_drop_to+0x1640/0x1640 [ 1121.566960][ T9712] sock_sendmsg+0xd7/0x130 [ 1121.571356][ T9712] ? sock_sendmsg+0xd7/0x130 [ 1121.575922][ T9712] ___sys_sendmsg+0x803/0x920 [ 1121.580572][ T9712] ? copy_msghdr_from_user+0x440/0x440 [ 1121.586001][ T9712] ? __fget+0xa3/0x560 [ 1121.590039][ T9712] ? __fget+0x384/0x560 [ 1121.594165][ T9712] ? ksys_dup3+0x3e0/0x3e0 [ 1121.598556][ T9712] ? __might_fault+0xfb/0x1e0 [ 1121.603205][ T9712] ? __fget_light+0x1a9/0x230 [ 1121.607852][ T9712] ? __fdget+0x1b/0x20 [ 1121.611894][ T9712] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1121.618108][ T9712] __sys_sendmsg+0x105/0x1d0 [ 1121.622670][ T9712] ? __sys_sendmsg_sock+0xd0/0xd0 [ 1121.627670][ T9712] ? __x64_sys_clock_gettime+0x16d/0x240 [ 1121.633280][ T9712] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 1121.639319][ T9712] __x64_sys_sendmsg+0x78/0xb0 [ 1121.644056][ T9712] do_syscall_64+0xfd/0x6a0 [ 1121.648529][ T9712] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1121.654392][ T9712] RIP: 0033:0x459879 [ 1121.658259][ T9712] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 11:06:45 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6_dccp(0xa, 0x6, 0x0) r1 = socket$kcm(0x10, 0x6, 0x0) sendmsg$kcm(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000000c0)="23000000420081aee405e9a4000000000000c6ff07d800400300"/35, 0x23}], 0x1}, 0x0) recvmsg$kcm(r1, &(0x7f0000001740)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000180)=""/101, 0x65}, {&(0x7f0000000280)=""/91, 0x5}, {&(0x7f0000000300)=""/4096, 0x1000}], 0x3}, 0x0) r2 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000240)='/dev/snapshot\x00', 0x200040, 0x0) r3 = openat$sequencer(0xffffffffffffff9c, &(0x7f00000019c0)='/dev/sequencer\x00', 0x1, 0x0) getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r3, 0x84, 0x1f, &(0x7f0000001480)={0x0, @in6={{0xa, 0x4e21, 0x7, @remote, 0x800}}, 0x6b, 0x8001}, &(0x7f0000001540)=0x90) setsockopt$inet_sctp_SCTP_RTOINFO(r2, 0x84, 0x0, &(0x7f0000001580)={r4, 0x7fff, 0xc68c, 0xfff}, 0x10) io_setup(0x7, &(0x7f0000000200)=0x0) io_cancel(r5, &(0x7f00000013c0)={0x0, 0x0, 0x0, 0x6, 0x1, r0, &(0x7f0000001300)="cfb6735030271b1fe741c24652705c8480b16e83fbb88fe4d6bcfc508bfaf7f9c4c57af5423ce78a4f11ffcefddc891f5af147a37852295726fbcfef63cd694d5f254fcfed2e4506d1ab9d1d7392ae620de5ab4beb75275b85b32b69668af828d6068f451026bff1bd4684ac6e533959b501084c5dfbf497c70488ff6b8dfeeedd4de1624898e67507ac860be5e4b8430526c92ec9e0cde1f5cb4fca9fd52cff1a", 0xa1, 0x10001, 0x0, 0x2, r3}, &(0x7f0000001400)) ioctl$PPPIOCGNPMODE(r2, 0xc008744c, &(0x7f0000001440)={0x2b, 0x3}) write$sndseq(r3, &(0x7f0000000040)=[{0xffffff81, 0x0, 0x0, 0x0, @tick, {}, {}, @quote}], 0xff33) ioctl$RTC_VL_CLR(0xffffffffffffffff, 0x7014) openat$autofs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/autofs\x00', 0x200, 0x0) [ 1121.677827][ T9712] RSP: 002b:00007fd57adf7c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1121.686205][ T9712] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459879 [ 1121.694146][ T9712] RDX: 0000000000000000 RSI: 0000000020001600 RDI: 0000000000000003 [ 1121.702095][ T9712] RBP: 000000000075c070 R08: 0000000000000000 R09: 0000000000000000 [ 1121.710035][ T9712] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd57adf86d4 [ 1121.717987][ T9712] R13: 00000000004c77e9 R14: 00000000004dd048 R15: 00000000ffffffff 11:06:46 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c000000000088a8ffff000000", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) 11:06:46 executing program 2: ioctl$SNDRV_TIMER_IOCTL_STATUS(0xffffffffffffffff, 0x80605414, &(0x7f0000001500)=""/172) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$rds(0xffffffffffffffff, &(0x7f00000014c0)={&(0x7f0000000900)={0x2, 0x4e21, @remote}, 0x10, &(0x7f0000000bc0)=[{&(0x7f0000000940)=""/192, 0xc0}, {&(0x7f0000000a00)=""/158, 0x9e}, {&(0x7f0000000ac0)=""/209, 0xd1}], 0x3, &(0x7f0000001300)=ANY=[@ANYBLOB="1800000000000000140100000200000068000000fbffffff180000000000000014010000020000000800000003000000480000000000000014010000010000000000000000000100", @ANYPTR=&(0x7f0000000c00)=ANY=[@ANYBLOB='\x00'/111], @ANYBLOB='o\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000000ec0)=ANY=[@ANYPTR=&(0x7f0000000c80)=ANY=[@ANYBLOB='\x00'/91], @ANYBLOB="9b4dd4c02f7ffc70", @ANYPTR=&(0x7f0000000d00)=ANY=[@ANYBLOB='\x00'/132], @ANYBLOB="8400000000000000", @ANYPTR=&(0x7f0000000dc0)=ANY=[@ANYBLOB='\x00'/19], @ANYBLOB='&\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000000e00)=ANY=[@ANYBLOB='\x00'/85], @ANYBLOB="aa00000000000000"], @ANYBLOB="040000000000000040000000000000000400000000000000580000000000000014010000070000000100000000fcffff", @ANYPTR=&(0x7f0000000f00)=ANY=[@ANYBLOB="0400000000000000"], @ANYPTR=&(0x7f0000000f40)=ANY=[@ANYBLOB="00000080000000"], @ANYBLOB="2a000000000000000000000000000000010001000000000003000000000000000200000000000000060000000000000030000000000000001401000003000000", @ANYPTR=&(0x7f0000000f80)=ANY=[@ANYBLOB='\x00'/18], @ANYBLOB="1700000000000000", @ANYPTR=&(0x7f0000000fc0)=ANY=[@ANYBLOB='\x00'], @ANYBLOB="100000000000000058000000000000001401000007000000ff03000005000000", @ANYPTR=&(0x7f0000001000)=ANY=[@ANYBLOB="0300000000000000"], @ANYPTR=&(0x7f0000001040)=ANY=[@ANYBLOB="ffffff7f00000000"], @ANYBLOB="05000000000000000600000000000000570000000000000006000000000000000800000000000000090000000000000048000000000000001401000001000000e31e000005000000", @ANYPTR=&(0x7f0000001080)=ANY=[@ANYBLOB='\x00'/14], @ANYBLOB="0e00000000000000", @ANYPTR=&(0x7f00000012c0)=ANY=[@ANYPTR=&(0x7f00000010c0)=ANY=[@ANYBLOB='\x00'/60], @ANYBLOB='<\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000001100)=ANY=[@ANYBLOB='\x00'/48], @ANYBLOB='0\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000001140)=ANY=[@ANYBLOB]], @ANYBLOB="040000000000000009000000000000000300"], 0x198, 0x40}, 0x1) r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000180)={0x2, 0x0, @loopback}, 0x10) perf_event_open(&(0x7f0000000880)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getsockopt$IP_VS_SO_GET_INFO(r0, 0x0, 0x481, &(0x7f0000000680), &(0x7f0000000800)=0xc) sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000100), 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {&(0x7f0000000040)=""/156, 0x80305}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x2c}, {&(0x7f00000001c0)=""/67, 0x43}, {&(0x7f0000000240)=""/198, 0xc6}, {&(0x7f0000000140)=""/15, 0xf}, {&(0x7f0000000340)=""/54, 0x7ffff}, {&(0x7f0000000380)=""/42, 0x2a}, {&(0x7f00000003c0)=""/77, 0x4d}, {&(0x7f0000000440)=""/244, 0xf4}, {&(0x7f0000000540)=""/219, 0xdb}], 0x7}}], 0x48}, 0x0) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000640)={0x52, 0x9, 0x3, {0x9, 0x8}, {0x5, 0x9bf}, @rumble={0x7, 0x7}}) [ 1121.781226][ T9712] memory: usage 307140kB, limit 307200kB, failcnt 2140 11:06:46 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c000000000000f0ffff000000", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) [ 1121.954605][ T23] audit: type=1804 audit(1566904006.394:1033): pid=9743 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir582042889/syzkaller.EPHjOp/2322/bus" dev="sda1" ino=16731 res=1 [ 1121.979232][ T9712] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1121.989329][ T9712] Memory cgroup stats for /syz4: [ 1121.989465][ T9712] anon 248016896 [ 1121.989465][ T9712] file 8192 [ 1121.989465][ T9712] kernel_stack 9895936 [ 1121.989465][ T9712] slab 16322560 [ 1121.989465][ T9712] sock 0 [ 1121.989465][ T9712] shmem 0 [ 1121.989465][ T9712] file_mapped 0 [ 1121.989465][ T9712] file_dirty 0 [ 1121.989465][ T9712] file_writeback 0 [ 1121.989465][ T9712] anon_thp 190840832 [ 1121.989465][ T9712] inactive_anon 135168 [ 1121.989465][ T9712] active_anon 248098816 [ 1121.989465][ T9712] inactive_file 0 [ 1121.989465][ T9712] active_file 0 [ 1121.989465][ T9712] unevictable 135168 [ 1121.989465][ T9712] slab_reclaimable 2973696 [ 1121.989465][ T9712] slab_unreclaimable 13348864 [ 1121.989465][ T9712] pgfault 227106 [ 1121.989465][ T9712] pgmajfault 0 [ 1121.989465][ T9712] workingset_refault 363 [ 1121.989465][ T9712] workingset_activate 66 [ 1121.989465][ T9712] workingset_nodereclaim 0 [ 1121.989465][ T9712] pgrefill 3904 [ 1121.989465][ T9712] pgscan 3814 [ 1121.989465][ T9712] pgsteal 642 11:06:46 executing program 4: ioctl$SNDRV_TIMER_IOCTL_STATUS(0xffffffffffffffff, 0x80605414, &(0x7f0000001500)=""/172) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$rds(0xffffffffffffffff, &(0x7f00000014c0)={0x0, 0x0, &(0x7f0000000bc0)=[{0x0}], 0x1, &(0x7f0000001300)=ANY=[@ANYBLOB, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYBLOB="17000000", @ANYPTR, @ANYBLOB], 0x2c}, 0x1) r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000180)={0x2, 0x0, @loopback}, 0x10) perf_event_open(&(0x7f0000000880)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000100), 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {&(0x7f0000000040)=""/156, 0x80305}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x2c}, {&(0x7f00000001c0)=""/67, 0x43}, {&(0x7f0000000240)=""/198, 0xc6}, {&(0x7f0000000140)=""/15, 0xf}, {&(0x7f0000000340)=""/54, 0x7ffff}, {&(0x7f0000000380)=""/42, 0x2a}, {&(0x7f00000003c0)=""/77, 0x4d}, {&(0x7f0000000440)=""/244, 0xf4}, {&(0x7f0000000540)=""/219, 0xdb}], 0x7}}], 0x48}, 0x0) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000640)={0x52, 0x9, 0x3, {0x9, 0x8}, {0x5}, @rumble={0x7, 0x7}}) 11:06:46 executing program 2: ioctl$SNDRV_TIMER_IOCTL_STATUS(0xffffffffffffffff, 0x80605414, &(0x7f0000001500)=""/172) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$rds(0xffffffffffffffff, &(0x7f00000014c0)={&(0x7f0000000900)={0x2, 0x4e21, @remote}, 0x10, &(0x7f0000000bc0)=[{&(0x7f0000000940)=""/192, 0xc0}, {&(0x7f0000000a00)=""/158, 0x9e}, {&(0x7f0000000ac0)=""/209, 0xd1}], 0x3, &(0x7f0000001300)=ANY=[@ANYBLOB="1800000000000000140100000200000068000000fbffffff180000000000000014010000020000000800000003000000480000000000000014010000010000000000000000000100", @ANYPTR=&(0x7f0000000c00)=ANY=[@ANYBLOB='\x00'/111], @ANYBLOB='o\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000000ec0)=ANY=[@ANYPTR=&(0x7f0000000c80)=ANY=[@ANYBLOB='\x00'/91], @ANYBLOB="9b4dd4c02f7ffc70", @ANYPTR=&(0x7f0000000d00)=ANY=[@ANYBLOB='\x00'/132], @ANYBLOB="8400000000000000", @ANYPTR=&(0x7f0000000dc0)=ANY=[@ANYBLOB='\x00'/19], @ANYBLOB='&\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000000e00)=ANY=[@ANYBLOB='\x00'/85], @ANYBLOB="aa00000000000000"], @ANYBLOB="040000000000000040000000000000000400000000000000580000000000000014010000070000000100000000fcffff", @ANYPTR=&(0x7f0000000f00)=ANY=[@ANYBLOB="0400000000000000"], @ANYPTR=&(0x7f0000000f40)=ANY=[@ANYBLOB="00000080000000"], @ANYBLOB="2a000000000000000000000000000000010001000000000003000000000000000200000000000000060000000000000030000000000000001401000003000000", @ANYPTR=&(0x7f0000000f80)=ANY=[@ANYBLOB='\x00'/18], @ANYBLOB="1700000000000000", @ANYPTR=&(0x7f0000000fc0)=ANY=[@ANYBLOB='\x00'], @ANYBLOB="100000000000000058000000000000001401000007000000ff03000005000000", @ANYPTR=&(0x7f0000001000)=ANY=[@ANYBLOB="0300000000000000"], @ANYPTR=&(0x7f0000001040)=ANY=[@ANYBLOB="ffffff7f00000000"], @ANYBLOB="05000000000000000600000000000000570000000000000006000000000000000800000000000000090000000000000048000000000000001401000001000000e31e000005000000", @ANYPTR=&(0x7f0000001080)=ANY=[@ANYBLOB='\x00'/14], @ANYBLOB="0e00000000000000", @ANYPTR=&(0x7f00000012c0)=ANY=[@ANYPTR=&(0x7f00000010c0)=ANY=[@ANYBLOB='\x00'/60], @ANYBLOB='<\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000001100)=ANY=[@ANYBLOB='\x00'/48], @ANYBLOB='0\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000001140)=ANY=[@ANYBLOB]], @ANYBLOB="040000000000000009000000000000000300"], 0x198, 0x40}, 0x1) r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000180)={0x2, 0x0, @loopback}, 0x10) perf_event_open(&(0x7f0000000880)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000100), 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {&(0x7f0000000040)=""/156, 0x80305}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x2c}, {&(0x7f00000001c0)=""/67, 0x43}, {&(0x7f0000000240)=""/198, 0xc6}, {&(0x7f0000000140)=""/15, 0xf}, {&(0x7f0000000340)=""/54, 0x7ffff}, {&(0x7f0000000380)=""/42, 0x2a}, {&(0x7f00000003c0)=""/77, 0x4d}, {&(0x7f0000000440)=""/244, 0xf4}, {&(0x7f0000000540)=""/219, 0xdb}], 0x7}}], 0x48}, 0x0) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000640)={0x52, 0x9, 0x3, {0x9, 0x8}, {0x5, 0x9bf}, @rumble={0x7, 0x7}}) 11:06:46 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c00000000007fffffff000000", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) 11:06:46 executing program 1: r0 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r0, 0x8003f1) open(&(0x7f00000004c0)='./bus\x00', 0x0, 0xc00) 11:06:46 executing program 0: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x402, 0x0) ioctl$VIDIOC_ENUM_FMT(r0, 0xc0405602, &(0x7f0000000080)={0x4, 0x8, 0x0, "c56bd3863d000200"}) ioctl$VIDIOC_ENUMAUDIO(r0, 0xc0345641, &(0x7f0000000180)={0x2, "0b5a18dcc88982b3ff4b60c46cb404acf433a15089fbae2f51843a1bc00200d1", 0x3, 0x1}) 11:06:46 executing program 3: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff038000000800395032303030264c"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000400)={0xa0}, 0xa0) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) chdir(&(0x7f0000000000)='./file0\x00') mknod(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) [ 1122.014857][ T23] audit: type=1804 audit(1566904006.394:1034): pid=9744 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir582042889/syzkaller.EPHjOp/2322/bus" dev="sda1" ino=16731 res=1 [ 1122.085698][ T9712] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=5812,uid=0 [ 1122.123499][ T9712] Memory cgroup out of memory: Killed process 5812 (syz-executor.4) total-vm:72840kB, anon-rss:2208kB, file-rss:34816kB, shmem-rss:0kB 11:06:46 executing program 0: ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pkey_mprotect(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0xffffffffffffffff) futex(&(0x7f000000cffc)=0x1, 0x800000000006, 0x0, 0x0, 0x0, 0x0) pidfd_send_signal(0xffffffffffffffff, 0xf, &(0x7f0000000280)={0x1d}, 0x0) futex(&(0x7f000000cffc), 0x0, 0x0, 0x0, 0x0, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000040)={{{@in6=@dev, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@empty}, 0x0, @in6=@loopback}}, &(0x7f0000000140)=0xe8) r1 = add_key$keyring(&(0x7f0000000240)='keyring\x00', &(0x7f0000000300)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffff9) r2 = add_key$keyring(&(0x7f0000000340)='keyring\x00', &(0x7f0000000380)={'syz', 0x2}, 0x0, 0x0, r1) keyctl$get_persistent(0x16, r0, r2) r3 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(r3, 0x1000000000016) [ 1122.191617][ T23] audit: type=1804 audit(1566904006.624:1035): pid=9748 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir582042889/syzkaller.EPHjOp/2323/bus" dev="sda1" ino=16529 res=1 11:06:46 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c00000000009effffff000000", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) [ 1122.391075][ T9762] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1122.433463][ T9762] CPU: 0 PID: 9762 Comm: syz-executor.4 Not tainted 5.3.0-rc6 #127 [ 1122.441365][ T9762] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1122.451425][ T9762] Call Trace: [ 1122.454712][ T9762] dump_stack+0x172/0x1f0 [ 1122.459040][ T9762] dump_header+0x10b/0x82d [ 1122.463449][ T9762] ? oom_kill_process+0x94/0x3f0 [ 1122.468385][ T9762] oom_kill_process.cold+0x10/0x15 [ 1122.473504][ T9762] out_of_memory+0x79a/0x12c0 [ 1122.478171][ T9762] ? lock_downgrade+0x920/0x920 [ 1122.483008][ T9762] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1122.489236][ T9762] ? oom_killer_disable+0x280/0x280 [ 1122.494427][ T9762] ? __kasan_check_read+0x11/0x20 [ 1122.499447][ T9762] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1122.505004][ T9762] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1122.510628][ T9762] ? do_raw_spin_unlock+0x57/0x270 [ 1122.515729][ T9762] ? _raw_spin_unlock+0x2d/0x50 [ 1122.520576][ T9762] try_charge+0xf4b/0x1440 [ 1122.524988][ T9762] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1122.530524][ T9762] ? percpu_ref_tryget_live+0x111/0x290 [ 1122.536058][ T9762] ? get_mem_cgroup_from_mm+0x16/0x320 [ 1122.541507][ T9762] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1122.547040][ T9762] mem_cgroup_try_charge+0x136/0x590 [ 1122.552315][ T9762] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1122.558544][ T9762] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1122.564161][ T9762] do_huge_pmd_wp_page_fallback+0x24c/0x16d0 [ 1122.570131][ T9762] ? defrag_store+0x360/0x360 [ 1122.574793][ T9762] ? lock_downgrade+0x920/0x920 [ 1122.579656][ T9762] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1122.585879][ T9762] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1122.592125][ T9762] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1122.598352][ T9762] ? alloc_pages_vma+0x122/0x3f0 [ 1122.603274][ T9762] do_huge_pmd_wp_page+0x806/0x2270 [ 1122.608458][ T9762] ? __split_huge_pmd+0x27e0/0x27e0 [ 1122.613636][ T9762] ? lock_downgrade+0x920/0x920 [ 1122.618495][ T9762] ? psi_memstall_leave+0x12e/0x180 [ 1122.623680][ T9762] ? __kasan_check_read+0x11/0x20 [ 1122.628688][ T9762] ? record_times+0x1e/0x2b0 [ 1122.633272][ T9762] ? pmd_val+0x85/0x100 [ 1122.637415][ T9762] ? add_mm_counter_fast.part.0+0x40/0x40 [ 1122.643118][ T9762] ? lock_downgrade+0x920/0x920 [ 1122.647958][ T9762] ? rwlock_bug.part.0+0x90/0x90 [ 1122.652977][ T9762] __handle_mm_fault+0x14cf/0x3f20 [ 1122.658080][ T9762] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1122.663606][ T9762] ? __kasan_check_read+0x11/0x20 [ 1122.668621][ T9762] ? trace_hardirqs_on+0x67/0x240 [ 1122.673633][ T9762] handle_mm_fault+0x1b5/0x6b0 [ 1122.678407][ T9762] __do_page_fault+0x536/0xdd0 [ 1122.683184][ T9762] do_page_fault+0x38/0x590 [ 1122.687678][ T9762] page_fault+0x39/0x40 [ 1122.691829][ T9762] RIP: 0033:0x4005c0 [ 1122.695709][ T9762] Code: 01 e9 cd 01 00 00 48 8b 44 24 10 48 0b 44 24 28 75 20 48 8b 14 24 48 8b 7c 24 20 be 02 00 00 00 e8 45 55 00 00 48 8b 4c 24 08 <66> 89 01 e9 a1 01 00 00 48 8b 44 24 08 48 8b 14 24 be 02 00 00 00 [ 1122.715753][ T9762] RSP: 002b:00007ffd9399f510 EFLAGS: 00010202 [ 1122.721801][ T9762] RAX: 0000000000000002 RBX: 0000000000000000 RCX: 0000000020000180 11:06:47 executing program 1: r0 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r0, 0x8003f1) open(&(0x7f00000004c0)='./bus\x00', 0x0, 0xd00) 11:06:47 executing program 3: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff038000000800395032303030264c"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000400)={0xa0}, 0xa0) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) chdir(&(0x7f0000000000)='./file0\x00') mknod(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) 11:06:47 executing program 2: ioctl$SNDRV_TIMER_IOCTL_STATUS(0xffffffffffffffff, 0x80605414, &(0x7f0000001500)=""/172) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$rds(0xffffffffffffffff, &(0x7f00000014c0)={&(0x7f0000000900)={0x2, 0x4e21, @remote}, 0x10, &(0x7f0000000bc0)=[{&(0x7f0000000940)=""/192, 0xc0}, {&(0x7f0000000a00)=""/158, 0x9e}, {&(0x7f0000000ac0)=""/209, 0xd1}], 0x3, &(0x7f0000001300)=ANY=[@ANYBLOB="180000140100000200000068000000fbffffff180000000000000014010000020000000800000003000000480000000000000014010000010000000000000000000100", @ANYPTR=&(0x7f0000000c00)=ANY=[@ANYBLOB='\x00'/111], @ANYBLOB='o\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000000ec0)=ANY=[@ANYPTR=&(0x7f0000000c80)=ANY=[@ANYBLOB='\x00'/91], @ANYBLOB="9b4dd4c02f7ffc70", @ANYPTR=&(0x7f0000000d00)=ANY=[@ANYBLOB='\x00'/132], @ANYBLOB="8400000000000000", @ANYPTR=&(0x7f0000000dc0)=ANY=[@ANYBLOB='\x00'/19], @ANYBLOB='&\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000000e00)=ANY=[@ANYBLOB='\x00'/85], @ANYBLOB="aa00000000000000"], @ANYBLOB="040000000000000040000000000000000400000000000000580000000000000014010000070000000100000000fcffff", @ANYPTR=&(0x7f0000000f00)=ANY=[@ANYBLOB="1d3d832d04000000"], @ANYPTR=&(0x7f0000000f40)=ANY=[@ANYBLOB="00000080000000"], @ANYBLOB="2a000000000000000000000000000000010001000000000003000000000000000200000000000000060000000000000030000000000000001401000003000000", @ANYPTR=&(0x7f0000000f80)=ANY=[@ANYBLOB='\x00'/18], @ANYBLOB="1700000000000000", @ANYPTR=&(0x7f0000000fc0)=ANY=[@ANYBLOB='\x00'], @ANYBLOB="100000000000000058000000000000001401000007000000ff03000005000000", @ANYPTR=&(0x7f0000001000)=ANY=[@ANYBLOB="0300000000000000"], @ANYPTR=&(0x7f0000001040)=ANY=[@ANYBLOB="ffffff7f00000000"], @ANYBLOB="05000000000000000600000000000000570000000000000006000000000000000800000000000000090000000000000048000000000000001401000001000000e31e000005000000", @ANYPTR=&(0x7f0000001080)=ANY=[@ANYBLOB='\x00'/14], @ANYBLOB="0e00000000000000", @ANYPTR=&(0x7f00000012c0)=ANY=[@ANYPTR=&(0x7f00000010c0)=ANY=[@ANYBLOB='\x00'/60], @ANYBLOB='<\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000001100)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000001599730c00"/48], @ANYBLOB='0\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000001140)=ANY=[@ANYBLOB]], @ANYBLOB="040000000000000009000000000000000300"], 0x198, 0x40}, 0x1) r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000180)={0x2, 0x0, @loopback}, 0x10) socket$nl_generic(0x10, 0x3, 0x10) r1 = perf_event_open(&(0x7f0000000880)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000100), 0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="4800000000000000140100000100"/24, @ANYPTR=&(0x7f0000000040)=ANY=[@ANYBLOB='\x00'/156], @ANYBLOB="0503080000000000", @ANYPTR=&(0x7f00000006c0)=ANY=[@ANYPTR=&(0x7f0000001140)=ANY=[@ANYBLOB="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080c8b067a49e12424743b6015258443663466072d9aa1b26daa64f56ee9431030a46253ad5b76f970689d54cfe3f0647677b60cdc05d34c985224ceb4c6168f6539783408fc49094"], @ANYBLOB=',\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f00000001c0)=ANY=[@ANYBLOB='\x00'/67], @ANYBLOB='C\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000000240)=ANY=[@ANYBLOB='\x00'/198], @ANYBLOB="c600000000000000", @ANYPTR=&(0x7f0000000140)=ANY=[@ANYBLOB='\x00'/15], @ANYBLOB="0f00000000000000", @ANYPTR=&(0x7f0000000340)=ANY=[@ANYBLOB='\x00'/54], @ANYBLOB="ffff070000000000", @ANYPTR=&(0x7f0000000680)=ANY=[@ANYBLOB="00000000005635753b5fe81741f50000000000000000000000000000000000000000000000002000"/51], @ANYBLOB='*\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f00000003c0)=ANY=[@ANYBLOB='\x00'/77], @ANYBLOB='M\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000000440)=ANY=[@ANYBLOB='\x00'/244], @ANYBLOB="f400000000000000", @ANYPTR=&(0x7f0000000540)=ANY=[@ANYBLOB='\x00'/219], @ANYBLOB="db00000000000000"], @ANYBLOB='\a\x00'/24], 0x48}, 0x0) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000640)={0x52, 0x9, 0x3, {0x9, 0x8}, {0x5, 0x9bf}, @rumble={0x7, 0x7}}) r2 = fcntl$dupfd(r1, 0x406, r0) ioctl$KVM_GET_EMULATED_CPUID(r2, 0xc008ae09, &(0x7f0000000380)=""/18) setsockopt$bt_hci_HCI_DATA_DIR(r2, 0x0, 0x1, &(0x7f0000000800)=0xfffffffffffffffd, 0x4) 11:06:47 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c0000000000f0ffffff000000", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) [ 1122.729752][ T9762] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000000002 [ 1122.737702][ T9762] RBP: 0000000000760408 R08: 0000000000000000 R09: 0000000000000000 [ 1122.745651][ T9762] R10: 00000000004395d0 R11: 0000000000000012 R12: 00000000004c5e06 [ 1122.753601][ T9762] R13: 000000000000012c R14: 0000000000760410 R15: fffffffffffffffe [ 1122.827680][ T9794] validate_nla: 7 callbacks suppressed [ 1122.827688][ T9794] netlink: 'syz-executor.5': attribute type 4 has an invalid length. [ 1122.946344][ T9762] memory: usage 307152kB, limit 307200kB, failcnt 2185 [ 1122.953774][ T9762] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1122.973879][ T9762] Memory cgroup stats for /syz4: [ 1122.973977][ T9762] anon 247746560 [ 1122.973977][ T9762] file 8192 [ 1122.973977][ T9762] kernel_stack 9961472 [ 1122.973977][ T9762] slab 16322560 [ 1122.973977][ T9762] sock 0 [ 1122.973977][ T9762] shmem 0 [ 1122.973977][ T9762] file_mapped 0 [ 1122.973977][ T9762] file_dirty 0 [ 1122.973977][ T9762] file_writeback 0 [ 1122.973977][ T9762] anon_thp 190840832 [ 1122.973977][ T9762] inactive_anon 135168 [ 1122.973977][ T9762] active_anon 247750656 [ 1122.973977][ T9762] inactive_file 0 [ 1122.973977][ T9762] active_file 0 [ 1122.973977][ T9762] unevictable 135168 [ 1122.973977][ T9762] slab_reclaimable 2973696 [ 1122.973977][ T9762] slab_unreclaimable 13348864 [ 1122.973977][ T9762] pgfault 227205 [ 1122.973977][ T9762] pgmajfault 0 [ 1122.973977][ T9762] workingset_refault 363 [ 1122.973977][ T9762] workingset_activate 66 [ 1122.973977][ T9762] workingset_nodereclaim 0 [ 1122.973977][ T9762] pgrefill 4104 [ 1122.973977][ T9762] pgscan 4018 [ 1122.973977][ T9762] pgsteal 642 [ 1123.073094][ T9762] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=9762,uid=0 11:06:47 executing program 2: ioctl$SNDRV_TIMER_IOCTL_STATUS(0xffffffffffffffff, 0x80605414, &(0x7f0000001500)=""/172) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$rds(0xffffffffffffffff, &(0x7f00000014c0)={&(0x7f0000000900)={0x2, 0x4e21, @remote}, 0x10, &(0x7f0000000bc0)=[{&(0x7f0000000940)=""/192, 0xc0}, {&(0x7f0000000a00)=""/158, 0x9e}, {&(0x7f0000000ac0)=""/209, 0xd1}], 0x3, &(0x7f0000001300)=ANY=[@ANYBLOB="1800000000000000140100000200000068000000fbffffff180000000000000014010000020000000800000003000000480000000000000014010000010000000000000000000100", @ANYPTR=&(0x7f0000000c00)=ANY=[@ANYBLOB='\x00'/111], @ANYBLOB='o\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000000ec0)=ANY=[@ANYPTR=&(0x7f0000000c80)=ANY=[@ANYBLOB='\x00'/91], @ANYBLOB="9b4dd4c02f7ffc70", @ANYPTR=&(0x7f0000000d00)=ANY=[@ANYBLOB='\x00'/132], @ANYBLOB="8400000000000000", @ANYPTR=&(0x7f0000000dc0)=ANY=[@ANYBLOB='\x00'/19], @ANYBLOB='&\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000000e00)=ANY=[@ANYBLOB='\x00'/85], @ANYBLOB="aa00000000000000"], @ANYBLOB="040000000000000040000000000000000400000000000000580000000000000014010000070000000100000000fcffff", @ANYPTR=&(0x7f0000000f00)=ANY=[@ANYBLOB="0400000000000000"], @ANYPTR=&(0x7f0000000f40)=ANY=[@ANYBLOB="00000080000000"], @ANYBLOB="2a000000000000000000000000000000010001000000000003000000000000000200000000000000060000000000000030000000000000001401000003000000", @ANYPTR=&(0x7f0000000f80)=ANY=[@ANYBLOB='\x00'/18], @ANYBLOB="1700000000000000", @ANYPTR=&(0x7f0000000fc0)=ANY=[@ANYBLOB='\x00'], @ANYBLOB="100000000000000058000000000000001401000007000000ff03000005000000", @ANYPTR=&(0x7f0000001000)=ANY=[@ANYBLOB="0300000000000000"], @ANYPTR=&(0x7f0000001040)=ANY=[@ANYBLOB="ffffff7f00000000"], @ANYBLOB="05000000000000000600000000000000570000000000000006000000000000000800000000000000090000000000000048000000000000001401000001000000e31e000005000000", @ANYPTR=&(0x7f0000001080)=ANY=[@ANYBLOB='\x00'/14], @ANYBLOB="0e00000000000000", @ANYPTR=&(0x7f00000012c0)=ANY=[@ANYPTR=&(0x7f00000010c0)=ANY=[@ANYBLOB='\x00'/60], @ANYBLOB='<\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000001100)=ANY=[@ANYBLOB='\x00'/48], @ANYBLOB='0\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000001140)=ANY=[@ANYBLOB]], @ANYBLOB="040000000000000009000000000000000300"], 0x198, 0x40}, 0x1) r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000180)={0x2, 0x0, @loopback}, 0x10) perf_event_open(&(0x7f0000000880)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000100), 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {&(0x7f0000000040)=""/156, 0x80305}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x2c}, {&(0x7f00000001c0)=""/67, 0x43}, {&(0x7f0000000240)=""/198, 0xc6}, {&(0x7f0000000140)=""/15, 0xf}, {&(0x7f0000000340)=""/54, 0x7ffff}, {&(0x7f0000000380)=""/42, 0x2a}, {&(0x7f00000003c0)=""/77, 0x4d}, {&(0x7f0000000440)=""/244, 0xf4}, {&(0x7f0000000540)=""/219, 0xdb}], 0x7}}], 0x48}, 0x0) pivot_root(&(0x7f0000000680)='./file0\x00', &(0x7f0000000800)='./file0\x00') ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000640)={0x52, 0x9, 0x3, {0x9, 0x8}, {0x5, 0x9bf}, @rumble={0x7, 0x7}}) 11:06:47 executing program 4: ioctl$SNDRV_TIMER_IOCTL_STATUS(0xffffffffffffffff, 0x80605414, &(0x7f0000001500)=""/172) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$rds(0xffffffffffffffff, &(0x7f00000014c0)={0x0, 0x0, &(0x7f0000000bc0)=[{0x0}], 0x1, &(0x7f0000001300)=ANY=[@ANYBLOB, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYBLOB="17000000", @ANYPTR, @ANYBLOB], 0x2c}, 0x1) r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000180)={0x2, 0x0, @loopback}, 0x10) perf_event_open(&(0x7f0000000880)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000100), 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {&(0x7f0000000040)=""/156, 0x80305}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x2c}, {&(0x7f00000001c0)=""/67, 0x43}, {&(0x7f0000000240)=""/198, 0xc6}, {&(0x7f0000000140)=""/15, 0xf}, {&(0x7f0000000340)=""/54, 0x7ffff}, {&(0x7f0000000380)=""/42, 0x2a}, {&(0x7f00000003c0)=""/77, 0x4d}, {&(0x7f0000000440)=""/244, 0xf4}, {&(0x7f0000000540)=""/219, 0xdb}], 0x7}}], 0x48}, 0x0) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000640)={0x52, 0x9, 0x3, {0x9, 0x8}, {0x5}, @rumble={0x7, 0x7}}) 11:06:47 executing program 0: ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pkey_mprotect(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0xffffffffffffffff) futex(&(0x7f000000cffc)=0x1, 0x800000000006, 0x0, 0x0, 0x0, 0x0) pidfd_send_signal(0xffffffffffffffff, 0xf, &(0x7f0000000280)={0x1d}, 0x0) futex(&(0x7f000000cffc), 0x0, 0x0, 0x0, 0x0, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000040)={{{@in6=@dev, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@empty}, 0x0, @in6=@loopback}}, &(0x7f0000000140)=0xe8) r1 = add_key$keyring(&(0x7f0000000240)='keyring\x00', &(0x7f0000000300)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffff9) r2 = add_key$keyring(&(0x7f0000000340)='keyring\x00', &(0x7f0000000380)={'syz', 0x2}, 0x0, 0x0, r1) keyctl$get_persistent(0x16, r0, r2) r3 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(r3, 0x1000000000016) 11:06:47 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c000000000000000000000003", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) 11:06:47 executing program 3: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff038000000800395032303030264c"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000400)={0xa0}, 0xa0) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) chdir(&(0x7f0000000000)='./file0\x00') mknod(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) [ 1123.089202][ T9762] Memory cgroup out of memory: Killed process 9762 (syz-executor.4) total-vm:72708kB, anon-rss:2200kB, file-rss:35780kB, shmem-rss:0kB [ 1123.104814][ T1058] oom_reaper: reaped process 9762 (syz-executor.4), now anon-rss:0kB, file-rss:34820kB, shmem-rss:0kB [ 1123.152120][ T9811] netlink: 'syz-executor.5': attribute type 4 has an invalid length. 11:06:47 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c000000000000000000000340", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) 11:06:47 executing program 1: r0 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r0, 0x8003f1) open(&(0x7f00000004c0)='./bus\x00', 0x0, 0xe00) [ 1123.193047][ T9812] rds_sendmsg: 13 callbacks suppressed [ 1123.193069][ T9812] rdma_op 00000000cbf0624b conn xmit_rdma 00000000d8f1147d 11:06:47 executing program 3: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff038000000800395032303030264c"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000400)={0xa0}, 0xa0) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) chdir(&(0x7f0000000000)='./file0\x00') mknod(&(0x7f0000000140)='./file0\x00', 0x0, 0xa0008000) 11:06:47 executing program 0: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000000c0)={0x26, 'aead\x00', 0x0, 0x0, 'aegis256-generic\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a911993f0265df5cf1cdd8b55b062950b86bc01abc8464d4f8a906151", 0x20) r1 = accept$alg(r0, 0x0, 0x0) eventfd(0x4dd0000000000000) sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000140)=[@op={0x18}], 0xf}], 0x1, 0x0) [ 1123.294715][ T9827] netlink: 'syz-executor.5': attribute type 4 has an invalid length. 11:06:47 executing program 2: r0 = syz_open_dev$usbmon(&(0x7f0000000e80)='/dev/usbmon#\x00', 0x3f, 0x210040) bind$vsock_dgram(r0, &(0x7f0000001140)={0x28, 0x0, 0x2711}, 0x10) ioctl$SNDRV_TIMER_IOCTL_STATUS(0xffffffffffffffff, 0x80605414, &(0x7f0000001500)=""/172) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$rds(0xffffffffffffffff, &(0x7f00000014c0)={&(0x7f0000000900)={0x2, 0x4e21, @remote}, 0x10, &(0x7f0000000bc0)=[{&(0x7f0000000940)=""/192, 0xc0}, {&(0x7f0000000a00)=""/158, 0x9e}, {&(0x7f0000000ac0)=""/209, 0xd1}], 0x3, &(0x7f0000001300)=ANY=[@ANYBLOB="1800000000000000140100000200000068000000fbffffff180000000000000014010000020000000800000003000000480000000000000014010000010000000000000000000100", @ANYPTR=&(0x7f0000000c00)=ANY=[@ANYBLOB='\x00'/111], @ANYBLOB='o\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000000ec0)=ANY=[@ANYPTR=&(0x7f0000000c80)=ANY=[@ANYBLOB='\x00'/91], @ANYBLOB="9b4dd4c02f7ffc70", @ANYPTR=&(0x7f0000000d00)=ANY=[@ANYBLOB='\x00'/132], @ANYBLOB="8400000000000000", @ANYPTR=&(0x7f0000000dc0)=ANY=[@ANYBLOB='\x00'/19], @ANYBLOB='&\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000000e00)=ANY=[@ANYBLOB='\x00'/85], @ANYBLOB="aa00000000000000"], @ANYBLOB="040000000000000040000000000000000400000000000000580000000000000014010000070000000100000000fcffff", @ANYPTR=&(0x7f0000000f00)=ANY=[@ANYBLOB="0400000000000000"], @ANYPTR=&(0x7f0000000f40)=ANY=[@ANYBLOB="00000080000000"], @ANYBLOB="2a000000000000000000000000000000010001000000000003000000000000000200000000000000060000000000000030000000000000001401000003000000", @ANYPTR=&(0x7f0000000f80)=ANY=[@ANYBLOB='\x00'/18], @ANYBLOB="1700000000000000", @ANYPTR=&(0x7f0000000fc0)=ANY=[@ANYBLOB='\x00'], @ANYBLOB="100000000000000058000000000000001401000007000000ff03000005000000", @ANYPTR=&(0x7f0000001000)=ANY=[@ANYBLOB="0300000000000000"], @ANYPTR=&(0x7f0000001040)=ANY=[@ANYBLOB="ffffff7f00000000"], @ANYBLOB="05000000000000000600000000000000570000000000000006000000000000000800000000000000090000000000000048000000000000001401000001000000e31e000005000000", @ANYPTR=&(0x7f0000001080)=ANY=[@ANYBLOB='\x00'/14], @ANYBLOB="0e00000000000000", @ANYPTR=&(0x7f00000012c0)=ANY=[@ANYPTR=&(0x7f00000010c0)=ANY=[@ANYBLOB='\x00'/60], @ANYBLOB='<\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000001100)=ANY=[@ANYBLOB='\x00'/48], @ANYBLOB='0\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000001140)=ANY=[@ANYBLOB]], @ANYBLOB="040000000000000009000000000000000300"], 0x198, 0x40}, 0x1) r1 = socket$rds(0x15, 0x5, 0x0) bind$rds(r1, &(0x7f0000000180)={0x2, 0x0, @loopback}, 0x10) getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000680), &(0x7f0000000800)=0x14) perf_event_open(&(0x7f0000000880)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$rds(r1, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000100), 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {&(0x7f0000000040)=""/156, 0x80305}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x2c}, {&(0x7f00000001c0)=""/67, 0x43}, {&(0x7f0000000240)=""/198, 0xc6}, {&(0x7f0000000140)=""/15, 0xf}, {&(0x7f0000000340)=""/54, 0x7ffff}, {&(0x7f0000000380)=""/42, 0x2a}, {&(0x7f00000003c0)=""/77, 0x4d}, {&(0x7f0000000440)=""/244, 0xf4}, {&(0x7f0000000540)=""/219, 0xdb}], 0x7}}], 0x48}, 0x0) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000640)={0x52, 0x9, 0x3, {0x9, 0x8}, {0x5, 0x9bf}, @rumble={0x7, 0x7}}) 11:06:47 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c0000000000ffffffffa00080", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) [ 1123.413037][ T9832] syz-executor.4 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 1123.454011][ T9843] netlink: 'syz-executor.5': attribute type 4 has an invalid length. [ 1123.505478][ T9832] CPU: 1 PID: 9832 Comm: syz-executor.4 Not tainted 5.3.0-rc6 #127 [ 1123.509182][ T9840] rdma_op 000000008e2c962b conn xmit_rdma 00000000d8f1147d [ 1123.513382][ T9832] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1123.513397][ T9832] Call Trace: [ 1123.533884][ T9832] dump_stack+0x172/0x1f0 [ 1123.538207][ T9832] dump_header+0x10b/0x82d [ 1123.542614][ T9832] oom_kill_process.cold+0x10/0x15 [ 1123.547727][ T9832] out_of_memory+0x79a/0x12c0 [ 1123.552400][ T9832] ? lock_downgrade+0x920/0x920 [ 1123.557253][ T9832] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1123.563485][ T9832] ? oom_killer_disable+0x280/0x280 [ 1123.568681][ T9832] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1123.573448][ T9844] rdma_op 00000000dc33c5b9 conn xmit_rdma 00000000d8f1147d [ 1123.574215][ T9832] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1123.574233][ T9832] ? do_raw_spin_unlock+0x57/0x270 [ 1123.592096][ T9832] ? _raw_spin_unlock+0x2d/0x50 [ 1123.596930][ T9832] try_charge+0xf4b/0x1440 11:06:47 executing program 0: getdents64(0xffffffffffffffff, 0xfffffffffffffffd, 0xffffffffffffff84) ioctl$sock_netrom_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000040)={0x1, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={'rose', 0x0}, 0x4, 'syz0\x00', @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0x80000001, 0x3, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @default, @bcast]}) getsockopt$netrom_NETROM_N2(0xffffffffffffffff, 0x103, 0x3, &(0x7f00000000c0)=0x166, &(0x7f00000001c0)=0x4) prctl$PR_SET_CHILD_SUBREAPER(0x24, 0x20000000) 11:06:48 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c0000000000fffffffffffff0", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) [ 1123.601342][ T9832] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1123.606879][ T9832] ? get_mem_cgroup_from_mm+0x139/0x320 [ 1123.612419][ T9832] ? __kasan_check_read+0x11/0x20 [ 1123.617437][ T9832] ? lock_downgrade+0x920/0x920 [ 1123.622280][ T9832] ? percpu_ref_tryget_live+0x111/0x290 [ 1123.627828][ T9832] __memcg_kmem_charge_memcg+0x71/0xf0 [ 1123.633279][ T9832] ? memcg_kmem_put_cache+0x50/0x50 [ 1123.638475][ T9832] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1123.644011][ T9832] __memcg_kmem_charge+0x13a/0x3a0 [ 1123.649116][ T9832] __alloc_pages_nodemask+0x4f4/0x900 [ 1123.654480][ T9832] ? __alloc_pages_slowpath+0x2520/0x2520 [ 1123.660190][ T9832] ? percpu_ref_put_many+0xb6/0x190 [ 1123.665380][ T9832] ? trace_hardirqs_on+0x67/0x240 [ 1123.670389][ T9832] ? __kasan_check_read+0x11/0x20 [ 1123.675409][ T9832] copy_process+0x3f8/0x6b00 [ 1123.679995][ T9832] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1123.686228][ T9832] ? __cleanup_sighand+0x60/0x60 [ 1123.691159][ T9832] ? refcount_dec_and_mutex_lock+0x90/0x90 [ 1123.697050][ T9832] _do_fork+0x146/0xfa0 [ 1123.701214][ T9832] ? copy_init_mm+0x20/0x20 [ 1123.705715][ T9832] ? __kasan_check_read+0x11/0x20 [ 1123.710730][ T9832] ? _copy_to_user+0x118/0x160 [ 1123.718527][ T9832] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1123.724760][ T9832] ? put_timespec64+0xda/0x140 [ 1123.729513][ T9832] __x64_sys_clone+0x18d/0x250 [ 1123.734283][ T9832] ? __ia32_sys_vfork+0xc0/0xc0 [ 1123.739129][ T9832] ? trace_hardirqs_off_caller+0x65/0x230 [ 1123.744837][ T9832] ? trace_hardirqs_on+0x67/0x240 [ 1123.749856][ T9832] do_syscall_64+0xfd/0x6a0 [ 1123.754343][ T9832] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1123.760206][ T9832] RIP: 0033:0x459879 [ 1123.764072][ T9832] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1123.783643][ T9832] RSP: 002b:00007fd57ae39c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1123.792021][ T9832] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000459879 [ 1123.799964][ T9832] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1123.807906][ T9832] RBP: 000000000075bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 1123.815849][ T9832] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd57ae3a6d4 [ 1123.823789][ T9832] R13: 00000000004bfd46 R14: 00000000004d1af8 R15: 00000000ffffffff [ 1123.835685][ T9832] memory: usage 307200kB, limit 307200kB, failcnt 3215 [ 1123.843179][ T9832] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1123.856134][ T9852] netlink: 'syz-executor.5': attribute type 4 has an invalid length. [ 1123.883918][ T9832] Memory cgroup stats for /syz4: [ 1123.883986][ T9832] anon 247746560 [ 1123.883986][ T9832] file 8192 [ 1123.883986][ T9832] kernel_stack 9895936 [ 1123.883986][ T9832] slab 16322560 [ 1123.883986][ T9832] sock 0 [ 1123.883986][ T9832] shmem 0 [ 1123.883986][ T9832] file_mapped 0 [ 1123.883986][ T9832] file_dirty 0 [ 1123.883986][ T9832] file_writeback 0 [ 1123.883986][ T9832] anon_thp 190840832 [ 1123.883986][ T9832] inactive_anon 135168 [ 1123.883986][ T9832] active_anon 247750656 [ 1123.883986][ T9832] inactive_file 0 [ 1123.883986][ T9832] active_file 0 [ 1123.883986][ T9832] unevictable 135168 [ 1123.883986][ T9832] slab_reclaimable 2973696 [ 1123.883986][ T9832] slab_unreclaimable 13348864 [ 1123.883986][ T9832] pgfault 227271 [ 1123.883986][ T9832] pgmajfault 0 [ 1123.883986][ T9832] workingset_refault 363 [ 1123.883986][ T9832] workingset_activate 66 [ 1123.883986][ T9832] workingset_nodereclaim 0 [ 1123.883986][ T9832] pgrefill 4337 [ 1123.883986][ T9832] pgscan 4250 [ 1123.883986][ T9832] pgsteal 642 [ 1124.005973][ T9832] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=4528,uid=0 [ 1124.021527][ T9832] Memory cgroup out of memory: Killed process 4528 (syz-executor.4) total-vm:72840kB, anon-rss:2208kB, file-rss:34816kB, shmem-rss:0kB [ 1124.054481][ T9831] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1124.068653][ T9831] CPU: 1 PID: 9831 Comm: syz-executor.4 Not tainted 5.3.0-rc6 #127 [ 1124.076546][ T9831] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1124.086584][ T9831] Call Trace: [ 1124.089865][ T9831] dump_stack+0x172/0x1f0 [ 1124.094187][ T9831] dump_header+0x10b/0x82d [ 1124.098612][ T9831] ? oom_kill_process+0x94/0x3f0 [ 1124.103551][ T9831] oom_kill_process.cold+0x10/0x15 [ 1124.108650][ T9831] out_of_memory+0x79a/0x12c0 [ 1124.113317][ T9831] ? lock_downgrade+0x920/0x920 [ 1124.118182][ T9831] ? oom_killer_disable+0x280/0x280 [ 1124.123370][ T9831] ? __kasan_check_read+0x11/0x20 [ 1124.128386][ T9831] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1124.133921][ T9831] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1124.139536][ T9831] ? do_raw_spin_unlock+0x57/0x270 [ 1124.144623][ T9831] ? _raw_spin_unlock+0x2d/0x50 [ 1124.149440][ T9831] try_charge+0xa2d/0x1440 [ 1124.153825][ T9831] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1124.159444][ T9831] ? percpu_ref_tryget_live+0x111/0x290 [ 1124.164960][ T9831] ? get_mem_cgroup_from_mm+0x16/0x320 [ 1124.170390][ T9831] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1124.175903][ T9831] mem_cgroup_try_charge+0x136/0x590 [ 1124.181158][ T9831] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1124.187366][ T9831] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1124.192971][ T9831] __handle_mm_fault+0x1e34/0x3f20 [ 1124.198053][ T9831] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1124.203569][ T9831] ? __kasan_check_read+0x11/0x20 [ 1124.208566][ T9831] ? trace_hardirqs_on+0x67/0x240 [ 1124.213563][ T9831] handle_mm_fault+0x1b5/0x6b0 [ 1124.218299][ T9831] __do_page_fault+0x536/0xdd0 [ 1124.223040][ T9831] do_page_fault+0x38/0x590 [ 1124.227517][ T9831] page_fault+0x39/0x40 [ 1124.231656][ T9831] RIP: 0033:0x4111bf [ 1124.235523][ T9831] Code: 0f 84 c8 02 00 00 48 83 bd 78 ff ff ff 00 0f 84 f9 04 00 00 48 8b 95 68 ff ff ff 44 89 95 38 ff ff ff 4c 8d ac 10 00 f7 ff ff <49> 89 85 90 06 00 00 49 8d 85 10 03 00 00 49 89 95 98 06 00 00 41 [ 1124.255118][ T9831] RSP: 002b:00007ffd9399f460 EFLAGS: 00010206 [ 1124.261153][ T9831] RAX: 00007fd57adf9000 RBX: 0000000000020000 RCX: 00000000004598ca [ 1124.269099][ T9831] RDX: 0000000000021000 RSI: 0000000000021000 RDI: 0000000000000000 [ 1124.277050][ T9831] RBP: 00007ffd9399f540 R08: ffffffffffffffff R09: 0000000000000000 [ 1124.285004][ T9831] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd9399f630 [ 1124.292952][ T9831] R13: 00007fd57ae19700 R14: 0000000000000001 R15: 000000000075bfd4 [ 1124.301214][ T9831] memory: usage 305040kB, limit 307200kB, failcnt 3215 [ 1124.308098][ T9831] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1124.314923][ T9831] Memory cgroup stats for /syz4: [ 1124.314989][ T9831] anon 245710848 [ 1124.314989][ T9831] file 8192 [ 1124.314989][ T9831] kernel_stack 9895936 [ 1124.314989][ T9831] slab 16322560 [ 1124.314989][ T9831] sock 0 [ 1124.314989][ T9831] shmem 0 [ 1124.314989][ T9831] file_mapped 0 [ 1124.314989][ T9831] file_dirty 0 [ 1124.314989][ T9831] file_writeback 0 [ 1124.314989][ T9831] anon_thp 188743680 [ 1124.314989][ T9831] inactive_anon 135168 [ 1124.314989][ T9831] active_anon 245710848 [ 1124.314989][ T9831] inactive_file 0 [ 1124.314989][ T9831] active_file 0 [ 1124.314989][ T9831] unevictable 135168 [ 1124.314989][ T9831] slab_reclaimable 2973696 [ 1124.314989][ T9831] slab_unreclaimable 13348864 [ 1124.314989][ T9831] pgfault 227271 [ 1124.314989][ T9831] pgmajfault 0 [ 1124.314989][ T9831] workingset_refault 363 [ 1124.314989][ T9831] workingset_activate 66 [ 1124.314989][ T9831] workingset_nodereclaim 0 [ 1124.314989][ T9831] pgrefill 4337 [ 1124.314989][ T9831] pgscan 4250 [ 1124.314989][ T9831] pgsteal 642 [ 1124.408855][ T9831] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=4302,uid=0 [ 1124.424194][ T9831] Memory cgroup out of memory: Killed process 4302 (syz-executor.4) total-vm:72840kB, anon-rss:2208kB, file-rss:34816kB, shmem-rss:0kB 11:06:48 executing program 4: ioctl$SNDRV_TIMER_IOCTL_STATUS(0xffffffffffffffff, 0x80605414, &(0x7f0000001500)=""/172) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$rds(0xffffffffffffffff, &(0x7f00000014c0)={0x0, 0x0, &(0x7f0000000bc0)=[{0x0}], 0x1, &(0x7f0000001300)=ANY=[@ANYBLOB, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYBLOB="17000000", @ANYPTR, @ANYBLOB], 0x2c}, 0x1) r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000180)={0x2, 0x0, @loopback}, 0x10) perf_event_open(&(0x7f0000000880)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000100), 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {&(0x7f0000000040)=""/156, 0x80305}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x2c}, {&(0x7f00000001c0)=""/67, 0x43}, {&(0x7f0000000240)=""/198, 0xc6}, {&(0x7f0000000140)=""/15, 0xf}, {&(0x7f0000000340)=""/54, 0x7ffff}, {&(0x7f0000000380)=""/42, 0x2a}, {&(0x7f00000003c0)=""/77, 0x4d}, {&(0x7f0000000440)=""/244, 0xf4}, {&(0x7f0000000540)=""/219, 0xdb}], 0x7}}], 0x48}, 0x0) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000640)={0x52, 0x9, 0x3, {0x9, 0x8}, {0x5}, @rumble={0x7, 0x7}}) 11:06:48 executing program 1: r0 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r0, 0x8003f1) open(&(0x7f00000004c0)='./bus\x00', 0x0, 0xf00) 11:06:48 executing program 2: ioctl$SNDRV_TIMER_IOCTL_STATUS(0xffffffffffffffff, 0x80605414, &(0x7f0000001500)=""/172) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$rds(0xffffffffffffffff, &(0x7f00000014c0)={&(0x7f0000000900)={0x2, 0x4e21, @remote}, 0x10, &(0x7f0000000bc0)=[{&(0x7f0000000940)=""/192, 0xc0}, {&(0x7f0000000a00)=""/158, 0x9e}, {&(0x7f0000000ac0)=""/209, 0xd1}], 0x3, &(0x7f0000001300)=ANY=[@ANYBLOB="1800000000000000140100000200000068000000fbffffff180000000000000014010000020000000800000003000000480000000000000014010000010000000000000000000100", @ANYPTR=&(0x7f0000000c00)=ANY=[@ANYBLOB='\x00'/111], @ANYBLOB='o\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000000ec0)=ANY=[@ANYPTR=&(0x7f0000000c80)=ANY=[@ANYBLOB='\x00'/91], @ANYBLOB="9b4dd4c02f7ffc70", @ANYPTR=&(0x7f0000000d00)=ANY=[@ANYBLOB='\x00'/132], @ANYBLOB="8400000000000000", @ANYPTR=&(0x7f0000000dc0)=ANY=[@ANYBLOB='\x00'/19], @ANYBLOB='&\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000000e00)=ANY=[@ANYBLOB='\x00'/85], @ANYBLOB="aa00000000000000"], @ANYBLOB="040000000000000040000000000000000400000000000000580000000000000014010000070000000100000000fcffff", @ANYPTR=&(0x7f0000000f00)=ANY=[@ANYBLOB="0400000000000000"], @ANYPTR=&(0x7f0000000f40)=ANY=[@ANYBLOB="00000080000000"], @ANYBLOB="2a000000000000000000000000000000010001000000000003000000000000000200000000000000060000000000000030000000000000001401000003000000", @ANYPTR=&(0x7f0000000f80)=ANY=[@ANYBLOB='\x00'/18], @ANYBLOB="1700000000000000", @ANYPTR=&(0x7f0000000fc0)=ANY=[@ANYBLOB='\x00'], @ANYBLOB="100000000000000058000000000000001401000007000000ff03000005000000", @ANYPTR=&(0x7f0000001000)=ANY=[@ANYBLOB="0300000000000000"], @ANYPTR=&(0x7f0000001040)=ANY=[@ANYBLOB="ffffff7f00000000"], @ANYBLOB="05000000000000000600000000000000570000000000000006000000000000000800000000000000090000000000000048000000000000001401000001000000e31e000005000000", @ANYPTR=&(0x7f0000001080)=ANY=[@ANYBLOB='\x00'/14], @ANYBLOB="0e00000000000000", @ANYPTR=&(0x7f00000012c0)=ANY=[@ANYPTR=&(0x7f00000010c0)=ANY=[@ANYBLOB='\x00'/60], @ANYBLOB='<\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000001100)=ANY=[@ANYBLOB='\x00'/48], @ANYBLOB='0\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000001140)=ANY=[@ANYBLOB]], @ANYBLOB="040000000000000009000000000000000300"], 0x198, 0x40}, 0x1) r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000180)={0x2, 0x0, @loopback}, 0x10) perf_event_open(&(0x7f0000000880)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000100), 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {&(0x7f0000000040)=""/156, 0x80305}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x2c}, {&(0x7f00000001c0)=""/67, 0x43}, {&(0x7f0000000240)=""/198, 0xc6}, {&(0x7f0000000140)=""/15, 0xf}, {&(0x7f0000000340)=""/54, 0x7ffff}, {&(0x7f0000000380)=""/42, 0x2a}, {&(0x7f00000003c0)=""/77, 0x4d}, {&(0x7f0000000440)=""/244, 0xf4}, {&(0x7f0000000540)=""/219, 0xdb}], 0x7}}], 0x48}, 0x0) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000680)='/dev/zero\x00', 0x0, 0x0) ioctl$EVIOCGEFFECTS(r1, 0x80044584, &(0x7f0000001140)=""/145) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000640)={0x52, 0x9, 0x3, {0x9, 0x8}, {0x5, 0x9bf}, @rumble={0x7, 0x7}}) 11:06:48 executing program 0: r0 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000001800)='/dev/dlm-monitor\x00', 0x2000, 0x0) ioctl$SNDRV_CTL_IOCTL_HWDEP_INFO(r0, 0x80dc5521, &(0x7f0000001840)=""/14) r1 = syz_open_dev$usbmon(&(0x7f0000001780)='/dev/usbmon#\x00', 0x2, 0x20000) ioctl$TCSETA(r1, 0x5406, &(0x7f00000017c0)={0x1ff, 0x401, 0xff, 0x1, 0x13, 0x20, 0x7, 0x0, 0x6, 0x1}) process_vm_writev(0x0, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0x445}], 0x1, &(0x7f0000000080)=[{&(0x7f0000217f28)=""/231, 0xffffffab}], 0x1, 0x0) ioctl$BLKIOMIN(r0, 0x1278, &(0x7f00000016c0)) r2 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vga_arbiter\x00', 0x40, 0x0) setsockopt$XDP_TX_RING(r2, 0x11b, 0x3, &(0x7f0000001700)=0x4, 0x4) io_uring_register$IORING_REGISTER_BUFFERS(r2, 0x0, &(0x7f0000001880)=[{&(0x7f00000000c0)=""/111, 0x6f}, {&(0x7f0000000140)=""/39, 0x27}, {&(0x7f0000000180)=""/211, 0xd3}, {&(0x7f0000000280)=""/227, 0xe3}, {&(0x7f0000000380)=""/4096, 0x1000}, {&(0x7f0000001380)=""/201, 0xc9}, {&(0x7f0000001480)=""/120, 0x78}, {&(0x7f0000001500)=""/52, 0x34}, {&(0x7f0000001540)=""/202, 0xca}, {&(0x7f0000001640)=""/113, 0x71}], 0xa) 11:06:48 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c00"/20, @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) 11:06:48 executing program 3: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff038000000800395032303030264c"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000400)={0xa0}, 0xa0) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) chdir(&(0x7f0000000000)='./file0\x00') mknod(&(0x7f0000000140)='./file0\x00', 0x0, 0xfffff000) [ 1124.462467][ T9864] rdma_op 000000002723220b conn xmit_rdma 00000000d8f1147d [ 1124.479386][ T9864] rdma_op 000000001fe45be9 conn xmit_rdma 00000000d8f1147d [ 1124.519461][ T23] kauditd_printk_skb: 4 callbacks suppressed [ 1124.519472][ T23] audit: type=1804 audit(1566904008.964:1040): pid=9871 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir582042889/syzkaller.EPHjOp/2326/bus" dev="sda1" ino=16887 res=1 [ 1124.521050][ T9873] rdma_op 000000002ce95c8b conn xmit_rdma 00000000d8f1147d [ 1124.552943][ T9878] netlink: 'syz-executor.5': attribute type 4 has an invalid length. 11:06:49 executing program 3: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="150000f664ffff0380000008f3394f32303030264c"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000040)={0xe}, 0x274) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000400)={0xa0}, 0xa0) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,mfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) chdir(&(0x7f0000000000)='./file0\x00') mknod(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) 11:06:49 executing program 0: r0 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000400)='/proc/capi/capi20\x00', 0x500, 0x0) setsockopt$inet6_tcp_TLS_TX(r0, 0x6, 0x1, &(0x7f0000000440)=@gcm_128={{0x303}, "e2310a926e7d8ed4", "b10605ff4524007a5db456f2b57ca8de", "30cb2563", "8141ee6f8460ab4e"}, 0x28) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x10, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fanotify_init(0x0, 0x2) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e22, 0x5}, 0xfffffc8d) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000001540)={'veth1_to_bridge\x00', 0x0}) setsockopt$RDS_GET_MR_FOR_DEST(r0, 0x114, 0x7, &(0x7f00000016c0)={@hci={0x1f, r3}, {&(0x7f0000001580)=""/210, 0xd2}, &(0x7f0000001680), 0x16}, 0xa0) listen(r2, 0x0) r4 = syz_open_dev$swradio(&(0x7f0000000140)='/dev/swradio#\x00', 0x0, 0x2) ioctl$VHOST_GET_FEATURES(r4, 0x8008af00, &(0x7f00000003c0)) sendto$inet6(r1, 0x0, 0xfffffffffffffe32, 0x20004004, &(0x7f0000000040)={0xa, 0x20004e22, 0x0, @loopback}, 0x1c) ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(r0, 0x40405515, &(0x7f0000000480)={0x4, 0x0, 0xfffffffffffffff9, 0x4, 'syz0\x00', 0x100000001}) r5 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000380)='/proc/self/net/pfkey\x00', 0xb0406, 0x0) ioctl$VHOST_SET_VRING_ADDR(r5, 0x4028af11, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000180)=""/62, &(0x7f00000001c0)=""/204, &(0x7f00000002c0)=""/62, 0x100000}) setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f0000000000)='tls\x00', 0xc498ead121f97dd6) ioctl$SIOCAX25ADDFWD(r5, 0x89ea, &(0x7f0000000340)={@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default}) setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x1, &(0x7f0000000100)=@gcm_128={{0x303}, "d44eb8c7308ec7c4", "442065238929350ade91900b51fc9534", "6bdda720", "7ee51430da3f51b3"}, 0x28) sendto$inet6(r1, &(0x7f0000000080)="39a110", 0xffffffffffffffc1, 0x40, 0x0, 0xfffffffffffffe5b) 11:06:49 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c00"/20, @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) 11:06:49 executing program 2: ioctl$SNDRV_TIMER_IOCTL_STATUS(0xffffffffffffffff, 0x80605414, &(0x7f0000001500)=""/172) getrusage(0x1, &(0x7f0000001140)) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$rds(0xffffffffffffffff, &(0x7f00000014c0)={&(0x7f0000000900)={0x2, 0x4e21, @remote}, 0x10, &(0x7f0000000bc0)=[{&(0x7f0000000940)=""/192, 0xc0}, {&(0x7f0000000a00)=""/158, 0x9e}, {&(0x7f0000000ac0)=""/209, 0xd1}], 0x3, &(0x7f0000001300)=ANY=[@ANYBLOB="1800000000000000140100000200000068000000fbffffff180000000000000014010000020000000800000003000000480000000000000014010000010000000000000000000100", @ANYPTR=&(0x7f0000000c00)=ANY=[@ANYBLOB='\x00'/111], @ANYBLOB='o\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000000ec0)=ANY=[@ANYPTR=&(0x7f0000000c80)=ANY=[@ANYBLOB='\x00'/91], @ANYBLOB="9b4dd4c02f7ffc70", @ANYPTR=&(0x7f0000000d00)=ANY=[@ANYBLOB='\x00'/132], @ANYBLOB="8400000000000000", @ANYPTR=&(0x7f0000000dc0)=ANY=[@ANYBLOB='\x00'/19], @ANYBLOB='&\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000000e00)=ANY=[@ANYBLOB='\x00'/85], @ANYBLOB="aa00000000000000"], @ANYBLOB="040000000000000040000000000000000400000000000000580000000000000014010000070000000100000000fcffff", @ANYPTR=&(0x7f0000000f00)=ANY=[@ANYBLOB="0400000000000000"], @ANYPTR=&(0x7f0000000f40)=ANY=[@ANYBLOB="00000080000000"], @ANYBLOB="2a000000000000000000000000000000010001000000000003000000000000000200000000000000060000000000000030000000000000001401000003000000", @ANYPTR=&(0x7f0000000f80)=ANY=[@ANYBLOB='\x00'/18], @ANYBLOB="1700000000000000", @ANYPTR=&(0x7f0000000fc0)=ANY=[@ANYBLOB='\x00'], @ANYBLOB="100000000000000058000000000000001401000007000000ff03000005000000", @ANYPTR=&(0x7f0000001000)=ANY=[@ANYBLOB="0300000000000000"], @ANYPTR=&(0x7f0000001040)=ANY=[@ANYBLOB="ffffff7f00000000"], @ANYBLOB="05000000000000000600000000000000570000000000000006000000000000000800000000000000090000000000000048000000000000001401000001000000e31e000005000000", @ANYPTR=&(0x7f0000001080)=ANY=[@ANYBLOB='\x00'/14], @ANYBLOB="0e00000000000000", @ANYPTR=&(0x7f00000012c0)=ANY=[@ANYPTR=&(0x7f00000010c0)=ANY=[@ANYBLOB='\x00'/60], @ANYBLOB='<\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000001100)=ANY=[@ANYBLOB='\x00'/48], @ANYBLOB='0\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000001140)=ANY=[@ANYBLOB]], @ANYBLOB="040000000000000009000000000000000300"], 0x198, 0x40}, 0x1) r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000180)={0x2, 0x0, @loopback}, 0x10) perf_event_open(&(0x7f0000000880)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000100), 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {&(0x7f0000000040)=""/156, 0x80305}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x2c}, {&(0x7f00000001c0)=""/67, 0x43}, {&(0x7f0000000240)=""/198, 0xc6}, {&(0x7f0000000140)=""/15, 0xf}, {&(0x7f0000000340)=""/54, 0x7ffff}, {&(0x7f0000000380)=""/42, 0x2a}, {&(0x7f00000003c0)=""/77, 0x4d}, {&(0x7f0000000440)=""/244, 0xf4}, {&(0x7f0000000540)=""/219, 0xdb}], 0x7}}], 0x48}, 0x0) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000640)={0x52, 0x9, 0x3, {0x9, 0x8}, {0x5, 0x9bf}, @rumble={0x7, 0x7}}) [ 1124.690537][ T9886] rdma_op 0000000038656002 conn xmit_rdma 00000000d8f1147d [ 1124.807162][ T9897] rdma_op 00000000b576535b conn xmit_rdma 00000000d8f1147d [ 1124.820642][ T9898] netlink: 'syz-executor.5': attribute type 4 has an invalid length. [ 1124.830104][ T9885] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 11:06:49 executing program 2: ioctl$SNDRV_TIMER_IOCTL_STATUS(0xffffffffffffffff, 0x80605414, &(0x7f0000001500)=""/172) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$rds(0xffffffffffffffff, &(0x7f00000014c0)={&(0x7f0000000900)={0x2, 0x4e21, @remote}, 0x10, &(0x7f0000000bc0)=[{&(0x7f0000000940)=""/192, 0xc0}, {&(0x7f0000000a00)=""/158, 0x9e}, {&(0x7f0000000ac0)=""/209, 0xd1}], 0x3, &(0x7f0000001300)=ANY=[@ANYBLOB="1800000000000000140100000200000068000000fbffffff180000000000000014010000020000000800000003000000480000000000000014010000010000000000000000000100", @ANYPTR=&(0x7f0000000c00)=ANY=[@ANYBLOB='\x00'/111], @ANYBLOB='o\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000000ec0)=ANY=[@ANYPTR=&(0x7f0000000c80)=ANY=[@ANYBLOB='\x00'/91], @ANYBLOB="9b4dd4c02f7ffc70", @ANYPTR=&(0x7f0000000d00)=ANY=[@ANYBLOB='\x00'/132], @ANYBLOB="8400000000000000", @ANYPTR=&(0x7f0000000dc0)=ANY=[@ANYBLOB='\x00'/19], @ANYBLOB='&\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000000e00)=ANY=[@ANYBLOB='\x00'/85], @ANYBLOB="aa00000000000000"], @ANYBLOB="040000000000000040000000000000000400000000000000580000000000000014010000070000000100000000fcffff", @ANYPTR=&(0x7f0000000f00)=ANY=[@ANYBLOB="0400000000000000"], @ANYPTR=&(0x7f0000000f40)=ANY=[@ANYBLOB="00000080000000"], @ANYBLOB="2a000000000000000000000000000000010001000000000003000000000000000200000000000000060000000000000030000000000000001401000003000000", @ANYPTR=&(0x7f0000000f80)=ANY=[@ANYBLOB='\x00'/18], @ANYBLOB="1700000000000000", @ANYPTR=&(0x7f0000000fc0)=ANY=[@ANYBLOB='\x00'], @ANYBLOB="100000000000000058000000000000001401000007000000ff03000005000000", @ANYPTR=&(0x7f0000001000)=ANY=[@ANYBLOB="0300000000000000"], @ANYPTR=&(0x7f0000001040)=ANY=[@ANYBLOB="ffffff7f00000000"], @ANYBLOB="05000000000000000600000000000000570000000000000006000000000000000800000000000000090000000000000048000000000000001401000001000000e31e000005000000", @ANYPTR=&(0x7f0000001080)=ANY=[@ANYBLOB='\x00'/14], @ANYBLOB="0e00000000000000", @ANYPTR=&(0x7f00000012c0)=ANY=[@ANYPTR=&(0x7f00000010c0)=ANY=[@ANYBLOB='\x00'/60], @ANYBLOB='<\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000001100)=ANY=[@ANYBLOB='\x00'/48], @ANYBLOB='0\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000001140)=ANY=[@ANYBLOB]], @ANYBLOB="040000000000000009000000000000000300"], 0x198, 0x40}, 0x1) r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000180)={0x2, 0x0, @loopback}, 0x10) perf_event_open(&(0x7f0000000880)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000100), 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {&(0x7f0000000040)=""/156, 0x80305}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x2c}, {&(0x7f00000001c0)=""/67, 0x43}, {&(0x7f0000000240)=""/198, 0xc6}, {&(0x7f0000000140)=""/15, 0xf}, {&(0x7f0000000340)=""/54, 0x7ffff}, {&(0x7f0000000380)=""/42, 0x2a}, {&(0x7f00000003c0)=""/77, 0x4d}, {&(0x7f0000000440)=""/244, 0xf4}, {&(0x7f0000000540)=""/219, 0xdb}], 0x7}}], 0x48}, 0x0) r1 = syz_open_dev$amidi(&(0x7f0000000e80)='/dev/amidi#\x00', 0x7f, 0x4000) ioctl$SNDRV_CTL_IOCTL_POWER_STATE(r1, 0x800455d1, &(0x7f0000001140)) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000640)={0x52, 0x9, 0x3, {0x9, 0x8}, {0x5, 0x9bf}, @rumble={0x7, 0x7}}) r2 = syz_open_procfs(0x0, &(0x7f0000000680)='smaps\x00') getsockopt$inet_sctp6_SCTP_RECVNXTINFO(r2, 0x84, 0x21, &(0x7f0000000800), &(0x7f0000000840)=0x4) [ 1124.872588][ T9901] 9pnet: Insufficient options for proto=fd [ 1124.901963][ T9885] CPU: 1 PID: 9885 Comm: syz-executor.4 Not tainted 5.3.0-rc6 #127 [ 1124.909847][ T9885] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1124.919899][ T9885] Call Trace: [ 1124.923169][ T9885] dump_stack+0x172/0x1f0 [ 1124.927487][ T9885] dump_header+0x10b/0x82d [ 1124.931885][ T9885] ? oom_kill_process+0x94/0x3f0 [ 1124.936801][ T9885] oom_kill_process.cold+0x10/0x15 [ 1124.941888][ T9885] out_of_memory+0x79a/0x12c0 [ 1124.946552][ T9885] ? lock_downgrade+0x920/0x920 [ 1124.951397][ T9885] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1124.957627][ T9885] ? oom_killer_disable+0x280/0x280 [ 1124.962811][ T9885] ? __kasan_check_read+0x11/0x20 [ 1124.967821][ T9885] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1124.973358][ T9885] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1124.978985][ T9885] ? do_raw_spin_unlock+0x57/0x270 [ 1124.984079][ T9885] ? _raw_spin_unlock+0x2d/0x50 [ 1124.988915][ T9885] try_charge+0xf4b/0x1440 [ 1124.993330][ T9885] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1124.998861][ T9885] ? percpu_ref_tryget_live+0x111/0x290 [ 1125.004392][ T9885] ? get_mem_cgroup_from_mm+0x16/0x320 [ 1125.009838][ T9885] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1125.015372][ T9885] mem_cgroup_try_charge+0x136/0x590 11:06:49 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c00"/20, @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) [ 1125.020649][ T9885] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1125.026883][ T9885] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1125.032503][ T9885] do_huge_pmd_wp_page_fallback+0x24c/0x16d0 [ 1125.038471][ T9885] ? defrag_store+0x360/0x360 [ 1125.043145][ T9885] ? lock_downgrade+0x920/0x920 [ 1125.047991][ T9885] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1125.054222][ T9885] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1125.060454][ T9885] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1125.066680][ T9885] ? alloc_pages_vma+0x122/0x3f0 [ 1125.071608][ T9885] do_huge_pmd_wp_page+0x806/0x2270 [ 1125.076789][ T9885] ? __split_huge_pmd+0x27e0/0x27e0 [ 1125.076804][ T9885] ? do_wp_page+0x4a1/0x14d0 [ 1125.086536][ T9885] ? pmd_val+0x85/0x100 [ 1125.090673][ T9885] ? add_mm_counter_fast.part.0+0x40/0x40 [ 1125.090689][ T9885] __handle_mm_fault+0x14cf/0x3f20 [ 1125.090703][ T9885] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1125.101379][ T9908] netlink: 'syz-executor.5': attribute type 4 has an invalid length. [ 1125.101478][ T9885] ? __kasan_check_read+0x11/0x20 [ 1125.120031][ T9885] ? trace_hardirqs_on+0x67/0x240 [ 1125.125041][ T9885] handle_mm_fault+0x1b5/0x6b0 [ 1125.129795][ T9885] __do_page_fault+0x536/0xdd0 [ 1125.134550][ T9885] do_page_fault+0x38/0x590 [ 1125.134567][ T9885] page_fault+0x39/0x40 [ 1125.143161][ T9885] RIP: 0033:0x4005c0 [ 1125.147036][ T9885] Code: 01 e9 cd 01 00 00 48 8b 44 24 10 48 0b 44 24 28 75 20 48 8b 14 24 48 8b 7c 24 20 be 02 00 00 00 e8 45 55 00 00 48 8b 4c 24 08 <66> 89 01 e9 a1 01 00 00 48 8b 44 24 08 48 8b 14 24 be 02 00 00 00 [ 1125.147043][ T9885] RSP: 002b:00007ffd9399f510 EFLAGS: 00010202 [ 1125.147052][ T9885] RAX: 0000000000000002 RBX: 0000000000000000 RCX: 0000000020000180 [ 1125.147058][ T9885] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000000002 [ 1125.147069][ T9885] RBP: 0000000000760408 R08: 0000000000000000 R09: 0000000000000000 [ 1125.175282][ T9911] rdma_op 000000003c07c6ef conn xmit_rdma 00000000d8f1147d [ 1125.180613][ T9885] R10: 00000000004395d0 R11: 0000000000000012 R12: 00000000004c5e06 [ 1125.180620][ T9885] R13: 000000000000012c R14: 0000000000760410 R15: fffffffffffffffe [ 1125.221610][ T9901] 9pnet: Insufficient options for proto=fd [ 1125.235486][ T23] audit: type=1804 audit(1566904009.674:1041): pid=9913 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir582042889/syzkaller.EPHjOp/2326/bus" dev="sda1" ino=16887 res=1 [ 1125.243827][ T9885] memory: usage 307200kB, limit 307200kB, failcnt 3256 [ 1125.308480][ T9885] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1125.318286][ T9885] Memory cgroup stats for /syz4 [ 1125.324655][ T9885] : [ 1125.324745][ T9885] anon 246386688 [ 1125.324745][ T9885] file 8192 [ 1125.324745][ T9885] kernel_stack 9961472 [ 1125.324745][ T9885] slab 16457728 [ 1125.324745][ T9885] sock 0 [ 1125.324745][ T9885] shmem 0 [ 1125.324745][ T9885] file_mapped 0 [ 1125.324745][ T9885] file_dirty 0 [ 1125.324745][ T9885] file_writeback 0 [ 1125.324745][ T9885] anon_thp 188743680 [ 1125.324745][ T9885] inactive_anon 135168 [ 1125.324745][ T9885] active_anon 246386688 [ 1125.324745][ T9885] inactive_file 0 [ 1125.324745][ T9885] active_file 0 [ 1125.324745][ T9885] unevictable 135168 [ 1125.324745][ T9885] slab_reclaimable 2973696 [ 1125.324745][ T9885] slab_unreclaimable 13484032 [ 1125.324745][ T9885] pgfault 227700 [ 1125.324745][ T9885] pgmajfault 0 [ 1125.324745][ T9885] workingset_refault 363 [ 1125.324745][ T9885] workingset_activate 66 [ 1125.324745][ T9885] workingset_nodereclaim 0 11:06:49 executing program 0: syz_emit_ethernet(0x168, &(0x7f0000000080)={@random="514971e32279", @dev={[], 0x1c}, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x11, 0x0, @remote, @remote}, @udp={0x0, 0x0, 0x8}}}}}, 0x0) r0 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm-control\x00', 0x600c80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r0, 0xc008ae67, &(0x7f0000000040)={0xfffffffffffffffa, 0x10000000000000}) [ 1125.324745][ T9885] pgrefill 4436 [ 1125.324745][ T9885] pgscan 4349 [ 1125.324745][ T9885] pgsteal 642 [ 1125.416198][ T9885] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=9885,uid=0 [ 1125.431632][ T9885] Memory cgroup out of memory: Killed process 9885 (syz-executor.4) total-vm:72708kB, anon-rss:2196kB, file-rss:35792kB, shmem-rss:0kB [ 1125.447199][ T1058] oom_reaper: reaped process 9885 (syz-executor.4), now anon-rss:0kB, file-rss:34832kB, shmem-rss:0kB 11:06:50 executing program 1: r0 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r0, 0x8003f1) open(&(0x7f00000004c0)='./bus\x00', 0x0, 0x1100) 11:06:50 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c00"/20, @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) 11:06:50 executing program 3: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x10) write$P9_RVERSION(r1, &(0x7f0000000180)=ANY=[@ANYBLOB="1500000065ffff0380395032303030264cb8d9ea0bb74bac254c8413f2be295f000000000000000000000000000000000000f5d91793f1f5970684bb5bb8de162bedf25d0a4ab126f23741676bd6"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000400)={0xa0}, 0xa0) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) chdir(&(0x7f0000000000)='./file0\x00') mknod(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) 11:06:50 executing program 4: ioctl$SNDRV_TIMER_IOCTL_STATUS(0xffffffffffffffff, 0x80605414, &(0x7f0000001500)=""/172) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$rds(0xffffffffffffffff, &(0x7f00000014c0)={0x0, 0x0, &(0x7f0000000bc0)=[{0x0}], 0x1, &(0x7f0000001300)=ANY=[@ANYBLOB, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYBLOB="17000000", @ANYPTR, @ANYBLOB], 0x2c}, 0x1) r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000180)={0x2, 0x0, @loopback}, 0x10) perf_event_open(&(0x7f0000000880)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000100), 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {&(0x7f0000000040)=""/156, 0x80305}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x2c}, {&(0x7f00000001c0)=""/67, 0x43}, {&(0x7f0000000240)=""/198, 0xc6}, {&(0x7f0000000140)=""/15, 0xf}, {&(0x7f0000000340)=""/54, 0x7ffff}, {&(0x7f0000000380)=""/42, 0x2a}, {&(0x7f00000003c0)=""/77, 0x4d}, {&(0x7f0000000440)=""/244, 0xf4}, {&(0x7f0000000540)=""/219, 0xdb}], 0x7}}], 0x48}, 0x0) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000640)={0x52, 0x9, 0x3, {0x9, 0x8}, {0x5}, @rumble={0x7, 0x7}}) 11:06:50 executing program 2: ioctl$SNDRV_TIMER_IOCTL_STATUS(0xffffffffffffffff, 0x80605414, &(0x7f0000001500)=""/172) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$rds(0xffffffffffffffff, &(0x7f00000014c0)={&(0x7f0000000900)={0x2, 0x4e21, @remote}, 0x10, &(0x7f0000000bc0)=[{&(0x7f0000000940)=""/192, 0xc0}, {&(0x7f0000000a00)=""/158, 0x9e}, {&(0x7f0000000ac0)=""/209, 0xd1}], 0x3, &(0x7f0000001300)=ANY=[@ANYBLOB="1800000000000000140100000200000068000000fbffffff180000000000000014010000020000000800000003000000480000000000000014010000010000000000000000000100", @ANYPTR=&(0x7f0000000c00)=ANY=[@ANYBLOB='\x00'/111], @ANYBLOB='o\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000000ec0)=ANY=[@ANYPTR=&(0x7f0000000c80)=ANY=[@ANYBLOB='\x00'/91], @ANYBLOB="9b4dd4c02f7ffc70", @ANYPTR=&(0x7f0000000d00)=ANY=[@ANYBLOB='\x00'/132], @ANYBLOB="8400000000000000", @ANYPTR=&(0x7f0000000dc0)=ANY=[@ANYBLOB='\x00'/19], @ANYBLOB='&\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000000e00)=ANY=[@ANYBLOB='\x00'/85], @ANYBLOB="aa00000000000000"], @ANYBLOB="040000000000000040000000000000000400000000000000580000000000000014010000070000000100000000fcffff", @ANYPTR=&(0x7f0000000f00)=ANY=[@ANYBLOB="0400000000000000"], @ANYPTR=&(0x7f0000000f40)=ANY=[@ANYBLOB="00000080000000"], @ANYBLOB="2a000000000000000000000000000000010001000000000003000000000000000200000000000000060000000000000030000000000000001401000003000000", @ANYPTR=&(0x7f0000000f80)=ANY=[@ANYBLOB='\x00'/18], @ANYBLOB="1700000000000000", @ANYPTR=&(0x7f0000000fc0)=ANY=[@ANYBLOB='\x00'], @ANYBLOB="100000000000000058000000000000001401000007000000ff03000005000000", @ANYPTR=&(0x7f0000001000)=ANY=[@ANYBLOB="0300000000000000"], @ANYPTR=&(0x7f0000001040)=ANY=[@ANYBLOB="ffffff7f00000000"], @ANYBLOB="05000000000000000600000000000000570000000000000006000000000000000800000000000000090000000000000048000000000000001401000001000000e31e000005000000", @ANYPTR=&(0x7f0000001080)=ANY=[@ANYBLOB='\x00'/14], @ANYBLOB="0e00000000000000", @ANYPTR=&(0x7f00000012c0)=ANY=[@ANYPTR=&(0x7f00000010c0)=ANY=[@ANYBLOB='\x00'/60], @ANYBLOB='<\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000001100)=ANY=[@ANYBLOB='\x00'/48], @ANYBLOB='0\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000001140)=ANY=[@ANYBLOB]], @ANYBLOB="040000000000000009000000000000000300"], 0x198, 0x40}, 0x1) r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000180)={0x2, 0x0, @loopback}, 0x10) perf_event_open(&(0x7f0000000880)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000100), 0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="4800000000000000140100000100"/24, @ANYPTR=&(0x7f0000000040)=ANY=[@ANYBLOB='\x00'/156], @ANYBLOB="0503080000000000", @ANYPTR=&(0x7f0000001640)=ANY=[@ANYPTR=&(0x7f0000000100)=ANY=[@ANYBLOB='\x00'/44], @ANYBLOB=',\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f00000001c0)=ANY=[@ANYBLOB='\x00'/67], @ANYBLOB='C\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000000240)=ANY=[@ANYBLOB='\x00'/198], @ANYBLOB="c600000000000000", @ANYPTR=&(0x7f0000000140)=ANY=[@ANYBLOB='\x00'/15], @ANYBLOB="0f00000000000000", @ANYPTR=&(0x7f0000000340)=ANY=[@ANYBLOB='\x00'/54], @ANYBLOB="ffff070000000000", @ANYPTR=&(0x7f0000000380)=ANY=[@ANYBLOB='\x00'/42], @ANYBLOB="0180000019ab960cfbf800000000cc1319da5b5f561d71b7a1176618a2c32be258a9ee42558634c870312287d3353043eb2dc5ebae3d6412865519fdc862d0bb9d519cf56d029a70cc080925224729301c38b8510b7ee80aaaa3852625847ce232ca07205854dac9545263dff74106002f78af825f64d0738654eb43124fe4a9461953e3cef7373fbffad275171a6c2f9fbb4fabfa631fbfaf3a8c9b0dd97bb1688991a7683a8d772ccca17a90b4e6748c0f3c0cab8844d42267614b545f38ca4e49872a6d52f1f41e7627bcd7fb49332a97a704cf90f5407ddc23a7386d6ee7187e0b8292c9c8e71d732d6644ec6d972b64b8a83e89a48cab65f4a88fe35bf80ff65dfd263d84e1f66fb19e6e512d17d132abe4550ec9c0", @ANYPTR=&(0x7f00000003c0)=ANY=[@ANYBLOB='\x00'/77], @ANYBLOB='M\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000000440)=ANY=[@ANYBLOB='\x00'/244], @ANYBLOB="f400000000000000", @ANYPTR=&(0x7f0000000540)=ANY=[@ANYBLOB='\x00'/219], @ANYBLOB="db00000000000000"], @ANYBLOB='\a\x00'/24], 0x48}, 0x0) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000640)={0x52, 0x9, 0x3, {0x9, 0x8}, {0x5, 0x9bf}, @rumble={0x7, 0x7}}) 11:06:50 executing program 0: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") r0 = syz_open_dev$dspn(&(0x7f0000000080)='/dev/dsp#\x00', 0x28001, 0x1) ioctl$int_in(r0, 0x80000080045017, &(0x7f0000000100)) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x94}], 0x100001c9, 0x0) sched_setaffinity(0x0, 0x181, &(0x7f0000000180)) setxattr$security_smack_transmute(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='security.SMACK64TRANSMUTE\x00', &(0x7f0000000140)='TRUE', 0x4, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000200)='net/route\x00') ioctl$EVIOCGVERSION(r0, 0x80044501, &(0x7f0000000240)=""/198) preadv(r1, &(0x7f0000000480), 0x100000000000022c, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000000)) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, 0x0) ioctl$DRM_IOCTL_GET_MAGIC(0xffffffffffffffff, 0x80046402, &(0x7f0000000100)=0xffffffffffffffff) [ 1125.625852][ T9940] netlink: 'syz-executor.5': attribute type 4 has an invalid length. 11:06:50 executing program 2: ioctl$SNDRV_TIMER_IOCTL_STATUS(0xffffffffffffffff, 0x80605414, &(0x7f0000001500)=""/172) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$rds(0xffffffffffffffff, &(0x7f00000014c0)={&(0x7f0000000900)={0x2, 0x4e21, @remote}, 0x10, &(0x7f0000000bc0)=[{&(0x7f0000000940)=""/192, 0xc0}, {&(0x7f0000000a00)=""/158, 0x9e}, {&(0x7f0000000ac0)=""/209, 0xd1}], 0x3, &(0x7f0000001300)=ANY=[@ANYBLOB="1800000000000000140100000200000068000000fbffffff180000000000000014010000020000000800000003000000480000000000000014010000010000000000000000000100", @ANYPTR=&(0x7f0000000c00)=ANY=[@ANYBLOB='\x00'/111], @ANYBLOB='o\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000000ec0)=ANY=[@ANYPTR=&(0x7f0000000c80)=ANY=[@ANYBLOB='\x00'/91], @ANYBLOB="9b4dd4c02f7ffc70", @ANYPTR=&(0x7f0000000d00)=ANY=[@ANYBLOB='\x00'/132], @ANYBLOB="8400000000000000", @ANYPTR=&(0x7f0000000dc0)=ANY=[@ANYBLOB='\x00'/19], @ANYBLOB='&\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000000e00)=ANY=[@ANYBLOB='\x00'/85], @ANYBLOB="aa00000000000000"], @ANYBLOB="040000000000000040000000000000000400000000000000580000000000000014010000070000000100000000fcffff", @ANYPTR=&(0x7f0000000f00)=ANY=[@ANYBLOB="0400000000000000"], @ANYPTR=&(0x7f0000000f40)=ANY=[@ANYBLOB="00000080000000"], @ANYBLOB="2a000000000000000000000000000000010001000000000003000000000000000200000000000000060000000000000030000000000000001401000003000000", @ANYPTR=&(0x7f0000000f80)=ANY=[@ANYBLOB='\x00'/18], @ANYBLOB="1700000000000000", @ANYPTR=&(0x7f0000000fc0)=ANY=[@ANYBLOB='\x00'], @ANYBLOB="100000000000000058000000000000001401000007000000ff03000005000000", @ANYPTR=&(0x7f0000001000)=ANY=[@ANYBLOB="0300000000000000"], @ANYPTR=&(0x7f0000001040)=ANY=[@ANYBLOB="ffffff7f00000000"], @ANYBLOB="05000000000000000600000000000000570000000000000006000000000000000800000000000000090000000000000048000000000000001401000001000000e31e000005000000", @ANYPTR=&(0x7f0000001080)=ANY=[@ANYBLOB='\x00'/14], @ANYBLOB="0e00000000000000", @ANYPTR=&(0x7f00000012c0)=ANY=[@ANYPTR=&(0x7f00000010c0)=ANY=[@ANYBLOB='\x00'/60], @ANYBLOB='<\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000001100)=ANY=[@ANYBLOB='\x00'/48], @ANYBLOB='0\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000001140)=ANY=[@ANYBLOB]], @ANYBLOB="040000000000000009000000000000000300"], 0x198, 0x40}, 0x1) r0 = accept4(0xffffffffffffffff, &(0x7f0000000700)=@pppoe={0x18, 0x0, {0x0, @broadcast}}, &(0x7f0000000800)=0x80, 0x80000) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") r2 = epoll_create1(0x0) r3 = epoll_create1(0x0) fcntl$lock(r3, 0x7, &(0x7f0000000000)={0x1}) fcntl$lock(r2, 0x400000007, &(0x7f0000000040)={0x0, 0x0, 0x3f}) fcntl$lock(r2, 0x7, &(0x7f0000000100)) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f0000000840)={&(0x7f0000ffd000/0x1000)=nil, 0x1000}, &(0x7f0000000e80)=0x10) r4 = syz_open_dev$cec(&(0x7f0000000680)='/dev/cec#\x00', 0x3, 0x2) ioctl$BLKZEROOUT(r4, 0x127f, &(0x7f00000006c0)={0x6, 0x4}) ioctl$NBD_SET_BLKSIZE(r4, 0xab01, 0x7) r5 = socket$rds(0x15, 0x5, 0x0) bind$rds(r5, &(0x7f0000000180)={0x2, 0x0, @loopback}, 0x10) perf_event_open(&(0x7f0000000880)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000007f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x8000, 0x0, 0x0, 0x0, @perf_config_ext={0x3f, 0x49}, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x0, 0xfffffffffffffffe, 0xffffffffffffffff, 0x0) sendmsg$rds(r5, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000100), 0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="4800000000000000140100000100"/24, @ANYPTR=&(0x7f0000000040)=ANY=[@ANYBLOB='\x00'/156], @ANYBLOB="0503080000000000", @ANYPTR=&(0x7f0000001640)=ANY=[@ANYPTR=&(0x7f0000000100)=ANY=[@ANYBLOB='\x00'/44], @ANYBLOB=',\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f00000001c0)=ANY=[@ANYBLOB='\x00'/67], @ANYBLOB='C\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000000240)=ANY=[@ANYBLOB='\x00'/198], @ANYBLOB="c600000000000000", @ANYPTR=&(0x7f0000000140)=ANY=[@ANYBLOB='\x00'/15], @ANYBLOB="0f00000000000000", @ANYPTR=&(0x7f0000000340)=ANY=[@ANYBLOB='\x00'/54], @ANYBLOB="ffff070000000000", @ANYPTR=&(0x7f0000000380)=ANY=[@ANYBLOB='\x00'/42], @ANYBLOB="2a0000ff000000008f2a3582ceb82e7f09feb0bb114723b967ccc099331c60658eb7212ac62b0efa1e1cac50866744b3626e1799c02aa3b3a9566e7e921893e9165eb2a08dbb848de0a08f7c8b08b014f0b7b743f0ca512ba21cfd52d48d10ea67c0d760bbc352ad60d223f8b9f0b2795557bf9f5d19d84825f1dae180230266b645b19df80d96351ae885b33e57f0bf54891ae7694d522ff6a7c1041d7af45c74648b5ea32701ea27385b6c4df79bbdca9ce50fcb85ececaf40ce72be197e7bdd3050236f40f2ee299193087ed875f1a15f0db73c0e6f7a9692f0e02be77cc2199d7015cf25bf0584e7588994abd3ca3d7639278ce05d5557a9200c3a48966313f9fab8e179347beb15e385a3430fdd2d0e4bf0c09fc7222aeae7e54a2569887571e69a57", @ANYPTR=&(0x7f00000003c0)=ANY=[@ANYBLOB='\x00'/77], @ANYBLOB='M\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000000440)=ANY=[@ANYBLOB='\x00'/244], @ANYBLOB="f400000000000000", @ANYPTR=&(0x7f0000000540)=ANY=[@ANYBLOB='\x00'/219], @ANYBLOB="db00000000000000"], @ANYBLOB='\a\x00'/24], 0x48}, 0x0) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000640)={0x52, 0x9, 0x3, {0x9, 0x8}, {0x5, 0x9bf}, @rumble={0x7, 0x7}}) 11:06:50 executing program 3: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff038000000800395032303030264c"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000400)={0xa0}, 0xa0) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) write$FUSE_STATFS(r2, &(0x7f0000000180)={0x60, 0xfffffffffffffff5, 0x8, {{0x3, 0x3, 0xaf, 0xffffffffffffffff, 0xd8, 0x4, 0xffffffff, 0x21f254f9}}}, 0x60) chdir(&(0x7f0000000000)='./file0\x00') getsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r2, 0x84, 0x18, &(0x7f0000000040)={0x0, 0x80000000}, &(0x7f0000000280)=0x8) fcntl$getown(r0, 0x9) ioctl$TUNGETSNDBUF(r2, 0x800454d3, &(0x7f00000003c0)) getsockopt$inet_sctp_SCTP_RTOINFO(r2, 0x84, 0x0, &(0x7f00000002c0)={r3, 0x9, 0x3, 0x4}, &(0x7f0000000380)=0x10) mknod(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) [ 1125.662007][ T23] audit: type=1804 audit(1566904010.104:1042): pid=9952 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir582042889/syzkaller.EPHjOp/2327/bus" dev="sda1" ino=16812 res=1 [ 1125.711478][ T9930] rdma_op 000000004862789e conn xmit_rdma 00000000d8f1147d 11:06:50 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c00"/20, @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) 11:06:50 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = syz_open_procfs(0x0, &(0x7f0000000240)='ns\x00') getdents(r1, &(0x7f0000000040)=""/46, 0x2000006e) ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f0000000000)={0x269, 0x9, 0x10000, 0x100000001, 0x1}) 11:06:50 executing program 4: ioctl$SNDRV_TIMER_IOCTL_STATUS(0xffffffffffffffff, 0x80605414, &(0x7f0000001500)=""/172) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$rds(0xffffffffffffffff, &(0x7f00000014c0)={0x0, 0x0, &(0x7f0000000bc0)=[{0x0}], 0x1, &(0x7f0000001300)=ANY=[@ANYBLOB, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYBLOB="17000000", @ANYPTR, @ANYBLOB], 0x2c}, 0x1) r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000180)={0x2, 0x0, @loopback}, 0x10) perf_event_open(&(0x7f0000000880)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000100), 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {&(0x7f0000000040)=""/156, 0x80305}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x2c}, {&(0x7f00000001c0)=""/67, 0x43}, {&(0x7f0000000240)=""/198, 0xc6}, {&(0x7f0000000140)=""/15, 0xf}, {&(0x7f0000000340)=""/54, 0x7ffff}, {&(0x7f0000000380)=""/42, 0x2a}, {&(0x7f00000003c0)=""/77, 0x4d}, {&(0x7f0000000440)=""/244, 0xf4}, {&(0x7f0000000540)=""/219, 0xdb}], 0x7}}], 0x48}, 0x0) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000640)={0x52, 0x9, 0x3, {0x9, 0x8}, {0x5}, @rumble={0x7, 0x7}}) 11:06:50 executing program 3: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff038000000800395032303030264c"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000400)={0xa0}, 0xa0) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) write$P9_RVERSION(r1, &(0x7f0000000040)={0x15, 0x65, 0xffff, 0x5, 0x8, '9P2000.L'}, 0x15) r3 = semget(0x3, 0x2, 0xa0) semctl$SEM_INFO(r3, 0x3, 0x13, &(0x7f00000004c0)=""/178) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="32b9157c733d666c2c7266646e6f3d8ddfa1d9725eaa45779e945f1a8ac09cf5215400e1ff00dfb3002a1a0b4e39b4a68ec6d100"/66, @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) chdir(&(0x7f0000000000)='./file0\x00') mknod(&(0x7f0000000140)='./file0\x00', 0x8, 0x0) [ 1125.858296][ T9973] netlink: 'syz-executor.5': attribute type 4 has an invalid length. [ 1126.098559][ T9977] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1126.118835][ T9977] CPU: 1 PID: 9977 Comm: syz-executor.4 Not tainted 5.3.0-rc6 #127 [ 1126.126727][ T9977] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1126.136761][ T9977] Call Trace: [ 1126.140034][ T9977] dump_stack+0x172/0x1f0 [ 1126.144349][ T9977] dump_header+0x10b/0x82d [ 1126.148752][ T9977] oom_kill_process.cold+0x10/0x15 [ 1126.153850][ T9977] out_of_memory+0x79a/0x12c0 [ 1126.158512][ T9977] ? lock_downgrade+0x920/0x920 [ 1126.163360][ T9977] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1126.169585][ T9977] ? oom_killer_disable+0x280/0x280 [ 1126.174767][ T9977] ? __kasan_check_read+0x11/0x20 [ 1126.179778][ T9977] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1126.185309][ T9977] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1126.190947][ T9977] ? do_raw_spin_unlock+0x57/0x270 [ 1126.196056][ T9977] ? _raw_spin_unlock+0x2d/0x50 [ 1126.200903][ T9977] try_charge+0xf4b/0x1440 [ 1126.205310][ T9977] ? trace_hardirqs_on_caller+0x6a/0x240 [ 1126.210947][ T9977] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1126.216480][ T9977] ? __this_cpu_preempt_check+0x3a/0x210 [ 1126.222100][ T9977] ? retint_kernel+0x2b/0x2b [ 1126.226681][ T9977] mem_cgroup_try_charge+0x136/0x590 [ 1126.231951][ T9977] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1126.238187][ T9977] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1126.243804][ T9977] __handle_mm_fault+0x1e34/0x3f20 [ 1126.248906][ T9977] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1126.254442][ T9977] ? __kasan_check_read+0x11/0x20 [ 1126.259450][ T9977] ? do_raw_spin_unlock+0x57/0x270 [ 1126.264553][ T9977] ? trace_hardirqs_on+0x67/0x240 [ 1126.269563][ T9977] handle_mm_fault+0x1b5/0x6b0 [ 1126.274314][ T9977] __get_user_pages+0x7d4/0x1b30 [ 1126.279241][ T9977] ? follow_page_mask+0x19b0/0x19b0 [ 1126.284421][ T9977] ? __kasan_check_write+0x14/0x20 [ 1126.289512][ T9977] ? gup_pgd_range+0x1e1/0x2d10 [ 1126.294345][ T9977] ? trace_hardirqs_on_caller+0x6a/0x240 [ 1126.299957][ T9977] get_user_pages_unlocked+0x2ae/0x4a0 [ 1126.305388][ T9977] ? get_user_pages_locked+0x4d0/0x4d0 [ 1126.310816][ T9977] ? get_user_pages_fast+0x24c/0x570 [ 1126.316075][ T9977] get_user_pages_fast+0x4c0/0x570 [ 1126.321159][ T9977] ? __get_user_pages_fast+0x410/0x410 [ 1126.326597][ T9977] rds_pin_pages+0x33/0x1f0 [ 1126.331078][ T9977] rds_cmsg_rdma_args+0x879/0x1150 [ 1126.336171][ T9977] ? rds_rdma_extra_size+0x390/0x390 [ 1126.341426][ T9977] ? rds_conn_create_outgoing+0x4b/0x60 [ 1126.346948][ T9977] rds_sendmsg+0x1f32/0x35b0 [ 1126.351510][ T9977] ? rw_copy_check_uvector+0x2ce/0x390 [ 1126.356944][ T9977] ? rds_send_drop_to+0x1640/0x1640 [ 1126.362129][ T9977] ? aa_sk_perm+0x288/0x880 [ 1126.366605][ T9977] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 1126.372120][ T9977] ? apparmor_socket_sendmsg+0x2a/0x30 [ 1126.377551][ T9977] ? rds_send_drop_to+0x1640/0x1640 [ 1126.382728][ T9977] sock_sendmsg+0xd7/0x130 [ 1126.387120][ T9977] ? sock_sendmsg+0xd7/0x130 [ 1126.391683][ T9977] ___sys_sendmsg+0x803/0x920 [ 1126.396335][ T9977] ? copy_msghdr_from_user+0x440/0x440 [ 1126.401765][ T9977] ? __fget+0xa3/0x560 [ 1126.405805][ T9977] ? __fget+0x384/0x560 [ 1126.409939][ T9977] ? ksys_dup3+0x3e0/0x3e0 [ 1126.414333][ T9977] ? __might_fault+0xfb/0x1e0 [ 1126.418983][ T9977] ? __fget_light+0x1a9/0x230 [ 1126.423633][ T9977] ? __fdget+0x1b/0x20 [ 1126.427698][ T9977] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1126.433917][ T9977] __sys_sendmsg+0x105/0x1d0 [ 1126.438482][ T9977] ? __sys_sendmsg_sock+0xd0/0xd0 [ 1126.443494][ T9977] ? __x64_sys_clock_gettime+0x16d/0x240 [ 1126.449103][ T9977] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 1126.455146][ T9977] __x64_sys_sendmsg+0x78/0xb0 [ 1126.459884][ T9977] do_syscall_64+0xfd/0x6a0 [ 1126.464359][ T9977] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1126.470220][ T9977] RIP: 0033:0x459879 [ 1126.474089][ T9977] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1126.493674][ T9977] RSP: 002b:00007fd57ae39c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1126.502052][ T9977] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459879 [ 1126.509992][ T9977] RDX: 0000000000000000 RSI: 0000000020001600 RDI: 0000000000000003 [ 1126.517934][ T9977] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1126.525876][ T9977] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd57ae3a6d4 [ 1126.533821][ T9977] R13: 00000000004c77e9 R14: 00000000004dd048 R15: 00000000ffffffff 11:06:51 executing program 1: r0 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r0, 0x8003f1) open(&(0x7f00000004c0)='./bus\x00', 0x0, 0x1200) 11:06:51 executing program 2: ioctl$SNDRV_TIMER_IOCTL_STATUS(0xffffffffffffffff, 0x80605414, &(0x7f0000001500)=""/172) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$rds(0xffffffffffffffff, &(0x7f00000014c0)={&(0x7f0000000900)={0x2, 0x4e21, @remote}, 0x10, &(0x7f0000000bc0)=[{&(0x7f0000000940)=""/192, 0xc0}, {&(0x7f0000000a00)=""/158, 0x9e}, {&(0x7f0000000ac0)=""/209, 0xd1}], 0x3, &(0x7f0000001300)=ANY=[@ANYBLOB="1800000000000000140100000200000068000000fbffffff180000000000000014010000020000000800000003000000480000000000000014010000010000000000000000000100", @ANYPTR=&(0x7f0000000c00)=ANY=[@ANYBLOB='\x00'/111], @ANYBLOB='o\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000000ec0)=ANY=[@ANYPTR=&(0x7f0000000c80)=ANY=[@ANYBLOB='\x00'/91], @ANYBLOB="9b4dd4c02f7ffc70", @ANYPTR=&(0x7f0000000d00)=ANY=[@ANYBLOB='\x00'/132], @ANYBLOB="8400000000000000", @ANYPTR=&(0x7f0000000dc0)=ANY=[@ANYBLOB='\x00'/19], @ANYBLOB='&\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000000e00)=ANY=[@ANYBLOB='\x00'/85], @ANYBLOB="aa00000000000000"], @ANYBLOB="040000000000000040000000000000000400000000000000580000000000000014010000070000000100000000fcffff", @ANYPTR=&(0x7f0000000f00)=ANY=[@ANYBLOB="0400000000000000"], @ANYPTR=&(0x7f0000000f40)=ANY=[@ANYBLOB="00000080000000"], @ANYBLOB="2a000000000000000000000000000000010001000000000003000000000000000200000000000000060000000000000030000000000000001401000003000000", @ANYPTR=&(0x7f0000000f80)=ANY=[@ANYBLOB='\x00'/18], @ANYBLOB="1700000000000000", @ANYPTR=&(0x7f0000000fc0)=ANY=[@ANYBLOB='\x00'], @ANYBLOB="100000000000000058000000000000001401000007000000ff03000005000000", @ANYPTR=&(0x7f0000001000)=ANY=[@ANYBLOB="0300000000000000"], @ANYPTR=&(0x7f0000001040)=ANY=[@ANYBLOB="ffffff7f00000000"], @ANYBLOB="05000000000000000600000000000000570000000000000006000000000000000800000000000000090000000000000048000000000000001401000001000000e31e000005000000", @ANYPTR=&(0x7f0000001080)=ANY=[@ANYBLOB='\x00'/14], @ANYBLOB="0e00000000000000", @ANYPTR=&(0x7f00000012c0)=ANY=[@ANYPTR=&(0x7f00000010c0)=ANY=[@ANYBLOB='\x00'/60], @ANYBLOB='<\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000001100)=ANY=[@ANYBLOB='\x00'/48], @ANYBLOB='0\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000001140)=ANY=[@ANYBLOB]], @ANYBLOB="040000000000000009000000000000000300"], 0x198, 0x40}, 0x1) r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000180)={0x2, 0x0, @loopback}, 0x10) perf_event_open(&(0x7f0000000880)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) chdir(&(0x7f0000000840)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000680)='cpu.stat\x00', 0x0, 0x0) execveat(r1, &(0x7f0000000800)='./file0\x00', &(0x7f0000000840), &(0x7f0000001680)=[&(0x7f0000000e80)='[cgroupsystemself-\x00', &(0x7f0000001140)='*{vmnet0userprockeyringposix_acl_access\x00', &(0x7f0000001180)='\x00', &(0x7f00000011c0)='vmnet0wlan1userppp0md5sumwlan1!!.eth1GPL]\x00', &(0x7f0000001200), &(0x7f0000001240)='posix_acl_access\x00', &(0x7f0000001280)='bdevselinux\x00', &(0x7f00000015c0)='+\x00', &(0x7f0000001640)='mime_type!\xff*\x00'], 0x800) sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000100), 0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="4800000000000000140100000100"/24, @ANYPTR=&(0x7f0000000040)=ANY=[@ANYBLOB='\x00'/156], @ANYBLOB="0503080000000000", @ANYPTR=&(0x7f00000006c0)=ANY=[@ANYPTR=&(0x7f0000000100)=ANY=[@ANYBLOB='\x00'/44], @ANYBLOB=',\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f00000001c0)=ANY=[@ANYBLOB='\x00'/67], @ANYBLOB='C\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000000240)=ANY=[@ANYBLOB='\x00'/198], @ANYBLOB="c600000000000000", @ANYPTR=&(0x7f0000000140)=ANY=[@ANYBLOB='\x00'/15], @ANYBLOB="0f00000000000000", @ANYPTR=&(0x7f0000000340)=ANY=[@ANYBLOB='\x00'/54], @ANYBLOB="ffff070000000000", @ANYPTR=&(0x7f0000000380)=ANY=[@ANYBLOB='\x00'/42], @ANYBLOB='*\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f00000003c0)=ANY=[@ANYBLOB='\x00'/77], @ANYBLOB='M\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000000440)=ANY=[@ANYBLOB='\x00'/244], @ANYBLOB="f400000000000000", @ANYPTR=&(0x7f0000000540)=ANY=[@ANYBLOB='\x00'/219], @ANYBLOB="db00000000000000"], @ANYBLOB='\a\x00'/24], 0x48}, 0x0) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000640)={0x52, 0x9, 0x3, {0x9, 0x8}, {0x5, 0x9bf}, @rumble={0x7, 0x7}}) 11:06:51 executing program 0: clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) lstat(0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = memfd_create(&(0x7f0000000340)='em0mime_type\x00', 0x3) write$binfmt_script(r0, &(0x7f00000005c0)=ANY=[@ANYBLOB="01"], 0x1) execveat(r0, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0xe, 0x16, &(0x7f0000000240)=ANY=[@ANYBLOB="61124c00000000006113500000000000bf2000000000000007000000080000003d0301000000000095000000000000006926000000000000bf67000000000000150600000fff07003506000002000000070600000ee60000bf050000000000001f650000000000006507000002000000070700004c0000001f75000000000000bf54000000000000070400000400f9ffad43010000000000950000000000000005000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000040), 0x1f1}, 0x48) 11:06:51 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c000000000000000000fffe6c", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) 11:06:51 executing program 3: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff038000000800395032303030264c"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000400)={0xa0}, 0xa0) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f00000002c0)={0x7, 0x8, 0x81, 0x1f, 0xa6}, 0x14) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) connect$bt_l2cap(r2, &(0x7f0000000280)={0x1f, 0x5, {0x1ff, 0x3, 0xa08, 0xf53, 0x7, 0x2}, 0xfffffffffffffbff, 0x3b4}, 0xe) chdir(&(0x7f0000000000)='./file0\x00') mknod(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) setsockopt$IP6T_SO_SET_ADD_COUNTERS(r2, 0x29, 0x41, &(0x7f0000000180)={'security\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78) umount2(&(0x7f0000000040)='./file0\x00', 0x1) [ 1126.572648][ T9977] memory: usage 307144kB, limit 307200kB, failcnt 3751 [ 1126.583252][ T23] audit: type=1804 audit(1566904011.024:1043): pid=9984 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir582042889/syzkaller.EPHjOp/2327/bus" dev="sda1" ino=16812 res=1 [ 1126.593715][ T9977] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1126.614855][ T9977] Memory cgroup stats for /syz4: [ 1126.615870][ T9977] anon 247222272 [ 1126.615870][ T9977] file 8192 [ 1126.615870][ T9977] kernel_stack 10027008 [ 1126.615870][ T9977] slab 16457728 [ 1126.615870][ T9977] sock 0 [ 1126.615870][ T9977] shmem 0 [ 1126.615870][ T9977] file_mapped 0 [ 1126.615870][ T9977] file_dirty 0 [ 1126.615870][ T9977] file_writeback 0 [ 1126.615870][ T9977] anon_thp 188743680 [ 1126.615870][ T9977] inactive_anon 135168 [ 1126.615870][ T9977] active_anon 247197696 [ 1126.615870][ T9977] inactive_file 0 [ 1126.615870][ T9977] active_file 0 [ 1126.615870][ T9977] unevictable 135168 [ 1126.615870][ T9977] slab_reclaimable 2973696 [ 1126.615870][ T9977] slab_unreclaimable 13484032 [ 1126.615870][ T9977] pgfault 228129 [ 1126.615870][ T9977] pgmajfault 0 [ 1126.615870][ T9977] workingset_refault 363 [ 1126.615870][ T9977] workingset_activate 66 [ 1126.615870][ T9977] workingset_nodereclaim 0 [ 1126.615870][ T9977] pgrefill 4568 [ 1126.615870][ T9977] pgscan 4481 [ 1126.615870][ T9977] pgsteal 642 11:06:51 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c00"/20, @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) [ 1126.711327][ T9977] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=3531,uid=0 11:06:51 executing program 3: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff038000000800395032303030264c"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000400)={0xa0}, 0xa0) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) chdir(&(0x7f0000000000)='./file0\x00') mknod(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) getsockopt$inet_IP_IPSEC_POLICY(r2, 0x0, 0x10, &(0x7f00000004c0)={{{@in6=@mcast1, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@broadcast}, 0x0, @in6}}, &(0x7f00000001c0)=0xe8) getresuid(&(0x7f0000000280)=0x0, &(0x7f00000002c0), &(0x7f0000000380)) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x200800, &(0x7f0000000600)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@dfltuid={'dfltuid', 0x3d, r3}}, {@access_uid={'access', 0x3d, r4}}], [{@context={'context', 0x3d, 'unconfined_u'}}, {@smackfsfloor={'smackfsfloor', 0x3d, '$nodev*'}}, {@hash='hash'}, {@fsmagic={'fsmagic', 0x3d, 0x5}}, {@measure='measure'}, {@func={'func', 0x3d, 'MMAP_CHECK'}}, {@dont_hash='dont_hash'}, {@dont_appraise='dont_appraise'}]}}) [ 1126.787949][ T9977] Memory cgroup out of memory: Killed process 3531 (syz-executor.4) total-vm:72840kB, anon-rss:2208kB, file-rss:34816kB, shmem-rss:0kB 11:06:51 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c00"/20, @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) [ 1126.815924][ T23] audit: type=1804 audit(1566904011.264:1044): pid=9999 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir582042889/syzkaller.EPHjOp/2328/bus" dev="sda1" ino=16799 res=1 11:06:51 executing program 2: ioctl$SNDRV_TIMER_IOCTL_STATUS(0xffffffffffffffff, 0x80605414, &(0x7f0000001500)=""/172) clone(0x10200, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$rds(0xffffffffffffffff, &(0x7f00000014c0)={&(0x7f0000000900)={0x2, 0x4e21, @remote}, 0x10, &(0x7f0000000bc0)=[{&(0x7f0000000940)=""/192, 0xc0}, {&(0x7f0000000a00)=""/158, 0x9e}, {&(0x7f0000000ac0)=""/209, 0xd1}], 0x3, &(0x7f0000001300)=ANY=[@ANYBLOB="1800000000000000140100000200000068000000fbffffff180000000000000014010000020000000800000003000000480000000000000014010000010000000000000000000100", @ANYPTR=&(0x7f0000000c00)=ANY=[@ANYBLOB='\x00'/111], @ANYBLOB='o\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000000ec0)=ANY=[@ANYPTR=&(0x7f0000000c80)=ANY=[@ANYBLOB='\x00'/91], @ANYBLOB="9b4dd4c02f7ffc70", @ANYPTR=&(0x7f0000000d00)=ANY=[@ANYBLOB='\x00'/132], @ANYBLOB="8400000000000000", @ANYPTR=&(0x7f0000000dc0)=ANY=[@ANYBLOB='\x00'/19], @ANYBLOB='&\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000000e00)=ANY=[@ANYBLOB='\x00'/85], @ANYBLOB="aa00000000000000"], @ANYBLOB="040000000000000040000000000000000400000000000000580000000000000014010000070000000100000000fcffff", @ANYPTR=&(0x7f0000000f00)=ANY=[@ANYBLOB="0400000000000000"], @ANYPTR=&(0x7f0000000f40)=ANY=[@ANYBLOB="00000080000000"], @ANYBLOB="2a000000000000000000000000000000010001000000000003000000000000000200000000000000060000000000000030000000000000001401000003000000", @ANYPTR=&(0x7f0000000f80)=ANY=[@ANYBLOB='\x00'/18], @ANYBLOB="1700000000000000", @ANYPTR=&(0x7f0000000fc0)=ANY=[@ANYBLOB='\x00'], @ANYBLOB="100000000000000058000000000000001401000007000000ff03000005000000", @ANYPTR=&(0x7f0000001000)=ANY=[@ANYBLOB="0300000000000000"], @ANYPTR=&(0x7f0000001040)=ANY=[@ANYBLOB="ffffff7f00000000"], @ANYBLOB="05000000000000000600000000000000570000000000000006000000000000000800000000000000090000000000000048000000000000001401000001000000e31e000005000000", @ANYPTR=&(0x7f0000001080)=ANY=[@ANYBLOB='\x00'/14], @ANYBLOB="0e00000000000000", @ANYPTR=&(0x7f00000012c0)=ANY=[@ANYPTR=&(0x7f00000010c0)=ANY=[@ANYBLOB='\x00'/60], @ANYBLOB='<\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000001100)=ANY=[@ANYBLOB='\x00'/48], @ANYBLOB='0\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000001140)=ANY=[@ANYBLOB]], @ANYBLOB="040000000000000009000000000000000300"], 0x198, 0x40}, 0x1) r0 = socket$inet6(0xa, 0x6, 0x9) readv(r0, &(0x7f0000001780)=[{&(0x7f0000001140)=""/252, 0xfc}, {&(0x7f0000000680)}, {&(0x7f0000001640)=""/147, 0x93}, {&(0x7f0000000800)=""/99, 0x63}, {&(0x7f0000000e80)=""/45, 0x2d}, {&(0x7f0000001240)=""/115, 0x73}, {&(0x7f0000001700)=""/80, 0x50}], 0x7) r1 = socket$nl_crypto(0x10, 0x3, 0x15) connect$netlink(r1, &(0x7f0000000680)=@unspec, 0xc) fsetxattr$security_smack_entry(r1, &(0x7f00000015c0)='security.SMACK64MMAP\x00', &(0x7f0000001800)='\\ppp0em10mime_typevmnet0vmnet1)cgroupnodev^\x00', 0x2c, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f0000000180)={0x2, 0x0, @loopback}, 0x10) r3 = perf_event_open(&(0x7f0000000880)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$rds(r2, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000100), 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {&(0x7f0000000040)=""/156, 0x80305}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x2c}, {&(0x7f00000001c0)=""/67, 0x43}, {&(0x7f0000000240)=""/198, 0xc6}, {&(0x7f0000000140)=""/15, 0xf}, {&(0x7f0000000340)=""/54, 0x7ffff}, {&(0x7f0000000380)=""/42, 0x2a}, {&(0x7f00000003c0)=""/77, 0x4d}, {&(0x7f0000000440)=""/244, 0xf4}, {&(0x7f0000000540)=""/219, 0xdb}], 0x7}}], 0x48}, 0x0) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000640)={0x52, 0x9, 0x3, {0x9, 0x8}, {0x5, 0x9bf}, @rumble={0x7, 0x7}}) ioctl$TIOCCBRK(r3, 0x5428) 11:06:51 executing program 4: ioctl$SNDRV_TIMER_IOCTL_STATUS(0xffffffffffffffff, 0x80605414, &(0x7f0000001500)=""/172) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$rds(0xffffffffffffffff, &(0x7f00000014c0)={0x0, 0x0, &(0x7f0000000bc0)=[{0x0}], 0x1, &(0x7f0000001300)=ANY=[@ANYBLOB, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYBLOB="17000000", @ANYPTR, @ANYBLOB], 0x2c}, 0x1) r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000180)={0x2, 0x0, @loopback}, 0x10) perf_event_open(&(0x7f0000000880)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000100), 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {&(0x7f0000000040)=""/156, 0x80305}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x2c}, {&(0x7f00000001c0)=""/67, 0x43}, {&(0x7f0000000240)=""/198, 0xc6}, {&(0x7f0000000140)=""/15, 0xf}, {&(0x7f0000000340)=""/54, 0x7ffff}, {&(0x7f0000000380)=""/42, 0x2a}, {&(0x7f00000003c0)=""/77, 0x4d}, {&(0x7f0000000440)=""/244, 0xf4}, {&(0x7f0000000540)=""/219, 0xdb}], 0x7}}], 0x48}, 0x0) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000640)={0x52, 0x9, 0x3, {0x9, 0x8}, {0x5}, @rumble={0x7, 0x7}}) 11:06:51 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c00"/20, @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) 11:06:51 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c00"/20, @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) [ 1127.256991][ T23] audit: type=1804 audit(1566904011.704:1045): pid=10048 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir582042889/syzkaller.EPHjOp/2328/bus" dev="sda1" ino=16799 res=1 11:06:51 executing program 2: ioctl$SNDRV_TIMER_IOCTL_STATUS(0xffffffffffffffff, 0x80605414, &(0x7f0000001500)=""/172) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$rds(0xffffffffffffffff, &(0x7f00000014c0)={&(0x7f0000000900)={0x2, 0x4e21, @remote}, 0x10, &(0x7f0000000bc0)=[{&(0x7f0000000940)=""/192, 0xc0}, {&(0x7f0000000a00)=""/158, 0x9e}, {&(0x7f0000000ac0)=""/209, 0xd1}], 0x3, &(0x7f0000001300)=ANY=[@ANYBLOB="1800000000000000140100000200000068000000fbffffff180000000000000014010000020000000800000003000000480000000000000014010000010000000000000000000100", @ANYPTR=&(0x7f0000000c00)=ANY=[@ANYBLOB='\x00'/111], @ANYBLOB='o\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000000ec0)=ANY=[@ANYPTR=&(0x7f0000000c80)=ANY=[@ANYBLOB='\x00'/91], @ANYBLOB="9b4dd4c02f7ffc70", @ANYPTR=&(0x7f0000000d00)=ANY=[@ANYBLOB='\x00'/132], @ANYBLOB="8400000000000000", @ANYPTR=&(0x7f0000000dc0)=ANY=[@ANYBLOB='\x00'/19], @ANYBLOB='&\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000000e00)=ANY=[@ANYBLOB='\x00'/85], @ANYBLOB="aa00000000000000"], @ANYBLOB="040000000000000040000000000000000400000000000000580000000000000014010000070000000100000000fcffff", @ANYPTR=&(0x7f0000000f00)=ANY=[@ANYBLOB="0400000000000000"], @ANYPTR=&(0x7f0000000f40)=ANY=[@ANYBLOB="00000080000000"], @ANYBLOB="2a000000000000000000000000000000010001000000000003000000000000000200000000000000060000000000000030000000000000001401000003000000", @ANYPTR=&(0x7f0000000f80)=ANY=[@ANYBLOB='\x00'/18], @ANYBLOB="1700000000000000", @ANYPTR=&(0x7f0000000fc0)=ANY=[@ANYBLOB='\x00'], @ANYBLOB="100000000000000058000000000000001401000007000000ff03000005000000", @ANYPTR=&(0x7f0000001000)=ANY=[@ANYBLOB="0300000000000000"], @ANYPTR=&(0x7f0000001040)=ANY=[@ANYBLOB="ffffff7f00000000"], @ANYBLOB="05000000000000000600000000000000570000000000000006000000000000000800000000000000090000000000000048000000000000001401000001000000e31e000005000000", @ANYPTR=&(0x7f0000001080)=ANY=[@ANYBLOB='\x00'/14], @ANYBLOB="0e00000000000000", @ANYPTR=&(0x7f00000012c0)=ANY=[@ANYPTR=&(0x7f00000010c0)=ANY=[@ANYBLOB='\x00'/60], @ANYBLOB='<\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000001100)=ANY=[@ANYBLOB='\x00'/48], @ANYBLOB='0\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000001140)=ANY=[@ANYBLOB]], @ANYBLOB="040000000000000009000000000000000300"], 0x198, 0x40}, 0x1) r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000180)={0x2, 0x0, @loopback}, 0x10) perf_event_open(&(0x7f0000000880)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$admmidi(&(0x7f0000000680)='/dev/admmidi#\x00', 0x81, 0x80000) getsockopt$inet_IP_IPSEC_POLICY(r1, 0x0, 0x10, &(0x7f0000001140)={{{@in=@loopback, @in6}}, {{@in=@multicast2}, 0x0, @in=@multicast2}}, &(0x7f0000000800)=0xe8) sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000100), 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {&(0x7f0000000040)=""/156, 0x80305}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x2c}, {&(0x7f00000001c0)=""/67, 0x43}, {&(0x7f0000000240)=""/198, 0xc6}, {&(0x7f0000000140)=""/15, 0xf}, {&(0x7f0000000340)=""/54, 0x7ffff}, {&(0x7f0000000380)=""/42, 0x2a}, {&(0x7f00000003c0)=""/77, 0x4d}, {&(0x7f0000000440)=""/244, 0xf4}, {&(0x7f0000000540)=""/219, 0xdb}], 0x7}}], 0x48}, 0x0) ioctl$DRM_IOCTL_AGP_RELEASE(r1, 0x6431) getuid() ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000640)={0x52, 0x9, 0x3, {0x9, 0x8}, {0x5, 0x9bf}, @rumble={0x7, 0x7}}) 11:06:51 executing program 1: r0 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r0, 0x8003f1) open(&(0x7f00000004c0)='./bus\x00', 0x0, 0x1300) 11:06:51 executing program 3: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff038000000800395032303030264c"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000040)={0x18, 0x0, 0x0, {0x4}}, 0x10) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000400)={0xa0}, 0xa0) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) ioctl$DRM_IOCTL_MAP_BUFS(r2, 0xc0186419, &(0x7f0000000100)={0x5, &(0x7f00000004c0)=""/230, &(0x7f0000000380)=[{0x40c, 0xbb, 0x0, &(0x7f0000000600)=""/187}, {0x3, 0xaf, 0x3, &(0x7f00000006c0)=""/175}, {0x0, 0x6e, 0x5, &(0x7f0000000180)=""/110}, {0x4, 0x64, 0x6, &(0x7f0000000280)=""/100}, {0x6, 0xa3, 0x8000, &(0x7f0000000780)=""/163}]}) chdir(&(0x7f0000000000)='./file0\x00') mknod(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) 11:06:51 executing program 4: ioctl$SNDRV_TIMER_IOCTL_STATUS(0xffffffffffffffff, 0x80605414, &(0x7f0000001500)=""/172) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$rds(0xffffffffffffffff, &(0x7f00000014c0)={0x0, 0x0, &(0x7f0000000bc0)=[{0x0}], 0x1, &(0x7f0000001300)=ANY=[@ANYBLOB, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYBLOB="17000000", @ANYPTR, @ANYBLOB], 0x2c}, 0x1) r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000180)={0x2, 0x0, @loopback}, 0x10) perf_event_open(&(0x7f0000000880)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000100), 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {&(0x7f0000000040)=""/156, 0x80305}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x2c}, {&(0x7f00000001c0)=""/67, 0x43}, {&(0x7f0000000240)=""/198, 0xc6}, {&(0x7f0000000140)=""/15, 0xf}, {&(0x7f0000000340)=""/54, 0x7ffff}, {&(0x7f0000000380)=""/42, 0x2a}, {&(0x7f00000003c0)=""/77, 0x4d}, {&(0x7f0000000440)=""/244, 0xf4}, {&(0x7f0000000540)=""/219, 0xdb}], 0x7}}], 0x48}, 0x0) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000640)={0x52, 0x9, 0x3, {0x9, 0x8}, {0x5}, @rumble={0x7, 0x7}}) 11:06:51 executing program 0: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000001400)=@ipx, 0x80, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip6_mr_cache\x00') write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000380)='/dev/net/tun\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCADDRT(r1, 0x890b, &(0x7f0000000100)={0x750, {0x2, 0x4e20, @dev={0xac, 0x2}}, {0x2, 0x0, @dev}, {0x2, 0x0, @broadcast}, 0x10e, 0x4000000000, 0x80000000000, 0xfffffffffffffffe}) r2 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000004c0)='oom_score_adj\x00') bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000003c0)={0xffffffffffffffff, r1, 0x0, 0xd, &(0x7f0000000240)='/dev/net/tun\x00'}, 0x30) r6 = syz_open_procfs(r4, &(0x7f0000000200)='stat\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r3, r6, 0x0, 0x1) getpeername$packet(r2, &(0x7f00000002c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f0000000300)=0x14) ioctl$TUNSETIFINDEX(r2, 0x400454da, &(0x7f0000000340)=r7) write$UHID_SET_REPORT_REPLY(r3, &(0x7f00000006c0)=ANY=[@ANYBLOB="0e00000006000000c1003500937f3f62fd48fc681d3d6951852c2a64aea7f771d2bfac06f124add97fe0f97d6f290e5f79eebe135049cac0c597fe0bf50079cad20020f13bca631f17a0d9546265907a5fe0205e1654a8a68687109ee2d1b931a1d48db937b9be085f1119b2c0a4eee57406c937aa9fb0b747fd0603f867e1f8ca845db5e9163f63f3af593bcdcf5a4c302acea7c89b28"], 0x1) r8 = socket$inet(0x2, 0x0, 0x0) write$USERIO_CMD_SET_PORT_TYPE(r5, &(0x7f0000000400)={0x1, 0x5}, 0x2) sendto$inet(r8, 0x0, 0x0, 0x0, 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000040)={0x0}, &(0x7f0000000100)=0xc) ptrace$setopts(0xffffffffffffffff, r9, 0x6, 0x100000) sendmsg$sock(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000840)=[{0x0}, {&(0x7f0000000480)}], 0x2}, 0x0) ioctl$EVIOCGLED(r3, 0x80404519, &(0x7f00000005c0)=""/221) bind$inet(r8, 0x0, 0x0) ioperm(0x5, 0x9, 0x8000) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x10020006004, 0x0) clone(0x6100201ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000280)=@filename='./file0\x00', &(0x7f0000000000)='./file0\x00', &(0x7f0000000180)='vfat\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x33d, 0x0) 11:06:51 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c00"/20, @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) 11:06:51 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c00"/20, @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) 11:06:52 executing program 2: ioctl$SNDRV_TIMER_IOCTL_STATUS(0xffffffffffffffff, 0x80605414, &(0x7f0000001500)=""/172) arch_prctl$ARCH_MAP_VDSO_32(0x2002, 0x7) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$rds(0xffffffffffffffff, &(0x7f00000014c0)={&(0x7f0000000900)={0x2, 0x4e21, @remote}, 0x10, &(0x7f0000000bc0)=[{&(0x7f0000000940)=""/192, 0xc0}, {&(0x7f0000000a00)=""/158, 0x9e}, {&(0x7f0000000ac0)=""/209, 0xd1}], 0x3, &(0x7f0000001300)=ANY=[@ANYBLOB="1800000000000000140100000200000068000000fbffffff180000000000000014010000020000000800000003000000480000000000000014010000010000000000000000000100", @ANYPTR=&(0x7f0000000c00)=ANY=[@ANYBLOB='\x00'/111], @ANYBLOB='o\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000000ec0)=ANY=[@ANYPTR=&(0x7f0000000c80)=ANY=[@ANYBLOB='\x00'/91], @ANYBLOB="9b4dd4c02f7ffc70", @ANYPTR=&(0x7f0000000d00)=ANY=[@ANYBLOB='\x00'/132], @ANYBLOB="8400000000000000", @ANYPTR=&(0x7f0000000dc0)=ANY=[@ANYBLOB='\x00'/19], @ANYBLOB='&\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000000e00)=ANY=[@ANYBLOB='\x00'/85], @ANYBLOB="aa00000000000000"], @ANYBLOB="040000000000000040000000000000000400000000000000580000000000000014010000070000000100000000fcffff", @ANYPTR=&(0x7f0000000f00)=ANY=[@ANYBLOB="0400000000000000"], @ANYPTR=&(0x7f0000000f40)=ANY=[@ANYBLOB="00000080000000"], @ANYBLOB="2a000000000000000000000000000000010001000000000003000000000000000200000000000000060000000000000030000000000000001401000003000000", @ANYPTR=&(0x7f0000000f80)=ANY=[@ANYBLOB='\x00'/18], @ANYBLOB="1700000000000000", @ANYPTR=&(0x7f0000000fc0)=ANY=[@ANYBLOB='\x00'], @ANYBLOB="100000000000000058000000000000001401000007000000ff03000005000000", @ANYPTR=&(0x7f0000001000)=ANY=[@ANYBLOB="0300000000000000"], @ANYPTR=&(0x7f0000001040)=ANY=[@ANYBLOB="ffffff7f00000000"], @ANYBLOB="05000000000000000600000000000000570000000000000006000000000000000800000000000000090000000000000048000000000000001401000001000000e31e000005000000", @ANYPTR=&(0x7f0000001080)=ANY=[@ANYBLOB='\x00'/14], @ANYBLOB="0e00000000000000", @ANYPTR=&(0x7f00000012c0)=ANY=[@ANYPTR=&(0x7f00000010c0)=ANY=[@ANYBLOB='\x00'/60], @ANYBLOB='<\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000001100)=ANY=[@ANYBLOB='\x00'/48], @ANYBLOB='0\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000001140)=ANY=[@ANYBLOB]], @ANYBLOB="040000000000000009000000000000000300"], 0x198, 0x40}, 0x1) r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000180)={0x2, 0x0, @loopback}, 0x10) perf_event_open(&(0x7f0000000880)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000100), 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {&(0x7f0000000040)=""/156, 0x80305}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x2c}, {&(0x7f00000001c0)=""/67, 0x43}, {&(0x7f0000000240)=""/198, 0xc6}, {&(0x7f0000000140)=""/15, 0xf}, {&(0x7f0000000340)=""/54, 0x7ffff}, {&(0x7f0000000380)=""/42, 0x2a}, {&(0x7f00000003c0)=""/77, 0x4d}, {&(0x7f0000000440)=""/244, 0xf4}, {&(0x7f0000000540)=""/219, 0xdb}], 0x7}}], 0x48}, 0x0) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000640)={0x52, 0x9, 0x3, {0x9, 0x8}, {0x5, 0x9bf}, @rumble={0x7, 0x7}}) [ 1127.520620][ T23] audit: type=1804 audit(1566904011.964:1046): pid=10065 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir582042889/syzkaller.EPHjOp/2329/bus" dev="sda1" ino=17104 res=1 11:06:52 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c00"/20, @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) [ 1127.660997][ T2511] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1127.675413][T10056] FAT-fs (loop0): unable to read boot sector 11:06:52 executing program 2: ioctl$SNDRV_TIMER_IOCTL_STATUS(0xffffffffffffffff, 0x80605414, &(0x7f0000001500)=""/172) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$rds(0xffffffffffffffff, &(0x7f00000014c0)={&(0x7f0000000900)={0x2, 0x4e21, @remote}, 0x10, &(0x7f0000000bc0)=[{&(0x7f0000000940)=""/192, 0xc0}, {&(0x7f0000000a00)=""/158, 0x9e}, {&(0x7f0000000ac0)=""/209, 0xd1}], 0x3, &(0x7f0000001300)=ANY=[@ANYBLOB="1800000000000000140100000200000068000000fbffffff180000000000000014010000020000000800000003000000480000000000000014010000010000000000000000000100", @ANYPTR=&(0x7f0000000c00)=ANY=[@ANYBLOB='\x00'/111], @ANYBLOB='o\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000000ec0)=ANY=[@ANYPTR=&(0x7f0000000c80)=ANY=[@ANYBLOB='\x00'/91], @ANYBLOB="9b4dd4c02f7ffc70", @ANYPTR=&(0x7f0000000d00)=ANY=[@ANYBLOB='\x00'/132], @ANYBLOB="8400000000000000", @ANYPTR=&(0x7f0000000dc0)=ANY=[@ANYBLOB='\x00'/19], @ANYBLOB='&\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000000e00)=ANY=[@ANYBLOB='\x00'/85], @ANYBLOB="aa00000000000000"], @ANYBLOB="040000000000000040000000000000000400000000000000580000000000000014010000070000000100000000fcffff", @ANYPTR=&(0x7f0000000f00)=ANY=[@ANYBLOB="0400000000000000"], @ANYPTR=&(0x7f0000000f40)=ANY=[@ANYBLOB="00000080000000"], @ANYBLOB="2a000000000000000000000000000000010001000000000003000000000000000200000000000000060000000000000030000000000000001401000003000000", @ANYPTR=&(0x7f0000000f80)=ANY=[@ANYBLOB='\x00'/18], @ANYBLOB="1700000000000000", @ANYPTR=&(0x7f0000000fc0)=ANY=[@ANYBLOB='\x00'], @ANYBLOB="100000000000000058000000000000001401000007000000ff03000005000000", @ANYPTR=&(0x7f0000001000)=ANY=[@ANYBLOB="0300000000000000"], @ANYPTR=&(0x7f0000001040)=ANY=[@ANYBLOB="ffffff7f00000000"], @ANYBLOB="05000000000000000600000000000000570000000000000006000000000000000800000000000000090000000000000048000000000000001401000001000000e31e000005000000", @ANYPTR=&(0x7f0000001080)=ANY=[@ANYBLOB='\x00'/14], @ANYBLOB="0e00000000000000", @ANYPTR=&(0x7f00000012c0)=ANY=[@ANYPTR=&(0x7f00000010c0)=ANY=[@ANYBLOB='\x00'/60], @ANYBLOB='<\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000001100)=ANY=[@ANYBLOB='\x00'/48], @ANYBLOB='0\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000001140)=ANY=[@ANYBLOB]], @ANYBLOB="040000000000000009000000000000000300"], 0x198, 0x40}, 0x1) r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000180)={0x2, 0x0, @loopback}, 0x10) perf_event_open(&(0x7f0000000880)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000100), 0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="4800000000000000140100000100"/24, @ANYPTR=&(0x7f0000000040)=ANY=[@ANYBLOB='\x00'/156], @ANYBLOB="0503080000000000", @ANYPTR=&(0x7f00000006c0)=ANY=[@ANYPTR=&(0x7f0000000100)=ANY=[@ANYBLOB='\x00'/44], @ANYBLOB=',\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f00000001c0)=ANY=[@ANYBLOB='\x00'/67], @ANYBLOB='C\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000000240)=ANY=[@ANYBLOB='\x00'/198], @ANYBLOB="c600000000000000", @ANYPTR=&(0x7f0000000140)=ANY=[@ANYBLOB='\x00'/15], @ANYBLOB="0f00000000000000", @ANYPTR=&(0x7f0000000340)=ANY=[@ANYBLOB='\x00'/54], @ANYBLOB="ffff070000000000", @ANYPTR=&(0x7f0000000380)=ANY=[@ANYBLOB='\x00'/42], @ANYBLOB='*\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f00000003c0)=ANY=[@ANYBLOB='\x00'/77], @ANYBLOB='M\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000000440)=ANY=[@ANYBLOB='\x00'/244], @ANYBLOB, @ANYPTR=&(0x7f0000000540)=ANY=[@ANYBLOB='\x00'/219], @ANYBLOB="db00000000000000"], @ANYBLOB='\a\x00'/24], 0x48}, 0x0) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000640)={0x52, 0x9, 0x3, {0x9, 0x8}, {0x5, 0x9bf}, @rumble={0x7, 0x7}}) 11:06:52 executing program 4: ioctl$SNDRV_TIMER_IOCTL_STATUS(0xffffffffffffffff, 0x80605414, &(0x7f0000001500)=""/172) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$rds(0xffffffffffffffff, &(0x7f00000014c0)={0x0, 0x0, &(0x7f0000000bc0)=[{0x0}], 0x1, &(0x7f0000001300)=ANY=[@ANYBLOB, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYBLOB="17000000", @ANYPTR, @ANYBLOB], 0x2c}, 0x1) r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000180)={0x2, 0x0, @loopback}, 0x10) perf_event_open(&(0x7f0000000880)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000100), 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {&(0x7f0000000040)=""/156, 0x80305}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x2c}, {&(0x7f00000001c0)=""/67, 0x43}, {&(0x7f0000000240)=""/198, 0xc6}, {&(0x7f0000000140)=""/15, 0xf}, {&(0x7f0000000340)=""/54, 0x7ffff}, {&(0x7f0000000380)=""/42, 0x2a}, {&(0x7f00000003c0)=""/77, 0x4d}, {&(0x7f0000000440)=""/244, 0xf4}, {&(0x7f0000000540)=""/219, 0xdb}], 0x7}}], 0x48}, 0x0) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000640)={0x52, 0x9, 0x3, {0x9, 0x8}, {0x5}, @rumble={0x7, 0x7}}) 11:06:52 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c00"/20, @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) 11:06:52 executing program 2: ioctl$SNDRV_TIMER_IOCTL_STATUS(0xffffffffffffffff, 0x80605414, &(0x7f0000001500)=""/172) fanotify_init(0x35954b0f96523713, 0x2) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000001980)='/dev/dsp\x00', 0x81, 0x0) getsockopt$inet_sctp_SCTP_DISABLE_FRAGMENTS(r0, 0x84, 0x8, &(0x7f00000019c0), &(0x7f0000001a00)=0x4) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000680)={0x9, &(0x7f0000000800)=[{0x2, 0xe1, 0x1, 0x1}, {0x1, 0x8, 0x0, 0x3}, {0x8, 0x6, 0x1, 0x2}, {0xd57d, 0x9, 0x401, 0x5}, {0x4344, 0x8, 0xffffffffffffff7f, 0x1}, {0x6, 0x0, 0x3, 0x5}, {0x24ef, 0x4, 0x1, 0x1f}, {0x9, 0x3, 0x24000000, 0x1}, {0x4, 0x800, 0x10000, 0x5}]}) sendmsg$rds(0xffffffffffffffff, &(0x7f00000014c0)={&(0x7f0000000900)={0x2, 0x4e21, @remote}, 0x10, &(0x7f0000000bc0)=[{&(0x7f0000000940)=""/192, 0xc0}, {&(0x7f0000000a00)=""/158, 0x9e}, {&(0x7f0000000ac0)=""/209, 0xd1}], 0x3, &(0x7f0000001300)=ANY=[@ANYBLOB="1800000000000000140100000200000068000000fbffffff180000000000000014010000020000000800000003000000480000000000000014010000010000000000000000000100", @ANYPTR=&(0x7f0000000c00)=ANY=[@ANYBLOB='\x00'/111], @ANYBLOB='o\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000000ec0)=ANY=[@ANYPTR=&(0x7f0000000c80)=ANY=[@ANYBLOB='\x00'/91], @ANYBLOB="9b4dd4c02f7ffc70", @ANYPTR=&(0x7f0000000d00)=ANY=[@ANYBLOB='\x00'/132], @ANYBLOB="8400000000000000", @ANYPTR=&(0x7f0000000dc0)=ANY=[@ANYBLOB='\x00'/19], @ANYBLOB='&\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000000e00)=ANY=[@ANYBLOB='\x00'/85], @ANYBLOB="aa00000000000000"], @ANYBLOB="040000000000000040000000000000000400000000000000580000000000000014010000070000000100000000fcffff", @ANYPTR=&(0x7f0000000f00)=ANY=[@ANYBLOB="0400000000000000"], @ANYPTR=&(0x7f0000000f40)=ANY=[@ANYBLOB="00000080000000"], @ANYBLOB="2a000000000000000000000000000000010001000000000003000000000000000200000000000000060000000000000030000000000000001401000003000000", @ANYPTR=&(0x7f0000000f80)=ANY=[@ANYBLOB='\x00'/18], @ANYBLOB="1700000000000000", @ANYPTR=&(0x7f0000000fc0)=ANY=[@ANYBLOB='\x00'], @ANYBLOB="100000000000000058000000000000001401000007000000ff03000005000000", @ANYPTR=&(0x7f0000001000)=ANY=[@ANYBLOB="0300000000000000"], @ANYPTR=&(0x7f0000001040)=ANY=[@ANYBLOB="ffffff7f00000000"], @ANYBLOB="05000000000000000600000000000000570000000000000006000000000000000800000000000000090000000000000048000000000000001401000001000000e31e000005000000", @ANYPTR=&(0x7f0000001080)=ANY=[@ANYBLOB='\x00'/14], @ANYBLOB="0e00000000000000", @ANYPTR=&(0x7f00000012c0)=ANY=[@ANYPTR=&(0x7f00000010c0)=ANY=[@ANYBLOB='\x00'/60], @ANYBLOB='<\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000001100)=ANY=[@ANYBLOB='\x00'/48], @ANYBLOB='0\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000001140)=ANY=[@ANYBLOB]], @ANYBLOB="040000000000000009000000000000000300"], 0x198, 0x40}, 0x1) r1 = socket$rds(0x15, 0x5, 0x0) bind$rds(r1, &(0x7f0000000180)={0x2, 0x0, @loopback}, 0x10) perf_event_open(&(0x7f0000000880)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x800000, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x908, 0x0, 0x0, 0x0, 0x20000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$rds(r1, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000100), 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {&(0x7f0000000040)=""/156, 0x80305}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x2c}, {&(0x7f00000001c0)=""/67, 0x43}, {&(0x7f0000000240)=""/198, 0xc6}, {&(0x7f0000000140)=""/15, 0xf}, {&(0x7f0000000340)=""/54, 0x7ffff}, {&(0x7f0000000380)=""/42, 0x2a}, {&(0x7f00000003c0)=""/77, 0x4d}, {&(0x7f0000000440)=""/244, 0xf4}, {&(0x7f0000000540)=""/219, 0xdb}], 0x7}}], 0x48}, 0x0) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000640)={0x52, 0x9, 0x3, {0x9, 0x8}, {0x5, 0x9bf}, @rumble={0x7, 0x7}}) [ 1127.844041][ T2510] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1127.856580][T10056] FAT-fs (loop0): unable to read boot sector [ 1127.936548][T10109] validate_nla: 8 callbacks suppressed [ 1127.936556][T10109] netlink: 'syz-executor.5': attribute type 4 has an invalid length. [ 1128.046462][T10116] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1128.077485][T10116] CPU: 0 PID: 10116 Comm: syz-executor.4 Not tainted 5.3.0-rc6 #127 [ 1128.085462][T10116] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1128.095503][T10116] Call Trace: [ 1128.098791][T10116] dump_stack+0x172/0x1f0 [ 1128.103109][T10116] dump_header+0x10b/0x82d [ 1128.107506][T10116] oom_kill_process.cold+0x10/0x15 [ 1128.107518][T10116] out_of_memory+0x79a/0x12c0 [ 1128.107532][T10116] ? lock_downgrade+0x920/0x920 [ 1128.107548][T10116] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1128.107563][T10116] ? oom_killer_disable+0x280/0x280 [ 1128.133546][T10116] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1128.139085][T10116] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1128.141540][ T23] audit: type=1804 audit(1566904012.574:1047): pid=10123 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir582042889/syzkaller.EPHjOp/2329/bus" dev="sda1" ino=17104 res=1 [ 1128.144706][T10116] ? do_raw_spin_unlock+0x57/0x270 [ 1128.174416][T10116] ? _raw_spin_unlock+0x2d/0x50 [ 1128.179253][T10116] try_charge+0xf4b/0x1440 [ 1128.183658][T10116] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1128.189191][T10116] ? percpu_ref_tryget_live+0x111/0x290 [ 1128.194736][T10116] ? get_mem_cgroup_from_mm+0x16/0x320 [ 1128.200185][T10116] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1128.205816][T10116] mem_cgroup_try_charge+0x136/0x590 [ 1128.211088][T10116] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1128.217315][T10116] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1128.222935][T10116] wp_page_copy+0x41e/0x15e0 [ 1128.227513][T10116] ? page_trans_huge_mapcount+0x166/0x450 [ 1128.233311][T10116] ? pmd_pfn+0x1d0/0x1d0 [ 1128.237546][T10116] ? lock_downgrade+0x920/0x920 [ 1128.242384][T10116] ? swp_swapcount+0x540/0x540 [ 1128.247138][T10116] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 1128.252588][T10116] ? __kasan_check_read+0x11/0x20 [ 1128.257624][T10116] ? do_raw_spin_unlock+0x57/0x270 [ 1128.262727][T10116] do_wp_page+0x499/0x14d0 [ 1128.267139][T10116] ? finish_mkwrite_fault+0x570/0x570 [ 1128.272501][T10116] __handle_mm_fault+0x22f1/0x3f20 [ 1128.277582][T10116] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1128.283089][T10116] ? __kasan_check_read+0x11/0x20 [ 1128.288080][T10116] ? do_raw_spin_unlock+0x57/0x270 [ 1128.293157][T10116] ? trace_hardirqs_on+0x67/0x240 [ 1128.298149][T10116] handle_mm_fault+0x1b5/0x6b0 [ 1128.302880][T10116] __get_user_pages+0x7d4/0x1b30 [ 1128.307784][T10116] ? follow_page_mask+0x19b0/0x19b0 [ 1128.312948][T10116] ? __kasan_check_write+0x14/0x20 [ 1128.318046][T10116] ? gup_pgd_range+0x1e1/0x2d10 [ 1128.322865][T10116] get_user_pages_unlocked+0x2ae/0x4a0 [ 1128.328293][T10116] ? get_user_pages_locked+0x4d0/0x4d0 [ 1128.333729][T10116] ? should_fail+0x1de/0x852 [ 1128.338284][T10116] ? trace_hardirqs_on+0x67/0x240 [ 1128.343274][T10116] get_user_pages_fast+0x4c0/0x570 [ 1128.348353][T10116] ? __get_user_pages_fast+0x410/0x410 [ 1128.353778][T10116] ? memset+0x32/0x40 [ 1128.357844][T10116] rds_pin_pages+0x33/0x1f0 [ 1128.362316][T10116] rds_cmsg_rdma_args+0x879/0x1150 [ 1128.367399][T10116] ? rds_rdma_extra_size+0x390/0x390 [ 1128.372673][T10116] ? rds_conn_create_outgoing+0x4b/0x60 [ 1128.378187][T10116] rds_sendmsg+0x1f32/0x35b0 [ 1128.382746][T10116] ? rw_copy_check_uvector+0x2ce/0x390 [ 1128.388178][T10116] ? rds_send_drop_to+0x1640/0x1640 [ 1128.393341][T10116] ? aa_sk_perm+0x288/0x880 [ 1128.397809][T10116] ? lock_downgrade+0x920/0x920 [ 1128.402629][T10116] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 1128.408141][T10116] ? apparmor_socket_sendmsg+0x2a/0x30 [ 1128.413565][T10116] ? rds_send_drop_to+0x1640/0x1640 [ 1128.418735][T10116] sock_sendmsg+0xd7/0x130 [ 1128.423116][T10116] ? sock_sendmsg+0xd7/0x130 [ 1128.427670][T10116] ___sys_sendmsg+0x803/0x920 [ 1128.432324][T10116] ? copy_msghdr_from_user+0x440/0x440 [ 1128.437751][T10116] ? __fget+0xa3/0x560 [ 1128.441788][T10116] ? __fget+0x384/0x560 [ 1128.445923][T10116] ? ksys_dup3+0x3e0/0x3e0 [ 1128.450315][T10116] ? __might_fault+0xfb/0x1e0 [ 1128.454978][T10116] ? __fget_light+0x1a9/0x230 [ 1128.459643][T10116] ? __fdget+0x1b/0x20 [ 1128.463683][T10116] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1128.469897][T10116] __sys_sendmsg+0x105/0x1d0 [ 1128.474457][T10116] ? __sys_sendmsg_sock+0xd0/0xd0 [ 1128.479459][T10116] ? __x64_sys_clock_gettime+0x16d/0x240 [ 1128.485063][T10116] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 1128.491114][T10116] __x64_sys_sendmsg+0x78/0xb0 [ 1128.495862][T10116] do_syscall_64+0xfd/0x6a0 [ 1128.500333][T10116] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1128.506197][T10116] RIP: 0033:0x459879 [ 1128.510071][T10116] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1128.529641][T10116] RSP: 002b:00007fd57ae18c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1128.538018][T10116] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459879 11:06:53 executing program 1: r0 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r0, 0x8003f1) open(&(0x7f00000004c0)='./bus\x00', 0x0, 0x1400) 11:06:53 executing program 3: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff038000000800395032303030264c"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000040)={0xfffffffffffffef0, 0x0, 0x10001}, 0x18) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000400)={0xa0}, 0xa0) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) chdir(&(0x7f0000000000)='./file0\x00') mknod(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) 11:06:53 executing program 0: sendmsg$TIPC_NL_MON_PEER_GET(0xffffffffffffffff, &(0x7f00000005c0)={0x0, 0x0, 0x0}, 0x0) r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000040)='/dev/full\x00', 0x208000, 0x0) r1 = dup(r0) getsockopt$inet_dccp_buf(r1, 0x21, 0x0, &(0x7f00000000c0)=""/25, &(0x7f0000000100)=0x19) r2 = add_key$user(&(0x7f0000000080)='user\x00', &(0x7f0000000000)={'syz'}, &(0x7f0000000180)="c6ef157d03adc939054af9ca0900000000000000ef5a9721bc1a082c00000000", 0x490, 0xfffffffffffffffe) r3 = add_key$user(&(0x7f00000003c0)='user\x00', &(0x7f0000000440)={'syz'}, &(0x7f00000000c0), 0x45f, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000400)={r2, r2, r3}, &(0x7f0000002700)=""/83, 0xffffff84, 0x0) 11:06:53 executing program 2: ioctl$SNDRV_TIMER_IOCTL_STATUS(0xffffffffffffffff, 0x80605414, &(0x7f0000001500)=""/172) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$rds(0xffffffffffffffff, &(0x7f00000014c0)={&(0x7f0000000900)={0x2, 0x4e21, @remote}, 0x10, &(0x7f0000000bc0)=[{&(0x7f0000000940)=""/192, 0xc0}, {&(0x7f0000000a00)=""/158, 0x9e}, {&(0x7f0000000ac0)=""/209, 0xd1}], 0x3, &(0x7f0000001300)=ANY=[@ANYBLOB="1800000000000000140100000200000068000000fbffffff180000000000000014010000020000000800000003000000480000000000000014010000010000000000000000000100", @ANYPTR=&(0x7f0000000c00)=ANY=[@ANYBLOB='\x00'/111], @ANYBLOB='o\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000000ec0)=ANY=[@ANYPTR=&(0x7f0000000c80)=ANY=[@ANYBLOB='\x00'/91], @ANYBLOB="9b4dd4c02f7ffc70", @ANYPTR=&(0x7f0000000d00)=ANY=[@ANYBLOB='\x00'/132], @ANYBLOB="8400000000000000", @ANYPTR=&(0x7f0000000dc0)=ANY=[@ANYBLOB='\x00'/19], @ANYBLOB='&\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000000e00)=ANY=[@ANYBLOB='\x00'/85], @ANYBLOB="aa00000000000000"], @ANYBLOB="040000000000000040000000000000000400000000000000580000000000000014010000070000000100000000fcffff", @ANYPTR=&(0x7f0000000f00)=ANY=[@ANYBLOB="0400000000000000"], @ANYPTR=&(0x7f0000000f40)=ANY=[@ANYBLOB="00000080000000"], @ANYBLOB="2a000000000000000000000000000000010001000000000003000000000000000200000000000000060000000000000030000000000000001401000003000000", @ANYPTR=&(0x7f0000000f80)=ANY=[@ANYBLOB='\x00'/18], @ANYBLOB="1700000000000000", @ANYPTR=&(0x7f0000000fc0)=ANY=[@ANYBLOB='\x00'], @ANYBLOB="100000000000000058000000000000001401000007000000ff03000005000000", @ANYPTR=&(0x7f0000001000)=ANY=[@ANYBLOB="0300000000000000"], @ANYPTR=&(0x7f0000001040)=ANY=[@ANYBLOB="ffffff7f00000000"], @ANYBLOB="05000000000000000600000000000000570000000000000006000000000000000800000000000000090000000000000048000000000000001401000001000000e31e000005000000", @ANYPTR=&(0x7f0000001080)=ANY=[@ANYBLOB='\x00'/14], @ANYBLOB="0e00000000000000", @ANYPTR=&(0x7f00000012c0)=ANY=[@ANYPTR=&(0x7f00000010c0)=ANY=[@ANYBLOB='\x00'/60], @ANYBLOB='<\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000001100)=ANY=[@ANYBLOB='\x00'/48], @ANYBLOB='0\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000001140)=ANY=[@ANYBLOB]], @ANYBLOB="040000000000000009000000000000000300"], 0x198, 0x40}, 0x1) r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000180)={0x2, 0x0, @loopback}, 0x10) syz_open_dev$admmidi(&(0x7f0000000800)='/dev/admmidi#\x00', 0x10001, 0x1) perf_event_open(&(0x7f0000000880)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000100), 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {&(0x7f0000000040)=""/156, 0x80305}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x2c}, {&(0x7f00000001c0)=""/67, 0x43}, {&(0x7f0000000240)=""/198, 0xc6}, {&(0x7f0000000140)=""/15, 0xf}, {&(0x7f0000000340)=""/54, 0x7ffff}, {&(0x7f0000000380)=""/42, 0x2a}, {&(0x7f00000003c0)=""/77, 0x4d}, {&(0x7f0000000440)=""/244, 0xf4}, {&(0x7f0000000540)=""/219, 0xdb}], 0x7}}], 0x48}, 0x0) r1 = syz_open_dev$audion(&(0x7f0000000680)='/dev/audio#\x00', 0x0, 0x40) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(r1, 0x84, 0x6e, &(0x7f0000001140)=[@in={0x2, 0x4e21, @local}, @in={0x2, 0x4e22, @multicast1}, @in={0x2, 0x4e24, @broadcast}, @in={0x2, 0x4e24, @multicast2}, @in={0x2, 0x4e21, @remote}, @in6={0xa, 0x4e24, 0xfffffffffffffff9, @rand_addr="0800e6e204a4edc41f4de1117f39cd7f", 0x101}, @in6={0xa, 0x4e23, 0x0, @mcast2, 0x6}, @in6={0xa, 0x4e20, 0x5, @rand_addr="7baf24a1d5cfb213b394ed5ce37fb3ab", 0x1}], 0xa4) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000640)={0x52, 0x9, 0x3, {0x9, 0x8}, {0x5, 0x9bf}, @rumble={0x7, 0x7}}) 11:06:53 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c000000000000000000000018", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) [ 1128.545967][T10116] RDX: 0000000000000000 RSI: 0000000020001600 RDI: 0000000000000003 [ 1128.553916][T10116] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 1128.561957][T10116] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd57ae196d4 [ 1128.569899][T10116] R13: 00000000004c77e9 R14: 00000000004dd048 R15: 00000000ffffffff [ 1128.581101][T10116] memory: usage 307108kB, limit 307200kB, failcnt 3785 [ 1128.595352][T10116] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1128.606144][T10129] netlink: 'syz-executor.5': attribute type 4 has an invalid length. [ 1128.613212][T10133] rds_sendmsg: 17 callbacks suppressed [ 1128.613221][T10133] rdma_op 00000000810f022b conn xmit_rdma 00000000d8f1147d [ 1128.615321][T10116] Memory cgroup stats for /syz4: [ 1128.615414][T10116] anon 246329344 [ 1128.615414][T10116] file 8192 [ 1128.615414][T10116] kernel_stack 10092544 [ 1128.615414][T10116] slab 16592896 [ 1128.615414][T10116] sock 0 [ 1128.615414][T10116] shmem 0 [ 1128.615414][T10116] file_mapped 0 [ 1128.615414][T10116] file_dirty 0 [ 1128.615414][T10116] file_writeback 0 [ 1128.615414][T10116] anon_thp 186646528 [ 1128.615414][T10116] inactive_anon 135168 [ 1128.615414][T10116] active_anon 246382592 [ 1128.615414][T10116] inactive_file 0 [ 1128.615414][T10116] active_file 0 [ 1128.615414][T10116] unevictable 135168 [ 1128.615414][T10116] slab_reclaimable 2973696 [ 1128.615414][T10116] slab_unreclaimable 13619200 [ 1128.615414][T10116] pgfault 229185 [ 1128.615414][T10116] pgmajfault 0 11:06:53 executing program 2: ioctl$SNDRV_TIMER_IOCTL_STATUS(0xffffffffffffffff, 0x80605414, &(0x7f0000001500)=""/172) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$rds(0xffffffffffffffff, &(0x7f00000014c0)={&(0x7f0000000900)={0x2, 0x4e21, @remote}, 0x10, &(0x7f0000000bc0)=[{&(0x7f0000000940)=""/192, 0xc0}, {&(0x7f0000000a00)=""/158, 0x9e}, {&(0x7f0000000ac0)=""/209, 0xd1}], 0x3, &(0x7f0000001300)=ANY=[@ANYBLOB="1800000000000000140100000200000068000000fbffffff180000000000000014010000020000000800000003000000480000000000000014010000010000000000000000000100", @ANYPTR=&(0x7f0000000c00)=ANY=[@ANYBLOB='\x00'/111], @ANYBLOB='o\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000000ec0)=ANY=[@ANYPTR=&(0x7f0000000c80)=ANY=[@ANYBLOB='\x00'/91], @ANYBLOB="9b4dd4c02f7ffc70", @ANYPTR=&(0x7f0000000d00)=ANY=[@ANYBLOB='\x00'/132], @ANYBLOB="8400000000000000", @ANYPTR=&(0x7f0000000dc0)=ANY=[@ANYBLOB='\x00'/19], @ANYBLOB='&\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000000e00)=ANY=[@ANYBLOB='\x00'/85], @ANYBLOB="aa00000000000000"], @ANYBLOB="040000000000000040000000000000000400000000000000580000000000000014010000070000000100000000fcffff", @ANYPTR=&(0x7f0000000f00)=ANY=[@ANYBLOB="0400000000000000"], @ANYPTR=&(0x7f0000000f40)=ANY=[@ANYBLOB="00000080000000"], @ANYBLOB="2a000000000000000000000000000000010001000000000003000000000000000200000000000000060000000000000030000000000000001401000003000000", @ANYPTR=&(0x7f0000000f80)=ANY=[@ANYBLOB='\x00'/18], @ANYBLOB="1700000000000000", @ANYPTR=&(0x7f0000000fc0)=ANY=[@ANYBLOB='\x00'], @ANYBLOB="100000000000000058000000000000001401000007000000ff03000005000000", @ANYPTR=&(0x7f0000001000)=ANY=[@ANYBLOB="0300000000000000"], @ANYPTR=&(0x7f0000001040)=ANY=[@ANYBLOB="ffffff7f00000000"], @ANYBLOB="05000000000000000600000000000000570000000000000006000000000000000800000000000000090000000000000048000000000000001401000001000000e31e000005000000", @ANYPTR=&(0x7f0000001080)=ANY=[@ANYBLOB='\x00'/14], @ANYBLOB="0e00000000000000", @ANYPTR=&(0x7f00000012c0)=ANY=[@ANYPTR=&(0x7f00000010c0)=ANY=[@ANYBLOB='\x00'/60], @ANYBLOB='<\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000001100)=ANY=[@ANYBLOB='\x00'/48], @ANYBLOB='0\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000001140)=ANY=[@ANYBLOB]], @ANYBLOB="040000000000000009000000000000000300"], 0x198, 0x40}, 0x1) r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000180)={0x2, 0x4e24, @loopback}, 0xfffffffffffffd07) perf_event_open(&(0x7f0000000880)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000100), 0x0, &(0x7f0000001140)=ANY=[@ANYBLOB="4800000000000000140100000100"/24, @ANYPTR=&(0x7f0000000040)=ANY=[@ANYBLOB='\x00'/156], @ANYBLOB="0503080000000000", @ANYPTR=&(0x7f00000006c0)=ANY=[@ANYPTR=&(0x7f0000000100)=ANY=[@ANYBLOB='\x00'/44], @ANYBLOB=',\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f00000001c0)=ANY=[@ANYBLOB='\x00'/67], @ANYBLOB='C\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000000240)=ANY=[@ANYBLOB='\x00'/198], @ANYBLOB="c600000000000000", @ANYPTR=&(0x7f0000000140)=ANY=[@ANYBLOB='\x00'/15], @ANYBLOB="0f00000000000000", @ANYPTR=&(0x7f0000000340)=ANY=[@ANYBLOB='\x00'/54], @ANYBLOB="ffff070000000000", @ANYPTR=&(0x7f0000000380)=ANY=[@ANYBLOB='\x00'/42], @ANYBLOB='*\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f00000003c0)=ANY=[@ANYBLOB='\x00'/77], @ANYBLOB='M\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000000440)=ANY=[@ANYBLOB='\x00'/244], @ANYBLOB="f400000000000000", @ANYPTR=&(0x7f0000000540)=ANY=[@ANYBLOB='\x00'/219], @ANYBLOB="db00000000000000"], @ANYBLOB="070000000000000000000000000000000000000000000000abdafc01cc4e4a93f020a539f37e0fbaffe8bd4da462f25a571462f051547f25d4385904343751caae61a95150a9f1d3a16f76f9e8d2b302bd949579f329498a71f09aca3cc8a7092e3aa3a44795365d280185cc721abaa2c2457e1b550f0f9a56dc1fce6e20df480905154613a9b029ff6a947e0a97fc3dec501bf3b414224add398210f5cf39b44c51a326dd0175a0f0fbc3fdedd4e7bbd5085d7afc11e85197eb95de57568d8325df6608f482eb413278a62262335d5d9edb6a797e5fc8495dbad3053723cf04a96bdf85b426eae958194bdedc89158e8a108597ceaf87cea3"], 0x48}, 0x0) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000640)={0x52, 0x9, 0x3, {0x9, 0x8}, {0x5, 0x9bf}, @rumble={0x7, 0x7}}) [ 1128.615414][T10116] workingset_refault 363 [ 1128.615414][T10116] workingset_activate 66 [ 1128.615414][T10116] workingset_nodereclaim 0 [ 1128.615414][T10116] pgrefill 4866 [ 1128.615414][T10116] pgscan 4745 [ 1128.615414][T10116] pgsteal 642 11:06:53 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c00"/20, @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) [ 1128.751385][ T23] audit: type=1804 audit(1566904013.194:1048): pid=10138 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir582042889/syzkaller.EPHjOp/2330/bus" dev="sda1" ino=17017 res=1 [ 1128.784732][T10141] netlink: 'syz-executor.5': attribute type 4 has an invalid length. 11:06:53 executing program 2: ioctl$SNDRV_TIMER_IOCTL_STATUS(0xffffffffffffffff, 0x80605414, &(0x7f0000001500)=""/172) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$rds(0xffffffffffffffff, &(0x7f00000014c0)={&(0x7f0000000900)={0x2, 0x4e21, @remote}, 0x10, &(0x7f0000000bc0)=[{&(0x7f0000000940)=""/192, 0xc0}, {&(0x7f0000000a00)=""/158, 0x9e}, {&(0x7f0000000ac0)=""/209, 0xd1}], 0x3, &(0x7f0000001300)=ANY=[@ANYBLOB="1800000000000000140100000200000068000000fbffffff180000000000000014010000020000000800000003000000480000000000000014010000010000000000000000000100", @ANYPTR=&(0x7f0000000c00)=ANY=[@ANYBLOB='\x00'/111], @ANYBLOB='o\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000000ec0)=ANY=[@ANYPTR=&(0x7f0000000c80)=ANY=[@ANYBLOB='\x00'/91], @ANYBLOB="9b4dd4c02f7ffc70", @ANYPTR=&(0x7f0000000d00)=ANY=[@ANYBLOB='\x00'/132], @ANYBLOB="8400000000000000", @ANYPTR=&(0x7f0000000dc0)=ANY=[@ANYBLOB='\x00'/19], @ANYBLOB='&\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000000e00)=ANY=[@ANYBLOB='\x00'/85], @ANYBLOB="aa00000000000000"], @ANYBLOB="040000000000000040000000000000000400000000000000580000000000000014010000070000000100000000fcffff", @ANYPTR=&(0x7f0000000f00)=ANY=[@ANYBLOB="0400000000000000"], @ANYPTR=&(0x7f0000000f40)=ANY=[@ANYBLOB="00000080000000"], @ANYBLOB="2a000000000000000000000000000000010001000000000003000000000000000200000000000000060000000000000030000000000000001401000003000000", @ANYPTR=&(0x7f0000000f80)=ANY=[@ANYBLOB='\x00'/18], @ANYBLOB="1700000000000000", @ANYPTR=&(0x7f0000000fc0)=ANY=[@ANYBLOB='\x00'], @ANYBLOB="100000000000000058000000000000001401000007000000ff03000005000000", @ANYPTR=&(0x7f0000001000)=ANY=[@ANYBLOB="0300000000000000"], @ANYPTR=&(0x7f0000001040)=ANY=[@ANYBLOB="ffffff7f00000000"], @ANYBLOB="05000000000000000600000000000000570000000000000006000000000000000800000000000000090000000000000048000000000000001401000001000000e31e000005000000", @ANYPTR=&(0x7f0000001080)=ANY=[@ANYBLOB='\x00'/14], @ANYBLOB="0e00000000000000", @ANYPTR=&(0x7f00000012c0)=ANY=[@ANYPTR=&(0x7f00000010c0)=ANY=[@ANYBLOB='\x00'/60], @ANYBLOB='<\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000001100)=ANY=[@ANYBLOB='\x00'/48], @ANYBLOB='0\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000001140)=ANY=[@ANYBLOB]], @ANYBLOB="040000000000000009000000000000000300"], 0x198, 0x40}, 0x1) r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000180)={0x2, 0x0, @loopback}, 0x10) perf_event_open(&(0x7f0000000880)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000680)='/dev/vga_arbiter\x00', 0x20002, 0x0) ioctl$IOC_PR_REGISTER(r1, 0x401870c8, &(0x7f0000000800)={0xfffffffffffff800, 0x8001, 0x1}) sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000100), 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {&(0x7f0000000040)=""/156, 0x80305}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x2c}, {&(0x7f00000001c0)=""/67, 0x43}, {&(0x7f0000000240)=""/198, 0xc6}, {&(0x7f0000000140)=""/15, 0xf}, {&(0x7f0000000340)=""/54, 0x7ffff}, {&(0x7f0000000380)=""/42, 0x2a}, {&(0x7f00000003c0)=""/77, 0x4d}, {&(0x7f0000000440)=""/244, 0xf4}, {&(0x7f0000000540)=""/219, 0xdb}], 0x7}}], 0x48}, 0x0) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000640)={0x52, 0x9, 0x3, {0x9, 0x8}, {0x5, 0x9bf}, @rumble={0x7, 0x7}}) 11:06:53 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c00"/20, @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) [ 1128.845921][T10116] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=3342,uid=0 [ 1128.894403][T10150] netlink: 'syz-executor.5': attribute type 4 has an invalid length. [ 1128.973856][T10155] rdma_op 000000003e6daf34 conn xmit_rdma 00000000d8f1147d [ 1129.045631][T10116] Memory cgroup out of memory: Killed process 3342 (syz-executor.4) total-vm:72840kB, anon-rss:2208kB, file-rss:34816kB, shmem-rss:0kB [ 1129.123721][T10120] syz-executor.4 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1129.168867][T10120] CPU: 1 PID: 10120 Comm: syz-executor.4 Not tainted 5.3.0-rc6 #127 [ 1129.176868][T10120] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1129.186920][T10120] Call Trace: [ 1129.190206][T10120] dump_stack+0x172/0x1f0 [ 1129.194539][T10120] dump_header+0x10b/0x82d [ 1129.198963][T10120] ? oom_kill_process+0x94/0x3f0 [ 1129.203889][T10120] oom_kill_process.cold+0x10/0x15 [ 1129.209006][T10120] out_of_memory+0x79a/0x12c0 [ 1129.213678][T10120] ? lock_downgrade+0x920/0x920 [ 1129.218538][T10120] ? oom_killer_disable+0x280/0x280 [ 1129.223737][T10120] ? __kasan_check_read+0x11/0x20 [ 1129.228766][T10120] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1129.234301][T10120] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1129.239929][T10120] ? do_raw_spin_unlock+0x57/0x270 [ 1129.245035][T10120] ? _raw_spin_unlock+0x2d/0x50 [ 1129.249877][T10120] try_charge+0xa2d/0x1440 [ 1129.254410][T10120] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1129.259960][T10120] ? get_mem_cgroup_from_mm+0x139/0x320 [ 1129.265515][T10120] ? __kasan_check_read+0x11/0x20 [ 1129.270536][T10120] ? lock_downgrade+0x920/0x920 [ 1129.275385][T10120] ? percpu_ref_tryget_live+0x111/0x290 [ 1129.280926][T10120] __memcg_kmem_charge_memcg+0x71/0xf0 [ 1129.286375][T10120] ? memcg_kmem_put_cache+0x50/0x50 [ 1129.291600][T10120] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1129.297145][T10120] __memcg_kmem_charge+0x13a/0x3a0 [ 1129.302251][T10120] __alloc_pages_nodemask+0x4f4/0x900 [ 1129.307615][T10120] ? psi_memstall_leave+0x11c/0x180 [ 1129.312808][T10120] ? __alloc_pages_slowpath+0x2520/0x2520 [ 1129.318524][T10120] ? psi_memstall_leave+0x12e/0x180 [ 1129.323714][T10120] ? __kasan_check_read+0x11/0x20 [ 1129.328742][T10120] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1129.334985][T10120] alloc_pages_current+0x107/0x210 [ 1129.340107][T10120] pte_alloc_one+0x1b/0x1a0 [ 1129.344613][T10120] __handle_mm_fault+0x34d7/0x3f20 [ 1129.349723][T10120] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1129.355259][T10120] ? __kasan_check_read+0x11/0x20 [ 1129.360280][T10120] ? trace_hardirqs_on+0x67/0x240 [ 1129.365312][T10120] handle_mm_fault+0x1b5/0x6b0 [ 1129.370070][T10120] __do_page_fault+0x536/0xdd0 [ 1129.374838][T10120] ? page_fault+0x16/0x40 [ 1129.379163][T10120] do_page_fault+0x38/0x590 [ 1129.383651][T10120] page_fault+0x39/0x40 [ 1129.387788][T10120] RIP: 0033:0x459879 [ 1129.391681][T10120] Code: Bad RIP value. [ 1129.395732][T10120] RSP: 002b:00007fd57ae39c78 EFLAGS: 00010246 [ 1129.401784][T10120] RAX: 0000000000000000 RBX: 0000000000000005 RCX: 0000000000459879 [ 1129.409744][T10120] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 11:06:53 executing program 4: ioctl$SNDRV_TIMER_IOCTL_STATUS(0xffffffffffffffff, 0x80605414, &(0x7f0000001500)=""/172) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$rds(0xffffffffffffffff, &(0x7f00000014c0)={0x0, 0x0, &(0x7f0000000bc0)=[{0x0}], 0x1, &(0x7f0000001300)=ANY=[@ANYBLOB, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYBLOB="17000000", @ANYPTR, @ANYBLOB], 0x2c}, 0x1) r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000180)={0x2, 0x0, @loopback}, 0x10) perf_event_open(&(0x7f0000000880)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000100), 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {&(0x7f0000000040)=""/156, 0x80305}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x2c}, {&(0x7f00000001c0)=""/67, 0x43}, {&(0x7f0000000240)=""/198, 0xc6}, {&(0x7f0000000140)=""/15, 0xf}, {&(0x7f0000000340)=""/54, 0x7ffff}, {&(0x7f0000000380)=""/42, 0x2a}, {&(0x7f00000003c0)=""/77, 0x4d}, {&(0x7f0000000440)=""/244, 0xf4}, {&(0x7f0000000540)=""/219, 0xdb}], 0x7}}], 0x48}, 0x0) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000640)={0x52, 0x9, 0x3, {0x9, 0x8}, {0x5}, @rumble={0x7, 0x7}}) 11:06:53 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c00"/20, @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) 11:06:53 executing program 2: ioctl$SNDRV_TIMER_IOCTL_STATUS(0xffffffffffffffff, 0x80605414, &(0x7f0000001500)=""/172) clone(0xa0a02300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$rds(0xffffffffffffffff, &(0x7f00000014c0)={&(0x7f0000000900)={0x2, 0x4e21, @remote}, 0x10, &(0x7f0000000bc0)=[{&(0x7f0000000940)=""/192, 0xc0}, {&(0x7f0000000a00)=""/158, 0x9e}, {&(0x7f0000000ac0)=""/209, 0xd1}], 0x3, &(0x7f0000001300)=ANY=[@ANYBLOB="1800000000000000140100000200000068000000fbffffff180000000000000014010000020000000800000003000000480000000000000014010000010000000000000000000100", @ANYPTR=&(0x7f0000000c00)=ANY=[@ANYBLOB='\x00'/111], @ANYBLOB='o\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000000ec0)=ANY=[@ANYPTR=&(0x7f0000000c80)=ANY=[@ANYBLOB='\x00'/91], @ANYBLOB="9b4dd4c02f7ffc70", @ANYPTR=&(0x7f0000000d00)=ANY=[@ANYBLOB='\x00'/132], @ANYBLOB="8400000000000000", @ANYPTR=&(0x7f0000000dc0)=ANY=[@ANYBLOB='\x00'/19], @ANYBLOB='&\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000000e00)=ANY=[@ANYBLOB='\x00'/85], @ANYBLOB="aa00000000000000"], @ANYBLOB="040000000000000040000000000000000400000000000000580000000000000014010000070000000100000000fcffff", @ANYPTR=&(0x7f0000000f00)=ANY=[@ANYBLOB="0400000000000000"], @ANYPTR=&(0x7f0000000f40)=ANY=[@ANYBLOB="00000080000000"], @ANYBLOB="2a000000000000000000000000000000010001000000000003000000000000000200000000000000060000000000000030000000000000001401000003000000", @ANYPTR=&(0x7f0000000f80)=ANY=[@ANYBLOB='\x00'/18], @ANYBLOB="1700000000000000", @ANYPTR=&(0x7f0000000fc0)=ANY=[@ANYBLOB='\x00'], @ANYBLOB="100000000000000058000000000000001401000007000000ff03000005000000", @ANYPTR=&(0x7f0000001000)=ANY=[@ANYBLOB="0300000000000000"], @ANYPTR=&(0x7f0000001040)=ANY=[@ANYBLOB="ffffff7f00000000"], @ANYBLOB="05000000000000000600000000000000570000000000000006000000000000000800000000000000090000000000000048000000000000001401000001000000e31e000005000000", @ANYPTR=&(0x7f0000001080)=ANY=[@ANYBLOB='\x00'/14], @ANYBLOB="0e00000000000000", @ANYPTR=&(0x7f00000012c0)=ANY=[@ANYPTR=&(0x7f00000010c0)=ANY=[@ANYBLOB='\x00'/60], @ANYBLOB='<\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000001100)=ANY=[@ANYBLOB='\x00'/48], @ANYBLOB='0\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000001140)=ANY=[@ANYBLOB]], @ANYBLOB="040000000000000009000000000000000300"], 0x198, 0x40}, 0x1) r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000180)={0x2, 0x0, @loopback}, 0x10) r1 = perf_event_open(&(0x7f0000000880)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000100), 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {&(0x7f0000000040)=""/156, 0x80305}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x2c}, {&(0x7f00000001c0)=""/67, 0x43}, {&(0x7f0000000240)=""/198, 0xc6}, {&(0x7f0000000140)=""/15, 0xf}, {&(0x7f0000000340)=""/54, 0x7ffff}, {&(0x7f0000000380)=""/42, 0x2a}, {&(0x7f00000003c0)=""/77, 0x4d}, {&(0x7f0000000440)=""/244, 0xf4}, {&(0x7f0000000540)=""/219, 0xdb}], 0x7}}], 0x48}, 0x0) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000640)={0x52, 0x9, 0x3, {0x9, 0x8}, {0x5, 0x9bf}, @rumble={0x7, 0x7}}) ioctl$FIBMAP(r1, 0x1, &(0x7f0000000680)=0x100) [ 1129.417702][T10120] RBP: 000000000075bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 1129.425662][T10120] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd57ae3a6d4 [ 1129.433621][T10120] R13: 00000000004bfd46 R14: 00000000004d1af8 R15: 00000000ffffffff [ 1129.443847][ T23] audit: type=1800 audit(1566904013.614:1049): pid=10163 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed comm="syz-executor.1" name="bus" dev="sda1" ino=17017 res=0 [ 1129.450710][T10120] memory: usage 304308kB, limit 307200kB, failcnt 3785 11:06:53 executing program 1: r0 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r0, 0x8003f1) open(&(0x7f00000004c0)='./bus\x00', 0x0, 0x1500) 11:06:53 executing program 3: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff038000000800395032303030264c"], 0x15) r2 = syz_open_dev$sndpcmc(&(0x7f0000000040)='/dev/snd/pcmC#D#c\x00', 0x0, 0x2000) ioctl$SNDRV_TIMER_IOCTL_STOP(r2, 0x54a1) r3 = dup(r1) write$FUSE_BMAP(r3, &(0x7f0000000280)={0x18, 0x0, 0x3, {0x100000000000000}}, 0x12) ioctl$FICLONERANGE(r0, 0x4020940d, &(0x7f0000000180)={r3, 0x0, 0x1, 0xffffffffffffff80, 0xfff}) write$FUSE_CREATE_OPEN(r3, &(0x7f0000000400)={0xa0}, 0xa0) write$FUSE_NOTIFY_RETRIEVE(r3, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r3]) chdir(&(0x7f0000000000)='./file0\x00') mknod(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) [ 1129.477833][T10168] netlink: 'syz-executor.5': attribute type 4 has an invalid length. [ 1129.491588][T10169] rdma_op 00000000693efdba conn xmit_rdma 00000000d8f1147d [ 1129.516234][T10120] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1129.551211][T10177] rdma_op 00000000d5f47e67 conn xmit_rdma 00000000d8f1147d [ 1129.561561][T10120] Memory cgroup stats for /syz4: [ 1129.561666][T10120] anon 243875840 [ 1129.561666][T10120] file 8192 [ 1129.561666][T10120] kernel_stack 10092544 [ 1129.561666][T10120] slab 16592896 [ 1129.561666][T10120] sock 0 [ 1129.561666][T10120] shmem 0 [ 1129.561666][T10120] file_mapped 0 [ 1129.561666][T10120] file_dirty 0 [ 1129.561666][T10120] file_writeback 0 [ 1129.561666][T10120] anon_thp 184549376 [ 1129.561666][T10120] inactive_anon 135168 [ 1129.561666][T10120] active_anon 244031488 [ 1129.561666][T10120] inactive_file 0 [ 1129.561666][T10120] active_file 0 [ 1129.561666][T10120] unevictable 135168 [ 1129.561666][T10120] slab_reclaimable 2973696 [ 1129.561666][T10120] slab_unreclaimable 13619200 [ 1129.561666][T10120] pgfault 229251 [ 1129.561666][T10120] pgmajfault 0 [ 1129.561666][T10120] workingset_refault 363 [ 1129.561666][T10120] workingset_activate 66 [ 1129.561666][T10120] workingset_nodereclaim 0 [ 1129.561666][T10120] pgrefill 4866 [ 1129.561666][T10120] pgscan 4745 [ 1129.561666][T10120] pgsteal 642 [ 1129.574030][T10120] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=3295,uid=0 [ 1129.692610][ T23] audit: type=1804 audit(1566904014.134:1050): pid=10181 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir582042889/syzkaller.EPHjOp/2331/bus" dev="sda1" ino=16755 res=1 [ 1129.889959][T10120] Memory cgroup out of memory: Killed process 3295 (syz-executor.4) total-vm:72840kB, anon-rss:2208kB, file-rss:34816kB, shmem-rss:0kB [ 1129.909553][ T23] audit: type=1804 audit(1566904014.354:1051): pid=10189 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir582042889/syzkaller.EPHjOp/2331/bus" dev="sda1" ino=16755 res=1 [ 1129.954873][T10176] rdma_op 00000000a3f56a87 conn xmit_rdma 00000000d8f1147d [ 1129.991315][T10192] rdma_op 00000000bbe36b7f conn xmit_rdma 00000000d8f1147d 11:07:00 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000000600)="8da4363ac0ed0000000000000001004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d41831af8", 0x4c, 0x10000}], 0x80, 0x0) 11:07:00 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c00"/20, @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) 11:07:00 executing program 2: ioctl$SNDRV_TIMER_IOCTL_STATUS(0xffffffffffffffff, 0x80605414, &(0x7f0000001500)=""/172) clone(0x1000000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000840)='/proc/self/net/pfkey\x00', 0x400000, 0x0) ioctl$KVM_GET_DIRTY_LOG(r0, 0x4010ae42, &(0x7f0000000e80)={0x10201, 0x0, &(0x7f0000ffd000/0x1000)=nil}) sendmsg$rds(0xffffffffffffffff, &(0x7f00000014c0)={&(0x7f0000000900)={0x2, 0x4e21, @remote}, 0x10, &(0x7f0000000bc0)=[{&(0x7f0000000940)=""/192, 0xc0}, {&(0x7f0000000a00)=""/158, 0x9e}, {&(0x7f0000000ac0)=""/209, 0xd1}], 0x3, &(0x7f0000001300)=ANY=[@ANYBLOB="1800000000000000140100000200000068000000fbffffff180000000000000014010000020000000800000003000000480000000000000014010000010000000000000000000100", @ANYPTR=&(0x7f0000000c00)=ANY=[@ANYBLOB='\x00'/111], @ANYBLOB='o\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000000ec0)=ANY=[@ANYPTR=&(0x7f0000000c80)=ANY=[@ANYBLOB='\x00'/91], @ANYBLOB="9b4dd4c02f7ffc70", @ANYPTR=&(0x7f0000000d00)=ANY=[@ANYBLOB='\x00'/132], @ANYBLOB="8400000000000000", @ANYPTR=&(0x7f0000000dc0)=ANY=[@ANYBLOB='\x00'/19], @ANYBLOB='&\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000000e00)=ANY=[@ANYBLOB='\x00'/85], @ANYBLOB="aa00000000000000"], @ANYBLOB="040000000000000040000000000000000400000000000000580000000000000014010000070000000100000000fcffff", @ANYPTR=&(0x7f0000000f00)=ANY=[@ANYBLOB="0400000000000000"], @ANYPTR=&(0x7f0000000f40)=ANY=[@ANYBLOB="00000080000000"], @ANYBLOB="2a000000000000000000000000000000010001000000000003000000000000000200000000000000060000000000000030000000000000001401000003000000", @ANYPTR=&(0x7f0000000f80)=ANY=[@ANYBLOB='\x00'/18], @ANYBLOB="1700000000000000", @ANYPTR=&(0x7f0000000fc0)=ANY=[@ANYBLOB='\x00'], @ANYBLOB="100000000000000058000000000000001401000007000000ff03000005000000", @ANYPTR=&(0x7f0000001000)=ANY=[@ANYBLOB="0300000000000000"], @ANYPTR=&(0x7f0000001040)=ANY=[@ANYBLOB="ffffff7f00000000"], @ANYBLOB="05000000000000000600000000000000570000000000000006000000000000000800000000000000090000000000000048000000000000001401000001000000e31e000005000000", @ANYPTR=&(0x7f0000001080)=ANY=[@ANYBLOB='\x00'/14], @ANYBLOB="0e00000000000000", @ANYPTR=&(0x7f00000012c0)=ANY=[@ANYPTR=&(0x7f00000010c0)=ANY=[@ANYBLOB='\x00'/60], @ANYBLOB='<\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000001100)=ANY=[@ANYBLOB='\x00'/48], @ANYBLOB='0\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000001140)=ANY=[@ANYBLOB]], @ANYBLOB="040000000000000009000000000000000300"], 0x198, 0x40}, 0x1) r1 = socket$rds(0x15, 0x5, 0x0) bind$rds(r1, &(0x7f0000000180)={0x2, 0x0, @loopback}, 0x10) perf_event_open(&(0x7f0000000880)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$rds(r1, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x4e24, @remote}, 0x10, &(0x7f0000000100), 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {&(0x7f0000000040)=""/156, 0x9c}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x2c}, {&(0x7f00000001c0)=""/67, 0x43}, {&(0x7f0000000240)=""/198, 0xc6}, {&(0x7f0000000140)=""/15, 0xf}, {&(0x7f0000000340)=""/54, 0x36}, {&(0x7f0000000380)=""/42, 0x2a}, {&(0x7f00000003c0)=""/77, 0x4d}, {&(0x7f0000000440)=""/244, 0xf4}, {&(0x7f0000000540)=""/219, 0xdb}], 0x9}}], 0x48}, 0x0) r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000680)='/proc/self/net/pfkey\x00', 0x40, 0x0) mkdirat$cgroup(r2, &(0x7f0000000800)='syz1\x00', 0x1ff) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000640)={0x52, 0x9, 0x3, {0x9, 0x8}, {0x5, 0x9bf}, @rumble={0x7, 0x7}}) 11:07:00 executing program 3: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="1500000065ffff038000000800395032303030266bd8c135efa6ddc62d6e61fac75770af00c0143690cccce4a94ab2857d40ee323e248a2fac5d511be29e"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000400)={0xa0}, 0xa0) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) chdir(&(0x7f0000000000)='./file0\x00') mknod(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) 11:07:00 executing program 4: ioctl$SNDRV_TIMER_IOCTL_STATUS(0xffffffffffffffff, 0x80605414, &(0x7f0000001500)=""/172) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$rds(0xffffffffffffffff, &(0x7f00000014c0)={0x0, 0x0, &(0x7f0000000bc0)=[{0x0}], 0x1, &(0x7f0000001300)=ANY=[@ANYBLOB, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYBLOB="17000000", @ANYPTR, @ANYBLOB], 0x2c}, 0x1) r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000180)={0x2, 0x0, @loopback}, 0x10) perf_event_open(&(0x7f0000000880)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000100), 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {&(0x7f0000000040)=""/156, 0x80305}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x2c}, {&(0x7f00000001c0)=""/67, 0x43}, {&(0x7f0000000240)=""/198, 0xc6}, {&(0x7f0000000140)=""/15, 0xf}, {&(0x7f0000000340)=""/54, 0x7ffff}, {&(0x7f0000000380)=""/42, 0x2a}, {&(0x7f00000003c0)=""/77, 0x4d}, {&(0x7f0000000440)=""/244, 0xf4}, {&(0x7f0000000540)=""/219, 0xdb}], 0x7}}], 0x48}, 0x0) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000640)={0x52, 0x9, 0x3, {0x9, 0x8}, {0x5}, @rumble={0x7, 0x7}}) 11:07:00 executing program 1: r0 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r0, 0x8003f1) open(&(0x7f00000004c0)='./bus\x00', 0x0, 0x1600) [ 1136.316614][T10200] netlink: 'syz-executor.5': attribute type 4 has an invalid length. 11:07:00 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c000000000000000000000058", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) [ 1136.369484][ T23] audit: type=1804 audit(1566904020.814:1052): pid=10209 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir582042889/syzkaller.EPHjOp/2332/bus" dev="sda1" ino=16675 res=1 [ 1136.417437][T10208] rdma_op 00000000e6c7382b conn xmit_rdma 00000000d8f1147d 11:07:00 executing program 3: r0 = socket$isdn_base(0x22, 0x3, 0x0) getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x0, &(0x7f00000009c0)={@local, @multicast2, 0x0}, &(0x7f0000000a00)=0xc) bind(r0, &(0x7f0000000a40)=@can={0x1d, r1}, 0x80) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r3, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff038000000800395032303030264c"], 0x15) r4 = dup(r3) write$FUSE_BMAP(r4, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_CREATE_OPEN(r4, &(0x7f0000000400)={0xa0}, 0xa0) write$FUSE_NOTIFY_RETRIEVE(r4, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESHEX=r4]) setsockopt$inet_group_source_req(r3, 0x0, 0x2c, &(0x7f0000000600)={0x8, {{0x2, 0x9, @initdev={0xac, 0x1e, 0x1, 0x0}}}, {{0x2, 0x4e24, @loopback}}}, 0x108) chdir(&(0x7f0000000000)='./file0\x00') mknod(&(0x7f0000000140)='./file0\x00', 0x840, 0x0) [ 1136.462302][T10218] BTRFS: device fsid fff6f2a2-2997-48ae-b81e-1b00920efd9a devid 0 transid 4162487105 /dev/loop0 [ 1136.489337][T10228] rdma_op 000000007f114ef6 conn xmit_rdma 00000000d8f1147d [ 1136.496800][T10229] netlink: 'syz-executor.5': attribute type 4 has an invalid length. 11:07:01 executing program 2: ioctl$SNDRV_TIMER_IOCTL_STATUS(0xffffffffffffffff, 0x80605414, &(0x7f0000001500)=""/172) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$rds(0xffffffffffffffff, &(0x7f00000014c0)={&(0x7f0000000900)={0x2, 0x4e21, @remote}, 0x10, &(0x7f0000000bc0)=[{&(0x7f0000000940)=""/192, 0xc0}, {&(0x7f0000000a00)=""/158, 0x9e}, {&(0x7f0000000ac0)=""/209, 0xd1}], 0x3, &(0x7f0000001300)=ANY=[@ANYBLOB="1800000000000000140100000200000068000000fbffffff180000000000000014010000020000000800000003000000480000000000000014010000010000000000000000000100", @ANYPTR=&(0x7f0000000c00)=ANY=[@ANYBLOB='\x00'/111], @ANYBLOB='o\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000000ec0)=ANY=[@ANYPTR=&(0x7f0000000c80)=ANY=[@ANYBLOB='\x00'/91], @ANYBLOB="9b4dd4c02f7ffc70", @ANYPTR=&(0x7f0000000d00)=ANY=[@ANYBLOB='\x00'/132], @ANYBLOB="8400000000000000", @ANYPTR=&(0x7f0000000dc0)=ANY=[@ANYBLOB='\x00'/19], @ANYBLOB='&\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000000e00)=ANY=[@ANYBLOB='\x00'/85], @ANYBLOB="aa00000000000000"], @ANYBLOB="040000000000000040000000000000000400000000000000580000000000000014010000070000000100000000fcffff", @ANYPTR=&(0x7f0000000f00)=ANY=[@ANYBLOB="0400000000000000"], @ANYPTR=&(0x7f0000000f40)=ANY=[@ANYBLOB="00000080000000"], @ANYBLOB="2a000000000000000000000000000000010001000000000003000000000000000200000000000000060000000000000030000000000000001401000003000000", @ANYPTR=&(0x7f0000000f80)=ANY=[@ANYBLOB='\x00'/18], @ANYBLOB="1700000000000000", @ANYPTR=&(0x7f0000000fc0)=ANY=[@ANYBLOB='\x00'], @ANYBLOB="100000000000000058000000000000001401000007000000ff03000005000000", @ANYPTR=&(0x7f0000001000)=ANY=[@ANYBLOB="0300000000000000"], @ANYPTR=&(0x7f0000001040)=ANY=[@ANYBLOB="ffffff7f00000000"], @ANYBLOB="05000000000000000600000000000000570000000000000006000000000000000800000000000000090000000000000048000000000000001401000001000000e31e000005000000", @ANYPTR=&(0x7f0000001080)=ANY=[@ANYBLOB='\x00'/14], @ANYBLOB="0e00000000000000", @ANYPTR=&(0x7f00000012c0)=ANY=[@ANYPTR=&(0x7f00000010c0)=ANY=[@ANYBLOB='\x00'/60], @ANYBLOB='<\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000001100)=ANY=[@ANYBLOB='\x00'/48], @ANYBLOB='0\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000001140)=ANY=[@ANYBLOB]], @ANYBLOB="040000000000000009000000000000000300"], 0x198, 0x40}, 0x1) r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000180)={0x2, 0x0, @loopback}, 0x10) perf_event_open(&(0x7f0000000880)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000100), 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {&(0x7f0000000040)=""/156, 0x80305}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x2c}, {&(0x7f00000001c0)=""/67, 0x43}, {&(0x7f0000000240)=""/198, 0xc6}, {&(0x7f0000000140)=""/15, 0xf}, {&(0x7f0000000340)=""/54, 0x7ffff}, {&(0x7f0000000380)=""/42, 0x2a}, {&(0x7f00000003c0)=""/77, 0x4d}, {&(0x7f0000000440)=""/244, 0xf4}, {&(0x7f0000000540)=""/219, 0xdb}], 0x7}}], 0x48}, 0x0) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000640)={0x52, 0x9, 0x3, {0x9, 0x8}, {0x5, 0x9bf}, @rumble={0x7, 0x7}}) prctl$PR_SET_TSC(0x1a, 0x1) 11:07:01 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c00"/20, @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) [ 1136.536734][T10208] syz-executor.4 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1136.592178][T10233] rdma_op 00000000fad26729 conn xmit_rdma 00000000d8f1147d [ 1136.610172][T10208] CPU: 1 PID: 10208 Comm: syz-executor.4 Not tainted 5.3.0-rc6 #127 [ 1136.618339][T10208] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1136.628388][T10208] Call Trace: [ 1136.631676][T10208] dump_stack+0x172/0x1f0 [ 1136.636003][T10208] dump_header+0x10b/0x82d [ 1136.640419][T10208] oom_kill_process.cold+0x10/0x15 [ 1136.645533][T10208] out_of_memory+0x79a/0x12c0 [ 1136.650219][T10208] ? lock_downgrade+0x920/0x920 [ 1136.655073][T10208] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1136.661311][T10208] ? oom_killer_disable+0x280/0x280 [ 1136.666505][T10208] ? __kasan_check_read+0x11/0x20 [ 1136.671701][T10208] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1136.677247][T10208] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1136.682877][T10208] ? do_raw_spin_unlock+0x57/0x270 [ 1136.688130][T10208] ? _raw_spin_unlock+0x2d/0x50 [ 1136.692962][T10208] try_charge+0xf4b/0x1440 [ 1136.697766][T10208] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1136.703299][T10208] ? get_mem_cgroup_from_mm+0x139/0x320 [ 1136.708822][T10208] ? __kasan_check_read+0x11/0x20 [ 1136.713828][T10208] ? lock_downgrade+0x920/0x920 [ 1136.718664][T10208] ? percpu_ref_tryget_live+0x111/0x290 [ 1136.724285][T10208] __memcg_kmem_charge_memcg+0x71/0xf0 [ 1136.729726][T10208] ? memcg_kmem_put_cache+0x50/0x50 [ 1136.734908][T10208] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1136.740431][T10208] __memcg_kmem_charge+0x13a/0x3a0 [ 1136.745529][T10208] __alloc_pages_nodemask+0x4f4/0x900 [ 1136.750883][T10208] ? stack_trace_consume_entry+0x190/0x190 [ 1136.756760][T10208] ? __alloc_pages_slowpath+0x2520/0x2520 [ 1136.762547][T10208] ? __pte_alloc+0x1b5/0x310 [ 1136.767120][T10208] ? copy_page_range+0xef4/0x1ee0 [ 1136.772124][T10208] ? __kasan_check_read+0x11/0x20 [ 1136.777133][T10208] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1136.783463][T10208] alloc_pages_current+0x107/0x210 [ 1136.788554][T10208] pte_alloc_one+0x1b/0x1a0 [ 1136.793037][T10208] __pte_alloc+0x20/0x310 [ 1136.797355][T10208] copy_page_range+0x1520/0x1ee0 [ 1136.802284][T10208] ? pmd_alloc+0x180/0x180 [ 1136.806686][T10208] ? vma_gap_callbacks_rotate+0x62/0x80 [ 1136.812213][T10208] ? __rb_insert_augmented+0x20c/0xd90 [ 1136.817654][T10208] ? validate_mm_rb+0xa3/0xc0 [ 1136.822324][T10208] ? __vma_link_rb+0x275/0x370 [ 1136.827083][T10208] ? __kasan_check_write+0x14/0x20 [ 1136.832186][T10208] dup_mm+0xa67/0x1430 [ 1136.836314][T10208] ? vm_area_dup+0x170/0x170 [ 1136.841059][T10208] ? debug_mutex_init+0x2d/0x5a [ 1136.845893][T10208] copy_process+0x28b7/0x6b00 [ 1136.850562][T10208] ? __cleanup_sighand+0x60/0x60 [ 1136.855504][T10208] _do_fork+0x146/0xfa0 [ 1136.859758][T10208] ? copy_init_mm+0x20/0x20 [ 1136.864240][T10208] ? __kasan_check_read+0x11/0x20 [ 1136.869246][T10208] ? _copy_to_user+0x118/0x160 [ 1136.873992][T10208] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1136.880224][T10208] ? put_timespec64+0xda/0x140 [ 1136.884979][T10208] __x64_sys_clone+0x18d/0x250 [ 1136.889720][T10208] ? __ia32_sys_vfork+0xc0/0xc0 [ 1136.894567][T10208] ? trace_hardirqs_off_caller+0x65/0x230 [ 1136.900265][T10208] ? trace_hardirqs_on+0x67/0x240 [ 1136.905274][T10208] do_syscall_64+0xfd/0x6a0 [ 1136.909764][T10208] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1136.915637][T10208] RIP: 0033:0x459879 [ 1136.919515][T10208] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1136.939227][T10208] RSP: 002b:00007fd57ae39c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1136.947705][T10208] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000459879 [ 1136.955657][T10208] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1136.963608][T10208] RBP: 000000000075bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 1136.971558][T10208] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd57ae3a6d4 [ 1136.979508][T10208] R13: 00000000004bfd46 R14: 00000000004d1af8 R15: 00000000ffffffff 11:07:01 executing program 2: ioctl$SNDRV_TIMER_IOCTL_STATUS(0xffffffffffffffff, 0x80605414, &(0x7f0000001500)=""/172) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$rds(0xffffffffffffffff, &(0x7f00000014c0)={&(0x7f0000000900)={0x2, 0x4e21, @remote}, 0x10, &(0x7f0000000bc0)=[{&(0x7f0000000940)=""/192, 0xc0}, {&(0x7f0000000a00)=""/158, 0x9e}, {&(0x7f0000000ac0)=""/209, 0xd1}], 0x3, &(0x7f0000001300)=ANY=[@ANYBLOB="1800000000000000140100000200000068000000fbffffff180000000000000014010000020000000800000003000000480000000000000014010000010000000000000000000100", @ANYPTR=&(0x7f0000000c00)=ANY=[@ANYBLOB='\x00'/111], @ANYBLOB='o\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000000ec0)=ANY=[@ANYPTR=&(0x7f0000000c80)=ANY=[@ANYBLOB='\x00'/91], @ANYBLOB="9b4dd4c02f7ffc70", @ANYPTR=&(0x7f0000000d00)=ANY=[@ANYBLOB='\x00'/132], @ANYBLOB="8400000000000000", @ANYPTR=&(0x7f0000000dc0)=ANY=[@ANYBLOB='\x00'/19], @ANYBLOB='&\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000000e00)=ANY=[@ANYBLOB='\x00'/85], @ANYBLOB="aa00000000000000"], @ANYBLOB="040000000000000040000000000000000400000000000000580000000000000014010000070000000100000000fcffff", @ANYPTR=&(0x7f0000000f00)=ANY=[@ANYBLOB="0400000000000000"], @ANYPTR=&(0x7f0000000f40)=ANY=[@ANYBLOB="00000080000000"], @ANYBLOB="2a000000000000000000000000000000010001000000000003000000000000000200000000000000060000000000000030000000000000001401000003000000", @ANYPTR=&(0x7f0000000f80)=ANY=[@ANYBLOB='\x00'/18], @ANYBLOB="1700000000000000", @ANYPTR=&(0x7f0000000fc0)=ANY=[@ANYBLOB='\x00'], @ANYBLOB="100000000000000058000000000000001401000007000000ff03000005000000", @ANYPTR=&(0x7f0000001000)=ANY=[@ANYBLOB="0300000000000000"], @ANYPTR=&(0x7f0000001040)=ANY=[@ANYBLOB="ffffff7f00000000"], @ANYBLOB="05000000000000000600000000000000570000000000000006000000000000000800000000000000090000000000000048000000000000001401000001000000e31e000005000000", @ANYPTR=&(0x7f0000001080)=ANY=[@ANYBLOB='\x00'/14], @ANYBLOB="0e00000000000000", @ANYPTR=&(0x7f00000012c0)=ANY=[@ANYPTR=&(0x7f00000010c0)=ANY=[@ANYBLOB='\x00'/60], @ANYBLOB='<\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000001100)=ANY=[@ANYBLOB='\x00'/48], @ANYBLOB='0\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000001140)=ANY=[@ANYBLOB]], @ANYBLOB="040000000000000009000000000000000300"], 0x198, 0x40}, 0x1) r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000180)={0x2, 0x0, @loopback}, 0x10) r1 = perf_event_open(&(0x7f0000000880)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000100), 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {&(0x7f0000000040)=""/156, 0x80305}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x2c}, {&(0x7f00000001c0)=""/67, 0x43}, {&(0x7f0000000240)=""/198, 0xc6}, {&(0x7f0000000140)=""/15, 0xf}, {&(0x7f0000000340)=""/54, 0x7ffff}, {&(0x7f0000000380)=""/42, 0x2a}, {&(0x7f00000003c0)=""/77, 0x4d}, {&(0x7f0000000440)=""/244, 0xf4}, {&(0x7f0000000540)=""/219, 0xdb}], 0x7}}], 0x48}, 0x0) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000640)={0x52, 0x9, 0x3, {0x9, 0x8}, {0x5, 0x9bf}, @rumble={0x7, 0x7}}) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000680)={0x100, 0x863}) [ 1136.990409][T10235] rdma_op 0000000067b8dce7 conn xmit_rdma 00000000d8f1147d [ 1136.999073][T10208] memory: usage 307200kB, limit 307200kB, failcnt 3814 [ 1137.006186][T10208] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1137.014668][ T23] audit: type=1804 audit(1566904021.454:1053): pid=10209 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir582042889/syzkaller.EPHjOp/2332/bus" dev="sda1" ino=16675 res=1 [ 1137.068391][T10243] netlink: 'syz-executor.5': attribute type 4 has an invalid length. [ 1137.074939][T10208] Memory cgroup stats for /syz4: [ 1137.075164][T10208] anon 246222848 [ 1137.075164][T10208] file 8192 [ 1137.075164][T10208] kernel_stack 10289152 [ 1137.075164][T10208] slab 16592896 [ 1137.075164][T10208] sock 0 [ 1137.075164][T10208] shmem 0 [ 1137.075164][T10208] file_mapped 0 [ 1137.075164][T10208] file_dirty 0 [ 1137.075164][T10208] file_writeback 0 [ 1137.075164][T10208] anon_thp 186646528 [ 1137.075164][T10208] inactive_anon 135168 [ 1137.075164][T10208] active_anon 246206464 [ 1137.075164][T10208] inactive_file 0 [ 1137.075164][T10208] active_file 0 [ 1137.075164][T10208] unevictable 135168 [ 1137.075164][T10208] slab_reclaimable 2973696 [ 1137.075164][T10208] slab_unreclaimable 13619200 [ 1137.075164][T10208] pgfault 229416 [ 1137.075164][T10208] pgmajfault 0 [ 1137.075164][T10208] workingset_refault 363 [ 1137.075164][T10208] workingset_activate 66 [ 1137.075164][T10208] workingset_nodereclaim 0 [ 1137.075164][T10208] pgrefill 4998 [ 1137.075164][T10208] pgscan 4910 11:07:01 executing program 1: r0 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r0, 0x8003f1) open(&(0x7f00000004c0)='./bus\x00', 0x0, 0x1700) [ 1137.075164][T10208] pgsteal 642 11:07:01 executing program 0: r0 = socket$inet(0x10, 0x3, 0xc) sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000100)="2400000002070368dce3436ff20c0020201c1009000200021d8568a20400ff7e280057ff", 0x24}], 0x1}, 0x0) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, &(0x7f0000000000)={0x0, 0x7, 0x1, [0x9]}, &(0x7f0000000040)=0xa) getsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r0, 0x84, 0x18, &(0x7f0000000080)={r1, 0x10001}, &(0x7f00000000c0)=0x8) 11:07:01 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c00"/20, @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) [ 1137.202544][T10208] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=10205,uid=0 [ 1137.223753][T10248] rdma_op 0000000098222b5d conn xmit_rdma 00000000d8f1147d [ 1137.243473][T10255] netlink: 'syz-executor.5': attribute type 4 has an invalid length. [ 1137.253876][ T23] audit: type=1804 audit(1566904021.704:1054): pid=10251 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir582042889/syzkaller.EPHjOp/2333/bus" dev="sda1" ino=16744 res=1 [ 1137.275766][T10208] Memory cgroup out of memory: Killed process 10205 (syz-executor.4) total-vm:72840kB, anon-rss:2192kB, file-rss:35792kB, shmem-rss:0kB 11:07:01 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c00"/20, @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) [ 1137.318713][T10263] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1137.361256][T10269] rdma_op 00000000345ee931 conn xmit_rdma 00000000d8f1147d [ 1137.374171][T10263] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.0'. 11:07:01 executing program 2: ioctl$SNDRV_TIMER_IOCTL_STATUS(0xffffffffffffffff, 0x80605414, &(0x7f0000001500)=""/172) openat$audio(0xffffffffffffff9c, &(0x7f0000000800)='/dev/audio\x00', 0x0, 0x0) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$rds(0xffffffffffffffff, &(0x7f00000014c0)={&(0x7f0000000900)={0x2, 0x4e21, @remote}, 0x10, &(0x7f0000000bc0)=[{&(0x7f0000000940)=""/192, 0xc0}, {&(0x7f0000000a00)=""/158, 0x9e}, {&(0x7f0000000ac0)=""/209, 0xd1}], 0x3, &(0x7f0000001300)=ANY=[@ANYBLOB="1800000000000000140100000200000068000000fbffffff180000000000000014010000020000000800000003000000480000000000000014010000010000000000000000000100", @ANYPTR=&(0x7f0000000c00)=ANY=[@ANYBLOB='\x00'/111], @ANYBLOB='o\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000000ec0)=ANY=[@ANYPTR=&(0x7f0000000c80)=ANY=[@ANYBLOB='\x00'/91], @ANYBLOB="9b4dd4c02f7ffc70", @ANYPTR=&(0x7f0000000d00)=ANY=[@ANYBLOB='\x00'/132], @ANYBLOB="8400000000000000", @ANYPTR=&(0x7f0000000dc0)=ANY=[@ANYBLOB='\x00'/19], @ANYBLOB='&\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000000e00)=ANY=[@ANYBLOB='\x00'/85], @ANYBLOB="aa00000000000000"], @ANYBLOB="040000000000000040000000000000000400000000000000580000000000000014010000070000000100000000fcffff", @ANYPTR=&(0x7f0000000f00)=ANY=[@ANYBLOB="0400000000000000"], @ANYPTR=&(0x7f0000000f40)=ANY=[@ANYBLOB="00000080000000"], @ANYBLOB="2a000000000000000000000000000000010001000000000003000000000000000200000000000000060000000000000030000000000000001401000003000000", @ANYPTR=&(0x7f0000000f80)=ANY=[@ANYBLOB='\x00'/18], @ANYBLOB="1700000000000000", @ANYPTR=&(0x7f0000000fc0)=ANY=[@ANYBLOB='\x00'], @ANYBLOB="100000000000000058000000000000001401000007000000ff03000005000000", @ANYPTR=&(0x7f0000001000)=ANY=[@ANYBLOB="0300000000000000"], @ANYPTR=&(0x7f0000001040)=ANY=[@ANYBLOB="ffffff7f00000000"], @ANYBLOB="05000000000000000600000000000000570000000000000006000000000000000800000000000000090000000000000048000000000000001401000001000000e31e000005000000", @ANYPTR=&(0x7f0000001080)=ANY=[@ANYBLOB='\x00'/14], @ANYBLOB="0e00000000000000", @ANYPTR=&(0x7f00000012c0)=ANY=[@ANYPTR=&(0x7f00000010c0)=ANY=[@ANYBLOB='\x00'/60], @ANYBLOB='<\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000001100)=ANY=[@ANYBLOB='\x00'/48], @ANYBLOB='0\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000001140)=ANY=[@ANYBLOB]], @ANYBLOB="040000000000000009000000000000000300"], 0x198, 0x40}, 0x1) r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000180)={0x2, 0x0, @loopback}, 0x10) r1 = perf_event_open(&(0x7f0000000880)={0x1, 0x70, 0x0, 0x0, 0x0, 0x100000000000, 0x0, 0x7f, 0x0, 0x1, 0x0, 0x0, 0x0, 0x2, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000100), 0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="4800000000000000140100000100"/24, @ANYPTR=&(0x7f0000000040)=ANY=[@ANYBLOB='\x00'/156], @ANYBLOB="0503080000000000", @ANYPTR=&(0x7f0000001140)=ANY=[@ANYPTR=&(0x7f0000000100)=ANY=[@ANYBLOB='\x00'/44], @ANYBLOB=',\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f00000001c0)=ANY=[@ANYBLOB='\x00'/67], @ANYBLOB='C\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000000240)=ANY=[@ANYBLOB='\x00'/198], @ANYBLOB="c600000000000000", @ANYPTR=&(0x7f0000000140)=ANY=[@ANYBLOB='\x00'/15], @ANYBLOB="0f00000000000000", @ANYPTR=&(0x7f0000000340)=ANY=[@ANYBLOB='\x00'/54], @ANYBLOB="ffff070000000000", @ANYPTR=&(0x7f0000000380)=ANY=[@ANYBLOB='\x00'/42], @ANYBLOB='*\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f00000003c0)=ANY=[@ANYBLOB='\x00'/77], @ANYBLOB='M\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000000440)=ANY=[@ANYBLOB='\x00'/244], @ANYBLOB="f400000000000000", @ANYPTR=&(0x7f0000000540)=ANY=[@ANYBLOB='\x00'/219], @ANYBLOB="db000000000472494397f126436e34ee169c944df47bfc0bee5ef8f688937173431881a926cf8d959d36bf4f64e3550d7bfd7e0bfc4a506f688df45cef99c3c1f44a592673b4de939193da7bbaa86c065007f625c0062b16864a2e6c352f3615eab801000000000000009bf9dee9e3e0d51a5b2a48caaf89df174bca13fffc106392e26dfec020a4dd7d0aaf415033b45a6b68ec021afbd8b049acb2ce454255ab9f8a9a0b24bf19b6e8e3f21f08f1ce55c3b277aaad2bde6f6ab531a030e9193d82d02fe8d814e5d0895c329455c2846b4332f6a66db48f4811"], @ANYBLOB='\a\x00'/24], 0x48}, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r1, 0x800c6613, &(0x7f0000000680)={0x0, @aes256, 0x0, "8f56e38b72f38e27"}) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000640)={0x52, 0x9, 0x3, {0x9, 0x8}, {0x5, 0x9bf}, @rumble={0x7, 0x7}}) 11:07:01 executing program 4: ioctl$SNDRV_TIMER_IOCTL_STATUS(0xffffffffffffffff, 0x80605414, &(0x7f0000001500)=""/172) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$rds(0xffffffffffffffff, &(0x7f00000014c0)={0x0, 0x0, &(0x7f0000000bc0)=[{0x0}], 0x1, &(0x7f0000001300)=ANY=[@ANYBLOB, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYBLOB="17000000", @ANYPTR, @ANYBLOB], 0x2c}, 0x1) r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000180)={0x2, 0x0, @loopback}, 0x10) perf_event_open(&(0x7f0000000880)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000100), 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {&(0x7f0000000040)=""/156, 0x80305}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x2c}, {&(0x7f00000001c0)=""/67, 0x43}, {&(0x7f0000000240)=""/198, 0xc6}, {&(0x7f0000000140)=""/15, 0xf}, {&(0x7f0000000340)=""/54, 0x7ffff}, {&(0x7f0000000380)=""/42, 0x2a}, {&(0x7f00000003c0)=""/77, 0x4d}, {&(0x7f0000000440)=""/244, 0xf4}, {&(0x7f0000000540)=""/219, 0xdb}], 0x7}}], 0x48}, 0x0) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000640)={0x52, 0x9, 0x3, {0x9, 0x8}, {0x5}, @rumble={0x7, 0x7}}) [ 1137.420902][T10278] netlink: 'syz-executor.5': attribute type 4 has an invalid length. 11:07:01 executing program 0: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)={0xa, 0x800000000004, 0x4, 0x7}, 0x3c) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000001c0)={r0, &(0x7f0000000400), &(0x7f00000000c0)}, 0x20) fsync(r0) recvmsg(r0, &(0x7f00000006c0)={&(0x7f0000000000)=@tipc, 0x80, &(0x7f0000000540)=[{&(0x7f00000000c0)=""/62, 0x3e}, {&(0x7f0000000100)=""/7, 0x7}, {&(0x7f0000000200)=""/191, 0xbf}, {&(0x7f0000000140)=""/127, 0x7f}, {&(0x7f0000000300)=""/185, 0xb9}, {&(0x7f00000003c0)=""/174, 0xae}, {&(0x7f0000000480)=""/191, 0xbf}], 0x7, &(0x7f00000005c0)=""/229, 0xe5}, 0x10000) bpf$MAP_DELETE_ELEM(0x3, &(0x7f00000002c0)={r0, &(0x7f0000000240)}, 0x10) 11:07:01 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c00"/20, @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) 11:07:01 executing program 3: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff038000000800395032303030264c"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000400)={0xa0}, 0xa0) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) ioctl$KDSIGACCEPT(r2, 0x4b4e, 0x3) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) chdir(&(0x7f0000000000)='./file0\x00') mknod(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) 11:07:02 executing program 2: r0 = syz_open_dev$amidi(&(0x7f0000000180)='/dev/amidi#\x00', 0x9, 0x4800) ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, &(0x7f0000000680)={0x0}) ioctl$DRM_IOCTL_SWITCH_CTX(r0, 0x40086424, &(0x7f0000000800)={r1, 0x2}) ioctl$SNDRV_TIMER_IOCTL_STATUS(0xffffffffffffffff, 0x80605414, &(0x7f0000001500)=""/172) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$rds(0xffffffffffffffff, &(0x7f00000014c0)={&(0x7f0000000900)={0x2, 0x4e21, @remote}, 0x10, &(0x7f0000000bc0)=[{&(0x7f0000000940)=""/192, 0xc0}, {&(0x7f0000000a00)=""/158, 0x9e}, {&(0x7f0000000ac0)=""/209, 0xd1}], 0x3, &(0x7f0000001300)=ANY=[@ANYBLOB="1800000000000000140100000200000068000000fbffffff180000000000000014010000020000000800000003000000480000000000000014010000010000000000000000000100", @ANYPTR=&(0x7f0000000c00)=ANY=[@ANYBLOB='\x00'/111], @ANYBLOB='o\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000000ec0)=ANY=[@ANYPTR=&(0x7f0000000c80)=ANY=[@ANYBLOB='\x00'/91], @ANYBLOB="9b4dd4c02f7ffc70", @ANYPTR=&(0x7f0000000d00)=ANY=[@ANYBLOB='\x00'/132], @ANYBLOB="8400000000000000", @ANYPTR=&(0x7f0000000dc0)=ANY=[@ANYBLOB='\x00'/19], @ANYBLOB='&\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000000e00)=ANY=[@ANYBLOB='\x00'/85], @ANYBLOB="aa00000000000000"], @ANYBLOB="040000000000000040000000000000000400000000000000580000000000000014010000070000000100000000fcffff", @ANYPTR=&(0x7f0000000f00)=ANY=[@ANYBLOB="0400000000000000"], @ANYPTR=&(0x7f0000000f40)=ANY=[@ANYBLOB="00000080000000"], @ANYBLOB="2a000000000000000000000000000000010001000000000003000000000000000200000000000000060000000000000030000000000000001401000003000000", @ANYPTR=&(0x7f0000000f80)=ANY=[@ANYBLOB='\x00'/18], @ANYBLOB="1700000000000000", @ANYPTR=&(0x7f0000000fc0)=ANY=[@ANYBLOB='\x00'], @ANYBLOB="100000000000000058000000000000001401000007000000ff03000005000000", @ANYPTR=&(0x7f0000001000)=ANY=[@ANYBLOB="0300000000000000"], @ANYPTR=&(0x7f0000001040)=ANY=[@ANYBLOB="ffffff7f00000000"], @ANYBLOB="05000000000000000600000000000000570000000000000006000000000000000800000000000000090000000000000048000000000000001401000001000000e31e000005000000", @ANYPTR=&(0x7f0000001080)=ANY=[@ANYBLOB='\x00'/14], @ANYBLOB="0e00000000000000", @ANYPTR=&(0x7f00000012c0)=ANY=[@ANYPTR=&(0x7f00000010c0)=ANY=[@ANYBLOB='\x00'/60], @ANYBLOB='<\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000001100)=ANY=[@ANYBLOB='\x00'/48], @ANYBLOB='0\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000001140)=ANY=[@ANYBLOB]], @ANYBLOB="040000000000000009000000000000000300"], 0x198, 0x40}, 0x1) r2 = socket$rds(0x15, 0x5, 0x0) perf_event_open(&(0x7f0000000880)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$rds(r2, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000100), 0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="4800000000000000140100000100"/24, @ANYPTR=&(0x7f0000000040)=ANY=[@ANYBLOB='\x00'/156], @ANYBLOB="0503080000000000", @ANYPTR=&(0x7f00000006c0)=ANY=[@ANYPTR=&(0x7f0000000100)=ANY=[@ANYBLOB='\x00'/44], @ANYBLOB=',\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f00000001c0)=ANY=[@ANYBLOB='\x00'/67], @ANYBLOB="431c000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[@ANYBLOB='\x00'/198], @ANYBLOB="c600000000000000", @ANYPTR=&(0x7f0000000140)=ANY=[@ANYBLOB='\x00'/15], @ANYBLOB="0f00000000000000", @ANYPTR=&(0x7f0000000340)=ANY=[@ANYBLOB='\x00'/54], @ANYBLOB="ffff070000000000", @ANYPTR=&(0x7f0000000380)=ANY=[@ANYBLOB='\x00'/42], @ANYBLOB='*\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f00000003c0)=ANY=[@ANYBLOB='\x00'/77], @ANYBLOB='M\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000000440)=ANY=[@ANYBLOB='\x00'/244], @ANYBLOB="f400000000000000", @ANYPTR=&(0x7f0000000540)=ANY=[@ANYBLOB='\x00'/219], @ANYBLOB="db00000000000000"], @ANYBLOB='\a\x00'/24], 0x48}, 0x0) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000640)={0x52, 0x9, 0x3, {0x9, 0x8}, {0x5, 0x9bf}, @rumble={0x7, 0x7}}) [ 1137.553931][T10284] rdma_op 000000005be23435 conn xmit_rdma 00000000d8f1147d [ 1137.578046][T10291] netlink: 'syz-executor.5': attribute type 4 has an invalid length. 11:07:02 executing program 0: setsockopt$inet_msfilter(0xffffffffffffffff, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYPTR64=&(0x7f0000000000)=ANY=[@ANYRES32=0x0, @ANYRES16, @ANYRES16]], 0x1) r0 = socket$inet_udp(0x2, 0x2, 0x0) getsockopt$inet_buf(r0, 0x0, 0x29, &(0x7f0000000540)=""/197, &(0x7f0000000400)=0xffc4) [ 1137.653966][T10288] rdma_op 00000000929924f1 conn xmit_rdma 00000000d8f1147d 11:07:02 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c00"/20, @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) [ 1137.691307][ T23] audit: type=1804 audit(1566904022.134:1055): pid=10301 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir582042889/syzkaller.EPHjOp/2333/bus" dev="sda1" ino=16744 res=1 [ 1137.739042][T10299] rdma_op 0000000077dc5a12 conn xmit_rdma 00000000d8f1147d [ 1137.759868][T10310] netlink: 'syz-executor.5': attribute type 4 has an invalid length. 11:07:02 executing program 1: r0 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r0, 0x8003f1) open(&(0x7f00000004c0)='./bus\x00', 0x0, 0x1800) 11:07:02 executing program 2: ioctl$SNDRV_TIMER_IOCTL_STATUS(0xffffffffffffffff, 0x80605414, &(0x7f0000001500)=""/172) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$rds(0xffffffffffffffff, &(0x7f00000014c0)={&(0x7f0000000900)={0x2, 0x4e21, @remote}, 0x10, &(0x7f0000000bc0)=[{&(0x7f0000000940)=""/192, 0xc0}, {&(0x7f0000000a00)=""/158, 0x9e}, {&(0x7f0000000ac0)=""/209, 0xd1}], 0x3, &(0x7f0000001300)=ANY=[@ANYBLOB="1800000000000000140100000200000068000000fbffffff180000000000000014010000020000000800000003000000480000000000000014010000010000000000000000000100", @ANYPTR=&(0x7f0000000c00)=ANY=[@ANYBLOB='\x00'/111], @ANYBLOB='o\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000005000)=ANY=[@ANYPTR=&(0x7f0000000c80)=ANY=[@ANYBLOB='\x00'/91], @ANYBLOB="9b4dd4c02f7ffc70", @ANYPTR=&(0x7f0000000d00)=ANY=[@ANYBLOB='\x00'/132], @ANYBLOB="bd3baa04ec5b11ec9dde2a862ce426d30503b1ae9b7da077abdd6176133d31cb5a161ddf2ca5ae229146e203475891711d3379fc42bc51f5d207e20fb1bae83be629b6b808f72f24394900000000000000000000000042ead61c97a2fe0acb06c966921df45952b6318f3fd9ac78dc39bb46b89d74b183c7d7ba353f38906ee314f67d3be9881486ac26b7376202ff0c4c20a2709289af05da487a60f3e561dceedc9514b81e486116bd1903c8065186747ab4634312a440b9654befbab89ff05975d45a76a8a5112291398a219575133ada214276597c5c8e8dca4c639628694eb1dfe1c912ffdcc1d1182ce52052567cdb52ba34539da61e8bd507b63c34678eb36543e60500c296e1600de955324541f4067bf7da00"/292, @ANYPTR=&(0x7f0000000dc0)=ANY=[@ANYBLOB='\x00'/19], @ANYBLOB='&\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000000e00)=ANY=[@ANYBLOB='\x00'/85], @ANYBLOB="aa00000000000000"], @ANYBLOB="040000000000000040000000000000000400000000000000580000000000000014010000070000000100000000fcffff", @ANYPTR=&(0x7f0000000f00)=ANY=[@ANYBLOB="0400000000000000"], @ANYPTR=&(0x7f0000000f40)=ANY=[@ANYBLOB="00000080000000"], @ANYBLOB="2a000000000000000000000000000000010001000000000003000000000000000200000000000000060000000000000030000000000000001401000003000000", @ANYPTR=&(0x7f0000000f80)=ANY=[@ANYBLOB='\x00'/18], @ANYBLOB="1700000000000000", @ANYPTR=&(0x7f0000000fc0)=ANY=[@ANYBLOB='\x00'], @ANYBLOB="100000000000000058000000000000001401000007000000ff03000005000000", @ANYPTR=&(0x7f0000001000)=ANY=[@ANYBLOB="0300000000000000"], @ANYPTR=&(0x7f0000001040)=ANY=[@ANYBLOB="ffffff7f00000000"], @ANYBLOB="05000000000000000600000000000000570000000000000006000000000000000800000000000000090000000000000048000000000000001401000001000000e31e000005000000", @ANYPTR=&(0x7f0000001080)=ANY=[@ANYBLOB='\x00'/14], @ANYBLOB="0e00000000000000", @ANYPTR=&(0x7f00000012c0)=ANY=[@ANYPTR=&(0x7f00000010c0)=ANY=[@ANYBLOB='\x00'/60], @ANYBLOB='<\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000001100)=ANY=[@ANYBLOB='\x00'/48], @ANYBLOB='0\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000001140)=ANY=[@ANYBLOB]], @ANYBLOB="040000000000000009000000000000000300"], 0x198, 0x40}, 0x1) recvmmsg(0xffffffffffffffff, &(0x7f0000004f00)=[{{&(0x7f0000000800)=@rc, 0x80, &(0x7f0000000e80)=[{&(0x7f0000000680)=""/54, 0x36}, {&(0x7f0000001140)=""/166, 0xa6}, {&(0x7f0000001640)=""/217, 0xd9}], 0x3}, 0x2}, {{&(0x7f0000001200)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff}}, 0x80, &(0x7f0000002ac0)=[{&(0x7f0000001740)=""/211, 0xd3}, {&(0x7f0000001840)=""/68, 0x44}, {&(0x7f00000018c0)=""/117, 0x75}, {&(0x7f0000001940)=""/4096, 0x1000}, {&(0x7f0000002940)=""/133, 0x85}, {&(0x7f0000002a00)=""/138, 0x8a}], 0x6, &(0x7f0000001280)=""/27, 0x1b}, 0x1ff}, {{0x0, 0x0, &(0x7f0000004d80)=[{&(0x7f0000002b40)=""/233, 0xe9}, {&(0x7f0000002c40)=""/4096, 0x1000}, {&(0x7f00000015c0)=""/10, 0xa}, {&(0x7f0000003c40)=""/79, 0x4f}, {&(0x7f0000003cc0)=""/147, 0x93}, {&(0x7f0000003d80)=""/4096, 0x1000}], 0x6, &(0x7f0000004e00)=""/209, 0xd1}, 0xac}], 0x3, 0x2000, 0x0) setsockopt$bt_BT_FLUSHABLE(r0, 0x112, 0x8, &(0x7f0000004fc0)=0x1f, 0xffffffffffffffb3) r1 = socket$rds(0x15, 0x5, 0x0) bind$rds(r1, &(0x7f0000005180)={0x2, 0x0, @loopback}, 0x10) perf_event_open(&(0x7f0000000880)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$rds(r1, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000100), 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {&(0x7f0000000040)=""/156, 0x80305}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x2c}, {&(0x7f00000001c0)=""/67, 0x43}, {&(0x7f0000000240)=""/198, 0xc6}, {&(0x7f0000000140)=""/15, 0xf}, {&(0x7f0000000340)=""/54, 0x7ffff}, {&(0x7f0000000380)=""/42, 0x2a}, {&(0x7f00000003c0)=""/77, 0x4d}, {&(0x7f0000000440)=""/244, 0xf4}, {&(0x7f0000000540)=""/219, 0xdb}], 0x7}}], 0x48}, 0x0) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000640)={0x52, 0x9, 0x3, {0x9, 0x8}, {0x5, 0x9bf}, @rumble={0x7, 0x7}}) 11:07:02 executing program 4: ioctl$SNDRV_TIMER_IOCTL_STATUS(0xffffffffffffffff, 0x80605414, &(0x7f0000001500)=""/172) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$rds(0xffffffffffffffff, &(0x7f00000014c0)={0x0, 0x0, &(0x7f0000000bc0)=[{0x0}], 0x1, &(0x7f0000001300)=ANY=[@ANYBLOB, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYBLOB="17000000", @ANYPTR, @ANYBLOB], 0x2c}, 0x1) r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000180)={0x2, 0x0, @loopback}, 0x10) perf_event_open(&(0x7f0000000880)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000100), 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {&(0x7f0000000040)=""/156, 0x80305}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x2c}, {&(0x7f00000001c0)=""/67, 0x43}, {&(0x7f0000000240)=""/198, 0xc6}, {&(0x7f0000000140)=""/15, 0xf}, {&(0x7f0000000340)=""/54, 0x7ffff}, {&(0x7f0000000380)=""/42, 0x2a}, {&(0x7f00000003c0)=""/77, 0x4d}, {&(0x7f0000000440)=""/244, 0xf4}, {&(0x7f0000000540)=""/219, 0xdb}], 0x7}}], 0x48}, 0x0) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000640)={0x52, 0x9, 0x3, {0x9, 0x8}, {0x5}, @rumble={0x7, 0x7}}) 11:07:02 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c000000000000000000ffffa8", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) 11:07:02 executing program 0: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ion\x00', 0x121801, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000240)={0x0, 0x3, 0x1000}) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_open_dev$cec(&(0x7f00000005c0)='/dev/cec#\x00', 0x3, 0x2) ioctl$EVIOCSABS3F(r2, 0x401845ff, &(0x7f0000000600)={0x8, 0x9, 0xde, 0x7, 0x4, 0x3}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) r4 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000740)='/dr\x82c/sys/net/ipv4/vs/ignoreJtunneled\x00', 0x2, 0x0) setsockopt$inet6_tcp_int(r4, 0x6, 0xd, &(0x7f0000000380)=0x19a5, 0x4) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000580)='/dev/qat_adf_ctl\x00', 0x1, 0x0) getpeername$ax25(r1, &(0x7f0000000180)={{0x3, @netrom}, [@bcast, @remote, @remote, @default, @remote, @bcast, @default, @rose]}, &(0x7f00000000c0)=0x48) ioctl$TIOCSWINSZ(r4, 0x5414, &(0x7f0000000100)={0x6b95, 0x5, 0x8, 0x91}) ioctl$CAPI_GET_FLAGS(r4, 0x80044323, &(0x7f0000000280)) ioctl(r3, 0x6, &(0x7f00000002c0)="11dca50d5e0c273863f88a5402561298f8cacf4f1addff8984412b72361c48533ca00868332de3a018f65b53f41982dcd92595983267ee73bd0f85aad79cac302af7421efc45b26d34a4651e1d7707a50c219537875c38a2ffbd41acff611ef4a3dad56cfa6019432edb3abb55bd27b009b8c77cc23bde5d2ad11280474472b35ff75b22e8bb3a10cf74519a7a701bcd4db55920f60b8930775d9c1a") ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000003c0)=0x0) gettid() fadvise64(r2, 0x0, 0x1000000000, 0x1) r6 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000080)='/proc/capi/capi20ncci\x00', 0x2000, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1000008, 0x4010, r6, 0x0) ioctl$sock_FIOSETOWN(r1, 0x8901, &(0x7f0000000540)=r5) init_module(&(0x7f0000000140)='GPLselfppp0.\x00', 0xd, &(0x7f0000000640)='\xe1vmnet1]\xdd*}\x00') sendmsg$nl_generic(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000400)=ANY=[@ANYBLOB="1800000033001901040000000000000001630000040000008fa5bbfedd24ba232498ae09b24224c2a6b9b77899c5f6a7847db629d37cd4e45b765644d0586b33c6a0806f4bfd2adb3b5060d296bfc37a61a121920c62aa1c9a11fa97cc7528bc035a82df53bad08f47ad462e99fb0ae3570562843b301721fc2908b4165882ff51af05a2c891fe4c5da8064e26a9c3e3da46e58d2da7b50c7ab7c4b1887a98a70484f4ec077629a240382026a7ecdbb2b400532052e1bc5e7f6aa4e80d431dfa6b513c06f14d6ef02a010a84334ab5473027e45b1c64fac57f14806885632d294828a1b90d75ae60224abe0070ca301da17361458f4a417f2cf2e327bc6228551cb31ab170441644c1dd19"], 0x18}}, 0x0) 11:07:02 executing program 3: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff038000000800395032303030264c"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000040)={0x18}, 0x18) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000400)={0xa0}, 0xa0) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) syz_init_net_socket$netrom(0x6, 0x5, 0x0) chdir(&(0x7f0000000000)='./file0\x00') mknod(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) [ 1137.981096][T10325] openvswitch: netlink: Flow key attr not present in new flow. [ 1137.993346][T10328] openvswitch: netlink: Flow key attr not present in new flow. [ 1138.002627][T10327] netlink: 'syz-executor.5': attribute type 4 has an invalid length. [ 1138.011596][T10331] rdma_op 00000000e854cda7 conn xmit_rdma 00000000d8f1147d 11:07:02 executing program 0: bpf$MAP_UPDATE_ELEM(0x2, 0x0, 0x0) r0 = syz_open_dev$sndpcmp(0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket(0x40000000015, 0x5, 0x0) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @loopback}, 0x10) fcntl$getownex(r2, 0x10, &(0x7f0000000cc0)) lstat(0x0, &(0x7f0000000d40)) getgroups(0x3, &(0x7f0000000dc0)=[0xffffffffffffffff, 0xffffffffffffffff, 0x0]) fcntl$getown(r0, 0x9) stat(&(0x7f0000000ec0)='./file0\x00', &(0x7f0000000f00)) stat(&(0x7f0000001040)='./file0\x00', 0x0) lstat(&(0x7f0000001280)='./file0\x00', 0x0) getpgrp(0x0) getresuid(&(0x7f0000001340), &(0x7f0000001380), &(0x7f00000013c0)) getresgid(&(0x7f0000001400), &(0x7f0000001440), &(0x7f0000001480)) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0x3983baaabf9a6865, 0x4) writev(r1, &(0x7f00000009c0)=[{&(0x7f00000004c0)="ab111e1d7e49ae7bfca67d4ac5496edf31033146f6e34a2c9cfd63432040def3ec265cdcc9a33569a16e4c5c4d3385ed1f9e34ba838ca31d6cd82eca823968d9757e477a746402b2cf89652d78e425f2bd1a5c33725290f0d6ecaa62afd89e12da75c1e1e6ac222d4ec77c04393a3361398cd169bea5594984d4b8bf3fd954dcd69aa96b65722a26580089b0c8dfd7b5063e3eb5", 0x94}, {0x0}, {&(0x7f0000000880)="f063cd5cda4b6a8d2bdc7d79779219e205577182b9e42d3d1617c8a74d027b289211655a0f5abdcd23546fa8fe7c8a2fc5f375731efd9a32d934641918da416c86da1af7fb4fa28304db", 0x4a}], 0x3) bind$inet(r2, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x10) sendmsg$xdp(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000740)=[{&(0x7f0000000380)="fe", 0x1a000}], 0x1}, 0x0) poll(&(0x7f0000000080)=[{r2}], 0x2116, 0x81) getsockopt$inet_IP_XFRM_POLICY(r2, 0x0, 0x11, &(0x7f0000000240)={{{@in6=@ipv4={[], [], @empty}, @in=@local}}, {{@in=@multicast1}, 0x0, @in6=@ipv4={[], [], @initdev}}}, &(0x7f00000000c0)=0xe8) ioctl$HCIINQUIRY(r2, 0x800448f0, &(0x7f00000003c0)={0x0, 0x38a, 0x7fffffff, 0x1, 0x3acc, 0x100000001, 0x7}) ioctl$VIDIOC_DQBUF(r0, 0xc0585611, &(0x7f0000000440)={0x4d75413d, 0x0, 0x4, 0x7e000, {}, {0x3, 0x2, 0x8, 0x8, 0x0, 0x80000000, "465877ae"}, 0xeff, 0x2, @planes=&(0x7f0000000400)={0x6, 0x2, @fd=r0, 0x101}, 0x4}) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x89f3, &(0x7f0000000180)='za\x80 \x00\xa0\xe2\xc1\xd1\xe3;\x88\xe9s\x15\xb4\xe64\xc2\xeb \xe2\xbd\x04\x1bW\x8c\x86\x14\x1d\x11\xe5\xf6y\x87\x12 >6\xf5\x05\xa1\"\xad7)\xc1\xf9\xf2\xb8JX\x8b[\x1c\xf9\xb2\"\rl\xe6\xefm\"\x0e\xad\xce\x96J\x89\xe2;\xdaN\xe2\xf6\xaa\xdd\xe8\xb8\x9f\xe2\xdc\x95\xab\xc6\xee|\b\x15\xecv\x9d\xfc\xee\xe3h>\xa1\xc8\x04\'/\xdb\xc7A\x9c\xecAg\xf7\xd4\x0f]\xa6\xc2\xf2\x00\x04\xb1\nK<~L\b\xf7r\x93\x82AS\a\x00'/145) 11:07:02 executing program 2: ioctl$SNDRV_TIMER_IOCTL_STATUS(0xffffffffffffffff, 0x80605414, &(0x7f0000001500)=""/172) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$rds(0xffffffffffffffff, &(0x7f00000014c0)={&(0x7f0000000900)={0x2, 0x4e21, @remote}, 0x10, &(0x7f0000000bc0)=[{&(0x7f0000000940)=""/192, 0xc0}, {&(0x7f0000000a00)=""/158, 0x9e}, {&(0x7f0000000ac0)=""/209, 0xd1}], 0x3, &(0x7f0000001640)=ANY=[@ANYBLOB="1800000000000000140100000200000068000000fbffffff180000000000000014010000020000000800000003000000480000000000000014010000010000000000000000000100", @ANYPTR=&(0x7f0000000c00)=ANY=[@ANYBLOB='\x00'/111], @ANYBLOB="d74b96ba5aba5ee5c7ab50dfe75839e04962bc19dda905b7d9de54c2fbca5d86c7561a4e8d486bbe5b0000c29666660f0cecfd999326700ba7bdaa68d5b8ff54b78c515a83aea02222070926", @ANYPTR=&(0x7f0000000ec0)=ANY=[@ANYPTR=&(0x7f0000000c80)=ANY=[@ANYBLOB='\x00'/91], @ANYBLOB="9b4dd4c02f7ffc70", @ANYPTR=&(0x7f0000000d00)=ANY=[@ANYBLOB='\x00'/132], @ANYBLOB="8400000000000000", @ANYPTR=&(0x7f0000000dc0)=ANY=[@ANYBLOB='\x00'/19], @ANYBLOB='&\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000000e00)=ANY=[@ANYBLOB='\x00'/85], @ANYBLOB="aa00000000000000"], @ANYBLOB="040000000000000040000000000000000400000000000000580000000000000014010000070000000100000000fcffff", @ANYPTR=&(0x7f0000000f00)=ANY=[@ANYBLOB="0400000000000000"], @ANYPTR=&(0x7f0000000f40)=ANY=[@ANYBLOB="00000080000000"], @ANYBLOB="2a000000000000000000000000000000010001000000000003000000000000000200000000000000060000000000000030000000000000001401000003000000", @ANYPTR=&(0x7f0000000f80)=ANY=[@ANYBLOB='\x00'/18], @ANYBLOB="1700000000000000", @ANYPTR=&(0x7f0000000fc0)=ANY=[@ANYBLOB='\x00'], @ANYBLOB="100000000000000058000000000000001401000007000000ff03000005000000", @ANYPTR=&(0x7f0000001000)=ANY=[@ANYBLOB="0300000000000000"], @ANYPTR=&(0x7f0000001040)=ANY=[@ANYBLOB="ffffff7f00000000"], @ANYBLOB="05000000000000000600000000000000570000000000000006000000000000000800000000000000090000000000000048000000000000001401000001000000e31e000005000000", @ANYPTR=&(0x7f0000001080)=ANY=[@ANYBLOB='\x00'/14], @ANYBLOB="0e00000000000000", @ANYPTR=&(0x7f00000012c0)=ANY=[@ANYPTR=&(0x7f00000010c0)=ANY=[@ANYBLOB='\x00'/60], @ANYBLOB='<\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000001100)=ANY=[@ANYBLOB='\x00'/48], @ANYBLOB='0\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000001140)=ANY=[@ANYBLOB]], @ANYBLOB="040000000000000009000000000000000300"], 0x198, 0x40}, 0x1) r0 = accept4$tipc(0xffffffffffffffff, &(0x7f0000000840), &(0x7f0000000e80)=0x10, 0x80000) fcntl$setlease(r0, 0x400, 0x413bf6ba449631a4) r1 = socket$rds(0x15, 0x5, 0x0) bind$rds(r1, &(0x7f0000000180)={0x2, 0x0, @loopback}, 0x10) perf_event_open(&(0x7f0000000880)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$rds(r1, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000100), 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {&(0x7f0000000040)=""/156, 0x80305}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x2c}, {&(0x7f00000001c0)=""/67, 0x43}, {&(0x7f0000000240)=""/198, 0xc6}, {&(0x7f0000000140)=""/15, 0xf}, {&(0x7f0000000340)=""/54, 0x7ffff}, {&(0x7f0000000380)=""/42, 0x2a}, {&(0x7f00000003c0)=""/77, 0x4d}, {&(0x7f0000000440)=""/244, 0xf4}, {&(0x7f0000000540)=""/219, 0xdb}], 0x7}}], 0x48}, 0x0) getsockopt$sock_linger(r1, 0x1, 0xd, &(0x7f0000000680), &(0x7f0000000800)=0x8) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000640)={0x52, 0x9, 0x3, {0x9, 0x8}, {0x5, 0x9bf}, @rumble={0x7, 0x7}}) [ 1138.079337][ T23] audit: type=1804 audit(1566904022.524:1056): pid=10337 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir582042889/syzkaller.EPHjOp/2334/bus" dev="sda1" ino=16771 res=1 11:07:02 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c000000000000000000ffffff", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) [ 1138.167021][T10324] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1138.235171][T10355] netlink: 'syz-executor.5': attribute type 4 has an invalid length. [ 1138.244058][T10324] CPU: 1 PID: 10324 Comm: syz-executor.4 Not tainted 5.3.0-rc6 #127 [ 1138.252051][T10324] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1138.262099][T10324] Call Trace: [ 1138.265385][T10324] dump_stack+0x172/0x1f0 [ 1138.269708][T10324] dump_header+0x10b/0x82d [ 1138.274118][T10324] ? oom_kill_process+0x94/0x3f0 [ 1138.279049][T10324] oom_kill_process.cold+0x10/0x15 [ 1138.284178][T10324] out_of_memory+0x79a/0x12c0 [ 1138.288872][T10324] ? lock_downgrade+0x920/0x920 [ 1138.293807][T10324] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1138.300044][T10324] ? oom_killer_disable+0x280/0x280 [ 1138.305334][T10324] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1138.310968][T10324] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1138.316599][T10324] ? do_raw_spin_unlock+0x57/0x270 [ 1138.321793][T10324] ? _raw_spin_unlock+0x2d/0x50 [ 1138.326730][T10324] try_charge+0xf4b/0x1440 [ 1138.331281][T10324] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1138.336830][T10324] ? percpu_ref_tryget_live+0x111/0x290 [ 1138.342377][T10324] ? get_mem_cgroup_from_mm+0x16/0x320 [ 1138.347825][T10324] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1138.347839][T10324] mem_cgroup_try_charge+0x136/0x590 [ 1138.358650][T10324] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1138.364891][T10324] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1138.370516][T10324] wp_page_copy+0x41e/0x15e0 [ 1138.370529][T10324] ? page_trans_huge_mapcount+0x166/0x450 [ 1138.370546][T10324] ? pmd_pfn+0x1d0/0x1d0 [ 1138.385147][T10324] ? lock_downgrade+0x920/0x920 [ 1138.390039][T10324] ? swp_swapcount+0x540/0x540 [ 1138.394802][T10324] ? __kasan_check_read+0x11/0x20 [ 1138.399209][T10365] netlink: 'syz-executor.5': attribute type 4 has an invalid length. [ 1138.399813][T10324] ? do_raw_spin_unlock+0x57/0x270 [ 1138.399825][T10324] do_wp_page+0x499/0x14d0 [ 1138.399841][T10324] ? finish_mkwrite_fault+0x570/0x570 [ 1138.422740][T10324] __handle_mm_fault+0x22f1/0x3f20 [ 1138.427862][T10324] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1138.433406][T10324] ? __kasan_check_read+0x11/0x20 [ 1138.438436][T10324] ? trace_hardirqs_on+0x67/0x240 [ 1138.443640][T10324] handle_mm_fault+0x1b5/0x6b0 [ 1138.448416][T10324] __do_page_fault+0x536/0xdd0 [ 1138.453184][T10324] do_page_fault+0x38/0x590 [ 1138.457693][T10324] page_fault+0x39/0x40 [ 1138.461840][T10324] RIP: 0033:0x430956 [ 1138.465740][T10324] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 56 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 0c 46 64 00 85 c0 0f 84 11:07:02 executing program 2: ioctl$SNDRV_TIMER_IOCTL_STATUS(0xffffffffffffffff, 0x80605414, &(0x7f0000001500)=""/172) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$rds(0xffffffffffffffff, &(0x7f00000014c0)={&(0x7f0000000900)={0x2, 0x4e21, @remote}, 0x10, &(0x7f0000000bc0)=[{&(0x7f0000000940)=""/192, 0xc0}, {&(0x7f0000000a00)=""/158, 0x9e}, {&(0x7f0000000ac0)=""/209, 0xd1}], 0x3, &(0x7f0000001300)=ANY=[@ANYBLOB="1800000000000000140100000200000068000000fbffffff180000000000000014010000020000000800000003000000480000000000000014010000010000000000000000000100", @ANYPTR=&(0x7f0000000c00)=ANY=[@ANYBLOB='\x00'/111], @ANYBLOB='o\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000000ec0)=ANY=[@ANYPTR=&(0x7f0000000c80)=ANY=[@ANYBLOB='\x00'/91], @ANYBLOB="9b4dd4c02f7ffc70", @ANYPTR=&(0x7f0000000d00)=ANY=[@ANYBLOB='\x00'/132], @ANYBLOB="8400000000000000", @ANYPTR=&(0x7f0000000dc0)=ANY=[@ANYBLOB='\x00'/19], @ANYBLOB='&\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000000e00)=ANY=[@ANYBLOB='\x00'/85], @ANYBLOB="aa00000000000000"], @ANYBLOB="040000000000000040000000000000000400000000000000580000000000000014010000070000000100000000fcffff", @ANYPTR=&(0x7f0000000f00)=ANY=[@ANYBLOB="0400000000000000"], @ANYPTR=&(0x7f0000000f40)=ANY=[@ANYBLOB="00000080000000"], @ANYBLOB="2a000000000000000000000000000000010001000000000003000000000000000200000000000000060000000000000030000000000000001401000003000000", @ANYPTR=&(0x7f0000000f80)=ANY=[@ANYBLOB='\x00'/18], @ANYBLOB="1700000000000000", @ANYPTR=&(0x7f0000000fc0)=ANY=[@ANYBLOB='\x00'], @ANYBLOB="100000000000000058000000000000001401000007000000ff03000005000000", @ANYPTR=&(0x7f0000001000)=ANY=[@ANYBLOB="0300000000000000"], @ANYPTR=&(0x7f0000000540)=ANY=[@ANYBLOB="1c55e23b36bb6bd161cb542c2089d23ebde43881963049a152dfad3e9d27de7cbb43690f26c6d16fbdeb21182d0274e74c7b87d09e6b31c5b643a147b270437fde4e97d5eb73b5018f414927df2ed0fe0931da7f2861022b88cd830daa8c96d97d9fd9986281c8fc93ac3b1c3ab989209aeeba337cd7d078d5637ac65221a23299b6bfc6984a55dbc30beaebcc7d5d271090032191aa22dd2602266557a648e906098f0384b4be333b"], @ANYBLOB="05000000000000000600000000000000570000000000000006000000000000000800000000000000090000000000000048000000000000001401000001000000e31e000005000000", @ANYPTR=&(0x7f0000001080)=ANY=[@ANYBLOB='\x00'/14], @ANYBLOB="0e00000000000000", @ANYPTR=&(0x7f00000012c0)=ANY=[@ANYPTR=&(0x7f00000010c0)=ANY=[@ANYBLOB='\x00'/60], @ANYBLOB='<\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000001100)=ANY=[@ANYBLOB='\x00'/48], @ANYBLOB='0\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000001140)=ANY=[@ANYBLOB]], @ANYBLOB="040000000000000009000000000000000300"], 0x198, 0x40}, 0x1) r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000180)={0x2, 0x0, @loopback}, 0x10) r1 = perf_event_open(&(0x7f0000000880)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000100), 0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="4800000000000000140100000100"/24, @ANYPTR=&(0x7f0000000040)=ANY=[@ANYBLOB='\x00'/156], @ANYBLOB="0503080000000000", @ANYPTR=&(0x7f00000006c0)=ANY=[@ANYPTR=&(0x7f0000000100)=ANY=[@ANYBLOB='\x00'/44], @ANYBLOB=',\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f00000001c0)=ANY=[@ANYBLOB='\x00'/67], @ANYBLOB='C\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000000240)=ANY=[@ANYBLOB='\x00'/198], @ANYBLOB="c600000000000000", @ANYPTR=&(0x7f0000000140)=ANY=[@ANYBLOB='\x00'/15], @ANYBLOB="0f00000000000000", @ANYPTR=&(0x7f0000000340)=ANY=[@ANYBLOB='\x00'/54], @ANYBLOB="ffff070000000000", @ANYPTR=&(0x7f0000000380)=ANY=[@ANYBLOB='\x00'/42], @ANYBLOB='*\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f00000003c0)=ANY=[@ANYBLOB='\x00'/77], @ANYBLOB='M\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000000440)=ANY=[@ANYBLOB='\x00'/244], @ANYBLOB="f400000000000000", @ANYPTR=&(0x7f0000001640)=ANY=[@ANYBLOB="00000300000000000000000005000000000000000000000000000000b9d5000000000000000000000000f3ff00000000000000000000000000000000000000000000000000000000000000000000000000003a000000000000000000000000000000000000000000000000f34000000000000000000000000000000000000000e8000000000000000000000000000000000000000000000009000000000000000000000000000000000000000000000600000000000000000000000000000000bb13b06d4b144c40000000000000000000000000000000004b2ef138cb7c1aaf89c45cf0531fba426d0c3d268ff53c112062b77b157b0c5d6294db85518d675a69a15c3b7a9c63b6a185164382c5d4a7c64b9b7b5d825738e4e412abd224e4eb0ae77bc703a7aeef4b692ed6aa0a4c1636d431a4b89061cb7a3719716bbaef3c1588a152ce00e1ecb7e229db37a6aa9209f427bf6a640c3d97dc084bbdc12fd90e799fb51b4e9d6b27ee42e711463b9bcc5a9091a7f257392f01c48cd2e58ab6ce"], @ANYBLOB="db00000000000000"], @ANYBLOB='\a\x00'/24], 0x48}, 0x0) r2 = request_key(&(0x7f0000001140)='.request_key_auth\x00', &(0x7f0000001180)={'syz', 0x0}, &(0x7f00000011c0)='lo-\xad\'trustedkeyring-\x00', 0xfffffffffffffff8) r3 = add_key$keyring(&(0x7f0000001240)='keyring\x00', &(0x7f0000001280)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffff9) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r2, &(0x7f0000001200)='pkcs7_test\x00', &(0x7f00000015c0)=@keyring={'key_or_keyring:', r3}) r4 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000e80)='/dev/hwrng\x00', 0x4000, 0x0) ioctl$SG_NEXT_CMD_LEN(r4, 0x2283, &(0x7f0000001040)=0x59) getsockopt$inet_sctp_SCTP_DISABLE_FRAGMENTS(r1, 0x84, 0x8, &(0x7f0000000800), &(0x7f0000000840)=0x4) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000640)={0x52, 0x9, 0x3, {0x9, 0x8}, {0x5, 0x9bf}, @rumble={0x7, 0x7}}) socket$inet6_udp(0xa, 0x2, 0x0) r5 = syz_open_procfs(0x0, &(0x7f0000000600)='attr/prev\x00') ioctl$BLKSECTGET(r5, 0x1267, &(0x7f0000000680)) 11:07:02 executing program 3: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff038000000800395032303030264c"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000400)={0xa0}, 0xa0) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) fsetxattr$trusted_overlay_redirect(r0, &(0x7f0000000040)='trusted.overlay.redirect\x00', &(0x7f0000000180)='./file0\x00', 0x8, 0x2) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) chdir(&(0x7f0000000000)='./file0\x00') mknod(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) 11:07:02 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c000000000000000000ffffff", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) [ 1138.485526][T10324] RSP: 002b:00007ffd9399f340 EFLAGS: 00010206 [ 1138.485535][T10324] RAX: 0000000000020371 RBX: 0000000000715640 RCX: 0000000000000121 [ 1138.485547][T10324] RDX: 000055555718eb70 RSI: 000055555718ec90 RDI: 0000000000000000 [ 1138.499546][T10324] RBP: 0000000000000121 R08: ffffffffffffffff R09: 0000000000000000 [ 1138.499553][T10324] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000715698 [ 1138.499559][T10324] R13: 0000000000715698 R14: 0000000000000002 R15: 0000000000002710 [ 1138.531877][T10324] memory: usage 307200kB, limit 307200kB, failcnt 3842 [ 1138.539354][T10324] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1138.553391][T10324] Memory cgroup stats for /syz4: [ 1138.553479][T10324] anon 245465088 [ 1138.553479][T10324] file 8192 [ 1138.553479][T10324] kernel_stack 10354688 [ 1138.553479][T10324] slab 16732160 [ 1138.553479][T10324] sock 0 [ 1138.553479][T10324] shmem 0 [ 1138.553479][T10324] file_mapped 0 [ 1138.553479][T10324] file_dirty 0 [ 1138.553479][T10324] file_writeback 0 [ 1138.553479][T10324] anon_thp 184549376 [ 1138.553479][T10324] inactive_anon 135168 [ 1138.553479][T10324] active_anon 245567488 [ 1138.553479][T10324] inactive_file 0 [ 1138.553479][T10324] active_file 0 [ 1138.553479][T10324] unevictable 135168 [ 1138.553479][T10324] slab_reclaimable 2973696 [ 1138.553479][T10324] slab_unreclaimable 13758464 [ 1138.553479][T10324] pgfault 230010 [ 1138.553479][T10324] pgmajfault 0 [ 1138.553479][T10324] workingset_refault 363 [ 1138.553479][T10324] workingset_activate 66 [ 1138.553479][T10324] workingset_nodereclaim 0 [ 1138.553479][T10324] pgrefill 5196 [ 1138.553479][T10324] pgscan 5077 [ 1138.553479][T10324] pgsteal 642 [ 1138.648175][T10324] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=10193,uid=0 [ 1138.663829][T10324] Memory cgroup out of memory: Killed process 10193 (syz-executor.4) total-vm:72840kB, anon-rss:2208kB, file-rss:34816kB, shmem-rss:0kB [ 1138.679735][ T1058] oom_reaper: reaped process 10193 (syz-executor.4), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 1138.784229][ T23] audit: type=1804 audit(1566904023.224:1057): pid=10375 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir582042889/syzkaller.EPHjOp/2334/bus" dev="sda1" ino=16771 res=1 11:07:03 executing program 1: r0 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r0, 0x8003f1) open(&(0x7f00000004c0)='./bus\x00', 0x0, 0x1900) 11:07:03 executing program 2: ioctl$SNDRV_TIMER_IOCTL_STATUS(0xffffffffffffffff, 0x80605414, &(0x7f0000001500)=""/172) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$rds(0xffffffffffffffff, &(0x7f00000014c0)={&(0x7f0000000900)={0x2, 0x4e21, @remote}, 0x10, &(0x7f0000000bc0)=[{&(0x7f0000000940)=""/192, 0xc0}, {&(0x7f0000000a00)=""/158, 0x9e}, {&(0x7f0000000ac0)=""/209, 0xd1}], 0x3, &(0x7f0000001300)=ANY=[@ANYBLOB="1800000000000000140100000200000068000000fbffffff180000000000000014010000020000000800000003000000480000000000000014010000010000000000000000000100", @ANYPTR=&(0x7f0000000c00)=ANY=[@ANYBLOB='\x00'/111], @ANYBLOB='o\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000000ec0)=ANY=[@ANYPTR=&(0x7f0000000c80)=ANY=[@ANYBLOB='\x00'/91], @ANYBLOB="9b4dd4c02f7ffc70", @ANYPTR=&(0x7f0000000d00)=ANY=[@ANYBLOB='\x00'/132], @ANYBLOB="8400000000000000", @ANYPTR=&(0x7f0000000dc0)=ANY=[@ANYBLOB='\x00'/19], @ANYBLOB='&\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000000e00)=ANY=[@ANYBLOB='\x00'/85], @ANYBLOB="aa00000000000000"], @ANYBLOB="040000000000000040000000000000000400000000000000580000000000000014010000070000000100000000fcffff", @ANYPTR=&(0x7f0000000f00)=ANY=[@ANYBLOB="0400000000000000"], @ANYPTR=&(0x7f0000000f40)=ANY=[@ANYBLOB="00000080000000"], @ANYBLOB="2a000000000000000000000000000000010001000000000003000000000000000200000000000000060000000000000030000000000000001401000003000000", @ANYPTR=&(0x7f0000000f80)=ANY=[@ANYBLOB='\x00'/18], @ANYBLOB="1700000000000000", @ANYPTR=&(0x7f0000000fc0)=ANY=[@ANYBLOB='\x00'], @ANYBLOB="100000000000000058000000000000001401000007000000ff03000005000000", @ANYPTR=&(0x7f0000001000)=ANY=[@ANYBLOB="0300000000000000"], @ANYPTR=&(0x7f0000001040)=ANY=[@ANYBLOB="ffffff7f00000000"], @ANYBLOB="05000000000000000600000000000000570000000000000006000000000000000800000000000000090000000000000048000000000000001401000001000000e31e000005000000", @ANYPTR=&(0x7f0000001080)=ANY=[@ANYBLOB='\x00'/14], @ANYBLOB="0e00000000000000", @ANYPTR=&(0x7f00000012c0)=ANY=[@ANYPTR=&(0x7f00000010c0)=ANY=[@ANYBLOB='\x00'/60], @ANYBLOB='<\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000001100)=ANY=[@ANYBLOB='\x00'/48], @ANYBLOB='0\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000001140)=ANY=[@ANYBLOB]], @ANYBLOB="040000000000000009000000000000000300"], 0x198, 0x40}, 0x1) r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000180)={0x2, 0x4e20, @loopback}, 0xf) perf_event_open(&(0x7f0000000880)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000100), 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {&(0x7f0000000040)=""/156, 0x80305}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x2c}, {&(0x7f00000001c0)=""/67, 0x43}, {&(0x7f0000000240)=""/198, 0xc6}, {&(0x7f0000000140)=""/15, 0xf}, {&(0x7f0000000340)=""/54, 0x7ffff}, {&(0x7f0000000380)=""/42, 0x2a}, {&(0x7f00000003c0)=""/77, 0x4d}, {&(0x7f0000000440)=""/244, 0xf4}, {&(0x7f0000000540)=""/219, 0xdb}], 0x7}}], 0x48}, 0x0) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000640)={0x52, 0x9, 0x3, {0x9, 0x8}, {0x5, 0x9bf}, @rumble={0x7, 0x7}}) 11:07:03 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c0000000000000000000000ff", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) 11:07:03 executing program 0: r0 = syz_open_dev$sndseq(&(0x7f00000000c0)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(r0, 0x404c534a, &(0x7f0000000140)={0xffffffffffffffff, 0x0, 0xffffffffffffffff}) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000080)='/proc/capi/capi20ncci\x00', 0x400000, 0x0) ioctl$VIDIOC_S_FREQUENCY(r1, 0x402c5639, &(0x7f0000000100)={0x9, 0x4, 0x8}) 11:07:03 executing program 4: ioctl$SNDRV_TIMER_IOCTL_STATUS(0xffffffffffffffff, 0x80605414, &(0x7f0000001500)=""/172) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$rds(0xffffffffffffffff, &(0x7f00000014c0)={0x0, 0x0, &(0x7f0000000bc0)=[{0x0}], 0x1, &(0x7f0000001300)=ANY=[@ANYBLOB, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYBLOB="17000000", @ANYPTR, @ANYBLOB], 0x2c}, 0x1) r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000180)={0x2, 0x0, @loopback}, 0x10) perf_event_open(&(0x7f0000000880)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000100), 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {&(0x7f0000000040)=""/156, 0x80305}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x2c}, {&(0x7f00000001c0)=""/67, 0x43}, {&(0x7f0000000240)=""/198, 0xc6}, {&(0x7f0000000140)=""/15, 0xf}, {&(0x7f0000000340)=""/54, 0x7ffff}, {&(0x7f0000000380)=""/42, 0x2a}, {&(0x7f00000003c0)=""/77, 0x4d}, {&(0x7f0000000440)=""/244, 0xf4}, {&(0x7f0000000540)=""/219, 0xdb}], 0x7}}], 0x48}, 0x0) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000640)={0x52, 0x9, 0x3, {0x9, 0x8}, {0x5}, @rumble={0x7, 0x7}}) 11:07:03 executing program 3: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff038000000800395032303030264c"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) r3 = getegid() write$FUSE_CREATE_OPEN(r2, &(0x7f0000000400)={0xa0, 0x0, 0x0, {{0x1, 0x1, 0x0, 0x0, 0x0, 0xffffffffffffffff, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc22d, 0x0, 0x0, 0x0, 0x0, 0x0, r3}}}}, 0xa0) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) chdir(&(0x7f0000000000)='./file0\x00') mknod(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) ioctl$CAPI_GET_FLAGS(r2, 0x80044323, &(0x7f0000000040)) 11:07:03 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c00000000000000000000000f", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) 11:07:03 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000001fd8)=ANY=[@ANYBLOB="b7000000000001a043ba1cc1b31499fc7bd648ba6f0000000000000007000000"], &(0x7f0000003ff6)='OPL\x00', 0x1, 0xff06, &(0x7f000000cf3d)=""/195}, 0x48) r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vga_arbiter\x00', 0x2101, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(r0, 0x84, 0x14, &(0x7f0000000100)=@assoc_value={0x0}, &(0x7f0000000140)=0x8) setsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r1, 0x84, 0xa, &(0x7f0000000180)={0x6, 0x7ff, 0x3, 0x0, 0x3, 0x3, 0x306a, 0x8, r2}, 0x20) r3 = openat$dlm_control(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dlm-control\x00', 0x10005, 0x0) accept4$vsock_stream(r3, &(0x7f0000000080)={0x28, 0x0, 0x2711, @reserved}, 0x10, 0x80000) [ 1138.988670][ T23] audit: type=1804 audit(1566904023.434:1058): pid=10392 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir582042889/syzkaller.EPHjOp/2335/bus" dev="sda1" ino=16760 res=1 11:07:03 executing program 2: ioctl$SNDRV_TIMER_IOCTL_STATUS(0xffffffffffffffff, 0x80605414, &(0x7f0000001500)=""/172) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$rds(0xffffffffffffffff, &(0x7f00000014c0)={&(0x7f0000000900)={0x2, 0x4e21, @remote}, 0x10, &(0x7f0000000bc0)=[{&(0x7f0000000940)=""/192, 0xc0}, {&(0x7f0000000a00)=""/158, 0x9e}, {&(0x7f0000000ac0)=""/209, 0x1e9}], 0x3, &(0x7f0000001300)=ANY=[@ANYBLOB="1800000000000000140100000200000068000000fbffffff180000000000000014010000020000000800000003000000480000000000000014010000010000000000000000000100", @ANYPTR=&(0x7f0000000c00)=ANY=[@ANYBLOB='\x00'/111], @ANYBLOB='o\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000000ec0)=ANY=[@ANYPTR=&(0x7f0000000c80)=ANY=[@ANYBLOB='\x00'/91], @ANYBLOB="9b4dd4c02f7ffc70", @ANYPTR=&(0x7f0000000d00)=ANY=[@ANYBLOB='\x00'/132], @ANYBLOB="8400000000000000", @ANYPTR=&(0x7f0000000dc0)=ANY=[@ANYBLOB='\x00'/19], @ANYBLOB='&\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000000e00)=ANY=[@ANYBLOB='\x00'/85], @ANYBLOB="aa00000000000000"], @ANYBLOB="040000000000000040000000000000000400000000000000580000000000000014010000070000000100000000fcffff", @ANYPTR=&(0x7f0000000840)=ANY=[@ANYBLOB="04000044b90033a80020"], @ANYPTR=&(0x7f0000000f40)=ANY=[@ANYBLOB="00000080000000"], @ANYBLOB="2a000000000000000000000000000000010001000000000003000000000000000200000000000000060000000000000030000000000000001401000003000000", @ANYPTR=&(0x7f0000000f80)=ANY=[@ANYBLOB='\x00'/18], @ANYBLOB="1700000000000000", @ANYPTR=&(0x7f0000000fc0)=ANY=[@ANYBLOB='\x00'], @ANYRESHEX, @ANYPTR=&(0x7f0000001000)=ANY=[@ANYBLOB="0300000000000000"], @ANYPTR=&(0x7f0000001040)=ANY=[@ANYBLOB="ffffff7f00000000"], @ANYBLOB="05000000000000000600000000000000570000000000000006000000000000000800000000000000090000000000000048000000000000001401000001000000e31e000005000000", @ANYPTR=&(0x7f0000001080)=ANY=[@ANYBLOB='\x00'/14], @ANYBLOB="0e00000000000000", @ANYPTR=&(0x7f00000012c0)=ANY=[@ANYPTR=&(0x7f00000010c0)=ANY=[@ANYBLOB='\x00'/60], @ANYBLOB='<\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000001100)=ANY=[@ANYBLOB='\x00'/48], @ANYBLOB='0\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000001140)=ANY=[@ANYBLOB]], @ANYBLOB="040000000000000009000000000000000300"], 0x18a, 0x40}, 0x1) r0 = socket$rds(0x15, 0x5, 0x0) r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000800)='/dev/full\x00', 0x80480, 0x0) ioctl$KVM_SET_GSI_ROUTING(r1, 0x4008ae6a, &(0x7f0000001140)={0x5, 0x0, [{0xfffffffffffff801, 0x3, 0x0, 0x0, @adapter={0x100, 0xfff, 0x10000, 0x4a, 0x6}}, {0x6, 0x2, 0x0, 0x0, @msi={0x1, 0x9, 0x1ff}}, {0x7, 0x4, 0x0, 0x0, @msi={0x98d5, 0xf, 0x3}}, {0x8001, 0x3, 0x0, 0x0, @msi={0xec, 0x240, 0x401}}, {0xffffffff, 0x3, 0x0, 0x0, @sint={0xc0000000000000, 0xffffffff}}]}) r2 = fcntl$dupfd(r0, 0x406, r0) ioctl$TUNSETVNETHDRSZ(r2, 0x400454d8, &(0x7f0000000680)=0x2) bind$rds(r0, &(0x7f0000000180)={0x2, 0x0, @loopback}, 0x10) perf_event_open(&(0x7f0000000880)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000100), 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {&(0x7f0000000040)=""/156, 0x80305}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x2c}, {&(0x7f00000001c0)=""/67, 0x43}, {&(0x7f0000000240)=""/198, 0xc6}, {&(0x7f0000000140)=""/15, 0xf}, {&(0x7f0000000340)=""/54, 0x7ffff}, {&(0x7f0000000380)=""/42, 0x2a}, {&(0x7f00000003c0)=""/77, 0x4d}, {&(0x7f0000000440)=""/244, 0xf4}, {&(0x7f0000000540)=""/219, 0xdb}], 0x7}}], 0x48}, 0x0) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000640)={0x52, 0x9, 0x3, {0x9, 0x8}, {0x5, 0x9bf}, @rumble={0x7, 0x7}}) 11:07:03 executing program 4: ioctl$SNDRV_TIMER_IOCTL_STATUS(0xffffffffffffffff, 0x80605414, &(0x7f0000001500)=""/172) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$rds(0xffffffffffffffff, &(0x7f00000014c0)={0x0, 0x0, &(0x7f0000000bc0)=[{0x0}], 0x1, &(0x7f0000001300)=ANY=[@ANYBLOB, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYBLOB="17000000", @ANYPTR, @ANYBLOB], 0x2c}, 0x1) r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000180)={0x2, 0x0, @loopback}, 0x10) perf_event_open(&(0x7f0000000880)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000100), 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {&(0x7f0000000040)=""/156, 0x80305}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x2c}, {&(0x7f00000001c0)=""/67, 0x43}, {&(0x7f0000000240)=""/198, 0xc6}, {&(0x7f0000000140)=""/15, 0xf}, {&(0x7f0000000340)=""/54, 0x7ffff}, {&(0x7f0000000380)=""/42, 0x2a}, {&(0x7f00000003c0)=""/77, 0x4d}, {&(0x7f0000000440)=""/244, 0xf4}, {&(0x7f0000000540)=""/219, 0xdb}], 0x7}}], 0x48}, 0x0) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000640)={0x52, 0x9, 0x3, {0x9, 0x8}, {0x5}, @rumble={0x7, 0x7}}) 11:07:03 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c0000000000000000007fffff", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) 11:07:03 executing program 0: r0 = socket$kcm(0x2b, 0x7, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) bpf$PROG_LOAD(0x5, &(0x7f0000b7a000)={0x15, 0x4, &(0x7f0000346fc8)=ANY=[@ANYBLOB="1800000000000000000000000600000000000000000000009500000000000000"], &(0x7f0000f6bffb)='GPL\x00'}, 0x48) [ 1139.394958][T10430] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1139.407014][T10430] CPU: 1 PID: 10430 Comm: syz-executor.4 Not tainted 5.3.0-rc6 #127 [ 1139.414996][T10430] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1139.425036][T10430] Call Trace: [ 1139.428309][T10430] dump_stack+0x172/0x1f0 [ 1139.432625][T10430] dump_header+0x10b/0x82d [ 1139.437028][T10430] oom_kill_process.cold+0x10/0x15 [ 1139.442124][T10430] out_of_memory+0x79a/0x12c0 [ 1139.446780][T10430] ? lock_downgrade+0x920/0x920 [ 1139.451613][T10430] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1139.457837][T10430] ? oom_killer_disable+0x280/0x280 [ 1139.463018][T10430] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1139.468540][T10430] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1139.474148][T10430] ? do_raw_spin_unlock+0x57/0x270 [ 1139.479238][T10430] ? _raw_spin_unlock+0x2d/0x50 [ 1139.484071][T10430] try_charge+0xf4b/0x1440 [ 1139.488465][T10430] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1139.494010][T10430] ? percpu_ref_tryget_live+0x111/0x290 [ 1139.499535][T10430] ? get_mem_cgroup_from_mm+0x16/0x320 [ 1139.504988][T10430] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1139.510511][T10430] mem_cgroup_try_charge+0x136/0x590 [ 1139.515771][T10430] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1139.521986][T10430] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1139.527594][T10430] wp_page_copy+0x41e/0x15e0 [ 1139.532161][T10430] ? page_trans_huge_mapcount+0x166/0x450 [ 1139.537858][T10430] ? pmd_pfn+0x1d0/0x1d0 [ 1139.542075][T10430] ? lock_downgrade+0x920/0x920 [ 1139.546904][T10430] ? swp_swapcount+0x540/0x540 [ 1139.551642][T10430] ? __kasan_check_read+0x11/0x20 [ 1139.556646][T10430] ? do_raw_spin_unlock+0x57/0x270 [ 1139.561732][T10430] do_wp_page+0x499/0x14d0 [ 1139.566125][T10430] ? finish_mkwrite_fault+0x570/0x570 [ 1139.571489][T10430] __handle_mm_fault+0x22f1/0x3f20 [ 1139.576579][T10430] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1139.582098][T10430] ? __kasan_check_read+0x11/0x20 [ 1139.587098][T10430] ? do_raw_spin_unlock+0x57/0x270 [ 1139.592191][T10430] ? trace_hardirqs_on+0x67/0x240 [ 1139.597207][T10430] handle_mm_fault+0x1b5/0x6b0 [ 1139.601950][T10430] __get_user_pages+0x7d4/0x1b30 [ 1139.606866][T10430] ? follow_page_mask+0x19b0/0x19b0 [ 1139.612039][T10430] ? __kasan_check_write+0x14/0x20 [ 1139.617124][T10430] ? gup_pgd_range+0x1e1/0x2d10 [ 1139.621949][T10430] get_user_pages_unlocked+0x2ae/0x4a0 [ 1139.627379][T10430] ? get_user_pages_locked+0x4d0/0x4d0 [ 1139.632810][T10430] ? should_fail+0x1de/0x852 [ 1139.637388][T10430] ? trace_hardirqs_on+0x67/0x240 [ 1139.642387][T10430] get_user_pages_fast+0x4c0/0x570 [ 1139.647472][T10430] ? __get_user_pages_fast+0x410/0x410 [ 1139.652917][T10430] ? memset+0x32/0x40 [ 1139.656875][T10430] rds_pin_pages+0x33/0x1f0 [ 1139.661355][T10430] rds_cmsg_rdma_args+0x879/0x1150 [ 1139.666447][T10430] ? rds_rdma_extra_size+0x390/0x390 [ 1139.671702][T10430] ? rds_conn_create_outgoing+0x4b/0x60 [ 1139.677223][T10430] rds_sendmsg+0x1f32/0x35b0 [ 1139.681784][T10430] ? rw_copy_check_uvector+0x2ce/0x390 [ 1139.687218][T10430] ? rds_send_drop_to+0x1640/0x1640 [ 1139.692390][T10430] ? aa_sk_perm+0x288/0x880 [ 1139.696876][T10430] ? lock_downgrade+0x920/0x920 [ 1139.701697][T10430] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 1139.707216][T10430] ? apparmor_socket_sendmsg+0x2a/0x30 [ 1139.712651][T10430] ? rds_send_drop_to+0x1640/0x1640 [ 1139.717821][T10430] sock_sendmsg+0xd7/0x130 [ 1139.722211][T10430] ? sock_sendmsg+0xd7/0x130 [ 1139.726778][T10430] ___sys_sendmsg+0x803/0x920 [ 1139.731432][T10430] ? copy_msghdr_from_user+0x440/0x440 [ 1139.736874][T10430] ? __fget+0xa3/0x560 [ 1139.740923][T10430] ? __fget+0x384/0x560 [ 1139.745058][T10430] ? ksys_dup3+0x3e0/0x3e0 [ 1139.749450][T10430] ? __might_fault+0xfb/0x1e0 [ 1139.754098][T10430] ? __fget_light+0x1a9/0x230 [ 1139.758753][T10430] ? __fdget+0x1b/0x20 [ 1139.762793][T10430] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1139.769005][T10430] __sys_sendmsg+0x105/0x1d0 [ 1139.773565][T10430] ? __sys_sendmsg_sock+0xd0/0xd0 [ 1139.778568][T10430] ? __x64_sys_clock_gettime+0x16d/0x240 [ 1139.784174][T10430] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 1139.790214][T10430] __x64_sys_sendmsg+0x78/0xb0 [ 1139.794972][T10430] do_syscall_64+0xfd/0x6a0 [ 1139.799451][T10430] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1139.805314][T10430] RIP: 0033:0x459879 [ 1139.809185][T10430] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1139.828759][T10430] RSP: 002b:00007fd57ae18c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1139.837400][T10430] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459879 [ 1139.845343][T10430] RDX: 0000000000000000 RSI: 0000000020001600 RDI: 0000000000000003 [ 1139.853298][T10430] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 1139.861241][T10430] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd57ae196d4 [ 1139.869667][T10430] R13: 00000000004c77e9 R14: 00000000004dd048 R15: 00000000ffffffff [ 1139.887726][T10430] memory: usage 307200kB, limit 307200kB, failcnt 3872 [ 1139.894721][T10430] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1139.905681][ T23] audit: type=1804 audit(1566904024.354:1059): pid=10436 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir582042889/syzkaller.EPHjOp/2335/bus" dev="sda1" ino=16760 res=1 [ 1139.917134][T10430] Memory cgroup stats for /syz4: [ 1139.917226][T10430] anon 244785152 [ 1139.917226][T10430] file 8192 [ 1139.917226][T10430] kernel_stack 10485760 [ 1139.917226][T10430] slab 16871424 [ 1139.917226][T10430] sock 0 [ 1139.917226][T10430] shmem 0 [ 1139.917226][T10430] file_mapped 0 [ 1139.917226][T10430] file_dirty 0 [ 1139.917226][T10430] file_writeback 0 [ 1139.917226][T10430] anon_thp 182452224 [ 1139.917226][T10430] inactive_anon 135168 [ 1139.917226][T10430] active_anon 244948992 [ 1139.917226][T10430] inactive_file 0 [ 1139.917226][T10430] active_file 0 [ 1139.917226][T10430] unevictable 135168 [ 1139.917226][T10430] slab_reclaimable 2973696 [ 1139.917226][T10430] slab_unreclaimable 13897728 [ 1139.917226][T10430] pgfault 230802 [ 1139.917226][T10430] pgmajfault 0 [ 1139.917226][T10430] workingset_refault 363 [ 1139.917226][T10430] workingset_activate 66 [ 1139.917226][T10430] workingset_nodereclaim 0 [ 1139.917226][T10430] pgrefill 5295 [ 1139.917226][T10430] pgscan 5209 [ 1139.917226][T10430] pgsteal 642 11:07:04 executing program 1: r0 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r0, 0x8003f1) open(&(0x7f00000004c0)='./bus\x00', 0x0, 0x1a00) 11:07:04 executing program 2: ioctl$SNDRV_TIMER_IOCTL_STATUS(0xffffffffffffffff, 0x80605414, &(0x7f0000001500)=""/172) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$rds(0xffffffffffffffff, &(0x7f00000014c0)={&(0x7f0000000900)={0x2, 0x4e21, @remote}, 0x10, &(0x7f0000000bc0)=[{&(0x7f0000000940)=""/192, 0xc0}, {&(0x7f0000000a00)=""/158, 0x9e}, {&(0x7f0000000ac0)=""/209, 0xd1}], 0x3, &(0x7f0000001300)=ANY=[@ANYBLOB="1800000000000000140100000200000068000000fbffffff180000000000000014010000020000000800000003000000480000000000000014010000010000000000000000000100", @ANYPTR=&(0x7f0000000c00)=ANY=[@ANYBLOB='\x00'/111], @ANYBLOB='o\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000000ec0)=ANY=[@ANYPTR=&(0x7f0000000c80)=ANY=[@ANYBLOB='\x00'/91], @ANYBLOB="9b4dd4c02f7ffc70", @ANYPTR=&(0x7f0000000d00)=ANY=[@ANYBLOB='\x00'/132], @ANYBLOB="8400000000000000", @ANYPTR=&(0x7f0000000dc0)=ANY=[@ANYBLOB='\x00'/19], @ANYBLOB='&\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000000e00)=ANY=[@ANYBLOB='\x00'/85], @ANYBLOB="aa00000000000000"], @ANYBLOB="040000000000000040000000000000000400000000000000580000000000000014010000070000000100000000fcffff", @ANYPTR=&(0x7f0000000f00)=ANY=[@ANYBLOB="0400000000000000"], @ANYPTR=&(0x7f0000000f40)=ANY=[@ANYBLOB="00000080000000"], @ANYBLOB="2a000000000000000000000000000000010001000000000003000000000000000200000000000000060000000000000030000000000000001401000003000000", @ANYPTR=&(0x7f0000000f80)=ANY=[@ANYBLOB='\x00'/18], @ANYBLOB="1700000000000000", @ANYPTR=&(0x7f0000000fc0)=ANY=[@ANYBLOB='\x00'], @ANYBLOB="100000000000000058000000000000001401000007000000ff03000005000000", @ANYPTR=&(0x7f0000001000)=ANY=[@ANYBLOB="0300000000000000"], @ANYPTR=&(0x7f0000001040)=ANY=[@ANYBLOB="ffffff7f00000000"], @ANYBLOB="05000000000000000600000000000000570000000000000006000000000000000800000000000000090000000000000048000000000000001401000001000000e31e000005000000", @ANYPTR=&(0x7f0000001080)=ANY=[@ANYBLOB='\x00'/14], @ANYBLOB="0e00000000000000", @ANYPTR=&(0x7f00000012c0)=ANY=[@ANYPTR=&(0x7f00000010c0)=ANY=[@ANYBLOB='\x00'/60], @ANYBLOB='<\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000001100)=ANY=[@ANYBLOB='\x00'/48], @ANYBLOB='0\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000001140)=ANY=[@ANYBLOB]], @ANYBLOB="040000000000000009000000000000000300"], 0x198, 0x40}, 0x1) r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000180)={0x2, 0x0, @loopback}, 0x10) r1 = syz_open_dev$mice(&(0x7f0000000680)='/dev/input/mice\x00', 0x0, 0x40000) getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x1f, &(0x7f0000001140)={0x0, @in={{0x2, 0x4e22}}, 0x7ff, 0x8}, &(0x7f0000000800)=0x90) setsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r1, 0x84, 0xa, &(0x7f0000000840)={0x2, 0x9, 0x8004, 0x80000001, 0x7ff, 0x2, 0x7, 0x7, r2}, 0x20) perf_event_open(&(0x7f0000000880)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000100), 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {&(0x7f0000000040)=""/156, 0x80305}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x2c}, {&(0x7f00000001c0)=""/67, 0x43}, {&(0x7f0000000240)=""/198, 0xc6}, {&(0x7f0000000140)=""/15, 0xf}, {&(0x7f0000000340)=""/54, 0x7ffff}, {&(0x7f0000000380)=""/42, 0x2a}, {&(0x7f00000003c0)=""/77, 0x4d}, {&(0x7f0000000440)=""/244, 0xf4}, {&(0x7f0000000540)=""/219, 0xdb}], 0x7}}], 0x48}, 0x0) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000640)={0x52, 0x9, 0x3, {0x9, 0x8}, {0x5, 0x9bf}, @rumble={0x7, 0x7}}) 11:07:04 executing program 0: r0 = socket$inet6_udp(0xa, 0x2, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) write$9p(r1, &(0x7f00000000c0)="4b3d4ccac0d247acb3d5c6cfe3fa4c5c92b34612ee835592a41972ec059735d28c71f74b6d50d2c08d6ce7ce746f07bddbdeedd56ad68b88d1e3a5f156d4fed53ff2fcb1c17e242d3595ffd1be49f93b931623e010ecddf11ae9fbaedb852cc05faca9dcc8de5239d9fc93e66ded7de434e1dbb0082a782580ff87ff1be0ffdd734b082b2d63fef7f614b2e1371186983cc97f88ed30a880337e94148b48517bceec38", 0xa3) restart_syscall() prctl$PR_SET_UNALIGN(0x6, 0x3) getsockopt$IP6T_SO_GET_INFO(r0, 0x29, 0x3d, &(0x7f0000000000)={'mangle\x00'}, &(0x7f0000000080)=0x54) 11:07:04 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c0000000000008000a0ffffff", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) 11:07:04 executing program 3: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80000) fstat(r0, &(0x7f0000001940)={0x0, 0x0, 0x0, 0x0, 0x0}) syz_mount_image$btrfs(&(0x7f0000000280)='btrfs\x00', &(0x7f00000002c0)='./file0\x00', 0x4f30, 0x4, &(0x7f00000018c0)=[{&(0x7f0000001600)="4f7f1b5c61221a5f2bfb9ad1f466d2d7035d39eeb0ad5e3a5580964cea2a75a79b2ae241b0e8186ef53723998c4b0c6dadd0199f275aa8148ee7134cc72e078d3590b46729ad619610bf5e14026196e30f69d7011b28373af346084495a1d44357c09bd5c644b4152cc42e04b1e66ec8399b7e485c4b69db929758bd1efded2cdc7dae0ccb6dc77c882a75ceffb0be8557c4e926e9fd334d1c2c170d05e7a53cdf4b8c951fe4fb409cb52953e7f51c73fdb8cfa0e3dbdcfad579e0626fa612165faccfe5a6f6786807f57d1df283e548d05288a128f77754a5e202cb81b54eeb", 0xe0, 0x5a2}, {&(0x7f0000000380)='k', 0x1, 0x82a}, {&(0x7f0000001700)="4ba03ab2358514b21c8fc84fde5063c28cde8604855c530220d6f81e9375dd91851f00e6efbd73cb0913443762504222ee116657c19f088f0b0db7faae29403800459809e1089c40996eaed0839e7cefe75237f54abc848a99dc32c031aafa72091aa7cd292caf4b6c9d6a80674cec0ba2a736e57ba028452de1e7796bde47f3ca8f", 0x82, 0x80000000}, {&(0x7f00000017c0)="be78bd86e4d86c0ee2d0e65815b31a86c55b3f808705dc6fec2efc6121088744f24a91d14e11015d3e13b8ca8d01125fdf73522fff4910cbbab00526286ac45e0fe810ab6831267c7f2719d56671364285c60fd8e44b3484153bd905d3e6ac4bb1afa8f3701fb9a102321a053e8c988c7d2446c536b9b95f461af815912961a9c756f662837516278c80898a3aacefe35725db1863cdfa7e36045b2418eae5a5d2f8b13fe9d8c57c1749807b720cd105d54cde8670450d3eff12e4f7f499b2bb1127785f44033a945b2345877f21ba58b2acd61797c3e51900223dbefc61792c", 0xe0, 0x9}], 0x2000, &(0x7f00000019c0)={[{@max_inline={'max_inline', 0x3d, [0x65, 0x0, 0x70, 0x31, 0x35, 0x74, 0x78]}}, {@notreelog='notreelog'}, {@check_int_data='check_int_data'}, {@treelog='treelog'}, {@nossd='nossd'}, {@max_inline={'max_inline', 0x3d, [0x67, 0x6d, 0x3f, 0x36, 0x35, 0x6d, 0x2d]}}, {@noautodefrag='noautodefrag'}, {@subvol={'subvol', 0x3d, 'keyringppp1*'}}, {@thread_pool={'thread_pool', 0x3d, 0x7}}], [{@rootcontext={'rootcontext', 0x3d, 'staff_u'}}, {@defcontext={'defcontext', 0x3d, 'user_u'}}, {@euid_lt={'euid<', r2}}, {@dont_hash='dont_hash'}, {@smackfshat={'smackfshat', 0x3d, 'vmnet1cpuset'}}, {@rootcontext={'rootcontext', 0x3d, 'staff_u'}}, {@obj_role={'obj_role', 0x3d, '\\'}}, {@permit_directio='permit_directio'}, {@rootcontext={'rootcontext', 0x3d, 'user_u'}}, {@pcr={'pcr', 0x3d, 0x23}}]}) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff038000000800395032303030264c"], 0x15) r3 = dup(r1) write$FUSE_BMAP(r3, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_CREATE_OPEN(r3, &(0x7f0000000400)={0xa0}, 0xa0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000180)={r3, r3, 0x7, 0x2}, 0x10) write$FUSE_NOTIFY_RETRIEVE(r3, &(0x7f00000000c0)={0xfffffffffffffd22}, 0x137) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r3]) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) prctl$PR_SET_SECUREBITS(0x1c, 0xf) setresuid(0x0, 0xee01, 0x0) r5 = open(&(0x7f00000001c0)='./file0\x00', 0x80040, 0x0) fcntl$setlease(r5, 0x400, 0x0) rt_sigprocmask(0x0, &(0x7f0000da1000)={0xfffffffffffffffe}, 0x0, 0x8) rt_sigtimedwait(&(0x7f0000061000)={0xfffffffffffffffd}, 0x0, 0x0, 0x8) truncate(&(0x7f0000000200)='./file0\x00', 0x0) fcntl$setlease(r5, 0x400, 0x2) write$P9_RMKNOD(r3, &(0x7f0000000040)={0x14, 0x13, 0x1, {0x20, 0x1, 0x2}}, 0x14) writev(r3, &(0x7f00000001c0)=[{&(0x7f0000000600)="f6b6899703644d72d9811c32769a6f1f83ec320637969bea4839b786a27b2b6e25cd29773778996e2cf7148d6ea96026786b42da1885d1ccb7861c10934ac32f5682c4e5d3a3d6caf396feb1d7e5b92ad1becfb001414d51529f78974c3bef1e3bec9645df224e62065f6574ba5c8a131d5f720d40bcc8689e4041a9f8c928b5026375bbfb441aad50541968d98cdd0a0b2e6c9bd85a719e95ef1c8f89bc01428d50798b93a67461a6f495d61a819b3a93b61111496a3e568def76ed351e88e273a806e08a6abe9ff35c67e2e5191548b9cb7e56e345a27203827ca61f8d36513c65084f1ccc63114505f7580c347ba8d8249ddbf9ff165bf86e86c62c77c220f580d97a461b02e6c63dab5cb54749f01d63db87744eb4dad9700475488e5d77a53b193653bc37f9fde73701158b36bcc474a3cf2e413a650ee77952ad52e380020f113f50242ae1cb48fab98214abcbfeea2cf62cfd3f4be16e19096115c1f179191d045c76e64a61fc2d4c6ec493a3146204c69c3034b31ca81a9eee2d7abd222a62aac58a3dc78636ff03268d7ba7246939ec8eaa85861102eee3ffc080a9707046ae953d3a130f21a9aa15655553e96b10c799c63ac6ebf257b5cc0004253415a58bd192c2744f6e13023e3fb7b488f9158dc5d3eec4b513a43f332e7432ba7154e33d40f9a250e2ac941fda021831e7813ac558a4d7f9ac8ac5cfa857e5d3616a9d87b594d2dc81d68fb511b62ef88d0622e329d2ef8600383f9c207b701229266e2d8371c88d8da124a47eb986f3e2bb9d9262d429406cc19bea7ff3f18d4dec35d75a04f9762c48ebe3999fcb53cd5d7d369a22f9ae8542dce63ee4a1818882305b796f19cdfea08fa3d03544ddab20549bf7602f831982d0c89a32b9703dd93b3e359f61ab313688484e53f32965057a2f9657f44da246924deabcd229e84e0c906475791c0fb4c6c8b9eb51683f2147efe38f8db388b9f6e5058490407fb0f0eae82841255067121156132184a722e5489afa61b490180bcc66f5ba17feb511d1e0803f18cf7b7ecb11397f60260c2d3dafdf8e916d713650201d9068aa7214e139ba4acb8e82a5466be3ea9ce472b407c50b21c1536e0cad3df32ad7fe6d908ca1c9c64beee31e58b169343c917f0ab3cff6754a0934c1b2dacff5ebfc31d869f6741a2f38c5cecf6627cb152b29e634eeb5fc67fcf37463a6b9954b2d47a3993980e9365ae1f723302f01045d0ff67f0f54498ad174e91e0148db7ff6e17410d3f15e17bb1a975bfe56f72d130d087d799aad482483e3db2bcf55023aa4569e5978233d485cc8a7f8b6bbbc56df7b0acfaf56e8351815dc8aab646b85447dbdd62df089e1d528bb79a998f244454c201f9c45ea3fee553f8c13364ce751e77085618197b3933f99470d1a2351ea43bb5766924107b37b3e4bbaa9f0a7d4a26b77c2eeb03b18879ca67406fb79720bdb1cffa53d23434ea54b90170041704446ca3a5b90d555ac4c65f27c23ec8c33647b667edaf02d164dcde323a59074bd4aad724757f79e539bb4f201dc6c37f6310dcd6dc6b9fd9576274cfb2c80c8b09bc9c0927e3e8ca8851ad4b122524f2bcd6c2806ea6f9a7d189fa0412a2bcb3c7af0d7e1d62bf61868d7873cbd3b9474d6e5fc32cbd85705174fefe4451948e463817210da9010667d7af722225fb7dbf0c15227a87f2442078b9938433e873af479e97c5589c5bce611cf88108bdadf751e05b1090cb19dc2ee3219d6cc808482bf80477620c837a3927f3d9c5262807ec77aae24de46e129551a3703725d7aa730d082a1f6ce7c352a9d22e911efc485fa0575776932fd8c2137b486ac695df3045d25f6a43555a5b96d15be2227b9df412beeeca8e121134120097ad8fe5e13e5ba7e4e566ef927864d444ab2beb16c293c04b4c82eef74b8445bac4f811830eb5899fb485e43005911e8e09f34d076a6eb82e5ec4a3ae57944acb090e2dccc963274f4cd8ef32f81d4dcd3aa357f0c716622eb0beda8f338cd7338ef14fd6b4bff2b6a91a7276b3f1a05106eff7dd2187ed90dcd04730c361043506903511470ab89818a774872368c9e955235064948c2734ec972e3bd2eec4e7ff2ffebb2667d1c6d24a40d9b19e55f2de3d5fefd1c6cc96cf904a36273e8817741a800daf7eab7f781a6eddadf10d68de2ed684a5787b8b8b90caa06e08f08a82d8fac9ab3eb8e564c91ed7735ba2af9cbf9897c8f494864e4fa75e1b9f0bafc0f0a973e40c3c2a280e77a69205c435a641bb9b57a77fc8601d1ad45e22f3eeb1f552a292f18ec3fcc4fca96e8be40d41e5a5c35309196bc3f97048f9171122951e47b9ab0027b583a99979fd8f567993cc3475733150d6422e4dbc013a5796d47687f2c7eb8bd19895e885de639a9e070e6450b39b8c5e567261d4eb73a4785d81f9b4693aafc1899758a8de1e83395a095d0bd3d7795f81b0890e71378b7ca618fb0f72129999f45e2dbbb446aaa8a1367d6d0af9949f5c429bb5d8bfd2a7876c8387f702d46597c60811e5a960ae12f1c99c22d1e92371bc3ae7873175415141ce1e133d4dc417d75f3bcd5699f94830c05cb9f64f49b08e954dba94f90f779507b49fdd7bf682d1c9e0860f68c0c5e8f895eb8efe7a0e86111cf83585fb5b8dec3ea86fd18f3547e07d7e2051950dbe3da252ea48f5672cadcebcd9d45ec3e7b4e609355873bf2943dbefca62f34500ac3bcc59fee24395bacd9c0e1703f979bd72c11b26363d21b0b610e57f02c2cf9d5a969826c864779d240a242e5f86188173164d2b40e44ab277760a01be7baa8954232158fe962d45b04d28d99c3787c6267f0b16c63860e3811bcf04b62ffe09c215d4315a58ceed51388b8a3999e11d221d0db03da9ceb94fa77910d9978f39a51fe4a3a145ef06db72f9de674e58030096eb6a01daf6436e50512ada64b1b662aa4a623a6b4613322a824e891946ebf6b49bbd1193f16856dc1087c74cd774d98b6c643b96cd17e11f0e26ecdb55f6a804870e66947d63bf1e05ae641a320281b713eb5d2ffff84e867ebae46df887d8d10bdfbdce8604112a5f89610e6c8f8deaadbba6c356775f6aeb6a23f3ee848047f88416e0cb3c5cd35033cd45b505051a40e3865347f60ee914c430f81572204c155c239d6120fbbffe2160453bebe47c3fb8ef3a5493ab8e972ca6ccb35434544ad6eca82fa7433fa3926d686bfd4957cfd158e4761cf4bb7365d93ca7f0d1bd91b5c9f03144cbc4c32981380e41d0bda95c06a01ba394c35bf16e6b8143a2dfcfb62d489e97d4ea062328609b63d6e8103aebb253f4c495ebddc0e36fb1287543e4669888f1c788d53affcf86b3f6e0592b19642fa73116bec81f33c05f7bec5fd20c01aedefd8a7fbc49dea4e22979fdba8022cf64faf083470fb5e85025cef4e803348f3bb5a51067f3153e5531df2055903c53c3ceb6136ef10606211f5b66943e788d470d6ed3ac201cfc74601f367282ad01d82492595b9f5b31e3ad64ebd018de33c5743f3aa9c1ef25c7c51a950ab3503b2fedc5844cf557fa21f519d4a368187e207375f18a61b768ff108e433d2a7262fd334156a79bd715dece647df60e8aa52c3dda3a8628a8c9f28769e45a1a418d555eefe322afa9c971681de8ea3051628319aed50a7d18f4d566d438ce5c5a8e4ed4fdb3925ab036b1d2d1fed6635ca5d510839aa1fdcefd31c70ca69e3d2575ea2a43030ed4e0dcb8c0f49086c4d82d7f5eba27885fae7d757f60800117fb087a51e768d70a91d1b58904d40f9586762db54c2b6dbbb16c4afa70213f435947b15647e3a98149f13519dd9c31e981a4ba9fdf3deabbc88aefac7bcfa23b0b907e561b95b08786039488f72dad070000c0e63a30cd65c16dc39ac15048f008c6824be2ea1f17ca670ea8c0fa42c939545c5a4d5ef55b61d7881c92d57b76ce9fdd9b5ed0258e503bf93719026a1de5aebfd0937513fd40ec1af91f47f4595670a41542ae7b7e4e1aea4eacc617f77b7279055d115367eb85aded97c6c81494e51e11a0cb7bd7306d2939a1bb15667bf1c17e789020fab6ad700992a347cae9799a9093e973dea5cfceef58b2708e7e7a41aefd6c8446d322bd667a40a736d07bb242babb95f3e0e220554f26ad49a682ed54580a91479605a89d994fcfc1f97b3ab3a129fc412b6294c04e6497c7dc4b1f3a2b72d36917fde81562f8a5a60938d5c14e974d2e8c2806cc0c4ddba3e9da8e08c5c7df8f3c683d0e86b1bdcfd664fbb1797130735e2183829fa9638d8f448c275c5aed34462fa8ddc9268a8f2d0d13026dac5ffb6182f6d3733703f404059d4c7f0b00327ad49c187d9b95172fcdd34239ef147f3f34998fd4ef50d29d1bf4d35fec706aa415d004d3b7896832ab504e99aa16ab621d8ac7c24b3ed092c56884033b2d23302f8db77cded597d9792502d5202bf800957bd48798a1c26005a774cb1a122c98a85738d3b2dcc21bc3d93192101c2e00549acb4f5481089963956117c528aee8b658f49e0d72f7d7f567eb17fa65417e57e88a8c7fa31c67ce9bce5e4327cb3e5d39a176ec91cd4db675523d2a57b435c0ceecb5e9cd7dc388978ff8d6f6fb9bf1a7675c0d65c6bc543c7571acc27160e1e131d286473435f42a47dcd72cf1efa91bf3b3cefcbcc5309ac40af5dc27258b39866a0b000c23e79cf24058682886512f72a315720f84825ba8d22f9286461f5d83461aa2a517e0b40d82f744d5dcf2df5ae02def59a91f57d7cd7f044ad1a2cea0ff2680b2cc8ef59d9d8f058882ea2a1d9d3dc1fd606060c75428c98d5f396696c9d6fccb368949c887f91d7ce42b8e8b1c7bf1f843042aea133698603782f6f3feebba483484d93652e58807b3be422292176915fdb775462c939c590c11effaafb373fef99973e07b48f51bfefe618b2dd43a8c86026f2fb7c211cd8b0d4c9253e77b00478f6572cec1713ae6e337392d6d20adf985cb423b8ecad7ddbc56e69df9470c5999b8948002f46877098f8a71924830bf70b7cb71d928486474696a684b96c907d47ab646ee6ef4251d909c8f0fb11944f9a8eb998d76e4408d2d2bc07eb95bea128b2170a1becefe731dd444f3ea791a13a23d8ec36aa2f750857ef443ab6e9e2536b432aaa35a6a8a8087c779b5adcfef916349ed8a670b79cd9d54a131c5f30dbcdfc2645b4451fb41d4325eee2c8919db83a79c684cb17dbb636a6d5e8f1447e77ad693a13c761787cabb7853ecf394c372d06990ea153e86047dd0f80beb563b888159b6dc8899c96cd9754b4d682eac4900a740f5a16ac2e913dfa6aa922d772a49c9eeaa75e236104520b986d410c0f782eaff718f71be868dbe65ca118ee6e307543db39e26a0e4e400f12f01c184d08ee54462c06f940c0a24bea00f5b3f161e999456a59e15d046fa18e47f7d36b7e09ea2a4b4e3fa56864c8d7491dc89a1b2908912d5f7f47939264575b02697fcde43231fb0dfa4f06a8c38207d346b8f04abb54a4c1354394df0f070af38f941ba1ed1d8d59400ea92d785d9955cd1d1cbb20600c83afc70b2c6b0c6485eb68eff64eaa153af8e87fed504060d4d175e7afc72354f80c89b8149c6f79e7c1fa4e9dade72ef34c886f13c3b106be93260f1d5e213d43f5c13423fce687c4c1d9fa14ad71605ef308343d64081d6b1e724321e2425213ff5df6505d7f9becd179a60d22a263d6cd634fbff78fe0bbd5713dd1ae2b33fc1a450adf6d4537186c5037693bd4", 0x1000}, {&(0x7f00000004c0)="1509867ffeab875a1f0198401336131eab1e044b144b26e8ae6d820571f53e22079c7b20a5073d4f0058951c98997fc1d27b3a6fa770a6d2eb5308d6866cf2cde82728032af0f68cb27ffc2bb9a29406a2692a2bcf7a1350fdd582cf419cea58dbc84d4b9f85519ff40302902f6e666308ffa53e0cad33e487b6f4296569de566bcef6c12aae8d3802730be33d9246183c38be95e1e29af7aa611e59f6995c4ffccdf3cb8651cd530525f9d2538fd6fcc8ff0a6e9fb000d5c8c4e7c4cfd9da1dca0c47405c176291beff40c8f290157c362e231f2d99ba2358eb0aa6ad592dc93604", 0xe2}], 0x2) chdir(&(0x7f0000000000)='./file0\x00') mknod(&(0x7f0000000140)='./file0\x00', 0x30, 0x0) 11:07:04 executing program 4: ioctl$SNDRV_TIMER_IOCTL_STATUS(0xffffffffffffffff, 0x80605414, &(0x7f0000001500)=""/172) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$rds(0xffffffffffffffff, &(0x7f00000014c0)={0x0, 0x0, &(0x7f0000000bc0)=[{0x0}], 0x1, &(0x7f0000001300)=ANY=[@ANYBLOB, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYBLOB="17000000", @ANYPTR, @ANYBLOB], 0x2c}, 0x1) r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000180)={0x2, 0x0, @loopback}, 0x10) perf_event_open(&(0x7f0000000880)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000100), 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {&(0x7f0000000040)=""/156, 0x80305}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x2c}, {&(0x7f00000001c0)=""/67, 0x43}, {&(0x7f0000000240)=""/198, 0xc6}, {&(0x7f0000000140)=""/15, 0xf}, {&(0x7f0000000340)=""/54, 0x7ffff}, {&(0x7f0000000380)=""/42, 0x2a}, {&(0x7f00000003c0)=""/77, 0x4d}, {&(0x7f0000000440)=""/244, 0xf4}, {&(0x7f0000000540)=""/219, 0xdb}], 0x7}}], 0x48}, 0x0) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000640)={0x52, 0x9, 0x3, {0x9, 0x8}, {0x5}, @rumble={0x7, 0x7}}) [ 1140.052274][T10430] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=5950,uid=0 [ 1140.068379][T10430] Memory cgroup out of memory: Killed process 5950 (syz-executor.4) total-vm:72840kB, anon-rss:2204kB, file-rss:34816kB, shmem-rss:0kB [ 1140.086224][ T1058] oom_reaper: reaped process 5950 (syz-executor.4), now anon-rss:0kB, file-rss:34688kB, shmem-rss:0kB 11:07:04 executing program 0: perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x1000000000001, 0x800000) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000540)={'syz_tun\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="240000002a000101000000000000000000587700", @ANYRES32=r2, @ANYBLOB='\x00'/12], 0x24}}, 0x0) syz_init_net_socket$ax25(0x3, 0x5, 0xf0) 11:07:04 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c000000000000f0ffffffffff", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) 11:07:04 executing program 2: ioctl$SNDRV_TIMER_IOCTL_STATUS(0xffffffffffffffff, 0x80605414, &(0x7f0000001500)=""/172) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$rds(0xffffffffffffffff, &(0x7f00000014c0)={&(0x7f0000000900)={0x2, 0x4e21, @remote}, 0x10, &(0x7f0000000bc0)=[{&(0x7f0000000940)=""/192, 0xc0}, {&(0x7f0000000a00)=""/158, 0x9e}, {&(0x7f0000000ac0)=""/209, 0xd1}], 0x3, &(0x7f0000001300)=ANY=[@ANYBLOB="1800000000000000140100000200000068000000fbffffff180000000000000014010000020000000800000003000000480000000000000014010000010000000000000000000100", @ANYPTR=&(0x7f0000000c00)=ANY=[@ANYBLOB='\x00'/111], @ANYBLOB='o\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000000ec0)=ANY=[@ANYPTR=&(0x7f0000000c80)=ANY=[@ANYBLOB='\x00'/91], @ANYBLOB="9b4dd4c02f7ffc70", @ANYPTR=&(0x7f0000000d00)=ANY=[@ANYBLOB='\x00'/132], @ANYBLOB="8400000000000000", @ANYPTR=&(0x7f0000000dc0)=ANY=[@ANYBLOB='\x00'/19], @ANYBLOB='&\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000000e00)=ANY=[@ANYBLOB='\x00'/85], @ANYBLOB="aa00000000000000"], @ANYBLOB="040000000000000040000000000000000400000000000000580000000000000014010000070000000100000000fcffff", @ANYPTR=&(0x7f0000000f00)=ANY=[@ANYBLOB="0400000000000000"], @ANYPTR=&(0x7f0000000f40)=ANY=[@ANYBLOB="00000080000000"], @ANYBLOB="2a000000000000000000000000000000010001000000000003000000000000000200000000000000060000000000000030000000000000001401000003000000", @ANYPTR=&(0x7f0000000f80)=ANY=[@ANYBLOB='\x00'/18], @ANYBLOB="1700000000000000", @ANYPTR=&(0x7f0000000fc0)=ANY=[@ANYBLOB='\x00'], @ANYBLOB="100000000000000058000000000000001401000007000000ff03000005000000", @ANYPTR=&(0x7f0000001000)=ANY=[@ANYBLOB="0300000000000000"], @ANYPTR=&(0x7f0000001040)=ANY=[@ANYBLOB="ffffff7f00000000"], @ANYBLOB="05000000000000000600000000000000570000000000000006000000000000000800000000000000090000000000000048000000000000001401000001000000e31e000005000000", @ANYPTR=&(0x7f0000001080)=ANY=[@ANYBLOB='\x00'/14], @ANYBLOB="0e00000000000000", @ANYPTR=&(0x7f00000012c0)=ANY=[@ANYPTR=&(0x7f00000010c0)=ANY=[@ANYBLOB='\x00'/60], @ANYBLOB='<\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000001100)=ANY=[@ANYBLOB='\x00'/48], @ANYBLOB='0\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000001140)=ANY=[@ANYBLOB]], @ANYBLOB="040000000000000009000000000000000300"], 0x198, 0x40}, 0x1) r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000180)={0x2, 0x0, @loopback}, 0x10) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000680)='/dev/hwrng\x00', 0x4000, 0x0) fstat(r0, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0}) lstat(&(0x7f0000000e80)='./file0\x00', &(0x7f0000001140)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) fstat(r0, &(0x7f00000011c0)={0x0, 0x0, 0x0, 0x0, 0x0}) write$P9_RSTATu(r1, &(0x7f0000001240)={0x5e, 0x7d, 0x2, {{0x0, 0x42, 0x100000000, 0x5, {0x0, 0x3, 0x4}, 0x200c0000, 0x3ff, 0x4, 0x74c, 0x7, '-(bdev-', 0x1, '}', 0x1, '-', 0x6, 'nodev/'}, 0x7, '$\'!eth1', r2, r3, r4}}, 0x5e) perf_event_open(&(0x7f0000000880)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000100), 0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="4800000000000000140100000100"/24, @ANYPTR=&(0x7f0000000040)=ANY=[@ANYBLOB='\x00'/156], @ANYBLOB="0503080000000000", @ANYPTR=&(0x7f00000006c0)=ANY=[@ANYPTR=&(0x7f00000015c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000004d4648120db8eb1906459fda319981112a5b"], @ANYBLOB=',\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f00000001c0)=ANY=[@ANYBLOB='\x00'/67], @ANYBLOB='C\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000000240)=ANY=[@ANYBLOB='\x00'/198], @ANYBLOB="c600000000000000", @ANYPTR=&(0x7f0000000140)=ANY=[@ANYBLOB='\x00'/15], @ANYBLOB="0f00000000000000", @ANYPTR=&(0x7f0000000340)=ANY=[@ANYBLOB='\x00'/54], @ANYBLOB="ffff070000000000", @ANYPTR=&(0x7f0000000380)=ANY=[@ANYBLOB='\x00'/42], @ANYBLOB='*\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f00000003c0)=ANY=[@ANYBLOB='\x00'/77], @ANYBLOB='M\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000000440)=ANY=[@ANYBLOB='\x00'/244], @ANYBLOB="f400000000000000", @ANYPTR=&(0x7f0000000540)=ANY=[@ANYBLOB='\x00'/219], @ANYBLOB="db00000000000000"], @ANYBLOB='\a\x00'/24], 0x48}, 0x0) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000640)={0x52, 0x9, 0x3, {0x9, 0x8}, {0x5, 0x9bf}, @rumble={0x7, 0x7}}) [ 1140.278415][ T23] audit: type=1804 audit(1566904024.724:1060): pid=10464 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir582042889/syzkaller.EPHjOp/2336/bus" dev="sda1" ino=16870 res=1 [ 1140.295321][T10449] syz-executor.4 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1140.357948][T10449] CPU: 0 PID: 10449 Comm: syz-executor.4 Not tainted 5.3.0-rc6 #127 [ 1140.365936][T10449] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1140.375982][T10449] Call Trace: [ 1140.379271][T10449] dump_stack+0x172/0x1f0 [ 1140.383599][T10449] dump_header+0x10b/0x82d [ 1140.388012][T10449] oom_kill_process.cold+0x10/0x15 [ 1140.393122][T10449] out_of_memory+0x79a/0x12c0 [ 1140.397797][T10449] ? lock_downgrade+0x920/0x920 [ 1140.402652][T10449] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1140.408891][T10449] ? oom_killer_disable+0x280/0x280 [ 1140.408912][T10449] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1140.408930][T10449] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1140.425239][T10449] ? do_raw_spin_unlock+0x57/0x270 [ 1140.430346][T10449] ? _raw_spin_unlock+0x2d/0x50 [ 1140.435196][T10449] try_charge+0xf4b/0x1440 [ 1140.439606][T10449] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1140.445147][T10449] ? get_mem_cgroup_from_mm+0x139/0x320 [ 1140.450688][T10449] ? __kasan_check_read+0x11/0x20 [ 1140.455704][T10449] ? lock_downgrade+0x920/0x920 [ 1140.460551][T10449] ? percpu_ref_tryget_live+0x111/0x290 [ 1140.466094][T10449] __memcg_kmem_charge_memcg+0x71/0xf0 [ 1140.471549][T10449] ? memcg_kmem_put_cache+0x50/0x50 [ 1140.476750][T10449] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1140.482289][T10449] __memcg_kmem_charge+0x13a/0x3a0 [ 1140.487414][T10449] __alloc_pages_nodemask+0x4f4/0x900 [ 1140.492781][T10449] ? __alloc_pages_slowpath+0x2520/0x2520 [ 1140.498491][T10449] ? lock_downgrade+0x920/0x920 [ 1140.503332][T10449] ? rwlock_bug.part.0+0x90/0x90 11:07:04 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c000000000000020000000000", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) [ 1140.508267][T10449] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1140.514506][T10449] alloc_pages_current+0x107/0x210 [ 1140.519611][T10449] ? do_raw_spin_unlock+0x57/0x270 [ 1140.524712][T10449] __pmd_alloc+0x41/0x460 [ 1140.529034][T10449] ? pmd_val+0x100/0x100 [ 1140.533271][T10449] pmd_alloc+0x10c/0x180 [ 1140.537510][T10449] copy_page_range+0x610/0x1ee0 [ 1140.542360][T10449] ? mark_held_locks+0xf0/0xf0 [ 1140.547124][T10449] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1140.553357][T10449] ? mark_held_locks+0xf0/0xf0 [ 1140.558143][T10449] ? __kasan_check_read+0x11/0x20 [ 1140.563178][T10449] ? dup_mm+0x7cd/0x1430 [ 1140.567413][T10449] ? __kasan_check_read+0x11/0x20 [ 1140.572430][T10449] ? pmd_alloc+0x180/0x180 [ 1140.576837][T10449] ? lock_downgrade+0x920/0x920 [ 1140.581681][T10449] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 1140.587397][T10449] ? validate_mm_rb+0xa3/0xc0 [ 1140.592066][T10449] ? __vma_link_rb+0x275/0x370 [ 1140.596819][T10449] ? __kasan_check_write+0x14/0x20 [ 1140.601919][T10449] dup_mm+0xa67/0x1430 [ 1140.605990][T10449] ? vm_area_dup+0x170/0x170 [ 1140.610586][T10449] ? debug_mutex_init+0x2d/0x5a [ 1140.615440][T10449] copy_process+0x28b7/0x6b00 [ 1140.620117][T10449] ? write_comp_data+0x1e/0x70 [ 1140.624881][T10449] ? __cleanup_sighand+0x60/0x60 [ 1140.629818][T10449] ? retint_kernel+0x2b/0x2b [ 1140.634421][T10449] _do_fork+0x146/0xfa0 [ 1140.638565][T10449] ? copy_init_mm+0x20/0x20 [ 1140.643062][T10449] ? __kasan_check_read+0x11/0x20 [ 1140.648086][T10449] ? _copy_to_user+0x118/0x160 [ 1140.652852][T10449] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 11:07:05 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c000000000000030000000000", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) 11:07:05 executing program 1: r0 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r0, 0x8003f1) open(&(0x7f00000004c0)='./bus\x00', 0x0, 0x1b00) [ 1140.659091][T10449] ? put_timespec64+0xda/0x140 [ 1140.663850][T10449] __x64_sys_clone+0x18d/0x250 [ 1140.668621][T10449] ? __ia32_sys_vfork+0xc0/0xc0 [ 1140.673463][T10449] ? trace_hardirqs_off_caller+0x65/0x230 [ 1140.679166][T10449] ? trace_hardirqs_on+0x67/0x240 [ 1140.684181][T10449] do_syscall_64+0xfd/0x6a0 [ 1140.688676][T10449] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1140.694590][T10449] RIP: 0033:0x459879 [ 1140.698999][T10449] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1140.721416][T10449] RSP: 002b:00007fd57ae39c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1140.729830][T10449] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000459879 [ 1140.729837][T10449] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1140.729843][T10449] RBP: 000000000075bf20 R08: ffffffffffffffff R09: 0000000000000000 11:07:05 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c000000000000040000000000", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) 11:07:05 executing program 2: r0 = syz_open_dev$usb(0x0, 0x40000fffffd, 0x200000000000042) ioctl$FS_IOC_FSGETXATTR(r0, 0x550b, 0x0) r1 = openat$nullb(0xffffffffffffff9c, 0x0, 0x801, 0x0) r2 = syz_open_dev$usb(0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) r3 = perf_event_open(&(0x7f00000001c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000540)='./cgroup/syz0\x00', 0x1ff) ioctl$ASHMEM_GET_NAME(0xffffffffffffffff, 0x81007702, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) fanotify_mark(0xffffffffffffffff, 0x82, 0x0, r2, &(0x7f0000000180)='./file0\x00') mount$fuse(0x20000000, &(0x7f0000000040)='./file0\x00', 0x0, 0x7a00, 0x0) ioctl$KVM_GET_IRQCHIP(r2, 0xc208ae62, &(0x7f00000002c0)={0x0, 0x0, @ioapic}) ioctl$MON_IOCQ_URB_LEN(r0, 0x9201) r4 = open(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) r5 = openat$cgroup_procs(r4, &(0x7f0000000140)='cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r5, &(0x7f0000000640), 0x12) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, 0x0) socket$inet_smc(0x2b, 0x1, 0x0) creat(&(0x7f0000000140)='./file0\x00', 0x0) fsconfig$FSCONFIG_SET_PATH(r3, 0x3, &(0x7f0000000080)='./cgroup/syz0\x00', &(0x7f00000000c0)='./file0\x00', r0) ioctl$BLKZEROOUT(r1, 0x127f, &(0x7f0000000000)={0x0, 0x4004400}) [ 1140.729849][T10449] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd57ae3a6d4 [ 1140.729855][T10449] R13: 00000000004bfd46 R14: 00000000004d1af8 R15: 00000000ffffffff [ 1140.730119][ T23] audit: type=1804 audit(1566904024.984:1061): pid=10482 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir582042889/syzkaller.EPHjOp/2336/bus" dev="sda1" ino=16870 res=1 [ 1140.813260][T10449] memory: usage 307180kB, limit 307200kB, failcnt 3884 11:07:05 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c000000000000050000000000", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) 11:07:05 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80ffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/btrfs-control\x00', 0x200000, 0x0) ioctl$ASHMEM_SET_SIZE(r1, 0x40087703, 0x9) [ 1140.854887][T10449] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1140.883271][T10449] Memory cgroup stats for /syz4: [ 1140.883377][T10449] anon 244879360 [ 1140.883377][T10449] file 8192 [ 1140.883377][T10449] kernel_stack 10485760 [ 1140.883377][T10449] slab 16871424 [ 1140.883377][T10449] sock 0 [ 1140.883377][T10449] shmem 0 [ 1140.883377][T10449] file_mapped 0 [ 1140.883377][T10449] file_dirty 0 [ 1140.883377][T10449] file_writeback 0 [ 1140.883377][T10449] anon_thp 182452224 [ 1140.883377][T10449] inactive_anon 135168 [ 1140.883377][T10449] active_anon 244977664 [ 1140.883377][T10449] inactive_file 0 [ 1140.883377][T10449] active_file 0 [ 1140.883377][T10449] unevictable 135168 [ 1140.883377][T10449] slab_reclaimable 2973696 [ 1140.883377][T10449] slab_unreclaimable 13897728 [ 1140.883377][T10449] pgfault 230868 [ 1140.883377][T10449] pgmajfault 0 [ 1140.883377][T10449] workingset_refault 363 [ 1140.883377][T10449] workingset_activate 66 [ 1140.883377][T10449] workingset_nodereclaim 0 [ 1140.883377][T10449] pgrefill 5328 [ 1140.883377][T10449] pgscan 5242 [ 1140.883377][T10449] pgsteal 642 11:07:05 executing program 2: mkdir(&(0x7f0000000080)='./file0\x00', 0x0) mount$9p_virtio(0x0, 0x0, 0x0, 0x0, 0x0) prctl$PR_GET_DUMPABLE(0x3) mkdir(&(0x7f00000009c0)='./file1\x00', 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) truncate(&(0x7f00000004c0)='./file1\x00', 0xff) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000280)=0x0) r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000200)='/proc/self/net/pfkey\x00', 0x0, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000600)) ioctl$VHOST_SET_VRING_KICK(r1, 0x4008af20, &(0x7f0000000a40)={0x2, r1}) fcntl$setown(0xffffffffffffffff, 0x8, r0) syz_genetlink_get_family_id$tipc(&(0x7f00000002c0)='TIPC\x00') getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000440), &(0x7f0000000380)=0xc) r2 = getuid() stat(&(0x7f0000000840)='./file0\x00', &(0x7f0000000880)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) getresgid(&(0x7f0000000900), &(0x7f0000000480), &(0x7f0000000400)) r4 = getgid() getgroups(0x1, &(0x7f0000000b40)=[0xffffffffffffffff]) mount(&(0x7f0000000640)=@filename='./file1/file0\x00', &(0x7f0000000680)='./file1/file0\x00', &(0x7f0000000940)='jfs\x00', 0x20000, 0x0) r5 = getgid() getuid() setxattr$trusted_overlay_nlink(0x0, &(0x7f0000000140)='trusted.overlay.nlink\x00', &(0x7f0000000300)={'L+', 0x20}, 0x28, 0x2) setxattr$system_posix_acl(&(0x7f0000000580)='./file1\x00', &(0x7f00000005c0)='system.posix_acl_default\x00', &(0x7f00000006c0)=ANY=[@ANYBLOB="0200000001000300000000000200007409b402a64102443d2cff00fe0085ddee37c46dc9dc5f84e80df052d64b38cd486227a83a81c1e4082818aec646a3c2321a720104ca91556161ab95cc291baa9aa9c5853c78a373edea49a29139e431e21edd54544f84c8df0b4cd47665e3376e974fe30ac5f2a68d0b302764f48b6a33ba7fde11849b56bfa96658016f9706b81c982a5c1d4febdd9ddf9cce13964d2e057d4646059da7a4efc21014eda579eeed55439d19bfc2de8f60b2a04f7a276cd70178000677d0435ee15490258eb9ebf551f2576f3c94f63c22f4cfb1901eac0c422e5dcd68c1bfedeef358378b792bd6d0989e0984f73580387c19ce7c4b66b20735212897ce9984394fdded1605d9ee7c3304bb", @ANYRES32=0x0, @ANYBLOB="02000300", @ANYRES32=0x0, @ANYBLOB="02000200", @ANYRES32=r2, @ANYBLOB="040007000000000008000000", @ANYRES32=r3, @ANYBLOB="08000200", @ANYRES32=0x0, @ANYBLOB="08000200", @ANYRES32=r4, @ANYBLOB='\b\x00\a\x00', @ANYRES32=0x0, @ANYBLOB='\b\x00\x00\x00', @ANYRES32=r5, @ANYBLOB='\b\x00\x00\x00', @ANYRES32=0x0, @ANYBLOB='\b\x00', @ANYRES32=0x0, @ANYBLOB="10000600000000002000070000000000"], 0x15, 0x1) mount$overlay(0x40000a, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="75707065726469723d2e2f302c6c6f7765720769723d2e2f66696c65302c776f726b6469723d2e2f315cf100000000"]) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='cgroup2\x00', 0x0, 0x0) r6 = semget(0x0, 0x0, 0x8) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000a00)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000980), 0x2, 0xa}}, 0x20) semctl$IPC_RMID(r6, 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r1, 0x800c6613, &(0x7f0000000340)={0x0, @speck128, 0x5f3ec6520bbc8747, "591629d782c09c26"}) [ 1141.065575][T10449] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=10448,uid=0 [ 1141.099397][T10449] Memory cgroup out of memory: Killed process 10448 (syz-executor.4) total-vm:72708kB, anon-rss:2196kB, file-rss:35792kB, shmem-rss:0kB [ 1141.145396][T10505] overlayfs: unrecognized mount option "lowerir=./file0" or missing value [ 1141.156110][ T1058] oom_reaper: reaped process 10448 (syz-executor.4), now anon-rss:0kB, file-rss:34832kB, shmem-rss:0kB 11:07:05 executing program 4: ioctl$SNDRV_TIMER_IOCTL_STATUS(0xffffffffffffffff, 0x80605414, &(0x7f0000001500)=""/172) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$rds(0xffffffffffffffff, &(0x7f00000014c0)={0x0, 0x0, &(0x7f0000000bc0)=[{0x0}], 0x1, &(0x7f0000001300)=ANY=[@ANYBLOB, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYBLOB="17000000", @ANYPTR, @ANYBLOB], 0x2c}, 0x1) r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000180)={0x2, 0x0, @loopback}, 0x10) perf_event_open(&(0x7f0000000880)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000100), 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {&(0x7f0000000040)=""/156, 0x80305}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x2c}, {&(0x7f00000001c0)=""/67, 0x43}, {&(0x7f0000000240)=""/198, 0xc6}, {&(0x7f0000000140)=""/15, 0xf}, {&(0x7f0000000340)=""/54, 0x7ffff}, {&(0x7f0000000380)=""/42, 0x2a}, {&(0x7f00000003c0)=""/77, 0x4d}, {&(0x7f0000000440)=""/244, 0xf4}, {&(0x7f0000000540)=""/219, 0xdb}], 0x7}}], 0x48}, 0x0) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000640)={0x52, 0x9, 0x3, {0x9, 0x8}, {0x5}, @rumble={0x7, 0x7}}) 11:07:05 executing program 0: r0 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000) ioctl$BLKFRASET(r0, 0x1264, &(0x7f0000000180)=0x3) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) getsockopt$TIPC_SOCK_RECVQ_DEPTH(r1, 0x10f, 0x84, &(0x7f00000000c0), &(0x7f0000000100)=0x4) accept4$tipc(r1, &(0x7f0000000000), &(0x7f0000000040)=0x10, 0x800) r2 = getpid() syz_open_procfs(r2, &(0x7f0000000140)='fd/3\x00') 11:07:05 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c000000000000060000000000", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) 11:07:05 executing program 3: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/net/pfkey\x00', 0x400000, 0x0) r3 = syz_genetlink_get_family_id$SEG6(&(0x7f00000001c0)='SEG6\x00') sendmsg$SEG6_CMD_GET_TUNSRC(r2, &(0x7f00000003c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000380)={&(0x7f0000000280)={0x5c, r3, 0x0, 0x70bd27, 0x25dfdbfe, {}, [@SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x2}, @SEG6_ATTR_SECRETLEN={0x8, 0x5, 0x5}, @SEG6_ATTR_SECRET={0xc, 0x4, [0x2a, 0x4b01]}, @SEG6_ATTR_SECRET={0x10, 0x4, [0x7, 0x6, 0x1000]}, @SEG6_ATTR_DSTLEN={0x8, 0x2, 0xffffffff}, @SEG6_ATTR_DSTLEN={0x8, 0x2, 0x6}, @SEG6_ATTR_SECRET={0xc, 0x4, [0x4, 0x5]}]}, 0x5c}, 0x1, 0x0, 0x0, 0x44000}, 0x800) write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="153a6618882c40951307000000000000003030264c"], 0x15) r4 = dup(r1) truncate(&(0x7f00000004c0)='./file0\x00', 0x10001) write$FUSE_BMAP(r4, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_CREATE_OPEN(r4, &(0x7f0000000400)={0xa0}, 0xa0) r5 = getuid() sendmsg$nl_generic(r4, &(0x7f0000000880)={&(0x7f0000000600)={0x10, 0x0, 0x0, 0x80040000}, 0xc, &(0x7f0000000840)={&(0x7f0000000640)={0x1ec, 0x2e, 0x204, 0x70bd2b, 0x25dfdbfc, {0xb}, [@generic="ac4773425f0c65dcee12ba4248", @nested={0xc, 0x71, [@typed={0x8, 0x81, @uid=r5}]}, @nested={0x1bc, 0x6b, [@generic="248193644ff0a83980d31860508f0358da6270c00dcb6d536a72a494f2412f121b73669df480eefa808f2bc4782c8f7167a2f857b8a499b6db4dd2fc2f38c8e19e6dbdf8eacf46a34d78f1481b84f7a59ae1e9c909ff67ab90a04e8df0e01ff365eccab14cc40483707609c08f02dd10ce92c1db8f33d1117c", @generic="01ea2754f650c02ca072ad37cec3584fcb5b1a828bf1481d877d437c75efa68e9328c88e9cf6a2335ed6e6a7a8b7162c3ef1dc3167e3447c0f4a012faaafe2cdd38427994f67a9eee7a3f341d5502f666962233343ac6d0ef88c9ebbd2a32d7ece063b78e13931191ff0c7f7f1159c067a4f7be97a449b96000fd646266f889f5759803b3140ad66c7d04add980b365842247e8ddfcfb48dba645f161a8b81b5bfb325fa3319c2dfacae38504b9bc0", @generic="683a942a4f9b9e68341148288d5e7a70862a4b9e0225c217bfadb80c0ecaac629713bb495c67862a3a88934d20b9f57dfcd59f44c728b6d3e09fa335b0389727e32f8c0862149beb217bc34f4963584f29963060ce4e2ac592acd8a7390f2a050224cce1fc8f615fc8328f6423cb1ff796b6671b67ed60ee8563a94886d301b0761d", @typed={0xc, 0xc, @u64=0x3}]}]}, 0x1ec}, 0x1, 0x0, 0x0, 0x881}, 0x800) write$FUSE_NOTIFY_RETRIEVE(r4, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r4]) getsockopt$inet_sctp6_SCTP_ASSOCINFO(r2, 0x84, 0x1, &(0x7f0000000500)={0x0, 0x1, 0x20, 0x7fffffff, 0x10000, 0xd05}, &(0x7f0000000540)=0x14) setsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r2, 0x84, 0x18, &(0x7f0000000580)={r6, 0x5}, 0x8) chdir(&(0x7f0000000000)='./file0\x00') mknod(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) [ 1141.201537][T10505] overlayfs: unrecognized mount option "lowerir=./file0" or missing value 11:07:05 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c000000000000070000000000", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) 11:07:05 executing program 0: r0 = shmat(0x0, &(0x7f0000ffc000/0x3000)=nil, 0x6000) shmdt(r0) clock_nanosleep(0x0, 0x0, &(0x7f0000000000)={0x0, 0x1c9c380}, 0x0) [ 1141.415702][T10534] validate_nla: 10 callbacks suppressed [ 1141.415710][T10534] netlink: 'syz-executor.5': attribute type 4 has an invalid length. [ 1141.479825][T10535] rds_sendmsg: 15 callbacks suppressed [ 1141.479835][T10535] rdma_op 00000000350fbad1 conn xmit_rdma 00000000d8f1147d 11:07:05 executing program 1: r0 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r0, 0x8003f1) open(&(0x7f00000004c0)='./bus\x00', 0x0, 0x1c00) 11:07:05 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$rds(0x15, 0x5, 0x0) r2 = openat$null(0xffffffffffffff9c, &(0x7f0000000280)='/dev/null\x00', 0x8001, 0x0) ioctl$BLKSECTGET(r2, 0x1267, &(0x7f0000000400)) bind$rds(r1, &(0x7f0000000140)={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x4080, 0x0) clock_gettime(0x0, &(0x7f00000001c0)={0x0, 0x0}) timerfd_settime(r3, 0x1, &(0x7f0000000200)={{r4, r5+10000000}}, &(0x7f0000000240)) prctl$PR_TASK_PERF_EVENTS_DISABLE(0x1f) r6 = request_key(&(0x7f0000000340)='.dead\x00', &(0x7f0000000380)={'syz', 0x1}, &(0x7f00000003c0)='\x00', 0x0) r7 = add_key$user(&(0x7f00000002c0)='user\x00', &(0x7f0000000300)={'syz', 0x3}, &(0x7f0000000500)="f01906097c60480bf756a71ec92312f4ef8203e5b85f8007a61df7995c7b0f9777c2c8733d0700000000000000a88c3d8ce123adfe91498993e4abb63ebe4cb3dc6d055ac27d3fb9d0161e932e759793975005114edb05d7281319d6d43f596aeec11667de0c08c31237d67ec35b29dca13cb3cf93e35714ef5a8070c74254d8731faa2b953674292025f8134af19646e8ef7945f5e89a6822f62158c9ce7046132fc13e3d4e4ea9027c7ac238936fccf58e97411aa55733ca56c46ba3ed79f9c8d33803ccda48c6cf9476e11b7f68", 0xcf, r6) keyctl$assume_authority(0x10, r7) getsockopt$inet_mreqn(r3, 0x0, 0x23, &(0x7f0000000080)={@dev, @broadcast, 0x0}, &(0x7f00000000c0)=0xc) bpf$MAP_CREATE(0x0, &(0x7f0000000100)={0xa, 0x80000000, 0x6, 0x7ff, 0x110, 0xffffffffffffffff, 0x2, [], r8, r3, 0x4, 0x1}, 0x3c) syz_genetlink_get_family_id$tipc2(&(0x7f0000000440)='TIPCv2\x00') sendmsg$nl_route(r0, &(0x7f0000004fc8)={0x0, 0x0, &(0x7f000000b000)={&(0x7f0000000000)=ANY=[@ANYBLOB="240000001900210000000000000000001c140000fe00000500070000000004070a009254698444c5c8dab1e87dc70401f4e32904b6aa522b8a5833c72244fda5fbc7b8"], 0x24}}, 0x0) 11:07:05 executing program 3: r0 = syz_open_dev$mice(&(0x7f00000002c0)='/dev/input/mice\x00', 0x0, 0x30040) getsockopt$inet_sctp_SCTP_RECVNXTINFO(r0, 0x84, 0x21, &(0x7f0000000340), &(0x7f0000000380)=0x4) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000180)=ANY=[@ANYBLOB="1500000065ffff038000000800395032303030264c64e3bf9da56f45be508e279c1209a9ebf7f0dc037769e84eb0445a66b74bedbbc37007ac5ffda6fbed5fd432ae12b1572eabba0a7a012d4eb7478e8ab142c17ef6ad656a96610626675a3f7e9fe2bf687b99b4024faefa21682a626dafe6dbb5"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000400)={0xa0}, 0xa0) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) fsetxattr$trusted_overlay_opaque(r2, &(0x7f0000000000)='trusted.overlay.opaque\x00', &(0x7f0000000280)='y\x00', 0x2, 0x2) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x8000, &(0x7f0000000000)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') mknod(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) 11:07:05 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c0000000000000a0000000000", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) 11:07:05 executing program 0: r0 = syz_open_dev$sndctrl(&(0x7f0000000040)='/dev/snd/controlC#\x00', 0x200, 0x4) fcntl$getownex(r0, 0x10, &(0x7f0000000000)) read(r0, 0x0, 0x0) ioctl$sock_bt_bnep_BNEPGETSUPPFEAT(0xffffffffffffffff, 0x800442d4, &(0x7f0000000080)=0x2) 11:07:06 executing program 4: ioctl$SNDRV_TIMER_IOCTL_STATUS(0xffffffffffffffff, 0x80605414, &(0x7f0000001500)=""/172) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$rds(0xffffffffffffffff, &(0x7f00000014c0)={0x0, 0x0, &(0x7f0000000bc0)=[{0x0}], 0x1, &(0x7f0000001300)=ANY=[@ANYBLOB, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYBLOB="17000000", @ANYPTR, @ANYBLOB], 0x2c}, 0x1) r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000180)={0x2, 0x0, @loopback}, 0x10) perf_event_open(&(0x7f0000000880)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000100), 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {&(0x7f0000000040)=""/156, 0x80305}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x2c}, {&(0x7f00000001c0)=""/67, 0x43}, {&(0x7f0000000240)=""/198, 0xc6}, {&(0x7f0000000140)=""/15, 0xf}, {&(0x7f0000000340)=""/54, 0x7ffff}, {&(0x7f0000000380)=""/42, 0x2a}, {&(0x7f00000003c0)=""/77, 0x4d}, {&(0x7f0000000440)=""/244, 0xf4}, {&(0x7f0000000540)=""/219, 0xdb}], 0x7}}], 0x48}, 0x0) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000640)={0x52, 0x9, 0x3, {0x9, 0x8}, {0x5}, @rumble={0x7, 0x7}}) 11:07:06 executing program 0: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_MRT6_ADD_MFC(r0, 0x29, 0xcd, &(0x7f0000000100)={{0xa, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @mcast1}}, 0x5c) setsockopt$inet6_MRT6_DEL_MFC(r0, 0x29, 0xcd, &(0x7f0000000000)={{0xa, 0x4e23, 0x0, @rand_addr="e7af97a10be91699cbe73376532a3588", 0x4000000}, {0xa, 0x4e22, 0x8000, @mcast1, 0xe479}, 0xffffffffffff8000, [0x80, 0x0, 0x0, 0x400, 0xc9, 0x8, 0x1ff, 0x7]}, 0x5c) [ 1141.571811][T10542] netlink: 'syz-executor.5': attribute type 4 has an invalid length. [ 1141.586468][T10548] RDS: rds_bind could not find a transport for ::ffff:172.30.0.3, load rds_tcp or rds_rdma? [ 1141.661222][T10548] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. [ 1141.680637][ T23] kauditd_printk_skb: 2 callbacks suppressed [ 1141.680668][ T23] audit: type=1804 audit(1566904026.124:1064): pid=10558 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir582042889/syzkaller.EPHjOp/2338/bus" dev="sda1" ino=16809 res=1 11:07:06 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c0000000000000c0000000000", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) 11:07:06 executing program 3: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff038000000800395032303030264c"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000400)={0xa0}, 0xa0) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r2, 0x4040534e, &(0x7f0000000180)={0x100, @time, 0x1f, {0x0, 0x7}, 0x4, 0x1}) openat$cgroup_procs(r2, &(0x7f0000000040)='cgroup.threads\x00', 0x2, 0x0) chdir(&(0x7f0000000000)='./file0\x00') mknod(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) [ 1141.692077][T10556] RDS: rds_bind could not find a transport for ::ffff:172.30.0.3, load rds_tcp or rds_rdma? [ 1141.735030][T10550] rdma_op 00000000c3077e6c conn xmit_rdma 00000000d8f1147d 11:07:06 executing program 0: pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000200)='./file0\x00', 0x0) close(r1) socket$inet_smc(0x2b, 0x1, 0x0) r2 = syz_open_dev$vcsa(&(0x7f0000000140)='/dev/vcsa#\x00', 0x20, 0x8000) getsockname$packet(0xffffffffffffffff, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000000240)=0x14) sendmsg$nl_route_sched(r2, &(0x7f0000000500)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x8010000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000280)=@newqdisc={0x208, 0x24, 0x10, 0x70bd27, 0x25dfdbff, {0x0, r3, {0xc, 0x4}, {0xf, 0xfff2}, {0x5, 0x5}}, [@TCA_STAB={0x1b0, 0x8, [{{0x1c, 0x1, {0x83, 0x2550, 0x1, 0x5, 0x2, 0x800, 0x1ff, 0x7}}, {0x14, 0x2, [0x4, 0x100000000, 0x200, 0x2, 0xffff, 0x3ff, 0x8]}}, {{0x1c, 0x1, {0xfffffffffffffff7, 0x100, 0x7, 0xffffffff, 0x1, 0x2, 0x5, 0x4}}, {0xc, 0x2, [0xff, 0x6, 0xfffffffffffffffc, 0x6]}}, {{0x1c, 0x1, {0x9, 0xd36, 0x400, 0x1000, 0x2, 0x7, 0xffff, 0x2}}, {0x8, 0x2, [0x5, 0x7f]}}, {{0x1c, 0x1, {0x4, 0x1, 0x7, 0x0, 0x2, 0x8, 0x8c8d, 0x3}}, {0xc, 0x2, [0x3ff, 0x81, 0x54d3d113]}}, {{0x1c, 0x1, {0x5, 0x401, 0x1784, 0x4, 0x3, 0x7589, 0x38, 0x9}}, {0x18, 0x2, [0x9, 0x4, 0x3, 0x80000001, 0x2, 0x0, 0x40, 0x81, 0x800]}}, {{0x1c, 0x1, {0x3, 0xffffffffffffff80, 0x6a70556b00000, 0x10001, 0x2, 0x200, 0x9, 0x1}}, {0x8, 0x2, [0x1000]}}, {{0x1c, 0x1, {0x39f, 0x7, 0x6, 0x5, 0x0, 0x5, 0x3, 0x3}}, {0xc, 0x2, [0x1f, 0x8, 0x3]}}, {{0x1c, 0x1, {0x4, 0x0, 0x800, 0x0, 0x0, 0x347, 0x200, 0x2}}, {0x8, 0x2, [0xffffffffffff0001, 0x4]}}, {{0x1c, 0x1, {0x43a, 0x2, 0xd9, 0xffff, 0x1, 0x7, 0x1, 0xa}}, {0x18, 0x2, [0x1, 0x0, 0xa9, 0xffffffff, 0x1, 0x2486, 0x5, 0x7ff, 0x2, 0xfffffffffffffffd]}}, {{0x1c, 0x1, {0x3, 0x3, 0x3, 0x3, 0x2, 0x7, 0x1, 0x7}}, {0x14, 0x2, [0xfffffffffffff001, 0x0, 0x4, 0x8, 0x4, 0x3b, 0x3]}}]}, @TCA_RATE={0x8, 0x5, {0x0, 0x6}}, @TCA_INGRESS_BLOCK={0x8, 0xd, 0x735}, @TCA_INGRESS_BLOCK={0x8, 0xd, 0x1}, @qdisc_kind_options=@q_hfsc={{0xc, 0x1, 'hfsc\x00'}, {0x8, 0x2, 0x4}}, @TCA_EGRESS_BLOCK={0x8, 0xe, 0x925}]}, 0x208}}, 0x4001) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno<', @ANYRESHEX=r1, @ANYBLOB="68408b3e32406b"]) 11:07:06 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000100)=ANY=[@ANYBLOB='^'], 0x1) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000000)) getsockopt$IPT_SO_GET_ENTRIES(r0, 0x0, 0x41, &(0x7f0000000400)={'nat\x00', 0xdc, "f0e13aee2ed079a8bff9b27f38f5b36ab4ef64222257cde9c5bdf11485bb0d358b2224e2bb479b75ea229a0f42e486ad752248a0e9c897a762e2e80c0b51c1a96239594fe69d6395b4dea5cb6d6afc2548e257057460607d04c2c9dcab9d4236ba27314229adfccad03a31ddeb66c332b5b847922af434d0b2b509fa968b81302b6f4b7971024520d543e4a1f234697ee7ff2d02d48d608806f884c5201cfb1bcbeb2ad420cf82be7af4c2a2eabf78a3f3d3ec3ff3e59ffa0f3abc5b1826a8f2d13ef158b1d204b3b739500042e1f8071b93418cc2c84f64fde6714d"}, &(0x7f0000000080)=0x100) pwrite64(r0, &(0x7f0000000200)="4ebefa1e923f1e018b6e53bf4815b78e1f2ef9212b93090c1ff6b35c208d50aef3fd759f995b53dd37c58cf8332b8a6b66575478e02ef0145bf122ba2e2c53a7ec45e375683475a6495f8d7b7a088f5e32dc266569074319bf8c8d3d8007cc92e2ba0d9082c41b63e330f353a3f675a98d2e74a08e38400f7f5eb113a0e25fd90115d57a7acdcab1128cf4f9c719f3f29d460c507f8a2a6594d259217d32eae9be93c6ed17a67ae2e7e689a31fa8449da12fd62bf423cff702b09e6ee1ff0e698b8bb517819eb712ba2b34b54b28b79d9399d920d5a5507e8a85f37060dfe3051f06f8d7cc9b068495ee5d5fcce85410bcd9f91d1f198353ce94b2e03370e43875c1a035bb88fd26fbb5b1252e2056d6b67e2b2f424051a40ad9170e76a81a6ca4f149ff643db76f8f2c1aa8024a6279952027489bbad6479e47ea5ba9e47d8136df398665f6cdfd15e93cfbf2ce1151afe9321ed63fe7100e704b232646fc1e0e936b90cceaaa70225ce71640e10316d2cc637355eddb3c4e16ff1635fa4e65a66eb5ab2cbf9d6f063e05f0e46fcc14bf31eedfb9f33c215fc14946cc6f7493924442e939f71ac4bd3e35e78857f9624c663f3669a47a7146e3249ee3eaaf681f371d515af5b934f9252c7ac2a164bf318fc2b194ee087b2b28ed5e4618c0906fc3f32c43a3b9e08a2e0d509f65a7de909e8c3c535f1d8cb9c236716e5ad709", 0x200, 0x3200) r1 = socket$inet6(0xa, 0x3, 0x2f) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) bind$netlink(r2, &(0x7f0000000000)={0x10, 0x0, 0x0, 0x92010201}, 0xc) connect$inet6(r1, &(0x7f0000000240)={0xa, 0x0, 0x0, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x1c}}}, 0x1c) sendmsg$nl_netfilter(r0, &(0x7f00000001c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x8a000860}, 0xc, &(0x7f0000000180)={&(0x7f0000000500)={0xf8, 0xa, 0x2, 0x0, 0x70bd26, 0x25dfdbfc, {0x3, 0x0, 0x4}, [@generic="1119a0e0951be9bc96a9f78058a8328f986c7c1243ea2db473c19e13d4efb29d7d3b50e2be142db3d7883d2005a78eddadaafe4b6a39dd4a2814bca0cc44f5d75e1f4232988a9404d77403bd71047cda1e59875a4d573a5bb8e14e7d0693fb5ac8a5ba513fdfa5af9124aeca14e3a52fd61fac69e6b7fc432fd07cf506d6828bda1fdbaec9d7c64d4656445e9b42137f6475bc7b678b2ca757a1522935054ca1279ccaed1acb125f6e359060705b10b3010826731be4c4200c0a4ff8180a74ddfb01f0266aec6c97c048cb4228", @typed={0xc, 0x19, @u64=0x5}, @typed={0x8, 0x2f, @fd=r0}]}, 0xf8}, 0x1, 0x0, 0x0, 0x4000}, 0x4800) setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000280)={{{@in6=@initdev, @in6=@ipv4={[], [], @initdev}, 0x0, 0x0, 0x0, 0x0, 0x80000002}, {}, {}, 0x0, 0x0, 0x400000000001}, {{@in6=@empty, 0x0, 0x33}, 0x0, @in6=@rand_addr="8680c7235bf6dc2f3ff3df464ccc9dbb", 0x0, 0x0, 0x0, 0x7}}, 0xe8) connect$inet6(r1, &(0x7f0000000080)={0xa, 0x0, 0x0, @rand_addr, 0x400000}, 0x1c) ioctl$EXT4_IOC_MIGRATE(0xffffffffffffffff, 0x6609) [ 1141.790469][T10566] netlink: 'syz-executor.5': attribute type 4 has an invalid length. [ 1141.819860][T10550] syz-executor.4 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1141.887284][T10550] CPU: 0 PID: 10550 Comm: syz-executor.4 Not tainted 5.3.0-rc6 #127 [ 1141.895265][T10550] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1141.895269][T10550] Call Trace: [ 1141.895285][T10550] dump_stack+0x172/0x1f0 [ 1141.895300][T10550] dump_header+0x10b/0x82d [ 1141.895317][T10550] oom_kill_process.cold+0x10/0x15 [ 1141.909494][T10575] 9pnet: Insufficient options for proto=fd [ 1141.913035][T10550] out_of_memory+0x79a/0x12c0 [ 1141.913056][T10550] ? lock_downgrade+0x920/0x920 [ 1141.928329][T10550] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1141.928343][T10550] ? oom_killer_disable+0x280/0x280 [ 1141.928356][T10550] ? __kasan_check_read+0x11/0x20 [ 1141.928374][T10550] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1141.928385][T10550] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1141.928402][T10550] ? do_raw_spin_unlock+0x57/0x270 [ 1141.944187][T10550] ? _raw_spin_unlock+0x2d/0x50 [ 1141.944201][T10550] try_charge+0xf4b/0x1440 [ 1141.944217][T10550] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 11:07:06 executing program 2: timer_create(0x0, 0x0, 0x0) r0 = socket(0x10, 0x3, 0x0) bind$netlink(r0, &(0x7f0000177ff4)={0x10, 0x0, 0x1}, 0xc) write(r0, &(0x7f0000000140)="26000000230047010523000000bb3c0005006d20002b1f000a4a51f1ee839cd53400b017ca5b", 0xffffffffffffffc1) connect$netlink(r0, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x1}, 0xc) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendto(r0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff21) recvmmsg(r0, &(0x7f0000000780), 0x3ffffffffffff81, 0x2, 0x0) [ 1141.975436][T10550] ? get_mem_cgroup_from_mm+0x139/0x320 [ 1141.975449][T10550] ? __kasan_check_read+0x11/0x20 [ 1141.975465][T10550] ? lock_downgrade+0x920/0x920 [ 1141.975474][T10550] ? percpu_ref_tryget_live+0x111/0x290 [ 1141.975490][T10550] __memcg_kmem_charge_memcg+0x71/0xf0 [ 1142.011721][T10550] ? memcg_kmem_put_cache+0x50/0x50 [ 1142.011741][T10550] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1142.022454][T10550] __memcg_kmem_charge+0x13a/0x3a0 [ 1142.022479][T10550] __alloc_pages_nodemask+0x4f4/0x900 [ 1142.032927][T10550] ? __pmd_alloc+0x377/0x460 [ 1142.037518][T10550] ? __alloc_pages_slowpath+0x2520/0x2520 [ 1142.043233][T10550] ? __kasan_check_write+0x14/0x20 [ 1142.048337][T10550] ? rwlock_bug.part.0+0x90/0x90 [ 1142.053266][T10550] ? __pmd_alloc+0x168/0x460 [ 1142.053287][T10550] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1142.064073][T10550] alloc_pages_current+0x107/0x210 [ 1142.069170][T10550] pte_alloc_one+0x1b/0x1a0 [ 1142.073668][T10550] __pte_alloc+0x20/0x310 [ 1142.077991][T10550] copy_page_range+0x1520/0x1ee0 [ 1142.082929][T10550] ? mark_held_locks+0xf0/0xf0 [ 1142.087690][T10550] ? __kasan_check_read+0x11/0x20 [ 1142.092818][T10550] ? pmd_alloc+0x180/0x180 [ 1142.097225][T10550] ? vma_gap_callbacks_rotate+0x62/0x80 [ 1142.102760][T10550] ? validate_mm_rb+0xa3/0xc0 [ 1142.107424][T10550] ? __vma_link_rb+0x275/0x370 [ 1142.112179][T10550] dup_mm+0xa67/0x1430 [ 1142.116246][T10550] ? vm_area_dup+0x170/0x170 [ 1142.120828][T10550] ? debug_mutex_init+0x2d/0x5a [ 1142.125680][T10550] copy_process+0x28b7/0x6b00 [ 1142.130368][T10550] ? __cleanup_sighand+0x60/0x60 [ 1142.135324][T10550] _do_fork+0x146/0xfa0 [ 1142.139474][T10550] ? copy_init_mm+0x20/0x20 [ 1142.143975][T10550] ? __kasan_check_read+0x11/0x20 [ 1142.149000][T10550] ? _copy_to_user+0x118/0x160 [ 1142.153775][T10550] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1142.160009][T10550] ? put_timespec64+0xda/0x140 [ 1142.164763][T10550] __x64_sys_clone+0x18d/0x250 [ 1142.169517][T10550] ? __ia32_sys_vfork+0xc0/0xc0 [ 1142.174361][T10550] ? trace_hardirqs_off_caller+0x65/0x230 [ 1142.180072][T10550] ? trace_hardirqs_on+0x67/0x240 [ 1142.185087][T10550] do_syscall_64+0xfd/0x6a0 [ 1142.189585][T10550] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1142.195466][T10550] RIP: 0033:0x459879 [ 1142.199351][T10550] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1142.207070][ T23] audit: type=1804 audit(1566904026.604:1065): pid=10587 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir582042889/syzkaller.EPHjOp/2338/bus" dev="sda1" ino=16809 res=1 [ 1142.218934][T10550] RSP: 002b:00007fd57ae39c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1142.218945][T10550] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000459879 [ 1142.218956][T10550] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1142.218963][T10550] RBP: 000000000075bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 1142.218969][T10550] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd57ae3a6d4 [ 1142.218975][T10550] R13: 00000000004bfd46 R14: 00000000004d1af8 R15: 00000000ffffffff [ 1142.289639][T10550] memory: usage 307200kB, limit 307200kB, failcnt 3918 [ 1142.306652][T10550] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1142.314699][T10550] Memory cgroup stats for /syz4: [ 1142.315012][T10550] anon 244178944 [ 1142.315012][T10550] file 8192 [ 1142.315012][T10550] kernel_stack 10616832 [ 1142.315012][T10550] slab 17006592 [ 1142.315012][T10550] sock 0 [ 1142.315012][T10550] shmem 0 11:07:06 executing program 1: r0 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r0, 0x8003f1) open(&(0x7f00000004c0)='./bus\x00', 0x0, 0x1d00) 11:07:06 executing program 0: r0 = syz_open_dev$mice(&(0x7f00000000c0)='/dev/input/mice\x00', 0x0, 0x808c0) ioctl$KVM_SET_DEBUGREGS(r0, 0x4080aea2, &(0x7f0000000240)={[0x2000, 0x100000, 0x4000, 0x100000], 0x9, 0x91, 0x20}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r1, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c) ioctl$sock_SIOCADDDLCI(r1, 0x8980, &(0x7f0000000300)={'bridge_slave_1\x00', 0x5}) sendmmsg(r1, &(0x7f00000092c0), 0x105, 0x900) ioctl$IOC_PR_REGISTER(r0, 0x401870c8, &(0x7f00000002c0)={0xfffffffffffffff4, 0x4}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'nr0\x00', 0x0}) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000040)={0x0, 0x0}, &(0x7f0000000080)=0xc) setsockopt$inet6_IPV6_IPSEC_POLICY(r1, 0x29, 0x22, &(0x7f0000000140)={{{@in=@multicast2, @in6=@remote, 0x4e22, 0x6, 0x4e21, 0x4, 0x2, 0x80, 0x20, 0x21, r2, r3}, {0x5e, 0x9, 0x345, 0x10000, 0x401, 0x1ff, 0x101, 0x8}, {0x1, 0x0, 0xff, 0x5}, 0x9, 0x6e6bb6, 0x2, 0xc60a09bbea3095b1, 0x2, 0x3}, {{@in=@rand_addr=0x3, 0x4d4, 0x33}, 0x2, @in=@dev={0xac, 0x14, 0x14, 0x25}, 0x3501, 0x4, 0x1, 0xfaa1, 0x0, 0x10001, 0x6672a07c}}, 0xe8) 11:07:06 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c0000000000000e0000000000", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) [ 1142.315012][T10550] file_mapped 0 [ 1142.315012][T10550] file_dirty 0 [ 1142.315012][T10550] file_writeback 0 [ 1142.315012][T10550] anon_thp 180355072 [ 1142.315012][T10550] inactive_anon 135168 [ 1142.315012][T10550] active_anon 244203520 [ 1142.315012][T10550] inactive_file 0 [ 1142.315012][T10550] active_file 0 [ 1142.315012][T10550] unevictable 135168 [ 1142.315012][T10550] slab_reclaimable 2973696 [ 1142.315012][T10550] slab_unreclaimable 14032896 [ 1142.315012][T10550] pgfault 231462 [ 1142.315012][T10550] pgmajfault 0 [ 1142.315012][T10550] workingset_refault 363 [ 1142.315012][T10550] workingset_activate 66 [ 1142.315012][T10550] workingset_nodereclaim 0 [ 1142.315012][T10550] pgrefill 5460 [ 1142.315012][T10550] pgscan 5308 [ 1142.315012][T10550] pgsteal 642 [ 1142.432564][T10597] netlink: 'syz-executor.5': attribute type 4 has an invalid length. [ 1142.448281][ T23] audit: type=1804 audit(1566904026.894:1066): pid=10602 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir582042889/syzkaller.EPHjOp/2339/bus" dev="sda1" ino=16809 res=1 [ 1142.483724][T10550] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=4626,uid=0 [ 1142.500016][T10550] Memory cgroup out of memory: Killed process 4626 (syz-executor.4) total-vm:72840kB, anon-rss:2204kB, file-rss:34816kB, shmem-rss:0kB 11:07:07 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c0000000000000f0000000000", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) [ 1142.540824][T10567] rdma_op 00000000e7c05136 conn xmit_rdma 00000000d8f1147d 11:07:07 executing program 4: ioctl$SNDRV_TIMER_IOCTL_STATUS(0xffffffffffffffff, 0x80605414, &(0x7f0000001500)=""/172) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$rds(0xffffffffffffffff, &(0x7f00000014c0)={0x0, 0x0, &(0x7f0000000bc0)=[{0x0}], 0x1, &(0x7f0000001300)=ANY=[@ANYBLOB, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYBLOB="17000000", @ANYPTR, @ANYBLOB], 0x2c}, 0x1) r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000180)={0x2, 0x0, @loopback}, 0x10) perf_event_open(&(0x7f0000000880)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000100), 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {&(0x7f0000000040)=""/156, 0x80305}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x2c}, {&(0x7f00000001c0)=""/67, 0x43}, {&(0x7f0000000240)=""/198, 0xc6}, {&(0x7f0000000140)=""/15, 0xf}, {&(0x7f0000000340)=""/54, 0x7ffff}, {&(0x7f0000000380)=""/42, 0x2a}, {&(0x7f00000003c0)=""/77, 0x4d}, {&(0x7f0000000440)=""/244, 0xf4}, {&(0x7f0000000540)=""/219, 0xdb}], 0x7}}], 0x48}, 0x0) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000640)={0x52, 0x9, 0x3, {0x9, 0x8}, {0x5}, @rumble={0x7, 0x7}}) 11:07:07 executing program 3: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff038000000800395032303030264c"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000400)={0xa0}, 0xa0) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000180)=0xf) ioctl$VIDIOC_OVERLAY(r2, 0x4004560e, &(0x7f0000000040)=0x442) fsetxattr$trusted_overlay_upper(r0, &(0x7f00000001c0)='trusted.overlay.upper\x00', &(0x7f00000004c0)={0x0, 0xfb, 0xb1, 0x4, 0x7fff, "08c2195206f32d7eda2073dd25619264", "823ee17d5199dbe429959c7e07a08b589e9095b65a9036bb7c9f2ae39cacc6f86ebfbc21db5d8f1bd431c41b4215e2ab56d69f3d28e9379f187fbd0dbb8a48dc6810b7457e46dd616c246df309f0faefb1822c7471e6d2afae25e201ce29f28e45bfc99b2fca984d8e3216120b2f3b4f7a9fb271347a087550cbde06a2e9eef160119a309663cb39a2bc4cec3c745e799a44cd673d4cb4306d9d9750"}, 0xb1, 0x2) chdir(&(0x7f0000000000)='./file0\x00') mknod(&(0x7f0000000140)='./file0\x00', 0xc000, 0x0) sendmsg$kcm(r2, &(0x7f00000003c0)={&(0x7f0000000280)=@l2={0x1f, 0x2, {0x100, 0x4, 0x0, 0x9, 0x400, 0x1f}, 0xfffffffffffffffa, 0x3}, 0x80, &(0x7f0000000b40)=[{&(0x7f0000000600)="6f98719f7250a084ca6e36011d988190405dbe9ba849d97c83581052630230e9606de2713969d27d1c5345b23d0bd1b9149f6a0a074660113780546f54ed0d2f3d9e61477b8da73694ad2565ee5a28f7137d445c7b8092e309ef197a2cb17b174790be072ecee9e2f4b1a145ce75554915fa1f298fadf3e4a16bc3724ad54d486e9abe70eba70d26e9225da8474a2b3097a2752074b7a2ab4670916e43eb474fbe41a5da2f90727b5063b4d0a79a9af1979a498f75558b42103b819a9223234c7a336c", 0xc3}, {&(0x7f0000000380)="7a851656a934d797f4248bc3093e49f0a0d95de34bf1b923", 0x18}, {&(0x7f0000000700)="3a6aa4fd085ebb6eafc0e3fd91187e3111a0d40db6aa9fc78953d5fd9a8c7aecaf926dc00378a65c511171852160cadde5c48bc76c28f93574d842d39f7caa46fc6576d3cb5643419547727ad831e1b50b44af00ef8f0a1d852783742ae289fe4c077a0f459ae95f684e8c44af333e8a388851980f3daf3fd5176b7fa56db0ce897f9178e1f3e6b889d33dba770784d961e2c4fb5b4dc303678ec6", 0x9b}, {&(0x7f00000007c0)="0ae6973900a6e047cec8cb0160f15276d8a00c2a5326453844e266c2888ce3f7f12906623142501432c71aa1558a860029fb15174518587aa91b68e371de6324e3ceffaa00d5f39c69a37d60ef8d9b131e3b2bb69933dcfe4c35c47c8c36a6c0e6b3d183d2da78ba3927ec166104c452177b15d91c1531826731be7b9fe9a07b067091223a04a31a75d86945a0c1390febf486f35fd5fd502cd6c9eea9c2b706cc3f92471222b2b649b63f6d6ae4d5822f21267e00dae3959dbd32ac38f86e2f5c22e215e4ae1f09d90edce591799d31212fa473f4efbdcc75", 0xd9}, {&(0x7f00000008c0)="92e3ae73a3d6fcd8fba13994071d75d734030135ae0e8d2427db525d763ec9db3740ea6167f1bbd31c2ecdd86a17481accd1781aeea950a2404606f27e4e1c3a554dfe81b4770254a6", 0x49}, {&(0x7f0000000940)="ccf107cbb0e2b4da0a6f6e62ddb2d5341d22e094ce07059d48bab91d4513013a6e5abcaeb2e633ad3adeee2839adc8d73dd566f0aac5dbe381b8f99ca2404003e86f936dc3d662d7588928f2f8897d2400aab85b5a4d4b14115820f008ad87add2cbe58f2239849212a1b921989090e52bb15a04d8c3e585891f6045", 0x7c}, {&(0x7f00000009c0)="83668380fec640b6db929048d19002c28b132d0231278ebf001d698bca7b08399f044d7e15aaca10ed606ec3b7229b58bed06262b2e32c05181dd1c11233f8686328c65720cfb3437950889b889f68", 0x4f}, {&(0x7f0000000a40)="7bf5b8aad480ab7bab7403f8f231959e0c863b560f72cc1772366ad30cbdd7f5ef3ecc8ef6b402183bb1cbb186e1f051e79ca97e04803c0cec0053edb61e7dbba209734b555065a993eeffdabea5bbeda6f61e4e450f8977aa9d7d18a061c53ed6e9835513c03d93d217eecf1af597a009d6c6e1fc3bb3848ee34dc3e77984e54e321bf9a7ce53015eeb5a34499db0eb1b4b0ee6e14d740f276f6508602731c83bae576d865e6861124cbaf68b2cfa88a8114a9274d604c1b5d5fa783b769cb82a000c356d019d8e6313", 0xca}], 0x8, &(0x7f0000000bc0)=[{0xf0, 0x105, 0x5, "d67b3343a8e0ac8aa0d0c3c81dff4a45175ef290fdbbc6b5cd9639a802741c3bf10ca4c521e731489439f2b501e287ba10b8e3d0aeaa511e13ea09e9609c7f56afcca22974dddc88cf52d1b8be34c43fceeff9881a19f21597e5d1d5cf452b28d632bdaea5ba6e52563600302f8c2d78231308c5fbf5264a259b317a3d764c8bfe7436b816da2d1b1bfab6822d5f39a7767b327db9abe578cbdc87f0b555ce2dafe7e3745835d60c73e5bd432c14e07eef2b86e38a2f91644676ed1ae2fdae82d9c36fc1c90c097dbad2ccb01a15ec7e962fc944b479099b968b85e9613ea033"}, {0x100, 0x6, 0x80, "98bb0f6d5858bdbb51773bb93f5f0c4b98c3e397445926b7550ca3292dbea66b5c9eb18001f22f9c234c55675a5d6bb652eb5783dd58b81813288e4cabe07ff13d80c55aa2c4106dea239937b4af18baf07b4199624ca000b561b16ddd3240ec3a11ee5c807419586ca57d167c8c1dd1e6628845b1a03cb2b0abb571b0e6fa4784b8fb4b4445a7f4cfe29e23d27b1c8e2100e3d0a7c8acaf906563bf5a15a191e92511f6f807aae839b1090cc2ba2880f1d83cd106bee9b19d51c669bd6dbb1a537fab09d146eb98af26df16c65e5b8266c231941d8adc2cd9d0404d0e1fe97f6065384e142b6cb26e9c87b1c56a61"}], 0x1f0}, 0x80) socket$pptp(0x18, 0x1, 0x2) [ 1142.646966][T10612] netlink: 'syz-executor.5': attribute type 4 has an invalid length. 11:07:07 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c000000000000100000000000", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) [ 1142.773727][T10616] netlink: 'syz-executor.5': attribute type 4 has an invalid length. 11:07:07 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c000000000000480000000000", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) 11:07:07 executing program 3: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) stat(&(0x7f00000001c0)='./file1\x00', &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0}) r3 = getgid() r4 = getuid() getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f00000004c0)={{{@in=@remote, @in6=@empty, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@initdev}, 0x0, @in=@broadcast}}, &(0x7f0000000380)=0xe8) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x40000, &(0x7f0000000600)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@access_client='access=client'}, {@access_uid={'access', 0x3d, r2}}, {@version_u='version=9p2000.u'}, {@afid={'afid', 0x3d, 0x4}}, {@debug={'debug'}}, {@dfltgid={'dfltgid', 0x3d, r3}}], [{@hash='hash'}, {@subj_user={'subj_user', 0x3d, 'md5sum:vboxnet0'}}, {@uid_eq={'uid', 0x3d, r4}}, {@fowner_gt={'fowner>', r5}}, {@defcontext={'defcontext', 0x3d, 'user_u'}}, {@context={'context', 0x3d, 'user_u'}}, {@smackfstransmute={'smackfstransmute', 0x3d, '9p\x00'}}]}}) write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff038000000800395032303030264c"], 0x15) r6 = dup(r1) write$FUSE_BMAP(r6, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_CREATE_OPEN(r6, &(0x7f0000000400)={0xa0}, 0xa0) write$FUSE_NOTIFY_RETRIEVE(r6, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r6]) chdir(&(0x7f0000000000)='./file0\x00') mknod(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) [ 1142.978832][T10619] rdma_op 00000000d169d2e7 conn xmit_rdma 00000000d8f1147d 11:07:07 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) fcntl$setown(r1, 0x6, 0x0) recvfrom$inet(r1, 0x0, 0x986a7a1a, 0x42, 0x0, 0x800e0068d) shutdown(r1, 0x0) 11:07:07 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f00000002c0)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000004c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x2012, r0, 0x100000000000000) [ 1143.027834][T10635] netlink: 'syz-executor.5': attribute type 4 has an invalid length. [ 1143.048730][T10627] rdma_op 00000000df7f3d78 conn xmit_rdma 00000000d8f1147d 11:07:07 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f00000000c0)={'veth1_to_team\x00', &(0x7f0000000000)=@ethtool_rxfh_indir={0x38}}) [ 1143.125355][ T23] audit: type=1804 audit(1566904027.564:1067): pid=10644 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir582042889/syzkaller.EPHjOp/2339/bus" dev="sda1" ino=16809 res=1 11:07:07 executing program 1: r0 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r0, 0x8003f1) open(&(0x7f00000004c0)='./bus\x00', 0x0, 0x1e00) 11:07:07 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c0000000000004c0000000000", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) 11:07:07 executing program 2: r0 = socket$inet(0x2, 0x6000000000000003, 0x6) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000000)='sit0\x00', 0x10) sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x2, 0x0, @remote}, 0x10) 11:07:07 executing program 4: ioctl$SNDRV_TIMER_IOCTL_STATUS(0xffffffffffffffff, 0x80605414, &(0x7f0000001500)=""/172) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$rds(0xffffffffffffffff, &(0x7f00000014c0)={0x0, 0x0, &(0x7f0000000bc0)=[{0x0}], 0x1, &(0x7f0000001300)=ANY=[@ANYBLOB, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYBLOB="17000000", @ANYPTR, @ANYBLOB], 0x2c}, 0x1) r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000180)={0x2, 0x0, @loopback}, 0x10) perf_event_open(&(0x7f0000000880)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000100), 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {&(0x7f0000000040)=""/156, 0x80305}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x2c}, {&(0x7f00000001c0)=""/67, 0x43}, {&(0x7f0000000240)=""/198, 0xc6}, {&(0x7f0000000140)=""/15, 0xf}, {&(0x7f0000000340)=""/54, 0x7ffff}, {&(0x7f0000000380)=""/42, 0x2a}, {&(0x7f00000003c0)=""/77, 0x4d}, {&(0x7f0000000440)=""/244, 0xf4}, {&(0x7f0000000540)=""/219, 0xdb}], 0x7}}], 0x48}, 0x0) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000640)={0x52, 0x9, 0x3, {0x9, 0x8}, {0x5}, @rumble={0x7, 0x7}}) 11:07:07 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f00000002c0)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000004c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x12, r0, 0x0) mmap(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x2012, r0, 0x0) 11:07:07 executing program 3: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff038000000800395032303030264c"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000400)={0xa0}, 0xa0) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) r3 = gettid() ioctl$sock_FIOSETOWN(r2, 0x8901, &(0x7f0000000040)=r3) chdir(&(0x7f0000000000)='./file0\x00') mknod(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) [ 1143.370148][T10668] netlink: 'syz-executor.5': attribute type 4 has an invalid length. 11:07:07 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg(r0, &(0x7f000000cb00)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f000000a5c0)=[{0xd8, 0x0, 0x0, "32c2314c5d6397726478d100eb4752db53080b3130961ec13e48e2e83228e09b5d67d20520dc4e1bcbb8bcb213dcd7cd8d6a062dc29b33609067eb59c1a260a26d7aa4e07969c2d45de7a0114a401864d85b8730effc55400bf50e2a556588472a60fa2f46f867346a80024c0b48e25f7bf4be0575c41a97773ac948cfedd763f1c020b6c34874afd7a7fba833c4bf05f43dc20d7e9c49e6d48f06cace2731cba2eec463b01655780d43df7746ccf1241c28da9aa617aefc14ef3906c780bd270e"}, {0x1010, 0x0, 0x0, "f0917c7ebe50c18d1ef1c15a2bf50362aa2d3957cd7371cae867f18961cd1ba16c732b626d5e371c78ff83a53ef18d3a83620b5ba2bce1fef5bc03f237453b1eb24033703b39984d4c99797e0ab46ec54e89cde334a13cdc3f824b19956c6531fac27d6885adc22f1e26f866507a208787d2f0d65f73804da5e4a5bbc572379ba5d9591445e0cd0e7c802fd43fe7353999b3fccd207847989acbe7b67f76898cf9760dfe37adcfd9401014938a286cf0d5a4db703807c56c8f63665287fdedce5fcd8eb2f9b904c3bb9cda444093d88665e7b0ef2d2ff89990c9c0a57c7875b74320930909aec1b0c3697089ede3024a305c83fd26a40645de271ad4de779c13382c02f67dcf583e6ca2bfd902f47bcbfe9380fe3dcf6356ed288bbe512493d4262a6836fac95da8af36a7230304d4443c50c8a89bc59ff9f8f9a0b0ba81f176ca1388d2c835fdf3ab93f8ce9da34de419f57b1d8fe111e8d0780465a5abd43f0cb769a14f7f67e5acdf102ebab0d9ad72006f98ebebf5c1677037779858956e021ff73ce38798836180a796206945fccd670aa672a9774073f4522fbf863a108da1bf2dfeb69708d7e2add0e9a75625e96149131e14fbeba4f8cdc7a66600397e3faa0932d43a25fcf64ebf132a5e903bd9726f2b637bd821a33deb8e80ab3d5fc16ee1df298539a485d7eafae100bce1a31bc2500115f51b446bbc9535c562c5241b8873eabf9dbd19f162a3cc4f0004f84cb8bac5440716149d680dc6b381c03c558d7cd918492a7d2e558d78565e7715efcce6101fd5b5f2151e6ad0f6f961652b624fb2749c0de833a7773b3f1984f676fc43dfc1f43950af8d49e2da3d769573396d516f2fd991d32f5aa90d7f6d450f3715c1494f4d9e6971fcd65246219e63ddf623086dc1eb157569259319d00e7b99f9c5858e406572dfdc5c88f83d01d746df0bf6c4daec725ce32d4b889a5a85f3cf3a93d78b22fc433d4fd951e867c9cec1e1431a129d5e1d41c6ee870c6e150a7cb322e00aa2b114324bc5046995eeb74ff971f75950777cd3c4ba44f05c8e8f5926c11f058c3b5661846df933efa2526f1fdb550630d7f5e501269b06a195549038564e00236b7860919aaecd93aa4672be8800a4f058ddfbe54d1969712b82bd7572a812eb22aace0230997f0b1ef87aa8c1e23e257c02026d1a2656e462510655f852c428bc111f144f774687edf3cc9b1e2d96f92ab181c4add9d0f693b108d1a75d57654f2453ee7d34a9d57c09007269f985f4c16d76d11b8f96e947ffa3961d0067619bd0f75a9c5d2d58e043cef6b83022393310822941a1eeb81f6728f1f3c73dde521808b86d574004fcd573361f3fb69c51b7f316fd4b525700b5bab6a2ab8b4915f776d735f1a603abf99115378360b139d27e7748936c743b6161c73ae5ecab7f36030dd547e6af8a8c45f12f9802b35c25feb7aa575b7d02c1666b0a804ed3f77e5ce53ba4dab1abc728ca5e53444fe27fa3be21d6883f03d6aaed97a9a3e2dce75ea722addbd8520bac42af172eead61d8ccebe113d9acd6efa909ddc27aae21138c7cfe04b716dd53bc5f2b56cb58a60de6e14546f9240a8b810a334413462377835466d1526830f8b211ad2db86bbdd9daa4cf54999a2631a1f481fec9b132c3d6cca7cf4c14b96b217322ae89a09130c36742154a354232290eaf181d1c67cf35d67b73661f28db89820cd58110dadc11537da9d4f3b1196bc856ddd200d4d8d465c1eeab535f6d9c2236496a0bf7e1d09f105ff219ca4be16a377e8d390152e0770859444bb1b6d588c14d15f0863644e9570a16ba359c7d8c8babbfef69974d70992bf244bc4a2aa861c1eacf138454a6d4713f0bb277b4aab68f5f66314ca69c38b6c77f753d01ce5f0f91b5fafab18ec13096967ac316e61b4a3694037a1fac8f100e0ed3d8ed5e6a40cfe9fc8135f63d682e0c5fd0e9214f3d9d72eebf2791ce2e71ad9b266411148259a115d1dc64eafde40a94085fdc92dbefd3189dfce43cb0068911c0bdb028645699e159958922161561252ebaa6af652a5ac28285badbaa9429620bf41bd81ebab834841a03637adca13fa5e60f57732a835619b3f4ae1b019583b8400b60b619f8d841ea9d5f30831b5d88df6c38bc53271b6d9ba671e5ddf656b9b7647c5b01ce4133f6fa85e3eb4abe30c601fc9f22478101bd2a6d6749e40168fe6177f560cb6eab071235beabfda067a4556116633a4670f7a3b134abeea4c3db2cd0b1a2ec8e18c13fc2fffa8d8581b0a01d19c785262bc8060d2c393f6ac9d60076467008f3eef4b52236e03a154a899563478037dfcae4e043d872da7edc86ce55842bb56d1a9144fa521ebf083a0fdeab52b0181700540732987304b55833415f817941bbe589ddf8166ced68caca9b72931287ad7dd6939de92ce2c4e18de60d6abdd068a963db01c4deaea4f316275ffb54de3fc7e880e4b5d31da9e1c7932d0feee85d30be835937a527c735acc1fa2a775cbcbf1e925c9b554c867efbf20ab25cf467ded4ddbbcc2b20388fb8668c8977799d770a626dfc03041647b2d2e77da00d2392653ad4425afafd7d21553f5a0645944300d900d111fb6b3c99ea9edb225b2c171007f3b35e763a863e12ab6dfaa44f6e8fc989173bac446b0a71ed331a5dcb6b152f0023e66ecbd84661bc2635e990316f8de1148bac744ff2fb674e1693bc2471b96182e4354233773d5da4ea6d0213a6c9fbc1c183ec09f85eee4d08ab02d88f1547d93eedd7dc3e5e9b86158ccbcb8218fe061530b6562934dc328d1f18e364040bbbe57cc3be12cd13aaed9c8f903b31f9836269c519043ab9a9ac7ab01c2cd37ed8c06725f9ce6a6f0ce2f7764a14fb336fb0c6f884e5c53640b458a6524840a8620c8a6b3125ab67351d2f76ed99a0885ff58d2c2c9b90753741ac0db78a6ded4a9d32b9fc471a4611f10626d7970345d5d7eea33d78920b5952ee878ed0600983fc6f843a98c296f2023dc8b7bd81fdc1a9b52fe1eaba7dbd2c3bd8366915bd6451e9ed1a7cf7011f7a9b6f789572965a07f7c7ca49ce672ce194849753954c8d123c1428a55401ca885d04b3c832fe1d7199092d5057fef0916875d34379c9f64f57059cba0578b5d22ec6dade9c417108a9a7adecb4951b8f197bc080a44fee403a7b4ffb8c7c5c6a5cd9fdd3b7ec8e8664594a7c68514f504ab720d5359408327a93d4f7bf8d69b1c37b04236f7be1ed85cf693b1debd85e9edd00281d11904d2981c310686848d861c67ce5d629d554d16bf9273306151585d8eac89b7556fe9a803253eb8bda157173e6386f23c0683714719f742a34fa5e46e55ae04afb0daf245fff62bc72a61f9da6112d0b5ec072de703ca384f3f67a1c9d95795e18e1e234e8487743e526c9b2e2a8d711b0786821afed5474b12c9e3dc4a369b4e144f574f91f89286d6275d7957054765e888d68ae03443f2425a47414cbcbe65c83ac1f37300bc5e994d0d705acdc80f5a283b2100e973883039d99dc09eeb037efd481fe1fa8dacaf52f4adb4e61c8db9ab48a6e3b52ca82e026715bb7354ad0b3d897d077ca1d3bac626e6dfad0f7659c2e849c23e60c9614c49c0a296b38badfb5620db7d69401652a6a6f19261336d0f38faaf7fc9ae557e1453a80e1820f52189f7ec64adde3b19516142cb21ee7c0b3b3947d1d952854c59d90b9a747e4279e30d2dbfe810d2c70986bd09e4ffbb206240a2535b370db5c61e5e6c99f17e93bb4042b93e892137d57b64e1dc943a61e1ec078cdae859134713d408621bee3226478ca337675c74375c4d7f94f9cdff832ed8b2ae27b4bfa04a7f579e862ce0cc80160aa463161fe5c31a6b99d9001b39e09f1adb8f2157d17402b5a40d2df9f9e2f171fb6b31e63162f5e9038b83fa7aedbbc76c5bc5f79c6ae708aeeeb17bedd3fc23d2d42eff4da499eb552bc69bcf5f82866baaea42235b1d7b4d746bca1bb3ea19c9beeb4dbaf7aa67adc415477634eb24ce2231ad0eaeb13691453615c437b376449053231df28f26d600873ab530be7178a3e3e78c5eb49c0ca51526498ab53fa8746ebcfd9b0f025992569f6f77bf0b7d6efac0970c078f23e9d2543c934628d7e8bd291c947cc009ee3f94524db3721b8fe27fc582051b374b7ee365072bbf497b407052aa99c644689f60793f3fce46860c40e28d0b512e45d3bf448325047ad888ae99015d4f0d8a8e5ac8cf4b4f5ae3cab8e9bf1aaf4d28f82369be6713592dfbbc85fb0173d0ab94b013f8b838bd0d3515c37c99913818dbda4a0be54d4e42832370f3702e6e97768805ce073f16152f75409a6057501d66878f425f3fe505f8f8b37d29e58aa79ca7eb1c9d5da2f9f8c5eb7b95956a2cc15e67572e78d17d75265ac294cdc34bf17fbca7ecdf1f7393ba38d965e3d4e23e10b8bdad604433690acd6b0cc4126567fe6f0bc8160809c1b87da031c28e068eacbf4af4294b93c0a066889e69c290f90a4eec1210d62d66d27dc5a394e1fe0fc88c3eb1605157a933e0084d2609b457b91cacd80412cec8994a5e440e4487e1826ea7ff27df184e15c6a096f051e9653600e7d6803b878d4ecdf86ef6418b1d499a0a8989d87c1aa0334da1f7448789d910704a41fbb24142d05a03638ebfdebbf89f9bef9f19816c7110fb2d8a06175e0822be93750302236df04b0eb49a7742081cd9aca32d3415395a06f9315139a0672e5d3ace075dc96cb532cdf3b8a0968add8e99c9d4e02a28e1659921ed263c4b221f9ad49675119041cb43bc74c6df52b8cbbfb44d72e05fd1c4bb0e9a7d0d703a44190b2f758d65eae759387e3082b2592592d4f4567caf2707df86a34e04e1aa6fc24b7c40ce4e18be2faff9a6bd41026257a12a5084c40cec7a956839c4f84baf2a03343e359295a459cc1fdaa044d1ec8079818bc53459619da09b2651f92db27d95d9d9e521ce2fbad9233ea2ca4710ad69f9b1aae349b877e4802070974d7da419bbfbe0223968d943c26aefe03c3094bd3c2393ec6a2048cc2e1f57fb376de176ac5964f97c612a725ec55ce22d27396cfdb29b25ca40589843f44011546b33906de51dd4530a53212975a25ecf41b668c9c4e2c56d2803798869b48f43154ba6fee9a3a6c1729db2fdc8704831706ddd58bae605006f39da32fcccae5af8e1d4e4c3b27bbf2915d875220c50cf79291e0327280b8fd07200d5261b9f50b7c78cccba42f745bd720b4802b55b1023403fc1a29b91e3e6827aa17862642ee282cb34e5895e2af0c05cd379f182a6abf45e6c3f0ba19e59b7bf331e49ac0de7f4893b390965661cefa42e48e69bed56fe10567a406ec037f14ad22d8d8edd58e6dad0cc2f7087dd9a76f348adaf49adcefbc2eedbe97060728d9b7c879bb841436386d66df1317865cfadb08dfefb5e4dfac4c12004906db314d894c644b8ae62c0fa4c7f9393c181e4b68c8e4a9add44afab0e196a754b4edbab038613a9113d69a90b943dc8d1b7c2574361532a32b565286a5ab4a2eefda3ca5cd09306c5e570df7c27d6500e24d4517405e887069b0e08f9fc0d81b95b6711158a3aae0a48307ccd93de3d5cc32aa16cb0f82ee9809b6cf6e2235cdede6032854dd77aaaf7d7b5d233dc5d26a2f74180ca1b2fed96cf3d15445a23e5fe5bd9e1e92cc6bfb623d4f9a5f688f89235efb6d0a3d19fbce9e0b7e9306d46a392f23329900ab0a27b5124c8582cefe7ebf0906f8ff134f9112b55"}, {0xa0, 0x0, 0x0, "c92c92673cc0598739bac5ef4b0bc652cf1901f5feaabbb178f426d4aae3ee344a46d6527a5f0d5466185c72a430c84c0ba502052724dbc83ff6ffab8c3052d34e8f11469ae3c2443ece798c3df8fe5e109de5e1af3f99c10ba961bf8d64d716cc615b69263efeba3f31e3237ba1f216a9a768c892865954bb9609f426cd5018d4da85dcb474597c64"}, {0x108, 0x0, 0x0, "0e79907e84109da395fa91dc28a2cd7f48e8884f919bd8344c9700d4f40d2e241311c27a92f090038438be747de632b9a6f0deb94afc0434c6faf9685b0b55215b992b89a323ae2eeedf51ec95a78e39b34bf0631decb6ac3eaf6a886353f49e7173ff2df6b4b3bb2c1c5e477ba23be8a353d21d4246991fca45895fb1b1e8cd417cc3f5fff8b171e241734749db9a9811af884aa01418a42626951904df093c663b41e828a214b8a6e682994bb2d66d88963bb9ee8775a1b246db2a8ecd369c0387a2544ff92e2976c3e04b966fae3af70e066d23df91f444c9e139f0306bf6ad1d002c30a20e35b3988e5df557dc2137"}, {0x98, 0x0, 0x0, "62c71d6ab9cd1d1d899c5bd2be032e8ff5a92627c3dfb9e9dfc44092939e5b38f936d3442e5968ccb9712842716b5249f9f6b62baf20ca748ffe11bde0a0d0890821e0c3ee215a87dedb429189259ad50c04830adb34977f85460a0dcc3f8371e37f09e4ab22a53651c914d2e0a6ab082d6e248b08423d433a0fd6a12b78372965"}, {0xce0, 0x0, 0x0, "6dfd65a3ace8291fb786d4667b736ca548b32ada6f696d45940d1186a9746efa715f4c6c3ebade71ba1ae932528daa36e2399976b16ff8046bdfd843664f26bdd6be4d91a05abf80f98fc5d549412a5fb2ec35da1707cec63f8ba033b4503ebf5cc57973d1616a5b41599b93851932a4612e9816ce486164912a78f6206c250b5c3933595a1587fa6c6fa4e5ddce8e6b31d0259e464db6da0cf3ef078276f7f01276127ce36dab88d2e9da33e4d0534a72c1b814f041df16e698657c85fd619d44370016b91adfe28467d5b9f0d00012fd9b5ab9a81d28dc049ea867263e62c7f26dfbb4400e8516abd2b59ab9375281364d82d52ed33e940f609ff51e5b1e75f28614c2a31b1b031d11c5d6846ba3b053988609c65b1617fe0972690d09ac20f0391748c62615abf4fe9574d99e12df6d718d4220f1760b8e186165d48d754e8ab456dcbc4a8ec249f43e8af44f1d673a99b44c8a52cca2c26dd70eb1e4da3c0f3b36d6ee30abf4ecd4a4a412bd8ca4fa9daea215e5191142c3f3e6455c87bb3b9ce7869e43e914aa6d5507c356092893fe8e8353883ffebe4cba3b558c09867a383d487ed842fba3ed2ddf38ed6da50e13a3431ef2a35f216047cf8ac1f28ae3dd03d02381847b7d961eeedf4c1bcc5712541d9f5575b1a0879564ae9af627d6dc5444986c5dba6fa2f9e1605d11a7f64bd5c76db236c8881625ff94afee7d315618f7642ce5fb74af3129fd3f3ce26414e19ba07e5eac8c42ab9be288eeae8c8830068e0d6523e43d8de34c8d1391cc13de4d9a903ae88c9baa9ea247c39de7afaed07c2fc81736064f8bcaa38f1da8015a6dc3f96da620c46d530c490a8a65a03c6034b371842896d352811e8a22ef3a15a6405b753f01fe5a4e1981b7fd03470aec5df457d32b2bf64573f09269f4d51299f6964755f383b0bc56ea14dfe6e08f2fdd1209398d8322047c7fecbb72b012554f4c9e81874321e22f76acc96a888674a4894de5b9bcf3cde8bd6653b97cf4d11984e516a5f68c3f5b045877058a6cae332750e121456d73333d0528f8fc7b9b914f476aae5eaa7b57584d241e08c8b835193a08b1624a09cfe7fa603ee96b09384442cb93da2cb6265fdd8019642a9bb57f60e31462fb9c6be39bec49e741d823b7e96ac18da5b421af5505fec7c71f5b1fa6e5ba423563d6f4c9f9eb6a85dca4bac3d778d6fb6ee6e91882a4bcc3fe89dffc8ab8e69af1beaffa5e23eba903bc4bcb6f8d9b00e05c2e3e7a5c0683dccc5607693e977233ec2b61256e91892aded3ffe5eb8d91cbd3e93e1c1d4ab1cfe484599149320da50c74524f789a2d1981aab5cba66592d4e956bbfbf7a9860185fa408a562be834a0bc1aa767192b9c5abe9a8fa8aca239297078a1f0a003921503999083fbfd5095642dec75930dbf3773250e2edb80c2003cc480603544f973d44beb58dc3ee269c4fd5c37c14be7aad9785c69f931d4cbc272dd3e42ba8e8abcbfbf61b1c80c02422b35936e82caf12b31016baac7aa36620a72c99e2bda458172590dbb6e061132574b51d38f34d191e72ffce041ca13c471fa4f0461ea0889b63887a9fff9ad22cc7d968557647ce78c89cc64817d7aad5d86e753f23811226fafad1b7e4d6e6fbf0b8e3a531d6c063e9404e835147bafc948d51d62065aa6eb36eb3b185c6e6306e61e78b775c8512b7955b78519ef16feb7efb5fb62cdf32ede6279b813f27379ab360c4fc75cfa3a4289b17901b557b91eee72068890b192c6bb9ff21629bbd96d77033af9285d588c1334b7543aaa4414cc04c3ebd240acb39150e0fd42ecf83730738b94451156d22e79be6e59168e68e4be35f070f8be32185dc71a9231152b5a3214d31370d365b5edf024105bb931c0ff1cb6f1410c5246d81efae83c8b036e4439bd298ceb21b8b837c65e5f577554198bc44d0c9a999246e911b10d25b0e3ba0d9a2e4b544912b35f26588ba3e6e1c1200de4ddcaa0ebc800ed60169aa76d282b16f0fa8c313d53cf9ffcc375bdd25559af3d13ecf9d63a4c0b0944a8b4b35af907c01e7d630ce6aaff4587e6aba3e1764055c5dbe45ff0a844c9e97521a399b9b7ad9863bc79635a144231edd5b2b9e91c1d646478d9fbe5662d167d28b0789de45b90967d534c6ac6ff67d8f7b828d31e7e82eea1bf21dac3c88cfabdaff91e4496870c53192325c953fde8efe0b774118f869cacfd17ad5e2a73bef6810f5a8fae0b8866debb96f08a0ad306cc5dc429d6ad005760b33e86883d472fc5cebf532a164f3b2ec79b1e37acbdec38b33dac91747743fdf79ba18a5bbb8f37a001369dc6680493c31bb4d324eb63f29d499857ee0bb6fadbc0626884c03754648b113816de354bb37337506b8963469902719762549aecab59e1d2530fc791628a2b402443e9d9170460d07a3ef8b8154402907757050c0be0572212047c30fb46f228e14ea748e16e23f227705c7595d1cad91d4810d8f7b0c884013c7c1006d655235bf869600f106015f65f5245127ef78a46c681b96ba9d829064ef66f6f9e9b6faafb4458443bcadac644e973aa5beb37c5666fccd137173ccda91efc307ed10cc9c8255d771963b6e491ac688797eb4140d14306d1d2bfac64784a0a0656ed862e3a148c18077831cd52143488b99194d7cae18c0ec4dd0a2fe3ee5fc44883bee746a6bdbb65f4b719c49f4d6d90722f5cf881615adeade6e94f459507715d082a53c0a4ebffd0bd22b58037711a7c534568250e69ad5b74db6ef8a880562cfd82830d532471b74029c963e11c26d737dbbed52fc228b66df52a22b3c6af734ee5c069b96c3239e3c5f8e63d51082ad0f3823a7048cece3a8ccfde85a1abc1c5664e8564a897ac8cfabf0fd16ab513691054cea3ad1a19a4beab13ad3f193f1608aad268636aef6010b1f1d8e5b0f3604a8e5b35018904b44fe8e7822c6209849b82e0d227e67a492aa35bd7e54d9b357041a22142dd467a330d4225056cf37cd7be25907097d227845b3072dd24d47075d0f93666dbcf052b8a010d52cc5019a12ae305b1d818dbf21fc4a5d4d5d7095a9444be6b199068751046afa8fd3f7db7c3d73cf74a69b8b9ef1ba25a30470b0981b474e272880e05517b4ef6c54493a28097eca988e50831c8a7ace52ce8a074c68104eec5fc13fcb80103e253c49e9fdf52994a77fcda58581dc0fd5e0661599cbb4579ce9abda4fd4c4ac8634140ae29cdede3801e3ac3f01577871242241a013b31bd8969009bc150715b95f638acf92de6a80dea94e3b66428f242aab66d0db7de48bb8c01648ce2ed1ed8d9d4aff2d63ca3257c2b24ac5d7c54f73c26cdac5ad783ef6b7c86a6b462ae3b70f72edaa2b131a2f33cd9855354a3fdf739425878903949c1d8767acaa01178947e6bba283e7130b5964914fdab693e04167f11f7b43cc814e684111bf524a5e2a1d27ff1bbd7cfd075fa2278ce46943e804ffac9a90fb7f7cd3003fa22f948b776451e0ecc7b5aa355601985030888591b5d840ca6b1869215ec1f286cf469ead0e71b843c6ae37d15d89c066e94548220972141ac77f85ee5299eed24315a6631b41a40a644498cbd732434bd6445b787a9d437379b3ff4faa8bb9895ceb40fc5a827545fa275ca92cafea36d9833ccd1f78128f00f5e7bdfbf06692ad865909076d7c62310829f52f94aca34f549a8cd57e9631e0b725f09fb0331fe2816bca3755210036f307c663b96781e17c2a4804bfd7d50cc4b47b1e7ed32926ee214ffe315c1dcfb29a9d18a6752b05104d9df0dc7ef2ac876e4057f30972a0e73c3a09860e31e9bb7123e89e0e90042c0da52e374a034991e4903823c477e3a3910153f748b3940e1df7b286176d746ceb82c463e5474a74b5fcee06127d8d059a1fb464089bd7ec9628534b0c5fc41cc7245642bd9ef56fa4bf3261e4baf6bd3d239e46f5d39f7e0b017d545414855796670b3698e2219cd58910eee732b82a9d8590841c0e1bf804825c250677ec2b654848c292b43259f89c64bcb0285c15dd26cb1491a73670b38d438dcc66688dfc7e92c321c3ff2ab3f435045949398378957f625d6469f29ac23f9107ab9106a3bd7a4b083cd8cd83017278c07d4b30dfb517979e3265eb6df2b674b1524d51998810d9bf30a98882a0e5e6d5471892ad988d1e304924f44a209b1dcadec224b9a904cf337670e063398e53d42983cb2b7082c8525d2d78c5a2389d591eb7c3173536eb705c58202b955f6f3018750db4d24e76f7dc6a55de1a9e3de0d9017d46f210c3df5c68692afe79650a5eaa1246d44c556e7b0bf267045159fec9243aa542134ad186cf0eeaee11bcf683b900cefab8ec1350a7dbc22b9aa94f17cb3dcc536de15e7716852953445eabc5ce7ad863b9f10669526a2b56162523a96d9437e6a8df2f5926bc5f162722601f8c1ef107b046cd861897e68b3688403f9d84fbe332b2e5c7186932355df92a6496d2030e3fef9102642576bfb16cbfaa00880dff2d3a269f384d9969e31d076ed8a65a90f59d4be048c37db235828a14aba32f7307234020f04af4e9d0ce3dbd502deee0fe25cf6a6978a6c6f2e5d5c5a5ae0320305aad6f1"}], 0x2008}}], 0x1, 0x0) [ 1143.410813][T10676] x86/PAT: syz-executor.0:10676 freeing invalid memtype [mem 0x00000000-0x00001fff] [ 1143.439275][ T23] audit: type=1804 audit(1566904027.884:1068): pid=10681 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir582042889/syzkaller.EPHjOp/2340/bus" dev="sda1" ino=16762 res=1 11:07:07 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c000000000000600000000000", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) [ 1143.499238][T10674] rdma_op 00000000c1435af1 conn xmit_rdma 00000000d8f1147d [ 1143.539243][T10691] netlink: 'syz-executor.5': attribute type 4 has an invalid length. 11:07:08 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) recvmsg(r0, &(0x7f0000001480)={&(0x7f0000000000)=@sco, 0x80, &(0x7f0000000340)=[{&(0x7f0000000100)=""/156, 0x9c}, {&(0x7f0000000480)=""/4096, 0x1000}, {&(0x7f00000001c0)=""/155, 0x9b}, {&(0x7f0000000080)=""/16, 0x10}, {&(0x7f0000000280)=""/192, 0xc0}], 0x5, &(0x7f00000003c0)=""/121, 0x79}, 0x40002121) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = openat(r2, &(0x7f00000014c0)='./file0\x00', 0x28080, 0x84) write$P9_RLCREATE(r4, &(0x7f0000001500)={0x18, 0xf, 0x1, {{0x1, 0x2, 0x4}, 0x5}}, 0x18) ioctl$KVM_SIGNAL_MSI(r3, 0x4020aea5, 0x0) r5 = msgget(0x3, 0x0) msgctl$IPC_RMID(r5, 0x0) 11:07:08 executing program 2: ioctl(0xffffffffffffffff, 0x0, 0x0) r0 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f00000000c0)={@empty, 0x0, 0x0, 0x0, 0xc}, 0x20) 11:07:08 executing program 3: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="9e389bda65ffff038000e40080395032303030664c"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000400)={0xa0}, 0xa0) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) lsetxattr$security_evm(&(0x7f0000000040)='./file0\x00', &(0x7f0000000180)='security.evm\x00', &(0x7f00000001c0)=@md5={0x1, "9ee05fac7d5d3bb682d2441e8bf186a4"}, 0x11, 0x3) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="7472616e733d6264067266646e6f3d", @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) mmap$binder(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x1, 0x11, r2, 0x0) chdir(&(0x7f0000000000)='./file0\x00') mknod(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) openat$apparmor_task_exec(0xffffffffffffff9c, &(0x7f0000000280)='/proc/self/attr/exec\x00', 0x2, 0x0) [ 1143.648478][T10699] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable 11:07:08 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c000000000000680000000000", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) [ 1143.689554][T10705] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 1143.759773][T10709] netlink: 'syz-executor.5': attribute type 4 has an invalid length. [ 1143.902354][T10714] 9pnet: Could not find request transport: bdrfdno=0x0000000000000003 [ 1143.914769][T10718] 9pnet: Could not find request transport: bdrfdno=0x0000000000000003 [ 1143.924140][ T23] audit: type=1804 audit(1566904028.364:1069): pid=10720 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir582042889/syzkaller.EPHjOp/2340/bus" dev="sda1" ino=16762 res=1 11:07:08 executing program 1: r0 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r0, 0x8003f1) open(&(0x7f00000004c0)='./bus\x00', 0x0, 0x1f00) 11:07:08 executing program 4: ioctl$SNDRV_TIMER_IOCTL_STATUS(0xffffffffffffffff, 0x80605414, &(0x7f0000001500)=""/172) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$rds(0xffffffffffffffff, &(0x7f00000014c0)={0x0, 0x0, &(0x7f0000000bc0)=[{0x0}], 0x1, &(0x7f0000001300)=ANY=[@ANYBLOB, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYBLOB="17000000", @ANYPTR, @ANYBLOB], 0x2c}, 0x1) r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000180)={0x2, 0x0, @loopback}, 0x10) perf_event_open(&(0x7f0000000880)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000100), 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {&(0x7f0000000040)=""/156, 0x80305}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x2c}, {&(0x7f00000001c0)=""/67, 0x43}, {&(0x7f0000000240)=""/198, 0xc6}, {&(0x7f0000000140)=""/15, 0xf}, {&(0x7f0000000340)=""/54, 0x7ffff}, {&(0x7f0000000380)=""/42, 0x2a}, {&(0x7f00000003c0)=""/77, 0x4d}, {&(0x7f0000000440)=""/244, 0xf4}, {&(0x7f0000000540)=""/219, 0xdb}], 0x7}}], 0x48}, 0x0) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000640)={0x52, 0x9, 0x3, {0x9, 0x8}, {0x5}, @rumble={0x7, 0x7}}) 11:07:08 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000001680)={0x0, 0x0, &(0x7f0000001640)={&(0x7f0000000000)=ANY=[@ANYBLOB="f00000001b0001000000000000000000fe8000000000010000000000000000bbffffffff0000000000000000000000000000000000000000020086000000000055c20ca0faf4b67ce5b18ec795053f3ae2183fd0622bc9c786bd6a", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ac1414bb00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00"/168], 0xf0}}, 0x0) 11:07:08 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c0000000000006c0000000000", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) 11:07:08 executing program 0: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='wchan\x00') read(r0, 0x0, 0x0) 11:07:08 executing program 3: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000180)=ANY=[@ANYBLOB="150000006dff61008000000800395032303030264c"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000400)={0xa0}, 0xa0) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r2, 0x84, 0x6, &(0x7f0000000780)={0x0, @in6={{0xa, 0x4e22, 0x3, @ipv4={[], [], @rand_addr=0x1}, 0x7ff}}}, &(0x7f0000000840)=0x84) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r2, 0x84, 0x66, &(0x7f0000000880)={r3, 0x5}, &(0x7f00000008c0)=0x8) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0xffffffffffffffa2}, 0x30) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) chdir(&(0x7f0000000000)='./file0\x00') mknod(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) r4 = fcntl$getown(r2, 0x9) perf_event_open(&(0x7f0000000700)={0xbd38b06b3b360ba4, 0x70, 0x7172, 0x9, 0x4, 0x8001, 0x0, 0x3, 0x400, 0x6, 0x80000000, 0x6, 0x5, 0x7, 0x80, 0x3, 0x7fffffff, 0x0, 0x7, 0x8, 0x9, 0x7, 0x8000, 0xffff, 0x1, 0x0, 0x7, 0x6, 0x8000, 0x0, 0x400, 0x1, 0x4, 0x8, 0x400, 0xffff, 0x8001, 0x793122e6, 0x0, 0x3, 0x1, @perf_bp={&(0x7f00000006c0), 0x2}, 0x884, 0x6, 0x4, 0x0, 0xad, 0x4}, r4, 0x8, 0xffffffffffffffff, 0x1) ioctl$BLKIOMIN(r2, 0x1278, &(0x7f0000000680)) io_setup(0xffff, &(0x7f0000000040)=0x0) io_submit(r5, 0x2, &(0x7f0000000600)=[&(0x7f00000001c0)={0x0, 0x0, 0x0, 0x6, 0xffffffff, r0, &(0x7f0000000340)="6fdfb972dcaabd2e9c5ca805c0bf8a982c10fc8e2301f0fec16298cba855b4ac652203a1d1456a8a271527a5f63eb91c4bbe395e230f5378fc4dbed590afedc896d0c65e4dd19deaeb816061df0ea894b41330599ce0e225dcbf1d1679da2e091ef8e67243c76a4e1cdda7681d8128f4c1fbebc449e5e4ef1987f8d37cdc8d67ad898c808c96c3977265e024078b8e51a0153a3a88ceceabcbf7719bd6d2", 0x9e, 0x7fffffff, 0x0, 0x1, r2}, &(0x7f0000000580)={0x0, 0x0, 0x0, 0x7, 0x81, r0, &(0x7f00000004c0)="277a035f77c217783c9a6b85b3e3e434722e59b35518f761231662cf593c5d74d1886db4a4f4d5f021bba9570423809ab1c2ef4a3f6cb991ccb02b98201c98bcd99b05965e29dbbc29dfbc575bc31d1d2104475ca874556eba8f160063b2050375d0a300e50fda019bf756d24dcffe3c106143fb56c9921afaafabf80050d34e742e18abb1dc76332638efc0c13670e98d843614d3dc9b357cc24a7d1225e69780c89aaf1621841b1e62cbe2e5566dded558f096c75eaeab57d58fec673ce2", 0xbf, 0x7ff, 0x0, 0x3, r2}]) r6 = getpgrp(r4) ptrace$getsig(0x4202, r6, 0x6, &(0x7f0000000280)) ioctl$DRM_IOCTL_AUTH_MAGIC(r2, 0x40046411, &(0x7f0000000640)=0x7) [ 1144.032219][T10722] netlink: 48 bytes leftover after parsing attributes in process `syz-executor.2'. 11:07:08 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ptmx\x00', 0x0, 0x0) close(r0) 11:07:08 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c000000000000740000000000", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) [ 1144.081766][T10730] syz-executor.4 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1144.099877][ T23] audit: type=1804 audit(1566904028.544:1070): pid=10733 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir582042889/syzkaller.EPHjOp/2341/bus" dev="sda1" ino=16762 res=1 11:07:08 executing program 2: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x94}], 0x10000261, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000080)='net/igmp6\x00') preadv(r0, &(0x7f0000000480), 0x100000000000022c, 0x6c00000000000000) [ 1144.194719][T10730] CPU: 1 PID: 10730 Comm: syz-executor.4 Not tainted 5.3.0-rc6 #127 [ 1144.202825][T10730] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1144.212886][T10730] Call Trace: [ 1144.216164][T10730] dump_stack+0x172/0x1f0 [ 1144.220488][T10730] dump_header+0x10b/0x82d [ 1144.224901][T10730] oom_kill_process.cold+0x10/0x15 [ 1144.230000][T10730] out_of_memory+0x79a/0x12c0 [ 1144.234668][T10730] ? lock_downgrade+0x920/0x920 [ 1144.239513][T10730] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1144.245749][T10730] ? oom_killer_disable+0x280/0x280 [ 1144.250938][T10730] ? __kasan_check_read+0x11/0x20 [ 1144.255962][T10730] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1144.261493][T10730] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1144.267119][T10730] ? do_raw_spin_unlock+0x57/0x270 [ 1144.272217][T10730] ? _raw_spin_unlock+0x2d/0x50 [ 1144.277057][T10730] try_charge+0xf4b/0x1440 [ 1144.281467][T10730] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1144.287000][T10730] ? get_mem_cgroup_from_mm+0x139/0x320 [ 1144.292527][T10730] ? __kasan_check_read+0x11/0x20 [ 1144.297546][T10730] ? lock_downgrade+0x920/0x920 [ 1144.302391][T10730] ? percpu_ref_tryget_live+0x111/0x290 [ 1144.307929][T10730] __memcg_kmem_charge_memcg+0x71/0xf0 [ 1144.313378][T10730] ? memcg_kmem_put_cache+0x50/0x50 [ 1144.318571][T10730] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1144.324101][T10730] __memcg_kmem_charge+0x13a/0x3a0 [ 1144.329210][T10730] __alloc_pages_nodemask+0x4f4/0x900 [ 1144.334603][T10730] ? stack_trace_consume_entry+0x190/0x190 [ 1144.340416][T10730] ? __alloc_pages_slowpath+0x2520/0x2520 [ 1144.346136][T10730] ? __pte_alloc+0x1b5/0x310 [ 1144.350715][T10730] ? copy_page_range+0xef4/0x1ee0 [ 1144.355731][T10730] ? __kasan_check_read+0x11/0x20 [ 1144.360746][T10730] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1144.366975][T10730] alloc_pages_current+0x107/0x210 [ 1144.372073][T10730] pte_alloc_one+0x1b/0x1a0 [ 1144.376568][T10730] __pte_alloc+0x20/0x310 [ 1144.380889][T10730] copy_page_range+0x1520/0x1ee0 [ 1144.385848][T10730] ? pmd_alloc+0x180/0x180 [ 1144.390253][T10730] ? lock_downgrade+0x920/0x920 [ 1144.395092][T10730] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 1144.400799][T10730] ? vma_compute_subtree_gap+0x158/0x230 [ 1144.406422][T10730] ? validate_mm_rb+0xa3/0xc0 [ 1144.411084][T10730] ? __vma_link_rb+0x275/0x370 [ 1144.415833][T10730] ? __kasan_check_write+0x14/0x20 [ 1144.420927][T10730] dup_mm+0xa67/0x1430 [ 1144.420945][T10730] ? vm_area_dup+0x170/0x170 [ 1144.429559][T10730] ? debug_mutex_init+0x2d/0x5a [ 1144.429575][T10730] copy_process+0x28b7/0x6b00 [ 1144.439049][T10730] ? __cleanup_sighand+0x60/0x60 [ 1144.443976][T10730] ? refcount_dec_and_mutex_lock+0x90/0x90 [ 1144.449780][T10730] _do_fork+0x146/0xfa0 [ 1144.453926][T10730] ? copy_init_mm+0x20/0x20 [ 1144.458418][T10730] ? __kasan_check_read+0x11/0x20 [ 1144.463447][T10730] ? _copy_to_user+0x118/0x160 [ 1144.468203][T10730] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1144.468219][T10730] ? put_timespec64+0xda/0x140 [ 1144.479176][T10730] __x64_sys_clone+0x18d/0x250 [ 1144.479190][T10730] ? __ia32_sys_vfork+0xc0/0xc0 [ 1144.479206][T10730] ? trace_hardirqs_off_caller+0x65/0x230 [ 1144.494559][T10730] ? trace_hardirqs_on+0x67/0x240 [ 1144.499580][T10730] do_syscall_64+0xfd/0x6a0 [ 1144.504075][T10730] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1144.509952][T10730] RIP: 0033:0x459879 [ 1144.513840][T10730] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1144.533426][T10730] RSP: 002b:00007fd57ae39c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 11:07:09 executing program 2: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_emit_ethernet(0x2a, &(0x7f0000001540)={@empty, @broadcast, [], {@arp={0x806, @ether_ipv4={0x1, 0x800, 0x6, 0x4, 0x0, @random="929d3d40b09b", @multicast1, @random="55126aaf2aee", @initdev={0xac, 0x1e, 0x0, 0x0}}}}}, 0x0) 11:07:09 executing program 1: r0 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r0, 0x8003f1) open(&(0x7f00000004c0)='./bus\x00', 0x0, 0x2000) 11:07:09 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c0000000000007a0000000000", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) [ 1144.541844][T10730] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000459879 [ 1144.549792][T10730] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1144.549800][T10730] RBP: 000000000075bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 1144.549806][T10730] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd57ae3a6d4 [ 1144.549812][T10730] R13: 00000000004bfd46 R14: 00000000004d1af8 R15: 00000000ffffffff [ 1144.558483][ T23] audit: type=1804 audit(1566904028.634:1071): pid=10744 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir582042889/syzkaller.EPHjOp/2341/bus" dev="sda1" ino=16762 res=1 [ 1144.612085][T10730] memory: usage 307192kB, limit 307200kB, failcnt 3990 [ 1144.619179][ T23] audit: type=1804 audit(1566904029.054:1072): pid=10754 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir582042889/syzkaller.EPHjOp/2342/bus" dev="sda1" ino=16960 res=1 11:07:09 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c000000000000f00000000000", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) [ 1144.644143][T10730] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1144.652127][T10730] Memory cgroup stats for /syz4: [ 1144.652221][T10730] anon 243646464 [ 1144.652221][T10730] file 8192 [ 1144.652221][T10730] kernel_stack 10616832 [ 1144.652221][T10730] slab 17006592 [ 1144.652221][T10730] sock 0 [ 1144.652221][T10730] shmem 0 [ 1144.652221][T10730] file_mapped 0 [ 1144.652221][T10730] file_dirty 0 [ 1144.652221][T10730] file_writeback 0 [ 1144.652221][T10730] anon_thp 178257920 [ 1144.652221][T10730] inactive_anon 135168 [ 1144.652221][T10730] active_anon 243630080 [ 1144.652221][T10730] inactive_file 0 [ 1144.652221][T10730] active_file 0 [ 1144.652221][T10730] unevictable 135168 [ 1144.652221][T10730] slab_reclaimable 2973696 [ 1144.652221][T10730] slab_unreclaimable 14032896 [ 1144.652221][T10730] pgfault 232287 [ 1144.652221][T10730] pgmajfault 0 [ 1144.652221][T10730] workingset_refault 396 [ 1144.652221][T10730] workingset_activate 66 [ 1144.652221][T10730] workingset_nodereclaim 0 [ 1144.652221][T10730] pgrefill 5625 [ 1144.652221][T10730] pgscan 5473 [ 1144.652221][T10730] pgsteal 642 [ 1144.860017][T10730] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=3736,uid=0 [ 1144.875709][ T23] audit: type=1804 audit(1566904029.314:1073): pid=10763 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir582042889/syzkaller.EPHjOp/2342/bus" dev="sda1" ino=16960 res=1 [ 1144.900739][T10730] Memory cgroup out of memory: Killed process 3736 (syz-executor.4) total-vm:72840kB, anon-rss:2204kB, file-rss:34816kB, shmem-rss:0kB [ 1144.934221][T10730] rdma_op 000000003c07c6ef conn xmit_rdma 00000000d8f1147d [ 1144.946974][T10730] syz-executor.4 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 1144.959757][T10767] rdma_op 000000006fb20277 conn xmit_rdma 00000000d8f1147d [ 1144.968231][T10730] CPU: 0 PID: 10730 Comm: syz-executor.4 Not tainted 5.3.0-rc6 #127 [ 1144.976190][T10730] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1144.986216][T10730] Call Trace: [ 1144.989488][T10730] dump_stack+0x172/0x1f0 [ 1144.993806][T10730] dump_header+0x10b/0x82d [ 1144.998191][T10730] oom_kill_process.cold+0x10/0x15 [ 1145.003271][T10730] out_of_memory+0x79a/0x12c0 [ 1145.007922][T10730] ? lock_downgrade+0x920/0x920 [ 1145.012753][T10730] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1145.018967][T10730] ? oom_killer_disable+0x280/0x280 [ 1145.024150][T10730] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1145.029666][T10730] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1145.035274][T10730] ? do_raw_spin_unlock+0x57/0x270 [ 1145.040359][T10730] ? _raw_spin_unlock+0x2d/0x50 [ 1145.045269][T10730] try_charge+0xf4b/0x1440 [ 1145.049664][T10730] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1145.055201][T10730] ? get_mem_cgroup_from_mm+0x139/0x320 [ 1145.060720][T10730] ? __kasan_check_read+0x11/0x20 [ 1145.065717][T10730] ? lock_downgrade+0x920/0x920 [ 1145.070552][T10730] ? percpu_ref_tryget_live+0x111/0x290 [ 1145.076068][T10730] __memcg_kmem_charge_memcg+0x71/0xf0 [ 1145.081498][T10730] ? memcg_kmem_put_cache+0x50/0x50 [ 1145.086666][T10730] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1145.092183][T10730] __memcg_kmem_charge+0x13a/0x3a0 [ 1145.097269][T10730] __alloc_pages_nodemask+0x4f4/0x900 [ 1145.102615][T10730] ? __alloc_pages_slowpath+0x2520/0x2520 [ 1145.108329][T10730] ? percpu_ref_put_many+0xb6/0x190 [ 1145.113500][T10730] ? trace_hardirqs_on+0x67/0x240 [ 1145.118495][T10730] ? __kasan_check_read+0x11/0x20 [ 1145.123491][T10730] copy_process+0x3f8/0x6b00 [ 1145.128051][T10730] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 1145.133480][T10730] ? __cleanup_sighand+0x60/0x60 [ 1145.138392][T10730] _do_fork+0x146/0xfa0 [ 1145.142517][T10730] ? copy_init_mm+0x20/0x20 [ 1145.146992][T10730] ? __kasan_check_read+0x11/0x20 [ 1145.151984][T10730] ? _copy_to_user+0x118/0x160 [ 1145.156719][T10730] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1145.162937][T10730] ? put_timespec64+0xda/0x140 [ 1145.167673][T10730] __x64_sys_clone+0x18d/0x250 [ 1145.172409][T10730] ? __ia32_sys_vfork+0xc0/0xc0 [ 1145.177233][T10730] ? trace_hardirqs_off_caller+0x65/0x230 [ 1145.182933][T10730] ? trace_hardirqs_on+0x67/0x240 [ 1145.187928][T10730] do_syscall_64+0xfd/0x6a0 [ 1145.192401][T10730] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1145.198260][T10730] RIP: 0033:0x459879 [ 1145.202127][T10730] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1145.221700][T10730] RSP: 002b:00007fd57ae39c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1145.230093][T10730] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000459879 [ 1145.238038][T10730] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1145.245986][T10730] RBP: 000000000075bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 1145.253932][T10730] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd57ae3a6d4 [ 1145.261895][T10730] R13: 00000000004bfd46 R14: 00000000004d1af8 R15: 00000000ffffffff [ 1145.271369][T10730] memory: usage 307072kB, limit 307200kB, failcnt 3998 [ 1145.278433][T10730] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1145.285559][T10730] Memory cgroup stats for /syz4: [ 1145.285656][T10730] anon 243601408 [ 1145.285656][T10730] file 8192 [ 1145.285656][T10730] kernel_stack 10616832 [ 1145.285656][T10730] slab 17006592 [ 1145.285656][T10730] sock 0 [ 1145.285656][T10730] shmem 0 [ 1145.285656][T10730] file_mapped 0 [ 1145.285656][T10730] file_dirty 0 [ 1145.285656][T10730] file_writeback 0 [ 1145.285656][T10730] anon_thp 178257920 [ 1145.285656][T10730] inactive_anon 135168 [ 1145.285656][T10730] active_anon 243585024 [ 1145.285656][T10730] inactive_file 0 [ 1145.285656][T10730] active_file 0 [ 1145.285656][T10730] unevictable 135168 [ 1145.285656][T10730] slab_reclaimable 2973696 [ 1145.285656][T10730] slab_unreclaimable 14032896 [ 1145.285656][T10730] pgfault 232320 [ 1145.285656][T10730] pgmajfault 0 [ 1145.285656][T10730] workingset_refault 396 [ 1145.285656][T10730] workingset_activate 66 [ 1145.285656][T10730] workingset_nodereclaim 0 [ 1145.285656][T10730] pgrefill 5658 [ 1145.285656][T10730] pgscan 5506 [ 1145.285656][T10730] pgsteal 642 11:07:09 executing program 4: ioctl$SNDRV_TIMER_IOCTL_STATUS(0xffffffffffffffff, 0x80605414, &(0x7f0000001500)=""/172) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$rds(0xffffffffffffffff, &(0x7f00000014c0)={0x0, 0x0, &(0x7f0000000bc0)=[{0x0}], 0x1, &(0x7f0000001300)=ANY=[@ANYBLOB, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYBLOB="17000000", @ANYPTR, @ANYBLOB], 0x2c}, 0x1) r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000180)={0x2, 0x0, @loopback}, 0x10) perf_event_open(&(0x7f0000000880)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000100), 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {&(0x7f0000000040)=""/156, 0x80305}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x2c}, {&(0x7f00000001c0)=""/67, 0x43}, {&(0x7f0000000240)=""/198, 0xc6}, {&(0x7f0000000140)=""/15, 0xf}, {&(0x7f0000000340)=""/54, 0x7ffff}, {&(0x7f0000000380)=""/42, 0x2a}, {&(0x7f00000003c0)=""/77, 0x4d}, {&(0x7f0000000440)=""/244, 0xf4}, {&(0x7f0000000540)=""/219, 0xdb}], 0x7}}], 0x48}, 0x0) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000640)={0x52, 0x9, 0x3, {0x9, 0x8}, {0x5}, @rumble={0x7, 0x7}}) 11:07:09 executing program 2: r0 = syz_open_dev$evdev(&(0x7f0000000100)='/dev/input/event#\x00', 0x0, 0x0) r1 = syz_open_dev$evdev(0x0, 0x0, 0x0) ioctl$EVIOCGRAB(r1, 0x40044590, &(0x7f0000000000)) r2 = dup3(r0, r1, 0x0) r3 = syz_open_dev$evdev(&(0x7f0000000180)='/dev/input/event#\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0xfda000)=nil, 0xfda000, 0x0, 0x31, 0xffffffffffffffff, 0x0) ioctl$EVIOCSFF(r3, 0x40304580, 0x0) ioctl$EVIOCGRAB(r0, 0x40044590, &(0x7f00000002c0)=0x7fff) ioctl$EVIOCGRAB(r1, 0x40044590, 0x0) getsockopt$bt_hci(r2, 0x0, 0x1, &(0x7f00000001c0)=""/218, &(0x7f0000000080)=0xda) 11:07:09 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca50d5e0bcfe47bf070") r1 = socket$inet6(0xa, 0x80003, 0xef) connect$inet6(r1, &(0x7f0000000080)={0xa, 0x0, 0x0, @mcast2, 0x20000000000004}, 0x1c) sendmmsg(r1, &(0x7f0000001300)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) 11:07:09 executing program 3: pipe2$9p(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff038000000800395032303030264c"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000400)={0xa0}, 0xa0) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="7355031a25e9d0cd9aff01642c3267641fb1524ebf11e70d94f706069f3f310d3db094af2596465e829fa84c7a55481a46644746456a70f317194550f780044c8d8ffc0b74ea6edaf1c2738fa12412737e398ecbffc6fdde02f6dbba5bd4420bca1a78a80c46e1d8bbb974984eacee118bc7c4f0085eb50add6a06794432bba4dd0c85ccf8c4fd5bb254b7c6c2eb493f", @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) chdir(&(0x7f0000000000)='./file0\x00') mknod(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) 11:07:09 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c000000000000000300000000", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) 11:07:09 executing program 1: r0 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r0, 0x8003f1) open(&(0x7f00000004c0)='./bus\x00', 0x0, 0x2100) [ 1145.380657][T10730] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=10728,uid=0 [ 1145.396102][T10730] Memory cgroup out of memory: Killed process 10730 (syz-executor.4) total-vm:72840kB, anon-rss:2208kB, file-rss:35796kB, shmem-rss:0kB [ 1145.411938][ T1058] oom_reaper: reaped process 10730 (syz-executor.4), now anon-rss:0kB, file-rss:34836kB, shmem-rss:0kB 11:07:09 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f00000002c0)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000004c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x2012, r0, 0x1000000000000000) 11:07:09 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c000000000000000500000000", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) 11:07:10 executing program 3: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff038000000800395032303030264c"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000400)={0xa0}, 0xa0) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) chdir(&(0x7f0000000000)='./file0\x00') mknod(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) ioctl$EVIOCGREP(r2, 0x80084503, &(0x7f0000000180)=""/78) ioctl$TIOCGICOUNT(r2, 0x545d, 0x0) 11:07:10 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c000000000000000600000000", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) [ 1145.569484][T10774] rdma_op 0000000032615e9f conn xmit_rdma 00000000d8f1147d [ 1145.603709][T10796] rdma_op 00000000da332382 conn xmit_rdma 00000000d8f1147d 11:07:10 executing program 3: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff038000000800395032303030264c"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000400)={0xa0}, 0xa0) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) chdir(&(0x7f0000000000)='./file0\x00') mknod(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) 11:07:10 executing program 0: r0 = socket$inet6(0xa, 0x803, 0x100000000000002) connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendmmsg(r0, &(0x7f0000008440)=[{{0x0, 0x1aa, 0x0}}], 0x400000000000107, 0x0) r1 = dup(r0) ioctl$sock_inet_tcp_SIOCINQ(r1, 0x541b, &(0x7f0000000000)) 11:07:10 executing program 4: ioctl$SNDRV_TIMER_IOCTL_STATUS(0xffffffffffffffff, 0x80605414, &(0x7f0000001500)=""/172) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$rds(0xffffffffffffffff, &(0x7f00000014c0)={0x0, 0x0, &(0x7f0000000bc0)=[{0x0}], 0x1, &(0x7f0000001300)=ANY=[@ANYBLOB, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYBLOB="17000000", @ANYPTR, @ANYBLOB], 0x2c}, 0x1) r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000180)={0x2, 0x0, @loopback}, 0x10) perf_event_open(&(0x7f0000000880)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000100), 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {&(0x7f0000000040)=""/156, 0x80305}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x2c}, {&(0x7f00000001c0)=""/67, 0x43}, {&(0x7f0000000240)=""/198, 0xc6}, {&(0x7f0000000140)=""/15, 0xf}, {&(0x7f0000000340)=""/54, 0x7ffff}, {&(0x7f0000000380)=""/42, 0x2a}, {&(0x7f00000003c0)=""/77, 0x4d}, {&(0x7f0000000440)=""/244, 0xf4}, {&(0x7f0000000540)=""/219, 0xdb}], 0x7}}], 0x48}, 0x0) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000640)={0x52, 0x9, 0x3, {0x9, 0x8}, {0x5}, @rumble={0x7, 0x7}}) [ 1145.948087][T10809] syz-executor.4 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 1145.979873][T10809] CPU: 1 PID: 10809 Comm: syz-executor.4 Not tainted 5.3.0-rc6 #127 [ 1145.987857][T10809] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1145.997896][T10809] Call Trace: [ 1146.001180][T10809] dump_stack+0x172/0x1f0 [ 1146.005508][T10809] dump_header+0x10b/0x82d [ 1146.009916][T10809] ? oom_kill_process+0x94/0x3f0 [ 1146.014846][T10809] oom_kill_process.cold+0x10/0x15 [ 1146.019943][T10809] out_of_memory+0x79a/0x12c0 [ 1146.024703][T10809] ? lock_downgrade+0x920/0x920 [ 1146.029547][T10809] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1146.035771][T10809] ? oom_killer_disable+0x280/0x280 [ 1146.040957][T10809] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1146.046486][T10809] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1146.052093][T10809] ? do_raw_spin_unlock+0x57/0x270 [ 1146.057199][T10809] ? _raw_spin_unlock+0x2d/0x50 [ 1146.062020][T10809] try_charge+0xf4b/0x1440 [ 1146.066411][T10809] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1146.071929][T10809] ? get_mem_cgroup_from_mm+0x139/0x320 [ 1146.077461][T10809] ? __kasan_check_read+0x11/0x20 [ 1146.082469][T10809] ? lock_downgrade+0x920/0x920 [ 1146.087289][T10809] ? percpu_ref_tryget_live+0x111/0x290 [ 1146.092806][T10809] __memcg_kmem_charge_memcg+0x71/0xf0 [ 1146.098233][T10809] ? memcg_kmem_put_cache+0x50/0x50 [ 1146.103400][T10809] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1146.108916][T10809] __memcg_kmem_charge+0x13a/0x3a0 [ 1146.113996][T10809] __alloc_pages_nodemask+0x4f4/0x900 [ 1146.119339][T10809] ? __alloc_pages_slowpath+0x2520/0x2520 [ 1146.125024][T10809] ? percpu_ref_put_many+0xb6/0x190 [ 1146.130192][T10809] ? trace_hardirqs_on+0x67/0x240 [ 1146.135182][T10809] ? __kasan_check_read+0x11/0x20 [ 1146.140179][T10809] copy_process+0x3f8/0x6b00 [ 1146.144743][T10809] ? kvm_clock_read+0x18/0x30 [ 1146.149410][T10809] ? lock_downgrade+0x920/0x920 [ 1146.154235][T10809] ? __cleanup_sighand+0x60/0x60 [ 1146.159142][T10809] ? lock_downgrade+0x920/0x920 [ 1146.163964][T10809] ? lock_repin_lock+0x4b0/0x4b0 [ 1146.168870][T10809] ? trace_hardirqs_on+0x67/0x240 [ 1146.173874][T10809] _do_fork+0x146/0xfa0 [ 1146.178007][T10809] ? copy_init_mm+0x20/0x20 [ 1146.182484][T10809] ? try_to_free_mem_cgroup_pages+0x416/0xa80 [ 1146.188521][T10809] ? try_to_free_pages+0x980/0x980 [ 1146.193615][T10809] ? percpu_ref_put_many+0x94/0x190 [ 1146.198784][T10809] ? __kasan_check_read+0x11/0x20 [ 1146.203798][T10809] ? blkcg_maybe_throttle_current+0x5fe/0x1030 [ 1146.209929][T10809] __x64_sys_clone+0x18d/0x250 [ 1146.214670][T10809] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1146.220882][T10809] ? __ia32_sys_vfork+0xc0/0xc0 [ 1146.225703][T10809] ? trace_hardirqs_off_caller+0x65/0x230 [ 1146.231388][T10809] ? trace_hardirqs_on+0x67/0x240 [ 1146.236391][T10809] do_syscall_64+0xfd/0x6a0 [ 1146.240870][T10809] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1146.246735][T10809] RIP: 0033:0x45c249 [ 1146.250605][T10809] Code: ff 48 85 f6 0f 84 27 8e fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c fe 8d fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 1146.270207][T10809] RSP: 002b:00007ffd9399f418 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 1146.278587][T10809] RAX: ffffffffffffffda RBX: 00007fd57adf8700 RCX: 000000000045c249 [ 1146.286541][T10809] RDX: 00007fd57adf89d0 RSI: 00007fd57adf7db0 RDI: 00000000003d0f00 [ 1146.294482][T10809] RBP: 00007ffd9399f630 R08: 00007fd57adf8700 R09: 00007fd57adf8700 [ 1146.302424][T10809] R10: 00007fd57adf89d0 R11: 0000000000000202 R12: 0000000000000000 [ 1146.310369][T10809] R13: 00007ffd9399f4cf R14: 00007fd57adf89c0 R15: 000000000075c07c [ 1146.333087][T10809] memory: usage 307200kB, limit 307200kB, failcnt 4053 [ 1146.340776][T10809] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1146.349705][T10809] Memory cgroup stats for /syz4: [ 1146.349789][T10809] anon 242683904 [ 1146.349789][T10809] file 8192 [ 1146.349789][T10809] kernel_stack 10813440 [ 1146.349789][T10809] slab 17141760 [ 1146.349789][T10809] sock 0 [ 1146.349789][T10809] shmem 0 [ 1146.349789][T10809] file_mapped 0 [ 1146.349789][T10809] file_dirty 0 [ 1146.349789][T10809] file_writeback 0 [ 1146.349789][T10809] anon_thp 176160768 [ 1146.349789][T10809] inactive_anon 135168 [ 1146.349789][T10809] active_anon 242683904 [ 1146.349789][T10809] inactive_file 0 11:07:10 executing program 2: r0 = syz_open_dev$evdev(&(0x7f0000000100)='/dev/input/event#\x00', 0x0, 0x0) r1 = syz_open_dev$evdev(0x0, 0x0, 0x0) ioctl$EVIOCGRAB(r1, 0x40044590, &(0x7f0000000000)) r2 = dup3(r0, r1, 0x0) r3 = syz_open_dev$evdev(&(0x7f0000000180)='/dev/input/event#\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0xfda000)=nil, 0xfda000, 0x0, 0x31, 0xffffffffffffffff, 0x0) ioctl$EVIOCSFF(r3, 0x40304580, 0x0) ioctl$EVIOCGRAB(r0, 0x40044590, &(0x7f00000002c0)=0x7fff) ioctl$EVIOCGRAB(r1, 0x40044590, 0x0) getsockopt$bt_hci(r2, 0x0, 0x1, &(0x7f00000001c0)=""/218, &(0x7f0000000080)=0xda) 11:07:10 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c000000000000000700000000", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) 11:07:10 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f00000002c0)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000004c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) pread64(r0, 0x0, 0x0, 0x0) 11:07:10 executing program 3: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff038000000800395032303030264c"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000280)="ff2ddefc4ba57c8450c58c8bc4a20e36d81b54738ad526f5608efcb5058fd24157877513c4a220", 0x27) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000400)={0xa0}, 0xa0) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) bind$unix(r2, &(0x7f0000000b40)=@abs={0x1, 0x0, 0x4e22}, 0x6e) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) chdir(&(0x7f0000000000)='./file0\x00') mknod(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) getsockopt$inet_IP_XFRM_POLICY(r2, 0x0, 0x11, &(0x7f00000004c0)={{{@in=@loopback, @in=@initdev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6}, 0x0, @in6}}, &(0x7f0000000180)=0xe8) getsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f0000000600)={{{@in=@remote, @in6=@mcast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@empty}, 0x0, @in=@broadcast}}, &(0x7f00000001c0)=0xe8) getsockopt$inet_IP_IPSEC_POLICY(r2, 0x0, 0x10, &(0x7f0000000700)={{{@in6, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@local}, 0x0, @in6=@mcast2}}, &(0x7f00000003c0)=0xe8) getresuid(&(0x7f0000000800)=0x0, &(0x7f0000000840), &(0x7f0000000880)) sendmsg$nl_xfrm(r2, &(0x7f0000000b00)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20800}, 0xc, &(0x7f0000000ac0)={&(0x7f00000008c0)=@acquire={0x1f4, 0x17, 0x2, 0x70bd2c, 0x25dfdbff, {{@in=@multicast2, 0x4d3, 0x32}, @in=@empty, {@in=@initdev={0xac, 0x1e, 0x0, 0x0}, @in=@loopback, 0x4e20, 0x9, 0x4e22, 0xffffffffffffff7f, 0xa, 0x20, 0x20, 0x6c, r3, r4}, {{@in=@empty, @in=@multicast1, 0x4e21, 0x0, 0x4e20, 0x110, 0xa, 0x20, 0x20, 0x5e, r5, r6}, {0x4, 0x5208, 0x0, 0xeeaf, 0x7fff, 0xc52, 0x4, 0x5}, {0x7fffffff, 0xffff, 0x8, 0x2}, 0x7, 0x0, 0x2, 0x1, 0x1}, 0x3, 0x0, 0xff, 0x70bd29}, [@policy_type={0xc}, @algo_comp={0xb8, 0x3, {{'lzjh\x00'}, 0x370, "de32a807704796d0c8905cfb4eb997bfd21b94449657b355e99682a59c79cddaa77d94e4e80ba46e333265bcc2716c8218f16278bf91ae01a2d00d1a95f1800d1954fc999095d293291cbac7a08d5f4d3f8323622f63264a391a79ac84312e6769d119148970ac9191cceb3e0ed1"}}, @etimer_thresh={0x8, 0xc, 0x800}]}, 0x1f4}, 0x1, 0x0, 0x0, 0x10}, 0x800) 11:07:10 executing program 1: r0 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r0, 0x8003f1) open(&(0x7f00000004c0)='./bus\x00', 0x0, 0x2200) [ 1146.349789][T10809] active_file 0 [ 1146.349789][T10809] unevictable 135168 [ 1146.349789][T10809] slab_reclaimable 2973696 [ 1146.349789][T10809] slab_unreclaimable 14168064 [ 1146.349789][T10809] pgfault 232782 [ 1146.349789][T10809] pgmajfault 0 [ 1146.349789][T10809] workingset_refault 396 [ 1146.349789][T10809] workingset_activate 66 [ 1146.349789][T10809] workingset_nodereclaim 0 [ 1146.349789][T10809] pgrefill 5856 [ 1146.349789][T10809] pgscan 5704 [ 1146.349789][T10809] pgsteal 642 11:07:10 executing program 3: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RLERRORu(r1, &(0x7f0000000180)=ANY=[@ANYBLOB="fdffff210701000376e874abd6a1bf93"], 0x10) write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff038000000800395032303030264c"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18, 0x206abc2970b898a6, 0xfffffffffffffffe, {0x44}}, 0xfffffffffffffe33) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000400)={0xa0}, 0xa0) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="7472616e733d66642c726692cabed70ad04095e3234e4a646ed88a45bfaedb0178dc36d1266d9807324e51c95db5a49e3f462c2d875a1a7c8bba28db69a98bc2079bf9f607e8ffb3550f268dd311c3e5e6efee01007fcf4570e79aac025f5ba2a38623733bcda992ababfd1c4d2ae7f33ea2", @ANYRESHEX=r0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00', @ANYRESHEX=r2]) chdir(&(0x7f0000000000)='./file0\x00') r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000280)='TIPC\x00') sendmsg$TIPC_CMD_GET_MAX_PORTS(r2, &(0x7f00000003c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x51208800}, 0xc, &(0x7f0000000380)={&(0x7f00000002c0)={0x1c, r3, 0x100, 0x70bd26, 0x25dfdbfc, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x1}, 0x800) mknod(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) ioctl$RTC_WKALM_SET(r2, 0x4028700f, &(0x7f0000000040)={0x1, 0x0, {0x2b, 0x25, 0x12, 0x9, 0x2, 0x870f, 0x2, 0x18}}) 11:07:10 executing program 0: mknod$loop(&(0x7f0000000ff8)='./file0\x00', 0x3, 0xffffffffffffffff) lsetxattr(&(0x7f0000000040)='./file0\x00', &(0x7f0000000280)=@known='security.capability\x00', &(0x7f0000000340)='\x01\x00\x00\x02\x01C\x9fo&H\xba:\xe3\xc3\xdc\x00\x00\x00\x00\x00', 0x14, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000100)="11dca50d5e0bcfe47bf070") execve(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) 11:07:10 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c000000000000000a00000000", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) [ 1146.476241][T10829] validate_nla: 7 callbacks suppressed [ 1146.476249][T10829] netlink: 'syz-executor.5': attribute type 4 has an invalid length. [ 1146.579855][T10809] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=9904,uid=0 [ 1146.608318][T10843] netlink: 'syz-executor.5': attribute type 4 has an invalid length. 11:07:11 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c000000000000000c00000000", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) [ 1146.643068][T10809] Memory cgroup out of memory: Killed process 9904 (syz-executor.4) total-vm:72708kB, anon-rss:2200kB, file-rss:34816kB, shmem-rss:0kB [ 1146.668181][T10850] 9pnet: Insufficient options for proto=fd [ 1146.712161][T10855] 9pnet: Insufficient options for proto=fd [ 1146.728985][T10823] syz-executor.4 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 11:07:11 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = memfd_create(&(0x7f0000000700)='/7\x02\xe8\xa4\xef\x9e\xc8e\xd5n\x89\xeb[<\x18-\x14\x8d8\xbf\xfe\x83\x19\xf3(\xd7y\x14h\xcf(f\x06I:\xa4\xea\xcb\b\x81C\xdd\xcc\x00\x00\x00\x00\xf9\b1h\xbam\xa4x\xb1:\xcf\a\x94Z\x7f\xc8\vy\xf2F\xf4\x9d\n3\xd4\x9a[\xee\xaa\t\xbe\x90\xabU3\xd3[y\xd1d^We\xa9\xcb\x86a\"\xba\xb7\xcd\xcf\x88\x9eqO|\x9f\xcf\r\x86\xf4\x15@\x82w\xa8\\\x8c^a\xbe\x991l\\\x16\xd4\xd53\xdd\x9e\x00\x01:\xac\x14^\xf6\xb6\xb1^\xaa\xfa\x02x\x8aV\x87\xe3\xfb\xef\xd0\xb7({,\xf4\xa2cl`\xdc\xf7\xe2f\xad\xaa>\xd4Ts\x10\xb9V!\x91uGTy\xde$X\xff\xb1\xf3={\xb7\xe65\xb6\x1a\x99q^\xc2\xfc\xb0\xc09\x85\x03\xf1]\xc54;\x8d\x01\xec3#\x8f%5\xef\xfe\xc5\xdb\xd5\xb7\xe0\xdd\xec,rV\x82!\xa0', 0x0) pwritev(r2, &(0x7f0000000240)=[{&(0x7f0000000440)=',', 0x1}], 0x1, 0x0) sendfile(r0, r2, 0x0, 0x20020102000007) recvfrom$unix(r1, 0x0, 0x38, 0x0, &(0x7f0000000100)=@abs, 0x6e) [ 1146.759323][T10860] netlink: 'syz-executor.5': attribute type 4 has an invalid length. [ 1146.774817][T10821] rds_sendmsg: 1 callbacks suppressed [ 1146.774867][T10821] rdma_op 00000000eeb80f2f conn xmit_rdma 00000000d8f1147d [ 1146.792980][T10823] CPU: 0 PID: 10823 Comm: syz-executor.4 Not tainted 5.3.0-rc6 #127 [ 1146.800952][T10823] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1146.810994][T10823] Call Trace: [ 1146.814283][T10823] dump_stack+0x172/0x1f0 [ 1146.818621][T10823] dump_header+0x10b/0x82d [ 1146.823046][T10823] ? oom_kill_process+0x94/0x3f0 [ 1146.827972][T10823] oom_kill_process.cold+0x10/0x15 [ 1146.833075][T10823] out_of_memory+0x79a/0x12c0 [ 1146.837742][T10823] ? lock_downgrade+0x920/0x920 [ 1146.842583][T10823] ? oom_killer_disable+0x280/0x280 [ 1146.847790][T10823] ? __kasan_check_read+0x11/0x20 [ 1146.852822][T10823] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1146.858350][T10823] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1146.863960][T10823] ? do_raw_spin_unlock+0x57/0x270 [ 1146.869055][T10823] ? _raw_spin_unlock+0x2d/0x50 [ 1146.873896][T10823] try_charge+0xa2d/0x1440 [ 1146.878303][T10823] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1146.883834][T10823] ? get_mem_cgroup_from_mm+0x139/0x320 [ 1146.889449][T10823] ? __kasan_check_read+0x11/0x20 [ 1146.894460][T10823] ? lock_downgrade+0x920/0x920 [ 1146.899299][T10823] ? percpu_ref_tryget_live+0x111/0x290 [ 1146.904827][T10823] __memcg_kmem_charge_memcg+0x71/0xf0 11:07:11 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x20000003, &(0x7f0000000100)={0x2, 0x1000004e23, @local}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='sit0\x00', 0x10) r1 = memfd_create(&(0x7f0000000200)='@ppp1em1]wlan0$bdevppp0*-GPL\x00\xec\xe5\xc9\xc7U\"\xd3\xbf7\x7f\xbd\xe5\xa5\xa8\xa1\xef\x99\x19\xbc\xe2PB\xce\x87\xd6\x8c\xfe-\x13FH#A\xb9\x0e\xb8\xa6V\xfatO\x9b\xc1\x91V\x8bE\xf4\xd9\x15\xf0_\xa5A\xbe2v(}&\xb5p\xc4v\xf7\xa7$\xe4\xb2\x90w~\xc51\"\xea', 0x0) r2 = fcntl$dupfd(r1, 0x0, r0) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000400)={0xa0}, 0xa0) ftruncate(r1, 0x4000b) setsockopt$inet_mtu(r0, 0x0, 0xa, 0x0, 0x0) sendfile(r0, r1, 0x0, 0x2000000020011) [ 1146.910261][T10823] ? memcg_kmem_put_cache+0x50/0x50 [ 1146.910277][T10823] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1146.910290][T10823] __memcg_kmem_charge+0x13a/0x3a0 [ 1146.910306][T10823] __alloc_pages_nodemask+0x4f4/0x900 [ 1146.931433][T10823] ? psi_memstall_leave+0x11c/0x180 [ 1146.936629][T10823] ? __alloc_pages_slowpath+0x2520/0x2520 [ 1146.942344][T10823] ? psi_memstall_leave+0x12e/0x180 [ 1146.947528][T10823] ? __kasan_check_read+0x11/0x20 [ 1146.952559][T10823] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1146.958792][T10823] alloc_pages_current+0x107/0x210 [ 1146.963914][T10823] pte_alloc_one+0x1b/0x1a0 [ 1146.968405][T10823] __handle_mm_fault+0x34d7/0x3f20 [ 1146.973511][T10823] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1146.979046][T10823] ? __kasan_check_read+0x11/0x20 [ 1146.984068][T10823] ? trace_hardirqs_on+0x67/0x240 [ 1146.989080][T10823] handle_mm_fault+0x1b5/0x6b0 [ 1146.993835][T10823] __do_page_fault+0x536/0xdd0 [ 1146.998588][T10823] ? page_fault+0x16/0x40 [ 1147.002916][T10823] do_page_fault+0x38/0x590 [ 1147.007407][T10823] page_fault+0x39/0x40 [ 1147.011566][T10823] RIP: 0033:0x459879 [ 1147.015458][T10823] Code: Bad RIP value. [ 1147.019510][T10823] RSP: 002b:00007fd57ae39c78 EFLAGS: 00010246 [ 1147.025562][T10823] RAX: 0000000000000000 RBX: 0000000000000005 RCX: 0000000000459879 [ 1147.033530][T10823] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1147.041494][T10823] RBP: 000000000075bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 1147.049453][T10823] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd57ae3a6d4 11:07:11 executing program 4: ioctl$SNDRV_TIMER_IOCTL_STATUS(0xffffffffffffffff, 0x80605414, &(0x7f0000001500)=""/172) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$rds(0xffffffffffffffff, &(0x7f00000014c0)={0x0, 0x0, &(0x7f0000000bc0)=[{0x0}], 0x1, &(0x7f0000001300)=ANY=[@ANYBLOB, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYBLOB="17000000", @ANYPTR, @ANYBLOB], 0x2c}, 0x1) r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000180)={0x2, 0x0, @loopback}, 0x10) perf_event_open(&(0x7f0000000880)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000100), 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {&(0x7f0000000040)=""/156, 0x80305}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x2c}, {&(0x7f00000001c0)=""/67, 0x43}, {&(0x7f0000000240)=""/198, 0xc6}, {&(0x7f0000000140)=""/15, 0xf}, {&(0x7f0000000340)=""/54, 0x7ffff}, {&(0x7f0000000380)=""/42, 0x2a}, {&(0x7f00000003c0)=""/77, 0x4d}, {&(0x7f0000000440)=""/244, 0xf4}, {&(0x7f0000000540)=""/219, 0xdb}], 0x7}}], 0x48}, 0x0) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000640)={0x52, 0x9, 0x3, {0x9, 0x8}, {0x5}, @rumble={0x7, 0x7}}) 11:07:11 executing program 2: r0 = syz_open_dev$evdev(&(0x7f0000000100)='/dev/input/event#\x00', 0x0, 0x0) r1 = syz_open_dev$evdev(0x0, 0x0, 0x0) ioctl$EVIOCGRAB(r1, 0x40044590, &(0x7f0000000000)) r2 = dup3(r0, r1, 0x0) r3 = syz_open_dev$evdev(&(0x7f0000000180)='/dev/input/event#\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0xfda000)=nil, 0xfda000, 0x0, 0x31, 0xffffffffffffffff, 0x0) ioctl$EVIOCSFF(r3, 0x40304580, 0x0) ioctl$EVIOCGRAB(r0, 0x40044590, &(0x7f00000002c0)=0x7fff) ioctl$EVIOCGRAB(r1, 0x40044590, 0x0) getsockopt$bt_hci(r2, 0x0, 0x1, &(0x7f00000001c0)=""/218, &(0x7f0000000080)=0xda) 11:07:11 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c000000000000000e00000000", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) 11:07:11 executing program 3: pipe2(&(0x7f00000003c0)={0xffffffffffffffff}, 0x0) ioctl$RTC_WIE_ON(r0, 0x700f) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r2, &(0x7f00000004c0)=ANY=[@ANYBLOB="1500000065ffff048000000800718d04045c78188ae03e29efe10c0ecd4fd735e0d090f908fd30e4686339538705236882e815f49c4bf615647e2f60fae4cca2347c4687a818bdcec73c0f050119c6e64701acd27910b589aec1ea909c3ae4870851532726959ebf300b43ff0f000000000000dbc76579f1b1595c4883c1a874d3a695f2ea35e974f181b96302a707e33495ff89be9031bda1727cd669560e5b20dc42d333ab38a32680000000"], 0x15) r3 = dup(r1) write$FUSE_BMAP(r3, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_CREATE_OPEN(r3, &(0x7f0000000400)={0xa0}, 0xa0) r4 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x12, 0x900) getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f00000002c0)={0x0, 0x0}, &(0x7f0000000380)=0xc) fcntl$setown(r4, 0x8, r5) write$FUSE_NOTIFY_RETRIEVE(r3, &(0x7f00000000c0)={0x14c}, 0x137) socket$isdn(0x22, 0x3, 0x24) rmdir(&(0x7f0000000280)='./file0\x00') mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX=r3]) mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)='9p\x00', 0x1, &(0x7f00000006c0)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[], [{@context={'context', 0x3d, 'system_u'}}, {@uid_gt={'uid>', r6}}]}}) syz_mount_image$ext4(&(0x7f0000000340)='ext2\x00', &(0x7f0000000580)='./file0\x00', 0x5, 0x6, &(0x7f0000001a40)=[{&(0x7f0000000740)="9c51fb3c869466c3910e5ab6aa57188b1dc15b9f73663fda391104fa75f55974a2173639f4c1c34beb8aef4f40f325b473dcfe6ef6280fb7d8946fb275ff869a57079fdad655f5bc62575a102ae87af57a7d3254f50085434d887168957d2b1295918102634dde9247a72d34b19f7cad7e111f40bed14d8d79dc5cabe564c3f2627e07c572eb202382dbe69b7120d96f4f6d294f706e81f147b4406eb601235effb706d109d83bbacae47754e535736275151e38b348fbd32809b3c4f5175d460170f3bdf1b764dd95133c6417e8a6f68c1f0985d05e77c7afe305ebb9c36fca6ad0baa6a2bcbde181944eb4013d2134864c31e5ae9e02d48f0a9b88f03202d77db37725ec8a0d9643acd29ae3b4f7ebe864ee03a4fec30bd73711d34dbd85f52023818284ae5072d21ca604ee5fbe7592cfd2ccc10b75b2fac84760f834b3570bc5fad1b33cd94aca6941b504ad81285faf4ba195ede9e7c8ee1bbeea1334c8196b33ac57c3004c89c34f04e6b28d7889f77b7185195645334c8ab74788cb7e891920b40ed02da69dcfafb8ab5d4990c49448f67f7f7de82b09904def83aede74acd883684c4fbf1a37954c7d8450fb93e08796ca12d66c9f3348b0a76d3b97cbf8fd342d5093f1e98c87e224f0fb29e836ec39449acf22ab5d4f4c6a18026cdcd420b6584a6e2c5197cc68997baeff66a4b441aef30fe50816330de50c80f1c6be96975d4726dd9cf4848c3a4a8f4a5a3e5becf8931fff807896468b646e5aed906bd13739fd4dc96769cf75bf3a5c5e7732dda361f024a57e54492a6f1d995595e37c51863ea8335ca5dcc828f1363693dd155bf851cff6c4949afd928c1e7a5aebd235fcb17af622a5c516039f518a740ba612969e395e8dbdc5f93f262f8fbf307033486441cf229ccbab6d3c3e5b888717dd1d88053b0c8224b732f8a197636e1e4c753ce040851aba366a78295ba600ce83ee909c478c9f2bc9a896e68d14e3eae4a9a41d14cc67f950241ab9a8ea39bc057add0dcd45386d47e8e35ea7effb5f2565bd52fd92f9c16d448852da06249124d93cb6e09106836abdd9aeb66c75be1aeaaedac97f6b1843586ef607e5f649df591a4ee750b979a4979091bb4efc4da35d71b413bdddad2f315bfb7af6163c2faf01ad30cf532293e48aa42c181dd499604272b9f43356874ba3a4e5867b921a535acdb3cee5960fca006feaaeb8c99f698f947cc85e774ff47e7583685e90d0f90789b208f6f2839cf8c0750cf69054620971560491ab24b8b5b8ff628cf17ca8fa5f0a178394005ec44803555a3a53b767526e7cc186d1395a5851e204040c355c05ce5b4404ce6b3291948e525891843b1960979086dd572020dd098668033aefd76a9e84af821ba3a4d2c89f478d32207add7cfde3cb9178a7f2f0e67adea24de85b8ddfe8441c22fcfeb3898cde739857ed76de8407bbb96c8e3d0340d0f0564d0d123013867eef3aee05192399734a04db6f32de6aa0c179c7a78840e773801c11620a48c6329e38d09bac6e879edb5245fc37ec9d41e3f049e05accc8a9464a88ec011862083d6a627b1ed8d94131f7c2375b1fe09f155bad459ab15dbe69100d120feadcbe4f6b05ef3a95cace46d1f01cd86bb1bef85737a8e99af14587afefab4ebc1a42510a4ee2dede77ba502ebbaff44bbdf295fbdbe06bb532a4865e170317be195e58d5b23cb53a01beb0532874215b076ebdbc06a03564ef2fbd99a71e5c89c60386b0e00e79b9b0687cbefa066a2f1cbf59fe2c5ae07c6415385c865fa1b515c4320f0b610e32ef1b838d6e75471652bd457da2ff810d7b6e10e0e38da1a82c9ea146817128e7ea740e6a1a750b8037a038982427c11f9e7680184913dd7ac64dff6969c207ada6a4c57daf0a23788c4e84783ef42dd148c355bce44b80a2aa77ef995dbf9e74b6768310c9f4054571d1fe444f59c4fd32f49018477bb100b77130d0a9a9933e0fce737cceebc03e1c37b9ca621b2b6a44cb7b77a0443e6b503c632470557d83fb33b740a32301d507bee73690c975f932d28804fda0450316bd617fa994aa0a1fc1390327757a67b398d3db3d10cd85330847635b1e66a4f7002e32c8fd308ac7f9a1149e39c981427bbb86126dfff662abc886d67d9b6b8de1075d5486943334cc68a7d947e673ef701c83f20f651b684c2052e9b37a1681844fda0cf4571291b687717773137eff4cbe7e4f07da2c21d94c78099f248e9bda440b60c46e4f52bff15d9547f7a80b3ff4f259503de550f48d200b8ef36894ae4b822bc8810b45e11b4233c2d0875d63e47ed760ff6f650dc49122fa078bc3600bed4a687d5d717df86b877a5a1ba079ebf77831ea7ab18feb85dfd8338671ba6f89650f8ab208201dc074d831dcad342cac05cb21452d417e402ca53b64dd452849b2aea24e3a63ca4a3b59c026a22b180fc5434508c988d14715365f57250204d9ca78a6975379d9387f338a1862f05866dbb29721cf4ea891bfedf5e4c493850969f04b77b0b3da8335cac9585d23dce23ebf3bc7d8bb2a7faaf00600d14745cfc0a74966d9189f49c60a0f81843f41557a415947424f502f8fd3fdd98186fd9f8dc9c18b959e98477e74ce404df5d971654041d3658a1b77bd37fc0d6c3e4eff5368832c01d382fb9553a54526d92ced81add5fc7956c1fecfd46bfc26feaa65f0ff48eae47378de062e7a3e2cfcf830150b881bd4f296427f65f520699fe255ba7fdf911f760c9a8f0350bfd5f533ae7e92e1d2765edd010cf47adb549dce8a6ba43fd8bbb051483432eaac35dc8a77a276acd443ca7c12c6ec5a7897d2fcc2b9588254d63d059f32d6757b8edfcc67f5f6e2eb62cff07a7cbd9fdb54c614c8bb58369254878e4cb4c1c2fda2abca16d2dee97d4a38b7d8247bcddf16bfa28677e8ca5b8912be52f52557b998a52383e08d2d7c6f217cfb672caf0782b2720a52aacb2040e463ef6859553f553d0c100c8dbf24365d246ec41adf5c2154532df7fa74759fce31f4bfa3aaeb7d89c1410fb984eb7922266bae0f6927ca76b438e2d9bf67b301c73972e3536a49e57df96dca2c6ac330ec817d2abc1619710759f4845bdadac5502b8a770e005f5e913ca5f7652f85ac961829826be56e20785f76ff9e26b391a010c4dc7cd83f381ba5eb6b13a5e57f4173423bbdae0d40cad4e020d41d513c36038c2008faf182ca75f4a4d233e3c2c2e478665ce636fe6932767fa9eb0c808f6452ad9a4c0f81721994dc9e63d3d3c8bbf1ef25a042cbf57cc5752d24e01583f332e5a1700b2fcf67cabdf094e35b59d489557c7dbb9c7eedfc862481f64959fb2ff24512f7da184dbdeacb9b6ee87523dc5e3e19d3da467600580470d711e059388e723d7ffe3791ec33c24c30ca4edce4c5a47c33c35882e959205d04196bec75bd91ed660ccb2e7a3b2002b60330570d70bdd5f046840ac32f56c1085c776bf54c6a0a0cf2e26d9a3557c065f53d0d6387847a3eae5de5a52924660307a72c6bcfc892be9a0df90c4cfc177d759070e42fd8a2d6e99e0ca53356f7195d5e47a2bc7ae9aa0671dfe0693ba910e77fb5698141719ad4d884f4d335f1a9f05d51e7c92531dc69ade7c558511f49e9829c59cd89eee9dd0bdebdd3b45a14251bfdeddc9c5a7dcc4397f3714971ee5c274adf8c5d384308f289bf4c12c7d1e8fa8caaffd10b5c880474e4de728750e7c3d6b9cfcd99d80ba3d4a6f37c2023fd3429e49f5ce1c49df11954ead54fa98fe905d5066e89fd2184ae7ab78e4b5fee1d43013c7e3c215647380f17d6907f8015d21924c414a0d8161ed8465b60e61af299b162b01212fd56919782538c1e2cca3c85d5a98c5e5f1fda680fabf78e97e9fcb10d73010300f06d9f29159e882973563cd5f6930872d3f0d3ccb3af1845ae0353389a228754e30cd7d19e192805dfdc725ed3935bb26065633b43156e6013092c7782a1cf2c107d7c5a03bb9d400987d453ae935254c923e7637e05b1e9f94678d5a5c8270583f74ad1799ada55995d39ab8aaa9b47a023b8c88f9bad2460b46ae8874fbb0d7de62d927ff68a93cd73f206e5070ac6ba7af38dc97e07df4c1684531bdc1a4a2537b0445650f3ebb82619093f9eacb91ab68f820eb6642c821cea767779b8cc894e6c6b4b72a6b8c3a6987dba3ad9a04443bf3498ccd9d87c44c55e36bbeeb926d309a4e2ca495b3dcff8ef7b83ed597457e99cf32b9eff8603cbf812288a96f10c0d2a5cdbc1dc73cec15589a6c55c82dac7bf8719b7f316e913cdc35d9fd4a14e2bf3cf69b3499dbb73100d8b690c5fa73b2d93a675a071d429dc68df853d20fb9bbbfca90bab6d7690b0f2c14f2d12b5a6a0c107c2456d74569de56d2e604ed670e37afc7a425ade7651777cb2c512282aa0c992f7389d3b1ab39535b10c26818df3719f822cdaca35ac5a2124939271ba638329e6e8e5b43c1738c271b7ad7fd245ad1368897ba5e30d4205b92629e30b659e6b750fe8a602b664bd6bef510d28d8f3fd138b7662a848afba81aa55489a7e331c5ba1456da56a8917c2dd14282231bce8b49daf351392f80fc7928eccc786c505c77e85216e54d04021de73c842beec9cbb88045b0939810f4a0e456bc49c75bbcadf20750b4092abfc0c9492f19d4f069accc62f0ed8e26336b5f37a948753b683a5e24e1d24231f88c09df62a8fbab1d340ddf6aad268c73fa517880a46b28b41f5a71f8403b2f6c2409bb1dfbc3f4931369ba9494d30ede0015021a2239393422845ae161073ffd096d2e9fac9baf198d6150f99ed47f0e811728abcd109df0096350741b84d2a4e35110fccbe1e2169ef6fba07ebab8a163bda95e2514a5ffd61d0f47a89d66a0b3c1d73b485ff78c10f6c21518d60ff040c130ad6b874a122743fe14a2f976ac8ff9083db1a74bdb0281437748b7193dd7c5808b5ecb0c4c800b333892f6f1259edca3e111ed6b9f180a49e2baef37cfa3b95024b507550c83da4efd181b239dcd35db1d60f0e1b748d85b9f3c67a6c4c405053c7896a29df16118b8d4594d11d5c89fc1e77519d12c174db3d99a81079fc1787931dbb58b05a43a8eebcfaf35d30b225b266227467b4c469740da97852441a627066d6f63d471faf770daacfc1814f7c14728d46dddfe3b9bf249bdd0c2f3d0d168d6f309209ab3eec02cdcc2e080c0e46b87a148b6d0cc6b8337a9d5860eab8b08dc5e166d664c657ec58d9ea65114a795d4ec4a157404646f10589301d6548137e17f7b15e4a86d5e7c3110c2b8da0fd4758f6cdfd3e758da551bcfe5b714be65e435aa595dc514fac4de34a8bfc2b4d62ff184e43a59741cb35283982d0d6a4b0894cc8da26a7548f6b5e6c4c49bedb3f4e88dc3f9f4c37803b34e3311cf72f092c69bcb9fb2b237cdd3c4a6169738483721ec68e4c251e85545c63ab285082e47d181b97e2e32f0edacaefecc559457fb976e0b5b54de16fcc4502a39b76c12721ed53882acfa907b9a685e6d70c00c06c70c204772d885970e085b4fbe403682811ecc02d01dee244249daa26679dd13f43706fff551055c90c7245901755f943bb09338c91c96b293cddf311ca74efd7f7170280ae1388da38db3b86b36e0cf190ede7055757b9f1d61f02066011cd70afcec66ee3741cd7ab227fb64a710627588d03047f2edbcf9ff1106a3d090480ad4a154fe43cfa37641e2520df7d97c1fd791e381f211736406557f6855ba4294a5b35fc7834b58f706a7f5620", 0x1000, 0x9894}, {&(0x7f0000001740)="043474b4f712a3c7dc91d1f06fb69410bbb8a3691e5f34473a1e7ac2d5548d98ae492eea3a6e599d6e99bf360e91228bd40685ee11aabbd082b384a487cf94a8a8195f547285cf43957bd9411d96237306e7d5399e966ae94c87d49004721c2a8e3c0eb11a5c54053ad2619b6b9a86f2bd21b431ba845829f09db417ed120b49273c246b437d786eab70cd9c019e73e37b81f85682304ae5143e36b1f7bbbd589bb92bb79b25fb53ce6fd1a1c47bf297fd065d0f1dee81fd02b87a055be641e905b42f8dfc02ec1bb3c69ac9bdb3a8782800dbc91acacee6e683afdba7d095d422c92f709a3dcb5c6354ba", 0xeb, 0x9}, {&(0x7f0000000600)="cba00904739cdaa9a5bcd15ff8c69b9bf81f5467cf46ae6d3b92af90cd8bea5fa5bf9b5655fe6d716e223f1c04785a46b5ceb7815f4d957ec41203a089b6d2301a058feaf8a56649c0678b9dfd80f7215043ca50f844adc253d1dc080a", 0x5d, 0x7db}, {&(0x7f0000001840)="76046499735fbe675049be220889b0dbd3f9ae8ac6798e3a655f33fed96d21d1b544ca797450e2a9e60e77393dcf0aa65302f95ddf504bcbd89a2c6b9f65c2339a9d4509581a6862580556429dbba8", 0x4f, 0xfffffffffffeffff}, {&(0x7f00000018c0)="10ba044e0c3f8f9cd280a6bf1634a72dc4adee2dc46e71b8cf15b1af4e5b4b4546e2f546a824e6532b9329dce5561b12a63d09a1c5fde8045eee2fabcdb05d50e3dea72e5b494b5a11bc3802fdc068642bb2d774226aa1188930ed37a4e91a5142915a8f28d3b172bbc18a5f6d7cfbc9e2c89fd6024983c1525f3a5468977f67944b4e425cc6b4b6e3331bd6ca1c2927a060341342019c45389c402c6deb767770bb19306841c9e33e4dabf40ffd018f2d6928448f", 0xb5, 0x9}, {&(0x7f0000001980)="2f1861d16fa9f36a43a82a9da84d3c2374c3bd25a0ce8c9c4807e108c3d6ed0449566798f8b9320ac0838f4adad18e06886aaa1f4b20fbae35e19b75b833697d5e023e9cf79cc12ce9437ca9bad6567bbbdbec01cf6c0f0a88dfa02a076d06997c37e9d8e74906181e622289a6e221fad78b80b688c45a63f218f28355ca070c58664e7194d688efb604349afb19ac874687db15eb09dafafdca1aed1f8caecfff031d77811933d576", 0xa9, 0x1}], 0x0, &(0x7f0000000680)={[{@orlov='orlov'}, {@noacl='noacl'}], [{@pcr={'pcr', 0x3d, 0x29}}, {@obj_type={'obj_type'}}, {@smackfsdef={'smackfsdef', 0x3d, 'uid>'}}]}) chdir(&(0x7f0000000000)='./file0\x00') mknod(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) [ 1147.057414][T10823] R13: 00000000004bfd46 R14: 00000000004d1af8 R15: 00000000ffffffff [ 1147.075154][ T23] kauditd_printk_skb: 3 callbacks suppressed [ 1147.075164][ T23] audit: type=1804 audit(1566904031.424:1077): pid=10868 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir582042889/syzkaller.EPHjOp/2344/bus" dev="sda1" ino=16937 res=1 [ 1147.075557][T10823] memory: usage 304576kB, limit 307200kB, failcnt 4053 11:07:11 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$SO_TIMESTAMP(r0, 0x1, 0x1a, &(0x7f0000000000), 0x4) [ 1147.126852][T10874] netlink: 'syz-executor.5': attribute type 4 has an invalid length. 11:07:11 executing program 1: r0 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r0, 0x8003f1) open(&(0x7f00000004c0)='./bus\x00', 0x0, 0x2300) 11:07:11 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c000000000000000f00000000", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) [ 1147.209528][T10823] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1147.242288][T10823] Memory cgroup stats for /syz4: [ 1147.242384][T10823] anon 240713728 [ 1147.242384][T10823] file 8192 [ 1147.242384][T10823] kernel_stack 10682368 11:07:11 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$SO_TIMESTAMP(r0, 0x1, 0x12, &(0x7f0000000000), 0x4) [ 1147.242384][T10823] slab 17141760 [ 1147.242384][T10823] sock 0 [ 1147.242384][T10823] shmem 0 [ 1147.242384][T10823] file_mapped 0 [ 1147.242384][T10823] file_dirty 0 [ 1147.242384][T10823] file_writeback 0 [ 1147.242384][T10823] anon_thp 174063616 [ 1147.242384][T10823] inactive_anon 135168 [ 1147.242384][T10823] active_anon 240766976 [ 1147.242384][T10823] inactive_file 0 [ 1147.242384][T10823] active_file 0 [ 1147.242384][T10823] unevictable 135168 [ 1147.242384][T10823] slab_reclaimable 2973696 [ 1147.242384][T10823] slab_unreclaimable 14168064 [ 1147.242384][T10823] pgfault 232980 [ 1147.242384][T10823] pgmajfault 0 [ 1147.242384][T10823] workingset_refault 396 [ 1147.242384][T10823] workingset_activate 66 [ 1147.242384][T10823] workingset_nodereclaim 0 [ 1147.242384][T10823] pgrefill 5856 [ 1147.242384][T10823] pgscan 5704 [ 1147.242384][T10823] pgsteal 642 [ 1147.263332][T10894] netlink: 'syz-executor.5': attribute type 4 has an invalid length. 11:07:11 executing program 3: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f00000001c0)=ANY=[@ANYBLOB="150065ffff03800000080039503230ef36264cbf710476cd3088f0084000c16c3ca049d7f2f5a5ddc2"], 0x15) r2 = dup(r1) lremovexattr(&(0x7f0000000040)='./file0\x00', &(0x7f0000000180)=@known='security.apparmor\x00') write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000400)={0xa0}, 0xa0) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) chdir(&(0x7f0000000000)='./file0\x00') mknod(&(0x7f0000000140)='./file0\x00', 0x0, 0x7f0) 11:07:11 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$SO_TIMESTAMP(r0, 0x1, 0x5, &(0x7f0000000000), 0x4) [ 1147.390989][ T23] audit: type=1804 audit(1566904031.834:1078): pid=10905 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir582042889/syzkaller.EPHjOp/2345/bus" dev="sda1" ino=17125 res=1 11:07:11 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$SO_TIMESTAMP(r0, 0x1, 0x10, &(0x7f0000000000), 0x4) 11:07:11 executing program 3: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff038000000800395032303030264c"], 0x15) fchdir(r1) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000400)={0xa0}, 0xa0) r3 = dup(r2) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f0000000280)={0x0, 0x18, 0xfa00, {0x2, &(0x7f00000001c0)={0xffffffffffffffff}, 0x106, 0x317d11871c0f6546}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r2, &(0x7f0000000600)={0x15, 0x110, 0xfa00, {r4, 0x1000, 0x0, 0x0, 0x0, @in6={0xa, 0x4e23, 0x4, @initdev={0xfe, 0x88, [], 0x1, 0x0}, 0xffff}, @in={0x2, 0x4e21, @remote}}}, 0x118) openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) chdir(&(0x7f0000000000)='./file0\x00') mknod(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) creat(&(0x7f0000000180)='./file0\x00', 0x102) [ 1147.477775][T10895] rdma_op 0000000095641d7b conn xmit_rdma 00000000d8f1147d [ 1147.535684][T10823] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=9778,uid=0 11:07:12 executing program 4: ioctl$SNDRV_TIMER_IOCTL_STATUS(0xffffffffffffffff, 0x80605414, &(0x7f0000001500)=""/172) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$rds(0xffffffffffffffff, &(0x7f00000014c0)={0x0, 0x0, &(0x7f0000000bc0)=[{0x0}], 0x1, &(0x7f0000001300)=ANY=[@ANYBLOB, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYBLOB="17000000", @ANYPTR, @ANYBLOB], 0x2c}, 0x1) r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000180)={0x2, 0x0, @loopback}, 0x10) perf_event_open(&(0x7f0000000880)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000100), 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {&(0x7f0000000040)=""/156, 0x80305}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x2c}, {&(0x7f00000001c0)=""/67, 0x43}, {&(0x7f0000000240)=""/198, 0xc6}, {&(0x7f0000000140)=""/15, 0xf}, {&(0x7f0000000340)=""/54, 0x7ffff}, {&(0x7f0000000380)=""/42, 0x2a}, {&(0x7f00000003c0)=""/77, 0x4d}, {&(0x7f0000000440)=""/244, 0xf4}, {&(0x7f0000000540)=""/219, 0xdb}], 0x7}}], 0x48}, 0x0) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000640)={0x52, 0x9, 0x3, {0x9, 0x8}, {0x5}, @rumble={0x7, 0x7}}) 11:07:12 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c000000000000311800000000", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) 11:07:12 executing program 2: r0 = syz_open_dev$evdev(&(0x7f0000000100)='/dev/input/event#\x00', 0x0, 0x0) r1 = syz_open_dev$evdev(0x0, 0x0, 0x0) ioctl$EVIOCGRAB(r1, 0x40044590, &(0x7f0000000000)) r2 = dup3(r0, r1, 0x0) r3 = syz_open_dev$evdev(&(0x7f0000000180)='/dev/input/event#\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0xfda000)=nil, 0xfda000, 0x0, 0x31, 0xffffffffffffffff, 0x0) ioctl$EVIOCSFF(r3, 0x40304580, 0x0) ioctl$EVIOCGRAB(r0, 0x40044590, &(0x7f00000002c0)=0x7fff) ioctl$EVIOCGRAB(r1, 0x40044590, 0x0) getsockopt$bt_hci(r2, 0x0, 0x1, &(0x7f00000001c0)=""/218, &(0x7f0000000080)=0xda) 11:07:12 executing program 0: poll(0x0, 0x0, 0x200800000000004b) socket$inet_udplite(0x2, 0x2, 0x88) recvfrom$inet(0xffffffffffffffff, 0x0, 0x24f, 0x0, 0x0, 0x800e004de) r0 = socket$inet_udplite(0x2, 0x2, 0x88) fcntl$dupfd(0xffffffffffffffff, 0x20000, 0xffffffffffffffff) recvfrom$inet(r0, 0x0, 0xa2, 0x0, 0x0, 0x800e004e1) shutdown(r0, 0x0) 11:07:12 executing program 3: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff038000000800395032303030264c"], 0x15) r2 = dup(r1) flistxattr(r2, &(0x7f00000004c0)=""/166, 0xa6) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000400)={0xa0}, 0xa0) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) chdir(&(0x7f0000000000)='./file0\x00') mknod(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) [ 1147.647624][T10823] Memory cgroup out of memory: Killed process 9778 (syz-executor.4) total-vm:72708kB, anon-rss:2200kB, file-rss:34816kB, shmem-rss:0kB [ 1147.703795][T10928] netlink: 'syz-executor.5': attribute type 4 has an invalid length. 11:07:12 executing program 1: r0 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r0, 0x8003f1) open(&(0x7f00000004c0)='./bus\x00', 0x0, 0x2400) 11:07:12 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c000000000000002000000000", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) [ 1147.739480][ T23] audit: type=1804 audit(1566904032.184:1079): pid=10936 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir582042889/syzkaller.EPHjOp/2345/bus" dev="sda1" ino=17125 res=1 [ 1147.782996][T10939] rdma_op 0000000075f20cc3 conn xmit_rdma 00000000d8f1147d 11:07:12 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) recvmsg(r1, &(0x7f0000001740)={0x0, 0x0, &(0x7f0000001600)=[{&(0x7f0000000080)=""/157, 0x9d}, {0x0}, {0x0}], 0x3}, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) recvfrom$inet(r2, 0x0, 0x49b543e, 0x0, 0x0, 0x800e007c6) shutdown(r0, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) recvmsg(0xffffffffffffffff, 0x0, 0x0) dup(0xffffffffffffffff) shutdown(0xffffffffffffffff, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) recvfrom$inet(r3, 0x0, 0x2ec, 0x0, 0x0, 0x800e00549) shutdown(r2, 0x0) [ 1147.838901][T10948] netlink: 'syz-executor.5': attribute type 4 has an invalid length. [ 1147.860267][T10942] rdma_op 00000000ab392ce9 conn xmit_rdma 00000000d8f1147d 11:07:12 executing program 3: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff038000000800395032303030264c"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000400)={0xa0}, 0xa0) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) chdir(&(0x7f0000000000)='./file0\x00') flock(r1, 0x1) mknod(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) 11:07:12 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c000000000000183100000000", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) 11:07:12 executing program 4: ioctl$SNDRV_TIMER_IOCTL_STATUS(0xffffffffffffffff, 0x80605414, &(0x7f0000001500)=""/172) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$rds(0xffffffffffffffff, &(0x7f00000014c0)={0x0, 0x0, &(0x7f0000000bc0)=[{0x0}], 0x1, &(0x7f0000001300)=ANY=[@ANYBLOB, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYBLOB="17000000", @ANYPTR, @ANYBLOB], 0x2c}, 0x1) r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000180)={0x2, 0x0, @loopback}, 0x10) perf_event_open(&(0x7f0000000880)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000100), 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {&(0x7f0000000040)=""/156, 0x80305}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x2c}, {&(0x7f00000001c0)=""/67, 0x43}, {&(0x7f0000000240)=""/198, 0xc6}, {&(0x7f0000000140)=""/15, 0xf}, {&(0x7f0000000340)=""/54, 0x7ffff}, {&(0x7f0000000380)=""/42, 0x2a}, {&(0x7f00000003c0)=""/77, 0x4d}, {&(0x7f0000000440)=""/244, 0xf4}, {&(0x7f0000000540)=""/219, 0xdb}], 0x7}}], 0x48}, 0x0) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000640)={0x52, 0x9, 0x3, {0x9, 0x8}, {0x5}, @rumble={0x7, 0x7}}) [ 1147.937762][ T23] audit: type=1804 audit(1566904032.384:1080): pid=10963 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir582042889/syzkaller.EPHjOp/2346/bus" dev="sda1" ino=16869 res=1 11:07:12 executing program 2: r0 = syz_open_dev$evdev(&(0x7f0000000100)='/dev/input/event#\x00', 0x0, 0x0) r1 = syz_open_dev$evdev(0x0, 0x0, 0x0) ioctl$EVIOCGRAB(r1, 0x40044590, &(0x7f0000000000)) dup3(r0, r1, 0x0) r2 = syz_open_dev$evdev(&(0x7f0000000180)='/dev/input/event#\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0xfda000)=nil, 0xfda000, 0x0, 0x31, 0xffffffffffffffff, 0x0) ioctl$EVIOCSFF(r2, 0x40304580, 0x0) ioctl$EVIOCGRAB(r0, 0x40044590, &(0x7f00000002c0)=0x7fff) ioctl$EVIOCGRAB(r1, 0x40044590, 0x0) [ 1148.046791][T10973] netlink: 'syz-executor.5': attribute type 4 has an invalid length. 11:07:12 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c000000000000004000000000", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) [ 1148.141475][T10972] rdma_op 000000008f1ad331 conn xmit_rdma 00000000d8f1147d [ 1148.189367][T10991] netlink: 'syz-executor.5': attribute type 4 has an invalid length. [ 1148.195778][T10972] syz-executor.4 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1148.216955][T10972] CPU: 1 PID: 10972 Comm: syz-executor.4 Not tainted 5.3.0-rc6 #127 [ 1148.224930][T10972] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1148.234967][T10972] Call Trace: 11:07:12 executing program 3: pipe2$9p(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4000) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f00000004c0)=ANY=[@ANYBLOB="1500000065ffff038000000800395032303030264c848aca5ac17035c28b54b957280884dd627bd7336507b4785070bc20a20e1fcc7e22e89d09339fd6ffe4d38e405972eb5494f1cd6acc0c62ff84c33e5ad2fbd6e19d98c2304f83e8f20762bfc394681293c71ae11ac16a8e840c6257bbe2852caee3be17b1812b4758b20f8ff6110a49dcf0c2af3cdfa199a1c19b6bc332db8124b457b6f089035e871479756f2ac9012551990b58e0f9e0c5dab76f5b745fc8fded7e182b2b88655b667239631665a3b5a71513d58add0562b7408670f92015499be96eb4a9a3fe3d0fdf2b1e8500"/243], 0x15) r2 = dup(r1) socket$inet_udp(0x2, 0x2, 0x0) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000400)={0xa0}, 0xa0) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockname(r3, 0x0, &(0x7f0000000140)) chdir(&(0x7f0000000000)='./file0\x00') mknod(&(0x7f0000000040)='./file0\x00', 0x800, 0x4) [ 1148.238247][T10972] dump_stack+0x172/0x1f0 [ 1148.242565][T10972] dump_header+0x10b/0x82d [ 1148.246973][T10972] oom_kill_process.cold+0x10/0x15 [ 1148.252074][T10972] out_of_memory+0x79a/0x12c0 [ 1148.256828][T10972] ? lock_downgrade+0x920/0x920 [ 1148.261674][T10972] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1148.267903][T10972] ? oom_killer_disable+0x280/0x280 [ 1148.273093][T10972] ? __kasan_check_read+0x11/0x20 [ 1148.278109][T10972] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1148.283644][T10972] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1148.289288][T10972] ? do_raw_spin_unlock+0x57/0x270 [ 1148.294402][T10972] ? _raw_spin_unlock+0x2d/0x50 [ 1148.299239][T10972] try_charge+0xf4b/0x1440 [ 1148.303649][T10972] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1148.309190][T10972] ? get_mem_cgroup_from_mm+0x139/0x320 [ 1148.314725][T10972] ? __kasan_check_read+0x11/0x20 [ 1148.319748][T10972] ? lock_downgrade+0x920/0x920 [ 1148.324588][T10972] ? percpu_ref_tryget_live+0x111/0x290 [ 1148.330140][T10972] __memcg_kmem_charge_memcg+0x71/0xf0 [ 1148.335594][T10972] ? memcg_kmem_put_cache+0x50/0x50 [ 1148.340785][T10972] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1148.346318][T10972] __memcg_kmem_charge+0x13a/0x3a0 [ 1148.351420][T10972] __alloc_pages_nodemask+0x4f4/0x900 [ 1148.356780][T10972] ? __pmd_alloc+0x377/0x460 [ 1148.361358][T10972] ? __alloc_pages_slowpath+0x2520/0x2520 [ 1148.363067][ T23] audit: type=1804 audit(1566904032.664:1081): pid=10992 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir582042889/syzkaller.EPHjOp/2346/bus" dev="sda1" ino=16869 res=1 [ 1148.367055][T10972] ? __kasan_check_write+0x14/0x20 [ 1148.367068][T10972] ? rwlock_bug.part.0+0x90/0x90 [ 1148.367079][T10972] ? __pmd_alloc+0x168/0x460 [ 1148.367096][T10972] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1148.412446][T10972] alloc_pages_current+0x107/0x210 [ 1148.417540][T10972] pte_alloc_one+0x1b/0x1a0 [ 1148.422025][T10972] __pte_alloc+0x20/0x310 [ 1148.426325][T10972] copy_page_range+0x1520/0x1ee0 [ 1148.431231][T10972] ? mark_held_locks+0xf0/0xf0 [ 1148.435964][T10972] ? __kasan_check_read+0x11/0x20 [ 1148.440971][T10972] ? pmd_alloc+0x180/0x180 [ 1148.445376][T10972] ? vma_gap_callbacks_rotate+0x62/0x80 [ 1148.450903][T10972] ? validate_mm_rb+0xa3/0xc0 [ 1148.455549][T10972] ? __vma_link_rb+0x275/0x370 [ 1148.460284][T10972] dup_mm+0xa67/0x1430 [ 1148.464328][T10972] ? vm_area_dup+0x170/0x170 [ 1148.468886][T10972] ? debug_mutex_init+0x2d/0x5a [ 1148.473717][T10972] copy_process+0x28b7/0x6b00 [ 1148.478379][T10972] ? do_futex+0x2bc/0x1dc0 [ 1148.482780][T10972] ? __cleanup_sighand+0x60/0x60 [ 1148.487692][T10972] _do_fork+0x146/0xfa0 [ 1148.491818][T10972] ? copy_init_mm+0x20/0x20 [ 1148.496288][T10972] ? __kasan_check_read+0x11/0x20 [ 1148.501284][T10972] ? _copy_to_user+0x118/0x160 [ 1148.506027][T10972] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1148.512235][T10972] ? put_timespec64+0xda/0x140 [ 1148.516970][T10972] __x64_sys_clone+0x18d/0x250 [ 1148.521727][T10972] ? __ia32_sys_vfork+0xc0/0xc0 [ 1148.526579][T10972] ? trace_hardirqs_off_caller+0x65/0x230 [ 1148.532269][T10972] ? trace_hardirqs_on+0x67/0x240 [ 1148.537280][T10972] do_syscall_64+0xfd/0x6a0 [ 1148.541781][T10972] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1148.547648][T10972] RIP: 0033:0x459879 [ 1148.551516][T10972] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1148.571103][T10972] RSP: 002b:00007fd57ae39c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1148.579482][T10972] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000459879 11:07:13 executing program 1: r0 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r0, 0x8003f1) open(&(0x7f00000004c0)='./bus\x00', 0x0, 0x2500) 11:07:13 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c000000000000004800000000", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) [ 1148.587424][T10972] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1148.595363][T10972] RBP: 000000000075bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 1148.603305][T10972] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd57ae3a6d4 [ 1148.611250][T10972] R13: 00000000004bfd46 R14: 00000000004d1af8 R15: 00000000ffffffff [ 1148.624381][T10972] memory: usage 307200kB, limit 307200kB, failcnt 4080 [ 1148.633781][T10972] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1148.641047][T10972] Memory cgroup stats for /syz4: [ 1148.641154][T10972] anon 242208768 [ 1148.641154][T10972] file 8192 [ 1148.641154][T10972] kernel_stack 10944512 [ 1148.641154][T10972] slab 17141760 [ 1148.641154][T10972] sock 0 [ 1148.641154][T10972] shmem 0 [ 1148.641154][T10972] file_mapped 0 [ 1148.641154][T10972] file_dirty 0 [ 1148.641154][T10972] file_writeback 0 [ 1148.641154][T10972] anon_thp 174063616 [ 1148.641154][T10972] inactive_anon 135168 [ 1148.641154][T10972] active_anon 242135040 [ 1148.641154][T10972] inactive_file 0 [ 1148.641154][T10972] active_file 0 [ 1148.641154][T10972] unevictable 135168 [ 1148.641154][T10972] slab_reclaimable 2973696 [ 1148.641154][T10972] slab_unreclaimable 14168064 [ 1148.641154][T10972] pgfault 233640 [ 1148.641154][T10972] pgmajfault 0 [ 1148.641154][T10972] workingset_refault 396 [ 1148.641154][T10972] workingset_activate 66 [ 1148.641154][T10972] workingset_nodereclaim 0 [ 1148.641154][T10972] pgrefill 5922 [ 1148.641154][T10972] pgscan 5770 [ 1148.641154][T10972] pgsteal 642 [ 1148.646652][T10972] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=10944,uid=0 [ 1148.769002][T10995] netlink: 'syz-executor.5': attribute type 4 has an invalid length. 11:07:13 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) recvmsg(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000680)=[{&(0x7f0000000000)=""/93, 0x5d}], 0x1}, 0x2) r1 = dup(r0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) recvfrom$inet(r2, 0x0, 0x78cf, 0x0, 0x0, 0x800e00515) shutdown(r1, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$sock_linger(r3, 0xffff, 0x80, 0x0, 0x0) recvfrom$inet(r3, 0x0, 0xccf3, 0x0, 0x0, 0x800e0050e) shutdown(r2, 0x0) shutdown(r3, 0x0) 11:07:13 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c000000000000004c00000000", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) [ 1148.784412][ T23] audit: type=1804 audit(1566904033.224:1082): pid=10998 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir582042889/syzkaller.EPHjOp/2347/bus" dev="sda1" ino=16779 res=1 [ 1148.812907][T10972] Memory cgroup out of memory: Killed process 10944 (syz-executor.4) total-vm:72708kB, anon-rss:2200kB, file-rss:34816kB, shmem-rss:0kB 11:07:13 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c000000000000655800000000", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) 11:07:13 executing program 2: r0 = syz_open_dev$evdev(&(0x7f0000000100)='/dev/input/event#\x00', 0x0, 0x0) r1 = syz_open_dev$evdev(0x0, 0x0, 0x0) ioctl$EVIOCGRAB(r1, 0x40044590, &(0x7f0000000000)) dup3(r0, r1, 0x0) r2 = syz_open_dev$evdev(&(0x7f0000000180)='/dev/input/event#\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0xfda000)=nil, 0xfda000, 0x0, 0x31, 0xffffffffffffffff, 0x0) ioctl$EVIOCSFF(r2, 0x40304580, 0x0) ioctl$EVIOCGRAB(r0, 0x40044590, &(0x7f00000002c0)=0x7fff) [ 1148.947484][T10984] rdma_op 00000000d5f47e67 conn xmit_rdma 00000000d8f1147d 11:07:13 executing program 4: ioctl$SNDRV_TIMER_IOCTL_STATUS(0xffffffffffffffff, 0x80605414, &(0x7f0000001500)=""/172) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$rds(0xffffffffffffffff, &(0x7f00000014c0)={0x0, 0x0, &(0x7f0000000bc0)=[{0x0}], 0x1, &(0x7f0000001300)=ANY=[@ANYBLOB, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYBLOB="17000000", @ANYPTR, @ANYBLOB], 0x2c}, 0x1) r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000180)={0x2, 0x0, @loopback}, 0x10) perf_event_open(&(0x7f0000000880)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000100), 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {&(0x7f0000000040)=""/156, 0x80305}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x2c}, {&(0x7f00000001c0)=""/67, 0x43}, {&(0x7f0000000240)=""/198, 0xc6}, {&(0x7f0000000140)=""/15, 0xf}, {&(0x7f0000000340)=""/54, 0x7ffff}, {&(0x7f0000000380)=""/42, 0x2a}, {&(0x7f00000003c0)=""/77, 0x4d}, {&(0x7f0000000440)=""/244, 0xf4}, {&(0x7f0000000540)=""/219, 0xdb}], 0x7}}], 0x48}, 0x0) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000640)={0x52, 0x9, 0x3, {0x9, 0x8}, {0x5}, @rumble={0x7, 0x7}}) 11:07:13 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c000000000000006000000000", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) 11:07:13 executing program 3: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000040)=ANY=[], 0x0) r2 = dup(r1) lstat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x0}) getresgid(&(0x7f00000002c0), &(0x7f00000003c0)=0x0, &(0x7f00000004c0)) write$FUSE_ENTRY(r2, &(0x7f0000000500)={0x90, 0xfffffffffffffff5, 0x1, {0x4, 0x3, 0x0, 0x3ad7f6ed, 0x1000, 0x4, {0x6, 0x200, 0xc99c, 0xfffffffffffffff7, 0xf3, 0x7, 0x9, 0x10000, 0x4, 0x80000001, 0x3f, r3, r4, 0x8, 0x1ff}}}, 0x90) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) setsockopt$inet_tcp_TLS_RX(r2, 0x6, 0x2, &(0x7f00000001c0)=@ccm_128={{0x304}, "3d58506599afcf22", "cda4f11c75f68638db5e75fbddeb49cd", "5014d3b6", "8687ba5d0c90dd8b"}, 0x28) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000400)={0xa0}, 0xa0) ioctl$sock_SIOCGIFCONF(r2, 0x8912, &(0x7f0000000180)=@buf={0x2f, &(0x7f0000000040)="133673d2689dac7cf166770f13501df96174bd6afb1748773bb2cf95d3e0239e8ad1ba0cfad3f6679dced99e5d253a"}) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) chdir(&(0x7f0000000000)='./file0\x00') mknod(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) 11:07:13 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c000000000000586500000000", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) [ 1149.076755][ T23] audit: type=1804 audit(1566904033.524:1083): pid=11026 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir582042889/syzkaller.EPHjOp/2347/bus" dev="sda1" ino=16779 res=1 11:07:13 executing program 0: prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000100)={0x1, &(0x7f00000000c0)=[{0x6, 0x0, 0x0, 0x50000}]}) r0 = socket(0x0, 0x0, 0x0) ioctl$FS_IOC_GETFSLABEL(r0, 0x81009431, 0x0) 11:07:13 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c000000000000006800000000", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) [ 1149.214759][T11030] rdma_op 00000000c1ca6fab conn xmit_rdma 00000000d8f1147d [ 1149.304910][T11044] rdma_op 00000000bbe36b7f conn xmit_rdma 00000000d8f1147d 11:07:13 executing program 1: r0 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r0, 0x8003f1) open(&(0x7f00000004c0)='./bus\x00', 0x0, 0x2600) 11:07:13 executing program 3: r0 = syz_open_dev$swradio(&(0x7f0000000180)='/dev/swradio#\x00', 0x0, 0x2) bind$nfc_llcp(r0, &(0x7f0000000280)={0x27, 0x0, 0x0, 0x7, 0x2e, 0x7ff, "5c8fb62beb67efa855894f92bf3f9cb76ad74692e09a57ed56b8421458c05033472e1ba4a76d07d90386ea9f6bd2beb806c3d55490fa92750ac4817c9e3037", 0x39}, 0x60) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0xc8) write$P9_RVERSION(r2, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff038000000800395032303030264c"], 0x15) r3 = dup(r2) write$FUSE_BMAP(r3, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_CREATE_OPEN(r3, &(0x7f0000000400)={0xa0}, 0xa0) ioctl$VHOST_RESET_OWNER(r3, 0xaf02, 0x0) ioctl$SIOCRSSL2CALL(r3, 0x89e2, &(0x7f0000000040)=@bcast) write$FUSE_NOTIFY_RETRIEVE(r3, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX=r3]) chdir(&(0x7f0000000000)='./file0\x00') r4 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000380)='IPVS\x00') sendmsg$IPVS_CMD_SET_CONFIG(r3, &(0x7f0000000500)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x600000a4}, 0xc, &(0x7f00000004c0)={&(0x7f00000003c0)={0x40, r4, 0x310, 0x70bd26, 0x25dfdbfc, {}, [@IPVS_CMD_ATTR_DEST={0x24, 0x2, [@IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x1}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x1}, @IPVS_DEST_ATTR_TUN_PORT={0x8, 0xe, 0x4e22}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x2}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x80000001}]}, 0x40}, 0x1, 0x0, 0x0, 0x40001}, 0x4000000) mknod(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) 11:07:13 executing program 2: r0 = syz_open_dev$evdev(&(0x7f0000000100)='/dev/input/event#\x00', 0x0, 0x0) r1 = syz_open_dev$evdev(0x0, 0x0, 0x0) ioctl$EVIOCGRAB(r1, 0x40044590, &(0x7f0000000000)) dup3(r0, r1, 0x0) r2 = syz_open_dev$evdev(&(0x7f0000000180)='/dev/input/event#\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0xfda000)=nil, 0xfda000, 0x0, 0x31, 0xffffffffffffffff, 0x0) ioctl$EVIOCSFF(r2, 0x40304580, 0x0) ioctl$EVIOCGRAB(r0, 0x40044590, &(0x7f00000002c0)=0x7fff) 11:07:13 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c000000000000006c00000000", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) 11:07:13 executing program 0: prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x50000}]}) recvfrom$inet6(0xffffffffffffffff, &(0x7f0000000080)=""/25, 0x19, 0x2002, 0x0, 0xffffff59) 11:07:13 executing program 4: ioctl$SNDRV_TIMER_IOCTL_STATUS(0xffffffffffffffff, 0x80605414, &(0x7f0000001500)=""/172) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$rds(0xffffffffffffffff, &(0x7f00000014c0)={0x0, 0x0, &(0x7f0000000bc0)=[{0x0}], 0x1, &(0x7f0000001300)=ANY=[@ANYBLOB, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYBLOB="17000000", @ANYPTR, @ANYBLOB], 0x2c}, 0x1) r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000180)={0x2, 0x0, @loopback}, 0x10) perf_event_open(&(0x7f0000000880)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000100), 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {&(0x7f0000000040)=""/156, 0x80305}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x2c}, {&(0x7f00000001c0)=""/67, 0x43}, {&(0x7f0000000240)=""/198, 0xc6}, {&(0x7f0000000140)=""/15, 0xf}, {&(0x7f0000000340)=""/54, 0x7ffff}, {&(0x7f0000000380)=""/42, 0x2a}, {&(0x7f00000003c0)=""/77, 0x4d}, {&(0x7f0000000440)=""/244, 0xf4}, {&(0x7f0000000540)=""/219, 0xdb}], 0x7}}], 0x48}, 0x0) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000640)={0x52, 0x9, 0x3, {0x9, 0x8}, {0x5}, @rumble={0x7, 0x7}}) 11:07:13 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c000000000000007400000000", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) 11:07:14 executing program 3: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000180)=ANY=[@ANYBLOB="150000ffff038000000800390032303030264c000018b587ba9a862742d54c46247ad68bb98d8d8101eda591d728262b8967e9ec80d6fe25e1b39a82b14c2e86916b0adff701d04dcd92f94847c388716f135470e44ea947c3d61b150b3f40f0b51a4aa2e850d4cb68fb813acfcb"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000400)={0xa0}, 0xa0) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) chdir(&(0x7f0000000000)='./file0\x00') mknod(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) getuid() [ 1149.532301][ T23] audit: type=1804 audit(1566904033.974:1084): pid=11076 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir582042889/syzkaller.EPHjOp/2348/bus" dev="sda1" ino=16779 res=1 [ 1149.560721][T11068] rdma_op 0000000098222b5d conn xmit_rdma 00000000d8f1147d 11:07:14 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) shutdown(r0, 0x0) recvmmsg(r0, &(0x7f0000002580), 0x4000000000006a2, 0x0, 0x0) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0) 11:07:14 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c000000000000007a00000000", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) [ 1149.612397][T11085] rdma_op 000000003e6daf34 conn xmit_rdma 00000000d8f1147d 11:07:14 executing program 4: ioctl$SNDRV_TIMER_IOCTL_STATUS(0xffffffffffffffff, 0x80605414, &(0x7f0000001500)=""/172) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$rds(0xffffffffffffffff, &(0x7f00000014c0)={0x0, 0x0, &(0x7f0000000bc0)=[{0x0}], 0x1, &(0x7f0000001300)=ANY=[@ANYBLOB, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYBLOB="17000000", @ANYPTR, @ANYBLOB], 0x2c}, 0x1) r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000180)={0x2, 0x0, @loopback}, 0x10) perf_event_open(&(0x7f0000000880)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000100), 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {&(0x7f0000000040)=""/156, 0x80305}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x2c}, {&(0x7f00000001c0)=""/67, 0x43}, {&(0x7f0000000240)=""/198, 0xc6}, {&(0x7f0000000140)=""/15, 0xf}, {&(0x7f0000000340)=""/54, 0x7ffff}, {&(0x7f0000000380)=""/42, 0x2a}, {&(0x7f00000003c0)=""/77, 0x4d}, {&(0x7f0000000440)=""/244, 0xf4}, {&(0x7f0000000540)=""/219, 0xdb}], 0x7}}], 0x48}, 0x0) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000640)={0x52, 0x9, 0x3, {0x9, 0x8}, {0x5}, @rumble={0x7, 0x7}}) 11:07:14 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c000000000000008100000000", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) [ 1149.854025][T11098] syz-executor.4 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1149.902045][T11098] CPU: 1 PID: 11098 Comm: syz-executor.4 Not tainted 5.3.0-rc6 #127 [ 1149.910020][T11098] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1149.920062][T11098] Call Trace: [ 1149.923352][T11098] dump_stack+0x172/0x1f0 [ 1149.927666][T11098] dump_header+0x10b/0x82d [ 1149.932062][T11098] ? oom_kill_process+0x94/0x3f0 [ 1149.936978][T11098] oom_kill_process.cold+0x10/0x15 [ 1149.942082][T11098] out_of_memory+0x79a/0x12c0 [ 1149.946765][T11098] ? lock_downgrade+0x920/0x920 [ 1149.951605][T11098] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1149.957839][T11098] ? oom_killer_disable+0x280/0x280 [ 1149.963035][T11098] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1149.968575][T11098] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1149.974201][T11098] ? do_raw_spin_unlock+0x57/0x270 [ 1149.979300][T11098] ? _raw_spin_unlock+0x2d/0x50 [ 1149.984135][T11098] try_charge+0xf4b/0x1440 [ 1149.988544][T11098] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1149.994076][T11098] ? get_mem_cgroup_from_mm+0x139/0x320 [ 1149.999607][T11098] ? __kasan_check_read+0x11/0x20 [ 1150.004641][T11098] ? lock_downgrade+0x920/0x920 [ 1150.009510][T11098] ? percpu_ref_tryget_live+0x111/0x290 [ 1150.015047][T11098] __memcg_kmem_charge_memcg+0x71/0xf0 [ 1150.020490][T11098] ? memcg_kmem_put_cache+0x50/0x50 [ 1150.025675][T11098] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1150.031216][T11098] __memcg_kmem_charge+0x13a/0x3a0 [ 1150.036321][T11098] __alloc_pages_nodemask+0x4f4/0x900 [ 1150.041695][T11098] ? free_transhuge_page+0x230/0x310 [ 1150.046975][T11098] ? __alloc_pages_slowpath+0x2520/0x2520 11:07:14 executing program 1: r0 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r0, 0x8003f1) open(&(0x7f00000004c0)='./bus\x00', 0x0, 0x2700) 11:07:14 executing program 2: r0 = syz_open_dev$evdev(&(0x7f0000000100)='/dev/input/event#\x00', 0x0, 0x0) r1 = syz_open_dev$evdev(0x0, 0x0, 0x0) ioctl$EVIOCGRAB(r1, 0x40044590, &(0x7f0000000000)) dup3(r0, r1, 0x0) r2 = syz_open_dev$evdev(&(0x7f0000000180)='/dev/input/event#\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0xfda000)=nil, 0xfda000, 0x0, 0x31, 0xffffffffffffffff, 0x0) ioctl$EVIOCSFF(r2, 0x40304580, 0x0) ioctl$EVIOCGRAB(r0, 0x40044590, &(0x7f00000002c0)=0x7fff) 11:07:14 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c00000000000000f000000000", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) [ 1150.052691][T11098] ? __put_compound_page+0x90/0xd0 [ 1150.057803][T11098] ? put_page+0xe7/0x130 [ 1150.062044][T11098] ? do_huge_pmd_anonymous_page+0xd23/0x1ad0 [ 1150.068114][T11098] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1150.074356][T11098] alloc_pages_current+0x107/0x210 [ 1150.079452][T11098] pte_alloc_one+0x1b/0x1a0 [ 1150.083936][T11098] __pte_alloc+0x20/0x310 [ 1150.088247][T11098] __handle_mm_fault+0x340e/0x3f20 [ 1150.093348][T11098] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1150.098885][T11098] ? __kasan_check_read+0x11/0x20 [ 1150.103930][T11098] ? trace_hardirqs_on+0x67/0x240 [ 1150.108955][T11098] handle_mm_fault+0x1b5/0x6b0 [ 1150.113715][T11098] __do_page_fault+0x536/0xdd0 [ 1150.118474][T11098] do_page_fault+0x38/0x590 [ 1150.122965][T11098] page_fault+0x39/0x40 [ 1150.127102][T11098] RIP: 0033:0x4006c4 [ 1150.130987][T11098] Code: 01 e9 c9 00 00 00 48 8b 44 24 10 48 0b 44 24 28 be 08 00 00 00 48 8b 14 24 75 17 48 8b 7c 24 20 e8 41 54 00 00 48 8b 4c 24 08 <48> 89 01 e9 9d 00 00 00 48 8b 44 24 08 48 8b 38 e8 27 54 00 00 8a 11:07:14 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c000000000000fffe00000000", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) [ 1150.150573][T11098] RSP: 002b:00007ffd9399f510 EFLAGS: 00010202 [ 1150.156625][T11098] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00000000200014c0 [ 1150.164582][T11098] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000000 [ 1150.172538][T11098] RBP: 00000000007600f0 R08: 0000000000000000 R09: 0000000000000000 [ 1150.180494][T11098] R10: 00000000004395d0 R11: 0000000000000012 R12: 00000000004c5e06 [ 1150.188448][T11098] R13: 000000000000012c R14: 00000000007600f8 R15: fffffffffffffffe 11:07:14 executing program 0: poll(0x0, 0x0, 0x200800000000004b) r0 = socket$inet_udplite(0x2, 0x2, 0x88) recvfrom$inet(r0, 0x0, 0x24f, 0x0, 0x0, 0x800e004de) r1 = socket$inet_udplite(0x2, 0x2, 0x88) fcntl$dupfd(r0, 0x0, r1) recvfrom$inet(r1, 0x0, 0xa2, 0x0, 0x0, 0x800e004e1) shutdown(r1, 0x0) 11:07:14 executing program 3: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000180)=ANY=[@ANYBLOB="1500000065ffff036f00000800978c2c216313eadd5a6eb2031412df4d5032303030264c52b592f86d18a0601afce1f672256812f4011a4c7429f75d5bffdc142be71f6a40dbab46a93c7c09bde984f83ea4749bce"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000400)={0xa0}, 0xa0) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) chdir(&(0x7f0000000000)='./file0\x00') mknod(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) [ 1150.205415][T11098] memory: usage 307200kB, limit 307200kB, failcnt 4113 [ 1150.212263][T11098] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1150.219212][ T23] audit: type=1804 audit(1566904034.344:1085): pid=11106 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir582042889/syzkaller.EPHjOp/2348/bus" dev="sda1" ino=16779 res=1 [ 1150.265583][T11098] Memory cgroup stats for /syz4: [ 1150.265784][T11098] anon 241434624 [ 1150.265784][T11098] file 8192 [ 1150.265784][T11098] kernel_stack 11075584 [ 1150.265784][T11098] slab 17276928 [ 1150.265784][T11098] sock 0 [ 1150.265784][T11098] shmem 0 [ 1150.265784][T11098] file_mapped 0 [ 1150.265784][T11098] file_dirty 0 [ 1150.265784][T11098] file_writeback 0 [ 1150.265784][T11098] anon_thp 171966464 [ 1150.265784][T11098] inactive_anon 135168 [ 1150.265784][T11098] active_anon 241491968 [ 1150.265784][T11098] inactive_file 0 11:07:14 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c0000000000000fff00000000", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) [ 1150.265784][T11098] active_file 0 [ 1150.265784][T11098] unevictable 135168 [ 1150.265784][T11098] slab_reclaimable 2973696 [ 1150.265784][T11098] slab_unreclaimable 14303232 [ 1150.265784][T11098] pgfault 234432 [ 1150.265784][T11098] pgmajfault 0 [ 1150.265784][T11098] workingset_refault 396 [ 1150.265784][T11098] workingset_activate 66 [ 1150.265784][T11098] workingset_nodereclaim 0 [ 1150.265784][T11098] pgrefill 6021 [ 1150.265784][T11098] pgscan 5869 [ 1150.265784][T11098] pgsteal 642 11:07:14 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c000000000000feff00000000", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) [ 1150.402808][ T23] audit: type=1804 audit(1566904034.344:1086): pid=11115 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir582042889/syzkaller.EPHjOp/2349/bus" dev="sda1" ino=16799 res=1 11:07:14 executing program 3: pipe2$9p(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff038000000800395032303030264c"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000400)={0xa0}, 0xa0) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) chdir(&(0x7f0000000000)='./file0\x00') mknod(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) 11:07:14 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c000000000000000003000000", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) [ 1150.507234][T11098] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=9430,uid=0 [ 1150.526670][T11098] Memory cgroup out of memory: Killed process 9430 (syz-executor.4) total-vm:72708kB, anon-rss:2200kB, file-rss:34816kB, shmem-rss:0kB [ 1150.579818][T11099] syz-executor.4 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1150.616181][T11099] CPU: 1 PID: 11099 Comm: syz-executor.4 Not tainted 5.3.0-rc6 #127 [ 1150.624175][T11099] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1150.634219][T11099] Call Trace: [ 1150.637499][T11099] dump_stack+0x172/0x1f0 [ 1150.641819][T11099] dump_header+0x10b/0x82d [ 1150.646230][T11099] oom_kill_process.cold+0x10/0x15 [ 1150.651324][T11099] out_of_memory+0x79a/0x12c0 [ 1150.655987][T11099] ? lock_downgrade+0x920/0x920 [ 1150.660832][T11099] ? oom_killer_disable+0x280/0x280 [ 1150.666019][T11099] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1150.671542][T11099] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1150.677144][T11099] ? do_raw_spin_unlock+0x57/0x270 [ 1150.682225][T11099] ? _raw_spin_unlock+0x2d/0x50 [ 1150.687046][T11099] try_charge+0xa2d/0x1440 [ 1150.691435][T11099] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1150.697248][T11099] ? get_mem_cgroup_from_mm+0x139/0x320 [ 1150.702758][T11099] ? __kasan_check_read+0x11/0x20 [ 1150.707752][T11099] ? lock_downgrade+0x920/0x920 [ 1150.712582][T11099] ? percpu_ref_tryget_live+0x111/0x290 [ 1150.718098][T11099] __memcg_kmem_charge_memcg+0x71/0xf0 [ 1150.723522][T11099] ? memcg_kmem_put_cache+0x50/0x50 [ 1150.728803][T11099] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1150.734342][T11099] __memcg_kmem_charge+0x13a/0x3a0 [ 1150.739425][T11099] __alloc_pages_nodemask+0x4f4/0x900 [ 1150.744765][T11099] ? stack_trace_consume_entry+0x190/0x190 [ 1150.750554][T11099] ? __alloc_pages_slowpath+0x2520/0x2520 [ 1150.756263][T11099] ? percpu_ref_put_many+0x94/0x190 [ 1150.761443][T11099] ? __kasan_check_read+0x11/0x20 [ 1150.766439][T11099] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1150.772652][T11099] alloc_pages_current+0x107/0x210 [ 1150.777733][T11099] __get_free_pages+0xc/0x40 [ 1150.782297][T11099] pgd_alloc+0x8b/0x3f0 [ 1150.786423][T11099] ? pgd_page_get_mm+0x40/0x40 [ 1150.791180][T11099] ? lockdep_init_map+0x1be/0x6d0 [ 1150.796371][T11099] ? lockdep_init_map+0x1be/0x6d0 [ 1150.801371][T11099] mm_init+0x590/0x9b0 [ 1150.805414][T11099] dup_mm+0xde/0x1430 [ 1150.809372][T11099] ? copy_process+0x23a1/0x6b00 [ 1150.814195][T11099] ? __kasan_check_read+0x11/0x20 [ 1150.819197][T11099] ? __kasan_check_write+0x14/0x20 [ 1150.824279][T11099] ? lock_downgrade+0x920/0x920 [ 1150.829104][T11099] ? vm_area_dup+0x170/0x170 [ 1150.833682][T11099] ? debug_mutex_init+0x2d/0x5a [ 1150.838504][T11099] copy_process+0x28b7/0x6b00 [ 1150.843168][T11099] ? __cleanup_sighand+0x60/0x60 [ 1150.848076][T11099] ? refcount_dec_and_mutex_lock+0x90/0x90 [ 1150.853854][T11099] _do_fork+0x146/0xfa0 [ 1150.857983][T11099] ? copy_init_mm+0x20/0x20 [ 1150.862456][T11099] ? __kasan_check_read+0x11/0x20 [ 1150.867462][T11099] ? _copy_to_user+0x118/0x160 [ 1150.872202][T11099] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1150.878413][T11099] ? put_timespec64+0xda/0x140 [ 1150.883157][T11099] __x64_sys_clone+0x18d/0x250 [ 1150.887897][T11099] ? __ia32_sys_vfork+0xc0/0xc0 [ 1150.892727][T11099] ? trace_hardirqs_off_caller+0x65/0x230 [ 1150.898433][T11099] ? trace_hardirqs_on+0x67/0x240 [ 1150.903428][T11099] do_syscall_64+0xfd/0x6a0 [ 1150.908031][T11099] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1150.913897][T11099] RIP: 0033:0x459879 [ 1150.917768][T11099] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1150.937440][T11099] RSP: 002b:00007fd57ae39c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1150.945824][T11099] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000459879 [ 1150.953765][T11099] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1150.961706][T11099] RBP: 000000000075bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 1150.969651][T11099] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd57ae3a6d4 [ 1150.977597][T11099] R13: 00000000004bfd46 R14: 00000000004d1af8 R15: 00000000ffffffff [ 1150.993698][T11099] memory: usage 305940kB, limit 307200kB, failcnt 4113 [ 1151.001012][T11099] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1151.007993][T11099] Memory cgroup stats for /syz4: [ 1151.008100][T11099] anon 240025600 [ 1151.008100][T11099] file 8192 [ 1151.008100][T11099] kernel_stack 11141120 [ 1151.008100][T11099] slab 17276928 [ 1151.008100][T11099] sock 0 [ 1151.008100][T11099] shmem 0 [ 1151.008100][T11099] file_mapped 0 [ 1151.008100][T11099] file_dirty 0 [ 1151.008100][T11099] file_writeback 0 [ 1151.008100][T11099] anon_thp 169869312 [ 1151.008100][T11099] inactive_anon 135168 [ 1151.008100][T11099] active_anon 240021504 [ 1151.008100][T11099] inactive_file 0 [ 1151.008100][T11099] active_file 0 [ 1151.008100][T11099] unevictable 135168 [ 1151.008100][T11099] slab_reclaimable 2973696 [ 1151.008100][T11099] slab_unreclaimable 14303232 [ 1151.008100][T11099] pgfault 234630 [ 1151.008100][T11099] pgmajfault 0 [ 1151.008100][T11099] workingset_refault 396 [ 1151.008100][T11099] workingset_activate 66 [ 1151.008100][T11099] workingset_nodereclaim 0 [ 1151.008100][T11099] pgrefill 6021 [ 1151.008100][T11099] pgscan 5869 [ 1151.008100][T11099] pgsteal 642 [ 1151.102060][T11099] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=9168,uid=0 [ 1151.117855][T11099] Memory cgroup out of memory: Killed process 9168 (syz-executor.4) total-vm:72708kB, anon-rss:2200kB, file-rss:34816kB, shmem-rss:0kB 11:07:15 executing program 4: ioctl$SNDRV_TIMER_IOCTL_STATUS(0xffffffffffffffff, 0x80605414, &(0x7f0000001500)=""/172) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$rds(0xffffffffffffffff, &(0x7f00000014c0)={0x0, 0x0, &(0x7f0000000bc0)=[{0x0}], 0x1, &(0x7f0000001300)=ANY=[@ANYBLOB, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYBLOB="17000000", @ANYPTR, @ANYBLOB], 0x2c}, 0x1) r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000180)={0x2, 0x0, @loopback}, 0x10) perf_event_open(&(0x7f0000000880)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000100), 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {&(0x7f0000000040)=""/156, 0x80305}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x2c}, {&(0x7f00000001c0)=""/67, 0x43}, {&(0x7f0000000240)=""/198, 0xc6}, {&(0x7f0000000140)=""/15, 0xf}, {&(0x7f0000000340)=""/54, 0x7ffff}, {&(0x7f0000000380)=""/42, 0x2a}, {&(0x7f00000003c0)=""/77, 0x4d}, {&(0x7f0000000440)=""/244, 0xf4}, {&(0x7f0000000540)=""/219, 0xdb}], 0x7}}], 0x48}, 0x0) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000640)={0x52, 0x9, 0x3, {0x9, 0x8}, {0x5}, @rumble={0x7, 0x7}}) 11:07:15 executing program 1: r0 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r0, 0x8003f1) open(&(0x7f00000004c0)='./bus\x00', 0x0, 0x2800) 11:07:15 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c000000000000004003000000", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) 11:07:15 executing program 3: pipe2$9p(&(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80000) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff038000000800395032303030264c"], 0x15) write$P9_RAUTH(r1, &(0x7f0000000240)={0x14, 0x67, 0x1, {0x62, 0x1, 0x6}}, 0x14) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000400)={0xa0}, 0xa0) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB="33795e122d16ecf2a3f65a8d29dc2178acfcd48b809d310e", @ANYRESHEX=r2]) getpeername$unix(r2, &(0x7f0000000180)=@abs, &(0x7f0000000040)=0x6e) chdir(&(0x7f0000000000)='./file0\x00') mknod(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) 11:07:15 executing program 2: r0 = syz_open_dev$evdev(&(0x7f0000000100)='/dev/input/event#\x00', 0x0, 0x0) r1 = syz_open_dev$evdev(0x0, 0x0, 0x0) ioctl$EVIOCGRAB(r1, 0x40044590, &(0x7f0000000000)) dup3(r0, r1, 0x0) r2 = syz_open_dev$evdev(&(0x7f0000000180)='/dev/input/event#\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0xfda000)=nil, 0xfda000, 0x0, 0x31, 0xffffffffffffffff, 0x0) ioctl$EVIOCSFF(r2, 0x40304580, 0x0) ioctl$EVIOCGRAB(r1, 0x40044590, 0x0) 11:07:15 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c000000000000000340000000", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) [ 1151.233060][T11171] 9pnet: Insufficient options for proto=fd [ 1151.284419][T11181] 9pnet: Insufficient options for proto=fd 11:07:15 executing program 0: setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x0, &(0x7f0000000100)={0x0, {{0x1c, 0x1c, 0x1}}, {{0x1c, 0x1c, 0x1}}}, 0x108) poll(&(0x7f0000000040), 0x2000000000000014, 0x4e) r0 = socket$inet_udplite(0x2, 0x2, 0x88) recvfrom$inet(r0, 0x0, 0x24f, 0x0, 0x0, 0x800e00597) ppoll(&(0x7f0000000040)=[{}, {}, {r0}], 0x3, 0x0, 0x0, 0x0) shutdown(r0, 0x0) 11:07:15 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c000000000000a00080000000", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) 11:07:15 executing program 4: ioctl$SNDRV_TIMER_IOCTL_STATUS(0xffffffffffffffff, 0x80605414, &(0x7f0000001500)=""/172) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$rds(0xffffffffffffffff, &(0x7f00000014c0)={0x0, 0x0, &(0x7f0000000bc0)=[{0x0}], 0x1, &(0x7f0000001300)=ANY=[@ANYBLOB, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYBLOB="17000000", @ANYPTR, @ANYBLOB], 0x2c}, 0x1) r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000180)={0x2, 0x0, @loopback}, 0x10) perf_event_open(&(0x7f0000000880)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000100), 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {&(0x7f0000000040)=""/156, 0x80305}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x2c}, {&(0x7f00000001c0)=""/67, 0x43}, {&(0x7f0000000240)=""/198, 0xc6}, {&(0x7f0000000140)=""/15, 0xf}, {&(0x7f0000000340)=""/54, 0x7ffff}, {&(0x7f0000000380)=""/42, 0x2a}, {&(0x7f00000003c0)=""/77, 0x4d}, {&(0x7f0000000440)=""/244, 0xf4}, {&(0x7f0000000540)=""/219, 0xdb}], 0x7}}], 0x48}, 0x0) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000640)={0x52, 0x9, 0x3, {0x9, 0x8}, {0x5}, @rumble={0x7, 0x7}}) 11:07:15 executing program 3: r0 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000) r1 = syz_open_dev$swradio(&(0x7f0000000040)='/dev/swradio#\x00', 0x1, 0x2) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r5 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r5) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r4, 0x40086602, 0x400007) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, &(0x7f00000002c0)='{nodev+em0ppp0trustedbdeveth0\x00') ioctl$TUNSETFILTEREBPF(r6, 0x800454e1, 0x0) setsockopt$TIPC_MCAST_REPLICAST(r4, 0x10f, 0x86) getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000540)=0xc) bpf$MAP_UPDATE_ELEM(0x2, 0x0, 0x0) write$cgroup_pid(r6, &(0x7f0000000000), 0x10000000d) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0) syz_open_dev$midi(0x0, 0x6, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TUNSETFILTEREBPF(r6, 0x6609, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r3, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff038000000800395032303030264c"], 0x15) r7 = dup(r3) write$FUSE_BMAP(r7, &(0x7f0000000100)={0x18}, 0x18) openat$capi20(0xffffffffffffff9c, &(0x7f0000000180)='/dev/capi20\x00', 0x0, 0x0) write$FUSE_CREATE_OPEN(r7, &(0x7f0000000400)={0xa0}, 0xa0) write$FUSE_NOTIFY_RETRIEVE(r7, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="7472616e733d66642c7266646e6f3d19ce273ba0e0c6d3d4ca3cad6c58a98940ba9be4cc8e44b3f7a4b56497815cbd43ba85727196c5c529beab251cbbaac3c7e16c175078054db9fea4c2a6499c091b066cb6d136115a65bd72fe2499bf5cdf6ad909a457bd4d8522e57ab5f438c0e5a77295fa4a161dcb5d7f192f0b63de00750a5366aac3265f71ff50f372e8a29928e29fe8dded1af3bf8c5f2be29ea78c291e9c63752345f383888d180d1e32fcddfb262727e2dab84c73efc0c630a2cdc82661f7093455cdfd5d7202d7399c29a3828a175082acc8e85709b4f8c172e9", @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESHEX=r7]) chdir(&(0x7f0000000000)='./file0\x00') mknod(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) 11:07:15 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c000000000000fffff0000000", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) 11:07:15 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c000000000000000000010000", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) 11:07:15 executing program 2: r0 = syz_open_dev$evdev(&(0x7f0000000100)='/dev/input/event#\x00', 0x0, 0x0) r1 = syz_open_dev$evdev(0x0, 0x0, 0x0) ioctl$EVIOCGRAB(r1, 0x40044590, &(0x7f0000000000)) dup3(r0, r1, 0x0) r2 = syz_open_dev$evdev(&(0x7f0000000180)='/dev/input/event#\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0xfda000)=nil, 0xfda000, 0x0, 0x31, 0xffffffffffffffff, 0x0) ioctl$EVIOCSFF(r2, 0x40304580, 0x0) ioctl$EVIOCGRAB(r1, 0x40044590, 0x0) [ 1151.606595][T11215] validate_nla: 18 callbacks suppressed [ 1151.606604][T11215] netlink: 'syz-executor.5': attribute type 4 has an invalid length. [ 1151.637201][T11218] 9pnet: Insufficient options for proto=fd [ 1151.667093][T11220] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1151.688350][T11220] CPU: 0 PID: 11220 Comm: syz-executor.4 Not tainted 5.3.0-rc6 #127 [ 1151.696339][T11220] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1151.706380][T11220] Call Trace: [ 1151.709666][T11220] dump_stack+0x172/0x1f0 [ 1151.713991][T11220] dump_header+0x10b/0x82d [ 1151.718402][T11220] oom_kill_process.cold+0x10/0x15 [ 1151.723504][T11220] out_of_memory+0x79a/0x12c0 [ 1151.728188][T11220] ? lock_downgrade+0x920/0x920 [ 1151.733030][T11220] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1151.739284][T11220] ? oom_killer_disable+0x280/0x280 [ 1151.744482][T11220] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1151.750018][T11220] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1151.755629][T11220] ? do_raw_spin_unlock+0x57/0x270 [ 1151.760716][T11220] ? _raw_spin_unlock+0x2d/0x50 [ 1151.765543][T11220] try_charge+0xf4b/0x1440 [ 1151.769939][T11220] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1151.775453][T11220] ? percpu_ref_tryget_live+0x111/0x290 [ 1151.780966][T11220] ? get_mem_cgroup_from_mm+0x16/0x320 [ 1151.786398][T11220] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1151.791933][T11220] mem_cgroup_try_charge+0x136/0x590 [ 1151.797200][T11220] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1151.803411][T11220] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1151.809031][T11220] wp_page_copy+0x41e/0x15e0 [ 1151.813591][T11220] ? page_trans_huge_mapcount+0x166/0x450 [ 1151.819284][T11220] ? pmd_pfn+0x1d0/0x1d0 [ 1151.823506][T11220] ? lock_downgrade+0x920/0x920 [ 1151.828330][T11220] ? swp_swapcount+0x540/0x540 [ 1151.833065][T11220] ? __kasan_check_read+0x11/0x20 [ 1151.838072][T11220] ? do_raw_spin_unlock+0x57/0x270 [ 1151.843168][T11220] do_wp_page+0x499/0x14d0 [ 1151.847560][T11220] ? finish_mkwrite_fault+0x570/0x570 [ 1151.852906][T11220] __handle_mm_fault+0x22f1/0x3f20 [ 1151.857990][T11220] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1151.863782][T11220] ? __kasan_check_read+0x11/0x20 [ 1151.868785][T11220] ? do_raw_spin_unlock+0x57/0x270 [ 1151.873876][T11220] ? trace_hardirqs_on+0x67/0x240 [ 1151.878876][T11220] handle_mm_fault+0x1b5/0x6b0 [ 1151.883637][T11220] __get_user_pages+0x7d4/0x1b30 [ 1151.888565][T11220] ? follow_page_mask+0x19b0/0x19b0 [ 1151.893746][T11220] ? __kasan_check_write+0x14/0x20 [ 1151.898826][T11220] ? gup_pgd_range+0x1e1/0x2d10 [ 1151.903651][T11220] get_user_pages_unlocked+0x2ae/0x4a0 [ 1151.909121][T11220] ? get_user_pages_locked+0x4d0/0x4d0 [ 1151.914559][T11220] ? should_fail+0x1de/0x852 [ 1151.919125][T11220] ? trace_hardirqs_on+0x67/0x240 [ 1151.924128][T11220] get_user_pages_fast+0x4c0/0x570 [ 1151.929254][T11220] ? __get_user_pages_fast+0x410/0x410 [ 1151.934691][T11220] ? memset+0x32/0x40 [ 1151.938669][T11220] rds_pin_pages+0x33/0x1f0 [ 1151.943143][T11220] rds_cmsg_rdma_args+0x879/0x1150 [ 1151.948240][T11220] ? rds_rdma_extra_size+0x390/0x390 [ 1151.953497][T11220] ? rds_conn_create_outgoing+0x4b/0x60 [ 1151.959025][T11220] rds_sendmsg+0x1f32/0x35b0 [ 1151.963599][T11220] ? rw_copy_check_uvector+0x2ce/0x390 [ 1151.969029][T11220] ? rds_send_drop_to+0x1640/0x1640 [ 1151.974231][T11220] ? aa_sk_perm+0x288/0x880 [ 1151.978725][T11220] ? lock_downgrade+0x920/0x920 [ 1151.983560][T11220] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 1151.989084][T11220] ? apparmor_socket_sendmsg+0x2a/0x30 [ 1151.994527][T11220] ? rds_send_drop_to+0x1640/0x1640 [ 1151.999707][T11220] sock_sendmsg+0xd7/0x130 [ 1152.004094][T11220] ? sock_sendmsg+0xd7/0x130 [ 1152.008654][T11220] ___sys_sendmsg+0x803/0x920 [ 1152.013301][T11220] ? copy_msghdr_from_user+0x440/0x440 [ 1152.018737][T11220] ? __fget+0xa3/0x560 [ 1152.022781][T11220] ? __fget+0x384/0x560 [ 1152.026907][T11220] ? ksys_dup3+0x3e0/0x3e0 [ 1152.031298][T11220] ? __might_fault+0xfb/0x1e0 [ 1152.035946][T11220] ? __fget_light+0x1a9/0x230 [ 1152.040596][T11220] ? __fdget+0x1b/0x20 [ 1152.044654][T11220] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1152.050894][T11220] __sys_sendmsg+0x105/0x1d0 [ 1152.055463][T11220] ? __sys_sendmsg_sock+0xd0/0xd0 [ 1152.060477][T11220] ? __x64_sys_clock_gettime+0x16d/0x240 [ 1152.066085][T11220] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 1152.072137][T11220] __x64_sys_sendmsg+0x78/0xb0 [ 1152.076887][T11220] do_syscall_64+0xfd/0x6a0 [ 1152.081364][T11220] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1152.087222][T11220] RIP: 0033:0x459879 [ 1152.091097][T11220] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1152.110677][T11220] RSP: 002b:00007fd57adf7c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e 11:07:16 executing program 1: r0 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r0, 0x8003f1) open(&(0x7f00000004c0)='./bus\x00', 0x0, 0x2900) 11:07:16 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c000000000000000000020000", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) [ 1152.119070][T11220] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459879 [ 1152.127017][T11220] RDX: 0000000000000000 RSI: 0000000020001600 RDI: 0000000000000003 [ 1152.134959][T11220] RBP: 000000000075c070 R08: 0000000000000000 R09: 0000000000000000 [ 1152.142902][T11220] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd57adf86d4 [ 1152.150855][T11220] R13: 00000000004c77e9 R14: 00000000004dd048 R15: 00000000ffffffff [ 1152.175318][T11220] memory: usage 307108kB, limit 307200kB, failcnt 4134 [ 1152.182285][T11220] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1152.189580][T11220] Memory cgroup stats for /syz4: [ 1152.189683][T11220] anon 240717824 [ 1152.189683][T11220] file 8192 [ 1152.189683][T11220] kernel_stack 11075584 [ 1152.189683][T11220] slab 17276928 [ 1152.189683][T11220] sock 0 [ 1152.189683][T11220] shmem 0 [ 1152.189683][T11220] file_mapped 0 [ 1152.189683][T11220] file_dirty 0 [ 1152.189683][T11220] file_writeback 0 [ 1152.189683][T11220] anon_thp 169869312 [ 1152.189683][T11220] inactive_anon 135168 [ 1152.189683][T11220] active_anon 240779264 [ 1152.189683][T11220] inactive_file 0 [ 1152.189683][T11220] active_file 0 [ 1152.189683][T11220] unevictable 135168 [ 1152.189683][T11220] slab_reclaimable 2973696 [ 1152.189683][T11220] slab_unreclaimable 14303232 [ 1152.189683][T11220] pgfault 235125 [ 1152.189683][T11220] pgmajfault 0 [ 1152.189683][T11220] workingset_refault 396 [ 1152.189683][T11220] workingset_activate 66 [ 1152.189683][T11220] workingset_nodereclaim 0 [ 1152.189683][T11220] pgrefill 6021 [ 1152.189683][T11220] pgscan 5869 [ 1152.189683][T11220] pgsteal 642 [ 1152.229283][ T23] kauditd_printk_skb: 3 callbacks suppressed [ 1152.229294][ T23] audit: type=1804 audit(1566904036.674:1090): pid=11232 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir582042889/syzkaller.EPHjOp/2351/bus" dev="sda1" ino=16979 res=1 [ 1152.286005][T11227] netlink: 'syz-executor.5': attribute type 4 has an invalid length. 11:07:16 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) recvmsg(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000680)=[{&(0x7f0000000000)=""/93, 0x5d}, {0x0}], 0x2}, 0x2) r1 = dup(r0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) recvfrom$inet(r2, 0x0, 0x78cf, 0x0, 0x0, 0x800e00515) shutdown(r1, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$sock_linger(0xffffffffffffffff, 0xffff, 0x80, 0x0, 0x0) recvfrom$inet(r3, 0x0, 0xccf3, 0x0, 0x0, 0x800e0050e) shutdown(r2, 0x0) shutdown(r3, 0x0) 11:07:16 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c000000000000000000030000", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) [ 1152.356147][T11218] 9pnet: Insufficient options for proto=fd [ 1152.364103][T11220] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=11183,uid=0 [ 1152.391952][T11220] Memory cgroup out of memory: Killed process 11183 (syz-executor.4) total-vm:72708kB, anon-rss:2200kB, file-rss:34816kB, shmem-rss:0kB 11:07:16 executing program 4: ioctl$SNDRV_TIMER_IOCTL_STATUS(0xffffffffffffffff, 0x80605414, &(0x7f0000001500)=""/172) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$rds(0xffffffffffffffff, &(0x7f00000014c0)={0x0, 0x0, &(0x7f0000000bc0)=[{0x0}], 0x1, &(0x7f0000001300)=ANY=[@ANYBLOB, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYBLOB="17000000", @ANYPTR, @ANYBLOB], 0x2c}, 0x1) r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000180)={0x2, 0x0, @loopback}, 0x10) perf_event_open(&(0x7f0000000880)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000100), 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {&(0x7f0000000040)=""/156, 0x80305}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x2c}, {&(0x7f00000001c0)=""/67, 0x43}, {&(0x7f0000000240)=""/198, 0xc6}, {&(0x7f0000000140)=""/15, 0xf}, {&(0x7f0000000340)=""/54, 0x7ffff}, {&(0x7f0000000380)=""/42, 0x2a}, {&(0x7f00000003c0)=""/77, 0x4d}, {&(0x7f0000000440)=""/244, 0xf4}, {&(0x7f0000000540)=""/219, 0xdb}], 0x7}}], 0x48}, 0x0) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000640)={0x52, 0x9, 0x3, {0x9, 0x8}, {0x5}, @rumble={0x7, 0x7}}) 11:07:16 executing program 2: r0 = syz_open_dev$evdev(&(0x7f0000000100)='/dev/input/event#\x00', 0x0, 0x0) r1 = syz_open_dev$evdev(0x0, 0x0, 0x0) ioctl$EVIOCGRAB(r1, 0x40044590, &(0x7f0000000000)) dup3(r0, r1, 0x0) r2 = syz_open_dev$evdev(&(0x7f0000000180)='/dev/input/event#\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0xfda000)=nil, 0xfda000, 0x0, 0x31, 0xffffffffffffffff, 0x0) ioctl$EVIOCSFF(r2, 0x40304580, 0x0) ioctl$EVIOCGRAB(r1, 0x40044590, 0x0) 11:07:16 executing program 3: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff038000000800395032303030264c"], 0x15) vmsplice(r0, &(0x7f0000002a40)=[{&(0x7f0000000380)="d7e65d7d157c06961c7b360a1db52526fa8520a1eb6569444639119ba08c0c4997c1cab0a8a57d7787efe9ee915d524d5254420e75e43e89b5b32b14e52d6b7f754da9c8b5870fcd6106aec18a31f3c77e8c6c2904d0d35c275c19b1040eec60dd6e6f3a12ed8e1bae3ceabbf510e84f44eda64cbaa9bd6f2a7989680cd8e9f5", 0x80}, {&(0x7f00000004c0)="1cd37bdc92f261fd863bb4672c4f7022adde604a0b1e5880e5a7aa629706faeaac242085bdc3507d0d05a3695dfcb1a31af4509f110bafdb5af9fd97545e19684e526611d46557e80a8f71469f6e7cbbc4b9da1e0a04849ecdec93e7ca2ac1f6af34f37022dc3f008fac0c554b805254049092919d661c6f4c91c91ea262a30050fab47746ddb47ae35fe365afd0ca59461fafa4e835045824251174b2852668bf48788f87e0a9af34e1930f94", 0xad}, {&(0x7f0000000780)="e9e2a483789dae17ccc849a9c63c131b72b043ac64ebadbc5f69b22bc8f17824e264de2b92577857306e52194ad132852d9cee89e491a183f8c0781a2e8d5c08dc4d3b757c4e4b7ce587d378768691495de793b395ec7bfcc356104c2fb1ec258bf05f881b3077379a92decca31fca605587124dbf357402ce34c3590b6496e0d187ddfd74bfd4b4f1a28e48ccc2c2fec1f7635245d974bed68b5e18e13890402f5afad7b045bfce4958ee997a213b95483afabcc91f9182c0eec9fefde848a1643d4c025d0768e8e5b51083947d", 0xce}, {&(0x7f0000000880)="7ae3f11b0188eff60e9dc51b4e06319f8061027eb6e3f6312b5b8f3b21f87b175dbefc5750f196874e7d3c110f75fd7cc6914b2a30b30836674799acf4a37f7bd30d75a59ed322158deb931dbb292fcf74eccefa340be64053193202af4ff63a5f6a74470d8e8274e6937913cff1d370920532cf1ea23d2484cdc2b2ef570cb081cab2fd6c38390e43da20cacbc8a0bf41251c6949188fe1f0c28fc17c5ab5da12002cea22de39c1cb85a54a308bf365265a6f741b4f2607dc2123377ad3d0f2bf16f9abb1a990a9028bdd8cba680eb86ab5d27dbf62dccaaf74530be7e6ac", 0xdf}, {&(0x7f0000000980)="8cca12424509febf1be9ea43e973a98505da21a0762a6a506104f8d3f5c684c20ac6ad8476ed881f6e80462120762f19f5fccadde3e9f4a5f12435b6548406923568d69eee86a371fbfdb8dcbd35f27cc900dbefbf821b364767d20625327037b328693143b442bc921afe49a8100d65abdbc20d1fb3dfac8df6c0bc792984eb32abafaeef4624b9c903cd089516e90353aa4c66b2a7865a46fe3a38b01be8218d1379cdd61fb794619962be41ee54044350ab84050258eda05ddee63a5002ee8a07160577f9941b8b803aa13d19b93e928462790fa714e4d0767db5b98f53af3e00169f47e77ff74fb19382b01e2e359347f62e8f187d7a02641e03c5f54c1e4bbff8bb2533dafba305f80c719d723453bd4149ddd8e7cb633ab34b997086f6453b4f246eabedc45cc69bd8a57da38137c99b6176197cd1ec304244e217da815fce7088b46e470c872ab475e6af7ede427b28a4e846753cec1d394d24f72fae45e8925eb0ae4c1a3430af736a637e7394ba905117f9c4c6510f207f2822f4ff80ac64b2042e50a4c7dcfdf25cfa8b876ae88ea5e01aa2b4f5eafc4820f3d4e55aa49ce2ed0124c36c567438b477ac334bbdc681043d665140563ce23a14fbcaaae124cd9a92edec0a5b860db5ae3dd0e8be13fd46cb13c71e3ad030db9d842e859f12e5eef53b8df89f6851254b95867f5ca254c4ccb442aa3e099f3232e8e132ff80303cd2f29e45cd2dbec3071b688794d7879d16f56abd2060ade7849d9f1e759c7b0ba95d8d1593c5a7b1bfcbf66b618a762b4bcc11fbd69a6bcb65939c2ce9732b0b78a4595da69951fd4ccdadfe1e304d5363e39b186e10618991e70ba855be6eaee7059026d76022c1cd7c3589668909881affae1f2c03a539ef258939413f073fa0183246973140f6573be9fb4a89479bf8d342c8fc925277628cc0ef40877d2c838c9db2adc7b97d136f9de636945b6409376c2a3e5d996a25ae605bb5ee0a3647faf86c3e9fe4f24879a6a66cef4481793e7be2cb1700373a9a6f7c976d03446b85dccaeb436646c4a0d7d8d206c58c7450828c33d8196d0e6d2299f82a79737c6115db0cfd4a8d86362c31de84853294c092fb23b3680fc5f5a5709e994f81313280ebf7c19ec7a0c22f2480efab221f8e2d0493497e36046f09f78200d25dab431bc28e584a89f99a27e42317034388f2a7be7baa5f47496a186cf7da56802e5f87a0117b81fefcc53ac9ea9e9b4696b269cad923fa9347c4c170d98bf7b476df5b74ba04a922dd715d52d4a3b520bb71046388dc1358d0d99bb86bd33db6e3055b6c7d717901f541cf3c17e570c3a1c079baebfaebb1adc2b48578944409b1236b9cdab2c8fde998421aec060603fb0d4b088dbec707e647fa530a1ff472d11d0657e0be73fbc2c105580b3d4e1de61f7bc7c73464591aaafb7b75b4f4c6b137bcd8006b8c901a41b9df607a2fb7dacda16c17ef375f8951e10e56ac1e182080cbee823169174c95de63849ce01b94f950bbbb289c3b4bce47cf3765dda15ead86cd6ce46fcacb8bee669ad7c49f11eded59cc2e8b7c72dacd27655354d635263774ec3a6d6662b2f2ac447f776c76981ca701be62059c9be3b06565a944a323c8fd9081d4b95e3d3023fb4fb6438087db320f25d00eb67a9e46c600ae2dc515ceabfddad960257dd8b9e8b826a1997e1dca7cdefb0ae901e924fa869357c931e7501b0ebbb92de24c1b0f811d5e085f4297a07fecb72272d18459f346a61c2e54e239ceb51f43d04244dd52baed4614e602ea3235d68883b145e0886ad2aa84d1288e80b278c8b790310fd019fdfd1d62fb359ad5b13e7a9d6ece6bb076b1d23ae00bfce17fd930f74dfe9a2d97579c6397068368a3b2bc1275d187e04ba171c43cff216e61dc23a71ad5fcf252f2e03abaa585517d37ee25e791134b400027c8fa5616bb12b39f0cababeb86e896c8215a275449325c082391469300a99ef6831468a08602c7cbbf649f1188c9d2d1285b460eb7d9286834b323cdac62879b4a6a8b59afc9a9dd5ec15eca43361f6cd44a555c2223cb3eeacf933f395500201f2e45feddf7d024cad4c396cc2a0a32fcc17415a1037eef5326a60735933e63d4fc9c49a1c92880c5a6270f1301172191ddbf4c2685f9de88ad181b089ef2a180637463342b1858c0c92b504b0b92233fbd237a315f3a7d3d09c653daca2069b93cadfd97bf4a80958a75d46fac84fcdbc89fd304c8c6d383016df20cfeb55df44455797e2b65b7141db31fa5c66b1c388b71637b880bd89f1ccec9c3a48aaeb83a2532166bbff1cd8662c0ca250ea293e0e98e75456394ae6257c903a76961b7a48b906c96c83a6ca72d26af94a2efb23e3c05dbd2d10f9bf7ca7cb3e777599f943fb5d9836417cece8ae86cbe5074f5169816d622a47604c415b2a0795c57e0c084c3c385d6bdea2e4e0babafed1dc821eda7037993b4d4303a6dda704ed22f8c4248cf0041ae124f755d4ab61b1996e3226c585743c7c78ca6d53cd817e6cc8fb799ac4c03d19771663fbca21c0f6bfd42706e1d2d027cba4fbfa8143d79745accdf335f4286984c8be4b2e22a62015abb9ab5ba311c04ee7dbb7a8bdad8df149654f347990818615327df52129b60df768b5007af16fdf5a51df14f4b3d44c70c23db43409c09aeede8c7c1c1ecaaeed5fbe454e55c609cf112377bf749829fddcb0d4f755ae2acfc84615a43cdf8bd27f4341e52dab03d2e0e725005662cb160ab67b8f5792971f3bdcfa5c7b113441a913211718aff60e2d5296de5186f4c2d542889c1b022afaf9b9b37427eb20714cef6208df94f30c24fb44aa6703231c173a9cb4553197441c236ad42762e759af922f7687661361c22c0d1516684213cd1360135a2882556ea0c5c44eb3022ebd9bc788aeea12bb09f94bdc33c3eb0fb1f673f42f7d640501ce9b247393ae8706ee2b14f96ac3f54c177f146fe5f9da45c64de3af6c22cfd91bd92ac6cb59e61bcdaec2522b6307c5cc5d2f493fed543aab6685f6fdf2845f12984738afa68413d8316c07ea6d002c7b3e72a7b2858ec6dba2ed57ae6d57160bebb78d3112272e194d422f85c4f9e098316b837114e37a62099d567f8645dd3d5dd6c3ef29d15db3472909496f83bb761595480ec397630fcf1023f106120acfa380f79f959daa3998b1d6f137979b2420599f9223d988165bf5bf9a17c5771e4573958af6e379d457bdae04ae4f1f4a9ad07e10a6e2b747d860f3745eb1f89e11046477d1c3712f4da783a669dd8f66469b325abb4e6af5e9235751cf0375c4f81da8b5d2b58ff98faf3172810ad2b8c378576c67c303f6e236062e5229c9f77930bdce2810afcb4a8a5028369023a6ad57879fb6d370e09ddbdbd931d7038fee2e260914045b1c8e36adc2a2fe7ee0667fee7e5c747759dc69c59cb31b4b5aadd4a2cd5e4f2a128eb4ada696491ecec999458e7a77665282edd3a59af777e5c96b1181788d987adcfafd35c9e814f23201ab105fec1f11f740f9a4383e002792345fe6ec1345a84e24e62dc01745728f2829218d725e8f20ee6001c0ffedb0d86d391b64a32cd9fb8990b36d08acac2e9bd660a10199e553bf403523ea1c09a715f1a2524ff5e85ef100f9727c149f7c629b693ab705f9cb68a9aea1639742da6e7652dc083dccfec8c85a6df3feba6f5f20cbc1e9f02cade4d0c8b69d3e4d9ceadb3ec61765237d79ac19902455c70c8fa8ffd1e5340feea4a2d27d9530e96afc0a89ce647f48694cb5fe943bd04f5c11e20108c60acf10bdb411c7b4bd0a04da139cf55352a27ed5c48981ff22ca6f0dcaac97a41578062e20c0667f64f7e990549f7496450524e50946bd60c3c50502ab0ed5a3290f00c3f8ffba28fabd396aa151a473c4407e0f3b56b454b93e9a49e6e565a2fee895a5c35384d623313a1c593b48bb9babc1407424fbb1981f1c5bee4e0edf05266751f926f94a45fa72f28af031feb4d11e6cf8afc8df50319eef14b549c55fb50872e2170b8d4bb81063f230f6e4e09ebb9269d1463c87b79c6a00aa3c541e89b2ae52d01fe512342e04ea27bf3bbe57da4bf97f17d5e7d91e0afb72118d5f4d9470edfadb98c266db70f78ac3531481a7624b1cb00d0b87749d46c5d8296a687bc09e84f20a00c86d04c7c4c688bf9a7e4220451c9a6d70826c467b60095a44e8750426b35be69c0b2cdbe2bd377f5ff2564657508a16024f61200b72f576e2e100be3b1db0e0a1f33b0bbf1330cfb745ae869bee3909612d17e8fdd61bdd90aa439bee61ffbf57134d0745249fc57dad334c69ac9394ecda7f9ad3b2af1e2e8994f61f2c6397618a2ddd56cb9759d2216487c30f1e3c780c2e12eaec4110ac22080130edc8f6e265fec600d88f7dade9eea0b22e50ffdae039958fa35564118d1b942ad123ed6024c585754d592e1a035361cfd8cc8130d004658b29592112071a811d6923df8eef1fbd5dc21765ae3ea56a6076e0283ec966ea3231c94cdfea5110ec80474fd5f5faf012de15f65921441b0c88f0b460279dc099beb6b56d7f4f1ad6d24ad7fa6b5dab1c82c53cd7be849e945b0922f32ba41cbdd7f1475e04a538c3fc9173710e49fafe7fe23de02fa6ff5276fdf04cc3e53c14851dffd06509b04e40ab431e4b30b4de5128be4c767edd1ddd94ca2e64ede99ee93a07cbabde03b2d9018b8e7d2f1f0f6a07b4330382dba37fe038ac74252cb2f9f4a65a961a5441fc09cb65e2ad8fb75ea0918eab5d6ec5959707912c4cd43bb3c7780343ad422588519239e73974de3b3ef13551f1309fdc794309bc03139444428f956c0c7a6b0a2ec704335b04a789de2a3f7f0fca49ecb9557e6e03c4f71321dc6e2120bc75edb2a838a2cb97d1171268087244325729080edc4ff6952c76ec9fa90774243ae19b34e27501b57fd57d1e8fb968ce22acca23f60566dfbc99d212d158ac7f7a2d1d6ffe74233ed000fc72fec04fc1f8c0f818e81e450fc327da4ab9a0ce3bf15c77b66d419ba9f2ad44a87e12854edce8be2bc57a81bc14e7bb7d96c17a958069c420c54b30d0a6d65899fa21f225644cff13caefad3a81f4e0ea9533c1cdf95460922bd77fd44fe3b9bbec092cb6427b056ae88dcbab55d33c414bd2474bc0b544fe2ade2391f8cb894515369006eeb92d3e6ca9721d378d595d7aca58005cf373dacd279959ef3bae24a0f9f3df89793696c3224635e0f89a8a5c378040a812e3abbb6d34049d8680cfb65cd1d2eac6ed9d8872385b4b267b23e514166f037b167823a1d56bd275a506a30c69440cf762dc04e6da8cdec8f68f25aa3a7627568c590305b2b4a1d40f805186b30cf66a454c39655e5560a95ddc6d4fd13c424010de0ee30e67dde91e336bfdbbcab4e210e7edfb122558b952a227cd3d6c2127c0b8871315ae3eea14932c2b601ee0898cb75c7967eeb8a82db69e9f5ac611f5b0601214ea9baa6432c10a3c331444e754ad56011394695de38a20f5c96b06edbe13a629329a0c8e9188b7baaf5519657f635318c7c27b22d344e0e34a42eff044abbb8bb881773f318c610da5fb703d3c204ee2545c43d3d1f8bacb5e35db9344ac7970a20d94818a2935b99645d64f2a74d808316fc864fe8413639ef76b3c691774c1f706867a27a085d644b63b8cbe102436c569b024f54a72bf86d44e2bbe770f6feb8206bcf3360e35648462e0bbfac706dab9d7c3a06db1723338fab9028def04fd3f6c8301565ea17228555", 0x1000}, {&(0x7f0000001980)="e05782aeeca88c73ae011e6bc4016f35cefb0920ac5d7e25b808b6018eb4bc6bdfdf2d24810fcf5ebc8aada3c0df97b2b7fa847ffa51b1c76ee5143870a1ea88e5724bdc384aeec61d8682460bcadc1fee1bb1641ae0651acb6349653b509839e37d54781c7fc384a32502fceed8644be93e96ea8d3cccd66d318ae8fdf041f9b58b63a866819c6c022cbaf5fd0cf5807cec6a4300d9fce01e771a0a0d10e3d3a452c07d0d0c2c5fb7cf5670b1b3d45530b9a3a3b41aa03caa37a8db0987ac5c0f6df2e93dfd7a27adde6a1a9bf578b47cd80a4955e49a634669f105d84b2819945a5dc7a91475f7d9e760ca7469c67580b1b7830689366ca83552dffe8469b0027504865e7a6f66a751085a36bc2729ef3715aa093d12bc3a4241eee2f1c2bea377c9f6b0154fd8c9606b2b695445edc60a294b647a14e7caed59144815a22e089c518e14d71885c581a9383a7d82d8b9ccf0296d1b81aea2d931d1681a48bcd011703dfa4402e1eea1255ce147d9096b3e61431965b1853ba4140b94b94d2be16829206c69a5b6cc1992aa4404f162475f460aec929240303471096b48e25691b632ff22397b0b3cb52888e6ee4b4567cef388662597a809ad21ecc8a8e905e1ade156d0e969af704e65a7df53426517978565dc56c38a020d966eee5dfa67d9c19d48877570461929c6aa392313bf24b534a5df4ca8d0903e44c4bc1bb646f996ad3ed2efca6ca698ac06a590fbb6cf73de6c28d983cccbf2b4c02617bf6a9645d217fa5de43eb5a78724aac962b8bd5b9735c6e375322e11a69a362901b55a72a8a5856b552c0bfd7c04a471f4937edb9319bf293d029de806fedd294f632f3b7adcd1fa8f2fb0c145f6d2d85017b7d9321d9a786abbeaa5a3b4109db2b8e89962e252e8c46e0fe948d4ea2c6c052665e724721d30139ce052034c2e8cd7d4923b7e54db59b0c7b27b7dd34767d071421a4de08753466e861a64d97e282ec2bc460f0729aa3acd0ba90fc52cf3d34478976e929dbfd6e0fa376397214cf8f07b40ebe779c3c6b7bc02937be3dd775443059d2183568ebe3334d3ba1cf6b712e43241b10cab5fa0e7aef6789171e6009d3a6259722b74a34e73b58e52ec0b23c25c1c69a20031ab350d50b69ecb3b43a08f28fc94c12ba8a6ad606fd2e2f7121a22414a3bdb4f1a8fdc1a03fd9f816712f5ae2fbcd7fe615ddd7b880e22f6088261f1942e8fe453a5423dbb05533e9a45e6841ae4b7c972f2b027e89496f38e80d0e232e950331b56d00d09558b79c312e4c65c67cf8e5c68fd90e98c5a74a277f4fbfc8aa3f69546198c81ce0745a3c4bba999d689fc8af983e3971c0338e2e2801592e26842e894e2fcabb388936d23ff6075b8afe5dfe1163dc91358d53b6d9803d737548cf072a57c678883945737852c7e7abaf3fa28c56ddc5d3a6f2d864327d69c8e9243e6bc1ac205625e86056c996749b4b40cc1d4769f62975293e1f30a4bc2219cc309f65308d1b704a3a92738732d2d023f41a3fbadb106a5fce0e8169e6cdbda546f50e683839207ac47c0028ef20c6b8d5e549836ba4499171550c79df9287d960e64830b84c4f169e7ee89ca17fb5ad6086669547a70e9846c5ce0e1ff236c71fa165af04a4d544f26b696c6a81c7e45c2f007360a0be5eb6bb86a32b293db8cd86da102dd20d8503590b324398d40de9c45f7b6d03237811ea18da328063abecfef56bbe734ba1214ff1a8dfc9e53e78c49f29a5e6b712ccf0651493a27bece27b6016a36187e3b22920b21084bf06d4376f1aaf45f582693b5da07d82a81a675a599b5442eacb248d423ae2ae3fd185e4b9598eb34251acc1474c3118481c0b6d099a39335dbca2b5085a80b990297fb6c8d7455c9a87fe3950fb236f3e4bf41d51edf8b285ae9027d099af4fb990d88430b037a3ba5ebde88720e3952ac533b55cc2aa7a044365177a93ac96ecccc0ac3f3d5f78fe8b3c503582ccb49a690e3591d0820b5b38914955875a22acb121e5a862dd341606e726800d1a1f7360e21ddf305d68b73f8e01ae72609b1f4386954f5b024d4285ab12724e2b41de1e621d900fc090fcc7c68a2bb715af2782c6ef6d7eb52dbc23be2f73104de30baa9b899524825d72f83119663b819c98327ccb8a08ec5abbaf52f1e8e96c4fee13786d0f7c0b23a031ce23c4fb091d4b47a2a593db6b87c108e325d6606176dcc92fb5af748207ea149192c8a2d72f76363d7f49aadfb687049632f28bdfc9789753c77d416f8e921df051013896c2aee0d85afb17b19fa56e12d2954a628863f80c9a2051065d8c1aa5878efbbc3ee5f6e27b2f42ec1fa3426295cc36c5c6532d5c25eccc48cfb3291dbfe768559ce88e733df06ce0ec6b293722a33c5507d7e3a6305de09c0daeda72f74f6f2de0d849562ba13ad4a6fa28849a8b7e04f8747039dec5f7a74163d0f493af23cde0ff4ea4c8a2e7a6cf39439d84884bb94c7637342c8e62238a62ae9f278beda205d757c99c0d05c530bc29b3b7bc8164cf4555c946dba7eae9dfbf086e343c72304dd7d7c7e86c8f2e9bb21be6fe078b7cb92836a801425ea738f258e4ceb62a56b5458dbedf455b491ab714f6a76c45431c68b1ad85ed0c67aa493db6e503009ec04cdeb2d22c8765010b595e017ecb4edd064b31e64f6aac5ad9eb550d87f8a269f9dcb5f3bf0458bf28dbfcc3c014045af153fc15687639cc56076af04ce055efc2d424fd2228e357b1627eab0ad793d8dcabd52be92f768afb4117cc527c0e98b077d6e09594565c6cc30a1832f458a61c0ea2ee4bb4e8ea5f400f2e3804f1b5352c690c256095cca0213a166bd8584a0d8436a934f30207ca8ce31be27e55fda82cdc8f6b96399159d51f24a60d1576b97598dc5a6e7c603a3b522a2d2c7402dbeb08a1edf52d7f8ac17abc6f8e504eafe577d7a90d8bf6623c47ae13b6a2ff7007a426b6601acae711dc051c9935f140df22d35192ce314bd07b3238f8dd7589243ba67237b8170d3b16904152fea238b9de3eed403796df3f1e491a9c06868fabdf0d41d73ba54dffc1b57f0ec56b99af7c2a85c6fe6d40cba49f9aef8a4a88709d96f51f0d4e5288f9e6d00658ed439a51766cb0caf1481263b741dd7684b127a6ecdd88c4d49dcde6622edae006a55aa837f6f32060f1f451f5c461ea4f98973de5da5b683b4cf51c35f40e581f115b092544e523ceea6018927bf8c0d6cd3b74a39a115e2b4efd302f70ea4639a3d88acd2b6945140441247e5286e55edcd526d3b0f168a4f4c4c6c03f1590f44caab0f0493f68fe742e709e7a408d9ef378985f7e7836cf83f6c49357502cea33ac96164a40c2c96a1eadb9a712608dbaecdc28a8924ef7f5039d0c96f83e334ed00fe3915c17671f6b7f531281a0d68a00923ace0bebe9b2b63d25d487453ecd27ad216be9002e0e22ce77efc5b41af9488ec185ced1b582477300e4ee0bf2fc36067a935cc9467c096e0cf77ed695bbf67c8dfdc1b1c64a9613e27280aa7ccfe31df64779d3aecff2db6e6ad144e9d35b4e574c4fa2494ceec81209d8bcdb9384ac966c0427be32b7f5692649fe2af346483b4e284ce521591b136a1fd19d7292576dc300ac497c56b982ab7f8306a18ac9105171c5a1e70e595772ab3cf16d7fb37298a9ebc7f4f3f2fed530dac610a5b6d660ef0c192fae44ec76c28a8b232a11cd528080015c7702b701ad5dc517103bf1ac83d22c9e793343c6bc991a0353b9369714f27923473dba291b0b0a2e4781ede8becba2389a17eed162d050cbf1d84b4849f25e260a5440dc8786c546614e638176b3f74fda27db1115b6f4ea1c2be05444002d85fd79ac09b263951737dc78b25b73c68192a9bf5ff6211f4f9a3559de2568810568ef2e7e89173a28aef05fcd732f119e81b84a6d204cde995f85c41e4abce304f18e63019423454c211ba1b569527a373caec56f7f3731b554bca4ec0929850785005ce0e09482c5198f34e697e54a1752c8e86d9b86285159c2b00371e2c79639042dc95ceac5889b659dddf0e538cd0139e6fd3d4fec1129db0bcb94ade6794840b0d537a957b6a7cdabeea0abcefe9ca6739157e701ad91dd576af197e66db2f795daac1b65ff2a377a280fc9f74dfa176ccfca0f47b4df47db1d51bd3fc0a938822f5f01c3c9545156b37f198644fa9daba0f971ba61dc8788a454301e05ed93cefd71a371d1b644c472a33c0531130a10a437f5a265272b6dc4d9c28331f0e5bc3100ccab1fe1d4f365ba1f1b47328eb3b5b3b7e451d5c05c48dda12d346d099810114b362728111b92fff03f3a780263410d872f7b52abbefe7eafce83a54996443614e32821d2aa76addf742b1b6782ed9b6d5475d30fd6beba36a53ce2b123b9b2855983afa10effa5cb3fb65e4b1e0686388e4a3521c1a1f5af27f0b26a5020fb584322695519240879df4f845bbac0b6d52bfa1e0580bc8afa2825a81f41f3246e888c66a23ed930937ef4b71a7a3117ad78e5a2acc02413c7beeb30e8ec9d9a802ffd6bb5b8ba196aecee0585bf54b9da24edeb21a3d74370760d47a1af590ece88ca9dde241c8670ce9749315a7b969bb6c59aecebe9752c6f4c6edd332bbf4213f9e715042c807bfb2d49dfc71f015188ace82d1d3d680845259b836b3b3c88fe55a03951d2fcc4e1076c381abdd70625524308755fa32d863cb4240c25a492ae5757cb6e1a724521612d54998c6545648d5d8ba0dfdf3ee4dd0a49d60c04c586037632dd59eddbc536e53d2e5406911eb91963cf59ac98d02134b14cb229db84af65d6e72af47fe6549f87d9cf582d1d97df1e31225d9d71545fe14c9b6549aa457952ec1891c5017aee808ced794cbfe24f26b5a0cbf839a7f8e4d3d72bdd36144b307ac1095c84c02527e619ed86a149c867814d680fe4252ec66ae70e0190ccbb97005483027f02a3cb430730007c2a97f54925a46cee818edf0c0696fc8ae0fd1514eba36c6a6953dbacfd3b06f6f331c22255d9c04ca455dc0f2620d52aed0e3ed08c56ee5d4fb3473454bce6eadadd28eda6031adace9b2b359c6148e7eba7178b289bb85ea936c4d8341b56f7c572c58037dd05772246d9959a591065465250e16afefa76176bcdff99b3e9275bc3c27baafb1b1032308d5d3f9f4cb836da2506bf49ebd35823a8024a394956d75b14d565cab3038b9e25cc1fe44b454f6a8984df01c1b89ccbd2dee7f8c9cf7d554011a64f3701e43c124a3f62d2c05f835e166b7bfbae97f316eb6a0faa276b461ce27060214d473a7548d17220b90a9ee19b89b7375f7880d99711cc29fbbed24c439b4eab281711f5ce6765c89cd2dcc6de79b92351a59bf90013a40fd23d8dcd3938a36257ab424079477d6af462b8ea7c4bc0b6ae522a0530b8f045c3060eb206140cccfba4f162a0332335a188b901356426d1a213fff5a6cc38181e72d8830100450af4bd7669f087863f40eeda86e210b3d822b0f21df8a6fbd1bd4d636f8e4973441011aac7093c22b23ec79515a5686fdc127c7a5b3b2445c49f0b4f4f74b9dcd018878c2fcdb6ece7a0be92c93f47aafc1420e037b2216548c8a2cb1b69640de6aec2e6a1eed3bd8ecd35b02299ff72147de7215a7640c0819be9c352a7c2f44c1ce3594fc9054594599d422d37d6e05685dccf0444a10e8fc89818d003e927389baf59dd74fc6b666f7501be54d550402616a7aee347a425aaebf982779a71f2db5a8a7fd03bf0ea142d7df88e328538327", 0x1000}, {&(0x7f0000002980)="a56ce1eb4bcca3a37e45ba4dbdd1884fc3eca91127e9d1f0689268bcf9f603479d0439f60498df226e9d1055330e30bfc3dc8c2f91b87ed6eb47cbf64588913673b8e7d2282a10cdccbd0f07c889cf134197c16cebb8c43fbe537c083d368df2bb6130d9d1bf082cbb8833a9abda7aff7ac7d2da03612ca6810623b794f4c5463e90de4bd1", 0x85}, {&(0x7f00000002c0)="10c4d121e6b0a75d20b31ca9f2af3ac76685e840e0a80e64b92ccd4da81082bcd950a9256ae647e9a058d88b8660ed", 0x2f}, {&(0x7f0000000580)="ec7a4408b5b99f25e9c7bb4b227830299e3d223f29b2428fc53c", 0x1a}], 0x9, 0x4) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000400)={0xa0}, 0xa0) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) r3 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') stat(&(0x7f0000002d80)='./file0\x00', &(0x7f0000002dc0)) sendmsg$IPVS_CMD_ZERO(r2, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000600)={0x164, r3, 0x100, 0x70bd2d, 0x25dfdbfc, {}, [@IPVS_CMD_ATTR_SERVICE={0x54, 0x1, [@IPVS_SVC_ATTR_PROTOCOL={0x8, 0x2, 0x2e}, @IPVS_SVC_ATTR_SCHED_NAME={0x8, 0x6, 'fo\x00'}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x1}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x4, 0x1}}, @IPVS_SVC_ATTR_AF={0x8, 0x1, 0xa}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x56}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@local}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x8}, @IPVS_CMD_ATTR_DAEMON={0x20, 0x3, [@IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'bridge0\x00'}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x8, 0x8, 0x8001}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x3}, @IPVS_CMD_ATTR_SERVICE={0x48, 0x1, [@IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x4}, @IPVS_SVC_ATTR_PROTOCOL={0x8, 0x2, 0xff}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x7d}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@loopback}, @IPVS_SVC_ATTR_PORT={0x8, 0x4, 0x4e21}, @IPVS_SVC_ATTR_AF={0x8, 0x1, 0x2}]}, @IPVS_CMD_ATTR_SERVICE={0x34, 0x1, [@IPVS_SVC_ATTR_SCHED_NAME={0xc, 0x6, 'lblcr\x00'}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_PORT={0x8, 0x4, 0x4e21}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@ipv4={[], [], @initdev={0xac, 0x1e, 0x80, 0x0}}}]}, @IPVS_CMD_ATTR_DEST={0x50, 0x2, [@IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0xfffffffffffeffff}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0xfffffffffffffd90}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x8}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0xcdb}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv6=@ipv4={[], [], @multicast2}}, @IPVS_DEST_ATTR_TUN_TYPE={0x8, 0xd, 0x1}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x5}, @IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0x40}]}]}, 0x164}, 0x1, 0x0, 0x0, 0x40000}, 0x4000) chdir(&(0x7f0000000000)='./file0\x00') mknod(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) ioctl$GIO_CMAP(r2, 0x4b70, &(0x7f0000002e40)) getsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(r2, 0x84, 0x1f, &(0x7f0000002b40)={0x0, @in={{0x2, 0x4e21, @broadcast}}, 0x200, 0x1000000000000000}, &(0x7f0000002c00)=0x90) getsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(r2, 0x84, 0x1f, &(0x7f0000002c40)={r4, @in={{0x2, 0x4e21, @initdev={0xac, 0x1e, 0x1, 0x0}}}, 0x4c9, 0xd3}, &(0x7f0000002d00)=0x90) ioctl$TIOCGPGRP(r2, 0x540f, &(0x7f0000002d40)) fcntl$F_GET_FILE_RW_HINT(r2, 0x40d, &(0x7f0000002b00)) [ 1152.470804][T11240] netlink: 'syz-executor.5': attribute type 4 has an invalid length. 11:07:17 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c000000000000000000040000", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) [ 1152.577235][T11250] rds_sendmsg: 4 callbacks suppressed [ 1152.577286][T11250] rdma_op 00000000c7c6c29a conn xmit_rdma 00000000d8f1147d [ 1152.611483][T11260] netlink: 'syz-executor.5': attribute type 4 has an invalid length. 11:07:17 executing program 3: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f00000004c0)=ANY=[@ANYBLOB="15fe000065ffff038000000800395034303030264cfb48ba078b923cabd1b66e8efb93cdbea285ed397aa6633a4e47fc31079031ccdecff17f28a81e5e9ac6e95a8d18a126e550b9c7fa6ad943d612d0ec109af92dfca1c83f7a58393eec1b74f2070590276e9ff4b0e7de16f2dfea5110875ce0aeb7a44f68a4e8b01bcfc6992bc09611c72fc8360a3e75f12d6c89a4955bcaf22aec"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000400)={0xa0}, 0xa0) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) dup(r1) chdir(&(0x7f0000000000)='./file0\x00') mknod(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) 11:07:17 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c000000000000000000050000", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) [ 1152.661344][T11249] syz-executor.4 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1152.697777][T11271] netlink: 'syz-executor.5': attribute type 4 has an invalid length. [ 1152.703582][T11249] CPU: 0 PID: 11249 Comm: syz-executor.4 Not tainted 5.3.0-rc6 #127 [ 1152.713791][T11249] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1152.723827][T11249] Call Trace: [ 1152.727102][T11249] dump_stack+0x172/0x1f0 [ 1152.731420][T11249] dump_header+0x10b/0x82d [ 1152.735823][T11249] ? oom_kill_process+0x94/0x3f0 [ 1152.740749][T11249] oom_kill_process.cold+0x10/0x15 [ 1152.745847][T11249] out_of_memory+0x79a/0x12c0 [ 1152.750511][T11249] ? lock_downgrade+0x920/0x920 [ 1152.755350][T11249] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1152.761573][T11249] ? oom_killer_disable+0x280/0x280 [ 1152.766768][T11249] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1152.772300][T11249] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1152.777921][T11249] ? do_raw_spin_unlock+0x57/0x270 [ 1152.783022][T11249] ? _raw_spin_unlock+0x2d/0x50 [ 1152.787861][T11249] try_charge+0xf4b/0x1440 [ 1152.792269][T11249] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1152.797801][T11249] ? get_mem_cgroup_from_mm+0x139/0x320 [ 1152.803337][T11249] ? __kasan_check_read+0x11/0x20 [ 1152.808362][T11249] ? lock_downgrade+0x920/0x920 [ 1152.813226][T11249] ? percpu_ref_tryget_live+0x111/0x290 [ 1152.816707][ T23] audit: type=1804 audit(1566904037.194:1091): pid=11273 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir582042889/syzkaller.EPHjOp/2351/bus" dev="sda1" ino=16979 res=1 [ 1152.818773][T11249] __memcg_kmem_charge_memcg+0x71/0xf0 [ 1152.848898][T11249] ? memcg_kmem_put_cache+0x50/0x50 [ 1152.854095][T11249] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1152.859634][T11249] __memcg_kmem_charge+0x13a/0x3a0 [ 1152.864747][T11249] __alloc_pages_nodemask+0x4f4/0x900 [ 1152.870106][T11249] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1152.876336][T11249] ? __alloc_pages_slowpath+0x2520/0x2520 [ 1152.882045][T11249] ? vm_mmap_pgoff+0x1d4/0x230 [ 1152.886798][T11249] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 1152.892507][T11249] ? do_huge_pmd_anonymous_page+0xd23/0x1ad0 [ 1152.898481][T11249] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1152.904710][T11249] alloc_pages_current+0x107/0x210 [ 1152.909808][T11249] pte_alloc_one+0x1b/0x1a0 [ 1152.914295][T11249] __pte_alloc+0x20/0x310 [ 1152.918611][T11249] __handle_mm_fault+0x340e/0x3f20 [ 1152.923707][T11249] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1152.929236][T11249] ? __kasan_check_read+0x11/0x20 [ 1152.934254][T11249] ? trace_hardirqs_on+0x67/0x240 [ 1152.939267][T11249] handle_mm_fault+0x1b5/0x6b0 [ 1152.939285][T11249] __do_page_fault+0x536/0xdd0 [ 1152.948758][T11249] do_page_fault+0x38/0x590 [ 1152.948773][T11249] page_fault+0x39/0x40 [ 1152.948784][T11249] RIP: 0033:0x4111bf 11:07:17 executing program 1: r0 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r0, 0x8003f1) open(&(0x7f00000004c0)='./bus\x00', 0x0, 0x2a00) [ 1152.961262][T11249] Code: 0f 84 c8 02 00 00 48 83 bd 78 ff ff ff 00 0f 84 f9 04 00 00 48 8b 95 68 ff ff ff 44 89 95 38 ff ff ff 4c 8d ac 10 00 f7 ff ff <49> 89 85 90 06 00 00 49 8d 85 10 03 00 00 49 89 95 98 06 00 00 41 [ 1152.980850][T11249] RSP: 002b:00007ffd9399f460 EFLAGS: 00010206 [ 1152.986895][T11249] RAX: 00007fd57add8000 RBX: 0000000000020000 RCX: 00000000004598ca [ 1152.994845][T11249] RDX: 0000000000021000 RSI: 0000000000021000 RDI: 0000000000000000 [ 1153.002792][T11249] RBP: 00007ffd9399f540 R08: ffffffffffffffff R09: 0000000000000000 11:07:17 executing program 3: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = accept(0xffffffffffffffff, &(0x7f0000000180)=@isdn, &(0x7f0000000280)=0x80) setsockopt$inet_tcp_TCP_QUEUE_SEQ(r2, 0x6, 0x15, &(0x7f0000000580)=0x40, 0x4) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f00000004c0)=ANY=[@ANYBLOB="1500000065ffff038000000800395032303030264c57be2179cf2625617780beaa660f14c100d7a52a6c21da4061a4b069b74e442105b9712cf316efdbc300d192f383db00e5400effa26b4f350410a7413925503d947d70468cfb4e42d691f38bdd456b4a027801c6d1282d381b9e3f39f2fa82cd9bbefe467bf1a74b14d1ccda1d9956fa97c2a4a0a2f62c819cb0d1"], 0x15) r3 = dup(r1) epoll_ctl$EPOLL_CTL_MOD(r3, 0x3, r3, &(0x7f0000000040)={0x6000201a}) ioctl$SG_GET_SG_TABLESIZE(r3, 0x227f, &(0x7f0000000380)) syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x5, 0x44c4a6b45b1d2b89) write$FUSE_BMAP(r3, &(0x7f0000000100)={0x173, 0x508846921fd87927, 0x0, {0x3}}, 0xfffffffffffffd87) write$FUSE_CREATE_OPEN(r3, &(0x7f0000000400)={0xa0, 0xfffffffffffffffe, 0x0, {{0x0, 0x0, 0x0, 0xc, 0x0, 0x0, {0x8000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x2}}}}, 0xfe20) gettid() write$FUSE_NOTIFY_RETRIEVE(r3, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r3]) chdir(&(0x7f0000000000)='./file0\x00') mknod(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) 11:07:17 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c000000000000fffe6c050000", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) [ 1153.010732][T11249] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd9399f630 [ 1153.018685][T11249] R13: 00007fd57adf8700 R14: 0000000000000002 R15: 000000000075c07c 11:07:17 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) recvmsg(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000003c0)=""/4096, 0x1000}], 0x1}, 0x2) r1 = socket$inet_udplite(0x2, 0x2, 0x88) recvfrom$inet(r1, 0x0, 0x26ba, 0x0, 0x0, 0x800e00517) shutdown(r0, 0x0) semop(0x0, 0x0, 0xfffffffffffffe76) recvfrom$inet(r1, 0x0, 0xa217, 0x0, 0x0, 0x800e00521) shutdown(r1, 0x0) 11:07:17 executing program 2: r0 = syz_open_dev$evdev(&(0x7f0000000100)='/dev/input/event#\x00', 0x0, 0x0) r1 = syz_open_dev$evdev(0x0, 0x0, 0x0) ioctl$EVIOCGRAB(r1, 0x40044590, &(0x7f0000000000)) dup3(r0, r1, 0x0) syz_open_dev$evdev(&(0x7f0000000180)='/dev/input/event#\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0xfda000)=nil, 0xfda000, 0x0, 0x31, 0xffffffffffffffff, 0x0) ioctl$EVIOCGRAB(r0, 0x40044590, &(0x7f00000002c0)=0x7fff) ioctl$EVIOCGRAB(r1, 0x40044590, 0x0) [ 1153.067920][ T23] audit: type=1804 audit(1566904037.514:1092): pid=11281 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir582042889/syzkaller.EPHjOp/2352/bus" dev="sda1" ino=16675 res=1 [ 1153.105093][T11287] netlink: 'syz-executor.5': attribute type 4 has an invalid length. 11:07:17 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c000000000000000000060000", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) [ 1153.207859][T11300] netlink: 'syz-executor.5': attribute type 4 has an invalid length. [ 1153.215411][T11249] memory: usage 307200kB, limit 307200kB, failcnt 4164 [ 1153.228011][T11249] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1153.242369][T11249] Memory cgroup stats for /syz4: [ 1153.242453][T11249] anon 240787456 [ 1153.242453][T11249] file 8192 [ 1153.242453][T11249] kernel_stack 11075584 [ 1153.242453][T11249] slab 17276928 [ 1153.242453][T11249] sock 0 [ 1153.242453][T11249] shmem 0 [ 1153.242453][T11249] file_mapped 0 [ 1153.242453][T11249] file_dirty 0 [ 1153.242453][T11249] file_writeback 0 [ 1153.242453][T11249] anon_thp 169869312 [ 1153.242453][T11249] inactive_anon 135168 [ 1153.242453][T11249] active_anon 240848896 [ 1153.242453][T11249] inactive_file 0 [ 1153.242453][T11249] active_file 0 [ 1153.242453][T11249] unevictable 135168 [ 1153.242453][T11249] slab_reclaimable 2973696 [ 1153.242453][T11249] slab_unreclaimable 14303232 [ 1153.242453][T11249] pgfault 235224 [ 1153.242453][T11249] pgmajfault 0 [ 1153.242453][T11249] workingset_refault 396 [ 1153.242453][T11249] workingset_activate 66 [ 1153.242453][T11249] workingset_nodereclaim 0 [ 1153.242453][T11249] pgrefill 6021 [ 1153.242453][T11249] pgscan 5869 [ 1153.242453][T11249] pgsteal 642 [ 1153.341271][T11249] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=11249,uid=0 11:07:17 executing program 4: ioctl$SNDRV_TIMER_IOCTL_STATUS(0xffffffffffffffff, 0x80605414, &(0x7f0000001500)=""/172) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$rds(0xffffffffffffffff, &(0x7f00000014c0)={0x0, 0x0, &(0x7f0000000bc0)=[{0x0}], 0x1, &(0x7f0000001300)=ANY=[@ANYBLOB, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYBLOB="17000000", @ANYPTR, @ANYBLOB], 0x2c}, 0x1) r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000180)={0x2, 0x0, @loopback}, 0x10) perf_event_open(&(0x7f0000000880)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000100), 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {&(0x7f0000000040)=""/156, 0x80305}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x2c}, {&(0x7f00000001c0)=""/67, 0x43}, {&(0x7f0000000240)=""/198, 0xc6}, {&(0x7f0000000140)=""/15, 0xf}, {&(0x7f0000000340)=""/54, 0x7ffff}, {&(0x7f0000000380)=""/42, 0x2a}, {&(0x7f00000003c0)=""/77, 0x4d}, {&(0x7f0000000440)=""/244, 0xf4}, {&(0x7f0000000540)=""/219, 0xdb}], 0x7}}], 0x48}, 0x0) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000640)={0x52, 0x9, 0x3, {0x9, 0x8}, {0x5}, @rumble={0x7, 0x7}}) 11:07:17 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c000000000000000000070000", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) 11:07:17 executing program 1: r0 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r0, 0x8003f1) open(&(0x7f00000004c0)='./bus\x00', 0x0, 0x2b00) [ 1153.366208][T11249] Memory cgroup out of memory: Killed process 11249 (syz-executor.4) total-vm:72840kB, anon-rss:2196kB, file-rss:35788kB, shmem-rss:0kB [ 1153.386047][ T1058] oom_reaper: reaped process 11249 (syz-executor.4), now anon-rss:0kB, file-rss:34828kB, shmem-rss:0kB 11:07:17 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) pwritev(0xffffffffffffffff, &(0x7f0000000140)=[{0x0}, {0x0}, {0x0}], 0x3, 0x0) recvfrom$inet(r1, 0x0, 0x986a7a1a, 0x42, 0x0, 0x800e0068d) shutdown(r1, 0x0) 11:07:17 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c0000000000000000000a0000", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) [ 1153.415043][T11314] netlink: 'syz-executor.5': attribute type 4 has an invalid length. [ 1153.426274][ T23] audit: type=1804 audit(1566904037.874:1093): pid=11316 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir582042889/syzkaller.EPHjOp/2353/bus" dev="sda1" ino=16771 res=1 11:07:18 executing program 2: r0 = syz_open_dev$evdev(&(0x7f0000000100)='/dev/input/event#\x00', 0x0, 0x0) r1 = syz_open_dev$evdev(0x0, 0x0, 0x0) ioctl$EVIOCGRAB(r1, 0x40044590, &(0x7f0000000000)) dup3(r0, r1, 0x0) syz_open_dev$evdev(&(0x7f0000000180)='/dev/input/event#\x00', 0x0, 0x0) ioctl$EVIOCGRAB(r0, 0x40044590, &(0x7f00000002c0)=0x7fff) ioctl$EVIOCGRAB(r1, 0x40044590, 0x0) 11:07:18 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) readv(r0, &(0x7f0000001700)=[{&(0x7f00000001c0)=""/92, 0x5c}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}], 0x8) r1 = socket$inet_udplite(0x2, 0x2, 0x88) recvfrom$inet(r1, 0x0, 0xfd1d, 0x0, 0x0, 0x800e00515) shutdown(r0, 0x0) fchdir(0xffffffffffffffff) recvfrom$inet(r1, 0x0, 0xd282, 0x0, 0x0, 0x800e0050e) shutdown(r1, 0x0) [ 1153.560850][T11318] rdma_op 00000000467e31a7 conn xmit_rdma 00000000d8f1147d [ 1153.575484][T11329] netlink: 'syz-executor.5': attribute type 4 has an invalid length. [ 1153.655103][T11327] rdma_op 00000000a92ed8dc conn xmit_rdma 00000000d8f1147d [ 1153.739833][ T23] audit: type=1804 audit(1566904038.184:1094): pid=11348 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir582042889/syzkaller.EPHjOp/2353/bus" dev="sda1" ino=16771 res=1 11:07:18 executing program 3: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) mkdir(&(0x7f0000000280)='./file0\x00', 0x2) write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500180065ffff038000000800395032303030264c"], 0x15) r2 = syz_open_dev$audion(&(0x7f0000000040)='/dev/audio#\x00', 0x7, 0x40) ioctl$VIDIOC_SUBDEV_G_FMT(r2, 0xc0585604, &(0x7f0000000180)={0x1, 0x0, {0x0, 0xffff, 0x3009, 0x1, 0x7, 0xf, 0x0, 0x3}}) r3 = dup(r1) write$FUSE_BMAP(r3, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_CREATE_OPEN(r3, &(0x7f0000000400)={0xa0}, 0xa0) write$FUSE_NOTIFY_RETRIEVE(r3, &(0x7f00000000c0)={0xffffffa8, 0x5, 0x0, {0x0, 0x0, 0x0, 0x2}}, 0x30) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB='trans=fd,fdno=', @ANYRESHEX=r0, @ANYBLOB="2c7766646e6f3d0aba6531bca9ccacf6d033acfd0400e6a7f2f2ebd256513d22c032d9222450bacfd6bf37a8c1cae9fced6a663f2555a77d0425d77268eccab87c1f0a671a549091473e8321f06d8f6fe52592e38736f61d97956962ed16e62b1f1ccd19fc4735db01000000000000006745f97ee8c6cb62f795d4f0d866732b2e2e87e87212c20bf6ec2706eab401221b51936685e24f", @ANYRESHEX=r3]) chdir(&(0x7f0000000000)='./file0\x00') mknod(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) ioctl$PIO_SCRNMAP(r3, 0x4b41, &(0x7f00000002c0)="d139af3e55f27d0e04a8808366068e2b14cdd93083d3d711223ce42d6594392d4374f2") 11:07:18 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c0000000000000000000c0000", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) 11:07:18 executing program 4: ioctl$SNDRV_TIMER_IOCTL_STATUS(0xffffffffffffffff, 0x80605414, &(0x7f0000001500)=""/172) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$rds(0xffffffffffffffff, &(0x7f00000014c0)={0x0, 0x0, &(0x7f0000000bc0)=[{0x0}], 0x1, &(0x7f0000001300)=ANY=[@ANYBLOB, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYBLOB="17000000", @ANYPTR, @ANYBLOB], 0x2c}, 0x1) r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000180)={0x2, 0x0, @loopback}, 0x10) perf_event_open(&(0x7f0000000880)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000100), 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {&(0x7f0000000040)=""/156, 0x80305}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x2c}, {&(0x7f00000001c0)=""/67, 0x43}, {&(0x7f0000000240)=""/198, 0xc6}, {&(0x7f0000000140)=""/15, 0xf}, {&(0x7f0000000340)=""/54, 0x7ffff}, {&(0x7f0000000380)=""/42, 0x2a}, {&(0x7f00000003c0)=""/77, 0x4d}, {&(0x7f0000000440)=""/244, 0xf4}, {&(0x7f0000000540)=""/219, 0xdb}], 0x7}}], 0x48}, 0x0) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000640)={0x52, 0x9, 0x3, {0x9, 0x8}, {0x5}, @rumble={0x7, 0x7}}) 11:07:18 executing program 1: r0 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r0, 0x8003f1) open(&(0x7f00000004c0)='./bus\x00', 0x0, 0x2c00) 11:07:18 executing program 0: 11:07:18 executing program 0: 11:07:18 executing program 2: r0 = syz_open_dev$evdev(&(0x7f0000000100)='/dev/input/event#\x00', 0x0, 0x0) r1 = syz_open_dev$evdev(0x0, 0x0, 0x0) ioctl$EVIOCGRAB(r1, 0x40044590, &(0x7f0000000000)) dup3(r0, r1, 0x0) syz_open_dev$evdev(&(0x7f0000000180)='/dev/input/event#\x00', 0x0, 0x0) ioctl$EVIOCGRAB(r0, 0x40044590, &(0x7f00000002c0)=0x7fff) ioctl$EVIOCGRAB(r1, 0x40044590, 0x0) [ 1153.956129][T11359] netlink: 'syz-executor.5': attribute type 4 has an invalid length. [ 1153.966573][ T23] audit: type=1804 audit(1566904038.414:1095): pid=11360 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir582042889/syzkaller.EPHjOp/2354/bus" dev="sda1" ino=16755 res=1 11:07:18 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c0000000000000000000e0000", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) 11:07:18 executing program 0: [ 1154.046275][T11363] 9pnet: Insufficient options for proto=fd [ 1154.069282][T11355] rdma_op 000000000f98b651 conn xmit_rdma 00000000d8f1147d [ 1154.081100][T11371] 9pnet: Insufficient options for proto=fd 11:07:18 executing program 3: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="15000b0065ffff03800000080039550400335032303030264c"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) lsetxattr$security_selinux(&(0x7f0000000000)='./file0\x00', &(0x7f00000004c0)='security.selinux\x00', &(0x7f0000000540)='system_u:object_r:inetd_log_t:s0\x00', 0x21, 0x0) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000400)={0xa0}, 0xa0) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f00000001c0)='TIPCv2\x00') sendmsg$TIPC_NL_MEDIA_SET(r2, &(0x7f00000002c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000280)={&(0x7f0000000600)=ANY=[@ANYBLOB="01000000", @ANYRES16=r3, @ANYBLOB="000826bd7000fcdbdf250c000000200006000400020008000100050000000400020008000100060000000400020020000200080001000700000004000400080001000900000008000200020000005400090008000200030000000800020001000000080002000300000008000200070000000800020006000000080002000300000008000100010000000800010009000000080002000100000008000100ffff0000e800010038000400200001000a004e2000000003e2b9e1714f8eb012597e0e0c6ddf35e0080000001400020002004e22e0000001000000000000000008000300040000001000010069623a726f7365300000000038000400200001000a004e2100000005ff020000000000000000000000000001ffff00001400020002004e23ac1414aa0000000000000000100001006574683a767863616e31000044000400200001000a004e220000009dfe80000000000000000000000000002109000000200002000a004e2300001000fe8000000000000000000000000000aa07000000080003009f550000a00005000800010075647000140002000800030008000000080001000e00000034000200080003007f000000080001001e000000080004006d0c8c23080004000500000008000200ffff000008000100120000004c000200080002000100000008000400eb0c0000080004000900000008000100160000000800010001000000080002000900000008000200ff0700000800010003000000080001001600000014000500080001006574680008000100756470000c00020008000100c5da3f18"], 0x250}, 0x1, 0x0, 0x0, 0x1}, 0x40000) chdir(&(0x7f0000000500)='./file0\x00') mknod(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) ioctl$int_out(r2, 0x2, &(0x7f00000003c0)) ftruncate(r2, 0x3) getsockopt$inet_sctp6_SCTP_NODELAY(r2, 0x84, 0x3, &(0x7f0000000340), &(0x7f0000000380)=0x4) [ 1154.149442][T11355] syz-executor.4 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 11:07:18 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c0000000000000000000f0000", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) [ 1154.198256][T11355] CPU: 0 PID: 11355 Comm: syz-executor.4 Not tainted 5.3.0-rc6 #127 [ 1154.206236][T11355] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1154.216276][T11355] Call Trace: [ 1154.219556][T11355] dump_stack+0x172/0x1f0 [ 1154.223880][T11355] dump_header+0x10b/0x82d [ 1154.228291][T11355] oom_kill_process.cold+0x10/0x15 [ 1154.233396][T11355] out_of_memory+0x79a/0x12c0 [ 1154.238074][T11355] ? lock_downgrade+0x920/0x920 11:07:18 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c000000000000000000100000", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) [ 1154.242923][T11355] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1154.249172][T11355] ? oom_killer_disable+0x280/0x280 [ 1154.254372][T11355] ? __kasan_check_read+0x11/0x20 [ 1154.259391][T11355] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1154.264928][T11355] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1154.270552][T11355] ? do_raw_spin_unlock+0x57/0x270 [ 1154.275650][T11355] ? _raw_spin_unlock+0x2d/0x50 [ 1154.280492][T11355] try_charge+0xf4b/0x1440 [ 1154.284905][T11355] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1154.290447][T11355] ? get_mem_cgroup_from_mm+0x139/0x320 11:07:18 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c000000000000000000200000", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) [ 1154.295985][T11355] ? __kasan_check_read+0x11/0x20 [ 1154.301005][T11355] ? lock_downgrade+0x920/0x920 [ 1154.305849][T11355] ? percpu_ref_tryget_live+0x111/0x290 [ 1154.311379][T11355] __memcg_kmem_charge_memcg+0x71/0xf0 [ 1154.316817][T11355] ? memcg_kmem_put_cache+0x50/0x50 [ 1154.316832][T11355] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1154.316843][T11355] __memcg_kmem_charge+0x13a/0x3a0 [ 1154.316859][T11355] __alloc_pages_nodemask+0x4f4/0x900 [ 1154.337982][T11355] ? stack_trace_consume_entry+0x190/0x190 11:07:18 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c000000000000000018310000", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) [ 1154.343780][T11355] ? __alloc_pages_slowpath+0x2520/0x2520 [ 1154.349482][T11355] ? __pte_alloc+0x1b5/0x310 [ 1154.354051][T11355] ? copy_page_range+0xef4/0x1ee0 [ 1154.359083][T11355] ? __kasan_check_read+0x11/0x20 [ 1154.364118][T11355] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1154.370360][T11355] alloc_pages_current+0x107/0x210 [ 1154.375461][T11355] pte_alloc_one+0x1b/0x1a0 [ 1154.379954][T11355] __pte_alloc+0x20/0x310 [ 1154.384278][T11355] copy_page_range+0x1520/0x1ee0 [ 1154.389254][T11355] ? pmd_alloc+0x180/0x180 [ 1154.393652][T11355] ? vma_gap_callbacks_rotate+0x62/0x80 [ 1154.399187][T11355] ? __rb_insert_augmented+0x20c/0xd90 [ 1154.404638][T11355] ? validate_mm_rb+0xa3/0xc0 [ 1154.409305][T11355] ? __vma_link_rb+0x275/0x370 [ 1154.414063][T11355] ? __kasan_check_write+0x14/0x20 [ 1154.419164][T11355] dup_mm+0xa67/0x1430 [ 1154.423234][T11355] ? vm_area_dup+0x170/0x170 [ 1154.427813][T11355] ? debug_mutex_init+0x2d/0x5a [ 1154.432659][T11355] copy_process+0x28b7/0x6b00 [ 1154.437330][T11355] ? __sanitizer_cov_trace_pc+0x50/0x50 [ 1154.442877][T11355] ? __cleanup_sighand+0x60/0x60 [ 1154.447817][T11355] _do_fork+0x146/0xfa0 [ 1154.451962][T11355] ? copy_init_mm+0x20/0x20 [ 1154.456459][T11355] ? __kasan_check_read+0x11/0x20 [ 1154.461480][T11355] ? _copy_to_user+0x118/0x160 [ 1154.466242][T11355] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1154.472468][T11355] ? put_timespec64+0xda/0x140 [ 1154.477220][T11355] __x64_sys_clone+0x18d/0x250 [ 1154.481989][T11355] ? __ia32_sys_vfork+0xc0/0xc0 [ 1154.486833][T11355] ? trace_hardirqs_off_caller+0x65/0x230 [ 1154.492541][T11355] ? trace_hardirqs_on+0x67/0x240 [ 1154.497551][T11355] do_syscall_64+0xfd/0x6a0 [ 1154.502028][T11355] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1154.507902][T11355] RIP: 0033:0x459879 [ 1154.511778][T11355] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1154.531361][T11355] RSP: 002b:00007fd57ae39c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1154.539741][T11355] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000459879 [ 1154.547681][T11355] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1154.555620][T11355] RBP: 000000000075bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 1154.563572][T11355] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd57ae3a6d4 [ 1154.571519][T11355] R13: 00000000004bfd46 R14: 00000000004d1af8 R15: 00000000ffffffff [ 1154.587403][T11355] memory: usage 307200kB, limit 307200kB, failcnt 4184 [ 1154.594409][T11355] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1154.602121][T11355] Memory cgroup stats for /syz4: [ 1154.602224][T11355] anon 240209920 [ 1154.602224][T11355] file 8192 [ 1154.602224][T11355] kernel_stack 11272192 [ 1154.602224][T11355] slab 17416192 [ 1154.602224][T11355] sock 0 [ 1154.602224][T11355] shmem 0 [ 1154.602224][T11355] file_mapped 0 [ 1154.602224][T11355] file_dirty 0 [ 1154.602224][T11355] file_writeback 0 [ 1154.602224][T11355] anon_thp 167772160 [ 1154.602224][T11355] inactive_anon 135168 [ 1154.602224][T11355] active_anon 240099328 [ 1154.602224][T11355] inactive_file 0 [ 1154.602224][T11355] active_file 0 [ 1154.602224][T11355] unevictable 135168 [ 1154.602224][T11355] slab_reclaimable 2973696 [ 1154.602224][T11355] slab_unreclaimable 14442496 [ 1154.602224][T11355] pgfault 235818 [ 1154.602224][T11355] pgmajfault 0 [ 1154.602224][T11355] workingset_refault 396 [ 1154.602224][T11355] workingset_activate 66 [ 1154.602224][T11355] workingset_nodereclaim 0 [ 1154.602224][T11355] pgrefill 6054 [ 1154.602224][T11355] pgscan 5935 [ 1154.602224][T11355] pgsteal 675 [ 1154.696693][ T23] audit: type=1804 audit(1566904039.054:1096): pid=11360 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir582042889/syzkaller.EPHjOp/2354/bus" dev="sda1" ino=16755 res=1 [ 1154.705361][T11355] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=8716,uid=0 [ 1154.740374][T11355] Memory cgroup out of memory: Killed process 8716 (syz-executor.4) total-vm:72708kB, anon-rss:2200kB, file-rss:34816kB, shmem-rss:0kB 11:07:19 executing program 4: ioctl$SNDRV_TIMER_IOCTL_STATUS(0xffffffffffffffff, 0x80605414, &(0x7f0000001500)=""/172) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$rds(0xffffffffffffffff, &(0x7f00000014c0)={0x0, 0x0, &(0x7f0000000bc0)=[{0x0}], 0x1, &(0x7f0000001300)=ANY=[@ANYBLOB, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYBLOB="17000000", @ANYPTR, @ANYBLOB], 0x2c}, 0x1) r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000180)={0x2, 0x0, @loopback}, 0x10) perf_event_open(&(0x7f0000000880)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000100), 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {&(0x7f0000000040)=""/156, 0x80305}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x2c}, {&(0x7f00000001c0)=""/67, 0x43}, {&(0x7f0000000240)=""/198, 0xc6}, {&(0x7f0000000140)=""/15, 0xf}, {&(0x7f0000000340)=""/54, 0x7ffff}, {&(0x7f0000000380)=""/42, 0x2a}, {&(0x7f00000003c0)=""/77, 0x4d}, {&(0x7f0000000440)=""/244, 0xf4}, {&(0x7f0000000540)=""/219, 0xdb}], 0x7}}], 0x48}, 0x0) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000640)={0x52, 0x9, 0x3, {0x9, 0x8}, {0x5}, @rumble={0x7, 0x7}}) 11:07:19 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c000000000000000000400000", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) 11:07:19 executing program 3: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff038000000800395032303030264c"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000400)={0xa0}, 0xa0) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) chdir(&(0x7f0000000000)='./file0\x00') mknod(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) ioctl$KDGKBDIACR(r2, 0x4b4a, &(0x7f00000004c0)=""/242) 11:07:19 executing program 0: [ 1154.771021][T11368] rdma_op 00000000c3077e6c conn xmit_rdma 00000000d8f1147d 11:07:19 executing program 2: r0 = syz_open_dev$evdev(&(0x7f0000000100)='/dev/input/event#\x00', 0x0, 0x0) r1 = syz_open_dev$evdev(0x0, 0x0, 0x0) ioctl$EVIOCGRAB(r1, 0x40044590, &(0x7f0000000000)) dup3(r0, r1, 0x0) ioctl$EVIOCGRAB(r0, 0x40044590, &(0x7f00000002c0)=0x7fff) ioctl$EVIOCGRAB(r1, 0x40044590, 0x0) 11:07:19 executing program 1: r0 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r0, 0x8003f1) open(&(0x7f00000004c0)='./bus\x00', 0x0, 0x2d00) 11:07:19 executing program 0: 11:07:19 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c000000000000000000480000", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) [ 1154.869335][ T23] audit: type=1804 audit(1566904039.314:1097): pid=11413 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir582042889/syzkaller.EPHjOp/2355/bus" dev="sda1" ino=16744 res=1 11:07:19 executing program 3: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff038000000800395032303030264c"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000400)={0xa0}, 0xa0) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) chdir(&(0x7f0000000000)='./file0\x00') ioctl$BLKPBSZGET(r2, 0x127b, &(0x7f0000000040)) mknod(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) 11:07:19 executing program 0: [ 1154.987370][T11417] rdma_op 000000001f0868be conn xmit_rdma 00000000d8f1147d 11:07:19 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c0000000000000000004c0000", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) 11:07:19 executing program 4: ioctl$SNDRV_TIMER_IOCTL_STATUS(0xffffffffffffffff, 0x80605414, &(0x7f0000001500)=""/172) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$rds(0xffffffffffffffff, &(0x7f00000014c0)={0x0, 0x0, &(0x7f0000000bc0)=[{0x0}], 0x1, &(0x7f0000001300)=ANY=[@ANYBLOB, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYBLOB="17000000", @ANYPTR, @ANYBLOB], 0x2c}, 0x1) r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000180)={0x2, 0x0, @loopback}, 0x10) perf_event_open(&(0x7f0000000880)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000100), 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {&(0x7f0000000040)=""/156, 0x80305}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x2c}, {&(0x7f00000001c0)=""/67, 0x43}, {&(0x7f0000000240)=""/198, 0xc6}, {&(0x7f0000000140)=""/15, 0xf}, {&(0x7f0000000340)=""/54, 0x7ffff}, {&(0x7f0000000380)=""/42, 0x2a}, {&(0x7f00000003c0)=""/77, 0x4d}, {&(0x7f0000000440)=""/244, 0xf4}, {&(0x7f0000000540)=""/219, 0xdb}], 0x7}}], 0x48}, 0x0) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000640)={0x52, 0x9, 0x3, {0x9, 0x8}, {0x5}, @rumble={0x7, 0x7}}) 11:07:19 executing program 0: 11:07:19 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c000000000000000000600000", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) 11:07:19 executing program 2: r0 = syz_open_dev$evdev(&(0x7f0000000100)='/dev/input/event#\x00', 0x0, 0x0) r1 = syz_open_dev$evdev(0x0, 0x0, 0x0) dup3(r0, r1, 0x0) ioctl$EVIOCGRAB(r0, 0x40044590, &(0x7f00000002c0)=0x7fff) ioctl$EVIOCGRAB(r1, 0x40044590, 0x0) 11:07:19 executing program 0: 11:07:19 executing program 3: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff038000000800395032303030264c"], 0x15) r2 = dup(r1) r3 = signalfd(r2, &(0x7f0000000180)={0x4}, 0x8) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000400)={0xa0}, 0xa0) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYRESOCT=r3, @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) ioctl$VIDIOC_STREAMON(r2, 0x40045612, &(0x7f0000000040)=0xffffffffffffea42) chdir(&(0x7f0000000000)='./file0\x00') mknod(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) [ 1155.246645][ T23] audit: type=1804 audit(1566904039.694:1098): pid=11448 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir582042889/syzkaller.EPHjOp/2355/bus" dev="sda1" ino=16744 res=1 [ 1155.278848][T11441] rdma_op 00000000de956bc2 conn xmit_rdma 00000000d8f1147d 11:07:19 executing program 1: r0 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r0, 0x8003f1) open(&(0x7f00000004c0)='./bus\x00', 0x0, 0x2e00) 11:07:19 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c000000000000000058650000", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) 11:07:19 executing program 0: [ 1155.351252][ T23] audit: type=1800 audit(1566904039.744:1099): pid=11448 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed comm="syz-executor.1" name="bus" dev="sda1" ino=16744 res=0 [ 1155.399971][T11466] rdma_op 00000000d169d2e7 conn xmit_rdma 00000000d8f1147d 11:07:19 executing program 0: 11:07:19 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c000000000000000000680000", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) 11:07:19 executing program 4: ioctl$SNDRV_TIMER_IOCTL_STATUS(0xffffffffffffffff, 0x80605414, &(0x7f0000001500)=""/172) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$rds(0xffffffffffffffff, &(0x7f00000014c0)={0x0, 0x0, &(0x7f0000000bc0)=[{0x0}], 0x1, &(0x7f0000001300)=ANY=[@ANYBLOB, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYBLOB="17000000", @ANYPTR, @ANYBLOB], 0x2c}, 0x1) r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000180)={0x2, 0x0, @loopback}, 0x10) perf_event_open(&(0x7f0000000880)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000100), 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {&(0x7f0000000040)=""/156, 0x80305}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x2c}, {&(0x7f00000001c0)=""/67, 0x43}, {&(0x7f0000000240)=""/198, 0xc6}, {&(0x7f0000000140)=""/15, 0xf}, {&(0x7f0000000340)=""/54, 0x7ffff}, {&(0x7f0000000380)=""/42, 0x2a}, {&(0x7f00000003c0)=""/77, 0x4d}, {&(0x7f0000000440)=""/244, 0xf4}, {&(0x7f0000000540)=""/219, 0xdb}], 0x7}}], 0x48}, 0x0) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000640)={0x52, 0x9, 0x3, {0x9, 0x8}, {0x5}, @rumble={0x7, 0x7}}) 11:07:19 executing program 2: r0 = syz_open_dev$evdev(&(0x7f0000000100)='/dev/input/event#\x00', 0x0, 0x0) dup3(r0, 0xffffffffffffffff, 0x0) ioctl$EVIOCGRAB(r0, 0x40044590, &(0x7f00000002c0)=0x7fff) ioctl$EVIOCGRAB(0xffffffffffffffff, 0x40044590, 0x0) 11:07:20 executing program 0: 11:07:20 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c0000000000000000006c0000", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) 11:07:20 executing program 3: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r0, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff038000000800395032303030264c"], 0x15) r1 = dup(r0) write$FUSE_BMAP(r1, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_CREATE_OPEN(r1, &(0x7f0000000400)={0xa0}, 0xa0) write$FUSE_NOTIFY_RETRIEVE(r1, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[]) chdir(&(0x7f0000000000)='./file0\x00') ioctl$DRM_IOCTL_GET_UNIQUE(r1, 0xc0106401, &(0x7f0000000040)={0xc9, &(0x7f00000004c0)=""/201}) mknod(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) 11:07:20 executing program 0: [ 1155.678957][T11483] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1155.744660][T11483] CPU: 1 PID: 11483 Comm: syz-executor.4 Not tainted 5.3.0-rc6 #127 [ 1155.752642][T11483] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1155.762680][T11483] Call Trace: [ 1155.765960][T11483] dump_stack+0x172/0x1f0 [ 1155.770283][T11483] dump_header+0x10b/0x82d [ 1155.774689][T11483] ? oom_kill_process+0x94/0x3f0 [ 1155.779618][T11483] oom_kill_process.cold+0x10/0x15 [ 1155.784730][T11483] out_of_memory+0x79a/0x12c0 [ 1155.789395][T11483] ? lock_downgrade+0x920/0x920 [ 1155.794238][T11483] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1155.800472][T11483] ? oom_killer_disable+0x280/0x280 [ 1155.805665][T11483] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1155.811197][T11483] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1155.816822][T11483] ? do_raw_spin_unlock+0x57/0x270 [ 1155.821931][T11483] ? _raw_spin_unlock+0x2d/0x50 [ 1155.826767][T11483] try_charge+0xf4b/0x1440 [ 1155.831173][T11483] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1155.836707][T11483] ? percpu_ref_tryget_live+0x111/0x290 11:07:20 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c000000000000000000740000", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) [ 1155.842241][T11483] ? get_mem_cgroup_from_mm+0x16/0x320 [ 1155.847697][T11483] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1155.853233][T11483] mem_cgroup_try_charge+0x136/0x590 [ 1155.858509][T11483] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1155.858522][T11483] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1155.858536][T11483] wp_page_copy+0x41e/0x15e0 [ 1155.875208][T11483] ? __kasan_check_write+0x14/0x20 [ 1155.880313][T11483] ? pmd_pfn+0x1d0/0x1d0 [ 1155.884546][T11483] ? lock_downgrade+0x920/0x920 [ 1155.889390][T11483] ? vm_normal_page+0x15d/0x3c0 [ 1155.894205][T11483] ? __pte_alloc_kernel+0x210/0x210 [ 1155.899369][T11483] ? __kasan_check_read+0x11/0x20 [ 1155.904357][T11483] ? do_raw_spin_unlock+0x57/0x270 [ 1155.909435][T11483] do_wp_page+0x499/0x14d0 [ 1155.913825][T11483] ? do_raw_spin_lock+0x12a/0x2e0 [ 1155.918816][T11483] ? rwlock_bug.part.0+0x90/0x90 [ 1155.923719][T11483] ? finish_mkwrite_fault+0x570/0x570 [ 1155.929057][T11483] ? add_mm_counter_fast.part.0+0x40/0x40 [ 1155.934765][T11483] __handle_mm_fault+0x22f1/0x3f20 [ 1155.939846][T11483] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1155.945367][T11483] ? __kasan_check_read+0x11/0x20 [ 1155.950361][T11483] ? trace_hardirqs_on+0x67/0x240 [ 1155.955356][T11483] handle_mm_fault+0x1b5/0x6b0 [ 1155.960090][T11483] __do_page_fault+0x536/0xdd0 [ 1155.964820][T11483] do_page_fault+0x38/0x590 [ 1155.969293][T11483] page_fault+0x39/0x40 [ 1155.973414][T11483] RIP: 0033:0x40ea18 [ 1155.977281][T11483] Code: 8b 34 c6 4a 8d 04 2e 48 3d ff ff ff 7e 0f 86 77 ff ff ff bf 95 ee 4b 00 31 c0 e8 13 33 ff ff 31 ff e8 5c 2f ff ff 0f 1f 40 00 <89> 3c b5 00 00 73 00 eb b6 31 ed 0f 1f 44 00 00 80 3d 4e 1a 66 00 [ 1155.996869][T11483] RSP: 002b:00007ffd9399f480 EFLAGS: 00010246 [ 1156.002914][T11483] RAX: 0000000065289c70 RBX: 0000000070150d3a RCX: 0000001b34820000 [ 1156.010851][T11483] RDX: 0000000000000000 RSI: 0000000000001c70 RDI: ffffffff65289c70 [ 1156.018792][T11483] RBP: 000000000000000e R08: 0000000065289c70 R09: 0000000065289c74 [ 1156.026735][T11483] R10: 00007ffd9399f620 R11: 0000000000000246 R12: 000000000075bfa8 [ 1156.034675][T11483] R13: 0000000080000000 R14: 00007fd57ce3b008 R15: 000000000000000e [ 1156.064973][T11483] memory: usage 307200kB, limit 307200kB, failcnt 4263 [ 1156.074336][T11483] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1156.091952][T11483] Memory cgroup stats for /syz4: [ 1156.092040][T11483] anon 239427584 [ 1156.092040][T11483] file 8192 [ 1156.092040][T11483] kernel_stack 11272192 [ 1156.092040][T11483] slab 17551360 [ 1156.092040][T11483] sock 0 [ 1156.092040][T11483] shmem 0 [ 1156.092040][T11483] file_mapped 0 [ 1156.092040][T11483] file_dirty 0 [ 1156.092040][T11483] file_writeback 0 [ 1156.092040][T11483] anon_thp 165675008 [ 1156.092040][T11483] inactive_anon 135168 [ 1156.092040][T11483] active_anon 239431680 [ 1156.092040][T11483] inactive_file 0 [ 1156.092040][T11483] active_file 0 [ 1156.092040][T11483] unevictable 135168 [ 1156.092040][T11483] slab_reclaimable 2973696 [ 1156.092040][T11483] slab_unreclaimable 14577664 [ 1156.092040][T11483] pgfault 236478 [ 1156.092040][T11483] pgmajfault 0 11:07:20 executing program 1: r0 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r0, 0x8003f1) open(&(0x7f00000004c0)='./bus\x00', 0x0, 0x2f00) 11:07:20 executing program 0: 11:07:20 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c0000000000000000007a0000", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) 11:07:20 executing program 3: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r2 = dup(r1) r3 = getpgid(0xffffffffffffffff) perf_event_open(&(0x7f0000000180)={0x3, 0x70, 0xf650, 0x200, 0x2518dc8f, 0x3, 0x0, 0xffffffffffffffff, 0x20a, 0xd, 0xfff, 0xb9c, 0x3, 0x8000, 0xfffffffffffffff9, 0x800, 0x5, 0x3, 0x3, 0x2, 0x9, 0x3, 0xfff, 0x1, 0x100, 0x9, 0x10000, 0x2, 0xfffffffffffffff9, 0x9, 0x1, 0x6, 0x7fffffff, 0x1, 0x80, 0x4, 0x6d1b, 0x3, 0x0, 0x5, 0x2, @perf_config_ext={0x6, 0xe07d}, 0x0, 0x2d, 0xd62, 0x2, 0x3, 0x9, 0x7}, r3, 0x8, 0xffffffffffffffff, 0x1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) ioctl$sock_SIOCGPGRP(r2, 0x8904, &(0x7f0000000280)) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000400)={0xa0}, 0xa0) mkdir(&(0x7f0000000040)='./file0\x00', 0x80) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB="2c1766646e6f09623d", @ANYRESHEX=r2]) chdir(&(0x7f0000000000)='./file0\x00') mknod(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) 11:07:20 executing program 2: r0 = syz_open_dev$evdev(&(0x7f0000000100)='/dev/input/event#\x00', 0x0, 0x0) dup3(r0, 0xffffffffffffffff, 0x0) ioctl$EVIOCGRAB(r0, 0x40044590, &(0x7f00000002c0)=0x7fff) ioctl$EVIOCGRAB(0xffffffffffffffff, 0x40044590, 0x0) [ 1156.092040][T11483] workingset_refault 396 [ 1156.092040][T11483] workingset_activate 66 [ 1156.092040][T11483] workingset_nodereclaim 0 [ 1156.092040][T11483] pgrefill 6153 [ 1156.092040][T11483] pgscan 6001 [ 1156.092040][T11483] pgsteal 675 [ 1156.197704][T11506] 9pnet: Insufficient options for proto=fd [ 1156.222024][T11509] 9pnet: Insufficient options for proto=fd [ 1156.224866][T11483] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=8548,uid=0 [ 1156.274011][T11483] Memory cgroup out of memory: Killed process 8548 (syz-executor.4) total-vm:72708kB, anon-rss:2200kB, file-rss:34816kB, shmem-rss:0kB 11:07:20 executing program 4: ioctl$SNDRV_TIMER_IOCTL_STATUS(0xffffffffffffffff, 0x80605414, &(0x7f0000001500)=""/172) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$rds(0xffffffffffffffff, &(0x7f00000014c0)={0x0, 0x0, &(0x7f0000000bc0)=[{0x0}], 0x1, &(0x7f0000001300)=ANY=[@ANYBLOB, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYBLOB="17000000", @ANYPTR, @ANYBLOB], 0x2c}, 0x1) r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000180)={0x2, 0x0, @loopback}, 0x10) perf_event_open(&(0x7f0000000880)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000100), 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {&(0x7f0000000040)=""/156, 0x80305}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x2c}, {&(0x7f00000001c0)=""/67, 0x43}, {&(0x7f0000000240)=""/198, 0xc6}, {&(0x7f0000000140)=""/15, 0xf}, {&(0x7f0000000340)=""/54, 0x7ffff}, {&(0x7f0000000380)=""/42, 0x2a}, {&(0x7f00000003c0)=""/77, 0x4d}, {&(0x7f0000000440)=""/244, 0xf4}, {&(0x7f0000000540)=""/219, 0xdb}], 0x7}}], 0x48}, 0x0) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000640)={0x52, 0x9, 0x3, {0x9, 0x8}, {0x5}, @rumble={0x7, 0x7}}) 11:07:20 executing program 0: 11:07:20 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c000000000000000000810000", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) 11:07:20 executing program 3: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff038000000800395032303030264c"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$P9_RREMOVE(r1, &(0x7f0000000380)={0x7, 0x7b, 0x1}, 0x7) openat$smack_thread_current(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/thread-self/attr/current\x00', 0x2, 0x0) write$FUSE_CREATE_OPEN(r1, &(0x7f0000000400)={0xa0, 0x0, 0x0, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}}}}, 0xa0) chmod(&(0x7f0000000040)='./file0\x00', 0x0) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) clock_gettime(0x0, &(0x7f00000001c0)={0x0, 0x0}) ppoll(&(0x7f0000000180)=[{r1, 0x1020}, {r0, 0x1}, {r1, 0x4}, {r1, 0x1044}, {r1, 0x4d}, {r2, 0x4000}, {r2, 0x4000}], 0x7, &(0x7f0000000280)={r3, r4+30000000}, &(0x7f00000002c0)={0x7f}, 0x8) setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f0000000600)=@mangle={'mangle\x00', 0x1f, 0x6, 0x7b8, 0x468, 0x468, 0x5a8, 0x0, 0x0, 0x6e8, 0x6e8, 0x6e8, 0x6e8, 0x6e8, 0x6, &(0x7f00000004c0), {[{{@ipv6={@initdev={0xfe, 0x88, [], 0x1, 0x0}, @dev={0xfe, 0x80, [], 0x11}, [0x0, 0xffffff00, 0xffffff00, 0xffffffff], [0x0, 0x120c905a964e38e8, 0xff, 0xff], 'lapb0\x00', 'nr0\x00', {0xff}, {}, 0x2c, 0x5, 0x4, 0x2}, 0x0, 0xc8, 0x110}, @DNPT={0x48, 'DNPT\x00', 0x0, {@ipv4=@multicast1, @ipv6=@initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x1e, 0x5, 0x2}}}, {{@ipv6={@empty, @mcast1, [0xffffffff, 0xffffff00, 0xff, 0xff], [0xff000000, 0xffffff00, 0x852ebd4c3e00c90e, 0xffffff00], 'nlmon0\x00', 'eql\x00', {0xff}, {0xff}, 0x3a, 0xffffffff, 0x3, 0x1}, 0x0, 0xf0, 0x130, 0x0, {}, [@inet=@rpfilter={0x28, 'rpfilter\x00', 0x0, {0x4}}]}, @inet=@TPROXY1={0x40, 'TPROXY\x00', 0x1, {0x7fff, 0x8000, @ipv4=@empty, 0x4e24}}}, {{@ipv6={@mcast2, @dev={0xfe, 0x80, [], 0x28}, [0xcca743aa7b600308, 0x0, 0xff000000, 0xffffffff], [0x322b384d73c54685, 0x0, 0xff000000, 0xff000000], 'syzkaller1\x00', 'bond0\x00', {0xff}, {}, 0xff, 0x5, 0x1, 0x12}, 0x0, 0x200, 0x228, 0x0, {}, [@common=@rt={0x138, 'rt\x00', 0x0, {0x6, 0x0, 0x7, 0xfffffffffffff000, 0x2, 0x1, [@empty, @remote, @loopback, @local, @empty, @loopback, @mcast1, @ipv4={[], [], @initdev={0xac, 0x1e, 0x0, 0x0}}, @loopback, @initdev={0xfe, 0x88, [], 0x0, 0x0}, @loopback, @dev={0xfe, 0x80, [], 0x18}, @ipv4={[], [], @multicast2}, @initdev={0xfe, 0x88, [], 0x1, 0x0}, @mcast1, @ipv4], 0x6}}]}, @unspec=@CHECKSUM={0x28, 'CHECKSUM\x00'}}, {{@ipv6={@remote, @rand_addr="d12f293d1a2400651f7d52a27d92c3e4", [0xffffff00, 0xff000000, 0x8399e3c1003fad35, 0xffffffff], [0xc60b52386996762c, 0x4e98fa6e69504011, 0xff, 0xff000000], 'bcsh0\x00', 'syzkaller0\x00', {}, {0xff}, 0x2c, 0x8, 0x4, 0x4c}, 0x0, 0x118, 0x140, 0x0, {}, [@inet=@rpfilter={0x28, 'rpfilter\x00', 0x0, {0x2}}, @inet=@rpfilter={0x28, 'rpfilter\x00', 0x0, {0xf}}]}, @unspec=@CHECKSUM={0x28, 'CHECKSUM\x00'}}, {{@ipv6={@mcast1, @mcast2, [0xff000000, 0x0, 0xff000000, 0xff000000], [0xff, 0xff, 0xffffffff, 0xffffffff], 'ip6tnl0\x00', 'veth1_to_hsr\x00', {0xff}, {0xff}, 0x0, 0x71, 0x7, 0x2}, 0x0, 0xf8, 0x140, 0x0, {}, [@common=@ah={0x30, 'ah\x00', 0x0, {0x4d6, 0x4d2, 0x4, 0x0, 0x1}}]}, @SNPT={0x48, 'SNPT\x00', 0x0, {@ipv6=@mcast2, @ipv4=@broadcast, 0x80000000, 0x2d, 0xb26b}}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x818) chdir(&(0x7f0000000000)='./file0\x00') mknod(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) [ 1156.346686][T11485] rdma_op 00000000c1435af1 conn xmit_rdma 00000000d8f1147d [ 1156.365384][T11516] rdma_op 00000000dc33c5b9 conn xmit_rdma 00000000d8f1147d 11:07:20 executing program 2: r0 = syz_open_dev$evdev(&(0x7f0000000100)='/dev/input/event#\x00', 0x0, 0x0) dup3(r0, 0xffffffffffffffff, 0x0) ioctl$EVIOCGRAB(r0, 0x40044590, &(0x7f00000002c0)=0x7fff) ioctl$EVIOCGRAB(0xffffffffffffffff, 0x40044590, 0x0) 11:07:20 executing program 0: 11:07:20 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c000000000000ffffa8880000", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) [ 1156.658116][T11527] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1156.675521][T11527] CPU: 0 PID: 11527 Comm: syz-executor.4 Not tainted 5.3.0-rc6 #127 [ 1156.683503][T11527] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1156.693544][T11527] Call Trace: [ 1156.697305][T11527] dump_stack+0x172/0x1f0 [ 1156.701625][T11527] dump_header+0x10b/0x82d [ 1156.706050][T11527] oom_kill_process.cold+0x10/0x15 [ 1156.711265][T11527] out_of_memory+0x79a/0x12c0 [ 1156.715931][T11527] ? lock_downgrade+0x920/0x920 [ 1156.720769][T11527] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1156.726981][T11527] ? oom_killer_disable+0x280/0x280 [ 1156.732158][T11527] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1156.737765][T11527] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1156.743371][T11527] ? do_raw_spin_unlock+0x57/0x270 [ 1156.748455][T11527] ? _raw_spin_unlock+0x2d/0x50 [ 1156.753274][T11527] try_charge+0xf4b/0x1440 [ 1156.757688][T11527] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1156.763215][T11527] ? percpu_ref_tryget_live+0x111/0x290 [ 1156.768736][T11527] ? get_mem_cgroup_from_mm+0x16/0x320 [ 1156.774191][T11527] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1156.779733][T11527] mem_cgroup_try_charge+0x136/0x590 [ 1156.784993][T11527] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1156.791211][T11527] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1156.796822][T11527] wp_page_copy+0x41e/0x15e0 [ 1156.801387][T11527] ? page_trans_huge_mapcount+0x166/0x450 [ 1156.807081][T11527] ? pmd_pfn+0x1d0/0x1d0 [ 1156.811307][T11527] ? lock_downgrade+0x920/0x920 [ 1156.816136][T11527] ? swp_swapcount+0x540/0x540 [ 1156.820875][T11527] ? __kasan_check_read+0x11/0x20 [ 1156.825901][T11527] ? do_raw_spin_unlock+0x57/0x270 [ 1156.831005][T11527] do_wp_page+0x499/0x14d0 [ 1156.836008][T11527] ? finish_mkwrite_fault+0x570/0x570 [ 1156.841355][T11527] __handle_mm_fault+0x22f1/0x3f20 [ 1156.846447][T11527] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1156.851965][T11527] ? __kasan_check_read+0x11/0x20 [ 1156.856965][T11527] ? trace_hardirqs_on+0x67/0x240 [ 1156.861959][T11527] handle_mm_fault+0x1b5/0x6b0 [ 1156.866698][T11527] __do_page_fault+0x536/0xdd0 [ 1156.871436][T11527] do_page_fault+0x38/0x590 [ 1156.875928][T11527] page_fault+0x39/0x40 [ 1156.880065][T11527] RIP: 0033:0x404f08 [ 1156.883931][T11527] Code: 85 02 00 00 80 3d 8f b5 66 00 00 c6 85 84 00 00 00 00 74 0f 8b 05 7c b5 66 00 39 45 24 0f 84 e7 01 00 00 44 8b a5 80 00 00 00 b3 d5 ff ff 48 2b 05 fc 30 33 00 8b 75 00 49 89 d8 45 89 e1 4c [ 1156.903504][T11527] RSP: 002b:00007fd57ae39c90 EFLAGS: 00010246 [ 1156.909542][T11527] RAX: 00007fd57ce3b000 RBX: 0000000000001faa RCX: 0000000000459879 [ 1156.917487][T11527] RDX: 000000000003ffff RSI: 0000000000000000 RDI: 0000000000000000 [ 1156.925428][T11527] RBP: 000000000075bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 1156.933372][T11527] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1156.941313][T11527] R13: 00000000004bfd46 R14: 00000000004d1af8 R15: 00000000ffffffff [ 1156.959213][T11527] memory: usage 307108kB, limit 307200kB, failcnt 4314 [ 1156.966529][T11527] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1156.973694][T11527] Memory cgroup stats for /syz4: [ 1156.973798][T11527] anon 238723072 [ 1156.973798][T11527] file 8192 [ 1156.973798][T11527] kernel_stack 11403264 [ 1156.973798][T11527] slab 17686528 [ 1156.973798][T11527] sock 0 [ 1156.973798][T11527] shmem 0 [ 1156.973798][T11527] file_mapped 0 [ 1156.973798][T11527] file_dirty 0 [ 1156.973798][T11527] file_writeback 0 11:07:21 executing program 1: r0 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r0, 0x8003f1) open(&(0x7f00000004c0)='./bus\x00', 0x0, 0x3000) 11:07:21 executing program 0: 11:07:21 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c000000000000ffffff9e0000", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) 11:07:21 executing program 2: r0 = syz_open_dev$evdev(0x0, 0x0, 0x0) dup3(0xffffffffffffffff, r0, 0x0) ioctl$EVIOCGRAB(0xffffffffffffffff, 0x40044590, &(0x7f00000002c0)=0x7fff) ioctl$EVIOCGRAB(r0, 0x40044590, 0x0) [ 1156.973798][T11527] anon_thp 163577856 [ 1156.973798][T11527] inactive_anon 135168 [ 1156.973798][T11527] active_anon 238735360 [ 1156.973798][T11527] inactive_file 0 [ 1156.973798][T11527] active_file 0 [ 1156.973798][T11527] unevictable 135168 [ 1156.973798][T11527] slab_reclaimable 2973696 [ 1156.973798][T11527] slab_unreclaimable 14712832 [ 1156.973798][T11527] pgfault 237072 [ 1156.973798][T11527] pgmajfault 0 [ 1156.973798][T11527] workingset_refault 396 [ 1156.973798][T11527] workingset_activate 66 [ 1156.973798][T11527] workingset_nodereclaim 0 11:07:21 executing program 0: [ 1156.973798][T11527] pgrefill 6153 [ 1156.973798][T11527] pgscan 6001 [ 1156.973798][T11527] pgsteal 675 [ 1157.037304][T11550] validate_nla: 16 callbacks suppressed [ 1157.037311][T11550] netlink: 'syz-executor.5': attribute type 4 has an invalid length. [ 1157.078934][T11527] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=8011,uid=0 [ 1157.129777][T11527] Memory cgroup out of memory: Killed process 8011 (syz-executor.4) total-vm:72708kB, anon-rss:2200kB, file-rss:34816kB, shmem-rss:0kB [ 1157.187203][T11543] syz-executor.4 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1157.239494][T11543] CPU: 1 PID: 11543 Comm: syz-executor.4 Not tainted 5.3.0-rc6 #127 [ 1157.247474][T11543] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1157.257512][T11543] Call Trace: [ 1157.260797][T11543] dump_stack+0x172/0x1f0 [ 1157.265120][T11543] dump_header+0x10b/0x82d [ 1157.269521][T11543] ? oom_kill_process+0x94/0x3f0 [ 1157.274448][T11543] oom_kill_process.cold+0x10/0x15 [ 1157.279550][T11543] out_of_memory+0x79a/0x12c0 [ 1157.284217][T11543] ? lock_downgrade+0x920/0x920 [ 1157.289065][T11543] ? oom_killer_disable+0x280/0x280 [ 1157.294253][T11543] ? __kasan_check_read+0x11/0x20 [ 1157.299260][T11543] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1157.304770][T11543] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1157.310383][T11543] ? do_raw_spin_unlock+0x57/0x270 [ 1157.315473][T11543] ? _raw_spin_unlock+0x2d/0x50 [ 1157.320292][T11543] try_charge+0xa2d/0x1440 [ 1157.324681][T11543] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1157.330195][T11543] ? get_mem_cgroup_from_mm+0x139/0x320 [ 1157.335706][T11543] ? __kasan_check_read+0x11/0x20 [ 1157.340697][T11543] ? lock_downgrade+0x920/0x920 [ 1157.345511][T11543] ? percpu_ref_tryget_live+0x111/0x290 [ 1157.351027][T11543] __memcg_kmem_charge_memcg+0x71/0xf0 [ 1157.356454][T11543] ? memcg_kmem_put_cache+0x50/0x50 [ 1157.361623][T11543] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1157.367134][T11543] __memcg_kmem_charge+0x13a/0x3a0 [ 1157.372211][T11543] __alloc_pages_nodemask+0x4f4/0x900 [ 1157.377549][T11543] ? psi_memstall_leave+0x11c/0x180 [ 1157.382714][T11543] ? __alloc_pages_slowpath+0x2520/0x2520 [ 1157.388399][T11543] ? psi_memstall_leave+0x12e/0x180 [ 1157.393558][T11543] ? __kasan_check_read+0x11/0x20 [ 1157.398548][T11543] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1157.404756][T11543] alloc_pages_current+0x107/0x210 [ 1157.409834][T11543] pte_alloc_one+0x1b/0x1a0 [ 1157.414308][T11543] __handle_mm_fault+0x34d7/0x3f20 [ 1157.419392][T11543] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1157.424914][T11543] ? __kasan_check_read+0x11/0x20 [ 1157.429903][T11543] ? trace_hardirqs_on+0x67/0x240 [ 1157.434892][T11543] handle_mm_fault+0x1b5/0x6b0 [ 1157.439626][T11543] __do_page_fault+0x536/0xdd0 [ 1157.444356][T11543] ? page_fault+0x16/0x40 [ 1157.448656][T11543] do_page_fault+0x38/0x590 [ 1157.453127][T11543] page_fault+0x39/0x40 [ 1157.457346][T11543] RIP: 0033:0x459879 [ 1157.461219][T11543] Code: Bad RIP value. [ 1157.465254][T11543] RSP: 002b:00007fd57ae39c78 EFLAGS: 00010246 [ 1157.471285][T11543] RAX: 0000000000000000 RBX: 0000000000000005 RCX: 0000000000459879 [ 1157.479224][T11543] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 11:07:21 executing program 4: ioctl$SNDRV_TIMER_IOCTL_STATUS(0xffffffffffffffff, 0x80605414, &(0x7f0000001500)=""/172) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$rds(0xffffffffffffffff, &(0x7f00000014c0)={0x0, 0x0, &(0x7f0000000bc0)=[{0x0}], 0x1, &(0x7f0000001300)=ANY=[@ANYBLOB, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYBLOB="17000000", @ANYPTR, @ANYBLOB], 0x2c}, 0x1) r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000180)={0x2, 0x0, @loopback}, 0x10) perf_event_open(&(0x7f0000000880)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000100), 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {&(0x7f0000000040)=""/156, 0x80305}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x2c}, {&(0x7f00000001c0)=""/67, 0x43}, {&(0x7f0000000240)=""/198, 0xc6}, {&(0x7f0000000140)=""/15, 0xf}, {&(0x7f0000000340)=""/54, 0x7ffff}, {&(0x7f0000000380)=""/42, 0x2a}, {&(0x7f00000003c0)=""/77, 0x4d}, {&(0x7f0000000440)=""/244, 0xf4}, {&(0x7f0000000540)=""/219, 0xdb}], 0x7}}], 0x48}, 0x0) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000640)={0x52, 0x9, 0x3, {0x9, 0x8}, {0x5}, @rumble={0x7, 0x7}}) 11:07:21 executing program 3: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff038000000800395032303030264c"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000400)={0xa0}, 0xa0) openat$cuse(0xffffffffffffff9c, &(0x7f0000000040)='/dev/cuse\x00', 0x2, 0x0) ioctl$BLKRRPART(r2, 0x125f, 0x0) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) chdir(&(0x7f0000000000)='./file0\x00') mknod(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) 11:07:21 executing program 2: r0 = syz_open_dev$evdev(0x0, 0x0, 0x0) dup3(0xffffffffffffffff, r0, 0x0) ioctl$EVIOCGRAB(0xffffffffffffffff, 0x40044590, &(0x7f00000002c0)=0x7fff) ioctl$EVIOCGRAB(r0, 0x40044590, 0x0) 11:07:21 executing program 0: 11:07:21 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c000000000000008000a00000", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) [ 1157.487167][T11543] RBP: 000000000075bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 1157.495105][T11543] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd57ae3a6d4 [ 1157.503042][T11543] R13: 00000000004bfd46 R14: 00000000004d1af8 R15: 00000000ffffffff [ 1157.512001][T11543] memory: usage 304476kB, limit 307200kB, failcnt 4314 [ 1157.527271][ T23] kauditd_printk_skb: 5 callbacks suppressed 11:07:22 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) recvmsg(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000680)=[{&(0x7f0000000000)=""/93, 0x5d}], 0x1}, 0x2) r1 = dup(r0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) recvfrom$inet(r2, 0x0, 0x78cf, 0x0, 0x0, 0x800e00515) shutdown(r1, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) fcntl$getflags(r3, 0x1) recvfrom$inet(r3, 0x0, 0xccf3, 0x0, 0x0, 0x800e0050e) shutdown(r2, 0x0) shutdown(r3, 0x0) 11:07:22 executing program 2: r0 = syz_open_dev$evdev(0x0, 0x0, 0x0) dup3(0xffffffffffffffff, r0, 0x0) ioctl$EVIOCGRAB(0xffffffffffffffff, 0x40044590, &(0x7f00000002c0)=0x7fff) ioctl$EVIOCGRAB(r0, 0x40044590, 0x0) [ 1157.527282][ T23] audit: type=1804 audit(1566904041.974:1105): pid=11561 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir582042889/syzkaller.EPHjOp/2358/bus" dev="sda1" ino=16751 res=1 [ 1157.569465][T11569] netlink: 'syz-executor.5': attribute type 4 has an invalid length. [ 1157.572401][T11543] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1157.610299][T11543] Memory cgroup stats for /syz4: [ 1157.610413][T11543] anon 236523520 [ 1157.610413][T11543] file 8192 [ 1157.610413][T11543] kernel_stack 11403264 [ 1157.610413][T11543] slab 17686528 [ 1157.610413][T11543] sock 0 [ 1157.610413][T11543] shmem 0 [ 1157.610413][T11543] file_mapped 0 [ 1157.610413][T11543] file_dirty 0 [ 1157.610413][T11543] file_writeback 0 [ 1157.610413][T11543] anon_thp 161480704 [ 1157.610413][T11543] inactive_anon 135168 [ 1157.610413][T11543] active_anon 236552192 [ 1157.610413][T11543] inactive_file 0 [ 1157.610413][T11543] active_file 0 [ 1157.610413][T11543] unevictable 135168 [ 1157.610413][T11543] slab_reclaimable 2973696 [ 1157.610413][T11543] slab_unreclaimable 14712832 [ 1157.610413][T11543] pgfault 237072 [ 1157.610413][T11543] pgmajfault 0 [ 1157.610413][T11543] workingset_refault 396 [ 1157.610413][T11543] workingset_activate 66 [ 1157.610413][T11543] workingset_nodereclaim 0 [ 1157.610413][T11543] pgrefill 6153 [ 1157.610413][T11543] pgscan 6001 [ 1157.610413][T11543] pgsteal 675 11:07:22 executing program 1: r0 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r0, 0x8003f1) open(&(0x7f00000004c0)='./bus\x00', 0x0, 0x3100) 11:07:22 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c000000000000fffffff00000", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) 11:07:22 executing program 2: r0 = syz_open_dev$evdev(0x0, 0x0, 0x0) r1 = syz_open_dev$evdev(0x0, 0x0, 0x0) dup3(r0, r1, 0x0) ioctl$EVIOCGRAB(r0, 0x40044590, &(0x7f00000002c0)=0x7fff) ioctl$EVIOCGRAB(r1, 0x40044590, 0x0) 11:07:22 executing program 3: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff038000000800395032303030264c"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000400)={0xa0}, 0xa0) ioctl$TIOCLINUX4(r2, 0x541c, &(0x7f0000000040)) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) lstat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0}) mount$overlay(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)='overlay\x00', 0x200022, &(0x7f00000004c0)={[{@index_off='index=off'}], [{@fsmagic={'fsmagic', 0x3d, 0x1000}}, {@fowner_lt={'fowner<', r3}}, {@func={'func', 0x3d, 'BPRM_CHECK'}}, {@obj_type={'obj_type', 0x3d, '9p\x00'}}, {@audit='audit'}]}) chdir(&(0x7f0000000000)='./file0\x00') mknod(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) [ 1157.772870][T11582] rds_sendmsg: 1 callbacks suppressed [ 1157.772897][T11582] rdma_op 0000000071f8dadd conn xmit_rdma 00000000d8f1147d 11:07:22 executing program 2: r0 = syz_open_dev$evdev(0x0, 0x0, 0x0) r1 = syz_open_dev$evdev(0x0, 0x0, 0x0) dup3(r0, r1, 0x0) ioctl$EVIOCGRAB(r0, 0x40044590, &(0x7f00000002c0)=0x7fff) ioctl$EVIOCGRAB(r1, 0x40044590, 0x0) [ 1157.807124][ T23] audit: type=1804 audit(1566904042.254:1106): pid=11588 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir582042889/syzkaller.EPHjOp/2359/bus" dev="sda1" ino=16695 res=1 [ 1157.826258][T11543] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=7956,uid=0 [ 1157.849913][T11592] netlink: 'syz-executor.5': attribute type 4 has an invalid length. [ 1158.031444][T11543] Memory cgroup out of memory: Killed process 7956 (syz-executor.4) total-vm:72708kB, anon-rss:2200kB, file-rss:34816kB, shmem-rss:0kB [ 1158.059388][T11582] syz-executor.4 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1158.088211][T11582] CPU: 0 PID: 11582 Comm: syz-executor.4 Not tainted 5.3.0-rc6 #127 [ 1158.096193][T11582] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1158.106226][T11582] Call Trace: [ 1158.109506][T11582] dump_stack+0x172/0x1f0 [ 1158.113819][T11582] dump_header+0x10b/0x82d [ 1158.118214][T11582] oom_kill_process.cold+0x10/0x15 [ 1158.123300][T11582] out_of_memory+0x79a/0x12c0 [ 1158.127948][T11582] ? lock_downgrade+0x920/0x920 [ 1158.132770][T11582] ? oom_killer_disable+0x280/0x280 [ 1158.137938][T11582] ? __kasan_check_read+0x11/0x20 [ 1158.143038][T11582] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1158.148562][T11582] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1158.154265][T11582] ? do_raw_spin_unlock+0x57/0x270 [ 1158.159349][T11582] ? _raw_spin_unlock+0x2d/0x50 [ 1158.164168][T11582] try_charge+0xf4b/0x1440 [ 1158.168562][T11582] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1158.174079][T11582] ? get_mem_cgroup_from_mm+0x139/0x320 [ 1158.179593][T11582] ? __kasan_check_read+0x11/0x20 [ 1158.184587][T11582] ? lock_downgrade+0x920/0x920 [ 1158.189410][T11582] ? percpu_ref_tryget_live+0x111/0x290 [ 1158.194942][T11582] __memcg_kmem_charge_memcg+0x71/0xf0 [ 1158.200373][T11582] ? memcg_kmem_put_cache+0x50/0x50 [ 1158.205540][T11582] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1158.211055][T11582] __memcg_kmem_charge+0x13a/0x3a0 [ 1158.216138][T11582] __alloc_pages_nodemask+0x4f4/0x900 [ 1158.221478][T11582] ? stack_trace_consume_entry+0x190/0x190 [ 1158.227258][T11582] ? __alloc_pages_slowpath+0x2520/0x2520 [ 1158.232951][T11582] ? save_stack+0x5c/0x90 [ 1158.237253][T11582] ? save_stack+0x23/0x90 [ 1158.241556][T11582] ? __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 1158.247332][T11582] ? kasan_slab_alloc+0xf/0x20 [ 1158.252069][T11582] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1158.258282][T11582] alloc_pages_current+0x107/0x210 [ 1158.263368][T11582] pte_alloc_one+0x1b/0x1a0 [ 1158.267842][T11582] copy_huge_pmd+0x75/0x620 [ 1158.272314][T11582] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1158.278524][T11582] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1158.284736][T11582] copy_page_range+0x775/0x1ee0 [ 1158.289575][T11582] ? mark_held_locks+0xf0/0xf0 [ 1158.294326][T11582] ? __kasan_check_read+0x11/0x20 [ 1158.299329][T11582] ? pmd_alloc+0x180/0x180 [ 1158.303722][T11582] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 1158.309419][T11582] ? validate_mm_rb+0xa3/0xc0 [ 1158.314070][T11582] ? __vma_link_rb+0x275/0x370 [ 1158.318809][T11582] dup_mm+0xa67/0x1430 [ 1158.322868][T11582] ? vm_area_dup+0x170/0x170 [ 1158.327429][T11582] ? debug_mutex_init+0x2d/0x5a [ 1158.332251][T11582] copy_process+0x28b7/0x6b00 [ 1158.337459][T11582] ? copy_msghdr_from_user+0x440/0x440 [ 1158.342894][T11582] ? __cleanup_sighand+0x60/0x60 [ 1158.347806][T11582] _do_fork+0x146/0xfa0 [ 1158.351937][T11582] ? copy_init_mm+0x20/0x20 [ 1158.356410][T11582] ? __kasan_check_read+0x11/0x20 [ 1158.361415][T11582] ? _copy_to_user+0x118/0x160 [ 1158.366149][T11582] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1158.372357][T11582] ? put_timespec64+0xda/0x140 [ 1158.377097][T11582] __x64_sys_clone+0x18d/0x250 [ 1158.381830][T11582] ? __ia32_sys_vfork+0xc0/0xc0 [ 1158.386665][T11582] ? trace_hardirqs_off_caller+0x65/0x230 [ 1158.392352][T11582] ? trace_hardirqs_on+0x67/0x240 [ 1158.397347][T11582] do_syscall_64+0xfd/0x6a0 [ 1158.401821][T11582] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1158.407679][T11582] RIP: 0033:0x459879 [ 1158.411546][T11582] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1158.431121][T11582] RSP: 002b:00007fd57ae39c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1158.439505][T11582] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000459879 [ 1158.447446][T11582] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1158.455475][T11582] RBP: 000000000075bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 1158.463420][T11582] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd57ae3a6d4 [ 1158.471362][T11582] R13: 00000000004bfd46 R14: 00000000004d1af8 R15: 00000000ffffffff [ 1158.488015][T11582] memory: usage 304896kB, limit 307200kB, failcnt 4326 [ 1158.494978][T11582] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1158.502205][T11582] Memory cgroup stats for /syz4: [ 1158.502320][T11582] anon 236646400 [ 1158.502320][T11582] file 8192 [ 1158.502320][T11582] kernel_stack 11534336 [ 1158.502320][T11582] slab 17686528 [ 1158.502320][T11582] sock 0 [ 1158.502320][T11582] shmem 0 [ 1158.502320][T11582] file_mapped 0 [ 1158.502320][T11582] file_dirty 0 [ 1158.502320][T11582] file_writeback 0 [ 1158.502320][T11582] anon_thp 161480704 [ 1158.502320][T11582] inactive_anon 135168 [ 1158.502320][T11582] active_anon 236658688 [ 1158.502320][T11582] inactive_file 0 [ 1158.502320][T11582] active_file 0 [ 1158.502320][T11582] unevictable 135168 [ 1158.502320][T11582] slab_reclaimable 2973696 [ 1158.502320][T11582] slab_unreclaimable 14712832 [ 1158.502320][T11582] pgfault 237171 [ 1158.502320][T11582] pgmajfault 0 [ 1158.502320][T11582] workingset_refault 396 [ 1158.502320][T11582] workingset_activate 66 [ 1158.502320][T11582] workingset_nodereclaim 0 [ 1158.502320][T11582] pgrefill 6153 11:07:23 executing program 2: r0 = syz_open_dev$evdev(0x0, 0x0, 0x0) r1 = syz_open_dev$evdev(0x0, 0x0, 0x0) dup3(r0, r1, 0x0) ioctl$EVIOCGRAB(r0, 0x40044590, &(0x7f00000002c0)=0x7fff) ioctl$EVIOCGRAB(r1, 0x40044590, 0x0) 11:07:23 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c0000000000000000fffe0000", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) 11:07:23 executing program 3: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f00000006c0)={{{@in6=@loopback, @in6=@mcast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@mcast2}, 0x0, @in6=@dev}}, &(0x7f0000000940)=0xfffffffffffffee4) getgroups(0xa, &(0x7f0000000380)=[0xee01, 0x0, 0xee01, 0xffffffffffffffff, 0xee01, 0x0, 0xee01, 0xee00, 0x0, 0xee00]) r4 = getgid() getresgid(&(0x7f00000003c0)=0x0, &(0x7f0000000580), &(0x7f00000007c0)) lstat(&(0x7f0000000800)='./file0\x00', &(0x7f0000000840)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) lsetxattr$system_posix_acl(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000280)='system.posix_acl_default\x00', &(0x7f00000008c0)={{}, {0x1, 0x1}, [{0x2, 0x1, r2}], {0x4, 0x3}, [{0x8, 0x4, r3}, {0x8, 0x2, r4}, {0x8, 0x1, r5}, {0x8, 0x1, r6}], {0x10, 0x4}, {0x20, 0x1}}, 0x4c, 0x1) mkdir(&(0x7f00000009c0)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff038000000800395032303030264c"], 0x15) getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f0000000600)={0x0, @in={{0x2, 0x4e22, @rand_addr=0x84}}, 0x8, 0x8, 0x20, 0x1000, 0x1}, &(0x7f0000000040)=0x98) setsockopt$inet_sctp_SCTP_ADD_STREAMS(r0, 0x84, 0x79, &(0x7f0000000180)={r7, 0x9, 0x5}, 0x8) r8 = dup(r1) write$FUSE_BMAP(r8, &(0x7f0000000100)={0x18}, 0x18) ioctl$SIOCX25GCALLUSERDATA(r8, 0x89e4, &(0x7f00000004c0)={0x34, "9af44e994268fada3fa4f4ffbf3fc72ed485c17f6d2d45127e22cb3de3a15633e463be514666e9707595ae37c33b12ddf423ddf525fcd8908dcc200abb586740434dff219e090055e252901d9de84e9d1e889b93078a13bb69440ad961a4cf21d25d5f0bc1e0f311eccb86e6745e5af2458a04b9f623fe99022cd29098e25cf6"}) write$FUSE_CREATE_OPEN(r8, &(0x7f0000000400)={0xa0}, 0xa0) write$FUSE_NOTIFY_RETRIEVE(r8, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r8]) chdir(&(0x7f0000000000)='./file0\x00') mknod(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) 11:07:23 executing program 4: ioctl$SNDRV_TIMER_IOCTL_STATUS(0xffffffffffffffff, 0x80605414, &(0x7f0000001500)=""/172) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$rds(0xffffffffffffffff, &(0x7f00000014c0)={0x0, 0x0, &(0x7f0000000bc0)=[{0x0}], 0x1, &(0x7f0000001300)=ANY=[@ANYBLOB, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYBLOB="17000000", @ANYPTR, @ANYBLOB], 0x2c}, 0x1) r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000180)={0x2, 0x0, @loopback}, 0x10) perf_event_open(&(0x7f0000000880)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000100), 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {&(0x7f0000000040)=""/156, 0x80305}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x2c}, {&(0x7f00000001c0)=""/67, 0x43}, {&(0x7f0000000240)=""/198, 0xc6}, {&(0x7f0000000140)=""/15, 0xf}, {&(0x7f0000000340)=""/54, 0x7ffff}, {&(0x7f0000000380)=""/42, 0x2a}, {&(0x7f00000003c0)=""/77, 0x4d}, {&(0x7f0000000440)=""/244, 0xf4}, {&(0x7f0000000540)=""/219, 0xdb}], 0x7}}], 0x48}, 0x0) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000640)={0x52, 0x9, 0x3, {0x9, 0x8}, {0x5}, @rumble={0x7, 0x7}}) 11:07:23 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) readv(r0, &(0x7f0000000280)=[{&(0x7f0000000000)=""/166, 0xa6}], 0x1) r1 = socket$inet_udplite(0x2, 0x2, 0x88) recvfrom$inet(r1, 0x0, 0xfd1d, 0x0, 0x0, 0x800e00527) recvfrom$inet(r1, &(0x7f0000000140)=""/147, 0x93, 0x2, 0x0, 0x0) shutdown(r0, 0x0) accept$inet(r1, 0x0, 0x0) recvfrom$inet(r1, 0x0, 0xfde6, 0x42, 0x0, 0x800e00521) shutdown(r1, 0x0) 11:07:23 executing program 1: r0 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r0, 0x8003f1) open(&(0x7f00000004c0)='./bus\x00', 0x0, 0x3200) [ 1158.502320][T11582] pgscan 6001 [ 1158.502320][T11582] pgsteal 675 [ 1158.507803][T11582] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=11576,uid=0 [ 1158.612164][T11582] Memory cgroup out of memory: Killed process 11576 (syz-executor.4) total-vm:72708kB, anon-rss:2196kB, file-rss:35788kB, shmem-rss:0kB 11:07:23 executing program 2: r0 = syz_open_dev$evdev(&(0x7f0000000100)='/dev/input/event#\x00', 0x0, 0x0) r1 = syz_open_dev$evdev(0x0, 0x0, 0x0) dup3(0xffffffffffffffff, r1, 0x0) ioctl$EVIOCGRAB(r0, 0x40044590, &(0x7f00000002c0)=0x7fff) ioctl$EVIOCGRAB(r1, 0x40044590, 0x0) [ 1158.663681][T11616] netlink: 'syz-executor.5': attribute type 4 has an invalid length. [ 1158.686175][ T23] audit: type=1804 audit(1566904043.134:1107): pid=11621 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir582042889/syzkaller.EPHjOp/2360/bus" dev="sda1" ino=17058 res=1 11:07:23 executing program 3: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff038000000800395032303030264c"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000400)={0xa0}, 0xa0) geteuid() write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) chdir(&(0x7f0000000040)='./file0\x00') mknod(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) [ 1158.718446][T11625] rdma_op 00000000758aaccb conn xmit_rdma 00000000d8f1147d 11:07:23 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c00000000000000000fff0000", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) [ 1158.817405][T11630] rdma_op 000000008d4b21a3 conn xmit_rdma 00000000d8f1147d 11:07:23 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) recvmsg(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000680)=[{&(0x7f0000000000)=""/93, 0x5d}], 0x1}, 0x2) r1 = dup(r0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) recvfrom$inet(r2, 0x0, 0x78cf, 0x0, 0x0, 0x800e00515) shutdown(r1, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$inet_MCAST_JOIN_GROUP(r3, 0x0, 0x50, &(0x7f0000000080)={0x0, {{0x10, 0x2}}}, 0x90) recvfrom$inet(r3, 0x0, 0xccf3, 0x0, 0x0, 0x800e0050e) shutdown(r2, 0x0) shutdown(r3, 0x0) 11:07:23 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c000000000000056cfeff0000", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) 11:07:23 executing program 4: ioctl$SNDRV_TIMER_IOCTL_STATUS(0xffffffffffffffff, 0x80605414, &(0x7f0000001500)=""/172) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$rds(0xffffffffffffffff, &(0x7f00000014c0)={0x0, 0x0, &(0x7f0000000bc0)=[{0x0}], 0x1, &(0x7f0000001300)=ANY=[@ANYBLOB, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYBLOB="17000000", @ANYPTR, @ANYBLOB], 0x2c}, 0x1) r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000180)={0x2, 0x0, @loopback}, 0x10) perf_event_open(&(0x7f0000000880)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000100), 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {&(0x7f0000000040)=""/156, 0x80305}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x2c}, {&(0x7f00000001c0)=""/67, 0x43}, {&(0x7f0000000240)=""/198, 0xc6}, {&(0x7f0000000140)=""/15, 0xf}, {&(0x7f0000000340)=""/54, 0x7ffff}, {&(0x7f0000000380)=""/42, 0x2a}, {&(0x7f00000003c0)=""/77, 0x4d}, {&(0x7f0000000440)=""/244, 0xf4}, {&(0x7f0000000540)=""/219, 0xdb}], 0x7}}], 0x48}, 0x0) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000640)={0x52, 0x9, 0x3, {0x9, 0x8}, {0x5}, @rumble={0x7, 0x7}}) [ 1158.878821][T11640] netlink: 'syz-executor.5': attribute type 4 has an invalid length. [ 1158.895292][ T23] audit: type=1804 audit(1566904043.334:1108): pid=11645 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir582042889/syzkaller.EPHjOp/2360/bus" dev="sda1" ino=17058 res=1 11:07:23 executing program 2: r0 = syz_open_dev$evdev(&(0x7f0000000100)='/dev/input/event#\x00', 0x0, 0x0) r1 = syz_open_dev$evdev(0x0, 0x0, 0x0) dup3(0xffffffffffffffff, r1, 0x0) ioctl$EVIOCGRAB(r0, 0x40044590, &(0x7f00000002c0)=0x7fff) ioctl$EVIOCGRAB(r1, 0x40044590, 0x0) 11:07:23 executing program 3: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4000) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff038000000800395032303030264c"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000400)={0xa0}, 0xa0) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) chdir(&(0x7f0000000000)='./file0\x00') mknod(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) [ 1159.033336][T11662] netlink: 'syz-executor.5': attribute type 4 has an invalid length. 11:07:23 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c00000000000088a8ffff0000", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) [ 1159.078219][T11651] rdma_op 00000000208bf971 conn xmit_rdma 00000000d8f1147d 11:07:23 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c00000000000000f0ffff0000", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) [ 1159.161103][T11673] netlink: 'syz-executor.5': attribute type 4 has an invalid length. [ 1159.182196][T11671] rdma_op 000000000be1c760 conn xmit_rdma 00000000d8f1147d 11:07:23 executing program 3: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff038000000800395032303030264c"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000400)={0xa0}, 0xa0) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) chdir(&(0x7f0000000000)='./file0\x00') ioctl$VIDIOC_G_CROP(r2, 0xc014563b, &(0x7f0000000040)={0x2, {0x8, 0x4, 0x35}}) mknod(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) 11:07:23 executing program 1: r0 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r0, 0x8003f1) open(&(0x7f00000004c0)='./bus\x00', 0x0, 0x3300) 11:07:23 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) recvmsg(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000680)=[{&(0x7f0000000000)=""/93, 0x5d}, {0x0}], 0x2}, 0x2) r1 = dup(r0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) recvfrom$inet(r2, 0x0, 0x78cf, 0x0, 0x0, 0x800e00515) shutdown(r1, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$inet_MCAST_JOIN_GROUP(r3, 0x0, 0x50, 0x0, 0x0) recvfrom$inet(r3, 0x0, 0xccf3, 0x0, 0x0, 0x800e0050e) shutdown(r2, 0x0) shutdown(r3, 0x0) 11:07:23 executing program 4: ioctl$SNDRV_TIMER_IOCTL_STATUS(0xffffffffffffffff, 0x80605414, &(0x7f0000001500)=""/172) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$rds(0xffffffffffffffff, &(0x7f00000014c0)={0x0, 0x0, &(0x7f0000000bc0)=[{0x0}], 0x1, &(0x7f0000001300)=ANY=[@ANYBLOB, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYBLOB="17000000", @ANYPTR, @ANYBLOB], 0x2c}, 0x1) r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000180)={0x2, 0x0, @loopback}, 0x10) perf_event_open(&(0x7f0000000880)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000100), 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {&(0x7f0000000040)=""/156, 0x80305}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x2c}, {&(0x7f00000001c0)=""/67, 0x43}, {&(0x7f0000000240)=""/198, 0xc6}, {&(0x7f0000000140)=""/15, 0xf}, {&(0x7f0000000340)=""/54, 0x7ffff}, {&(0x7f0000000380)=""/42, 0x2a}, {&(0x7f00000003c0)=""/77, 0x4d}, {&(0x7f0000000440)=""/244, 0xf4}, {&(0x7f0000000540)=""/219, 0xdb}], 0x7}}], 0x48}, 0x0) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000640)={0x52, 0x9, 0x3, {0x9, 0x8}, {0x5}, @rumble={0x7, 0x7}}) 11:07:23 executing program 2: r0 = syz_open_dev$evdev(&(0x7f0000000100)='/dev/input/event#\x00', 0x0, 0x0) r1 = syz_open_dev$evdev(0x0, 0x0, 0x0) dup3(0xffffffffffffffff, r1, 0x0) ioctl$EVIOCGRAB(r0, 0x40044590, &(0x7f00000002c0)=0x7fff) ioctl$EVIOCGRAB(r1, 0x40044590, 0x0) [ 1159.298292][T11682] netlink: 'syz-executor.5': attribute type 4 has an invalid length. [ 1159.365155][ T23] audit: type=1804 audit(1566904043.804:1109): pid=11690 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir582042889/syzkaller.EPHjOp/2361/bus" dev="sda1" ino=16891 res=1 11:07:23 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c0000000000007fffffff0000", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) 11:07:23 executing program 3: pipe2$9p(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}, 0x84800) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff038000000800395032303030264c"], 0x15) r2 = dup(r1) ioctl$SNDRV_TIMER_IOCTL_STATUS(r2, 0x80605414, &(0x7f0000000600)=""/4096) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000400)={0xa0}, 0xa0) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB="2c01004b", @ANYRESHEX=r2]) chdir(&(0x7f0000000000)='./file0\x00') mknod(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) 11:07:23 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c0000000000009effffff0000", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) [ 1159.480783][T11704] netlink: 'syz-executor.5': attribute type 4 has an invalid length. 11:07:24 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) readv(r0, &(0x7f0000000280)=[{&(0x7f0000000000)=""/166, 0xa6}], 0x1) r1 = socket$inet_udplite(0x2, 0x2, 0x88) recvfrom$inet(r1, 0x0, 0xfd1d, 0x0, 0x0, 0x800e00527) shutdown(r0, 0x0) readv(r1, &(0x7f00000014c0)=[{&(0x7f00000002c0)=""/176, 0xb0}, {0x0}, {0x0}, {0x0, 0xffffff64}, {0x0, 0xfffffd28}, {0x0}], 0x1000000000000079) shutdown(r1, 0x0) [ 1159.585564][T11699] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1159.601394][T11708] netlink: 'syz-executor.5': attribute type 4 has an invalid length. [ 1159.608280][T11712] 9pnet: Insufficient options for proto=fd [ 1159.616279][T11699] CPU: 1 PID: 11699 Comm: syz-executor.4 Not tainted 5.3.0-rc6 #127 [ 1159.624245][T11699] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1159.634279][T11699] Call Trace: [ 1159.637553][T11699] dump_stack+0x172/0x1f0 [ 1159.641876][T11699] dump_header+0x10b/0x82d [ 1159.646279][T11699] oom_kill_process.cold+0x10/0x15 [ 1159.651375][T11699] out_of_memory+0x79a/0x12c0 [ 1159.656040][T11699] ? lock_downgrade+0x920/0x920 [ 1159.660885][T11699] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1159.667127][T11699] ? oom_killer_disable+0x280/0x280 [ 1159.672318][T11699] ? __kasan_check_read+0x11/0x20 [ 1159.677325][T11699] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1159.677337][T11699] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1159.677354][T11699] ? do_raw_spin_unlock+0x57/0x270 [ 1159.693585][T11699] ? _raw_spin_unlock+0x2d/0x50 [ 1159.698427][T11699] try_charge+0xf4b/0x1440 [ 1159.702839][T11699] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1159.708372][T11699] ? percpu_ref_tryget_live+0x111/0x290 [ 1159.713916][T11699] ? get_mem_cgroup_from_mm+0x16/0x320 [ 1159.719369][T11699] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1159.724905][T11699] mem_cgroup_try_charge+0x136/0x590 [ 1159.730182][T11699] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1159.736428][T11699] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1159.742050][T11699] __handle_mm_fault+0x1e34/0x3f20 [ 1159.747178][T11699] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1159.752709][T11699] ? __kasan_check_read+0x11/0x20 [ 1159.757727][T11699] ? do_raw_spin_unlock+0x57/0x270 [ 1159.757744][T11699] ? trace_hardirqs_on+0x67/0x240 [ 1159.757760][T11699] handle_mm_fault+0x1b5/0x6b0 [ 1159.772578][T11699] __get_user_pages+0x7d4/0x1b30 [ 1159.777526][T11699] ? follow_page_mask+0x19b0/0x19b0 11:07:24 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c000000000000f0ffffff0000", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) 11:07:24 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c00"/20, @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) 11:07:24 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c000000000000000000000003", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) [ 1159.782714][T11699] ? __kasan_check_write+0x14/0x20 [ 1159.787818][T11699] ? gup_pgd_range+0x1e1/0x2d10 [ 1159.792663][T11699] get_user_pages_unlocked+0x2ae/0x4a0 [ 1159.798208][T11699] ? get_user_pages_locked+0x4d0/0x4d0 [ 1159.803659][T11699] ? trace_hardirqs_on+0x67/0x240 [ 1159.808675][T11699] get_user_pages_fast+0x4c0/0x570 [ 1159.812608][T11721] 9pnet: Insufficient options for proto=fd [ 1159.813788][T11699] ? __get_user_pages_fast+0x410/0x410 [ 1159.813805][T11699] ? memset+0x32/0x40 [ 1159.828995][T11699] rds_pin_pages+0x33/0x1f0 [ 1159.833486][T11699] rds_cmsg_rdma_args+0x879/0x1150 [ 1159.838581][T11699] ? rds_rdma_extra_size+0x390/0x390 [ 1159.843859][T11699] ? rds_conn_create_outgoing+0x4b/0x60 [ 1159.849398][T11699] rds_sendmsg+0x1f32/0x35b0 [ 1159.853980][T11699] ? rw_copy_check_uvector+0x2ce/0x390 [ 1159.859456][T11699] ? rds_send_drop_to+0x1640/0x1640 [ 1159.865096][T11699] ? trace_hardirqs_on_caller+0x6a/0x240 [ 1159.870730][T11699] ? __this_cpu_preempt_check+0x3a/0x210 [ 1159.876353][T11699] ? retint_kernel+0x2b/0x2b [ 1159.880936][T11699] ? rds_send_drop_to+0x1640/0x1640 11:07:24 executing program 3: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff038000000800395032303030264c"], 0x15) stat(&(0x7f00000004c0)='./file0\x00', &(0x7f0000000500)) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000400)={0xa0}, 0xa0) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) getsockopt$inet_sctp6_SCTP_CONTEXT(r2, 0x84, 0x11, &(0x7f0000000040)={0x0, 0x8}, &(0x7f0000000180)=0x8) getsockopt$inet_sctp6_SCTP_CONTEXT(r2, 0x84, 0x11, &(0x7f00000001c0)={r3, 0x401}, &(0x7f0000000280)=0x8) chdir(&(0x7f0000000000)='./file0\x00') mknod(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) lsetxattr(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000380)=@known='system.advise\x00', &(0x7f00000003c0)='9p\x00', 0x3, 0x2) [ 1159.886130][T11699] ? rds_send_drop_to+0x1640/0x1640 [ 1159.891324][T11699] sock_sendmsg+0xd7/0x130 [ 1159.895734][T11699] ? sock_sendmsg+0xd7/0x130 [ 1159.900316][T11699] ___sys_sendmsg+0x803/0x920 [ 1159.904989][T11699] ? copy_msghdr_from_user+0x440/0x440 [ 1159.910449][T11699] ? __fget+0xa3/0x560 [ 1159.910467][T11699] ? __fget+0x384/0x560 [ 1159.918635][T11699] ? ksys_dup3+0x3e0/0x3e0 [ 1159.918651][T11699] ? __might_fault+0xfb/0x1e0 [ 1159.918664][T11699] ? __fget_light+0x1a9/0x230 [ 1159.918680][T11699] ? __fdget+0x1b/0x20 [ 1159.927728][T11699] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1159.927749][T11699] __sys_sendmsg+0x105/0x1d0 [ 1159.947209][T11699] ? __sys_sendmsg_sock+0xd0/0xd0 [ 1159.952232][T11699] ? __x64_sys_clock_gettime+0x16d/0x240 [ 1159.957851][T11699] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 1159.963907][T11699] __x64_sys_sendmsg+0x78/0xb0 [ 1159.968662][T11699] do_syscall_64+0xfd/0x6a0 [ 1159.973170][T11699] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1159.979052][T11699] RIP: 0033:0x459879 [ 1159.982935][T11699] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1160.002521][T11699] RSP: 002b:00007fd57ae39c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1160.002531][T11699] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459879 [ 1160.002542][T11699] RDX: 0000000000000000 RSI: 0000000020001600 RDI: 0000000000000003 [ 1160.018857][T11699] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1160.018864][T11699] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd57ae3a6d4 [ 1160.018871][T11699] R13: 00000000004c77e9 R14: 00000000004dd048 R15: 00000000ffffffff [ 1160.027496][T11699] memory: usage 307200kB, limit 307200kB, failcnt 4367 [ 1160.053033][ T23] audit: type=1804 audit(1566904044.504:1110): pid=11733 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir582042889/syzkaller.EPHjOp/2361/bus" dev="sda1" ino=16891 res=1 11:07:24 executing program 1: r0 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r0, 0x8003f1) open(&(0x7f00000004c0)='./bus\x00', 0x0, 0x3400) 11:07:24 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c000000000000ffffffffa000", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) [ 1160.096780][T11699] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1160.119782][T11699] Memory cgroup stats for /syz4: [ 1160.128504][T11699] anon 238071808 [ 1160.128504][T11699] file 8192 [ 1160.128504][T11699] kernel_stack 11534336 [ 1160.128504][T11699] slab 17956864 [ 1160.128504][T11699] sock 0 [ 1160.128504][T11699] shmem 0 [ 1160.128504][T11699] file_mapped 0 [ 1160.128504][T11699] file_dirty 0 [ 1160.128504][T11699] file_writeback 0 [ 1160.128504][T11699] anon_thp 161480704 [ 1160.128504][T11699] inactive_anon 135168 [ 1160.128504][T11699] active_anon 238186496 [ 1160.128504][T11699] inactive_file 0 [ 1160.128504][T11699] active_file 0 [ 1160.128504][T11699] unevictable 135168 [ 1160.128504][T11699] slab_reclaimable 2973696 [ 1160.128504][T11699] slab_unreclaimable 14983168 [ 1160.128504][T11699] pgfault 237963 [ 1160.128504][T11699] pgmajfault 0 [ 1160.128504][T11699] workingset_refault 396 [ 1160.128504][T11699] workingset_activate 66 [ 1160.128504][T11699] workingset_nodereclaim 0 [ 1160.128504][T11699] pgrefill 6153 [ 1160.128504][T11699] pgscan 6001 [ 1160.128504][T11699] pgsteal 675 [ 1160.241493][T11699] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=11634,uid=0 [ 1160.275292][ T23] audit: type=1804 audit(1566904044.714:1111): pid=11739 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir582042889/syzkaller.EPHjOp/2362/bus" dev="sda1" ino=16808 res=1 [ 1160.285443][T11699] Memory cgroup out of memory: Killed process 11634 (syz-executor.4) total-vm:72708kB, anon-rss:2200kB, file-rss:34816kB, shmem-rss:0kB [ 1160.351313][T11699] rdma_op 00000000553bb153 conn xmit_rdma 00000000d8f1147d [ 1160.427516][ T23] audit: type=1804 audit(1566904044.874:1112): pid=11744 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir582042889/syzkaller.EPHjOp/2362/bus" dev="sda1" ino=16808 res=1 11:07:24 executing program 4: ioctl$SNDRV_TIMER_IOCTL_STATUS(0xffffffffffffffff, 0x80605414, &(0x7f0000001500)=""/172) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$rds(0xffffffffffffffff, &(0x7f00000014c0)={0x0, 0x0, &(0x7f0000000bc0)=[{0x0}], 0x1, &(0x7f0000001300)=ANY=[@ANYBLOB, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYBLOB="17000000", @ANYPTR, @ANYBLOB], 0x2c}, 0x1) r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000180)={0x2, 0x0, @loopback}, 0x10) perf_event_open(&(0x7f0000000880)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000100), 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {&(0x7f0000000040)=""/156, 0x80305}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x2c}, {&(0x7f00000001c0)=""/67, 0x43}, {&(0x7f0000000240)=""/198, 0xc6}, {&(0x7f0000000140)=""/15, 0xf}, {&(0x7f0000000340)=""/54, 0x7ffff}, {&(0x7f0000000380)=""/42, 0x2a}, {&(0x7f00000003c0)=""/77, 0x4d}, {&(0x7f0000000440)=""/244, 0xf4}, {&(0x7f0000000540)=""/219, 0xdb}], 0x7}}], 0x48}, 0x0) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000640)={0x52, 0x9, 0x3, {0x9, 0x8}, {0x5}, @rumble={0x7, 0x7}}) 11:07:24 executing program 3: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff038000000800395032303030264c"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000400)={0xa0}, 0xa0) lstat(&(0x7f0000000600)='./file0\x00', &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_mount_image$reiserfs(&(0x7f0000000040)='reiserfs\x00', &(0x7f0000000180)='./file0\x00', 0x9, 0x3, &(0x7f0000000380)=[{&(0x7f00000001c0)="7fa8ca0db927420e9a5577ce5e5a28ef3b9de6ba7f430d44302358ea870f367a69c663cd1028d04001c9b48419c9bcaf", 0x30, 0x20}, {&(0x7f00000004c0)="5158e2451b7943e3347a2f7a2f3158ce0c1549347a0be7d9bbcdbc1739c40110b04d59036f1eef6139529712f288d677db40a7d5959bdfbc0b11c6102cc42132117e43d5baac85a9810b56504be2fa538424787980c748e551e576d82d0ce839f212b23f3e941e7441e17c391242f3f814fa43930f0b1acf05c65ad0753af2255ecc17178afb9395d1aa50376ca56189bfef1f890605102517c5e98ef55f079ab6a9d6e620ecd12ab8634ae577f87b0db4464a9d742cf942cccf5c68a63c535a275dfcd0cd7db1516277621d91e417a910d92f31e0478e9e47242c87f03198693fd92cb47333", 0xe6, 0x5}, {&(0x7f0000000280)="6555b09aa5c4cf376602e80330ef0f13edddf0cdb64bfc72fafe0d27abc8a65cfbf44c51256f83dc97f53b5f55bf159207377abb3c32548e5d805f187d519c7b8f20e4a2a09443bd7c213f8aec30e1474da394db93a2bd5af9ab0a08c9db49e3306c1e6244d4599f810bf280e77b135455d0b99902543a3132e93601aa780c", 0x7f, 0x4}], 0x1, &(0x7f00000006c0)={[{@tails_on='tails=on'}], [{@appraise='appraise'}, {@dont_appraise='dont_appraise'}, {@uid_eq={'uid', 0x3d, r3}}, {@obj_role={'obj_role', 0x3d, '}'}}, {@smackfsdef={'smackfsdef'}}]}) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYPTR=&(0x7f00000017c0)=ANY=[@ANYRESHEX=r2, @ANYRES64, @ANYPTR=&(0x7f0000000740)=ANY=[@ANYRESOCT=r3, @ANYRESOCT=r2, @ANYPTR, @ANYPTR64, @ANYBLOB="1a00453ea82bbb8371e21ee51671e2b2b42bfa51089751b25cf98ce8dea31b4db65d52170e8fde1788e04a2c1a5ce669667f3cc305fbeb9bdeeeaa5bcf0587d81da525b7972ebac6a226135f77fc2020368547ffa563c368db180cf227f428a875043cc974efab220c179d066c0fe758a0a18df1899b8d7c7d991d46d2fc95a9bfbf433d8d27a47937e5e8a358fd59b2884f6c4860ad6b79090781d00900137fb816be76458aefd3e2643f6caf62ab44ac23dccee337cf46180ca403bdc1b2d0d3f0ef54a756e74dfc907c47e3249f753b8f5cd87e3d8d26cc8b824d0ab71f036cbeb044f005b80ae951c8af92246f1875744524dd995793fe5ed9bdccb91da884f69233c0f7304e1f6d9b425cefae18ac131440813c3ac69e41e7e440e6e61da5da89c6691f214c45f2ca3739160fc1af401c41379796e427adf70f16a85246710135e59aec1bd76d09a60ea6b47c80532a596c0234a2e7c0e5f3e3bbdfa35c7491aca5fb753141192d7a835544850dbf1e1516f8a5cff2b0aa5fc132f4ff19f10ae1661d3e0ec03cda902009747bfaff7059e9015c5f0b7c1fe9189268104690781c22935d1f6678162e2c99b05c0e740467e3e6c86687c81ec4942cc5f4b27c27de180137c52dc778242255593d42f1b7928fe9eb13636e3c1b6977c56ced18d06bf07b3b9787d1d6934c29539a4f708b20f5184aa43a16dbd1b02ba578c4e82e0e487918ca8a7d35608336d88afde68b45e4acef045f9114b9aeef4954c69944e97c380c29083eda858ed87f3272bd6b88b9c3c683c993e92e9e5b6f913181afa53c18044d0f6c0003d8ffb2440fe6920fedd754ee1432cee95ca97c6d968099690297bdb814cadfca0a549e9257886ee2b43c4d288e3aa615592770913c6a113623a5d7bd57d3fad7791e195e65982dcee76208daecaee7366025914c999f2428f117bc2301328f7f6015b38846ccd877c28657c5fa7e84095520c258d113b1cddcd391ea739e662431a4141d9454091868b38eb442c6e5bef61eea03fc0234f41fb78e644b4957df7366d077f43c8418cb9de7b5a08e52a79d4c3cd352662f01657f071d869e55488012d6ea25e8c4fdf17f485fe39622391d45e9a95eedd5e0ed3b933d01ef0e5c9dd38fbe9056f61d68bac632f593c0288f46f8839e316daf78be7cd16c1b5c99c0c2ca8707a5c7d483d570974c6d45bdcf911c5ac90578c6d0e408a30e82ce10454b589419a995d9eb3ed1845655b1c40af13abc373211354bd45e996e8005de4e703732417c87536ebb3bbbe405ca0aed217060d067ce1268d37ee047f655f5dd14a111a0c3f9902a25baa3e4e726723b40b810fdd8787d7338b799df28f9085f99a6cf18f029c7c682a3839b1dfd285726a32d0e9e367036a6c24ff11d5705c86b9ae5036d5c1ef67b1699e06b326f72dc7717086d59a7ac29bc4d2db7bc7e404da94b4757ce13e72ee68ee6a563ea75450689674cc7ddfe284475265bbb448e77822b9a167f64c9d84ef7ac3d0a77d3623f7cd760c1e698a3524d04cb270d51e2e147f4295263c7c362b6e748ec0cc5663b8f6f35b30f4d9ca0fa1582cdc8f4a81c1940554b5d72bfe96735223b7c008ea01e2d5e931112f767dac230da409c8a23ad79a2bacbf81257282c58aea339be0168b3f021c36b72094a28e508a3099f6580466276bbeabcc2931215dfb19f59823891392dfb28e8decf6dc3b130c6dad310986bba2db9c06046d3863e532fd02be2392a264d6c9e3ffb5795f47646718509c53c6c1dd23e80affed954b72a5ab8338427954d35b29e18cb70eb93852565bee3e0e51b2e03efb7ccb2c1129e03a57b5ef825abe67918592d4dc9948f89639bde71652f918ddd873c0b1ab262787b7f2dcf0a9e1c573c9a40031d7edea4da34b95c788d847f59f3db5673c45a8eb533ae232bb8e3cfe1e9553d916d1f9c5160773433a48e96fb839137bbeb0ddd517a061535389806fdea57437fd94f8f4d3074247bfbccd82a5d6d83596a87940ec2dfe752338a74e4c44388f26f650445090d7bc4a599dc0a56b86da2d83426fa2e86bf29469ff260d015e12624fdf7ee9be22713183af96c34251f87bc2101960a43aaa106011759cec6d8648dc366026c5ec07d9509a85a2400229fe298b7d15570934fd5f1511fc8a553cf31cccc6b58f77eb8bf73f05682fff2e226d43d3662965c5d5853e59ccfe0c6ba21ac44d2bd6c88bfeb2d89fdb3772b7521bb32b7713a14e19bd654dccea49411e21dfd5e7eec89ed011932f11d0673738f5a55bbe2a2120325b641cd86ab98d5b41204d9fd8b7d3713e6c95ec88fb82807b32526b8ad3e1231cdd20b22de4c7b49639008eb90857aff11e7fea92861bb523b8f0c2491360b149f1e262e299591aa4c68dc02eb314a19f7ed2bcb0d2f95b7d5a194b53ec18a114139d71fd886359780503f3a84d11d9c06885a95f3515d26b39d161cf976382510a2d32e650060234745af0fadfd759a19583f8626757c9e4bc5ceb65d8084e90713f3820909c5a982fd3718b8e74f3992b3e432de85056e8b4e05fd922479e0a751c0c445b122a901a74ecece51891719b32c70551e19eaf1d7270be893d52c896c8454496ba1bc92403c7daea731b4da5704daa7f94b3c3cd530e3a681d723b3b84abd8df107f8b5bf139fc3872e3128a6f99a386daa74b7b88038f5b0281d8cff238b15584db79116c1042a126ea4bfaa5a482ef8fedec2df0f36bb9b2496574e823fad45e099f616c3c68009c38f94f81202859c5aeb39029c8a2617e92de8d8d780099e9db45327010bea726518a73dbd695793724374d2ca4650b90ab6a30373b1d8722aadb600cd8b40757105fe3bff41b2be6ae7b755078ef6ff31000ffe1d830f18e4e2a390cedc3121261dc51269aceface1f9cf7c2cbdd8e12eee2cf283f91304a9026679eae724a63db4da1486e5e3cc6e44ab97b191786f588a2f7382f249baacdc51f44485cc6528dfd4e3918476e94e39736395ac11fd7c2305f91fa92e772b1709a82e27615f414a130a3a49af7018db36eb22aafb21e08117c575d960f38e56b88976ecc0b49c55a789b39ab68a7908ea4888fb190bae44f99b79ffdc40db1cdb205efcc0a89c3ec9486b88b220d53befb2f865d8842f7ad1617fbd9a5a516cf012ff27085d2ad0f747a1663832a550da7ae0af4afca433ebb3609bb5d2ddd6d37dbe5bcbcbb81b9ea1ad9b1393c4663cc2245ec14b891124256928d64369b74f9458f3bf411929ed3aca2ab3a5d0ba8337460d9dbb3367579d3242332543624a0fb7b08ef57d34778687764a702b5c9f7c96e45e5dcc4d56ae43ebe643f0b5895aa75f8fee0972e36ffaa967c559f7a21faaa106514e30f2c7659a8d3b93d037aa7c4d9460360ed6ea2bfd2f33e5b7660ea6c14cda40e99bd4ce80fbd219198385b9f0fb8438f9354336cbf879de802ee0955e7f96e026c22bdefc0658460c4926c536a24bc0889cfd7521f8277c18f20b03057e97cb50f61306f87aba198afb0351bcec06b65820cafbb82a45ce0824704af5d8307bb7cf1ad2b6be85ea36679b7e0ac2b8a163de46fb8f94b4b09fb6e3b479f7f0620f6920e05ae0f42dbb7cff88a56885db1d0a3627efc5312fa2baeb1f7f0aa96f0202c4bad3c8505924e18543307f03d4dba5140689d6a668b8341455076a99ac2138ea3860e8751de15d6d07d659cf63ca8856eff5aa502ba80b90e89e5ec1ef187000f209c24ba7fd8870fcdbc32c6f14425c7355466f35624d6468542fc24e630059e33e02d9364c3050f6cb67898f1afe21bab14d6916c5b135163260530f686db8367f85a4562f74736662c3a875b50a53b054e65492ba6fdfd3d7331e6ec681bca7a398243f85c121336564c0e2df5a315db669929650751dad4dddcd88cd1d95a45cacb99c87929a5d0baa7486224182b58941388ed47fef96981670fd9afe5745d8cf70d18cc014df7521942e2b58d5a9937bb62f1c6e746561299700ac7f89f3c149169d1fb5b91327dc35796649a32af2066ea1339ec1348e2d2336c08e06b0bc5bb37c3c36f27021d322b44ac2e6854bf4addb5aa481ccc921e3e187eff27fc63913077a3c6383a8df77eadc523a2aa5ae93062b34ce7e9997f694c6b2749fa77a8ad17f710414f74aadf7c6ea88cf2eaf2d36d5c9c734542934d7e5c8410da0f53d1f9f1f5894a62169c5f2d767619d45df9cf84f1e146cb312d8677c70ee3e907924c965eb2d68376a2c44b0adb9d6d77edba69467e28040a4a97eb329b2598882ac19d52f0ea8d115c6bd1154609dd58a39ca6728f8dda18b9b484e1f7fbbe18844d7fb452539e4d6f8999874793d004b88c398c4195d0cece5253f5ece234e95402b1fc0305268dfef20777b421e07181fc28f00afeb5758ec49811b59e978f0a508cf1dcbf646ce8615068a9545700c53321fea6b671135321e6ba3416640226957592d27344efd00ecbd17e144f768b6c1665be38e524e79eca10d0df2f608b7e7b078fffd9c6bd13adbb8fd754de2420694c70b7e90f6ce30b022e9b8a3cd0f9343d19d8d248cfe5f3cb836b7f020e52a3008f6f367108235f2ca7023e9eddc25694bfad79922271bc4f0c534adc5dc722ecd405c2a86cd2d9e94ecbcaf0dcb0cf68b324a09cfbfa7a06ddaffc29e475d4eec616efce07e337648d4e6422cb9ae3dcd8bbc851640a59cff73660f7342b4b7ce1c5957529d7a563f18126140d149e4cb297d1defcb40579d1537b6e4e5b548cc0d0e1ff1ad0db61bd7eed7a39fb25dec0b5960dd7a2ecc36a49a2207c424f765b5e1664469856d4b6264b542981346fe5f8dfb40618bf41437bc1c703ed7ccbe8e50cc4fa98075b1d82b5b95876c7b7983bfc3ccb5c28fcbff1361973c56a9e5062c21d32c60408b745928c91e78f804e8dea145409116366edd657f27b3150f9abf700613ee52bb7e6fcbf89b228eb4b0d66a51edd56f1c6f1fb6ef1811f4e8e591ce2ee9d99063973fbe7f454e7642c58a09224cb7b66dc29ce9e5e394d32be05b7ee1b587e9ad0ed03de13e67b6e29283d7c2d3559bd7e519c6de2509cd523a3ece5e7ebd158a3d04df343da8a0e43653c384974d270f16ef903ce666b1c74b6922c76d7f6909f69dba62fdbbe45675de24e6afbf6217b9ad78116e07da56c9ace5fb26c94d4bf1862366dfbf691d9e99b85fde02fae68963b03e0530d7605b6c7ae066a0eac23785525c9b5e97fd10f72fbc7021fcb8d0e0447b58176c2b65db17b01536dee9b57803069f0b7375db4dfba8e832ebd6d1e5667cfc3d63646cfa14d464ac34589cae00cfd681e03c44e9bc71f2d105340076d882ba017e71420325e43e8ee27d0f65276ed7c889f3e581fda068c4918dd8e5220185d91582c15580d853fcda9f266669f878266570b905e87d41f1402065fef0230c6f6fadd6f9945af8c51f0bfbcf06a2048f54c72ad461f67943aedabfebc9bba66b75e04061d991b235e213ccc5fd5b48ddf2e4125538e16e0ded4308b83b02c04ba846c572bfa21a250736fefbd932c0abd565124fc325a1c3c8c1b200f9651b968e8577f6ec55d9344112f8eaa38288eafc00de785b4621bd3dfff9ee693812e32ba40b30e8ddca263cd3a6a883e42db5047784c6b992dee16c8284d780c82a967129574291652d557e4e3b8727ff8f433cc3f2683a755f58c06c14b91e3ea6a2406f8c113866f26883de605b0c5fee357b013106cfdaa7cd59e19170fc64c480ad8f1f0754", @ANYRES16=r1, @ANYRESHEX=r2, @ANYRESHEX=r4], @ANYRESHEX=r1], @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) chdir(&(0x7f0000000000)='./file0\x00') mknod(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) 11:07:24 executing program 0: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff038000000800395032303030264c"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000400)={0xa0}, 0xa0) ioctl$TIOCLINUX4(r2, 0x541c, &(0x7f0000000040)) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) lstat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0}) mount$overlay(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)='overlay\x00', 0x200022, &(0x7f00000004c0)={[{@index_off='index=off'}], [{@fsmagic={'fsmagic', 0x3d, 0x1000}}, {@fowner_lt={'fowner<', r3}}, {@func={'func', 0x3d, 'BPRM_CHECK'}}, {@obj_type={'obj_type', 0x3d, '9p\x00'}}, {@audit='audit'}]}) chdir(&(0x7f0000000000)='./file0\x00') mknod(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) 11:07:24 executing program 2: r0 = syz_open_dev$evdev(&(0x7f0000000100)='/dev/input/event#\x00', 0x0, 0x0) r1 = syz_open_dev$evdev(0x0, 0x0, 0x0) dup3(r0, 0xffffffffffffffff, 0x0) ioctl$EVIOCGRAB(r0, 0x40044590, &(0x7f00000002c0)=0x7fff) ioctl$EVIOCGRAB(r1, 0x40044590, 0x0) 11:07:24 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c000000000000ffffffffffff", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) 11:07:25 executing program 3: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file1\x00', 0x80) write$P9_RVERSION(r1, &(0x7f0000000180)=ANY=[@ANYBLOB="1500000065ffff038000000800392b32303030264c8c2eeac62a83404b812f68e28f2bb2be1fb3f8773958f8024acf02892789e809a6461a7e6a0e0a1cae3a6b4a84264968a3a5afb5abe0ef1c08033f9136ed6958bafb14459a7a69762e3ac99c3492f7b5fcec4fc4daff3b8dfe10a4e1ad41e3b64d05c59134003f"], 0x15) r2 = dup(r1) getsockopt$inet_pktinfo(r2, 0x0, 0x8, &(0x7f0000000040)={0x0, @empty, @initdev}, &(0x7f0000000140)=0xc) ioctl$HCIINQUIRY(r2, 0x800448f0, &(0x7f00000002c0)={r3, 0x2, 0x4, 0x5, 0x9, 0x2, 0x4}) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000400)={0xa0}, 0xa0) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trfd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) ioctl$FS_IOC_FIEMAP(r2, 0xc020660b, &(0x7f00000004c0)={0xffffffff, 0x0, 0x2, 0x8, 0x4, [{0xffffffff80000000, 0x8, 0x9, 0x0, 0x0, 0x3404eb9cbbe6ccb3}, {0x9, 0x9, 0x5, 0x0, 0x0, 0x300}, {0x8, 0x2, 0x0, 0x0, 0x0, 0x2000}, {0x2, 0x100000000, 0x59d, 0x0, 0x0, 0x1d81}]}) write$P9_RSTAT(r2, &(0x7f0000000380)={0x41, 0x7d, 0x2, {0x0, 0x3a, 0x7f, 0x81, {0x81, 0x2}, 0x40100000, 0x7, 0x6, 0x8, 0x3, '9p\x00', 0x0, '', 0x4, 'eth1'}}, 0x41) chdir(&(0x7f0000000000)='./file0\x00') openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000280)='/dev/vhost-vsock\x00', 0x2, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000340)='/dev/audio\x00', 0x240, 0x0) 11:07:25 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c00"/20, @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) 11:07:25 executing program 0: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff038000000800395032303030264c"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000400)={0xa0}, 0xa0) ioctl$TIOCLINUX4(r2, 0x541c, &(0x7f0000000040)) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) lstat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0}) mount$overlay(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)='overlay\x00', 0x200022, &(0x7f00000004c0)={[{@index_off='index=off'}], [{@fsmagic={'fsmagic', 0x3d, 0x1000}}, {@fowner_lt={'fowner<', r3}}, {@func={'func', 0x3d, 'BPRM_CHECK'}}, {@obj_type={'obj_type', 0x3d, '9p\x00'}}, {@audit='audit'}]}) chdir(&(0x7f0000000000)='./file0\x00') mknod(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) [ 1160.629106][T11759] rdma_op 0000000062463dd8 conn xmit_rdma 00000000d8f1147d 11:07:25 executing program 1: r0 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r0, 0x8003f1) open(&(0x7f00000004c0)='./bus\x00', 0x0, 0x3500) 11:07:25 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c00"/20, @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) 11:07:25 executing program 4: ioctl$SNDRV_TIMER_IOCTL_STATUS(0xffffffffffffffff, 0x80605414, &(0x7f0000001500)=""/172) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$rds(0xffffffffffffffff, &(0x7f00000014c0)={0x0, 0x0, &(0x7f0000000bc0)=[{0x0}], 0x1, &(0x7f0000001300)=ANY=[@ANYBLOB, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYBLOB="17000000", @ANYPTR, @ANYBLOB], 0x2c}, 0x1) r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000180)={0x2, 0x0, @loopback}, 0x10) perf_event_open(&(0x7f0000000880)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000100), 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {&(0x7f0000000040)=""/156, 0x80305}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x2c}, {&(0x7f00000001c0)=""/67, 0x43}, {&(0x7f0000000240)=""/198, 0xc6}, {&(0x7f0000000140)=""/15, 0xf}, {&(0x7f0000000340)=""/54, 0x7ffff}, {&(0x7f0000000380)=""/42, 0x2a}, {&(0x7f00000003c0)=""/77, 0x4d}, {&(0x7f0000000440)=""/244, 0xf4}, {&(0x7f0000000540)=""/219, 0xdb}], 0x7}}], 0x48}, 0x0) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000640)={0x52, 0x9, 0x3, {0x9, 0x8}, {0x5}, @rumble={0x7, 0x7}}) 11:07:25 executing program 2: r0 = syz_open_dev$evdev(&(0x7f0000000100)='/dev/input/event#\x00', 0x0, 0x0) r1 = syz_open_dev$evdev(0x0, 0x0, 0x0) dup3(r0, 0xffffffffffffffff, 0x0) ioctl$EVIOCGRAB(r0, 0x40044590, &(0x7f00000002c0)=0x7fff) ioctl$EVIOCGRAB(r1, 0x40044590, 0x0) 11:07:25 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c00"/20, @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) 11:07:25 executing program 3: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x8000, 0x0) write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff038000000800395032303030264c"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000400)={0xa0}, 0xa0) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) chdir(&(0x7f0000000000)='./file0\x00') mknod(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) [ 1160.812208][ T23] audit: type=1804 audit(1566904045.254:1113): pid=11778 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir582042889/syzkaller.EPHjOp/2363/bus" dev="sda1" ino=16855 res=1 11:07:25 executing program 3: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff038000000800395032303030264c"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000400)={0xa0}, 0xa0) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB="2c778da1e766646e6f3d", @ANYRESHEX=r2]) getsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r2, 0x84, 0x18, &(0x7f00000001c0)={0x0}, &(0x7f0000000280)=0x8) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r2, 0x84, 0x6, &(0x7f00000004c0)={r3, @in6={{0xa, 0x4e21, 0x5, @dev={0xfe, 0x80, [], 0x15}, 0x2}}}, &(0x7f00000002c0)=0x84) chdir(&(0x7f0000000000)='./file0\x00') pivot_root(&(0x7f0000000040)='./file0\x00', &(0x7f0000000180)='./file0\x00') write$P9_RREADLINK(r2, &(0x7f00000003c0)={0x10, 0x17, 0x1, {0x7, './file0'}}, 0x10) mknod(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) 11:07:25 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c00"/20, @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) 11:07:25 executing program 0: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff038000000800395032303030264c"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000400)={0xa0}, 0xa0) ioctl$TIOCLINUX4(r2, 0x541c, &(0x7f0000000040)) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) lstat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0}) mount$overlay(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)='overlay\x00', 0x200022, &(0x7f00000004c0)={[{@index_off='index=off'}], [{@fsmagic={'fsmagic', 0x3d, 0x1000}}, {@fowner_lt={'fowner<', r3}}, {@func={'func', 0x3d, 'BPRM_CHECK'}}, {@obj_type={'obj_type', 0x3d, '9p\x00'}}, {@audit='audit'}]}) chdir(&(0x7f0000000000)='./file0\x00') mknod(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) 11:07:25 executing program 2: r0 = syz_open_dev$evdev(&(0x7f0000000100)='/dev/input/event#\x00', 0x0, 0x0) r1 = syz_open_dev$evdev(0x0, 0x0, 0x0) dup3(r0, 0xffffffffffffffff, 0x0) ioctl$EVIOCGRAB(r0, 0x40044590, &(0x7f00000002c0)=0x7fff) ioctl$EVIOCGRAB(r1, 0x40044590, 0x0) 11:07:25 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c00"/20, @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) [ 1161.116893][T11797] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1161.143865][T11797] CPU: 1 PID: 11797 Comm: syz-executor.4 Not tainted 5.3.0-rc6 #127 [ 1161.151952][T11797] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1161.162001][T11797] Call Trace: 11:07:25 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c00000000000000000000fffe", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) [ 1161.165275][T11797] dump_stack+0x172/0x1f0 [ 1161.169589][T11797] dump_header+0x10b/0x82d [ 1161.174000][T11797] oom_kill_process.cold+0x10/0x15 [ 1161.179101][T11797] out_of_memory+0x79a/0x12c0 [ 1161.183758][T11797] ? lock_downgrade+0x920/0x920 [ 1161.188604][T11797] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1161.194849][T11797] ? oom_killer_disable+0x280/0x280 [ 1161.200041][T11797] ? __kasan_check_read+0x11/0x20 [ 1161.205066][T11797] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1161.210601][T11797] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1161.216255][T11797] ? do_raw_spin_unlock+0x57/0x270 [ 1161.221374][T11797] ? _raw_spin_unlock+0x2d/0x50 [ 1161.226220][T11797] try_charge+0xf4b/0x1440 [ 1161.230633][T11797] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1161.236156][T11797] ? percpu_ref_tryget_live+0x111/0x290 [ 1161.236170][T11797] ? get_mem_cgroup_from_mm+0x16/0x320 [ 1161.236188][T11797] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1161.252660][T11797] mem_cgroup_try_charge+0x136/0x590 [ 1161.257941][T11797] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1161.264168][T11797] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1161.269785][T11797] __handle_mm_fault+0x1e34/0x3f20 [ 1161.274879][T11797] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1161.280404][T11797] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 1161.285843][T11797] ? handle_mm_fault+0x1ea/0x6b0 [ 1161.290754][T11797] handle_mm_fault+0x1b5/0x6b0 [ 1161.295490][T11797] __get_user_pages+0x7d4/0x1b30 [ 1161.300401][T11797] ? follow_page_mask+0x19b0/0x19b0 [ 1161.305583][T11797] ? __kasan_check_write+0x14/0x20 [ 1161.310663][T11797] ? gup_pgd_range+0x1e1/0x2d10 [ 1161.315493][T11797] get_user_pages_unlocked+0x2ae/0x4a0 [ 1161.320927][T11797] ? get_user_pages_locked+0x4d0/0x4d0 [ 1161.326361][T11797] ? trace_hardirqs_on+0x67/0x240 [ 1161.331362][T11797] get_user_pages_fast+0x4c0/0x570 [ 1161.336446][T11797] ? __get_user_pages_fast+0x410/0x410 [ 1161.341879][T11797] rds_pin_pages+0x33/0x1f0 [ 1161.346355][T11797] rds_cmsg_rdma_args+0x879/0x1150 [ 1161.351442][T11797] ? rds_rdma_extra_size+0x390/0x390 [ 1161.356694][T11797] ? rds_conn_create_outgoing+0x4b/0x60 [ 1161.362207][T11797] rds_sendmsg+0x1f32/0x35b0 [ 1161.366787][T11797] ? rds_send_drop_to+0x1640/0x1640 [ 1161.371955][T11797] ? retint_kernel+0x2b/0x2b [ 1161.376516][T11797] ? trace_hardirqs_on_caller+0x6a/0x240 [ 1161.382122][T11797] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 1161.387558][T11797] ? __this_cpu_preempt_check+0x3a/0x210 [ 1161.393161][T11797] ? retint_kernel+0x2b/0x2b [ 1161.397722][T11797] ? rds_send_drop_to+0x1640/0x1640 [ 1161.402888][T11797] sock_sendmsg+0xd7/0x130 [ 1161.407273][T11797] ? sock_sendmsg+0xd7/0x130 [ 1161.411833][T11797] ___sys_sendmsg+0x803/0x920 [ 1161.416489][T11797] ? copy_msghdr_from_user+0x440/0x440 [ 1161.421922][T11797] ? __fget+0x345/0x560 [ 1161.426063][T11797] ? __fget+0x384/0x560 [ 1161.430188][T11797] ? ksys_dup3+0x3e0/0x3e0 [ 1161.434571][T11797] ? __might_fault+0xfb/0x1e0 [ 1161.439218][T11797] ? __fget_light+0x1a9/0x230 [ 1161.443875][T11797] ? __fdget+0x1b/0x20 [ 1161.447913][T11797] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1161.454123][T11797] __sys_sendmsg+0x105/0x1d0 [ 1161.458689][T11797] ? __sys_sendmsg_sock+0xd0/0xd0 [ 1161.463689][T11797] ? __x64_sys_clock_gettime+0x16d/0x240 [ 1161.469297][T11797] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 1161.475353][T11797] __x64_sys_sendmsg+0x78/0xb0 [ 1161.480088][T11797] do_syscall_64+0xfd/0x6a0 [ 1161.484567][T11797] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1161.490432][T11797] RIP: 0033:0x459879 [ 1161.494300][T11797] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1161.513874][T11797] RSP: 002b:00007fd57ae18c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1161.522256][T11797] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459879 [ 1161.530196][T11797] RDX: 0000000000000000 RSI: 0000000020001600 RDI: 0000000000000003 [ 1161.538135][T11797] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 1161.546074][T11797] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd57ae196d4 [ 1161.554023][T11797] R13: 00000000004c77e9 R14: 00000000004dd048 R15: 00000000ffffffff [ 1161.587213][T11797] memory: usage 307200kB, limit 307200kB, failcnt 4415 [ 1161.598649][T11797] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1161.600689][ T23] audit: type=1804 audit(1566904046.044:1114): pid=11816 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir582042889/syzkaller.EPHjOp/2363/bus" dev="sda1" ino=16855 res=1 [ 1161.608161][T11818] 9pnet: Insufficient options for proto=fd [ 1161.638036][T11797] Memory cgroup stats for /syz4: [ 1161.640182][T11797] anon 237379584 [ 1161.640182][T11797] file 8192 [ 1161.640182][T11797] kernel_stack 11665408 [ 1161.640182][T11797] slab 17956864 [ 1161.640182][T11797] sock 0 [ 1161.640182][T11797] shmem 0 [ 1161.640182][T11797] file_mapped 0 [ 1161.640182][T11797] file_dirty 0 [ 1161.640182][T11797] file_writeback 0 [ 1161.640182][T11797] anon_thp 159383552 [ 1161.640182][T11797] inactive_anon 135168 [ 1161.640182][T11797] active_anon 237371392 [ 1161.640182][T11797] inactive_file 0 [ 1161.640182][T11797] active_file 0 [ 1161.640182][T11797] unevictable 135168 [ 1161.640182][T11797] slab_reclaimable 2973696 [ 1161.640182][T11797] slab_unreclaimable 14983168 [ 1161.640182][T11797] pgfault 238524 [ 1161.640182][T11797] pgmajfault 0 [ 1161.640182][T11797] workingset_refault 396 [ 1161.640182][T11797] workingset_activate 66 [ 1161.640182][T11797] workingset_nodereclaim 0 [ 1161.640182][T11797] pgrefill 6153 [ 1161.640182][T11797] pgscan 6001 [ 1161.640182][T11797] pgsteal 675 [ 1161.742436][T11818] 9pnet: Insufficient options for proto=fd [ 1161.757387][T11797] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=7857,uid=0 [ 1161.781654][T11797] Memory cgroup out of memory: Killed process 7857 (syz-executor.4) total-vm:72708kB, anon-rss:2200kB, file-rss:34816kB, shmem-rss:0kB [ 1161.814695][T11797] rdma_op 00000000db3e0a12 conn xmit_rdma 00000000d8f1147d [ 1161.815495][T11787] syz-executor.4 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 1161.868035][T11787] CPU: 1 PID: 11787 Comm: syz-executor.4 Not tainted 5.3.0-rc6 #127 [ 1161.876093][T11787] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1161.886133][T11787] Call Trace: [ 1161.889405][T11787] dump_stack+0x172/0x1f0 [ 1161.893723][T11787] dump_header+0x10b/0x82d [ 1161.898138][T11787] oom_kill_process.cold+0x10/0x15 [ 1161.903237][T11787] out_of_memory+0x79a/0x12c0 [ 1161.907903][T11787] ? lock_downgrade+0x920/0x920 [ 1161.912742][T11787] ? oom_killer_disable+0x280/0x280 11:07:26 executing program 1: r0 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r0, 0x8003f1) open(&(0x7f00000004c0)='./bus\x00', 0x0, 0x3600) 11:07:26 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c00"/20, @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) [ 1161.917940][T11787] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1161.923562][T11787] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1161.929176][T11787] ? do_raw_spin_unlock+0x57/0x270 [ 1161.929190][T11787] ? _raw_spin_unlock+0x2d/0x50 [ 1161.929204][T11787] try_charge+0xa2d/0x1440 [ 1161.943527][T11787] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1161.949067][T11787] ? get_mem_cgroup_from_mm+0x139/0x320 [ 1161.954593][T11787] ? __kasan_check_read+0x11/0x20 [ 1161.959600][T11787] ? lock_downgrade+0x920/0x920 [ 1161.964442][T11787] ? percpu_ref_tryget_live+0x111/0x290 [ 1161.969979][T11787] __memcg_kmem_charge_memcg+0x71/0xf0 [ 1161.975421][T11787] ? memcg_kmem_put_cache+0x50/0x50 [ 1161.975433][T11787] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1161.975447][T11787] __memcg_kmem_charge+0x13a/0x3a0 [ 1161.986123][T11787] __alloc_pages_nodemask+0x4f4/0x900 [ 1161.986137][T11787] ? __alloc_pages_slowpath+0x2520/0x2520 [ 1161.986153][T11787] ? percpu_ref_put_many+0xb6/0x190 [ 1162.007439][T11787] ? trace_hardirqs_on+0x67/0x240 [ 1162.012452][T11787] ? __kasan_check_read+0x11/0x20 [ 1162.017467][T11787] copy_process+0x3f8/0x6b00 [ 1162.022050][T11787] ? __kasan_check_read+0x11/0x20 [ 1162.027075][T11787] ? __cleanup_sighand+0x60/0x60 [ 1162.032014][T11787] ? finish_mkwrite_fault+0x570/0x570 [ 1162.037388][T11787] _do_fork+0x146/0xfa0 [ 1162.041538][T11787] ? copy_init_mm+0x20/0x20 [ 1162.046034][T11787] ? __kasan_check_read+0x11/0x20 [ 1162.051050][T11787] ? _copy_to_user+0x118/0x160 [ 1162.055810][T11787] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1162.062042][T11787] ? put_timespec64+0xda/0x140 [ 1162.066801][T11787] __x64_sys_clone+0x18d/0x250 [ 1162.071559][T11787] ? __ia32_sys_vfork+0xc0/0xc0 [ 1162.076417][T11787] ? trace_hardirqs_off_caller+0x65/0x230 [ 1162.082122][T11787] ? trace_hardirqs_on+0x67/0x240 [ 1162.087136][T11787] do_syscall_64+0xfd/0x6a0 [ 1162.091631][T11787] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1162.097509][T11787] RIP: 0033:0x459879 [ 1162.101393][T11787] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1162.120994][T11787] RSP: 002b:00007fd57ae39c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1162.129393][T11787] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000459879 [ 1162.137357][T11787] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1162.145320][T11787] RBP: 000000000075bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 1162.153280][T11787] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd57ae3a6d4 [ 1162.161237][T11787] R13: 00000000004bfd46 R14: 00000000004d1af8 R15: 00000000ffffffff [ 1162.173772][T11787] memory: usage 304960kB, limit 307200kB, failcnt 4423 [ 1162.173803][T11834] validate_nla: 12 callbacks suppressed [ 1162.173810][T11834] netlink: 'syz-executor.5': attribute type 4 has an invalid length. [ 1162.180814][T11787] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1162.201678][T11787] Memory cgroup stats for /syz4: [ 1162.201771][T11787] anon 235270144 [ 1162.201771][T11787] file 8192 [ 1162.201771][T11787] kernel_stack 11599872 [ 1162.201771][T11787] slab 17956864 [ 1162.201771][T11787] sock 0 [ 1162.201771][T11787] shmem 0 [ 1162.201771][T11787] file_mapped 0 [ 1162.201771][T11787] file_dirty 0 [ 1162.201771][T11787] file_writeback 0 [ 1162.201771][T11787] anon_thp 157286400 [ 1162.201771][T11787] inactive_anon 135168 [ 1162.201771][T11787] active_anon 235261952 [ 1162.201771][T11787] inactive_file 0 [ 1162.201771][T11787] active_file 0 [ 1162.201771][T11787] unevictable 135168 [ 1162.201771][T11787] slab_reclaimable 2973696 [ 1162.201771][T11787] slab_unreclaimable 14983168 [ 1162.201771][T11787] pgfault 238557 [ 1162.201771][T11787] pgmajfault 0 [ 1162.201771][T11787] workingset_refault 396 [ 1162.201771][T11787] workingset_activate 66 [ 1162.201771][T11787] workingset_nodereclaim 0 [ 1162.201771][T11787] pgrefill 6153 [ 1162.201771][T11787] pgscan 6001 [ 1162.201771][T11787] pgsteal 675 [ 1162.308466][T11787] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=7097,uid=0 11:07:26 executing program 4: ioctl$SNDRV_TIMER_IOCTL_STATUS(0xffffffffffffffff, 0x80605414, &(0x7f0000001500)=""/172) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$rds(0xffffffffffffffff, &(0x7f00000014c0)={0x0, 0x0, &(0x7f0000000bc0)=[{0x0}], 0x1, &(0x7f0000001300)=ANY=[@ANYBLOB, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYBLOB="17000000", @ANYPTR, @ANYBLOB], 0x2c}, 0x1) r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000180)={0x2, 0x0, @loopback}, 0x10) perf_event_open(&(0x7f0000000880)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000100), 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {&(0x7f0000000040)=""/156, 0x80305}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x2c}, {&(0x7f00000001c0)=""/67, 0x43}, {&(0x7f0000000240)=""/198, 0xc6}, {&(0x7f0000000140)=""/15, 0xf}, {&(0x7f0000000340)=""/54, 0x7ffff}, {&(0x7f0000000380)=""/42, 0x2a}, {&(0x7f00000003c0)=""/77, 0x4d}, {&(0x7f0000000440)=""/244, 0xf4}, {&(0x7f0000000540)=""/219, 0xdb}], 0x7}}], 0x48}, 0x0) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000640)={0x52, 0x9, 0x3, {0x9, 0x8}, {0x5}, @rumble={0x7, 0x7}}) 11:07:26 executing program 3: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff03800000080039503230bf15dea3"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) getsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(r2, 0x84, 0x1f, &(0x7f00000004c0)={0x0, @in6={{0xa, 0x4e24, 0x40, @ipv4={[], [], @remote}, 0xb55}}, 0x7, 0x5}, &(0x7f0000000040)=0x90) setsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r2, 0x84, 0x76, &(0x7f0000000180)={r3, 0x8}, 0x8) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000400)={0xa0}, 0xa0) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) chdir(&(0x7f0000000000)='./file0\x00') mknod(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) 11:07:26 executing program 0: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff038000000800395032303030264c"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000400)={0xa0}, 0xa0) ioctl$TIOCLINUX4(r2, 0x541c, &(0x7f0000000040)) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) lstat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0}) mount$overlay(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)='overlay\x00', 0x200022, &(0x7f00000004c0)={[{@index_off='index=off'}], [{@fsmagic={'fsmagic', 0x3d, 0x1000}}, {@fowner_lt={'fowner<', r3}}, {@func={'func', 0x3d, 'BPRM_CHECK'}}, {@obj_type={'obj_type', 0x3d, '9p\x00'}}, {@audit='audit'}]}) chdir(&(0x7f0000000000)='./file0\x00') 11:07:26 executing program 2: r0 = syz_open_dev$evdev(&(0x7f0000000100)='/dev/input/event#\x00', 0x0, 0x0) r1 = syz_open_dev$evdev(0x0, 0x0, 0x0) dup3(r0, r1, 0x0) ioctl$EVIOCGRAB(0xffffffffffffffff, 0x40044590, &(0x7f00000002c0)=0x7fff) ioctl$EVIOCGRAB(r1, 0x40044590, 0x0) 11:07:26 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c00"/20, @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) [ 1162.324098][T11787] Memory cgroup out of memory: Killed process 7097 (syz-executor.4) total-vm:72708kB, anon-rss:2200kB, file-rss:34816kB, shmem-rss:0kB 11:07:26 executing program 3: r0 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/btrfs-control\x00', 0x40000, 0x0) write$P9_RREAD(r0, &(0x7f0000000380)={0x5b, 0x75, 0x3, {0x50, "697637c1f4db11e2243ae736e7f1255c6edee705cde1eca76f417c749153d142fcd301e27326fc3ea0d0593fffa563145bcada7d88a410cce0a63efb48eaa38622d794530d784e0cda8e271d0d1fa926"}}, 0x5b) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r2, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff038000000800395032303030264c"], 0x15) r3 = syz_open_dev$sndpcmc(&(0x7f0000000040)='/dev/snd/pcmC#D#c\x00', 0x6, 0x10000) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000180)={0xa08ef528cd8cea62, 0x3, 0x4, 0x1000, &(0x7f0000fff000/0x1000)=nil}) ioctl$SCSI_IOCTL_DOORUNLOCK(r0, 0x5381) r4 = dup(r2) getsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f00000004c0)={{{@in=@multicast1, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@initdev}, 0x0, @in6=@local}}, &(0x7f00000005c0)=0xe8) sendmsg$nl_route(r3, &(0x7f0000000700)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f00000006c0)={&(0x7f0000000600)=@ipv4_deladdr={0xb0, 0x15, 0x900, 0x70bd28, 0x25dfdbfc, {0x2, 0x78, 0x41, 0xfd, r5}, [@IFA_LABEL={0x14, 0x3, 'tunl0\x00'}, @IFA_LABEL={0x14, 0x3, 'veth0_to_team\x00'}, @IFA_LABEL={0x14, 0x3, 'veth0_to_bridge\x00'}, @IFA_LABEL={0x14, 0x3, 'veth0_to_hsr\x00'}, @IFA_ADDRESS={0x8, 0x1, @rand_addr=0x7ff}, @IFA_FLAGS={0x8, 0x8, 0x10}, @IFA_FLAGS={0x8, 0x8, 0x28}, @IFA_ADDRESS={0x8, 0x1, @empty}, @IFA_CACHEINFO={0x14, 0x6, {0x9, 0x181d, 0x4, 0x8}}, @IFA_CACHEINFO={0x14, 0x6, {0x4, 0x200, 0x6, 0x6}}]}, 0xb0}, 0x1, 0x0, 0x0, 0xc4754375013bc8cd}, 0x20000001) write$FUSE_BMAP(r4, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_CREATE_OPEN(r4, &(0x7f0000000400)={0xa0}, 0xa0) write$FUSE_NOTIFY_RETRIEVE(r4, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000280)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYRES64, @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX=r4]) chdir(&(0x7f0000000000)='./file0\x00') mknod(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) [ 1162.405682][T11844] netlink: 'syz-executor.5': attribute type 4 has an invalid length. 11:07:26 executing program 1: r0 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r0, 0x8003f1) open(&(0x7f00000004c0)='./bus\x00', 0x0, 0x3700) 11:07:26 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c00"/20, @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) [ 1162.473505][T11848] rdma_op 000000005583c308 conn xmit_rdma 00000000d8f1147d 11:07:27 executing program 0: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff038000000800395032303030264c"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000400)={0xa0}, 0xa0) ioctl$TIOCLINUX4(r2, 0x541c, &(0x7f0000000040)) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) lstat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0}) mount$overlay(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)='overlay\x00', 0x200022, &(0x7f00000004c0)={[{@index_off='index=off'}], [{@fsmagic={'fsmagic', 0x3d, 0x1000}}, {@fowner_lt={'fowner<', r3}}, {@func={'func', 0x3d, 'BPRM_CHECK'}}, {@obj_type={'obj_type', 0x3d, '9p\x00'}}, {@audit='audit'}]}) 11:07:27 executing program 2: r0 = syz_open_dev$evdev(&(0x7f0000000100)='/dev/input/event#\x00', 0x0, 0x0) r1 = syz_open_dev$evdev(0x0, 0x0, 0x0) dup3(r0, r1, 0x0) ioctl$EVIOCGRAB(0xffffffffffffffff, 0x40044590, &(0x7f00000002c0)=0x7fff) ioctl$EVIOCGRAB(r1, 0x40044590, 0x0) 11:07:27 executing program 3: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff038000000800395032303030264c"], 0x15) r2 = dup(r1) getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f00000004c0)={0x0, @in={{0x2, 0x4e23, @multicast2}}, 0x2e27, 0x6, 0x3, 0xff, 0xa0}, &(0x7f0000000040)=0x98) getsockopt$inet_sctp_SCTP_RESET_STREAMS(r2, 0x84, 0x77, &(0x7f0000000180)={r3, 0x100, 0x2, [0x9, 0x2]}, &(0x7f00000001c0)=0xc) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000400)={0xa0}, 0xa0) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) chdir(&(0x7f0000000000)='./file0\x00') mknod(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) [ 1162.543817][T11856] rdma_op 0000000098222b5d conn xmit_rdma 00000000d8f1147d [ 1162.577246][T11866] netlink: 'syz-executor.5': attribute type 4 has an invalid length. 11:07:27 executing program 4: ioctl$SNDRV_TIMER_IOCTL_STATUS(0xffffffffffffffff, 0x80605414, &(0x7f0000001500)=""/172) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$rds(0xffffffffffffffff, &(0x7f00000014c0)={0x0, 0x0, &(0x7f0000000bc0)=[{0x0}], 0x1, &(0x7f0000001300)=ANY=[@ANYBLOB, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYBLOB="17000000", @ANYPTR, @ANYBLOB], 0x2c}, 0x1) r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000180)={0x2, 0x0, @loopback}, 0x10) perf_event_open(&(0x7f0000000880)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000100), 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {&(0x7f0000000040)=""/156, 0x80305}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x2c}, {&(0x7f00000001c0)=""/67, 0x43}, {&(0x7f0000000240)=""/198, 0xc6}, {&(0x7f0000000140)=""/15, 0xf}, {&(0x7f0000000340)=""/54, 0x7ffff}, {&(0x7f0000000380)=""/42, 0x2a}, {&(0x7f00000003c0)=""/77, 0x4d}, {&(0x7f0000000440)=""/244, 0xf4}, {&(0x7f0000000540)=""/219, 0xdb}], 0x7}}], 0x48}, 0x0) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000640)={0x52, 0x9, 0x3, {0x9, 0x8}, {0x5}, @rumble={0x7, 0x7}}) [ 1162.605343][ T23] kauditd_printk_skb: 2 callbacks suppressed [ 1162.605354][ T23] audit: type=1804 audit(1566904047.044:1117): pid=11862 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir582042889/syzkaller.EPHjOp/2365/bus" dev="sda1" ino=16517 res=1 11:07:27 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c00"/20, @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) [ 1162.694831][T11871] FS-Cache: Duplicate cookie detected [ 1162.700300][T11871] FS-Cache: O-cookie c=000000005bc9dafe [p=0000000009146bc0 fl=222 nc=0 na=1] [ 1162.709216][T11871] FS-Cache: O-cookie d=000000008c6e41aa n=000000000015a781 [ 1162.716427][T11871] FS-Cache: O-key=[10] '34323935303533343233' [ 1162.722628][T11871] FS-Cache: N-cookie c=00000000c1a05628 [p=0000000009146bc0 fl=2 nc=0 na=1] [ 1162.731307][T11871] FS-Cache: N-cookie d=000000008c6e41aa n=00000000983431e5 [ 1162.738544][T11871] FS-Cache: N-key=[10] '34323935303533343233' 11:07:27 executing program 2: r0 = syz_open_dev$evdev(&(0x7f0000000100)='/dev/input/event#\x00', 0x0, 0x0) r1 = syz_open_dev$evdev(0x0, 0x0, 0x0) dup3(r0, r1, 0x0) ioctl$EVIOCGRAB(0xffffffffffffffff, 0x40044590, &(0x7f00000002c0)=0x7fff) ioctl$EVIOCGRAB(r1, 0x40044590, 0x0) 11:07:27 executing program 0: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff038000000800395032303030264c"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000400)={0xa0}, 0xa0) ioctl$TIOCLINUX4(r2, 0x541c, &(0x7f0000000040)) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) lstat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000380)) [ 1162.797001][T11880] rds_sendmsg: 1 callbacks suppressed [ 1162.797011][T11880] rdma_op 000000008ddbc80d conn xmit_rdma 00000000d8f1147d [ 1162.824336][T11886] netlink: 'syz-executor.5': attribute type 4 has an invalid length. 11:07:27 executing program 4: ioctl$SNDRV_TIMER_IOCTL_STATUS(0xffffffffffffffff, 0x80605414, &(0x7f0000001500)=""/172) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$rds(0xffffffffffffffff, &(0x7f00000014c0)={0x0, 0x0, &(0x7f0000000bc0)=[{0x0}], 0x1, &(0x7f0000001300)=ANY=[@ANYBLOB, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYBLOB="17000000", @ANYPTR, @ANYBLOB], 0x2c}, 0x1) r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000180)={0x2, 0x0, @loopback}, 0x10) perf_event_open(&(0x7f0000000880)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000100), 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {&(0x7f0000000040)=""/156, 0x80305}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x2c}, {&(0x7f00000001c0)=""/67, 0x43}, {&(0x7f0000000240)=""/198, 0xc6}, {&(0x7f0000000140)=""/15, 0xf}, {&(0x7f0000000340)=""/54, 0x7ffff}, {&(0x7f0000000380)=""/42, 0x2a}, {&(0x7f00000003c0)=""/77, 0x4d}, {&(0x7f0000000440)=""/244, 0xf4}, {&(0x7f0000000540)=""/219, 0xdb}], 0x7}}], 0x48}, 0x0) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000640)={0x52, 0x9, 0x3, {0x9, 0x8}, {0x5}, @rumble={0x7, 0x7}}) 11:07:27 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c00"/20, @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) 11:07:27 executing program 2: r0 = syz_open_dev$evdev(&(0x7f0000000100)='/dev/input/event#\x00', 0x0, 0x0) r1 = syz_open_dev$evdev(0x0, 0x0, 0x0) dup3(r0, r1, 0x0) ioctl$EVIOCGRAB(r0, 0x40044590, 0x0) ioctl$EVIOCGRAB(r1, 0x40044590, 0x0) [ 1162.971972][T11902] netlink: 'syz-executor.5': attribute type 4 has an invalid length. [ 1163.008083][T11896] rdma_op 00000000fad26729 conn xmit_rdma 00000000d8f1147d 11:07:27 executing program 1: r0 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r0, 0x8003f1) open(&(0x7f00000004c0)='./bus\x00', 0x0, 0x3800) 11:07:27 executing program 3: r0 = accept$inet6(0xffffffffffffffff, &(0x7f0000000bc0)={0xa, 0x0, 0x0, @local}, &(0x7f0000000c00)=0x1c) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000c40)='trusted.overlay.nlink\x00', &(0x7f0000000c80)={'U+', 0x10000}, 0x28, 0x2) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x84800) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f00000001c0)={0x0, 0x0}, &(0x7f0000000280)=0xc) getgroups(0x7, &(0x7f00000002c0)=[0xffffffffffffffff, 0xee00, 0xee01, 0xee00, 0xee00, 0xffffffffffffffff, 0x0]) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000340)={0x0, 0x0, 0x0}, &(0x7f0000000380)=0xc) sendmsg$unix(r0, &(0x7f0000000a80)={&(0x7f0000000840)=@abs={0x1, 0x0, 0x4e20}, 0x6e, &(0x7f0000000a40)=[{&(0x7f00000008c0)="22563522f46d4a29051aa52986e1dbe35c9cef281d7bbc98dd102776dc2fa9c7bfda479a1f75cff28b1d7727b3cad802cf030f16048ef35489f732b0bcaa997eb523938d254e14facf2804ea17be05742e200602d0322d8e6e040c6f1d04b4989688cc65980fc34317e0e76a80623ea0cdcd991a5c1298468c33ec9115871ca15f050002916af46f40124e2699d8d98f197fee981b26aab99b72c2534ee26c5be1a3ad94ccb4a9359d2abe447b1834bbcb06fe6d9ba5b1b1d37a8badf3d22495372c46366c8344ace5b1b66d5610799c285e0cae265a", 0xd6}, {&(0x7f0000000cc0)="94c6d0bfa3660301c39e3e9d977b516ecd5658dd2be5fa2d333280a1c70f33196655e1b206bc998820f2485adc2ac76ca84b3d06d9c1badb30a09fe211cfd220754dbe79d2f8cdf014e5d7cb4851506bc560ef9862a5499ad2b7599b07dc5b5f5b967691d0e9a739e2d203f2e6ebce4dcabc45dc1f12768c13cea032cb0bf7c448342814ed08be8f0fdd85a81ecdfebaa30003745a9b555552976dfc2a43b5c8ae05bb925a3d1ce21c3ba5ba4adb1e3111122e25d8efaa9d54b1ae60c6e67751b002835b6edf7abffee577e4519a503e09f64fdb783003d61cb2789d06620189ace3a1fd9bf8194cffc5a687be590845db1931b32e00cddb060d30e296799ea54b6371cfce751887db902ea8d93964a0efe6979f4b2f054b20cbd37124d73a3464d177c66387e469579cd2df6a91045c818cd8fbb39a0d9c45126cc2a05549001a113c495dde0018f4a248fe096086869ff1d8b5938d30e1a8f3e16d620dc6248d4c030b9fa9d5b89b77cece548e5642158a39e179af10f5cae1b99fc0a7fd6b9537eb7115f534ccc235c30e7cf410116971ba09f0d1645b7f38fa0164b7ab0ee119dd321e225b2f9cecb7e2cb1dced33fd5b8856a5d0c1ff1333f33ae9f651663c1cfd8be56a5cd31e1d6fd74c0b5a0559a194161e20d9ac601b6aa11e009544a7913538f10c68ba2824a88614a7ae1711664043b3bc5e6e61a21b82005e53b326d2eb9cfcf60d2dc099e9ad705bab0f372fc49a85d8e977574ac555293d4d7634334790ca711a8f8b597871b5a7465f2a84c90fb1e52eb68c43778901c647ee82f7faa2049d23ae27b7fef074d3bfbb688684cc2f9075f24a2c9a3ca8c061b4c6fb07b1b978ef480e79179e8b47c937be52a2ff19ad609ea1c1895dd87a7bc98f73d3f9e123831e7123c95c98813a6b7d23dc433cfd0646d6218d4de4f15855f27ea8d02bec2784056044252b523706ed1b140d867bc2de6f687bebf267c2a6ab666896f1196eff2f525251e7cec30d2a99eeeea34e3b99cd213a2086c85fdd47daf074a20721d774ca9d5770f9aac554eee6eefe5661923107e75cb171228e62ca9bf41571de2228bd46c943e37f74e609206a9796db4838a6a65814e576ab276cd6b29231d8c7ded58fef0a3d1decdb21eada90f7d2d5a71539eea1ce3204894a6e889156b52b10e4cf6d19962409719e2aeabed24d948135d1669a5f2875f285737c1db80e3ef524aa3dc2f2cf601e30ffcab21e2afbf5458b65022e8e164f3ac8eb6d5042ea5bcfb8326e2e3294970f2f1daacaf7d4454d5ddeb13882eb8f31c9aa334e7c407b660213565d5b57637dc7e1a33a06a6c22c3665018dab0bd72dc51eaae1f58a4b5c5dc4c156992b4a397e0397f0661d0ab94e6cc1ce88167be1ab4e41f01a5ef5fe09097187eee6e8e87a0d9ae7bf255724d0e8d231e7cc633810c904a140206daf34a929aea52fd9fb2131c4e770f1561bf820bf9549bb91e38515d4e469e965a87de2636eeac05ccb82f4e36bee48d34976adefaf81c58e105aebe709a20b0a5fab5e864fe5537ad98e1244ffc516cd2c76cfcb7d594adc6d3b17d0bc000e3e7ae341c2356e6f95b7200954f73f6579ca89d36b1069039365d1ba4bcc9db6557db7410c488db8ab184a8ac08c06cf2dd358ca08b60cb58c91b133aace692f8c343dc2a270e3fb7213fdf94aa930b67d0592bae3b80222527b3f815a9272052fd9bab1acdac5596e8a1ceebc1b70a74bd4aa263f4d20289f2e235f271b1ee730d415d6ee0c39f54a4824e83b5846e070733bfe0ac9edd16591c895e9b27bb4859b4a0c4b0938c4d777359744d77faf98d99b2710fc4550864282125b33d6a043b87defff8292744570d23854008e271aafd8f4aab34c22ab4d4024fc153363036090f7978a64d6b464ff4942489be302f1bc6ccfb8de581e06cda3942311edd413f5cab33ae23f440cc7c2aeac0448b4d4c2f83738e085cc7c79b24b2dcf0e3b09a9840088fd44258e4072a21ea244db8f5c690f3e4d170309a0dbd175b717b3ed4062502ccf8e53a77c6005e852ea556daac811cae6e670f5801ba158d835eb173365ada32820634245e1af858e674aab3ebce03ae1149427657a3f0ef5dc670407185471d1b727ce3bce1a2eef54248ea2c70f70f7b92703f26826b798b2468296924b5621415f3d736bdfe0693de0cc005b99e6050fe2ac85d0894a51cb0be6ae6c8dba179f89f4461a12c140e15992254fbe87991e55f0bf14386e6f842523b94a8c99aa351b254adb1cab3a9a87e45963297f56c80ec53e03fa8278f982379ae60b74d8a8433f48829b15147809cc44b55ffcf67422d912acb7188579f132b7266712093d515f615d2e29769247a1a78923825e8b64807a277c5419aca476ede2b8f481b7e0911be5db969c74443abd0befa977abeb9ecf4d2c15f6815538af6d0d702a7c9d90fed502e0be51f064eaae7616a6cb9634fc81be4d3be3e501fc4af57df38c2cdeb2260645ce13afbfce0fde51376e48d8f1d69c834e7b9862414537f36c69cd250d3d11577e15c7d94d7a5a5d8873cc9eceddfe41f589179b8dbd265f4f638a0f8b41ebf9e1ad9fa61cddb9add2b6bdad537d3521a881b56f79135be87cd3568ad8fa6c7f5ee0076111b4146a6b1fc6d3cb349d886fc035d1f0946c52442e4f446c72db6a3201d32d6ebbd240c56eead551a3c661b5683087bc4447f2714bf4f51176bd454fa019ca2761e9a344a48aa1846d62618c8a02e8a94f13986902f053d9bc6018372c9e60d3ad9b874cafbeae34b008ed84708849f56046c1e8bbb8b3517de9206ebb662830d6a5fe05f6e917533a02c1fef95ba9f8fb27736adc49d6a7aea050821773417b0b794284f695cdba93abbd6d8200e0221e3cadef8b15b54907ceef7d93d9332a63101ed9dd5f5d30be85f98d592d0b4eeb2d727debc602706e538cb9403446587df81763e39aef79ca40d1d648a1a6ce615f9b650a84e97b6d9c2475dd106836888453a1a3e758e2ffa2053195629df35d1a35bbca5d4a4f9b1506b6408c462d8a8a716236cac514e5bd3d353df87189fc65f9e05f6330ff646517531f0a55c76acbd110d73cb40949e51cc974c3c314b3fb93d85fc9d57c91189cfc146e5c4bc2be6a6077c82e67c44ed911c9643946ef22742f9fef0730cfd52d658e4cdd0f556d3d460b94cb5018967e9a5fee2d5e97f8af2b57564a647163896446aaf3332c7d75fecf5cc3fe2402ca0d368e512423f00afa7587b1b3863a4831b1bcbdfc01c7a449cb29d4f2652dc570c2dc88a037d34a8b776e5e32439f444b8dce17a9b501d43e1420b2942eab9f70ae4220815debeb9390b24d1580001ef576086fb6acc286f9add376c007e0da901e3f51bd7e7be0cd7ec8f4860457101af97eb0185dba92b978591c184ded0a9fddec19f343e9d9e4fc36561700ef9eeac4e4055f43aa48b0ae0cb6ae24961d99088e7379235338b4675215ae75b933fcc0d5d587391e66a3af33850a1a19886d31e65ef0b8250298afbc24a1433e70eaf4e6c2f5292ff7e31a6540ab07319a859605f9114757de893b00a6420d5de61eb42a159f383b4d53b5f8dab7d6d2f003672f443246b4d678ff2336806e3c39f6ab9761fecfab4cbab923cc61bc73beb8ca0ba21e32d3a06ff28e7b52eb858c70e6fb1d6f4625e941649eb19835158e3da727c702c1386ca087ead861448f3da6e3efbd2c0a9070e2396e6cd0c14d7d90f6662a8de34ab2120f632c8e8ef75e7e694169c4dd9d55be1ccc09a31bfde47947f4bdab45c0287e7f8ad98a6bda964ac4143487eb5b5dbd7febb01057d2b5e79c7bb276aedf0f43359778243a491beaa970c4fbfd76f4dcabc04505407aeac96f6ec932917eca30f0e983201f10dfd8e97803e97b2997495374d10a5e8063bed37670cf6b231047465b64b5001e84a99ffbdd53dd2868a5b5ef09f0272a175ad2774ec98adc13ad1d8b756bd073df0461c37b16f0b1255e311d8afacf375e035ae4ee412143dadca9c0549c36d9d94d05970b077b7029bbf4cdde83e95a2fec5f0449a557e5513097bef332fbbe89c4d8aa6ae38047373c0d5be8fc641e9c74353503e12c159ae679eb11e30b097f2f4db4523c4597948d3bd46581ac4478215ae1f191981818dd2c7b0e5d42603962475fae72ad1a0e4caf322f08360b4b349cf4a58263d6feee6fccf1401066d83be00c225f4925c8bd26bc57801514e92a1a0b2e3377ee3473a5a046496c6085e4481f8716ed2428428a1d01c10d29a0adb4f37b57c3550e837fa99bd1f9fd6b3892d8c5b469a3d3be440cf9894b2db79d38036500b705ecd007db9d7fb96b26d820b80e77d7f17fb2d0a2859f8558d100eac0c4234c0359d50a65bece39402242fa2dda07711926f541ea6b6bcdc16f7f52fea8525f59f964bcab0febe1cf78d416649381e0a53907397276da05fbc1e0f42ceca1a856b0265f33ec5738ae05380b9733d38c68d0440a364cde56c9c2392affd2951ff5f7870ba727411738c55f2c684137c781698d6bee134372d0ade09a0e626fab19ca962777a3738773a22f145a20b012d4b9285cdcadc28d8e07dea21a8a15a9fb47c810433ad6777383526b73cffbc0ddac513fbf43624740e9cde8f5cacce715a2a7dd63a77d9ba36474c1f98b56a311028e6f3fb9e3b4afd4f7b4555f748378f70945cc2133d25708510dfd0f6287abe298905ce0edfa94348636f9fa9ff6a23270ac63d2a4b06521ca88eeaa4f5cd34cad49db701d4e9d0ef5b96aed452a81607d40a69f7b7a527b0f7b3052757ac80fbf53c69b3705f91a5b5b553e2e5df4425692bede474dd4f023b46f33ed62cda4f143da3eab9e86a1502ce9e8551767457a046ed283b83006c7c036075e0539b1fc54da3b10ab37151453661da92d28b2014c6f211ef1fca5868af4f1e2b6d245c7e21064078223e7d764283b5cd5bdcb23037ecfb8cbfcbd4582f456dfad3e7873ac85c4d72aefa4de345d156813e9bac8dc4e0c95d280b3212d876867e6e55241d9fc6bdd78e6d7f179777bef2da20f724b607fda5a8cebc4f3d6a498aa4c261dc59d4c4648bb71226c3c307740cc1f9838e6a64d5e70887ca5be10e7c41ef4cc9dae24dfce6112e6cdf4367d946b56cc56d5bd6a0ab9d591de8f2f46f90e4fa47a3a3fea9921ffa302d031098b6798078ae14644923cd14b0359dd062fddb72309284e63901ee5daf478927fe0bc92bf66f2a877fbb0c99b8e06f1597e4e5c97647fdaa05527bf59c6788856a80e9e6e9754c61cd0141b2b88f6f7fe5e563ffb73c339270ac3ed99a367a69a4966f8950bce679cb5976be37e980bb7c5a5f1d569504d26729e35e845559966d5a4c5742ad3c6dc1fe04ec1468594ece97d7726b6ef818f6670615d3f8ff70381a18b89b97d7ff3412b05fc4b9a379ec3e6da5c4ef922fd68526b8def8dfc5e93e2144660f073c3b9cc0deca62c27f154ed2d5f578c58ed9e384e6172708af7fd66c6c220351bc07332e5d4d0495ae99e96e9c60c10c97219efa189f72e03a2bfe01795709b7e0241a182fda00232b8b57df028646bcf30e8c6b318350df9c3b8524e5386dbcd0ec8c1e97ec99ec7ff533d69ec9ad71fe714faa683066b4c1beadebbad4df3eb44f2c0272a8a18ee031ea7cde235328bdc15fa6f6680b71545f290bcc2ba420a870bfae79208e7551957fe683c7f4a7a062356f788dd56fd232f0b2006343bd405567966061e4ca3ae9087911a5", 0x1000}, {&(0x7f00000009c0)="21325049237543eb205ab7ec385d7fe837c0bf6fc522162ade5d7796daa2d84f21738f26a2486f70d4c8f09dddb0ea1fefa15a7ee82366da98d0c55c0cc25d7aeb35eaa4249cb9", 0x47}], 0x3, &(0x7f0000001cc0)=ANY=[@ANYBLOB="9e3d8e31ebc400", @ANYRES32=r9, @ANYRES32=r4, @ANYRES32=r6, @ANYBLOB="0000000020000000000000000100000001000000", @ANYRES32=r0, @ANYRES32=r1, @ANYRES32=r2, @ANYRES32=r2, @ANYBLOB="28000000000000000100000001000000", @ANYRES32=r1, @ANYRES32=r2, @ANYRES32=r2, @ANYRES32=r2, @ANYRES32=r1, @ANYRES32=r2, @ANYBLOB="14000000000000000100000001000000", @ANYRES32=r2, @ANYBLOB="000000002400050000000000eafe88c3f5b08199", @ANYRES32=r0, @ANYRES32=r1, @ANYRES32=r2, @ANYRES32=r0, @ANYRES32=r2, @ANYBLOB="0000000020000000000000000100000001000000", @ANYRES32=r1, @ANYRES32=r2, @ANYRES32=r2, @ANYRES32=r2, @ANYBLOB="1c000000000000000100000002000000", @ANYRES32=r9, @ANYRES32=r10, @ANYRES32=r8, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=r3, @ANYRES32=r10, @ANYRES32=r5, @ANYBLOB="000000001c000000000000000100000001000000", @ANYRES32=r1, @ANYRES32=r0, @ANYRES32=r0, @ANYBLOB="000000001c000000000000000100000001000000", @ANYRES32=r1, @ANYRES32=r2, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00'], 0x148, 0x40}, 0x24008000) fstat(r2, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) stat(&(0x7f00000003c0)='./file0/file0\x00', &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) stat(&(0x7f0000000600)='./file0\x00', &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) lsetxattr$system_posix_acl(&(0x7f0000000000)='./file0\x00', &(0x7f0000000180)='system.posix_acl_default\x00', &(0x7f00000006c0)=ANY=[@ANYBLOB="02000000010005000000000002000200", @ANYRES32=r4, @ANYBLOB="04006f3f0000000008000200", @ANYRES32=r7, @ANYBLOB="08000200", @ANYRES32=r11, @ANYBLOB='\x00\x00\x00\b', @ANYRES32=r12, @ANYBLOB="08000600", @ANYRES32=r13, @ANYBLOB='\b\x00\a\x00', @ANYRES32=r14, @ANYBLOB="10000000000000002000070000000000"], 0x54, 0x2) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r2, &(0x7f0000000340)=ANY=[], 0x0) r15 = dup(r2) write$FUSE_BMAP(r15, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_CREATE_OPEN(r15, &(0x7f0000000400)={0xa0}, 0xa0) ioctl$VIDIOC_TRY_DECODER_CMD(r15, 0xc0485661, &(0x7f0000000740)={0x5, 0x2, @raw_data=[0x1, 0x8, 0x98cf, 0x8, 0x0, 0xc2, 0x4, 0x5, 0x8, 0x3, 0x3ff, 0x3f, 0x6852, 0x400, 0x10001]}) bind(r15, &(0x7f00000007c0)=@pppol2tpv3in6={0x18, 0x1, {0x0, r15, 0x3, 0x3, 0x3, 0x4, {0xa, 0x4e22, 0xffffffffffffff00, @mcast1, 0x32b}}}, 0x80) setsockopt$inet_tcp_int(r15, 0x6, 0x1, &(0x7f0000000ac0)=0x3, 0x4) write$FUSE_NOTIFY_RETRIEVE(r15, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='\x00'/15, @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX=r15]) chdir(&(0x7f0000000040)='./file0\x00') mknod(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) 11:07:27 executing program 0: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff038000000800395032303030264c"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000400)={0xa0}, 0xa0) ioctl$TIOCLINUX4(r2, 0x541c, &(0x7f0000000040)) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) lstat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000380)) 11:07:27 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c00"/20, @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) 11:07:27 executing program 4: ioctl$SNDRV_TIMER_IOCTL_STATUS(0xffffffffffffffff, 0x80605414, &(0x7f0000001500)=""/172) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$rds(0xffffffffffffffff, &(0x7f00000014c0)={0x0, 0x0, &(0x7f0000000bc0)=[{0x0}], 0x1, &(0x7f0000001300)=ANY=[@ANYBLOB, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYBLOB="17000000", @ANYPTR, @ANYBLOB], 0x2c}, 0x1) r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000180)={0x2, 0x0, @loopback}, 0x10) perf_event_open(&(0x7f0000000880)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000100), 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {&(0x7f0000000040)=""/156, 0x80305}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x2c}, {&(0x7f00000001c0)=""/67, 0x43}, {&(0x7f0000000240)=""/198, 0xc6}, {&(0x7f0000000140)=""/15, 0xf}, {&(0x7f0000000340)=""/54, 0x7ffff}, {&(0x7f0000000380)=""/42, 0x2a}, {&(0x7f00000003c0)=""/77, 0x4d}, {&(0x7f0000000440)=""/244, 0xf4}, {&(0x7f0000000540)=""/219, 0xdb}], 0x7}}], 0x48}, 0x0) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000640)={0x52, 0x9, 0x3, {0x9, 0x8}, {0x5}, @rumble={0x7, 0x7}}) [ 1163.122335][ T23] audit: type=1804 audit(1566904047.564:1118): pid=11912 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir582042889/syzkaller.EPHjOp/2365/bus" dev="sda1" ino=16517 res=1 11:07:27 executing program 2: r0 = syz_open_dev$evdev(&(0x7f0000000100)='/dev/input/event#\x00', 0x0, 0x0) r1 = syz_open_dev$evdev(0x0, 0x0, 0x0) dup3(r0, r1, 0x0) ioctl$EVIOCGRAB(r0, 0x40044590, 0x0) ioctl$EVIOCGRAB(r1, 0x40044590, 0x0) 11:07:27 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c00"/20, @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) [ 1163.200161][T11917] netlink: 'syz-executor.5': attribute type 4 has an invalid length. [ 1163.269402][ T23] audit: type=1804 audit(1566904047.714:1119): pid=11923 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir582042889/syzkaller.EPHjOp/2366/bus" dev="sda1" ino=16755 res=1 [ 1163.341946][T11929] netlink: 'syz-executor.5': attribute type 4 has an invalid length. [ 1163.356598][T11915] rdma_op 00000000e854cda7 conn xmit_rdma 00000000d8f1147d 11:07:27 executing program 3: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff038000000800395032303030264c"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000400)={0xa0}, 0xa0) getsockopt$SO_TIMESTAMP(r2, 0x1, 0x40, &(0x7f0000000040), &(0x7f0000000180)=0x4) prctl$PR_GET_SECUREBITS(0x1b) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) chdir(&(0x7f0000000000)='./file0\x00') sendto$rose(r2, &(0x7f0000000280)="da567e84755ffd2b5e9514de324a96f3f212d7c2ece45b088e0cdf9aaf3447005e18bca6b0a426493a315d8722531bff3c14580202609e0233c3d83d7e76adf13b4a2ac6ff", 0x45, 0x4000041, &(0x7f00000001c0)=@full={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @null, 0x0, [@bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast]}, 0x40) mknod(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) 11:07:27 executing program 0: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r0, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff038000000800395032303030264c"], 0x15) r1 = dup(r0) write$FUSE_BMAP(r1, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_CREATE_OPEN(r1, &(0x7f0000000400)={0xa0}, 0xa0) ioctl$TIOCLINUX4(r1, 0x541c, &(0x7f0000000040)) write$FUSE_NOTIFY_RETRIEVE(r1, &(0x7f00000000c0)={0x14c}, 0x137) lstat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000380)) 11:07:27 executing program 2: r0 = syz_open_dev$evdev(&(0x7f0000000100)='/dev/input/event#\x00', 0x0, 0x0) r1 = syz_open_dev$evdev(0x0, 0x0, 0x0) dup3(r0, r1, 0x0) ioctl$EVIOCGRAB(r0, 0x40044590, 0x0) ioctl$EVIOCGRAB(r1, 0x40044590, 0x0) 11:07:27 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c00"/20, @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) [ 1163.434960][T11915] syz-executor.4 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 11:07:28 executing program 3: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff038000000800395032303030264c"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000400)={0xa0}, 0xa0) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) getsockopt$SO_TIMESTAMP(r2, 0x1, 0x3f, &(0x7f0000000040), &(0x7f0000000180)=0x4) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) chdir(&(0x7f0000000000)='./file0\x00') fsmount(r2, 0x1, 0x74) mknod(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) [ 1163.504277][T11915] CPU: 1 PID: 11915 Comm: syz-executor.4 Not tainted 5.3.0-rc6 #127 [ 1163.512271][T11915] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1163.522317][T11915] Call Trace: [ 1163.525600][T11915] dump_stack+0x172/0x1f0 [ 1163.529927][T11915] dump_header+0x10b/0x82d [ 1163.534343][T11915] oom_kill_process.cold+0x10/0x15 [ 1163.539446][T11915] out_of_memory+0x79a/0x12c0 [ 1163.541563][T11945] netlink: 'syz-executor.5': attribute type 4 has an invalid length. [ 1163.544109][T11915] ? lock_downgrade+0x920/0x920 [ 1163.544131][T11915] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1163.563225][T11915] ? oom_killer_disable+0x280/0x280 [ 1163.568416][T11915] ? __kasan_check_read+0x11/0x20 [ 1163.573435][T11915] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1163.578962][T11915] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1163.584570][T11915] ? do_raw_spin_unlock+0x57/0x270 [ 1163.589660][T11915] ? _raw_spin_unlock+0x2d/0x50 [ 1163.594478][T11915] try_charge+0xf4b/0x1440 [ 1163.598865][T11915] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1163.604383][T11915] ? get_mem_cgroup_from_mm+0x139/0x320 [ 1163.609896][T11915] ? __kasan_check_read+0x11/0x20 [ 1163.614894][T11915] ? lock_downgrade+0x920/0x920 [ 1163.619713][T11915] ? percpu_ref_tryget_live+0x111/0x290 [ 1163.625233][T11915] __memcg_kmem_charge_memcg+0x71/0xf0 [ 1163.630667][T11915] ? memcg_kmem_put_cache+0x50/0x50 [ 1163.635841][T11915] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1163.641356][T11915] __memcg_kmem_charge+0x13a/0x3a0 [ 1163.646437][T11915] __alloc_pages_nodemask+0x4f4/0x900 [ 1163.651778][T11915] ? __alloc_pages_slowpath+0x2520/0x2520 [ 1163.657466][T11915] ? anon_vma_clone+0xde/0x480 [ 1163.662200][T11915] ? save_stack+0x5c/0x90 [ 1163.666498][T11915] ? save_stack+0x23/0x90 [ 1163.670797][T11915] ? __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 1163.676576][T11915] ? kasan_slab_alloc+0xf/0x20 [ 1163.681309][T11915] ? kmem_cache_alloc+0x121/0x710 [ 1163.686303][T11915] ? anon_vma_fork+0x1ea/0x4a0 [ 1163.691039][T11915] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1163.697254][T11915] alloc_pages_current+0x107/0x210 [ 1163.702335][T11915] ? _do_fork+0x146/0xfa0 [ 1163.706637][T11915] get_zeroed_page+0x14/0x50 [ 1163.714767][T11915] __pud_alloc+0x3b/0x250 [ 1163.719072][T11915] pud_alloc+0xde/0x150 [ 1163.723209][T11915] copy_page_range+0x37a/0x1ee0 [ 1163.728038][T11915] ? mark_held_locks+0xf0/0xf0 [ 1163.732785][T11915] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1163.738999][T11915] ? __kasan_check_read+0x11/0x20 [ 1163.743999][T11915] ? lock_downgrade+0x920/0x920 [ 1163.748827][T11915] ? vma_compute_subtree_gap+0x158/0x230 [ 1163.754435][T11915] ? pmd_alloc+0x180/0x180 [ 1163.758835][T11915] ? vma_gap_callbacks_rotate+0x62/0x80 [ 1163.764356][T11915] ? validate_mm_rb+0xa3/0xc0 [ 1163.769007][T11915] ? __vma_link_rb+0x275/0x370 [ 1163.773743][T11915] dup_mm+0xa67/0x1430 [ 1163.777792][T11915] ? vm_area_dup+0x170/0x170 [ 1163.782355][T11915] ? debug_mutex_init+0x2d/0x5a [ 1163.787182][T11915] copy_process+0x28b7/0x6b00 [ 1163.791831][T11915] ? kvm_clock_read+0x18/0x30 [ 1163.796485][T11915] ? retint_kernel+0x2b/0x2b [ 1163.801060][T11915] ? __cleanup_sighand+0x60/0x60 [ 1163.805977][T11915] _do_fork+0x146/0xfa0 [ 1163.810107][T11915] ? copy_init_mm+0x20/0x20 [ 1163.814597][T11915] ? __kasan_check_read+0x11/0x20 [ 1163.819599][T11915] ? _copy_to_user+0x118/0x160 [ 1163.824338][T11915] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1163.830549][T11915] ? put_timespec64+0xda/0x140 [ 1163.835289][T11915] __x64_sys_clone+0x18d/0x250 [ 1163.840028][T11915] ? __ia32_sys_vfork+0xc0/0xc0 [ 1163.844855][T11915] ? trace_hardirqs_off_caller+0x65/0x230 [ 1163.850547][T11915] ? trace_hardirqs_on+0x67/0x240 [ 1163.855548][T11915] do_syscall_64+0xfd/0x6a0 [ 1163.860024][T11915] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1163.866353][T11915] RIP: 0033:0x459879 [ 1163.870224][T11915] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1163.889798][T11915] RSP: 002b:00007fd57ae39c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1163.898179][T11915] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000459879 [ 1163.906129][T11915] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1163.914069][T11915] RBP: 000000000075bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 1163.922008][T11915] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd57ae3a6d4 [ 1163.929948][T11915] R13: 00000000004bfd46 R14: 00000000004d1af8 R15: 00000000ffffffff [ 1163.976841][T11915] memory: usage 307200kB, limit 307200kB, failcnt 4464 [ 1163.990157][T11915] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1163.998680][ T23] audit: type=1804 audit(1566904048.444:1120): pid=11948 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir582042889/syzkaller.EPHjOp/2366/bus" dev="sda1" ino=16755 res=1 [ 1164.033412][T11915] Memory cgroup stats for /syz4: [ 1164.033499][T11915] anon 236322816 [ 1164.033499][T11915] file 8192 [ 1164.033499][T11915] kernel_stack 11862016 [ 1164.033499][T11915] slab 18227200 [ 1164.033499][T11915] sock 0 [ 1164.033499][T11915] shmem 0 [ 1164.033499][T11915] file_mapped 0 [ 1164.033499][T11915] file_dirty 0 [ 1164.033499][T11915] file_writeback 0 [ 1164.033499][T11915] anon_thp 157286400 [ 1164.033499][T11915] inactive_anon 135168 [ 1164.033499][T11915] active_anon 236355584 [ 1164.033499][T11915] inactive_file 0 [ 1164.033499][T11915] active_file 0 [ 1164.033499][T11915] unevictable 135168 [ 1164.033499][T11915] slab_reclaimable 2973696 [ 1164.033499][T11915] slab_unreclaimable 15253504 [ 1164.033499][T11915] pgfault 239217 [ 1164.033499][T11915] pgmajfault 0 [ 1164.033499][T11915] workingset_refault 396 [ 1164.033499][T11915] workingset_activate 66 [ 1164.033499][T11915] workingset_nodereclaim 0 [ 1164.033499][T11915] pgrefill 6153 [ 1164.033499][T11915] pgscan 6035 [ 1164.033499][T11915] pgsteal 675 [ 1164.128714][T11915] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=11885,uid=0 [ 1164.144443][T11915] Memory cgroup out of memory: Killed process 11885 (syz-executor.4) total-vm:72708kB, anon-rss:2200kB, file-rss:34816kB, shmem-rss:0kB 11:07:28 executing program 1: r0 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r0, 0x8003f1) open(&(0x7f00000004c0)='./bus\x00', 0x0, 0x3900) 11:07:28 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c00"/20, @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) 11:07:28 executing program 2: r0 = syz_open_dev$evdev(&(0x7f0000000100)='/dev/input/event#\x00', 0x0, 0x0) r1 = syz_open_dev$evdev(0x0, 0x0, 0x0) dup3(r0, r1, 0x0) ioctl$EVIOCGRAB(r0, 0x40044590, &(0x7f00000002c0)) ioctl$EVIOCGRAB(r1, 0x40044590, 0x0) 11:07:28 executing program 4: ioctl$SNDRV_TIMER_IOCTL_STATUS(0xffffffffffffffff, 0x80605414, &(0x7f0000001500)=""/172) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$rds(0xffffffffffffffff, &(0x7f00000014c0)={0x0, 0x0, &(0x7f0000000bc0)=[{0x0}], 0x1, &(0x7f0000001300)=ANY=[@ANYBLOB, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYBLOB="17000000", @ANYPTR, @ANYBLOB], 0x2c}, 0x1) r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000180)={0x2, 0x0, @loopback}, 0x10) perf_event_open(&(0x7f0000000880)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000100), 0x2, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {&(0x7f0000000040)=""/156, 0x80305}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x2c}, {&(0x7f00000001c0)=""/67, 0x43}, {&(0x7f0000000240)=""/198, 0xc6}, {&(0x7f0000000140)=""/15, 0xf}, {&(0x7f0000000340)=""/54, 0x7ffff}, {&(0x7f0000000380)=""/42, 0x2a}, {&(0x7f00000003c0)=""/77, 0x4d}, {&(0x7f0000000440)=""/244, 0xf4}, {&(0x7f0000000540)=""/219, 0xdb}], 0x7}}], 0x48}, 0x0) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000640)={0x52, 0x9, 0x3, {0x9, 0x8}, {0x5}, @rumble={0x7, 0x7}}) 11:07:28 executing program 0: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r0, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff038000000800395032303030264c"], 0x15) r1 = dup(r0) write$FUSE_BMAP(r1, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_CREATE_OPEN(r1, &(0x7f0000000400)={0xa0}, 0xa0) ioctl$TIOCLINUX4(r1, 0x541c, &(0x7f0000000040)) write$FUSE_NOTIFY_RETRIEVE(r1, &(0x7f00000000c0)={0x14c}, 0x137) lstat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000380)) 11:07:28 executing program 3: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff038000000800395032303030264c"], 0x15) r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dsp\x00', 0x40002, 0x0) ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, &(0x7f0000000180)={0x0}) ioctl$DRM_IOCTL_NEW_CTX(r2, 0x40086425, &(0x7f00000001c0)={r3}) r4 = dup(r1) write$FUSE_BMAP(r4, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_CREATE_OPEN(r4, &(0x7f0000000400)={0xa0}, 0xa0) write$FUSE_NOTIFY_RETRIEVE(r4, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r4]) chdir(&(0x7f0000000000)='./file0\x00') mknod(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) 11:07:28 executing program 0: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r0, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff038000000800395032303030264c"], 0x15) r1 = dup(r0) write$FUSE_BMAP(r1, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_CREATE_OPEN(r1, &(0x7f0000000400)={0xa0}, 0xa0) ioctl$TIOCLINUX4(r1, 0x541c, &(0x7f0000000040)) write$FUSE_NOTIFY_RETRIEVE(r1, &(0x7f00000000c0)={0x14c}, 0x137) lstat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000380)) [ 1164.347787][T11966] netlink: 'syz-executor.5': attribute type 4 has an invalid length. [ 1164.381894][T11963] rdma_op 00000000325d8881 conn xmit_rdma 00000000d8f1147d 11:07:28 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c00"/20, @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) [ 1164.399420][ T23] audit: type=1804 audit(1566904048.844:1121): pid=11971 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir582042889/syzkaller.EPHjOp/2367/bus" dev="sda1" ino=16755 res=1 11:07:28 executing program 0: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff038000000800395032303030264c"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000400)={0xa0}, 0xa0) ioctl$TIOCLINUX4(r2, 0x541c, &(0x7f0000000040)) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) lstat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000380)) [ 1164.476293][T11980] netlink: 'syz-executor.5': attribute type 4 has an invalid length. 11:07:28 executing program 3: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff038000000800395032303030264c"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000400)={0xa0}, 0xa0) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="7472616e4ee98fea2c7266646e6f3d", @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) chdir(&(0x7f0000000000)='./file0\x00') mknod(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) 11:07:29 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c00"/20, @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) 11:07:29 executing program 4: ioctl$SNDRV_TIMER_IOCTL_STATUS(0xffffffffffffffff, 0x80605414, &(0x7f0000001500)=""/172) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$rds(0xffffffffffffffff, &(0x7f00000014c0)={0x0, 0x0, &(0x7f0000000bc0)=[{0x0}], 0x1, &(0x7f0000001300)=ANY=[@ANYBLOB, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYBLOB="17000000", @ANYPTR, @ANYBLOB], 0x2c}, 0x1) r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000180)={0x2, 0x0, @loopback}, 0x10) perf_event_open(&(0x7f0000000880)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000100), 0x3, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {&(0x7f0000000040)=""/156, 0x80305}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x2c}, {&(0x7f00000001c0)=""/67, 0x43}, {&(0x7f0000000240)=""/198, 0xc6}, {&(0x7f0000000140)=""/15, 0xf}, {&(0x7f0000000340)=""/54, 0x7ffff}, {&(0x7f0000000380)=""/42, 0x2a}, {&(0x7f00000003c0)=""/77, 0x4d}, {&(0x7f0000000440)=""/244, 0xf4}, {&(0x7f0000000540)=""/219, 0xdb}], 0x7}}], 0x48}, 0x0) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000640)={0x52, 0x9, 0x3, {0x9, 0x8}, {0x5}, @rumble={0x7, 0x7}}) [ 1164.710011][ T23] audit: type=1804 audit(1566904049.154:1122): pid=11997 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir582042889/syzkaller.EPHjOp/2367/bus" dev="sda1" ino=16755 res=1 [ 1164.822713][T11995] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1164.835321][T11995] CPU: 1 PID: 11995 Comm: syz-executor.4 Not tainted 5.3.0-rc6 #127 [ 1164.843300][T11995] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1164.853333][T11995] Call Trace: [ 1164.856602][T11995] dump_stack+0x172/0x1f0 [ 1164.860902][T11995] dump_header+0x10b/0x82d [ 1164.865292][T11995] oom_kill_process.cold+0x10/0x15 [ 1164.870375][T11995] out_of_memory+0x79a/0x12c0 [ 1164.875019][T11995] ? lock_downgrade+0x920/0x920 [ 1164.879929][T11995] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1164.886139][T11995] ? oom_killer_disable+0x280/0x280 [ 1164.891306][T11995] ? __kasan_check_read+0x11/0x20 [ 1164.896310][T11995] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1164.901953][T11995] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1164.907566][T11995] ? do_raw_spin_unlock+0x57/0x270 [ 1164.912647][T11995] ? _raw_spin_unlock+0x2d/0x50 [ 1164.917471][T11995] try_charge+0xf4b/0x1440 [ 1164.921862][T11995] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1164.927377][T11995] ? percpu_ref_tryget_live+0x111/0x290 [ 1164.932891][T11995] ? get_mem_cgroup_from_mm+0x16/0x320 [ 1164.938319][T11995] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1164.943831][T11995] mem_cgroup_try_charge+0x136/0x590 [ 1164.949084][T11995] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1164.955296][T11995] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1164.960906][T11995] __handle_mm_fault+0x1e34/0x3f20 [ 1164.965997][T11995] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1164.971620][T11995] ? __kasan_check_read+0x11/0x20 [ 1164.976620][T11995] ? do_raw_spin_unlock+0x57/0x270 [ 1164.981704][T11995] ? trace_hardirqs_on+0x67/0x240 [ 1164.986703][T11995] handle_mm_fault+0x1b5/0x6b0 [ 1164.991441][T11995] __get_user_pages+0x7d4/0x1b30 [ 1164.996355][T11995] ? follow_page_mask+0x19b0/0x19b0 [ 1165.001523][T11995] ? __kasan_check_write+0x14/0x20 [ 1165.006615][T11995] ? gup_pgd_range+0x1e1/0x2d10 [ 1165.011436][T11995] ? trace_hardirqs_on_caller+0x6a/0x240 [ 1165.017048][T11995] get_user_pages_unlocked+0x2ae/0x4a0 [ 1165.022486][T11995] ? get_user_pages_locked+0x4d0/0x4d0 [ 1165.027920][T11995] ? get_user_pages_fast+0x24c/0x570 [ 1165.033176][T11995] get_user_pages_fast+0x4c0/0x570 [ 1165.038260][T11995] ? __get_user_pages_fast+0x410/0x410 [ 1165.043702][T11995] ? memset+0x32/0x40 [ 1165.047660][T11995] rds_pin_pages+0x33/0x1f0 [ 1165.052139][T11995] rds_cmsg_rdma_args+0x879/0x1150 [ 1165.057229][T11995] ? rds_rdma_extra_size+0x390/0x390 [ 1165.062489][T11995] ? rds_sendmsg+0x1a9c/0x35b0 [ 1165.067235][T11995] rds_sendmsg+0x1f32/0x35b0 [ 1165.071797][T11995] ? rw_copy_check_uvector+0x2ce/0x390 [ 1165.077229][T11995] ? rds_send_drop_to+0x1640/0x1640 [ 1165.082399][T11995] ? aa_sk_perm+0x288/0x880 [ 1165.086874][T11995] ? lock_downgrade+0x920/0x920 [ 1165.091702][T11995] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 1165.097222][T11995] ? apparmor_socket_sendmsg+0x2a/0x30 [ 1165.102652][T11995] ? rds_send_drop_to+0x1640/0x1640 [ 1165.107824][T11995] sock_sendmsg+0xd7/0x130 [ 1165.112209][T11995] ? sock_sendmsg+0xd7/0x130 [ 1165.116793][T11995] ___sys_sendmsg+0x803/0x920 [ 1165.121459][T11995] ? copy_msghdr_from_user+0x440/0x440 [ 1165.126894][T11995] ? __fget+0x384/0x560 [ 1165.131027][T11995] ? ksys_dup3+0x3e0/0x3e0 [ 1165.135422][T11995] ? __might_fault+0xfb/0x1e0 [ 1165.140072][T11995] ? __fget_light+0x1a9/0x230 [ 1165.144717][T11995] ? __fdget+0x1b/0x20 [ 1165.148754][T11995] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1165.154968][T11995] __sys_sendmsg+0x105/0x1d0 [ 1165.159546][T11995] ? __sys_sendmsg_sock+0xd0/0xd0 [ 1165.164545][T11995] ? __x64_sys_clock_gettime+0x16d/0x240 [ 1165.170153][T11995] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 1165.176198][T11995] __x64_sys_sendmsg+0x78/0xb0 [ 1165.180940][T11995] do_syscall_64+0xfd/0x6a0 [ 1165.185413][T11995] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1165.191276][T11995] RIP: 0033:0x459879 [ 1165.195143][T11995] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1165.214727][T11995] RSP: 002b:00007fd57ae39c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1165.223105][T11995] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459879 [ 1165.231045][T11995] RDX: 0000000000000000 RSI: 0000000020001600 RDI: 0000000000000003 [ 1165.238984][T11995] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1165.246923][T11995] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd57ae3a6d4 [ 1165.254861][T11995] R13: 00000000004c77e9 R14: 00000000004dd048 R15: 00000000ffffffff 11:07:29 executing program 1: r0 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r0, 0x8003f1) open(&(0x7f00000004c0)='./bus\x00', 0x0, 0x3a00) 11:07:29 executing program 2: r0 = syz_open_dev$evdev(&(0x7f0000000100)='/dev/input/event#\x00', 0x0, 0x0) r1 = syz_open_dev$evdev(0x0, 0x0, 0x0) dup3(r0, r1, 0x0) ioctl$EVIOCGRAB(r0, 0x40044590, &(0x7f00000002c0)) ioctl$EVIOCGRAB(r1, 0x40044590, 0x0) 11:07:29 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c00"/20, @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) 11:07:29 executing program 0: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff038000000800395032303030264c"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000400)={0xa0}, 0xa0) ioctl$TIOCLINUX4(r2, 0x541c, &(0x7f0000000040)) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) lstat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000380)) 11:07:29 executing program 3: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff038000000800395032303030264c"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000400)={0xa0}, 0xa0) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) socket$inet6_sctp(0xa, 0x1, 0x84) chdir(&(0x7f0000000000)='./file0\x00') lstat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_mount_image$iso9660(&(0x7f0000000040)='iso9660\x00', &(0x7f0000000180)='./file0\x00', 0xfffffffffffffabe, 0x1, &(0x7f00000001c0)=[{&(0x7f00000004c0)="e7dc4317cd6939f9330969cb2177bf6e081478b7943c566d04873792e4915ca91068766f5d3e884954533fa2d2df935bfadbcde16abd1b1c7834698bf6bcb90b1b33b42ed4a3dcb33b21389f2a50cd5194685490c89a681ecafc960aef7d53f69c3d758230ee2b0a30c5de2f9f919f3c5c108bced93fe1e6dc06dd13834c5c066780422a64e1ef64d53674a1536d3af973ee5647d008990f769afa21cd2923e831114c5dd4", 0xa5, 0x4}], 0x1088000, &(0x7f0000000600)={[{@sbsector={'sbsector', 0x3d, 0x7}}, {@gid={'gid', 0x3d, r3}}, {@unhide='unhide'}, {@iocharset={'iocharset', 0x3d, 'cp1255'}}, {@sbsector={'sbsector'}}, {@mode={'mode', 0x3d, 0x10000}}], [{@permit_directio='permit_directio'}, {@mask={'mask', 0x3d, 'MAY_EXEC'}}, {@smackfshat={'smackfshat', 0x3d, '9p\x00'}}, {@audit='audit'}, {@fsmagic={'fsmagic', 0x3d, 0x3}}, {@fscontext={'fscontext', 0x3d, 'user_u'}}, {@dont_appraise='dont_appraise'}, {@audit='audit'}, {@obj_role={'obj_role', 0x3d, 'keyring/@$\\$]]procbdev&'}}, {@fsuuid={'fsuuid', 0x3d, {[0x37, 0x750fa95a7e742a2d, 0x32, 0x34, 0x37, 0x39, 0x33, 0x66], 0x2d, [0x36, 0x39, 0xbe93d8545fba04e4, 0x34], 0x2d, [0x32, 0x32, 0x35, 0x37], 0x2d, [0x7f, 0x32, 0x34, 0x32], 0x2d, [0x0, 0x33, 0x38, 0x3f, 0x34, 0x30, 0x35, 0x5c1edfe1d2d61a83]}}}]}) mknod(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) [ 1165.281155][T11995] memory: usage 307200kB, limit 307200kB, failcnt 4519 [ 1165.310999][T11995] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1165.340513][T11995] Memory cgroup stats for /syz4: [ 1165.342652][T11995] anon 236060672 [ 1165.342652][T11995] file 8192 [ 1165.342652][T11995] kernel_stack 11862016 [ 1165.342652][T11995] slab 18227200 [ 1165.342652][T11995] sock 0 [ 1165.342652][T11995] shmem 0 [ 1165.342652][T11995] file_mapped 0 [ 1165.342652][T11995] file_dirty 0 [ 1165.342652][T11995] file_writeback 0 [ 1165.342652][T11995] anon_thp 157286400 [ 1165.342652][T11995] inactive_anon 135168 [ 1165.342652][T11995] active_anon 236150784 [ 1165.342652][T11995] inactive_file 0 [ 1165.342652][T11995] active_file 0 [ 1165.342652][T11995] unevictable 135168 [ 1165.342652][T11995] slab_reclaimable 2973696 [ 1165.342652][T11995] slab_unreclaimable 15253504 [ 1165.342652][T11995] pgfault 239580 [ 1165.342652][T11995] pgmajfault 0 [ 1165.342652][T11995] workingset_refault 396 [ 1165.342652][T11995] workingset_activate 66 [ 1165.342652][T11995] workingset_nodereclaim 0 [ 1165.342652][T11995] pgrefill 6153 [ 1165.342652][T11995] pgscan 6035 [ 1165.342652][T11995] pgsteal 675 11:07:29 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c00"/20, @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) [ 1165.351778][ T23] audit: type=1804 audit(1566904049.794:1123): pid=12017 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir582042889/syzkaller.EPHjOp/2368/bus" dev="sda1" ino=17129 res=1 [ 1165.461522][T11995] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=11977,uid=0 11:07:30 executing program 0: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff038000000800395032303030264c"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000400)={0xa0}, 0xa0) ioctl$TIOCLINUX4(r2, 0x541c, &(0x7f0000000040)) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) lstat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000380)) 11:07:30 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c00"/20, @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) [ 1165.512721][T11995] Memory cgroup out of memory: Killed process 11977 (syz-executor.4) total-vm:72708kB, anon-rss:2200kB, file-rss:34816kB, shmem-rss:0kB 11:07:30 executing program 2: r0 = syz_open_dev$evdev(&(0x7f0000000100)='/dev/input/event#\x00', 0x0, 0x0) r1 = syz_open_dev$evdev(0x0, 0x0, 0x0) dup3(r0, r1, 0x0) ioctl$EVIOCGRAB(r0, 0x40044590, &(0x7f00000002c0)) ioctl$EVIOCGRAB(r1, 0x40044590, 0x0) 11:07:30 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c00"/20, @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) [ 1165.641573][T11995] rdma_op 0000000002d58e6d conn xmit_rdma 00000000d8f1147d 11:07:30 executing program 4: ioctl$SNDRV_TIMER_IOCTL_STATUS(0xffffffffffffffff, 0x80605414, &(0x7f0000001500)=""/172) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$rds(0xffffffffffffffff, &(0x7f00000014c0)={0x0, 0x0, &(0x7f0000000bc0)=[{0x0}], 0x1, &(0x7f0000001300)=ANY=[@ANYBLOB, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYBLOB="17000000", @ANYPTR, @ANYBLOB], 0x2c}, 0x1) r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000180)={0x2, 0x0, @loopback}, 0x10) perf_event_open(&(0x7f0000000880)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000100), 0x4, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {&(0x7f0000000040)=""/156, 0x80305}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x2c}, {&(0x7f00000001c0)=""/67, 0x43}, {&(0x7f0000000240)=""/198, 0xc6}, {&(0x7f0000000140)=""/15, 0xf}, {&(0x7f0000000340)=""/54, 0x7ffff}, {&(0x7f0000000380)=""/42, 0x2a}, {&(0x7f00000003c0)=""/77, 0x4d}, {&(0x7f0000000440)=""/244, 0xf4}, {&(0x7f0000000540)=""/219, 0xdb}], 0x7}}], 0x48}, 0x0) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000640)={0x52, 0x9, 0x3, {0x9, 0x8}, {0x5}, @rumble={0x7, 0x7}}) 11:07:30 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c00"/20, @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) [ 1165.755287][ T23] audit: type=1804 audit(1566904050.194:1124): pid=12038 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir582042889/syzkaller.EPHjOp/2368/bus" dev="sda1" ino=17129 res=1 [ 1165.888052][T12044] rdma_op 00000000c9e9b6f6 conn xmit_rdma 00000000d8f1147d [ 1165.914488][T12044] syz-executor.4 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1165.929030][T12044] CPU: 1 PID: 12044 Comm: syz-executor.4 Not tainted 5.3.0-rc6 #127 11:07:30 executing program 1: r0 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r0, 0x8003f1) open(&(0x7f00000004c0)='./bus\x00', 0x0, 0x3b00) 11:07:30 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c00"/20, @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) 11:07:30 executing program 3: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff038000000800395032303030264c"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000400)={0xa0}, 0xa0) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) recvfrom$netrom(r2, &(0x7f00000004c0)=""/226, 0xe2, 0x1, 0x0, 0x0) chdir(&(0x7f0000000000)='./file0\x00') mknod(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) 11:07:30 executing program 0: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff038000000800395032303030264c"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000400)={0xa0}, 0xa0) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) lstat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000380)) [ 1165.937009][T12044] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1165.947053][T12044] Call Trace: [ 1165.950331][T12044] dump_stack+0x172/0x1f0 [ 1165.954650][T12044] dump_header+0x10b/0x82d [ 1165.959062][T12044] oom_kill_process.cold+0x10/0x15 [ 1165.964171][T12044] out_of_memory+0x79a/0x12c0 [ 1165.968835][T12044] ? lock_downgrade+0x920/0x920 [ 1165.973680][T12044] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1165.979912][T12044] ? oom_killer_disable+0x280/0x280 [ 1165.985108][T12044] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1165.990644][T12044] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1165.990665][T12044] ? do_raw_spin_unlock+0x57/0x270 [ 1166.001391][T12044] ? _raw_spin_unlock+0x2d/0x50 [ 1166.006224][T12044] try_charge+0xf4b/0x1440 [ 1166.006239][T12044] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1166.006256][T12044] ? get_mem_cgroup_from_mm+0x139/0x320 [ 1166.021675][T12044] ? __kasan_check_read+0x11/0x20 [ 1166.026715][T12044] ? lock_downgrade+0x920/0x920 [ 1166.026729][T12044] ? percpu_ref_tryget_live+0x111/0x290 [ 1166.026753][T12044] __memcg_kmem_charge_memcg+0x71/0xf0 [ 1166.042537][T12044] ? memcg_kmem_put_cache+0x50/0x50 [ 1166.047739][T12044] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1166.053270][T12044] __memcg_kmem_charge+0x13a/0x3a0 [ 1166.053286][T12044] __alloc_pages_nodemask+0x4f4/0x900 [ 1166.053302][T12044] ? __alloc_pages_slowpath+0x2520/0x2520 [ 1166.069452][T12044] ? lock_downgrade+0x920/0x920 [ 1166.074298][T12044] ? rwlock_bug.part.0+0x90/0x90 [ 1166.079229][T12044] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1166.085463][T12044] alloc_pages_current+0x107/0x210 [ 1166.085787][T12059] FS-Cache: Duplicate cookie detected [ 1166.090565][T12044] ? do_raw_spin_unlock+0x57/0x270 [ 1166.090581][T12044] __pmd_alloc+0x41/0x460 [ 1166.090598][T12044] ? pmd_val+0x100/0x100 [ 1166.095957][T12059] FS-Cache: O-cookie c=000000007d465343 [p=0000000009146bc0 fl=222 nc=0 na=1] [ 1166.101029][T12044] pmd_alloc+0x10c/0x180 [ 1166.105339][T12059] FS-Cache: O-cookie d=000000008c6e41aa n=0000000044771e70 [ 1166.109541][T12044] copy_page_range+0x610/0x1ee0 [ 1166.118354][T12059] FS-Cache: O-key=[10] '34323935303533373437' [ 1166.122651][T12044] ? mark_held_locks+0xf0/0xf0 [ 1166.129824][T12059] FS-Cache: N-cookie c=0000000074e3a5e4 [p=0000000009146bc0 fl=2 nc=0 na=1] [ 1166.134630][T12044] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1166.140659][T12059] FS-Cache: N-cookie d=000000008c6e41aa n=00000000f5ece4cf [ 1166.145382][T12044] ? mark_held_locks+0xf0/0xf0 [ 1166.145397][T12044] ? __kasan_check_read+0x11/0x20 [ 1166.154030][T12059] FS-Cache: N-key=[10] '34323935303533373437' [ 1166.160239][T12044] ? dup_mm+0x7cd/0x1430 [ 1166.160253][T12044] ? __kasan_check_read+0x11/0x20 [ 1166.192402][T12044] ? pmd_alloc+0x180/0x180 [ 1166.196807][T12044] ? lock_downgrade+0x920/0x920 [ 1166.201650][T12044] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 1166.207361][T12044] ? validate_mm_rb+0xa3/0xc0 [ 1166.212023][T12044] ? __vma_link_rb+0x275/0x370 [ 1166.216770][T12044] ? __kasan_check_write+0x14/0x20 [ 1166.221888][T12044] dup_mm+0xa67/0x1430 [ 1166.225971][T12044] ? vm_area_dup+0x170/0x170 [ 1166.230554][T12044] ? debug_mutex_init+0x2d/0x5a [ 1166.235395][T12044] copy_process+0x28b7/0x6b00 [ 1166.240069][T12044] ? copy_msghdr_from_user+0x440/0x440 [ 1166.245538][T12044] ? __cleanup_sighand+0x60/0x60 [ 1166.250489][T12044] _do_fork+0x146/0xfa0 [ 1166.254636][T12044] ? copy_init_mm+0x20/0x20 [ 1166.259169][T12044] ? __kasan_check_read+0x11/0x20 [ 1166.264181][T12044] ? _copy_to_user+0x118/0x160 [ 1166.268930][T12044] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1166.268947][T12044] ? put_timespec64+0xda/0x140 [ 1166.279890][T12044] __x64_sys_clone+0x18d/0x250 [ 1166.284633][T12044] ? __ia32_sys_vfork+0xc0/0xc0 [ 1166.284649][T12044] ? trace_hardirqs_off_caller+0x65/0x230 [ 1166.295155][T12044] ? trace_hardirqs_on+0x67/0x240 [ 1166.300164][T12044] do_syscall_64+0xfd/0x6a0 [ 1166.300182][T12044] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1166.310520][T12044] RIP: 0033:0x459879 [ 1166.314402][T12044] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1166.333987][T12044] RSP: 002b:00007fd57ae39c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1166.342381][T12044] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000459879 [ 1166.350337][T12044] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1166.358296][T12044] RBP: 000000000075bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 1166.366273][T12044] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd57ae3a6d4 [ 1166.374232][T12044] R13: 00000000004bfd46 R14: 00000000004d1af8 R15: 00000000ffffffff [ 1166.385301][ T23] audit: type=1804 audit(1566904050.374:1125): pid=12057 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir582042889/syzkaller.EPHjOp/2369/bus" dev="sda1" ino=16932 res=1 [ 1166.387281][T12044] memory: usage 307200kB, limit 307200kB, failcnt 4541 11:07:30 executing program 2: r0 = syz_open_dev$evdev(&(0x7f0000000100)='/dev/input/event#\x00', 0x0, 0x0) r1 = syz_open_dev$evdev(0x0, 0x0, 0x0) dup3(r0, r1, 0x0) ioctl$EVIOCGRAB(r0, 0x40044590, &(0x7f00000002c0)) ioctl$EVIOCGRAB(0xffffffffffffffff, 0x40044590, 0x0) 11:07:30 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c00"/20, @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) [ 1166.438949][ T23] audit: type=1804 audit(1566904050.374:1126): pid=12064 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir582042889/syzkaller.EPHjOp/2369/bus" dev="sda1" ino=16932 res=1 [ 1166.466516][T12044] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1166.473366][T12044] Memory cgroup stats for /syz4: [ 1166.473463][T12044] anon 236048384 [ 1166.473463][T12044] file 8192 [ 1166.473463][T12044] kernel_stack 11862016 11:07:30 executing program 1: r0 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r0, 0x8003f1) open(&(0x7f00000004c0)='./bus\x00', 0x0, 0x3c00) [ 1166.473463][T12044] slab 18362368 [ 1166.473463][T12044] sock 0 [ 1166.473463][T12044] shmem 0 [ 1166.473463][T12044] file_mapped 0 [ 1166.473463][T12044] file_dirty 0 [ 1166.473463][T12044] file_writeback 0 [ 1166.473463][T12044] anon_thp 157286400 [ 1166.473463][T12044] inactive_anon 135168 [ 1166.473463][T12044] active_anon 236003328 [ 1166.473463][T12044] inactive_file 0 [ 1166.473463][T12044] active_file 0 [ 1166.473463][T12044] unevictable 135168 [ 1166.473463][T12044] slab_reclaimable 2973696 [ 1166.473463][T12044] slab_unreclaimable 15388672 [ 1166.473463][T12044] pgfault 239778 [ 1166.473463][T12044] pgmajfault 0 [ 1166.473463][T12044] workingset_refault 396 [ 1166.473463][T12044] workingset_activate 66 [ 1166.473463][T12044] workingset_nodereclaim 0 [ 1166.473463][T12044] pgrefill 6153 [ 1166.473463][T12044] pgscan 6035 [ 1166.473463][T12044] pgsteal 675 [ 1166.576592][T12044] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=12043,uid=0 [ 1166.599639][T12044] Memory cgroup out of memory: Killed process 12043 (syz-executor.4) total-vm:72708kB, anon-rss:2196kB, file-rss:35792kB, shmem-rss:0kB 11:07:31 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c00"/20, @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) 11:07:31 executing program 0: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff038000000800395032303030264c"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000400)={0xa0}, 0xa0) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) lstat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000380)) 11:07:31 executing program 4: ioctl$SNDRV_TIMER_IOCTL_STATUS(0xffffffffffffffff, 0x80605414, &(0x7f0000001500)=""/172) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$rds(0xffffffffffffffff, &(0x7f00000014c0)={0x0, 0x0, &(0x7f0000000bc0)=[{0x0}], 0x1, &(0x7f0000001300)=ANY=[@ANYBLOB, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYBLOB="17000000", @ANYPTR, @ANYBLOB], 0x2c}, 0x1) r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000180)={0x2, 0x0, @loopback}, 0x10) perf_event_open(&(0x7f0000000880)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000100), 0x5, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {&(0x7f0000000040)=""/156, 0x80305}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x2c}, {&(0x7f00000001c0)=""/67, 0x43}, {&(0x7f0000000240)=""/198, 0xc6}, {&(0x7f0000000140)=""/15, 0xf}, {&(0x7f0000000340)=""/54, 0x7ffff}, {&(0x7f0000000380)=""/42, 0x2a}, {&(0x7f00000003c0)=""/77, 0x4d}, {&(0x7f0000000440)=""/244, 0xf4}, {&(0x7f0000000540)=""/219, 0xdb}], 0x7}}], 0x48}, 0x0) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000640)={0x52, 0x9, 0x3, {0x9, 0x8}, {0x5}, @rumble={0x7, 0x7}}) 11:07:31 executing program 3: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff038000000800365032303030264c"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) bind$unix(r1, &(0x7f0000000180)=@abs={0x0, 0x0, 0x4e23}, 0x6e) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000400)={0xa0}, 0xa0) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) chdir(&(0x7f0000000000)='./file0\x00') mknod(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) 11:07:31 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c00000000000000000000ffff", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) 11:07:31 executing program 2: r0 = syz_open_dev$evdev(&(0x7f0000000100)='/dev/input/event#\x00', 0x0, 0x0) r1 = syz_open_dev$evdev(0x0, 0x0, 0x0) dup3(r0, r1, 0x0) ioctl$EVIOCGRAB(r0, 0x40044590, &(0x7f00000002c0)) ioctl$EVIOCGRAB(0xffffffffffffffff, 0x40044590, 0x0) [ 1166.811724][T12084] rdma_op 000000000295b02e conn xmit_rdma 00000000d8f1147d [ 1166.881932][T12087] rdma_op 00000000350fbad1 conn xmit_rdma 00000000d8f1147d 11:07:31 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c00000000000000000000ffff", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) 11:07:31 executing program 4: ioctl$SNDRV_TIMER_IOCTL_STATUS(0xffffffffffffffff, 0x80605414, &(0x7f0000001500)=""/172) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$rds(0xffffffffffffffff, &(0x7f00000014c0)={0x0, 0x0, &(0x7f0000000bc0)=[{0x0}], 0x1, &(0x7f0000001300)=ANY=[@ANYBLOB, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYBLOB="17000000", @ANYPTR, @ANYBLOB], 0x2c}, 0x1) r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000180)={0x2, 0x0, @loopback}, 0x10) perf_event_open(&(0x7f0000000880)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000100), 0x6, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {&(0x7f0000000040)=""/156, 0x80305}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x2c}, {&(0x7f00000001c0)=""/67, 0x43}, {&(0x7f0000000240)=""/198, 0xc6}, {&(0x7f0000000140)=""/15, 0xf}, {&(0x7f0000000340)=""/54, 0x7ffff}, {&(0x7f0000000380)=""/42, 0x2a}, {&(0x7f00000003c0)=""/77, 0x4d}, {&(0x7f0000000440)=""/244, 0xf4}, {&(0x7f0000000540)=""/219, 0xdb}], 0x7}}], 0x48}, 0x0) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000640)={0x52, 0x9, 0x3, {0x9, 0x8}, {0x5}, @rumble={0x7, 0x7}}) 11:07:31 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c00000000000000000000ffff", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) 11:07:31 executing program 0: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff038000000800395032303030264c"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000400)={0xa0}, 0xa0) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) lstat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000380)) 11:07:31 executing program 3: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff038000000800395032303030264c"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) ioctl$sock_netdev_private(r1, 0x89f4, &(0x7f0000000040)="7c590f29902398c2c5a9cd767c323c4d2024ae04c0b4a349ec1de65117c9f56d29dec6") write$FUSE_CREATE_OPEN(r2, &(0x7f0000000400)={0xa0}, 0xa0) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) openat$dsp(0xffffffffffffff9c, &(0x7f0000000180)='/dev/dsp\x00', 0x40, 0x0) chdir(&(0x7f0000000000)='./file0\x00') mknod(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) [ 1167.118738][T12110] rdma_op 00000000c4532e24 conn xmit_rdma 00000000d8f1147d 11:07:31 executing program 1: r0 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r0, 0x8003f1) open(&(0x7f00000004c0)='./bus\x00', 0x0, 0x3d00) 11:07:31 executing program 2: r0 = syz_open_dev$evdev(&(0x7f0000000100)='/dev/input/event#\x00', 0x0, 0x0) r1 = syz_open_dev$evdev(0x0, 0x0, 0x0) dup3(r0, r1, 0x0) ioctl$EVIOCGRAB(r0, 0x40044590, &(0x7f00000002c0)) ioctl$EVIOCGRAB(0xffffffffffffffff, 0x40044590, 0x0) 11:07:31 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c00"/20, @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) 11:07:31 executing program 3: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff038000000800395032303030264c"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000400)={0xa0}, 0xa0) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0xffffffffffffffaa, 0x5, 0x0, {0x0, 0x4, 0x1000040}}, 0x30) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) chdir(&(0x7f0000000000)='./file0\x00') getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000040)={0x0, 0x0}, &(0x7f0000000180)=0xc) fstat(r0, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) fchown(r1, r3, r4) mknod(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) [ 1167.210052][T12110] syz-executor.4 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1167.231007][T12110] CPU: 1 PID: 12110 Comm: syz-executor.4 Not tainted 5.3.0-rc6 #127 [ 1167.238989][T12110] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1167.249025][T12110] Call Trace: [ 1167.252297][T12110] dump_stack+0x172/0x1f0 [ 1167.256625][T12110] dump_header+0x10b/0x82d [ 1167.261041][T12110] oom_kill_process.cold+0x10/0x15 [ 1167.266139][T12110] out_of_memory+0x79a/0x12c0 [ 1167.270809][T12110] ? lock_downgrade+0x920/0x920 [ 1167.275653][T12110] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1167.281883][T12110] ? oom_killer_disable+0x280/0x280 [ 1167.287077][T12110] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1167.292617][T12110] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1167.298242][T12110] ? do_raw_spin_unlock+0x57/0x270 [ 1167.303339][T12110] ? _raw_spin_unlock+0x2d/0x50 [ 1167.308176][T12110] try_charge+0xf4b/0x1440 [ 1167.312585][T12110] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1167.318127][T12110] ? get_mem_cgroup_from_mm+0x139/0x320 [ 1167.323677][T12110] ? __kasan_check_read+0x11/0x20 [ 1167.328696][T12110] ? lock_downgrade+0x920/0x920 [ 1167.333532][T12110] ? percpu_ref_tryget_live+0x111/0x290 [ 1167.339066][T12110] __memcg_kmem_charge_memcg+0x71/0xf0 [ 1167.344512][T12110] ? memcg_kmem_put_cache+0x50/0x50 [ 1167.349699][T12110] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1167.355229][T12110] __memcg_kmem_charge+0x13a/0x3a0 [ 1167.360328][T12110] __alloc_pages_nodemask+0x4f4/0x900 [ 1167.365686][T12110] ? __alloc_pages_slowpath+0x2520/0x2520 [ 1167.371395][T12110] ? lock_downgrade+0x920/0x920 [ 1167.376228][T12110] ? rwlock_bug.part.0+0x90/0x90 [ 1167.381152][T12110] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1167.387380][T12110] alloc_pages_current+0x107/0x210 [ 1167.392462][T12110] ? do_raw_spin_unlock+0x57/0x270 [ 1167.397558][T12110] __pmd_alloc+0x41/0x460 [ 1167.401875][T12110] ? pmd_val+0x100/0x100 [ 1167.406112][T12110] pmd_alloc+0x10c/0x180 [ 1167.410346][T12110] copy_page_range+0x610/0x1ee0 [ 1167.415183][T12110] ? mark_held_locks+0xf0/0xf0 [ 1167.419938][T12110] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1167.426257][T12110] ? __kasan_check_read+0x11/0x20 [ 1167.431281][T12110] ? pmd_alloc+0x180/0x180 [ 1167.435688][T12110] ? vma_gap_callbacks_rotate+0x62/0x80 [ 1167.441220][T12110] ? validate_mm_rb+0xa3/0xc0 [ 1167.445884][T12110] ? __vma_link_rb+0x275/0x370 [ 1167.450640][T12110] dup_mm+0xa67/0x1430 [ 1167.454708][T12110] ? vm_area_dup+0x170/0x170 [ 1167.459308][T12110] ? debug_mutex_init+0x2d/0x5a [ 1167.464155][T12110] copy_process+0x28b7/0x6b00 [ 1167.468828][T12110] ? __cleanup_sighand+0x60/0x60 [ 1167.473762][T12110] _do_fork+0x146/0xfa0 [ 1167.477903][T12110] ? copy_init_mm+0x20/0x20 [ 1167.482397][T12110] ? __kasan_check_read+0x11/0x20 [ 1167.487498][T12110] ? _copy_to_user+0x118/0x160 [ 1167.492251][T12110] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1167.498475][T12110] ? put_timespec64+0xda/0x140 [ 1167.503230][T12110] __x64_sys_clone+0x18d/0x250 [ 1167.507985][T12110] ? __ia32_sys_vfork+0xc0/0xc0 [ 1167.512840][T12110] ? trace_hardirqs_off_caller+0x65/0x230 [ 1167.518548][T12110] ? trace_hardirqs_on+0x67/0x240 [ 1167.523565][T12110] do_syscall_64+0xfd/0x6a0 [ 1167.528067][T12110] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1167.533946][T12110] RIP: 0033:0x459879 [ 1167.537830][T12110] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 11:07:32 executing program 0: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff038000000800395032303030264c"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) lstat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000380)) 11:07:32 executing program 1: r0 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r0, 0x8003f1) open(&(0x7f00000004c0)='./bus\x00', 0x0, 0x3e00) [ 1167.548533][T12137] validate_nla: 13 callbacks suppressed [ 1167.548541][T12137] netlink: 'syz-executor.5': attribute type 4 has an invalid length. [ 1167.557410][T12110] RSP: 002b:00007fd57ae39c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1167.557422][T12110] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000459879 [ 1167.557428][T12110] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1167.557434][T12110] RBP: 000000000075bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 1167.557440][T12110] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd57ae3a6d4 [ 1167.557447][T12110] R13: 00000000004bfd46 R14: 00000000004d1af8 R15: 00000000ffffffff [ 1167.567407][T12110] memory: usage 307200kB, limit 307200kB, failcnt 4571 [ 1167.596689][T12110] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1167.612377][T12110] Memory cgroup stats for /syz4: [ 1167.612459][T12110] anon 235307008 [ 1167.612459][T12110] file 8192 [ 1167.612459][T12110] kernel_stack 11993088 [ 1167.612459][T12110] slab 18362368 [ 1167.612459][T12110] sock 0 [ 1167.612459][T12110] shmem 0 [ 1167.612459][T12110] file_mapped 0 [ 1167.612459][T12110] file_dirty 0 [ 1167.612459][T12110] file_writeback 0 [ 1167.612459][T12110] anon_thp 155189248 [ 1167.612459][T12110] inactive_anon 135168 [ 1167.612459][T12110] active_anon 235192320 [ 1167.612459][T12110] inactive_file 0 [ 1167.612459][T12110] active_file 0 [ 1167.612459][T12110] unevictable 135168 [ 1167.612459][T12110] slab_reclaimable 2973696 [ 1167.612459][T12110] slab_unreclaimable 15388672 [ 1167.612459][T12110] pgfault 240372 [ 1167.612459][T12110] pgmajfault 0 [ 1167.612459][T12110] workingset_refault 396 [ 1167.612459][T12110] workingset_activate 66 [ 1167.612459][T12110] workingset_nodereclaim 0 [ 1167.612459][T12110] pgrefill 6153 [ 1167.612459][T12110] pgscan 6035 [ 1167.612459][T12110] pgsteal 675 [ 1167.626815][T12110] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=7058,uid=0 [ 1167.740107][ T23] kauditd_printk_skb: 4 callbacks suppressed 11:07:32 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c00"/20, @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) [ 1167.740118][ T23] audit: type=1804 audit(1566904052.174:1131): pid=12141 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir582042889/syzkaller.EPHjOp/2372/bus" dev="sda1" ino=16733 res=1 [ 1167.743766][T12110] Memory cgroup out of memory: Killed process 7058 (syz-executor.4) total-vm:72708kB, anon-rss:2200kB, file-rss:34816kB, shmem-rss:0kB 11:07:32 executing program 4: ioctl$SNDRV_TIMER_IOCTL_STATUS(0xffffffffffffffff, 0x80605414, &(0x7f0000001500)=""/172) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$rds(0xffffffffffffffff, &(0x7f00000014c0)={0x0, 0x0, &(0x7f0000000bc0)=[{0x0}], 0x1, &(0x7f0000001300)=ANY=[@ANYBLOB, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYBLOB="17000000", @ANYPTR, @ANYBLOB], 0x2c}, 0x1) r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000180)={0x2, 0x0, @loopback}, 0x10) perf_event_open(&(0x7f0000000880)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000100), 0x7, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {&(0x7f0000000040)=""/156, 0x80305}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x2c}, {&(0x7f00000001c0)=""/67, 0x43}, {&(0x7f0000000240)=""/198, 0xc6}, {&(0x7f0000000140)=""/15, 0xf}, {&(0x7f0000000340)=""/54, 0x7ffff}, {&(0x7f0000000380)=""/42, 0x2a}, {&(0x7f00000003c0)=""/77, 0x4d}, {&(0x7f0000000440)=""/244, 0xf4}, {&(0x7f0000000540)=""/219, 0xdb}], 0x7}}], 0x48}, 0x0) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000640)={0x52, 0x9, 0x3, {0x9, 0x8}, {0x5}, @rumble={0x7, 0x7}}) [ 1167.877449][T12150] netlink: 'syz-executor.5': attribute type 4 has an invalid length. [ 1167.909992][T12154] rdma_op 0000000095272ef7 conn xmit_rdma 00000000d8f1147d 11:07:32 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c000000000000000000007fff", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) 11:07:32 executing program 2: ioctl$SNDRV_TIMER_IOCTL_STATUS(0xffffffffffffffff, 0x80605414, &(0x7f0000001500)=""/172) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$rds(0xffffffffffffffff, &(0x7f00000014c0)={0x0, 0x0, &(0x7f0000000bc0)=[{0x0}], 0x1, &(0x7f0000001300)=ANY=[@ANYBLOB, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYBLOB="17000000", @ANYPTR, @ANYBLOB], 0x2c}, 0x1) r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000180)={0x2, 0x0, @loopback}, 0x10) perf_event_open(&(0x7f0000000880)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000100), 0x3, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {&(0x7f0000000040)=""/156, 0x80305}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x2c}, {&(0x7f00000001c0)=""/67, 0x43}, {&(0x7f0000000240)=""/198, 0xc6}, {&(0x7f0000000140)=""/15, 0xf}, {&(0x7f0000000340)=""/54, 0x7ffff}, {&(0x7f0000000380)=""/42, 0x2a}, {&(0x7f00000003c0)=""/77, 0x4d}, {&(0x7f0000000440)=""/244, 0xf4}, {&(0x7f0000000540)=""/219, 0xdb}], 0x7}}], 0x48}, 0x0) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000640)={0x52, 0x9, 0x3, {0x9, 0x8}, {0x5}, @rumble={0x7, 0x7}}) [ 1168.032507][T12160] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1168.064289][T12160] CPU: 0 PID: 12160 Comm: syz-executor.4 Not tainted 5.3.0-rc6 #127 [ 1168.072270][T12160] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1168.082312][T12160] Call Trace: [ 1168.086089][T12160] dump_stack+0x172/0x1f0 [ 1168.090430][T12160] dump_header+0x10b/0x82d [ 1168.092844][T12166] rdma_op 0000000042085856 conn xmit_rdma 00000000d8f1147d [ 1168.094835][T12160] oom_kill_process.cold+0x10/0x15 [ 1168.094848][T12160] out_of_memory+0x79a/0x12c0 [ 1168.094867][T12160] ? lock_downgrade+0x920/0x920 [ 1168.116603][T12160] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1168.122833][T12160] ? oom_killer_disable+0x280/0x280 [ 1168.128028][T12160] mem_cgroup_out_of_memory+0x1d8/0x240 11:07:32 executing program 0: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff038000000800395032303030264c"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) lstat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000380)) 11:07:32 executing program 3: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff038000000800395032303030264c"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) mount(&(0x7f0000000040)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)='nfsd\x00', 0x12000, &(0x7f0000000280)='9p\x00') write$FUSE_CREATE_OPEN(r2, &(0x7f0000000400)={0xa0}, 0xa0) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x30, 0x5, 0x0, {0x0, 0x4, 0xfffffffffffffff6, 0x2}}, 0x30) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="7472616e7399c89e7cfa0a30e75f60", @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) chdir(&(0x7f0000000000)='./file0\x00') mknod(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) 11:07:32 executing program 2: r0 = syz_open_dev$evdev(&(0x7f0000000100)='/dev/input/event#\x00', 0x0, 0x0) r1 = syz_open_dev$evdev(0x0, 0x0, 0x0) ioctl$EVIOCGRAB(r1, 0x40044590, &(0x7f0000000000)) dup3(r0, r1, 0x0) syz_open_dev$evdev(&(0x7f0000000180)='/dev/input/event#\x00', 0x0, 0x0) ioctl$EVIOCGRAB(r0, 0x40044590, &(0x7f00000002c0)=0x7fff) ioctl$EVIOCGRAB(r1, 0x40044590, 0x0) [ 1168.133567][T12160] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1168.139188][T12160] ? do_raw_spin_unlock+0x57/0x270 [ 1168.144289][T12160] ? _raw_spin_unlock+0x2d/0x50 [ 1168.149127][T12160] try_charge+0xf4b/0x1440 [ 1168.153538][T12160] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1168.159075][T12160] ? percpu_ref_tryget_live+0x111/0x290 [ 1168.159914][T12171] netlink: 'syz-executor.5': attribute type 4 has an invalid length. [ 1168.164604][T12160] ? get_mem_cgroup_from_mm+0x16/0x320 [ 1168.164625][T12160] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1168.183621][T12160] mem_cgroup_try_charge+0x136/0x590 [ 1168.188888][T12160] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1168.188902][T12160] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1168.188916][T12160] wp_page_copy+0x41e/0x15e0 [ 1168.188943][T12160] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1168.211650][T12160] ? pmd_pfn+0x1d0/0x1d0 [ 1168.215878][T12160] ? lock_downgrade+0x920/0x920 [ 1168.220717][T12160] ? swp_swapcount+0x540/0x540 [ 1168.225467][T12160] ? __kasan_check_read+0x11/0x20 [ 1168.230479][T12160] ? do_raw_spin_unlock+0x57/0x270 [ 1168.235580][T12160] do_wp_page+0x499/0x14d0 [ 1168.239987][T12160] ? finish_mkwrite_fault+0x570/0x570 [ 1168.245358][T12160] __handle_mm_fault+0x22f1/0x3f20 [ 1168.250452][T12160] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1168.255970][T12160] ? __kasan_check_read+0x11/0x20 [ 1168.260987][T12160] ? do_raw_spin_unlock+0x57/0x270 [ 1168.266086][T12160] ? trace_hardirqs_on+0x67/0x240 [ 1168.271078][T12160] handle_mm_fault+0x1b5/0x6b0 [ 1168.275819][T12160] __get_user_pages+0x7d4/0x1b30 [ 1168.280735][T12160] ? follow_page_mask+0x19b0/0x19b0 [ 1168.285903][T12160] ? __kasan_check_write+0x14/0x20 [ 1168.290980][T12160] ? gup_pgd_range+0x1e1/0x2d10 [ 1168.295947][T12160] get_user_pages_unlocked+0x2ae/0x4a0 [ 1168.301383][T12160] ? get_user_pages_locked+0x4d0/0x4d0 [ 1168.306813][T12160] ? should_fail+0x1de/0x852 [ 1168.311395][T12160] ? trace_hardirqs_on+0x67/0x240 [ 1168.316404][T12160] get_user_pages_fast+0x4c0/0x570 [ 1168.321489][T12160] ? __get_user_pages_fast+0x410/0x410 [ 1168.326916][T12160] ? memset+0x32/0x40 [ 1168.330869][T12160] rds_pin_pages+0x33/0x1f0 [ 1168.335346][T12160] rds_cmsg_rdma_args+0x879/0x1150 [ 1168.340442][T12160] ? rds_rdma_extra_size+0x390/0x390 [ 1168.345699][T12160] ? rds_conn_create_outgoing+0x4b/0x60 [ 1168.351298][T12160] rds_sendmsg+0x1f32/0x35b0 [ 1168.355865][T12160] ? rw_copy_check_uvector+0x2ce/0x390 [ 1168.361300][T12160] ? rds_send_drop_to+0x1640/0x1640 [ 1168.366467][T12160] ? aa_sk_perm+0x288/0x880 [ 1168.370945][T12160] ? lock_downgrade+0x920/0x920 [ 1168.375779][T12160] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 1168.381299][T12160] ? apparmor_socket_sendmsg+0x2a/0x30 [ 1168.386724][T12160] ? rds_send_drop_to+0x1640/0x1640 [ 1168.391888][T12160] sock_sendmsg+0xd7/0x130 [ 1168.396276][T12160] ? sock_sendmsg+0xd7/0x130 [ 1168.400843][T12160] ___sys_sendmsg+0x803/0x920 [ 1168.405498][T12160] ? copy_msghdr_from_user+0x440/0x440 [ 1168.410942][T12160] ? __fget+0x384/0x560 [ 1168.415063][T12160] ? ksys_dup3+0x3e0/0x3e0 [ 1168.419449][T12160] ? __might_fault+0xfb/0x1e0 [ 1168.424110][T12160] ? __fget_light+0x1a9/0x230 [ 1168.428768][T12160] ? __fdget+0x1b/0x20 [ 1168.432807][T12160] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1168.439018][T12160] __sys_sendmsg+0x105/0x1d0 [ 1168.443578][T12160] ? __sys_sendmsg_sock+0xd0/0xd0 [ 1168.448571][T12160] ? __x64_sys_clock_gettime+0x16d/0x240 [ 1168.454171][T12160] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 1168.460222][T12160] __x64_sys_sendmsg+0x78/0xb0 [ 1168.464953][T12160] do_syscall_64+0xfd/0x6a0 [ 1168.469428][T12160] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1168.475292][T12160] RIP: 0033:0x459879 [ 1168.479162][T12160] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1168.498821][T12160] RSP: 002b:00007fd57ae18c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1168.507287][T12160] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459879 [ 1168.515227][T12160] RDX: 0000000000000000 RSI: 0000000020001600 RDI: 0000000000000003 [ 1168.523174][T12160] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 11:07:33 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c000000000000008000a0ffff", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) [ 1168.531111][T12160] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd57ae196d4 [ 1168.539060][T12160] R13: 00000000004c77e9 R14: 00000000004dd048 R15: 00000000ffffffff [ 1168.561777][T12160] memory: usage 307112kB, limit 307200kB, failcnt 4586 [ 1168.568822][ T23] audit: type=1804 audit(1566904053.004:1132): pid=12185 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir582042889/syzkaller.EPHjOp/2372/bus" dev="sda1" ino=16733 res=1 [ 1168.597371][T12160] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1168.604718][T12160] Memory cgroup stats for /syz4: [ 1168.604819][T12160] anon 235147264 [ 1168.604819][T12160] file 8192 [ 1168.604819][T12160] kernel_stack 11993088 [ 1168.604819][T12160] slab 18501632 [ 1168.604819][T12160] sock 0 [ 1168.604819][T12160] shmem 0 [ 1168.604819][T12160] file_mapped 0 [ 1168.604819][T12160] file_dirty 0 [ 1168.604819][T12160] file_writeback 0 [ 1168.604819][T12160] anon_thp 155189248 [ 1168.604819][T12160] inactive_anon 135168 [ 1168.604819][T12160] active_anon 235233280 [ 1168.604819][T12160] inactive_file 0 [ 1168.604819][T12160] active_file 0 [ 1168.604819][T12160] unevictable 135168 [ 1168.604819][T12160] slab_reclaimable 2973696 [ 1168.604819][T12160] slab_unreclaimable 15527936 [ 1168.604819][T12160] pgfault 240537 [ 1168.604819][T12160] pgmajfault 0 [ 1168.604819][T12160] workingset_refault 396 [ 1168.604819][T12160] workingset_activate 66 [ 1168.604819][T12160] workingset_nodereclaim 0 [ 1168.604819][T12160] pgrefill 6153 [ 1168.604819][T12160] pgscan 6035 [ 1168.604819][T12160] pgsteal 675 [ 1168.707625][T12188] netlink: 'syz-executor.5': attribute type 4 has an invalid length. 11:07:33 executing program 1: r0 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r0, 0x8003f1) open(&(0x7f00000004c0)='./bus\x00', 0x0, 0x3f00) 11:07:33 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c00000000000000f0ffffffff", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) 11:07:33 executing program 3: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="1500000065ffff03807b11355fa254f5f8744ca21593b12700000800395032303030264c"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000400)={0xa0}, 0xa0) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) lstat(&(0x7f0000000180)='./file0\x00', &(0x7f0000000280)) prctl$PR_GET_SECUREBITS(0x1b) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) chdir(&(0x7f00000004c0)='./file0\x00') syz_open_dev$video(&(0x7f00000001c0)='/dev/video#\x00', 0x1, 0x94b292b1c867652) mknod(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) [ 1168.777955][T12160] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=12153,uid=0 [ 1168.811013][T12160] Memory cgroup out of memory: Killed process 12160 (syz-executor.4) total-vm:72840kB, anon-rss:2208kB, file-rss:35792kB, shmem-rss:0kB 11:07:33 executing program 4: ioctl$SNDRV_TIMER_IOCTL_STATUS(0xffffffffffffffff, 0x80605414, &(0x7f0000001500)=""/172) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$rds(0xffffffffffffffff, &(0x7f00000014c0)={0x0, 0x0, &(0x7f0000000bc0)=[{0x0}], 0x1, &(0x7f0000001300)=ANY=[@ANYBLOB, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYBLOB="17000000", @ANYPTR, @ANYBLOB], 0x2c}, 0x1) r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000180)={0x2, 0x0, @loopback}, 0x10) perf_event_open(&(0x7f0000000880)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000100), 0x48, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {&(0x7f0000000040)=""/156, 0x80305}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x2c}, {&(0x7f00000001c0)=""/67, 0x43}, {&(0x7f0000000240)=""/198, 0xc6}, {&(0x7f0000000140)=""/15, 0xf}, {&(0x7f0000000340)=""/54, 0x7ffff}, {&(0x7f0000000380)=""/42, 0x2a}, {&(0x7f00000003c0)=""/77, 0x4d}, {&(0x7f0000000440)=""/244, 0xf4}, {&(0x7f0000000540)=""/219, 0xdb}], 0x7}}], 0x48}, 0x0) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000640)={0x52, 0x9, 0x3, {0x9, 0x8}, {0x5}, @rumble={0x7, 0x7}}) [ 1168.863818][ T1058] oom_reaper: reaped process 12160 (syz-executor.4), now anon-rss:0kB, file-rss:34832kB, shmem-rss:0kB [ 1168.880621][T12197] netlink: 'syz-executor.5': attribute type 4 has an invalid length. [ 1168.889183][ T23] audit: type=1804 audit(1566904053.334:1133): pid=12195 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir582042889/syzkaller.EPHjOp/2373/bus" dev="sda1" ino=17429 res=1 11:07:33 executing program 2: ioctl$SNDRV_TIMER_IOCTL_STATUS(0xffffffffffffffff, 0x80605414, &(0x7f0000001500)=""/172) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$rds(0xffffffffffffffff, &(0x7f00000014c0)={0x0, 0x0, &(0x7f0000000bc0)=[{0x0}], 0x1, &(0x7f0000001300)=ANY=[@ANYBLOB, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYBLOB="17000000", @ANYPTR, @ANYBLOB], 0x2c}, 0x1) r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000180)={0x2, 0x0, @loopback}, 0x10) perf_event_open(&(0x7f0000000880)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000100), 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {&(0x7f0000000040)=""/156, 0x80305}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x2c}, {&(0x7f00000001c0)=""/67, 0x43}, {&(0x7f0000000240)=""/198, 0xc6}, {&(0x7f0000000140)=""/15, 0xf}, {&(0x7f0000000340)=""/54, 0x7ffff}, {&(0x7f0000000380)=""/42, 0x2a}, {&(0x7f00000003c0)=""/77, 0x4d}, {&(0x7f0000000440)=""/244, 0xf4}, {&(0x7f0000000540)=""/219, 0xdb}], 0x7}}], 0x48}, 0x0) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000640)={0x52, 0x9, 0x3, {0x9, 0x8}, {0x5}, @rumble={0x7, 0x7}}) 11:07:33 executing program 0: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff038000000800395032303030264c"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) lstat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000380)) 11:07:33 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c000000000000000200000000", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) [ 1169.032488][T12202] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1169.056707][T12213] netlink: 'syz-executor.5': attribute type 4 has an invalid length. [ 1169.069549][T12202] CPU: 0 PID: 12202 Comm: syz-executor.4 Not tainted 5.3.0-rc6 #127 11:07:33 executing program 3: pipe2$9p(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff038000000800395032303030264c"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000400)={0xa0}, 0xa0) ioctl$TIOCSPTLCK(r2, 0x40045431, &(0x7f0000000180)) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) chdir(&(0x7f0000000000)='./file0\x00') mknod(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) [ 1169.077531][T12202] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1169.087572][T12202] Call Trace: [ 1169.090857][T12202] dump_stack+0x172/0x1f0 [ 1169.091409][T12211] rdma_op 000000002c8cad7a conn xmit_rdma 00000000d8f1147d [ 1169.095193][T12202] dump_header+0x10b/0x82d [ 1169.095202][T12202] ? oom_kill_process+0x94/0x3f0 [ 1169.095217][T12202] oom_kill_process.cold+0x10/0x15 [ 1169.116764][T12202] out_of_memory+0x79a/0x12c0 [ 1169.121418][T12202] ? lock_downgrade+0x920/0x920 [ 1169.126249][T12202] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1169.132472][T12202] ? oom_killer_disable+0x280/0x280 [ 1169.137642][T12202] ? __kasan_check_read+0x11/0x20 [ 1169.142639][T12202] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1169.148156][T12202] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1169.153762][T12202] ? do_raw_spin_unlock+0x57/0x270 [ 1169.158850][T12202] ? _raw_spin_unlock+0x2d/0x50 [ 1169.163674][T12202] try_charge+0xf4b/0x1440 [ 1169.168079][T12202] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1169.173628][T12202] ? percpu_ref_tryget_live+0x111/0x290 [ 1169.179153][T12202] ? get_mem_cgroup_from_mm+0x16/0x320 [ 1169.184587][T12202] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1169.190107][T12202] mem_cgroup_try_charge+0x136/0x590 [ 1169.195473][T12202] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1169.201691][T12202] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1169.207298][T12202] __handle_mm_fault+0x1e34/0x3f20 [ 1169.212387][T12202] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1169.217902][T12202] ? __kasan_check_read+0x11/0x20 [ 1169.222915][T12202] ? trace_hardirqs_on+0x67/0x240 [ 1169.227916][T12202] handle_mm_fault+0x1b5/0x6b0 [ 1169.232658][T12202] __do_page_fault+0x536/0xdd0 [ 1169.237398][T12202] do_page_fault+0x38/0x590 [ 1169.241893][T12202] page_fault+0x39/0x40 [ 1169.246039][T12202] RIP: 0033:0x4006c4 [ 1169.249908][T12202] Code: 01 e9 c9 00 00 00 48 8b 44 24 10 48 0b 44 24 28 be 08 00 00 00 48 8b 14 24 75 17 48 8b 7c 24 20 e8 41 54 00 00 48 8b 4c 24 08 <48> 89 01 e9 9d 00 00 00 48 8b 44 24 08 48 8b 38 e8 27 54 00 00 8a [ 1169.269487][T12202] RSP: 002b:00007ffd9399f510 EFLAGS: 00010202 [ 1169.275525][T12202] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000020000bc0 11:07:33 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c000000000000000300000000", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) 11:07:33 executing program 2 (fault-call:2 fault-nth:0): r0 = syz_open_dev$evdev(&(0x7f0000000100)='/dev/input/event#\x00', 0x0, 0x0) r1 = syz_open_dev$evdev(0x0, 0x0, 0x0) dup3(r0, r1, 0x0) ioctl$EVIOCGRAB(r0, 0x40044590, &(0x7f00000002c0)) ioctl$EVIOCGRAB(r1, 0x40044590, 0x0) [ 1169.283466][T12202] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000000 [ 1169.291409][T12202] RBP: 0000000000760168 R08: 0000000000000000 R09: 0000000000000000 [ 1169.299352][T12202] R10: 00000000004395d0 R11: 0000000000000012 R12: 00000000004c5e06 [ 1169.307294][T12202] R13: 000000000000012c R14: 0000000000760170 R15: fffffffffffffffe 11:07:33 executing program 3: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff038000000800395032303030264c"], 0x15) r2 = dup(r0) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000400)={0xa0}, 0xa0) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) chdir(&(0x7f0000000180)='./file0\x00') [ 1169.417911][T12229] netlink: 'syz-executor.5': attribute type 4 has an invalid length. [ 1169.457581][T12202] memory: usage 307200kB, limit 307200kB, failcnt 4626 11:07:33 executing program 0: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff038000000800395032303030264c"], 0x15) r2 = dup(r1) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000400)={0xa0}, 0xa0) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) lstat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000380)) [ 1169.464836][T12202] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1169.465307][ T23] audit: type=1804 audit(1566904053.904:1134): pid=12231 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir582042889/syzkaller.EPHjOp/2373/bus" dev="sda1" ino=17429 res=1 [ 1169.472532][T12202] Memory cgroup stats for /syz4: [ 1169.472613][T12202] anon 235012096 [ 1169.472613][T12202] file 8192 [ 1169.472613][T12202] kernel_stack 12058624 [ 1169.472613][T12202] slab 18501632 [ 1169.472613][T12202] sock 0 [ 1169.472613][T12202] shmem 0 [ 1169.472613][T12202] file_mapped 0 [ 1169.472613][T12202] file_dirty 0 [ 1169.472613][T12202] file_writeback 0 [ 1169.472613][T12202] anon_thp 155189248 [ 1169.472613][T12202] inactive_anon 135168 [ 1169.472613][T12202] active_anon 235098112 [ 1169.472613][T12202] inactive_file 0 [ 1169.472613][T12202] active_file 0 [ 1169.472613][T12202] unevictable 135168 [ 1169.472613][T12202] slab_reclaimable 2973696 [ 1169.472613][T12202] slab_unreclaimable 15527936 [ 1169.472613][T12202] pgfault 240603 [ 1169.472613][T12202] pgmajfault 0 [ 1169.472613][T12202] workingset_refault 396 [ 1169.472613][T12202] workingset_activate 66 [ 1169.472613][T12202] workingset_nodereclaim 0 [ 1169.472613][T12202] pgrefill 6153 [ 1169.472613][T12202] pgscan 6035 [ 1169.472613][T12202] pgsteal 675 [ 1169.595477][T12202] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=12162,uid=0 [ 1169.613865][T12202] Memory cgroup out of memory: Killed process 12162 (syz-executor.4) total-vm:72708kB, anon-rss:2200kB, file-rss:34816kB, shmem-rss:0kB [ 1169.632604][ T1058] oom_reaper: reaped process 12162 (syz-executor.4), now anon-rss:0kB, file-rss:34688kB, shmem-rss:0kB 11:07:34 executing program 1: r0 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r0, 0x8003f1) open(&(0x7f00000004c0)='./bus\x00', 0x0, 0x4000) 11:07:34 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c000000000000000400000000", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) 11:07:34 executing program 4: ioctl$SNDRV_TIMER_IOCTL_STATUS(0xffffffffffffffff, 0x80605414, &(0x7f0000001500)=""/172) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$rds(0xffffffffffffffff, &(0x7f00000014c0)={0x0, 0x0, &(0x7f0000000bc0)=[{0x0}], 0x1, &(0x7f0000001300)=ANY=[@ANYBLOB, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYBLOB="17000000", @ANYPTR, @ANYBLOB], 0x2c}, 0x1) r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000180)={0x2, 0x0, @loopback}, 0x10) perf_event_open(&(0x7f0000000880)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000100), 0x4c, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {&(0x7f0000000040)=""/156, 0x80305}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x2c}, {&(0x7f00000001c0)=""/67, 0x43}, {&(0x7f0000000240)=""/198, 0xc6}, {&(0x7f0000000140)=""/15, 0xf}, {&(0x7f0000000340)=""/54, 0x7ffff}, {&(0x7f0000000380)=""/42, 0x2a}, {&(0x7f00000003c0)=""/77, 0x4d}, {&(0x7f0000000440)=""/244, 0xf4}, {&(0x7f0000000540)=""/219, 0xdb}], 0x7}}], 0x48}, 0x0) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000640)={0x52, 0x9, 0x3, {0x9, 0x8}, {0x5}, @rumble={0x7, 0x7}}) 11:07:34 executing program 2: r0 = syz_open_dev$evdev(&(0x7f0000000100)='/dev/input/event#\x00', 0x0, 0x0) r1 = syz_open_dev$evdev(0x0, 0x0, 0x0) dup3(r0, r1, 0x0) ioctl$EVIOCGRAB(r0, 0x40044590, &(0x7f00000002c0)) ioctl$EVIOCGRAB(r1, 0x40044590, 0x0) [ 1169.777123][T12243] netlink: 'syz-executor.5': attribute type 4 has an invalid length. 11:07:34 executing program 0: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff038000000800395032303030264c"], 0x15) r2 = dup(r1) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000400)={0xa0}, 0xa0) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) lstat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000380)) 11:07:34 executing program 4: ioctl$SNDRV_TIMER_IOCTL_STATUS(0xffffffffffffffff, 0x80605414, &(0x7f0000001500)=""/172) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$rds(0xffffffffffffffff, &(0x7f00000014c0)={0x0, 0x0, &(0x7f0000000bc0)=[{0x0}], 0x1, &(0x7f0000001300)=ANY=[@ANYBLOB, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYBLOB="17000000", @ANYPTR, @ANYBLOB], 0x2c}, 0x1) r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000180)={0x2, 0x0, @loopback}, 0x10) perf_event_open(&(0x7f0000000880)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000100), 0x60, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {&(0x7f0000000040)=""/156, 0x80305}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x2c}, {&(0x7f00000001c0)=""/67, 0x43}, {&(0x7f0000000240)=""/198, 0xc6}, {&(0x7f0000000140)=""/15, 0xf}, {&(0x7f0000000340)=""/54, 0x7ffff}, {&(0x7f0000000380)=""/42, 0x2a}, {&(0x7f00000003c0)=""/77, 0x4d}, {&(0x7f0000000440)=""/244, 0xf4}, {&(0x7f0000000540)=""/219, 0xdb}], 0x7}}], 0x48}, 0x0) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000640)={0x52, 0x9, 0x3, {0x9, 0x8}, {0x5}, @rumble={0x7, 0x7}}) 11:07:34 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c000000000000000500000000", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) [ 1169.865270][ T23] audit: type=1804 audit(1566904054.304:1135): pid=12257 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir582042889/syzkaller.EPHjOp/2374/bus" dev="sda1" ino=17652 res=1 [ 1169.963180][T12266] netlink: 'syz-executor.5': attribute type 4 has an invalid length. 11:07:34 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c000000000000000600000000", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) 11:07:34 executing program 4: ioctl$SNDRV_TIMER_IOCTL_STATUS(0xffffffffffffffff, 0x80605414, &(0x7f0000001500)=""/172) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$rds(0xffffffffffffffff, &(0x7f00000014c0)={0x0, 0x0, &(0x7f0000000bc0)=[{0x0}], 0x1, &(0x7f0000001300)=ANY=[@ANYBLOB, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYBLOB="17000000", @ANYPTR, @ANYBLOB], 0x2c}, 0x1) r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000180)={0x2, 0x0, @loopback}, 0x10) perf_event_open(&(0x7f0000000880)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000100), 0x68, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {&(0x7f0000000040)=""/156, 0x80305}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x2c}, {&(0x7f00000001c0)=""/67, 0x43}, {&(0x7f0000000240)=""/198, 0xc6}, {&(0x7f0000000140)=""/15, 0xf}, {&(0x7f0000000340)=""/54, 0x7ffff}, {&(0x7f0000000380)=""/42, 0x2a}, {&(0x7f00000003c0)=""/77, 0x4d}, {&(0x7f0000000440)=""/244, 0xf4}, {&(0x7f0000000540)=""/219, 0xdb}], 0x7}}], 0x48}, 0x0) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000640)={0x52, 0x9, 0x3, {0x9, 0x8}, {0x5}, @rumble={0x7, 0x7}}) 11:07:34 executing program 0: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff038000000800395032303030264c"], 0x15) r2 = dup(r1) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000400)={0xa0}, 0xa0) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) lstat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000380)) [ 1170.127771][T12280] netlink: 'syz-executor.5': attribute type 4 has an invalid length. [ 1170.134088][ T23] audit: type=1804 audit(1566904054.574:1136): pid=12281 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir582042889/syzkaller.EPHjOp/2374/bus" dev="sda1" ino=17652 res=1 11:07:35 executing program 3: r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/net/pfkey\x00', 0x40000, 0x0) write$FUSE_OPEN(r0, &(0x7f0000000180)={0x20, 0x0, 0x6, {0x0, 0x10}}, 0x20) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r2, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff038000000800395032303030264c"], 0x15) r3 = dup(r2) write$FUSE_BMAP(r3, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_CREATE_OPEN(r3, &(0x7f0000000400)={0xa0}, 0xa0) write$FUSE_NOTIFY_RETRIEVE(r3, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX=r3]) chdir(&(0x7f0000000000)='./file0\x00') mknod(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) 11:07:35 executing program 2: r0 = syz_open_dev$evdev(&(0x7f0000000100)='/dev/input/event#\x00', 0x0, 0x0) r1 = syz_open_dev$evdev(0x0, 0x0, 0x0) dup3(r0, r1, 0x4000) ioctl$EVIOCGRAB(r0, 0x40044590, &(0x7f00000002c0)) ioctl$EVIOCGRAB(r1, 0x40044590, 0x0) 11:07:35 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c000000000000000700000000", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) 11:07:35 executing program 4: ioctl$SNDRV_TIMER_IOCTL_STATUS(0xffffffffffffffff, 0x80605414, &(0x7f0000001500)=""/172) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$rds(0xffffffffffffffff, &(0x7f00000014c0)={0x0, 0x0, &(0x7f0000000bc0)=[{0x0}], 0x1, &(0x7f0000001300)=ANY=[@ANYBLOB, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYBLOB="17000000", @ANYPTR, @ANYBLOB], 0x2c}, 0x1) r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000180)={0x2, 0x0, @loopback}, 0x10) perf_event_open(&(0x7f0000000880)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000100), 0x6c, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {&(0x7f0000000040)=""/156, 0x80305}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x2c}, {&(0x7f00000001c0)=""/67, 0x43}, {&(0x7f0000000240)=""/198, 0xc6}, {&(0x7f0000000140)=""/15, 0xf}, {&(0x7f0000000340)=""/54, 0x7ffff}, {&(0x7f0000000380)=""/42, 0x2a}, {&(0x7f00000003c0)=""/77, 0x4d}, {&(0x7f0000000440)=""/244, 0xf4}, {&(0x7f0000000540)=""/219, 0xdb}], 0x7}}], 0x48}, 0x0) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000640)={0x52, 0x9, 0x3, {0x9, 0x8}, {0x5}, @rumble={0x7, 0x7}}) 11:07:35 executing program 0: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff038000000800395032303030264c"], 0x15) write$FUSE_BMAP(0xffffffffffffffff, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_CREATE_OPEN(0xffffffffffffffff, &(0x7f0000000400)={0xa0}, 0xa0) write$FUSE_NOTIFY_RETRIEVE(0xffffffffffffffff, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX]) lstat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000380)) 11:07:35 executing program 1: r0 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r0, 0x8003f1) open(&(0x7f00000004c0)='./bus\x00', 0x0, 0x4100) [ 1170.623131][ T23] audit: type=1804 audit(1566904055.064:1137): pid=12303 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir582042889/syzkaller.EPHjOp/2375/bus" dev="sda1" ino=17869 res=1 [ 1170.624350][T12304] 9pnet: Insufficient options for proto=fd [ 1170.661435][T12298] syz-executor.4 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1170.681320][T12298] CPU: 0 PID: 12298 Comm: syz-executor.4 Not tainted 5.3.0-rc6 #127 [ 1170.689293][T12298] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1170.699824][T12298] Call Trace: [ 1170.703104][T12298] dump_stack+0x172/0x1f0 [ 1170.707422][T12298] dump_header+0x10b/0x82d [ 1170.711832][T12298] oom_kill_process.cold+0x10/0x15 [ 1170.716941][T12298] out_of_memory+0x79a/0x12c0 [ 1170.721612][T12298] ? lock_downgrade+0x920/0x920 [ 1170.726459][T12298] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1170.732695][T12298] ? oom_killer_disable+0x280/0x280 [ 1170.737895][T12298] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1170.743427][T12298] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1170.749074][T12298] ? do_raw_spin_unlock+0x57/0x270 [ 1170.754178][T12298] ? _raw_spin_unlock+0x2d/0x50 [ 1170.759018][T12298] try_charge+0xf4b/0x1440 [ 1170.763425][T12298] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1170.768962][T12298] ? get_mem_cgroup_from_mm+0x139/0x320 [ 1170.774497][T12298] ? __kasan_check_read+0x11/0x20 11:07:35 executing program 3: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x10010) write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff038000000800395032303030264c"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18, 0x0, 0x4}, 0x18) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000400)={0xa0}, 0xa0) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) chdir(&(0x7f0000000000)='./file0\x00') mknod(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) [ 1170.779526][T12298] ? lock_downgrade+0x920/0x920 [ 1170.784360][T12298] ? percpu_ref_tryget_live+0x111/0x290 [ 1170.789893][T12298] __memcg_kmem_charge_memcg+0x71/0xf0 [ 1170.795334][T12298] ? memcg_kmem_put_cache+0x50/0x50 [ 1170.800522][T12298] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1170.806143][T12298] __memcg_kmem_charge+0x13a/0x3a0 [ 1170.811250][T12298] __alloc_pages_nodemask+0x4f4/0x900 [ 1170.816622][T12298] ? __alloc_pages_slowpath+0x2520/0x2520 [ 1170.817653][ T23] audit: type=1804 audit(1566904055.264:1138): pid=12316 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir582042889/syzkaller.EPHjOp/2375/bus" dev="sda1" ino=17869 res=1 [ 1170.822416][T12298] ? save_stack+0x5c/0x90 [ 1170.851329][T12298] ? save_stack+0x23/0x90 [ 1170.855644][T12298] ? __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 1170.861438][T12298] ? kasan_slab_alloc+0xf/0x20 [ 1170.866191][T12298] ? kmem_cache_alloc+0x121/0x710 [ 1170.871200][T12298] ? anon_vma_fork+0x1ea/0x4a0 [ 1170.875980][T12298] ? dup_mm+0xa47/0x1430 [ 1170.880206][T12298] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1170.886447][T12298] alloc_pages_current+0x107/0x210 [ 1170.891544][T12298] __pmd_alloc+0x41/0x460 [ 1170.895858][T12298] ? pmd_val+0x100/0x100 [ 1170.900087][T12298] pmd_alloc+0x10c/0x180 [ 1170.904315][T12298] copy_page_range+0x610/0x1ee0 [ 1170.909155][T12298] ? mark_held_locks+0xf0/0xf0 [ 1170.913903][T12298] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1170.920128][T12298] ? __kasan_check_read+0x11/0x20 [ 1170.925141][T12298] ? pmd_alloc+0x180/0x180 [ 1170.929543][T12298] ? vma_gap_callbacks_rotate+0x62/0x80 [ 1170.935079][T12298] ? validate_mm_rb+0xa3/0xc0 [ 1170.939732][T12298] ? __vma_link_rb+0x275/0x370 [ 1170.944465][T12298] dup_mm+0xa67/0x1430 [ 1170.948504][T12298] ? vm_area_dup+0x170/0x170 [ 1170.953060][T12298] ? debug_mutex_init+0x2d/0x5a [ 1170.957878][T12298] copy_process+0x28b7/0x6b00 [ 1170.962528][T12298] ? __cleanup_sighand+0x60/0x60 [ 1170.967437][T12298] ? refcount_dec_and_mutex_lock+0x90/0x90 [ 1170.973212][T12298] _do_fork+0x146/0xfa0 [ 1170.977346][T12298] ? copy_init_mm+0x20/0x20 [ 1170.981815][T12298] ? __kasan_check_read+0x11/0x20 [ 1170.986809][T12298] ? _copy_to_user+0x118/0x160 [ 1170.991635][T12298] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1170.997841][T12298] ? put_timespec64+0xda/0x140 [ 1171.002571][T12298] __x64_sys_clone+0x18d/0x250 [ 1171.007302][T12298] ? __ia32_sys_vfork+0xc0/0xc0 [ 1171.012121][T12298] ? trace_hardirqs_off_caller+0x65/0x230 [ 1171.017808][T12298] ? trace_hardirqs_on+0x67/0x240 [ 1171.022799][T12298] do_syscall_64+0xfd/0x6a0 [ 1171.027270][T12298] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1171.033128][T12298] RIP: 0033:0x459879 [ 1171.036991][T12298] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1171.056559][T12298] RSP: 002b:00007fd57ae39c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1171.064933][T12298] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000459879 [ 1171.072871][T12298] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 11:07:35 executing program 1: r0 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r0, 0x8003f1) open(&(0x7f00000004c0)='./bus\x00', 0x0, 0x4200) 11:07:35 executing program 0: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff038000000800395032303030264c"], 0x15) write$FUSE_BMAP(0xffffffffffffffff, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_CREATE_OPEN(0xffffffffffffffff, &(0x7f0000000400)={0xa0}, 0xa0) write$FUSE_NOTIFY_RETRIEVE(0xffffffffffffffff, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX]) lstat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000380)) 11:07:35 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c000000000000000a00000000", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) [ 1171.080813][T12298] RBP: 000000000075bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 1171.088764][T12298] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd57ae3a6d4 [ 1171.096807][T12298] R13: 00000000004bfd46 R14: 00000000004d1af8 R15: 00000000ffffffff [ 1171.109418][T12298] memory: usage 307200kB, limit 307200kB, failcnt 4645 [ 1171.117869][T12298] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1171.124852][T12298] Memory cgroup stats for /syz4: [ 1171.124934][T12298] anon 233451520 [ 1171.124934][T12298] file 8192 [ 1171.124934][T12298] kernel_stack 12255232 [ 1171.124934][T12298] slab 18771968 [ 1171.124934][T12298] sock 0 [ 1171.124934][T12298] shmem 0 [ 1171.124934][T12298] file_mapped 0 [ 1171.124934][T12298] file_dirty 0 [ 1171.124934][T12298] file_writeback 0 [ 1171.124934][T12298] anon_thp 153092096 [ 1171.124934][T12298] inactive_anon 135168 [ 1171.124934][T12298] active_anon 233537536 [ 1171.124934][T12298] inactive_file 0 [ 1171.124934][T12298] active_file 0 [ 1171.124934][T12298] unevictable 135168 [ 1171.124934][T12298] slab_reclaimable 2973696 [ 1171.124934][T12298] slab_unreclaimable 15798272 [ 1171.124934][T12298] pgfault 241032 [ 1171.124934][T12298] pgmajfault 0 [ 1171.124934][T12298] workingset_refault 396 [ 1171.124934][T12298] workingset_activate 66 [ 1171.124934][T12298] workingset_nodereclaim 0 [ 1171.124934][T12298] pgrefill 6153 [ 1171.124934][T12298] pgscan 6035 [ 1171.124934][T12298] pgsteal 675 [ 1171.130334][T12298] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=7021,uid=0 [ 1171.244791][T12321] 9pnet: Insufficient options for proto=fd 11:07:35 executing program 0: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff038000000800395032303030264c"], 0x15) write$FUSE_BMAP(0xffffffffffffffff, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_CREATE_OPEN(0xffffffffffffffff, &(0x7f0000000400)={0xa0}, 0xa0) write$FUSE_NOTIFY_RETRIEVE(0xffffffffffffffff, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX]) lstat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000380)) 11:07:35 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c000000000000000c00000000", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) [ 1171.296302][ T23] audit: type=1804 audit(1566904055.744:1139): pid=12329 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir582042889/syzkaller.EPHjOp/2376/bus" dev="sda1" ino=17869 res=1 [ 1171.323752][T12298] Memory cgroup out of memory: Killed process 7021 (syz-executor.4) total-vm:72708kB, anon-rss:2200kB, file-rss:34816kB, shmem-rss:0kB [ 1171.381302][T12338] 9pnet: Insufficient options for proto=fd 11:07:35 executing program 3: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff038000000800395032303030264c"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000180)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x13f, 0x3}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r2, &(0x7f0000000280)={0x3, 0x40, 0xfa00, {{0xa, 0x4e22, 0x5, @dev={0xfe, 0x80, [], 0x12}, 0xb6}, {0xa, 0x4e21, 0x0, @ipv4={[], [], @rand_addr=0x101}, 0x1}, r3, 0x101}}, 0x48) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000400)={0xa0}, 0xa0) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) chmod(&(0x7f00000001c0)='./file0\x00', 0x40) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) chdir(&(0x7f0000000000)='./file0\x00') mknod(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) prctl$PR_TASK_PERF_EVENTS_DISABLE(0x1f) [ 1171.433418][T12298] syz-executor.4 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1171.469569][T12298] CPU: 1 PID: 12298 Comm: syz-executor.4 Not tainted 5.3.0-rc6 #127 [ 1171.477550][T12298] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1171.487600][T12298] Call Trace: [ 1171.490867][T12298] dump_stack+0x172/0x1f0 [ 1171.495172][T12298] dump_header+0x10b/0x82d [ 1171.499563][T12298] oom_kill_process.cold+0x10/0x15 [ 1171.504667][T12298] out_of_memory+0x79a/0x12c0 [ 1171.509318][T12298] ? lock_downgrade+0x920/0x920 [ 1171.514139][T12298] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1171.520347][T12298] ? oom_killer_disable+0x280/0x280 [ 1171.525514][T12298] ? __kasan_check_read+0x11/0x20 [ 1171.530509][T12298] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1171.536026][T12298] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1171.541632][T12298] ? do_raw_spin_unlock+0x57/0x270 [ 1171.546713][T12298] ? _raw_spin_unlock+0x2d/0x50 [ 1171.551531][T12298] try_charge+0xf4b/0x1440 [ 1171.555924][T12298] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1171.561440][T12298] ? get_mem_cgroup_from_mm+0x139/0x320 [ 1171.566954][T12298] ? __kasan_check_read+0x11/0x20 [ 1171.571955][T12298] ? lock_downgrade+0x920/0x920 [ 1171.576775][T12298] ? percpu_ref_tryget_live+0x111/0x290 [ 1171.582289][T12298] __memcg_kmem_charge_memcg+0x71/0xf0 [ 1171.587718][T12298] ? memcg_kmem_put_cache+0x50/0x50 [ 1171.592883][T12298] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1171.598397][T12298] __memcg_kmem_charge+0x13a/0x3a0 [ 1171.603477][T12298] __alloc_pages_nodemask+0x4f4/0x900 [ 1171.608819][T12298] ? stack_trace_consume_entry+0x190/0x190 [ 1171.614605][T12298] ? __alloc_pages_slowpath+0x2520/0x2520 [ 1171.620314][T12298] ? __pte_alloc+0x1b5/0x310 [ 1171.624879][T12298] ? copy_page_range+0xef4/0x1ee0 [ 1171.629870][T12298] ? __kasan_check_read+0x11/0x20 [ 1171.634868][T12298] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1171.641077][T12298] alloc_pages_current+0x107/0x210 [ 1171.646161][T12298] pte_alloc_one+0x1b/0x1a0 [ 1171.650637][T12298] __pte_alloc+0x20/0x310 [ 1171.655024][T12298] copy_page_range+0x1520/0x1ee0 [ 1171.659940][T12298] ? pmd_alloc+0x180/0x180 [ 1171.664327][T12298] ? vma_gap_callbacks_rotate+0x62/0x80 [ 1171.669843][T12298] ? __rb_insert_augmented+0x20c/0xd90 [ 1171.675272][T12298] ? validate_mm_rb+0xa3/0xc0 [ 1171.679919][T12298] ? __vma_link_rb+0x275/0x370 [ 1171.684652][T12298] ? __kasan_check_write+0x14/0x20 [ 1171.689735][T12298] dup_mm+0xa67/0x1430 [ 1171.693780][T12298] ? vm_area_dup+0x170/0x170 [ 1171.698343][T12298] ? debug_mutex_init+0x2d/0x5a [ 1171.703167][T12298] copy_process+0x28b7/0x6b00 [ 1171.707842][T12298] ? copy_msghdr_from_user+0x440/0x440 [ 1171.715707][T12298] ? __cleanup_sighand+0x60/0x60 [ 1171.720619][T12298] _do_fork+0x146/0xfa0 [ 1171.724743][T12298] ? copy_init_mm+0x20/0x20 [ 1171.729217][T12298] ? __kasan_check_read+0x11/0x20 [ 1171.734212][T12298] ? _copy_to_user+0x118/0x160 [ 1171.738950][T12298] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1171.745159][T12298] ? put_timespec64+0xda/0x140 [ 1171.749900][T12298] __x64_sys_clone+0x18d/0x250 [ 1171.754640][T12298] ? __ia32_sys_vfork+0xc0/0xc0 [ 1171.759471][T12298] ? trace_hardirqs_off_caller+0x65/0x230 [ 1171.765160][T12298] ? trace_hardirqs_on+0x67/0x240 [ 1171.770160][T12298] do_syscall_64+0xfd/0x6a0 [ 1171.774637][T12298] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1171.780496][T12298] RIP: 0033:0x459879 [ 1171.784361][T12298] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1171.803935][T12298] RSP: 002b:00007fd57ae39c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1171.812317][T12298] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000459879 [ 1171.820260][T12298] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1171.828202][T12298] RBP: 000000000075bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 1171.836146][T12298] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd57ae3a6d4 [ 1171.844102][T12298] R13: 00000000004bfd46 R14: 00000000004d1af8 R15: 00000000ffffffff [ 1171.856711][T12298] memory: usage 307200kB, limit 307200kB, failcnt 4676 [ 1171.864090][T12298] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1171.882020][T12298] Memory cgroup stats for /syz4: [ 1171.882128][T12298] anon 233467904 [ 1171.882128][T12298] file 8192 [ 1171.882128][T12298] kernel_stack 12255232 [ 1171.882128][T12298] slab 18771968 [ 1171.882128][T12298] sock 0 [ 1171.882128][T12298] shmem 0 [ 1171.882128][T12298] file_mapped 0 [ 1171.882128][T12298] file_dirty 0 [ 1171.882128][T12298] file_writeback 0 [ 1171.882128][T12298] anon_thp 153092096 [ 1171.882128][T12298] inactive_anon 135168 [ 1171.882128][T12298] active_anon 233467904 [ 1171.882128][T12298] inactive_file 0 [ 1171.882128][T12298] active_file 0 [ 1171.882128][T12298] unevictable 135168 [ 1171.882128][T12298] slab_reclaimable 2973696 [ 1171.882128][T12298] slab_unreclaimable 15798272 [ 1171.882128][T12298] pgfault 241065 [ 1171.882128][T12298] pgmajfault 0 [ 1171.882128][T12298] workingset_refault 396 [ 1171.882128][T12298] workingset_activate 66 [ 1171.882128][T12298] workingset_nodereclaim 0 [ 1171.882128][T12298] pgrefill 6153 [ 1171.882128][T12298] pgscan 6035 [ 1171.882128][T12298] pgsteal 675 11:07:36 executing program 2: r0 = syz_open_dev$evdev(&(0x7f0000000100)='/dev/input/event#\x00', 0x0, 0x0) r1 = syz_open_dev$evdev(0x0, 0x0, 0x0) dup3(r0, r1, 0x8000a0) ioctl$EVIOCGRAB(r0, 0x40044590, &(0x7f00000002c0)) ioctl$EVIOCGRAB(r1, 0x40044590, 0x0) 11:07:36 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c000000000000000e00000000", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) [ 1171.990916][T12298] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=12297,uid=0 [ 1172.009645][T12298] Memory cgroup out of memory: Killed process 12297 (syz-executor.4) total-vm:72708kB, anon-rss:2200kB, file-rss:35780kB, shmem-rss:0kB 11:07:36 executing program 4: ioctl$SNDRV_TIMER_IOCTL_STATUS(0xffffffffffffffff, 0x80605414, &(0x7f0000001500)=""/172) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$rds(0xffffffffffffffff, &(0x7f00000014c0)={0x0, 0x0, &(0x7f0000000bc0)=[{0x0}], 0x1, &(0x7f0000001300)=ANY=[@ANYBLOB, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYBLOB="17000000", @ANYPTR, @ANYBLOB], 0x2c}, 0x1) r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000180)={0x2, 0x0, @loopback}, 0x10) perf_event_open(&(0x7f0000000880)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000100), 0x74, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {&(0x7f0000000040)=""/156, 0x80305}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x2c}, {&(0x7f00000001c0)=""/67, 0x43}, {&(0x7f0000000240)=""/198, 0xc6}, {&(0x7f0000000140)=""/15, 0xf}, {&(0x7f0000000340)=""/54, 0x7ffff}, {&(0x7f0000000380)=""/42, 0x2a}, {&(0x7f00000003c0)=""/77, 0x4d}, {&(0x7f0000000440)=""/244, 0xf4}, {&(0x7f0000000540)=""/219, 0xdb}], 0x7}}], 0x48}, 0x0) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000640)={0x52, 0x9, 0x3, {0x9, 0x8}, {0x5}, @rumble={0x7, 0x7}}) 11:07:36 executing program 0: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000400)={0xa0}, 0xa0) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) lstat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000380)) [ 1172.027971][ T23] audit: type=1804 audit(1566904056.474:1140): pid=12347 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir582042889/syzkaller.EPHjOp/2376/bus" dev="sda1" ino=17869 res=1 [ 1172.053592][ T1058] oom_reaper: reaped process 12297 (syz-executor.4), now anon-rss:0kB, file-rss:34820kB, shmem-rss:0kB 11:07:36 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c000000000000000f00000000", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) 11:07:36 executing program 0: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000400)={0xa0}, 0xa0) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) lstat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000380)) 11:07:36 executing program 1: r0 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r0, 0x8003f1) open(&(0x7f00000004c0)='./bus\x00', 0x0, 0x4300) 11:07:36 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c000000000000001000000000", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) 11:07:36 executing program 0: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000400)={0xa0}, 0xa0) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) lstat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000380)) [ 1172.300675][T12372] validate_nla: 5 callbacks suppressed [ 1172.300683][T12372] netlink: 'syz-executor.5': attribute type 4 has an invalid length. 11:07:36 executing program 4: ioctl$SNDRV_TIMER_IOCTL_STATUS(0xffffffffffffffff, 0x80605414, &(0x7f0000001500)=""/172) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$rds(0xffffffffffffffff, &(0x7f00000014c0)={0x0, 0x0, &(0x7f0000000bc0)=[{0x0}], 0x1, &(0x7f0000001300)=ANY=[@ANYBLOB, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYBLOB="17000000", @ANYPTR, @ANYBLOB], 0x2c}, 0x1) r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000180)={0x2, 0x0, @loopback}, 0x10) perf_event_open(&(0x7f0000000880)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000100), 0x7a, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {&(0x7f0000000040)=""/156, 0x80305}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x2c}, {&(0x7f00000001c0)=""/67, 0x43}, {&(0x7f0000000240)=""/198, 0xc6}, {&(0x7f0000000140)=""/15, 0xf}, {&(0x7f0000000340)=""/54, 0x7ffff}, {&(0x7f0000000380)=""/42, 0x2a}, {&(0x7f00000003c0)=""/77, 0x4d}, {&(0x7f0000000440)=""/244, 0xf4}, {&(0x7f0000000540)=""/219, 0xdb}], 0x7}}], 0x48}, 0x0) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000640)={0x52, 0x9, 0x3, {0x9, 0x8}, {0x5}, @rumble={0x7, 0x7}}) 11:07:36 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c000000000000004800000000", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) 11:07:36 executing program 0: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff038000000800395032303030264c"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000400)={0xa0}, 0xa0) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) lstat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000380)) 11:07:36 executing program 3: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff038000000800395032090030264c"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000400)={0xa0}, 0xa0) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000040)={0x0, 0x0}, &(0x7f0000000180)=0xc) r4 = getgid() write$FUSE_DIRENTPLUS(r2, &(0x7f0000000600)={0xa8, 0xcb0084bcbc1d6ea6, 0x6, [{{0x0, 0x0, 0x5f1fb457, 0x2, 0x9, 0x9, {0x6, 0xdf7, 0x3, 0x4, 0x7fff00000000000, 0x9, 0x4f8, 0x7, 0x3, 0x100000000, 0x2000000000000, r3, r4, 0x22, 0x1f}}, {0x0, 0x7, 0x0, 0x9}}]}, 0xa8) ioctl$SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION(r2, 0xc0505350, &(0x7f0000000280)={{0x3, 0x3}, {0x3, 0x2}, 0x5, 0x2, 0x20}) chdir(&(0x7f0000000000)='./file0\x00') mknod(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) ioctl$VIDIOC_TRY_FMT(r2, 0xc0d05640, &(0x7f00000004c0)={0x4, @vbi={0x7, 0x1, 0x1f, 0x56595559, [0x9, 0x5], [0x2, 0x18e6], 0x109}}) write$FUSE_INIT(r2, &(0x7f0000000380)={0x50, 0xffffffffffffffda, 0x3, {0x7, 0x1f, 0x8000, 0x0, 0x7f, 0x800, 0x4, 0x7fff}}, 0x50) 11:07:36 executing program 2: r0 = syz_open_dev$evdev(&(0x7f0000000100)='/dev/input/event#\x00', 0x0, 0x0) r1 = syz_open_dev$evdev(0x0, 0x0, 0x0) dup3(r0, r1, 0x40000000) ioctl$EVIOCGRAB(r0, 0x40044590, &(0x7f00000002c0)) ioctl$EVIOCGRAB(r1, 0x40044590, 0x0) [ 1172.478434][T12389] netlink: 'syz-executor.5': attribute type 4 has an invalid length. 11:07:37 executing program 4: ioctl$SNDRV_TIMER_IOCTL_STATUS(0xffffffffffffffff, 0x80605414, &(0x7f0000001500)=""/172) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$rds(0xffffffffffffffff, &(0x7f00000014c0)={0x0, 0x0, &(0x7f0000000bc0)=[{0x0}], 0x1, &(0x7f0000001300)=ANY=[@ANYBLOB, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYBLOB="17000000", @ANYPTR, @ANYBLOB], 0x2c}, 0x1) r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000180)={0x2, 0x0, @loopback}, 0x10) perf_event_open(&(0x7f0000000880)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000100), 0x300, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {&(0x7f0000000040)=""/156, 0x80305}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x2c}, {&(0x7f00000001c0)=""/67, 0x43}, {&(0x7f0000000240)=""/198, 0xc6}, {&(0x7f0000000140)=""/15, 0xf}, {&(0x7f0000000340)=""/54, 0x7ffff}, {&(0x7f0000000380)=""/42, 0x2a}, {&(0x7f00000003c0)=""/77, 0x4d}, {&(0x7f0000000440)=""/244, 0xf4}, {&(0x7f0000000540)=""/219, 0xdb}], 0x7}}], 0x48}, 0x0) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000640)={0x52, 0x9, 0x3, {0x9, 0x8}, {0x5}, @rumble={0x7, 0x7}}) 11:07:37 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c000000000000004c00000000", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) 11:07:37 executing program 0: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff038000000800395032303030264c"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000400)={0xa0}, 0xa0) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) lstat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000380)) 11:07:37 executing program 3: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000000040)={0xffffffffffffffff}) r3 = syz_genetlink_get_family_id$ipvs(&(0x7f00000001c0)='IPVS\x00') sendmsg$IPVS_CMD_NEW_DAEMON(r2, &(0x7f00000003c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x40200000}, 0xc, &(0x7f0000000380)={&(0x7f0000000280)={0x4c, r3, 0x1b95ac5d24c5ad89, 0x70bd26, 0x25dfdbfc, {}, [@IPVS_CMD_ATTR_SERVICE={0x28, 0x1, [@IPVS_SVC_ATTR_FWMARK={0x8}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x8, 0x21}}, @IPVS_SVC_ATTR_SCHED_NAME={0x8, 0x6, 'sed\x00'}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x6}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0xf715}]}, 0x4c}, 0x1, 0x0, 0x0, 0x801}, 0x20000000) write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff038000000800395032303030264c"], 0x15) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000000600)='TIPC\x00') sendmsg$TIPC_CMD_GET_LINKS(r2, &(0x7f00000006c0)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000680)={&(0x7f0000000640)={0x24, r4, 0x8, 0x70bd2b, 0x25dfdbfd, {{}, 0x0, 0x4, 0x0, {0x8, 0x11, 0x78a7}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x20008000}, 0x40000) r5 = creat(&(0x7f00000004c0)='./file0/file0\x00', 0x8) r6 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000700)='/dev/dsp\x00', 0xd0001, 0x0) ioctl$VIDIOC_EXPBUF(r5, 0xc0405610, &(0x7f0000000540)={0xa, 0x5, 0x0, 0x4000, r6}) r7 = dup(r1) write$FUSE_BMAP(r7, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_CREATE_OPEN(r7, &(0x7f0000000400)={0xa0}, 0xa0) write$FUSE_NOTIFY_RETRIEVE(r7, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r7]) chdir(&(0x7f0000000000)='./file0\x00') mknod(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) [ 1172.649540][T12409] netlink: 'syz-executor.5': attribute type 4 has an invalid length. [ 1172.765870][ T23] kauditd_printk_skb: 1 callbacks suppressed [ 1172.765880][ T23] audit: type=1804 audit(1566904057.214:1142): pid=12423 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir582042889/syzkaller.EPHjOp/2377/bus" dev="sda1" ino=18050 res=1 11:07:37 executing program 1: r0 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r0, 0x8003f1) open(&(0x7f00000004c0)='./bus\x00', 0x0, 0x4400) 11:07:37 executing program 0: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff038000000800395032303030264c"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000400)={0xa0}, 0xa0) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) lstat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000380)) 11:07:37 executing program 4: ioctl$SNDRV_TIMER_IOCTL_STATUS(0xffffffffffffffff, 0x80605414, &(0x7f0000001500)=""/172) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$rds(0xffffffffffffffff, &(0x7f00000014c0)={0x0, 0x0, &(0x7f0000000bc0)=[{0x0}], 0x1, &(0x7f0000001300)=ANY=[@ANYBLOB, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYBLOB="17000000", @ANYPTR, @ANYBLOB], 0x2c}, 0x1) r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000180)={0x2, 0x0, @loopback}, 0x10) perf_event_open(&(0x7f0000000880)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000100), 0x500, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {&(0x7f0000000040)=""/156, 0x80305}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x2c}, {&(0x7f00000001c0)=""/67, 0x43}, {&(0x7f0000000240)=""/198, 0xc6}, {&(0x7f0000000140)=""/15, 0xf}, {&(0x7f0000000340)=""/54, 0x7ffff}, {&(0x7f0000000380)=""/42, 0x2a}, {&(0x7f00000003c0)=""/77, 0x4d}, {&(0x7f0000000440)=""/244, 0xf4}, {&(0x7f0000000540)=""/219, 0xdb}], 0x7}}], 0x48}, 0x0) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000640)={0x52, 0x9, 0x3, {0x9, 0x8}, {0x5}, @rumble={0x7, 0x7}}) 11:07:37 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c000000000000006000000000", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) 11:07:37 executing program 3: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) lookup_dcookie(0x2, &(0x7f0000000180)=""/122, 0x7a) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff038000000800395032303030264c"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000400)={0xa0}, 0xa0) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) chdir(&(0x7f0000000000)='./file0\x00') mknod(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) [ 1172.815653][T12428] netlink: 'syz-executor.5': attribute type 4 has an invalid length. [ 1172.836601][ T23] audit: type=1804 audit(1566904057.284:1143): pid=12433 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir582042889/syzkaller.EPHjOp/2378/bus" dev="sda1" ino=18147 res=1 11:07:37 executing program 0: mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff038000000800395032303030264c"], 0x15) r0 = dup(0xffffffffffffffff) write$FUSE_BMAP(r0, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_CREATE_OPEN(r0, &(0x7f0000000400)={0xa0}, 0xa0) write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX=r0]) lstat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000380)) 11:07:37 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c000000000000006800000000", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) [ 1172.898104][T12434] syz-executor.4 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1172.910990][T12434] CPU: 1 PID: 12434 Comm: syz-executor.4 Not tainted 5.3.0-rc6 #127 [ 1172.918959][T12434] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1172.929086][T12434] Call Trace: [ 1172.929103][T12434] dump_stack+0x172/0x1f0 [ 1172.929121][T12434] dump_header+0x10b/0x82d [ 1172.941073][T12434] oom_kill_process.cold+0x10/0x15 [ 1172.946165][T12434] out_of_memory+0x79a/0x12c0 [ 1172.946179][T12434] ? lock_downgrade+0x920/0x920 [ 1172.946201][T12434] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1172.955663][T12434] ? oom_killer_disable+0x280/0x280 [ 1172.955676][T12434] ? __kasan_check_read+0x11/0x20 [ 1172.955694][T12434] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1172.977689][T12434] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1172.983313][T12434] ? do_raw_spin_unlock+0x57/0x270 [ 1172.988418][T12434] ? _raw_spin_unlock+0x2d/0x50 [ 1172.993262][T12434] try_charge+0xf4b/0x1440 [ 1172.997670][T12434] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1173.003207][T12434] ? get_mem_cgroup_from_mm+0x139/0x320 [ 1173.008736][T12434] ? __kasan_check_read+0x11/0x20 [ 1173.013759][T12434] ? lock_downgrade+0x920/0x920 [ 1173.018597][T12434] ? percpu_ref_tryget_live+0x111/0x290 [ 1173.024137][T12434] __memcg_kmem_charge_memcg+0x71/0xf0 [ 1173.029604][T12434] ? memcg_kmem_put_cache+0x50/0x50 [ 1173.034796][T12434] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1173.040332][T12434] __memcg_kmem_charge+0x13a/0x3a0 [ 1173.045441][T12434] __alloc_pages_nodemask+0x4f4/0x900 [ 1173.050809][T12434] ? stack_trace_consume_entry+0x190/0x190 [ 1173.056611][T12434] ? __alloc_pages_slowpath+0x2520/0x2520 [ 1173.058415][T12440] 9pnet: Insufficient options for proto=fd [ 1173.062315][T12434] ? __pte_alloc+0x1b5/0x310 [ 1173.062329][T12434] ? copy_page_range+0xef4/0x1ee0 [ 1173.062345][T12434] ? __kasan_check_read+0x11/0x20 [ 1173.082689][T12434] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1173.088916][T12434] alloc_pages_current+0x107/0x210 [ 1173.094016][T12434] pte_alloc_one+0x1b/0x1a0 [ 1173.098509][T12434] __pte_alloc+0x20/0x310 [ 1173.102831][T12434] copy_page_range+0x1520/0x1ee0 [ 1173.107770][T12434] ? pmd_alloc+0x180/0x180 [ 1173.112179][T12434] ? vma_gap_callbacks_rotate+0x62/0x80 [ 1173.113932][T12441] netlink: 'syz-executor.5': attribute type 4 has an invalid length. [ 1173.117719][T12434] ? __rb_insert_augmented+0x20c/0xd90 [ 1173.117732][T12434] ? validate_mm_rb+0xa3/0xc0 [ 1173.117743][T12434] ? __vma_link_rb+0x275/0x370 [ 1173.117760][T12434] ? __kasan_check_write+0x14/0x20 [ 1173.145700][T12434] dup_mm+0xa67/0x1430 [ 1173.149758][T12434] ? vm_area_dup+0x170/0x170 [ 1173.154318][T12434] ? debug_mutex_init+0x2d/0x5a [ 1173.159139][T12434] copy_process+0x28b7/0x6b00 [ 1173.163801][T12434] ? copy_msghdr_from_user+0x440/0x440 [ 1173.169233][T12434] ? __cleanup_sighand+0x60/0x60 [ 1173.174144][T12434] _do_fork+0x146/0xfa0 [ 1173.178267][T12434] ? copy_init_mm+0x20/0x20 [ 1173.182740][T12434] ? __kasan_check_read+0x11/0x20 [ 1173.187733][T12434] ? _copy_to_user+0x118/0x160 [ 1173.192469][T12434] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1173.198679][T12434] ? put_timespec64+0xda/0x140 [ 1173.203420][T12434] __x64_sys_clone+0x18d/0x250 [ 1173.208148][T12434] ? __ia32_sys_vfork+0xc0/0xc0 [ 1173.213057][T12434] ? trace_hardirqs_off_caller+0x65/0x230 [ 1173.218744][T12434] ? trace_hardirqs_on+0x67/0x240 [ 1173.223860][T12434] do_syscall_64+0xfd/0x6a0 [ 1173.228337][T12434] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1173.234197][T12434] RIP: 0033:0x459879 [ 1173.238070][T12434] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1173.257645][T12434] RSP: 002b:00007fd57ae39c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1173.266041][T12434] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000459879 [ 1173.273991][T12434] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1173.281932][T12434] RBP: 000000000075bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 1173.289873][T12434] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd57ae3a6d4 [ 1173.297901][T12434] R13: 00000000004bfd46 R14: 00000000004d1af8 R15: 00000000ffffffff [ 1173.314502][ T23] audit: type=1804 audit(1566904057.754:1144): pid=12442 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir582042889/syzkaller.EPHjOp/2378/bus" dev="sda1" ino=18147 res=1 [ 1173.321152][T12434] memory: usage 307200kB, limit 307200kB, failcnt 4702 11:07:37 executing program 2: r0 = syz_open_dev$evdev(&(0x7f0000000100)='/dev/input/event#\x00', 0x0, 0x0) r1 = syz_open_dev$evdev(0x0, 0x0, 0x0) dup3(r0, r1, 0xa0008000) ioctl$EVIOCGRAB(r0, 0x40044590, &(0x7f00000002c0)) ioctl$EVIOCGRAB(r1, 0x40044590, 0x0) 11:07:37 executing program 0: mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff038000000800395032303030264c"], 0x15) r0 = dup(0xffffffffffffffff) write$FUSE_BMAP(r0, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_CREATE_OPEN(r0, &(0x7f0000000400)={0xa0}, 0xa0) write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX=r0]) lstat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000380)) 11:07:37 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c000000000000006c00000000", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) [ 1173.346946][T12434] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1173.353873][T12434] Memory cgroup stats for /syz4: [ 1173.353967][T12434] anon 232026112 [ 1173.353967][T12434] file 8192 [ 1173.353967][T12434] kernel_stack 12451840 [ 1173.353967][T12434] slab 19042304 [ 1173.353967][T12434] sock 0 [ 1173.353967][T12434] shmem 0 [ 1173.353967][T12434] file_mapped 0 [ 1173.353967][T12434] file_dirty 0 [ 1173.353967][T12434] file_writeback 0 [ 1173.353967][T12434] anon_thp 150994944 [ 1173.353967][T12434] inactive_anon 135168 [ 1173.353967][T12434] active_anon 232026112 [ 1173.353967][T12434] inactive_file 0 [ 1173.353967][T12434] active_file 0 [ 1173.353967][T12434] unevictable 135168 [ 1173.353967][T12434] slab_reclaimable 2973696 [ 1173.353967][T12434] slab_unreclaimable 16068608 [ 1173.353967][T12434] pgfault 241461 [ 1173.353967][T12434] pgmajfault 0 [ 1173.353967][T12434] workingset_refault 396 [ 1173.353967][T12434] workingset_activate 66 [ 1173.353967][T12434] workingset_nodereclaim 0 [ 1173.353967][T12434] pgrefill 6153 [ 1173.353967][T12434] pgscan 6035 [ 1173.353967][T12434] pgsteal 675 11:07:37 executing program 1: r0 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r0, 0x8003f1) open(&(0x7f00000004c0)='./bus\x00', 0x0, 0x4500) 11:07:37 executing program 0: mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff038000000800395032303030264c"], 0x15) r0 = dup(0xffffffffffffffff) write$FUSE_BMAP(r0, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_CREATE_OPEN(r0, &(0x7f0000000400)={0xa0}, 0xa0) write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX=r0]) lstat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000380)) [ 1173.467912][T12446] 9pnet: Insufficient options for proto=fd [ 1173.478583][T12445] netlink: 'syz-executor.5': attribute type 4 has an invalid length. 11:07:38 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c000000000000007400000000", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) [ 1173.510697][ T23] audit: type=1800 audit(1566904057.904:1145): pid=12442 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed comm="syz-executor.1" name="bus" dev="sda1" ino=18147 res=0 [ 1173.549648][ T23] audit: type=1804 audit(1566904057.954:1146): pid=12450 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir582042889/syzkaller.EPHjOp/2379/bus" dev="sda1" ino=18050 res=1 [ 1173.579712][T12453] 9pnet: Insufficient options for proto=fd 11:07:38 executing program 0: pipe2$9p(0x0, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff038000000800395032303030264c"], 0x15) r0 = dup(0xffffffffffffffff) write$FUSE_BMAP(r0, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_CREATE_OPEN(r0, &(0x7f0000000400)={0xa0}, 0xa0) write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX=r0]) lstat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000380)) [ 1173.597958][T12434] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=6314,uid=0 [ 1173.621960][T12456] netlink: 'syz-executor.5': attribute type 4 has an invalid length. [ 1173.631345][T12434] Memory cgroup out of memory: Killed process 6314 (syz-executor.4) total-vm:72708kB, anon-rss:2200kB, file-rss:34816kB, shmem-rss:0kB [ 1173.712922][T12459] 9pnet: Insufficient options for proto=fd [ 1173.735104][ T23] audit: type=1804 audit(1566904058.174:1147): pid=12465 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir582042889/syzkaller.EPHjOp/2379/bus" dev="sda1" ino=18050 res=1 11:07:38 executing program 4: ioctl$SNDRV_TIMER_IOCTL_STATUS(0xffffffffffffffff, 0x80605414, &(0x7f0000001500)=""/172) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$rds(0xffffffffffffffff, &(0x7f00000014c0)={0x0, 0x0, &(0x7f0000000bc0)=[{0x0}], 0x1, &(0x7f0000001300)=ANY=[@ANYBLOB, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYBLOB="17000000", @ANYPTR, @ANYBLOB], 0x2c}, 0x1) r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000180)={0x2, 0x0, @loopback}, 0x10) perf_event_open(&(0x7f0000000880)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000100), 0x600, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {&(0x7f0000000040)=""/156, 0x80305}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x2c}, {&(0x7f00000001c0)=""/67, 0x43}, {&(0x7f0000000240)=""/198, 0xc6}, {&(0x7f0000000140)=""/15, 0xf}, {&(0x7f0000000340)=""/54, 0x7ffff}, {&(0x7f0000000380)=""/42, 0x2a}, {&(0x7f00000003c0)=""/77, 0x4d}, {&(0x7f0000000440)=""/244, 0xf4}, {&(0x7f0000000540)=""/219, 0xdb}], 0x7}}], 0x48}, 0x0) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000640)={0x52, 0x9, 0x3, {0x9, 0x8}, {0x5}, @rumble={0x7, 0x7}}) 11:07:38 executing program 3: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80000) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r0, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff038000000800395032303030264c"], 0x15) r1 = dup(r0) write$FUSE_BMAP(r1, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_CREATE_OPEN(r1, &(0x7f0000000400)={0xa0}, 0xa0) write$FUSE_NOTIFY_RETRIEVE(r1, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000280)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x910401, &(0x7f00000001c0)=ANY=[]) chdir(&(0x7f0000000000)='./file0\x00') mknod(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) 11:07:38 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c000000000000007a00000000", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) 11:07:38 executing program 0: pipe2$9p(0x0, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff038000000800395032303030264c"], 0x15) r0 = dup(0xffffffffffffffff) write$FUSE_BMAP(r0, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_CREATE_OPEN(r0, &(0x7f0000000400)={0xa0}, 0xa0) write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX=r0]) lstat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000380)) 11:07:38 executing program 3: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[], 0x1cc) r2 = dup(r1) llistxattr(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000340)=""/71, 0x47) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000400)={0xa0}, 0xa0) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) ioctl$DRM_IOCTL_MODE_GETCRTC(r2, 0xc06864a1, &(0x7f0000000180)={&(0x7f0000000040)=[0xfffffffffffffff9, 0x9e, 0xa60f], 0x3, 0x8, 0x100, 0x800, 0x7e70, 0x8001, {0x5b, 0x0, 0x10000, 0x7ff, 0x0, 0x4, 0x9, 0x8, 0x2, 0x38, 0x7, 0x8000, 0x68, 0x8, "b169027e345d8b5b8b2b055dd1a850f8cb289f0e5d66c66fc36807415fb3c46b"}}) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB="2c72ca7dadd167285f02dc10cafcc24d6190577ca7b6111d94f3d09b8cd237693360a8af39d8100ef78f97f08da0f9fc9bb3346755f680f683fad6ec1aaabd18a6331bf12b78c871c2793b8124e327da496d2ef76c9349d38a4dd83f85c046a408af763c71ffe7277a2f2f", @ANYRESHEX=r2]) chdir(&(0x7f0000000000)='./file0\x00') pipe2$9p(&(0x7f0000000280), 0x800) mknod(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) [ 1173.869268][T12478] netlink: 'syz-executor.5': attribute type 4 has an invalid length. [ 1173.886140][T12477] 9pnet: Insufficient options for proto=fd 11:07:38 executing program 2: r0 = syz_open_dev$evdev(&(0x7f0000000100)='/dev/input/event#\x00', 0x0, 0x0) r1 = syz_open_dev$evdev(0x0, 0x0, 0x0) dup3(r0, r1, 0x8000a0ffffffff) ioctl$EVIOCGRAB(r0, 0x40044590, &(0x7f00000002c0)) ioctl$EVIOCGRAB(r1, 0x40044590, 0x0) 11:07:38 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c00000000000000f000000000", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) 11:07:38 executing program 0: pipe2$9p(0x0, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff038000000800395032303030264c"], 0x15) r0 = dup(0xffffffffffffffff) write$FUSE_BMAP(r0, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_CREATE_OPEN(r0, &(0x7f0000000400)={0xa0}, 0xa0) write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX=r0]) lstat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000380)) [ 1173.968763][T12486] 9pnet: Insufficient options for proto=fd [ 1174.004136][T12486] 9pnet: Insufficient options for proto=fd [ 1174.020249][T12494] netlink: 'syz-executor.5': attribute type 4 has an invalid length. 11:07:38 executing program 1: r0 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r0, 0x8003f1) open(&(0x7f00000004c0)='./bus\x00', 0x0, 0x4600) 11:07:38 executing program 3: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff038000000800395032303030264c"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000400)={0xa0}, 0xa0) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wddno=', @ANYRESHEX=r2]) chdir(&(0x7f0000000000)='./file0\x00') mknod(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) 11:07:38 executing program 0: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(0x0, 0x0) write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff038000000800395032303030264c"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000400)={0xa0}, 0xa0) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) lstat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000380)) [ 1174.067066][T12498] 9pnet: Insufficient options for proto=fd 11:07:38 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c000000000000000003000000", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) 11:07:38 executing program 4: ioctl$SNDRV_TIMER_IOCTL_STATUS(0xffffffffffffffff, 0x80605414, &(0x7f0000001500)=""/172) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$rds(0xffffffffffffffff, &(0x7f00000014c0)={0x0, 0x0, &(0x7f0000000bc0)=[{0x0}], 0x1, &(0x7f0000001300)=ANY=[@ANYBLOB, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYBLOB="17000000", @ANYPTR, @ANYBLOB], 0x2c}, 0x1) r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000180)={0x2, 0x0, @loopback}, 0x10) perf_event_open(&(0x7f0000000880)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000100), 0x700, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {&(0x7f0000000040)=""/156, 0x80305}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x2c}, {&(0x7f00000001c0)=""/67, 0x43}, {&(0x7f0000000240)=""/198, 0xc6}, {&(0x7f0000000140)=""/15, 0xf}, {&(0x7f0000000340)=""/54, 0x7ffff}, {&(0x7f0000000380)=""/42, 0x2a}, {&(0x7f00000003c0)=""/77, 0x4d}, {&(0x7f0000000440)=""/244, 0xf4}, {&(0x7f0000000540)=""/219, 0xdb}], 0x7}}], 0x48}, 0x0) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000640)={0x52, 0x9, 0x3, {0x9, 0x8}, {0x5}, @rumble={0x7, 0x7}}) [ 1174.147414][T12503] 9pnet: Insufficient options for proto=fd [ 1174.164019][ T23] audit: type=1804 audit(1566904058.604:1148): pid=12506 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir582042889/syzkaller.EPHjOp/2380/bus" dev="sda1" ino=17701 res=1 11:07:38 executing program 0: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(0x0, 0x0) write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff038000000800395032303030264c"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000400)={0xa0}, 0xa0) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) lstat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000380)) [ 1174.207198][T12510] netlink: 'syz-executor.5': attribute type 4 has an invalid length. [ 1174.214280][T12503] 9pnet: Insufficient options for proto=fd 11:07:38 executing program 3: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff038000000800395032303030264c"], 0x15) r2 = syz_open_dev$midi(&(0x7f0000000040)='/dev/midi#\x00', 0x61, 0x1b9200) ioctl$VIDIOC_G_FREQUENCY(r2, 0xc02c5638, &(0x7f0000000180)={0x7, 0x4, 0x8001}) r3 = dup(r1) write$FUSE_BMAP(r3, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_CREATE_OPEN(r3, &(0x7f0000000400)={0xa0}, 0xa0) write$FUSE_NOTIFY_RETRIEVE(r3, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r3]) recvfrom$packet(r3, &(0x7f00000001c0)=""/6, 0x6, 0x2, 0x0, 0x0) chdir(&(0x7f0000000000)='./file0\x00') mknod(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) 11:07:38 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c000000000000000005000000", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) 11:07:38 executing program 4: ioctl$SNDRV_TIMER_IOCTL_STATUS(0xffffffffffffffff, 0x80605414, &(0x7f0000001500)=""/172) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$rds(0xffffffffffffffff, &(0x7f00000014c0)={0x0, 0x0, &(0x7f0000000bc0)=[{0x0}], 0x1, &(0x7f0000001300)=ANY=[@ANYBLOB, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYBLOB="17000000", @ANYPTR, @ANYBLOB], 0x2c}, 0x1) r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000180)={0x2, 0x0, @loopback}, 0x10) perf_event_open(&(0x7f0000000880)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000100), 0x2000, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {&(0x7f0000000040)=""/156, 0x80305}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x2c}, {&(0x7f00000001c0)=""/67, 0x43}, {&(0x7f0000000240)=""/198, 0xc6}, {&(0x7f0000000140)=""/15, 0xf}, {&(0x7f0000000340)=""/54, 0x7ffff}, {&(0x7f0000000380)=""/42, 0x2a}, {&(0x7f00000003c0)=""/77, 0x4d}, {&(0x7f0000000440)=""/244, 0xf4}, {&(0x7f0000000540)=""/219, 0xdb}], 0x7}}], 0x48}, 0x0) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000640)={0x52, 0x9, 0x3, {0x9, 0x8}, {0x5}, @rumble={0x7, 0x7}}) 11:07:39 executing program 2: r0 = syz_open_dev$evdev(&(0x7f0000000100)='/dev/input/event#\x00', 0x0, 0x0) r1 = syz_open_dev$evdev(0x0, 0x0, 0x0) dup3(r0, r1, 0x4000000000000000) ioctl$EVIOCGRAB(r0, 0x40044590, &(0x7f00000002c0)) ioctl$EVIOCGRAB(r1, 0x40044590, 0x0) 11:07:39 executing program 0: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(0x0, 0x0) write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff038000000800395032303030264c"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000400)={0xa0}, 0xa0) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) lstat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000380)) 11:07:39 executing program 3: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff038000000800395032303030264c"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_CREATE_OPEN(r2, &(0x7f00000004c0)={0x90, 0x0, 0x0, {{0x3, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, {0x0, 0x80000000000, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffe, 0x7fffffff}}}}, 0xa0) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0xfffffe2e, 0x5, 0x0, {0x0, 0x3}}, 0x120) setsockopt$bt_BT_CHANNEL_POLICY(r2, 0x112, 0xa, &(0x7f0000000040)=0xfdbc, 0x4) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) chdir(&(0x7f0000000000)='./file0\x00') lsetxattr$trusted_overlay_nlink(&(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)='trusted.overlay.nlink\x00', &(0x7f0000000280)={'L+', 0x7}, 0x28, 0x1) mknod(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) [ 1174.505341][ T23] audit: type=1804 audit(1566904058.944:1149): pid=12544 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir582042889/syzkaller.EPHjOp/2380/bus" dev="sda1" ino=17701 res=1 11:07:39 executing program 1: r0 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r0, 0x8003f1) open(&(0x7f00000004c0)='./bus\x00', 0x0, 0x4700) 11:07:39 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c000000000000000006000000", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) 11:07:39 executing program 4: ioctl$SNDRV_TIMER_IOCTL_STATUS(0xffffffffffffffff, 0x80605414, &(0x7f0000001500)=""/172) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$rds(0xffffffffffffffff, &(0x7f00000014c0)={0x0, 0x0, &(0x7f0000000bc0)=[{0x0}], 0x1, &(0x7f0000001300)=ANY=[@ANYBLOB, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYBLOB="17000000", @ANYPTR, @ANYBLOB], 0x2c}, 0x1) r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000180)={0x2, 0x0, @loopback}, 0x10) perf_event_open(&(0x7f0000000880)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000100), 0x4000, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {&(0x7f0000000040)=""/156, 0x80305}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x2c}, {&(0x7f00000001c0)=""/67, 0x43}, {&(0x7f0000000240)=""/198, 0xc6}, {&(0x7f0000000140)=""/15, 0xf}, {&(0x7f0000000340)=""/54, 0x7ffff}, {&(0x7f0000000380)=""/42, 0x2a}, {&(0x7f00000003c0)=""/77, 0x4d}, {&(0x7f0000000440)=""/244, 0xf4}, {&(0x7f0000000540)=""/219, 0xdb}], 0x7}}], 0x48}, 0x0) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000640)={0x52, 0x9, 0x3, {0x9, 0x8}, {0x5}, @rumble={0x7, 0x7}}) 11:07:39 executing program 0: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff038000000800395032303030264c"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000400)={0xa0}, 0xa0) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) lstat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000380)) 11:07:39 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c000000000000000007000000", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) 11:07:39 executing program 4: ioctl$SNDRV_TIMER_IOCTL_STATUS(0xffffffffffffffff, 0x80605414, &(0x7f0000001500)=""/172) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$rds(0xffffffffffffffff, &(0x7f00000014c0)={0x0, 0x0, &(0x7f0000000bc0)=[{0x0}], 0x1, &(0x7f0000001300)=ANY=[@ANYBLOB, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYBLOB="17000000", @ANYPTR, @ANYBLOB], 0x2c}, 0x1) r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000180)={0x2, 0x0, @loopback}, 0x10) perf_event_open(&(0x7f0000000880)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000100), 0x4800, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {&(0x7f0000000040)=""/156, 0x80305}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x2c}, {&(0x7f00000001c0)=""/67, 0x43}, {&(0x7f0000000240)=""/198, 0xc6}, {&(0x7f0000000140)=""/15, 0xf}, {&(0x7f0000000340)=""/54, 0x7ffff}, {&(0x7f0000000380)=""/42, 0x2a}, {&(0x7f00000003c0)=""/77, 0x4d}, {&(0x7f0000000440)=""/244, 0xf4}, {&(0x7f0000000540)=""/219, 0xdb}], 0x7}}], 0x48}, 0x0) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000640)={0x52, 0x9, 0x3, {0x9, 0x8}, {0x5}, @rumble={0x7, 0x7}}) 11:07:39 executing program 0: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff038000000800395032303030264c"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000400)={0xa0}, 0xa0) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) lstat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000380)) [ 1174.751433][ T23] audit: type=1804 audit(1566904059.194:1150): pid=12565 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir582042889/syzkaller.EPHjOp/2381/bus" dev="sda1" ino=17987 res=1 11:07:39 executing program 3: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="1500000065ffff038000000800395032303030264c"], 0x6) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000400)={0xa0}, 0xa0) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) chdir(&(0x7f0000000000)='./file0\x00') mknod(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) 11:07:39 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c00000000000000000a000000", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) 11:07:39 executing program 2: r0 = syz_open_dev$evdev(&(0x7f0000000100)='/dev/input/event#\x00', 0x0, 0x0) r1 = syz_open_dev$evdev(0x0, 0x0, 0x0) dup3(r0, r1, 0xffffffffa0008000) ioctl$EVIOCGRAB(r0, 0x40044590, &(0x7f00000002c0)) ioctl$EVIOCGRAB(r1, 0x40044590, 0x0) [ 1174.890649][T12576] syz-executor.4 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1174.947874][T12576] CPU: 0 PID: 12576 Comm: syz-executor.4 Not tainted 5.3.0-rc6 #127 [ 1174.955859][T12576] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1174.955864][T12576] Call Trace: [ 1174.955882][T12576] dump_stack+0x172/0x1f0 [ 1174.955900][T12576] dump_header+0x10b/0x82d [ 1174.955915][T12576] oom_kill_process.cold+0x10/0x15 [ 1174.955930][T12576] out_of_memory+0x79a/0x12c0 [ 1174.955945][T12576] ? lock_downgrade+0x920/0x920 [ 1174.955960][T12576] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1174.955973][T12576] ? oom_killer_disable+0x280/0x280 [ 1174.955995][T12576] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1175.009428][T12576] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1175.009444][T12576] ? do_raw_spin_unlock+0x57/0x270 [ 1175.020136][T12576] ? _raw_spin_unlock+0x2d/0x50 [ 1175.024977][T12576] try_charge+0xf4b/0x1440 [ 1175.029394][T12576] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1175.034926][T12576] ? get_mem_cgroup_from_mm+0x139/0x320 [ 1175.040456][T12576] ? __kasan_check_read+0x11/0x20 [ 1175.045474][T12576] ? lock_downgrade+0x920/0x920 [ 1175.050315][T12576] ? percpu_ref_tryget_live+0x111/0x290 [ 1175.055849][T12576] __memcg_kmem_charge_memcg+0x71/0xf0 [ 1175.061295][T12576] ? memcg_kmem_put_cache+0x50/0x50 [ 1175.066513][T12576] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1175.072061][T12576] __memcg_kmem_charge+0x13a/0x3a0 [ 1175.077167][T12576] __alloc_pages_nodemask+0x4f4/0x900 [ 1175.078328][ T23] audit: type=1804 audit(1566904059.524:1151): pid=12590 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir582042889/syzkaller.EPHjOp/2381/bus" dev="sda1" ino=17987 res=1 [ 1175.082528][T12576] ? __alloc_pages_slowpath+0x2520/0x2520 [ 1175.082552][T12576] ? lock_downgrade+0x920/0x920 [ 1175.117674][T12576] ? rwlock_bug.part.0+0x90/0x90 [ 1175.122595][T12576] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1175.128829][T12576] alloc_pages_current+0x107/0x210 [ 1175.133924][T12576] ? do_raw_spin_unlock+0x57/0x270 [ 1175.139027][T12576] __pmd_alloc+0x41/0x460 [ 1175.143343][T12576] ? pmd_val+0x100/0x100 [ 1175.147566][T12576] pmd_alloc+0x10c/0x180 [ 1175.147579][T12576] copy_page_range+0x610/0x1ee0 [ 1175.147592][T12576] ? mark_held_locks+0xf0/0xf0 [ 1175.147606][T12576] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1175.147618][T12576] ? mark_held_locks+0xf0/0xf0 [ 1175.147633][T12576] ? __kasan_check_read+0x11/0x20 [ 1175.161395][T12576] ? dup_mm+0x7cd/0x1430 [ 1175.161410][T12576] ? __kasan_check_read+0x11/0x20 [ 1175.186590][T12576] ? pmd_alloc+0x180/0x180 [ 1175.191008][T12576] ? lock_downgrade+0x920/0x920 11:07:39 executing program 1: r0 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r0, 0x8003f1) open(&(0x7f00000004c0)='./bus\x00', 0x0, 0x4800) [ 1175.195846][T12576] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 1175.201560][T12576] ? validate_mm_rb+0xa3/0xc0 [ 1175.206226][T12576] ? __vma_link_rb+0x275/0x370 [ 1175.210995][T12576] ? __kasan_check_write+0x14/0x20 [ 1175.216102][T12576] dup_mm+0xa67/0x1430 [ 1175.220166][T12576] ? vm_area_dup+0x170/0x170 [ 1175.224750][T12576] ? debug_mutex_init+0x2d/0x5a [ 1175.229595][T12576] copy_process+0x28b7/0x6b00 [ 1175.234263][T12576] ? __cleanup_sighand+0x60/0x60 [ 1175.239189][T12576] ? refcount_dec_and_mutex_lock+0x90/0x90 [ 1175.244991][T12576] _do_fork+0x146/0xfa0 [ 1175.249142][T12576] ? copy_init_mm+0x20/0x20 [ 1175.253643][T12576] ? __kasan_check_read+0x11/0x20 [ 1175.258651][T12576] ? _copy_to_user+0x118/0x160 [ 1175.263401][T12576] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1175.269627][T12576] ? put_timespec64+0xda/0x140 [ 1175.274383][T12576] __x64_sys_clone+0x18d/0x250 [ 1175.279136][T12576] ? __ia32_sys_vfork+0xc0/0xc0 [ 1175.283978][T12576] ? trace_hardirqs_off_caller+0x65/0x230 [ 1175.289684][T12576] ? trace_hardirqs_on+0x67/0x240 [ 1175.294698][T12576] do_syscall_64+0xfd/0x6a0 [ 1175.299191][T12576] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1175.305063][T12576] RIP: 0033:0x459879 [ 1175.308950][T12576] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1175.328550][T12576] RSP: 002b:00007fd57ae39c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1175.336947][T12576] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000459879 11:07:39 executing program 0: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff038000000800395032303030264c"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000400)={0xa0}, 0xa0) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) lstat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000380)) 11:07:39 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c00000000000000000c000000", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) 11:07:39 executing program 3: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r0, &(0x7f0000000340)=ANY=[@ANYBLOB="15085032cc9330264c"], 0x15) r1 = dup(r0) write$FUSE_BMAP(r1, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_CREATE_OPEN(r1, &(0x7f0000000400)={0xa0}, 0xa0) open$dir(&(0x7f0000000280)='./file0\x00', 0xfa49da66a2bd335e, 0x2) sendto$unix(r1, &(0x7f00000004c0)="25062e013b07f354acfbdd5d987cd11232f5d8cc0ed85231805f7e158bd86b90341a2736ef4de8023e975c520ede8ccab75d49a1584b3e91ef6a289efbb09662717ed4684bf8f2acc7fc598fab1304b02e65929a9d9cdeee3aba9a2a40022764f7c802bb4ca60cbd7b34319f0df85f7147a9ed154740ea4298f99119ce838c8dedb99ccd1a32d9bb9ffcab08329acd1b06082bb5eba4faae83340a270c7a2b2e72fab4415021f06271a3543c625b504360a558619048f0fa", 0xb8, 0x4000000, &(0x7f0000000180)=@abs={0x0, 0x0, 0x4e20}, 0x6e) write$FUSE_NOTIFY_RETRIEVE(r1, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYPTR64=&(0x7f0000000040)=ANY=[@ANYRES32=r0, @ANYRESDEC=r0, @ANYRESOCT=r1, @ANYRES32], @ANYBLOB=',wfdno=', @ANYRESHEX=r1]) pipe2$9p(&(0x7f00000002c0), 0x0) chdir(&(0x7f0000000000)='./file0\x00') mknod(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) [ 1175.344903][T12576] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1175.352858][T12576] RBP: 000000000075bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 1175.360808][T12576] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd57ae3a6d4 [ 1175.368761][T12576] R13: 00000000004bfd46 R14: 00000000004d1af8 R15: 00000000ffffffff [ 1175.404050][T12576] memory: usage 307200kB, limit 307200kB, failcnt 4741 [ 1175.422135][T12576] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1175.431157][T12602] 9pnet: Insufficient options for proto=fd [ 1175.450923][T12576] Memory cgroup stats for /syz4: [ 1175.451033][T12576] anon 230871040 [ 1175.451033][T12576] file 8192 [ 1175.451033][T12576] kernel_stack 12713984 [ 1175.451033][T12576] slab 19316736 [ 1175.451033][T12576] sock 0 [ 1175.451033][T12576] shmem 0 [ 1175.451033][T12576] file_mapped 0 [ 1175.451033][T12576] file_dirty 0 [ 1175.451033][T12576] file_writeback 0 [ 1175.451033][T12576] anon_thp 148897792 [ 1175.451033][T12576] inactive_anon 135168 [ 1175.451033][T12576] active_anon 230739968 [ 1175.451033][T12576] inactive_file 0 [ 1175.451033][T12576] active_file 0 11:07:40 executing program 1: r0 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r0, 0x8003f1) open(&(0x7f00000004c0)='./bus\x00', 0x0, 0x4900) [ 1175.451033][T12576] unevictable 135168 [ 1175.451033][T12576] slab_reclaimable 2973696 [ 1175.451033][T12576] slab_unreclaimable 16343040 [ 1175.451033][T12576] pgfault 241989 [ 1175.451033][T12576] pgmajfault 0 [ 1175.451033][T12576] workingset_refault 396 [ 1175.451033][T12576] workingset_activate 66 [ 1175.451033][T12576] workingset_nodereclaim 0 [ 1175.451033][T12576] pgrefill 6153 [ 1175.451033][T12576] pgscan 6035 [ 1175.451033][T12576] pgsteal 675 11:07:40 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c00000000000000000e000000", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) 11:07:40 executing program 0: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, 0x0, 0x0) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000400)={0xa0}, 0xa0) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) lstat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000380)) [ 1175.546726][T12576] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=6270,uid=0 [ 1175.576650][T12602] 9pnet: Insufficient options for proto=fd [ 1175.610706][T12576] Memory cgroup out of memory: Killed process 6270 (syz-executor.4) total-vm:72708kB, anon-rss:2200kB, file-rss:34944kB, shmem-rss:0kB 11:07:40 executing program 4: ioctl$SNDRV_TIMER_IOCTL_STATUS(0xffffffffffffffff, 0x80605414, &(0x7f0000001500)=""/172) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$rds(0xffffffffffffffff, &(0x7f00000014c0)={0x0, 0x0, &(0x7f0000000bc0)=[{0x0}], 0x1, &(0x7f0000001300)=ANY=[@ANYBLOB, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYBLOB="17000000", @ANYPTR, @ANYBLOB], 0x2c}, 0x1) r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000180)={0x2, 0x0, @loopback}, 0x10) perf_event_open(&(0x7f0000000880)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000100), 0x4c00, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {&(0x7f0000000040)=""/156, 0x80305}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x2c}, {&(0x7f00000001c0)=""/67, 0x43}, {&(0x7f0000000240)=""/198, 0xc6}, {&(0x7f0000000140)=""/15, 0xf}, {&(0x7f0000000340)=""/54, 0x7ffff}, {&(0x7f0000000380)=""/42, 0x2a}, {&(0x7f00000003c0)=""/77, 0x4d}, {&(0x7f0000000440)=""/244, 0xf4}, {&(0x7f0000000540)=""/219, 0xdb}], 0x7}}], 0x48}, 0x0) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000640)={0x52, 0x9, 0x3, {0x9, 0x8}, {0x5}, @rumble={0x7, 0x7}}) 11:07:40 executing program 3: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff038000000800395032303030264c"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000400)={0xa0}, 0xa0) futimesat(r2, &(0x7f0000000040)='./file0\x00', &(0x7f0000000180)={{0x77359400}, {0x0, 0x7530}}) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x30, 0x5, 0x0, {0x0, 0x5, 0x0, 0x1}}, 0x30) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) chdir(&(0x7f0000000000)='./file0\x00') mknod(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000001c0)={0x30, 0x5, 0x0, {0x0, 0x6, 0x9b6d, 0x9}}, 0x30) 11:07:40 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c00000000000000000f000000", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) 11:07:40 executing program 0: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, 0x0, 0x0) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000400)={0xa0}, 0xa0) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) lstat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000380)) 11:07:40 executing program 2: r0 = syz_open_dev$evdev(&(0x7f0000000100)='/dev/input/event#\x00', 0x0, 0x0) r1 = syz_open_dev$evdev(0x0, 0x80000001, 0x0) r2 = dup3(r0, r1, 0x0) r3 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040)='IPVS\x00') ioctl$VIDIOC_TRY_ENCODER_CMD(r2, 0xc028564e, &(0x7f0000000200)={0x2, 0x1, [0x13e4c00000000000, 0xeee8, 0x8, 0x100000001, 0x0, 0x9, 0x7]}) sendmmsg$alg(r2, &(0x7f0000008d80)=[{0x0, 0x0, &(0x7f0000001440)=[{&(0x7f0000000300)="6df357057310b1abbf2e23d8f9078b", 0xf}, {&(0x7f0000000340)="94a174b6fd10b9fed3461c666c631fd3c60793efdd2a353f5fdcc63d2f4a8227760867af2505b195673fd43531c8e2d66257c91e7caf66389c11d379cbac", 0x3e}, {&(0x7f0000000380)="79711c145527f93bb8998c946fdacfb4618f250c793bf75627040bc85453b12e055ae227a2364b3fb2a68fd69412df10e6f677360a7288722b3d42f1a0ff1c8675c3ae1d3a1119c39ea41181d7401e4a8d627d84c3e608e55205a34f91d0a5c8927c9c3013fa09036e9ab12d90e80ab34f8ec84ab92e252bbda852ca53fddcca184d3fea0a2d368f", 0x88}, {&(0x7f0000000440)="db1d2dd143a30022687a1cbd4cdb8b03a27e879751aa7844301742210b297560e815a4610aa07ce986d146bc318d8c93f6f02c260d2b9ca8150000e0b5547f43a0c7301a92ab528490913685a1b2a97c58a5f97135bc7a08d3bbf3acc9af39a18933810ac4ca47dd4a2d9a0f506bc08787c9483588e491d77885ebd2561ec07edeae320e08f1f02628407816d63a1a9f05526dcbee49740692fdf98b452d872d420872f843689191c11f3b6306d502d957c43ad3ff37e24c363b17ecef6fe4a60c317404cc057644e663d84c78005055d824d8c9253379d611ed3b5f62f3cfefbd2374adebee19528e867b4e9051129638799cf78b27c8273655513b09e654fcfaac7ebbbe2bb781bd08740335e6a865eb55b8280f125caf25cb3098a343c1361c4b03ea4371e48568b790d59be1a83c722c7aad998e8b99d6987c9fefc7dc7805a713edd2faec72d0ffee5011774283a55fab65e523b35c453c2a10087fe10d1f2bd797df2bf4794080e921213971e3597fa7603de20fef894ebd9a515d710696f4bda03bfcf5428237b40eaa4f264c6c00ecc6b07da8ee37e23e4b5df3a18603242534d281385230c73c58670c6ab778c530e800ab17b79773b5a2a2db0a33a2399b9c2ac8555efc9d73b3fec2e8b053c19efc7e3e228a9a0e5c1404118de4c5b2f38d2ab55985504de4928666fe974411d4a2b245d141f4c4d2bb0036e1e82b4b59acdd829fff31a8ddc3674628469cfac8053082d9d5bcce2238a2d9f82a3d2b7303b6718fe1720bd415eba8e710c8ecf0cb7cbf0e149863c094433692d6cd5b362dfc2856d55204bda75d971aa7cb0384de05203ad67dfe357ec8df021ea0d231ee08e5461cd662fa76eb9482848ca6c329415770259182a1f44a979a5af8fde0b200b9cc96c0d00bef27ddf067f7c31bcaccd7a40a4282176a622a93c6139c1a7e71030138806e68e0fe0670f92cfc965bf14c8a0c0d24730608a1adf4eaf9cff4b2478862e53182060e636292fdeb6f2381bba0cee4e770c9d1be41c75f85d0a7ee6e654acb1224334f1eb09236327de1d69fbceb8249d92abf0e9441a0b609180b44d793613027d890031039ad651e59e4bfcfd53a4994cd324bed357710ff950aa7c6c038951a9a39f22fd04e15f599372f48a1ceae6b3608ba98a5343c99dcba96129c9b14b151e656cdcb506952c255c54f8c2ba440c68db29315534abe4309bca2f7dff1016b647044ee7359fb400065946ce806fa9dbaadcb9ecf8f91069a26dcd8dc21573dd5f3d30d8673ab7a408c53a22e3d6ffab70355f60e0bb0edc5b84a750a31d329e1a5ad3826be0100a225604774aa7e705fdf148f2504937586e5c5ca8df64594407a850673915a0cd7c23712b1a3cbd4637f6af987ba8cab1f77fd230699f51b19f70baec74b4b8025965d9c2d095e8127f0a5b3b75c664f630ff1ecb2bfa241362ac50d06d09f0ac422fc6e0616d3cab39b37b372480248213a1ecb73aefd92901bfc41f6160d7dd32c3261ce95aa1eacc6d7f48242a3204f90b498eeb240f19d0751ddb608df4c218bd806606dcfb287c83ef816a9162f44f4c481350967a70db6f8300f1c50efc5e2925ec5022aa3455d9b811ae65db1b290460777bc1ce646a1bd938bc05b0dc6a83b753c9db69b7468caa068bda1a8a39762a6a7ece5cd91d1aa21fa93e9b50e008fc77340b09b08e4c34e0a58ad0ae5e94136a96f216a05e264a035e82dd5cdf60a564c2fea902bdad47e0454435ac6a358f8e2bc92f2b254e661bca2855883c48240a51e035845acbe1f4ae2cabd8426cede0a95ea5c8897ead2b04db8579ced1cfe1126c5abe2e41fb007d5c552524d85e19f881ce12e162d349fe26b8404c20803b2e378ce51d1e35bc6c6befbec3877fd73f3c9f93d5c580e2700237abf0b7c37e2c8dd00003249f293bf21ea90f91e393788465fb69801eb5e3502faef13caffcac9d69af3fbeb6f410fb15b968ba3caf4df9d6396742dea970f8094e1fb3115b5e2f325a0de46f1d0249c15a4d845d689edee9cf141331a0aba7ff76df2238d4ae7b2727f25e6fe6cb9d6f272b0f76eb875ab140c4cd236a70598ad707a552a3da40cdc17d0813330c7eec7fba9cfe778a46dc084ffe75af1afcf84e61945873551b649f6084bf56c6c904a10cd3a8c727947e4fdf3e5e5de4ce36ce2e46e438889064a3c9c260fd644c33e3d61b7aaf556bb052567ea924261e29c14895f36846b5d7f60980fb4ef2b8d8bfb01e50e9ca7fe91c65d80aaa71247e3914ad5a407d275f0eae310106b8e50878ab0f82ff78509132bc53f4fc233c9e60d8c67244f0a53fafaed4b7333607e24340ede3eadc75c66b6f03ce1864e8c8488c8ed71609efe49296e68b02c3a30cf25969420c8f6d4912cf2bbfdfaaf70bea17cdfa64458a07664303a4ac421eac4ec32745996b28fc0297756f61abca89bd5040fbd71e219f071a8ceed1d04b74b3eb781cde65a8a527dd5630cf48bd4b570361f0b852e40e1284ea04f189358721b48c0ed731a1f481ba12a458956229e4a9f94adcc22154fc9c041ef3d8b57c956241b17b2aaf40b2ca03d5cf70419903548b804d9dfe7e7e0f9e5efe786bca9406d8241f3175e10d447f9cb56748311507d428b2d9fff443e857cca8d71d0cb0a6028df3af12ffe87d5b6c15e23e6ec74a6af0956bd30ebf84a75472588851b33936d07ad6cec81102722eb569fe482e63d1291212596ad38994c03a8444a79bdffc6616529983ca6827c8fb150b5efdaa2ce76e8a5f6d4c375e44fbd1c9a01b7bfb6162e8ab7560e651c9880c61cd9d8b6313e226d4c83bc14e79805cb183f2778cf039d0e46af649f9266fc9d9998466fcc37b0da7f2b31c4c7343191a1798db60da8f973ca31235b69ab0a978ac6653fd60ad4268d9e6e019f96fe5f49944e420e4d227837219c9bf6e9f4d639c743ab4f58bcbf860cdcaed46d23e6cc153a043030a946a06ce7c854d79fb60aa3c385f4b793a96154181f3d6638e7bf93de8a0ab4047484fd38236b5a1770deb3af78a3b069403c6c9aade48d052161234d2c51a46011c35552e2ddb7a808249aa592c9f2720bec4d1920db1116e42be084cc4cae3820b75d0bb844f316ef28dcc392a4cd33da1a831fb693e71d01d73fa0d2d1c5fbf1b9229903c5a7838702a88d1fe406218285b2445ad950f9feea51e8b7f5df067fd40373f9f66de69150a00814ea2fa19c586f1ecd50bea12d6cbe2fda8f942d846bac1eedc2c2e3a14f42f66d5c520199e92f615da62dcdf45c76f8d9986dbc64e6b715c4f7ba53a7fb1e995d0080303b68a9c96b8814eeab21777ec57935b3471204e140bac9f8f89b3d4c5910b55fe928c8ba87186c6af72926ec837367d2b2f27cf64264c6bc5b850a337237d7d71ac44dbd7913a8e66e3934d7ca8f565b5d4b690cd80adc911eb2976c06312a8447f8a34f38d2c53d64b1640727d3bc0ad01bc09513ec328599f57b5ec657794e3865f6e38783d265e6bb323ceb72debf62d8a158d678f10a03ed4ce650db27822bddb16c0f4aeb2f08a3363bfb2692720e0496d967452fefde80d18efa4817049c2c0d9cbffd9eb2310a0d9fce7550593ad8fef29a5c010f561c4760fd50783924592f22033d7fdf7ea30701ac848bddb8f0f8947ef627f4e9ce352c2a18bbda09e7a3cbfd5cfc856be7229768619d8e76ebcd485bd185b1874467e64afc2910327243c9a974eb5a997129f359010928291a4c2424332304f4bd8e65c28e488d6050607e95d9632605f0d44c42bf5a4f0e3b61e9b463087f1f357de026234c15e2692817e1452dc35d34ec9b9c37da7124b3e06ca40f717b480774eafbdf67666b2533dfd3792419442dd305687b5ceed3359d1a4ee29a4243996baae09bdb1efbce734f3d637d136c273b7937f43b39458130944ac7f3f354a248c805ee989d5f5c1db6b5785b131bbf059edba88137bcfa37c6e1b2138eda0dcd9f449ca92b74bef8b585827a02e695bd1a32c24c6af346f333e7abc006e2273026e6b2a60e626a35536ecef025df3ab6ec22091e3aaf0c5b9cc26b438ed50bef3682980339e7e5099a981a72b31e45734276df29ae7bde91318b6c588daadc67964fab02a312597ca9ca520017616ab667fe2f4bac74176625764f2c0a212489324cc2f096b7b705cc72c851b3a096b3425a5cd79327e64a68d1aa3e255f9a8045ac5296c49aed6e6885117968a46ef3f85d62b11958e81b76449a367f9f4f61463d3f5376b220f3172df7c8097c7871363a37f7386a64db4c5a19f49cc5039441aa62798331e9d068660f0558a4b9a9709cc2f869b820f131a2e7fef509961dccf554f7ba9cb3ddbf49b318fa490c4ab812225b0b031616ce2d768c7eef337b0df559457847a4b3027ed3dac8a918622c4c7824b412f8449c989dbecfa6b0c9b035390ebb67bca91a99611d7499e3abbeacd2f23d12e5d8a4f69929c9cf66a67093ef184e07ab01956e0b4bd630b1de131adb89bb940beefba0f246eae59697e080b90a549417e3648172d598f243bcf294ea5166828400619ef87ad8f8087dfe3e836c09066bb0f4dcbd05d897888dda46b57ac0dfe611939ba8166d2633d4b686a5f0126ab966b14fa7c03c6f749ba406988f62b2140aa77a3576e83ef9599859864cd9a1927cbd9287dc51d0b19f307885d39e3612567577d78b4d6019a4a44f0329638fecffc5abc7014323dc9c86475243caf03acd2ba2e4f65c94b4b72a54ed4157da77655431aa89f9a52bacb30231928bf97738fdca71c62f6bf2e0681ae515841030aff915f4b1d98eab4ea459b670cab59f828bcdadeff8826682f05b55fd66fb0a9a5d26719c105e8d80d833df590c94fadee9402e112dfd61d8c4c6c0e9eb26c95e5cc9901725259c83b9e99ef3b961efb4a5cfc501aba3e27a3e8b9724384c8c1f997c11ab981e6b4af4dd6832e8e8979d3c60344aafb5ff1fdd8649598d195b90dce59cbf77d8dc9bd2e6d1526429d1dedc017cb2e260f9a7e866f62e461ab7e17c70cbe9167ff23bb3f5301974c0ecfb4e68d0ad3bec51f64b820e496e8ba57adb86f14030bb53110207011d824baa62445fe147a1928423dac59bc8f6ebe351fb226aed72d405eaf1614c25acbcb6c3c06d26474ffc396c57157cb5c475cae09e0dcfc96ae815627d2a124fcea4026152e014eaba70ab7744f950710d7e925ecc3ee5a83805cc1f9412b661017c12d9c8d3b3ef8c43da9a76327958a0b047fd5cbc1bf7bb45608d253ceb75fbe46a66f7f98760bed6ee4cb8f2f7595a760b094d06ed3a9a8e4fa027117dd5361e24301533a5da7bfec4dcdee4f6b63993e92c0b47ac0b7b6193133ab80f04ed99075730ce2b86a50d6fbc1b8bf026e67b0c35604fd614a4261dec3bd3b85cb0cb1a197f75eaa4e21ffdf07a37623a1fe071e1d70b6da945c4792b3d01fdce29549c3815849c5f66638f0a97a8f714883bb25cb2eb201eb7152e29297255fd7a0af58bcb3198532c6b2e9e4477ae25c73f387456474a7818009b6ae5dde91aecd6cc405876981c29848cbab2805476debaa4c70d1ae2580d970c31bf963c1b61474bbe01b134413cedbcf77482540d3c79e2660b725dac95b7f08e9da8c4055118e945c8cd824a63ad26c8a80a526f862c94637bebab61ee6a2493a66f63c20ffaf996d7fbf5e5bc00113ffc7d0ee4d141b8815787cfb639087f9d10bd3d024b3471d26d3a59d908dc3957d9fba2fa2bb6f76320c1e650", 0x1000}], 0x4, 0x0, 0x0, 0xc080}, {0x0, 0x0, &(0x7f00000014c0)=[{&(0x7f0000001480)="255082b886", 0x5}], 0x1, &(0x7f0000001500), 0x0, 0x10}, {0x0, 0x0, &(0x7f0000001dc0)=[{&(0x7f0000001540)="912083c34e6af1cee3694a23b77dad410c561d5e44e457b1865a8be885e5791db144133743ff62f069fa5b3d591a8f5d2e9e027fb1bd178f20a19b1732eb72fc971aafd21fa7e293759123e6b43a86dc27f5866469f7e7edf42758a69150a8c649b6c9d87d958ec1b49ed6c1891de826ef6183eb92bbe7f75a5f3206459846e06c9fa61642d7ad59c0a801caf33da2d431baaca9cf", 0x95}, {&(0x7f0000001600)="195d897a1cf987529797ed337810a3f3bb5a2013888de64490d566d199e1698df7e07140a258c5d5bda32eeb8920a652b2de1061e41a80550a765bfa14a3f5cf8a15deb39232cd8f8832141f696a5e93c4709edf951dee5da821a4269a8e491b9e13da2093df7db8f260ea100727c86cf5a82e0fcd6d00e73b6b9b81872b48d6c49aa2de0ce389f5ed17d17ef1571e10c08b4725efdc16474838e921a7001aede18fe1d7", 0xa4}, {&(0x7f00000016c0)="de344243289c9df8ea487d5267324b6be8e63cfccfcf102219f5afb003579512914ad03a4bdd9434e8ebc350ad43c9662c63a91d2c68872d36b9c8261174e5d0d4460d19981abbe55a4c57d93dfcd1647779bfcc1245e01c2508e66f40026793ea1fa9d2ad443a09258d334960465d51fdebb4c071c033c22447", 0x7a}, {&(0x7f0000001740)="b8509a0127e8e3fddecba1ffc91242b88c60597709ffdf1ba7819428a7c01b89434a25f3b2b60b12eaa2409d948f67f79cd8fa9b11d296c245311369e634f6ca73f998da0809100e4b2d35b87f6023d41a29b779aed81deb214723457bd9796fc84ec487b7f1a5a401253b0613c7e5d750df50c44ec71faeb8493119b2bbb7fe1c53fcd72d98e32bb2d0a6d46c8c17b707fc94a02eb6fac9c9f814cce23a268f52e6e1fc0869ff4a3ac1de068240d3678105d71ee8672f7f2f3546bb4277abd592bce7187077e0602bca78973115067f2c0342fe72498cca56314b", 0xdb}, {&(0x7f0000001840)="6f0c286fcdfc922991ebba277491b62bcc247b8843badfa60d3ba42b28fd4ce6dadab1ee239bb4b48d3e074ef477c21df2c2f8a0768a62aad375b9c5c3fc5ffc198751d341c516b01522f354db54d0a88a0ec6e61f57ae5f5fdb3633465afa1d0a84f0242b9232ff060ed2e925cec406487f585a3e28af6fdbaaf0b4bb2c99f0a1c52ddfff741cddc3a60bc799d6248b3a5d8a49a4cefe12ecb948f6f4c61bf27a780a1e6fd9f663e6891917ddf58a509b4c1b0bb0a4f9d1bf7dbafceb44e847adab9785b5860019c602f1916409741049f3fd52cd1c67a4eb87758297a3a0251fdf4b0afac435b9", 0xe8}, {&(0x7f0000001940)="4d4506478a9c9bb1a80330505a98876146b85a2712ec500ea6e17641b57129674e1c94824e4fa1589357b4388ff961fbdc416a41672f24b98d1a8d8b1af1ebd0d91413c09d931da4171b8644d1e1f6c63585ae40e92f67a7c975bd977c43ed319e20105438391559b64abb85e2c35b021079e33b40e88d7559d03f00810ca4153f58d48d437e51e142221647f370c641950d6cfffde200cff35b6511936cb97591b4853fdba92d2587570873fcf96a28a0f040973f157ea8b03d57850925d75b8993885683e9175004b980ac8c262cba2c81c32a801b", 0xd6}, {&(0x7f0000001a40)="e5b9ae0ae00aabefb56ba50b1bc7d54efe635f1d04e84915d7e0e2ee801242c1da840e0c49ecacb188ab6b86fd6fbf9ccf498c55689e6a0867f8c2fe89b9eeae8031c834864b57071a25e63fc9f44da247102c3b7f3b217b1afecea8dea287398f601d38da3322dae3c3ab14ceb12a90ab02f5ba9920201694568b6b7225d98c308cfd25320dc13fccb7c346695b6aeac7e8072446991f7da31cf8c344628426b2dde416ce7d8277a1300f08646415b914b0e50e", 0xb4}, {&(0x7f0000001b00)="3d3da5ba671e2f4005ddd6cbd4317815360dd08af2c0dba0467dbe10e509267f398e13815863fa00674d6db9891fecbf03f5c0e8224ddb64c807ebb6e5e45c0aa2e38ea66108d93b7b97ec7fb29bf815dffb45ca7200736985dd952889b4d0bf671c4e5b46d148a7d4c31b4023c410afe3ebfb6b1d4c0a5ce690d897fbc691e3a178a49de6ff078d2e75c5ad73de82b548fef1495d4ba4c59f537a0388b24048434c036c93ea61790229472af33e71cc85848f0f189bdbf45556f70409bf50b5ba7e84e9caf41abc2555e1bcdbdc706e", 0xd0}, {&(0x7f0000001c00)="e0280623ceddbc80e696ad94547999f3c9b09778024c61089d784dade83b11266b48649df6dcdbea6ddd78c95ac4e1e3973f2c1ef130479fcbd6fa8d8ae451fd424d85c3475b8c22a8adcbf8ad9be54dbaba5967a41604143a53d33ac49f49e24cbb6ebdb04b22d2507ce421fc39e73001d1afc2353507086cc38afa9c637671d125b2ea1c5d92dedff078dd8e234cfa42ac72cf66c5ebee2995422a6273ec5c2a0474f7cffedd3618398eecb09f23833a809bf5bb993d15e2bdd2221a7629ce2886fd500c47af2152d39f99ae360b2872646c9259aa590184e3925e", 0xdc}, {&(0x7f0000001d00)="f20e875bbfaf786589652fdb8786a465677d902ade9dceda65044df66b023e65e90ae63ab4b68b6fe236257a4778d65edfda69e1f5d24e0e85b56de2059c6f9f7f3293a4e41b495d8e441db36e29023adfce49eaecd6853cf82347109aa43d878cf766f057af9d323c5964f71aa31e3bdc68b4735e4f77e88a48dbbb8c377952a8932316c4526bfe0b3980ecf2b767bc42a5911ef2e4632907e91efa67989e69f6386636c47b49e6ec1629745a37d9", 0xaf}], 0xa, 0x0, 0x0, 0x1}, {0x0, 0x0, &(0x7f0000003240)=[{&(0x7f0000001e80)="5eb311698d149bf4d6ec02871316e483fbd432bbc263f0876eb48eff755e1d6b96c037264df0a6600ca5885c00bdc285f4fbc71a", 0x34}, {&(0x7f0000001ec0)}, {&(0x7f0000001f00)="306038cca3332fd3edccb578a97cd59a72d7d6173740828b38b451c54d4c0a39dfd002947293a6ac293f8b6a729fd185", 0x30}, {&(0x7f0000001f40)="c42da77260cadfd90c7ae302cf0aeec7e32c511c5514a7308f76c7a73d260ea69525c9110d67ae2a48e8720b131df51ee745918781828f80f4ae9249f76a25df412d7d4002e297c65522c27157ec80ad7c057eef1836d56681c1fa1c046fd8413b0bf8cf20f56f0f06d06d1c582b9b1810b3749c83862ed42dc88d278b0a2e14cebf4d96e561e8542b7a810035658427f5c2e8b1c311b7fe3f88d74b7f5db39c4f7b1cdd0b7e091628f9e8ae90466a2b291af8be4ea76c7f61add3d329224bafc180efbc12a4582387d7d662de544b9235c4cbf2b885c1b63f3b6ed6f5e31a7c965e8213204ccb5ad9c5a4bf820c423e9c03256917ce6316c5b1a9770fadd6a00071a9abe03a16f02a8ef6da5221bf56200243892f33ecf94f36490b88cc5afa0e924da3f0f5ad55679a9e390caab86851ee264df59fc5df27f8da81936edca4964dcef6b65c0a16245a1610d92248c2ae1c92828ef84e9905ba0bcd5891a03738ebe7b514927d4d3cdfa0d585e665ab904990ad3c03fa0b7ea550a0b0fd10b7626d41b9b937f557d768a85c7176f7059a0ab871ddf6fc8c92b307796626bc34c527ff4216bb2c5a1d7a6440fff2bc0213370664b8c60b41907ba17cd1a70abd972725323f3a9924e71df0796448153012eb88d8db0c0cf1c2f0ce0ec81419c6db1bb1e21c2ce0f890486d47c74ad60a76cabd352489dadff6cd9c90c1092059221ffefa9cd390c6074c1f5e050e2335bd6c0769e2068807968b9b9b63ae217d19a5f73e50490fb1f75407793ce905269e42c22191bcab26ffe37039ace481d09f9270b286a9f18a2c740213616370711729f37b20f6e77589c42c9bda74a80df0558ef34d6dd15b14e8bcdbd74658836389083dc9bbc30cc40487defc948dfad0595b9e15ea2d43f4f0b063bda51bf7fcf3f4c33c49b8ea0569b29fc797553932174bba5375bc51af54245e65e7d3383944171779eb21ad1b189769afd834f70d0c06275928d61111fe98faa86dbf1b710bc3a9b86d0fc7ed75457b84935ce4ef60816d3ac361386c43f104734c3c0e89c4cd75f3d32b20816793eca57ae6268692a7c8b42ea003d8df7b2cd72c3449731bde4da10853f274db20498151bee5b6ad281a0e3b2a10df6ded7af0ae405741e498afc411004fed652bfd5c57659b852155e26d5c1784eba3a2f245ef221dd3c5fc8880e9c0b63cd5eb12c1380471e2c1d4d3b637e712047f9f7ebc9acbc91033debe263a6721925df345a731416716b12df93277112aa7623e9388b4fcdee9f7a7503edac9553bcf7243d29a4ab244caeaab20465fdc441b798bc20f590455c49adab3a10fc10bbb217def051e0c2421f92baaf6395e8dbcee1c501583c4419eb9432a533454b6629e48f7b8242288b2c57de1aec5e62f95d2b6f27b98f6efa7d15f633750f4eb73bd582b308101368907e3301f2d499ae6a893de617cfa5d8cf7608fbf70317e795c4dd4e1eacc71994d1d873a2d3b0f645484929681d1d03e8604271b2dec01ae7bb58f0a751c72f3c6b4dca50a91985aadf3473361db6642567a6c483b0e51873464fc6648453cd2bf985c10b0c7035c34f120e56dc1dde92bb7da3e3f7e9ea01b022ddd17e46f07722f0736eb5e7699d7302ead57dfaad8d2beb5dd9e110e189bea770a859b715aa92efa2f65f6c93ee3d3a7430b62db37450ba108bce8a170b754006a1d4a59e4b7e74784fd23aac896f9c3488981952d5ec2e76d03fd62149beab1dd10541e9d3cce2d5897284567c65bed13af21157d7601c69998ca4fe135994d48b4ca0e3b6125d52088004910d1223ffe69ba454ea080ce52cd4961314f586c12598a0664b3508866d0822f167404ba93fd5bd73443068a97021ab155e0d818ee7b713251acc0c788539930f2b2ef02cb19ffe14068ba8708c58bf92b46526d2e59e86e0e0b0ba90d4b13edccb40c9131b0bc611b1f60a1af0324a223a6b542dfca246e060439f2044f1eeb8b1a0bb16e3459c807b737400885d8c4a29734879449dc0000bb401bcd618ab5b00be1d99a2759616de22917bae6a2ccb450a40babb4ed23b00bfb42881ac16840ef73efcc342d7e38a2dd21aea68f819e0e3e2a04b09f33c326913af998aa60a0a8249eaebcf94bc5ee7ba9f7aed2f8b7ab98f538c5f3ec002896482676dde6c96df7a9a74c0a8fa81514c7e4e294bb6b8dc1285d0b8ddb3e794b7607b15a064f4e9f6df0d79b29c0a7dea4bdba87e4cd5f6cbddfb5860d9db225b44f7d32b0830bd254b0e56a1804b10ff7187d3f0ced4ade1f83cd4f88e82398d9b4515f71a1bf24b4ea28b775656e9acb193ec98d4a1988ee7bfd2156ae38a79bceeb1389f7a8384bc4b09a62f40a2b541ff050cc6641a915268ba74c8fbb93dc4b9a1e327195df68e970af1f577a288856dcb311ea15074822e0632b20063f3ac882e9fe00a6718a796d92d74e68e53a8106b96183431c5106b0a335f167a9130c0d1d2959ce3ceb82e45a770581dc6ed80aa6c3fb8b202e244a2d53f4f4e8aa0fed7710db8b52db009aa12b310bca9e050f174e9d1e6e62c7f1a5ee47905c99c4088c5d51645109b1dfa0bb390161b97a05136fa139007d7d44f539668fd5363ce5ffeeaa294d7f6c01cb03849e79be4d1acd13e51c591a097bf3a57a2986308018c64fde108adc883e139d2969f2eba6feb291c1f92b370e752f1c29b6f7009c9b6ee0014fd41cebd6d55699b5c33e9ee99c686acfc026c735e3eb0eb5d2b4a8b821427f5644752f256ce7b54a429ba1d6934a79c3030dc2d2debd2a632335d46aca7fc6f6a638f8de417f4a81a7ef3ded240ca5b5e850549ddb98db885aea89a0f1447b8ff48b855f79aaec28a8b299e5d1c0c08d56d1345fe55a33469caad062bf57cedd65ba557dab9b361e0ba290b1b92c618096fe90eebe52362d4e53b9c677583d100d3a96f56fde9024b10b4053892a6b908f56ba511264e1ca3c5a512565b417c5d8ae39768fbb27e139cce40edeb799431e854560edcc2c1ae79f352a009781ddc60066130b9cba8ff06b1314d332dd9f39e7e71619521774e0f99c010401e061671c0ea99eefc3075bb4bb237f3b3f6d0cb4d271e47208bf6a12bbd09920733c23710b314ee79d1eacea31e7c50e8d5d75c8427ead550a4d23f7ec014835099e78ed367947442cc52e3d749df714994fe421361934f0b7f11c76da50761cb4dd01ad01ee00d0a307dd79dbda6c588625a51a162dac09658005f34db81842559ff54041e47e3cd55bcff3868374a96cd626879bb9a8cba27559d4247ab0b9d2d20a106b22c60cba1c68cf5a7227fb9b5a6113eb392a60453a38be195d7ce2f9a87c113a14c918e5be391565f8e8613f37f3fcf866ca84af0f8c48ba5c1fb942ec1f1f20e78b1fd7f7b9ecaf4d799eb5f0408df20c02522c1728b5739f7125962fa9eac788d15354792d5afeb070a63be1dee46003e2057f983e979abb122a648ced78b59e756811817db72d88e37f3dcd572dedffd7c811234f2d03f837a31f173afe06551cd7bffd39caf59f93092f35d58662669671fb23c6cad8e27ef9636d6ccff80b70cea57a2fba5f76b9e0ec7404c8e3e4da0f8575bb8532fc1cecaecb9ad44082156153a71ca6cae102910658adb71320a2a8a0f991a35d50033ba0120f1e66dc38f34c496496c14986556fbb225fad47baa2941407f26f4bb7a38b90e5e77364e41789eeedd2a3ea1d3d705079b0711f6ffc5e82680a77244fb73ea5f24979a40200a2bbb21df97489803ad9eaaf0ede39c24c264a72b227a5b6afc32ad68262eb9277de236908fdcaddb62685633bdaecb31e90d47f7f6464876c1390175bf0bf0ae7b86523a67872ab6d831233d9a36aa183f821b3e22e20655d03cebe40f89c9257028e6241d72a144358ff221420a8344b9ff7d5ccfaa1746a9651e32f0156597856d881ee581ebe6770223e41dc7d788d108deb8af9972d1d0fe610f932cc772d3260ec6cf80baa4a2493dd53eed820af779e09a812160b2f7e46e4315a64ce6dce36054155659c8b843445389bcdefe469c03fe738653a337069244dae185da9718ee2ccdca43dc930abfb151f6d49978ee13a8abc2d73dc6590ba95ef5c45582e76ef8eeccebb8d642d8d02226fa476fb8fd697a92e5c5344e956d1d4eaf3dfb5f5a4e5da22411111d71510adc330cdaf9c3cc785e0c4853237bf7805f2d27158a5397868c5a4bf5f10897e25746e1973002080c532b5988ca3321a65c242983ce5d0005bccd5559d90c0ca434ac8aa80b70202b3fcc143ec43c7abe674fcae79faf5863ca0dc55497ab1e71206d5f2b7ee723c0083824b55e9d8ddb6458ffa0bc7ba746e79d4fa743dd310d1fadd9b7d5f63e5a39c2ac284229a3370c5971de84194a83b1b45410505a84ac7cb5ff233990fe7bf4fc90af7542d50a86a736a142420b6a11851af37384c0928bd9ed364f7c1dfe9c953086404eb7e2a80c0f1b335ac1b8c4d33cc8a1da4da3798fc3ee9d1d44091286ece9c83936a3a15bceeda9250201dff9d1775a3979e8c767f08e7a865f09c7dadd1f6f94a7af4c44c1fba824026e5c25014ffe3a9dfe8015155da621d5ec71f034ab2a98a2d81261729cc90fa9409466c8e823cb11054270e68e3af97f7a5127b9980741322b5d6c2a7cdeabfffcc91b3e7c8507fa1989a928c82f97a5aebc40cf0e560d6a2a71cee8d58da94ebafacf1065d88c27b4857c8871cbfaae994d4d6d7c8327dccac6452e02adfa13a0fb8df82c1a637badba4113714be0d8e49af86dc92e935aaa02144b6cab58768057eb7392c36950ace20f883f7ffaf1a4dce36619648327ed5a0ebd1335163b9ea9313779c4158da574a2f378fbcddbe32987db2126f4efe3f0505ca75ef132aa52db3f303e1bb2f372af926af197a888658320d809af145b6ea1ff197c9744294da46de7cf20e6ae73e5bdb01f50dfc54589fb6a5b978993b2d5a7fccc9f0092c83ad687740abac9d259c13b9a328a4c26599b178d90d85fb4807c45e8794711ae7238d709684c0e5e6a3724309b144df9116e51f88c884936b0cea32bb71e21f8f836c016edffb171536618e785a5a1d64447ea98fa3273d8af0056cedbf05b56a29746889fdc116750ed3972ce15537d0fbccc588521e2fd7538a310a444a2e2605cf5744d048b17513fca43df188eb88c90c2204144b4f5d1b034bb2731d9321c8aa9e69580379b33b6830963607551555979a3774c8a0ef671879236518da77d982b8bbb916ca9ff7396484d7d3796f37ab4731326399aa940e4acfd01ba1d8086a46cda3190255bd84e858a95e0be8e3aae3687138eba82f0f10ad109a4a872529d34994af31386c4451a00982319b5249ec0babe6c2591477a609c346a3607d0f550f7899fc7a50ee6cc47830efc8b91a86bb10798432055ef48330960730a516c9c867b186e5c0e64d4f19390223da36158b9c60222f3f03f2880c64a089f3c7ba5ba0f74f4cf3d4b404e465183103a9e87cabb397d81cdbbd572caee6eab7c41d452aeab9c164d584ab642f0e3b17eb302de678649f036cd63828a135dc8f2694e47f5ca318e537c3f59b07f26af891dd1c350467cc936647d2d046bf3598173ed1f1506db1267bd687b2afc861546c6bed655a370f55c2eeececdd5130a864e1dd3b0084912e8c0df9e91de9d7399eb2784c79b9ed26f1d64c1294f11f5f7fec3b43c9831be0becced6c4232c73a38992248d4b53702e13364cbafafe58f562ba73ae311bc", 0x1000}, {&(0x7f0000002f40)="21924a9ed66efda946552f841c6ce8b8e1070c0a35a6360c9426f8b7e00d0653017f84efa6e64bd04161a3dee0658db03e5946bdaf8c5176c1383986be42f8a61a2ccfc93a3b6ba0c7e09b3f5610525b4876ff4c3bbe74406c3c91993a4b5fe56e9c0c3ffdd0d64de5c9bd55c5ac9690f58d83bf92a8185a0f29fd8d9b0191e431934506795a39b6380cbce7941d512482", 0x91}, {&(0x7f0000003000)="1bde611adbdd4c7a759f2b9329280717bb025ea090f02127c03c57861bd1e1d5ce31abb03c3517d04b0bf9ffe074d8661a3dcb69f6298a5d9f95793f81177d3eb282d8080b7bc62cf55657870d5368a947b6f9b66003e3b8eb3359e2310646ba0c4af2f352391373ad7067650b38451ee7", 0x71}, {&(0x7f0000003080)="5d0ad48ea6caca92613d3322a740b4cb4d60588441a05541613f13f4ede0899e7ecd11a1e6f01eb4649bca0c14d0ba9464f192db4a24b62eb9c08ae20ff8785c21a8fb939a36e9026a60d030464a907b1961dd1590457c17d37965c70556443051e5c1c49f993fe31604a33ce413999fb5964fa316acfae5aa2f90a699c8bea4f6704b2ccd9ef3", 0x87}, {&(0x7f0000003140)="33cff9401494562f5b08db68d25609e7138275c5c6ddc68e752597515c82bfd70ef2ce801fa3ca7ba9e28c95c003ea4be01cedb961d996b49ab6d3b7e2322782a9b4f540d2b0e852cca243d7586edb8809e7374360f53d10e392bf5b9e2a5853139e415ef5cba8b17094de670ae195e1cfa80e78b6e059ad7122c86f5f5352e88976c74c72b4c25e8f65bc32d8c47c7e260b5c45f32c", 0x96}, {&(0x7f0000003200)="46aa3276a153f63032546dccc4e147502c81a5bd0c20a6ce9247", 0x1a}], 0x9, &(0x7f0000003300)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18, 0x4}, {0x0, 0x0, &(0x7f00000033c0)=[{&(0x7f0000003340)="7166241f9704b9b7125ec70a95b4ffa69e44f4d7d048e5f98179fd5e1ee0849a6d3c63d956499da2d2a6ed41639bf3492230e3db0059752f08a35c383ef0ec3f32eb3f7fdd2ff60a6fc6450e46c1606e0b65e1dc75f16fb1192dc41acc09344f41e90532195828b070f637cb1ecb17", 0x6f}], 0x1, 0x0, 0x0, 0x8000}, {0x0, 0x0, &(0x7f0000005780)=[{&(0x7f0000003400)="8f2226b6906d0a72c506147103944236b7659c14c56d88230f2ff60abca53961c094fcdb6a2cfa25c5985e3bd38a8a5931eaeec752606acea09fff86bcc9d931d135ed25b276b79ed9ba29f215707dbc2ec26e40c82a4ea3b392b568dd4dbc2efb357259dbf9bdd98e344dfea8def2", 0x6f}, {&(0x7f0000003480)="ba83", 0x2}, {&(0x7f00000034c0)="78e84e242dc8c5ff3c60db88ef136761dbdc3a40bc15f0ac543b469263533e87580048ed812a6b925f81ddf02847c8d6a6e75310413828cc279ad6ba5f9d31d5717bf6dae1a668eb8393f05b51dc2da70819dcc548cd9334c054bed216f8c9d3fc38aa486127d8c3914058c8af6e16f1a7b89be0fa3e520700f79644989431d03aa585195618db1cc849b0da4dcfc208fc1f5b44839cbb2be71b8908d1e521", 0x9f}, {&(0x7f0000003580)="83ab0ae14ec00fd4ab7f8daaf93d826423c34d3a18ae14ca92eb05c37eaf6fea8b7524c948b021ab8e6dae9f6052394ec042c90166ac65c69139d7", 0x3b}, {&(0x7f00000035c0)="a4573b94c0a7b027517411f496c272df44e485439ebaaaefff0654a44de2e5e0f41dee2a8b0e8b70b26b3a2c12d7085ae0d7de1acdde395adea36abc1dd0e20f7054921a9969871374c49a99e44cddb44ea472fcb0dfb9d14f925aa16da76ed432ebdb7f2807526e775a11780e55ce632adf47bbbc29f7956c2950fd7bf8abbfef5483b9a281745d13ecacdacb7f693944625ccadf66e18fd5ef07635d636dbd90ebac73b143234c8879f4f4637918cc3e76085f6fa0b57eee6e36f13de8c30c2a2c033645dc12eb338b78c247c1d26046907a02883ad85930d519b9c54e0a6748e84600383ea9c9c7428eadb70ef7cdf059f0be8f7cf2f82018e2598c7ab76d15df1cc5af51d2d53c87ed47c9457b0558ab6bac9754e9e6dfb71125ba034b95ee73db8f0043f30cb094022f0e79dc0aa68c7b29fd1699e5a29d5a027e7342d6fb80d664d696b76a2b1490906f938780e82a7d85300ae744423633db620f9b8168e15adadafd9be8cd8404b37c666448626739d92807fa620b7a14956dcaf5464c78037483822933f548b13f10e259869b29943fcf932dc999597e102e0a06c1398c4fdef54bf94011b3e030ab263914a5e3fcedabda0f4be65f345491944e8a473551ea05d88b3911dfc988ce6a90cb2607f14c03d811d240f25d8eba1194ce98f1d8db2a61fd699a899ec927dc40b120e3c9413e8b45aac15e862641e8df3273767247d76a99ba42d1f230294e82b38c7024a0626b7cbaf1c590be2deb592040db56768ee615f9ba8a369ed0b341cefa123728c918f208d6427f08f28c284cf53201a0f346c6ba90300b09a2dfc57c25bbc29f663d431c31bc4d680102262cd823be3d2ce03238b8532bca9dd4efdf66ed24f89485ed9aef22285295624758655191c5e8b378adce46a6276c7525d51d2a92d053bcdc07d76004cf0ff3f2c9db2e442ea856a7a18e34f3635c0cbf5466ab89ffbeaf1d48d26b544dd81afb6b00806325f5fe4987a5f8d842aa5ff878698ff00e13fd6df86361dd458079298020a9c194cd783625bfeccc290e244ad930f5bbb8420bf1d359a2ecfc2c959ad09dcc577a8462d8ce24b652ea9f59b51da87cd5e2e88de8882878c22f19ec5aade090a7697c7456b0466a88d780ff4ba0b1bbdddeb0673f45cfd444fcedda1b89b64013706773e2b94a64ef3617ea5a18a5e6f0901ce53ee7d3738a9783594cda5b428171f139127fa41e0417ad7d087ed744d0559216c711f0c978e5cee96ade53427c243c88919d2ef15137cb726dede4e17a8edb81991b4b2949259aaf4c2056f38f69670a27071b67f174639773daf458b475398f9aead8c10f5573f78d2735c08564fc5a98eaccd71fd1b33c625ed33a5a8b2cf0615401b98d460d9fa544f16d0474903c30624015a1ed28d900c5a9b5e89027fa41cf7e3efdfb3414e583667fd3b1043b4b028639d2982366aa3fb49aba025493adbf2e580ae47eeee3fd52fa66daba74c7f968f200909aaab880b4d1dcab428e4696a2a4f942e815cde4918a970840aed1d9ce6e9d6cd92e8c3b6d808151fcac1da318d18b301ff61cce8f172ec8fbb59f80b8c6a3b3e6050dd94b80e2e3dc6ef4044534dd3202079e48592dba5f3ca70f829c266848980fb764f08b6b463d2e9167dfaef944c4f4be631fe6816ed4a23c294c5633eb05602b71dc1893f5a6ab2758c468d0f37689c34cfeb396e0566bc8533d038bad2962d7f3155ab81aeaeaf5870cf529b433fb94c7af64ff423fa59e309aa7e1fabb3275c36f843e57316c4308c345e4b0e01aa3dcf4eee391e6cf9cd00371a25907f4684b2fef7f926021831e6eda87abb21fd2aabf17bfb0019e1a53b7069ab54377674d8c430879d7276c2a5b4538810ac32ad82a7566a92379b305836fce076733eefdd94d42d91331812a7cbb6aca0173ff2a08c4fa05b4d47b41596abb2b8ad514c54a64fa1656e33dc8f97bf5bc9f40b2ed6af3e95f57331e3a6ece0c5d324da74f04370c6bc67becde56e0235623b3986ea404fbd2ba1fe7dbcccfe4102f1f0d634910769d53138a109cd6eeb645523b87b35d8a852fb92bcc77c87f7e717e089a90cf0928f71d7db81db6e8599694402a35917ff4a37b8724785e2df527a0e879a82af3dbc4d8c0e95ae3cd7ca90853cbb7feeea56258735f70b4b9474854f59834a8631d2081b9759113c71550951c9e0cb5547cecf80c50f68dab3be7147da5e419a2eca162f21b0d454ca855e9bb58ba91b898b6088aad3ffc32605b0b89d48e12068da465493244806a021b4cb7547dadfe47145f3408644f538e30abb2b3c4c3c74f996193a99a644e3a1a6ed267bfb03fb48b1ddda5bbfa0b8f6658c167bf469e2ced9dcac0de6711f573ff3239d99b404c1a9755bb4cf44cfc84b0ef05ee2656f77fd8c300ac580004074bed9c7b78d87153f39443d64089d4bc522c8707964066f323be710055fb81850fc762c74b2e45cf069f19df85ff81694ef831b5a1d8bc2234e367d272a3f2e9e504075f2998c87e01020c408dcfd3dcd57a2fe44bf495518ab138c740a830d10ba1f44ccb89ba88e9d4f7781dc0f178288931f8c4cf3e66e17f18462042df367cdc2c09e35ce1923f938dc3ee3f08dbcbad2addf8e8e905fa104ef324ad137bfee77dc271a3ed5d41354da4e6da72f78498e644fd405f68987ea2e3ebfa06ad025672cb8473c8edb4b44bb0351a92b181bb5eaac72a16dcf84738eaf37b16539031ebdd25f0c2a5a1a34d2fac6e782862fd0c861c75547d9cc2d177b7bf4e7083dbf7c9e92b0accfa1a1c6a68848ad91b113700768e2e5591bc8dbeccfc29156e3f967af1f5979a125d2c3f0db32dcf2d5fcb9ad4b7f4c1bce5f6fa02dc233501bc9d35b17393dc0a0fb036b783d211f7494d18d5c7ecdb08119ee32f431425185c2e8c6ed0234e7c56290147be19aedaa631c355f480d705a2f1ad61775785b852bfc378b973baed05f877731569801ef58556fcbf20ba5229ed71916ae9102e976429cb9e4b4279598103ad6cf56770971c25268fc46e17b7c7606bfb2b071322a49b99792c5874e975308f26e11b2ba73a8b6d71142be0d0c190fddd6f7c6cda76ef6360e01f67a587341d54d621dc64bffee3b39528eed3e7ce9aaf8ac4dfb67bb985638ab4b1a42621cb46effa2237a0bb9038c56c60a3b481b9a29ef8ab82d0e83f2a194c32377787ca5c6382d6d6fedd181ee33564d23c945002262d01663967da20d18c167832eb46ff60d32406abc38ba9f26b9f0abc0836bb8a1eff93c5c6f1471be06f4be8df6d03ff67529f64c4ccd5c4470cee577ffcc94429763c6e7df19bc387761f8177ade2e0a57eea08609b34dca79d54d76b1a66ff4f842655afefc53d22bc5f6a7a416447bf8b5d7baf1d60f0d5f4b120c1abdd3d010864e3e7afe017ad430e30e4215c735390441b696bd7df0dd88d2f95726e5c5ef757b11ee74f0354be6d93b0d005b83a2997b86ed84c65da30b599ace230cfd4085a2731a1d010d75d3b78cea80ca70e5cc6fb78f9e5cc23325487111bd1f4f2509402242e59267920ab53e99b4c5320b30a2d9812560711946a226b02e0aff4b3c2b323cddbc385d9b202e903c82b882a0ded56dd2e9e6d4ee8efeaaa9570e4ae1cd094ef9675ec85bc75258dc194a62f36943b551f9cac9cfd09b4db96186ea7e81a55ba6470d6a5392d64322a98718842d64234e65c806c6d198453d017e1621b20bad32e11e7b74e8b8eeeec77f699d23e2b76dca045335a4299bd558a601cb9eaea8041af6c2c1eb26780c48b17a73a2838db2fb71d4f35bb915c78e12ca64f079322df91cd13d004a3abdcef7b547caeaddd0809557dabdf251aba16e6d28dc1830d248fde33b1b84618d797406c25804dc0663f278e259ce3c9d413ba31016294f1263d410ca7841738fdec1f998b20709643840649e23c51c70ac8c0fb29fa90f9f2766eb71b9f3fc0d8028c5972c097d66303b259c1819c998d8d0a3fa6c773b967e250127409ba309a8f931b4ed761cdb402d5903a3e2fc72bb94028001ed3666e6ccee31384d3103f18ef44a6c532739d9ad4a9e1ce7e6759579ad7c2aab163067273f99e586084b4a33ce80ddeac63c69ab1f27457c14a790a768a5f982f7291bc10911c3aaf9cbdbddcff807db7c04589bc5b839daf31c4ee025415b819d49fb62e3cd1ad68743c1e6017afb0a3c8ff862f21eb3c1f09aa2c73a2a92c9e721b2ac5b5e725208a6279a1444d3ddfe4fdfa83905473632356d9a0a54f0c2f2ed8138335be0abd3f3d27a4fe4c6acd6cd13415ce3b3df785955be3774aa907bf99984274dd930c567f45f158b398d3dd5fcca72351c8826f90ad0be780a46268e73a61eed18f2aa9409cead03b1ec158868a15a59a86258c248ce0281e7306baf32d2281e424d97b1b4b6d4a5698302a6d800039057f86b4c033ccb2f8ca930e37227387abcbd14692e282a8c51887e00174c05ce98802f6f4985258b9a2cd42d8b3206d6799e483de1f3aad1e9bed4f0f3e580d9ad01546b52c64c51ad6371b301b2ef588e8d0d9c93677442b58ed003020239b565600398c1e807b376983d2d9e63e7dad7a2b0b80a1c545e0d4a27a13605e20f781e37614c2955b2e37be20936a26a242bcf328af6e80dacd88e85ee6f563b8f1506635216acdf406df8dadfd9e47e6d3dee8d47410af6025f88710c9ef15ed5402aec66d66177f1936a6f76c3e0058db97e05907d0193067ce64c8a70fc8868bb459febdfacdeb32cf10e795c796bd29b1bf227843256c488e09493ffa7605bd35ebe444dc479745e79223a0dc381cd9453f5fb64c8c3f728fa0f611ea7c340848645fd39c21287038d2efc352863565a3b99c8687b4a1301a6f8244ae435aac97610f3c1e483accf2015cbbde216c926ee1555fa5700a8b4d4ad5b505c410c4064f2930640d39eedcbbf372a319c1f3b7dab5dcc8078e5ae4cc4a6c8ad8b2d56fc4a416f72b24de1047343724f27a5aa71da033f1c216d8e5f803a94fc5aa3ff1edb816b1c29693e75c8815153235655ac4a25381827da4a9a88c332dc03322f2e79300e8b2588cc46ba23a8ea4fd13748c10400faa65bdf81aa4f2f0ce54cc3fba3733a875693d96fc3cdc2a45879048f4972561f91a56003be11cab95d2fa2137547d5cbb7015504ea2e1826e5498ca8c6b2a3634fa3018c4f1f0470089e45bb5cf0dc1330de3d5f7883172d94dc433f1a5fbbd6d5c473190587ad8f720bb8a30dd2967afd21436d563af672f287e85137d5baa699fd3fd1c6fddbc1827eb1922a1882b5769d41e5b82f8298c70db954de10bb20cd35275bdbc6733ff024af6adce4d2f21c0312826a5fd8cf8404cb9f2a3c450a54abfcb6057728f328c4a70edd3cc98b6dcec1000281ed8454e920fcab7ee8df5eeee80e78ca838b0898b669350c1d4fdbae6287b817372ab6dae4dfd6834c52e932d2f3f7f0398ae9c7ff6eaa1d3d66ad99d7b19ad0f18921110c0676aa5b48343f225f4e33240e336d7f67e1502f35600fae3ad3980639169b0e2f5ac652cbde1699d601792f76fc2564691fad141b54e30d710302ff0a0db21c4b5bda027f29bdb489d9f97faf864011d31ae9fc9a9a02c5719261f109621d27bada9214fd3f7611d7f155d266dec5e6a695759a242ae866520bc4c15d8f26c2b78d9ee156bcaf975156c6d745e95b840f5217e2ddb7c0b2464800fee6865a60493345602d051dba0aa6b5341e7a4d7adc82fc20d8a713cc1", 0x1000}, {&(0x7f00000045c0)="94fcc4fb2cc54d783da2412937e5b62de3e80955e239fb1bfcc7e4caa9735a30c2faa441651b7019c863579eb372e80c4b2480dd72f2146060ea0ca4756476a3f51209439c971e9295ec43be957fc3fdd5c3d202fd787e1b684a162a4fae09f8657548919b99d2978470faaaa270e1664097b45b9876f59418854aa5d4409aa536f58337e357d1097ca773474b7b0221fe456c1bdbfce96516902f31d8857acadc8189adf5b5571099e4ffa0683935d2b5e3904209cf2a06dcc0e848afc06197cc7a06b6ead5938d8e9c72c74a5710044c9fbc4e22fb859b22224e9ff1fe47de46c122c8aae5f1dfec8922ae9c7cdf59060f24f0d7e1bd9b05d5e487b1045ad38269652aea2a24d92cac5d6e583105d84dbce7dd1ecd4d78d0a7776084badde0b954c49fa2c444ae28cf19598866db8d30c5449bef34699f3b88947fc5586f74048c7039cf16b76405aaaad804ccd706d6825d79317064b64972d953bfbd9e9b432355e2cdb5670b1156399612dc5642a9ee01af25ec5ba6943e57222524e35312ae45025901aabbc3acb37ae454433354d2747a22842aa7745544ef60f98a1bb40f552d8246a19de859835526bbb8baad13587f2b0bb74a669adee34ea1b999631e947338b53557c3be2986a8c75259078fd14c47e5a7d543ddcd49d77b8701a527c08103df9bac8dbdfd973d909541d6abc340f95885ba888cb67ac8c39cefef27e19f9d80030c6efd360207c66180406ec8d0934284c71cda32c38e157d1bb040281356f7bb62e39aa0ed76f027513e4e0c0494c4427289a5db3dbe0875c9f6956b482f238a6b708c64342a30abb15ba9641e02fed9c5ef76e66c0121016c029b7d8a3e7ee9a2598b9c103976ea81844d79381cc8d063d3f521e3096c0c193c4d2f67ca95062309ebdc0a940e302f78928bb8f56d620aa6d05028df5af839465e1611114017c093b813d96e24f65fde861253a5016109e7ff84d20330b41d30f6a5f419fda23bbb604481533008fa3117792ce92e4a4ddd0e63fec6436c894f8ac6b5a419ef237cb62418c5d99c854612439c7dec44b23dbceed61cb85a72c26058b9f551681f9e882d1eb4fe9551d3806aea6fc886e0cc5745e6c3695e2efb4625b2a527cf13638ea27d1a9f19c9bb6d8e4a0edc92de84323a91ebbecf6d136017b7e985a32ffbac5477ba9d617cd81a85422aecbe90405414153884042d1ac1d34f4827d805714de43f9d06f94f28ea789c578cf7b949d1eb20cb1656a4d648ec1cfc6076f933ec4fa94ae5f93cde81e91e9b333541ac9e6ba262048235bce8cc5aceacd267b551a955f5b661cebca4d7478276f760326d0bd3970cbf3a833469df090c0c735f219596ae59725d0b31a5cae074a4377912836aa537831ba8761ad32e94ea0ef9908848520a77c15bc404e839cec06378c1a685124ff450959c3fc5e21e8a2d0bc0111592d47207861be084c4ac9bcfb97d6b7bc06d98f97067f3a3a0a41f4a9ef5ddeead16c365bdcd936d974cfd13f031d879f8a2a0bef17bee922aaa891f9b82c9782280ffa618d6a0100f6f402bbbb2271c3a568d50a4b9ba23c32ef82c8d77571bdc9a05449ce2926791cdeef4e0a41073541b22aa9051fdcf9313efdb53eabe6211f26894f3e34d81e03ed2009e0e2a0eb1c0aef0d249ca1841269fa5cd10d395d30eb5dede2007cf59a871c2de9cbeaa76f7236369392e16c66b1951ebce7e4449828e4487fc6c85a8d970e06880059f03ba72aeab3b986f5fe698ae23561c1878d567fcad332f0f40909f91de4ab967a24a43bd1f72d61629518f541b8c9b14a909afd3d7a7f0e4c64428722d9092144546f1a2fe2b0ff98267e7572ffdfebfabc967c911ea94ddd1ebf1fc5802f4a3321a9f12ef8382378687707aca144a9e539528e6d034186b7e6f5cc7dc8a59e6307cf3c206718f9661788edfb4e8d1db1bd0a861d00fa429eb490fc584d35d1b853ac8018ac295378f60e0528382212b126ee4dd171e9c0cac25f1740d8e7ca920e15f7cf40a9a3706836dceacf385e4ab123c870a578cf40400b6dffae2260b19d73cd0a0b26f50f631ade30fc3db5cb070474b4de2d685a3bd246322d7ef495b9f26648d731968e61fd3a3ccb8294f84fdf7512f945934a39528444c8ef87f1cfb0a23e57a8efdbb13f854e3879fae1e0319ff62f7b9588c21b1c2c2275f3221694332074187f9f0d3b78793c227416eb7a4fdd4a3f5f06e269f616ab367a3f72fe410402bbdc372bcf9eb8de14a46ada9dbfbd6f46cbc0647eae93b70995ced47e6bd830ffafa8a099d6888ed9febbba28479dde6f55442fd47475c20649149b3c918c8c4b245cd0b93aeba61c10b3248a085ce1e2f2d848c74d0835cfb1aceb32cd65805b0c6b636458cf7d7069e2a20877853951ba9a647af2981d40fc03a3963e141c57b5023fd2d445752fd03a61f1bd8b33219001de4268d8820362f77d31ad79c4bb269999298784de039013bc4331947daf4f9a7b91f71b1f7c6db0f33edc99bf9ad9b5b423af6551f24cb8dd2dae943ec49e7a52dd5d6f0a13116a541678239900d80c3a5729d90406ca9b4b0adca2f74c630d361b4200798622afbe1664f386d1355d707d5c2b886cbe0795e2b91436f3afd53114dd8354649ed91f166fb6dac0a950d959c0675d78443659c1bbe6573f4c13eb27bcaf91b02e532ad4582a4ede077bc2a5577445bdf105ab17cda025ca28431bf07ecb0ae05f325d15a90095055b6b4f4073ee5cefa4faff69afd0a71712f3513fd211750be361b1de28deae22b7d223426631252af2a90e29a34f0e6ef669932c2b117b46d823d6f20a69b496aa961fd37aa10aa4c499e5cb031f539575e8f8a07a606c98a5ae29b402824e211fb7d1588cc6437db72ee4cbbf82128eeb29c122234d87c2b3ea3c9a37a9cb33c3f195311e599cbfde286ec8db4650f16b13de8089474808ac848db153a3e48dcad4fa60481d831e8e727f33296e392a1b6eaff4c2250b006e8db8482100cd16df6114c65305fd5f468f1aaf0c9f2270597b7be575e2ed509a6aca8cf22ffec6ce595f63a0e8d205c709cd6aa19269add4e9e5b8cbf2aacffd73f3ec1bd05bf1f14402aaa94cdfaf5b39c01cd3184750d5cfe9fdd42ae7f2ae89795b31d0d056bfc38d27c850fb73c79d99f97c074e0376e7b697c838376e3f9de59fa63f8a22bbc712de07d12d9c09fcbddf4eec4cb76ee35d5cebb060cc41afcca320937a5ff0e94d417fe7d0d68b47a691493bd3f8bb8422c3e09a074f716ab512dfcbd9c7812afc9567986d67fd25dbea256adb6b359243fe19905d0fb75b5a1c32a001779af43d5605675ad81c58c7cf55d14334183666e18b5789e0cf81b14bccd8f902efdf924f5a142757c93bab56dc5fc55b91323e62356d291eb99a9582d2a5900a7c83d295be89f9b7fbe565a73fe96c61c3f46491642a7ef4a58510325e38639efb455741d4446f58c78356bd0042c3fbd73258e02e0db16e786a403fc3bde8e0b1af29aa6531a32c28f85b253189001c6aaafb39d75a0119c6e261f223cad5457f399d0e0c1df63863eaa5b33fdbf9a275c7c7919902c18cde571266dfe3f1a812be33d13b389015b741096c83c7aa9d4352292f62e4e3b4483d25cf7fe76e9bdadec6990515b509f88f846851de2ac021145727a6e2ef458bd417d653d9f185f15575be9f143521a99d165d3b8635876083a4a7b6720ff086461cda4193f262ebe99ee3b7ced5310fa44d60cddf57e43ca0f1b58cd1e6eb31f5c5d3009793894d26635ccbd22cf737285370d933970b1e5b145bed0682963c7996b94b14673736be54acaee738fd7714b8499097628efd9b3a1966ef54cdd67fcb87bdcd69936cebf8bbf62b5cf7ed83195ccee63e326c2d949f9d52823d86f3854d55305fde65ba0e9c22a95fd813845d13948d68aa3f64e25900b6dde3ac57c6b1839bcdfaf6887270ee78b21cb6ae63e57f2744c777fcbc080c232b3e9f209c4b4d541e5a60c089e1705e68bb51e23691c6cdeae58381769ec13c73f497de1f3a97ec00e69743f25f08d48ee93249b366b2a08160795ea2516f0fe076c1664036e0a5d63660bdd5149f97588b382ce75616259cade70ebd8f8dcf1e469bc4c72d2ca7a6e91f2946694dfa39d4010defeb4dec02c92b81247ced28d1e44291349610daab21ff5ba129c337eeaeff0448ec8a9e488f7dadafd00428d7f87f2850852299aa525e8fea843d9e372df981d6a7e78318fac59b5e3e191f3a16928315fbf26ef0bac63ec35329970a8e22fc9ab526c19223d2ca4b72b6919df55d33c6ab5bf81c63ef96b6c6ad600fa5670314d7044797953d4f68a08e9fd73a86f6ee37a36817f67691a71149af4f5436ea45ddd45d7089055c0a513b81682f9db3d45a6c9c036a1f109f82acb774d7df4d815f06919e86ae6ed59b61ca515d3054a0934ab458a41ead2fed99ff1597b7dad2d40e9b43298889dd3809734b90b86dec574d84c1678cbda7b29542c916c6203d290b5767d80d6650fd5c3d3fc5b828d443c53f61f42e914fc391224a7b8168fe701c46521bb5a403679bc33864e50bee9a707d0124690c9167aed959e7accc892e648a7dd7035045776614796913cf54d74f7b1c662138f81a004606714ee5f3ef2f996a0f05da9aa059bc2d36f7b9a5e5c98df8c8e22776ea59ff9f150a158d5742be871a0f19b01da5f23de615328ac2946deaf481360b5ecbeb87c4bda043ad1dd19a74240b314473dbdcd647bc27ab1e242be63313f82cfa9b698bb3ead768e7d54642df0179a0397aab113fa5ff14fad49c850f20dfc40423e707fba44a1fba9f7bc0a0dab52c10b53da4c8542620382ce5a3fa027b5d96622e9d72ef0fb325386a44f9034c68ff094760f4e56ad5050c3dff1bffb559c1db16720f6b8f96e4569fdb42d0e2bec371991be1c19fef15f27cc2c98ac892fee44e7081cc51f4c01d2af833268c1f26cd2ff5bc63f9b5c60b639d0049b99361aff88a7703baa2c3424437f745b5d542d22a5912838c04c9dacb695ab6f45de8385b2c4b40a63074120d666692077b0331f81e3d6aaaafe0fd10e5a9e9adedbbed103767fbea6255bd68b09fdf64146df6021a57c39c361c1e8c60a2e76e5adb7e59ffd2d2715e6ca047feb07e86bece9880c6cf7a962361043925d985c8170049101224448cf36c8279c9d477c15e53eb5e7e0ed9dbed87c285f25257fbfecb5009749f0e31fa7da8a5fb0ff453b6ef0e91cc5157496c5f289289659885f92063e126ae86446166a392ec6df18b2724232846c6bffeda4b3cfabe8862be7cadd91950f6c4a5ae7a691bf55c96c2c2064a84f6de7e23af898174b7b5dad92161ffd3e615e98cf50d2de360f3613705c0a165a0a34b477fd2253662c9370956f78d5dabb200f3985b2be6711d5e1e902110ad402829db26bd8546767307f9b6446d1994eac6990f2a6ec41435ef611402255633f6ccd329dd621399f987f9645a747741004bb2cbdf861d823b4d87c80708b551b978b84aec55793a262768e0ae5dad9adc4cc1e8e1e82e384f89a37e193e2f3544af1711614786faffdfd68d49eba01c1e4286f9bf1246b9fd839c6fcaa8365130b6b9401ea98ed90ef8115e42488a45b728b03131957b718adf38bf63cb8520dcad9b4f45f338920d3db58f5b0b3b23fb00dfa979c70d9b993d8ecf31eb8dd1b51ce4ddcb600d0607d7e4593434e807e5de2148d7e3d67dbaf243c82aa960c8db70ce92013", 0x1000}, {&(0x7f00000055c0)="0b8cb08e0d713751c32d23bd672008933bbe5dcd890a94f7d51f0199ac7fea00bd5e11d846f812f1c8a2eab33d87d799d0f1720736452c608d47c5f1a8dfbd45dff82c2b40aafcd47b16f967c119a0aefaf6d4c4684dd89d49c507c969aff78393f9b70006224f0925fb93c5ce9cbefcc3da27c12967beb0576eca2d5f2ddc821ed775f6b397597212f116cdeda0816da53f444834bf607dfba88a3084b82e9916bee77de14a80923a20515f066a83f5795a6dfe6c30f49b05d5c11356abb450752f648f883dda97559a0f7c1bfcd0d09de9c197aa98939fdc6fe577c0fb96fe3852c5a2f4b601ceff7075276715b1d0a6b8ec357c", 0xf5}, {&(0x7f00000056c0)="f2f4a70717a6d3c0640eb643c1bc01f4f2fe2253594278af0ebefef3c092dea250b1d1d78c13088fbf23893a5e1f1900412f06a72b6cd4b46ce97f76819666f9d4029a82cb890235476207910575a78bf95c9798cfdfeef359505537429bb53089f3141cbb2746341f8f654c994209f9ac824aba88d1c0cc657dfbc80adb25d1a7d7666b193603ee7b5e3f6d93c3b56a19e861701a", 0x95}], 0x8, &(0x7f0000005800)=[@op={0x18}, @op={0x18, 0x117, 0x3, 0x1}, @assoc={0x18, 0x117, 0x4, 0x3}, @op={0x18}, @iv={0x80, 0x117, 0x2, 0x65, "39276582925ddce372923e57083665181ebfce16b6990ce66c086553d946deb9672363e0953a2fadeaad11f8727c922588c6b124f48aabcece05bd5f51ab5978c84c0bd79b2b9b6f38fe4e6f2659c90c3994725fc055a6a051bb9c11be21bb8720f607c15e"}, @op={0x18}], 0xf8, 0x4008081}, {0x0, 0x0, &(0x7f0000006c80)=[{&(0x7f0000005900)="4c8b67b3afa772d28fb04b486d4766cc9b67ac17a8f23c3b6ace8e0cbda8fbcd5133b27dc3c50114c4dbe98f18c03265b25a84e4b22812035f97e27cab4b9fd5f97f0ade63a87aec785eacb07b3cc3bb81f37c5cef572d39de18ad1cf73973d17d2b", 0x62}, {&(0x7f0000005980)="c11ccced73918ba3f3f1d0d4dfed6676b3c02342b2dfda0a50d7e55033a55b594348eb52dc39ac51068fd5390fc1ffed396845192a41f1cf3189e16fdc2992457a58", 0x42}, {&(0x7f0000005a00)="b1849db37496cfc093ca8fba97f736273250c2", 0x13}, {&(0x7f0000005a40)="4e8560a4c48fcbeea4169f949fc576f8510e124ef21fb2295521527d8f8fcac5b12d1f7c30b9a7ec042d8af379ca444b20fbbfba0941b3bcc05ce2095e6d131e35b118808e30d5aa1e66dd230e7f57b3ff364cfe5d473b12affe95c20868dd6405ee2d4e0b5ef30a3adb44b673d359cc730920e8fa24d99707b883f1a6bf94f3c9c111c7a66f2906f65dba36d5edc44ee3b77efd9ff5871d3c2a30833c8f44527aa57cb6bb0e702e7a0e1f5547640e273d67abedd6d82715a1f00d13", 0xbc}, {&(0x7f0000005b00)="271836e77f6bec5a4b1d9e4a77a9e93ecb3fa189dc9df4f8797445f05567794cc4f5c9750e99304261f29c75fb7aa0f15646edd8f29d20a02ae762791d9ed4b762112eff005d526f02101e88a36a637ead357e9df9efdb66912fe9a58c83c6048fe58c93fede9af017627d87d50fec6bad38446c7785661fc00ac3fca1aa12d62ab7286113934f206c24e4bfc29f989cc109e2c210f20ac2fa33e5170217982a268205f4ab5008a1b3dafb0a6c5e33034c9d033d9c7565270044cf4da476c97afa1e2fa631a61bdf60b8fdbf454f757e16a8b9c704c3b939f5d59c503dbdb85010d94a6a2da412c816cd88729ecba25ce0ba26bc24", 0xf5}, {&(0x7f0000005c00)="dbfc091adcfd4331605befe46fb3d8edebf18a8026d48992a8819c1b9aa77eefb9e3ff1af6c249be384a497fec8518e171d721f56c922a34ceb771266465c769207a9fb86d35ed716f", 0x49}, {&(0x7f0000005c80)="1ab3b9ed8e9d78ed1d1090a48b42ff9475b31d76b1b4eff993f34249cfe1dad9f73c38c6b86d6896f792139c3e9fa68c813747e00941a46f560698cddb8a62d6b1f2dda6aad4bc489a551fa8a6ea4af3f0ce2b465694573582d01155eb466a8686a0bdf96711d37ab6c78d907b349454e6ca0231f6d52d7899fc29f9b57abc806d561d522c2dcfc3c66ebb149af6dee9af735ad8a0bd9a071db26394b3c7c13955359864585bb2bf5fbc156c50472548c775e0247715624b7b07a80761cfe775c8839d0284b741bf8eaf570fa5697bd7de938c6ff5a3757b26e5687d5b699264c109d185e5179d36f0e38697a2f0c9471ee10c351e9b07a432fcd77dae733428e173d6f5e42f99f500d14315afd62dab19f3dacf8f7eab8c444b05b7bcc22a7f00610e699350ff67a27c320d88706ab777eb34b13bfd5ebefd70dfd7910815b525b179a9d3a6b7a0e9f7f8ef14c8635473d292078d0d4dd9e66e0c81bad5ea4a50433d2d57751dfa9fe54fbf8a69e4637662064f2851b75ffd7ccc1d7608c8923281ba1994745c02888667d731f9e63305d475de5def2a716dd945e5cbc357f17cff93c6fc857d5da7b64f259d9689d12b5ff893983e73b5d7f8e73bee553bd198d01694ff731fcfaaaf0bf5a4650c84eb2eab9d475404e5365829512dd410ac7efa73ed27f363bacb9b647e25143097277b43c65a8268daf4a8349771ec5af6ec31a92302a60ea66fd558b737d43058d1d9bdb2f2ee4a75f24303a3709fba9d5ef1e1c6c119fed260cdddae3959ddc5267f51c74c936bf529eb3b6a58d1f0563c8fcda6885cf3cb5028a4ad8f022e791aed1b9a23735f25d5d7696871d20b7d082dc020a505fb6be9761398c4ba6a60fe6eb9efe2476eb0eee12f1fa06543db9faf28bfbc90e8aef110180abd1d944ac97962c45b39e3b3092054436293d09825e37a1fb21937c4c78c82ebd015b648bfa746e95b53baff2eb80c3a6b071d1072e9585fa56bb8297c6589637082a9219c9b020d692debb9cbd3a8c06f61e579db0880d7cb1617cb54f16cc4480bbdbf1fd8d214aac1fb816d2f2f1846e64e86ccc0e09b220d41c797091584de9735226ccc55213965f189ad18ddb9861f4af9dc6edb426934aed9244a53a80dec779930eb60d769379525b8c94a3917cbbe9fcef80437dfeaca5bd9b083dd5a21190f3849c5eb41900126c727a65321c32b10edf1e2ffc9bc685ff718ed193e9f7d2471e2fd4f9f51913fb6ef2dd05aef396bc20cd84d40e1ae102c20efb7900a1cbbc7d46064bc1b4ee61ed0e7aa12d2d2bafc4322356b12d9ccaa0210690cc5e8446ab8ea082d00f21e33d40e3dc1ba5f078bfdd59d5e784e5ae57e7797a44f6a9472783880b15ccab5a64882ff6b3915dca356b49781c52f743f33abdab95594eb4d50e6ddc6f58885a499d73787a0fd3abfb39fce99271fa237bc54cdafd0b87ae5c45478d995c218bf7e4503da1968cef38260559458349c38b80e811e93a43527870c22966e19e4314e9c807c1d98f594a3d887cacdf260c11c476f4d4862e61a12be5eb947c5be040d47f4cab5170540e26dc7914f3671fb1fdfde28521cfde9aaa3d5ee13325aa3fabc5eb8f93cdc1552a9be699e23f20c949d662a38b460ea13d424e1abd7d8fc688a47898061594a947ae9c0b0e69f0fc37e77ac414ceca717dd46a8cb38aea4146a813b1743f0712bd9900d286cdc94466cd3f72b1b5e7645edb7e4cc283c3c149d18fce82b0a439b37f511990abcc5bf53401c0084df56051b0fd06479389494770d6e8aedbacec87099f7feba4f122785a74c3ee8bce1059dfa2253274d5b44f6bfd5cce12a633e24f9e391bf3f7e48e1b686843b0469f590c9828011006fe1787de2040c7f3ea85ed739ae396dd69d12e48c3addb8ce66b78349c64e5f90f1358e569ccf2fa6faade16bfb0e5cc71a92268b00d783d19603a62d83d9e38ad8d965fd724bf86bc5ec0c099cec57a4f6a3c94a2f936dc7762912f5fec3dbbb57cdb532e8d78358ee4ab30fab07b0888045e568a29099a20f7fbb7ac2d7aec6b516a03ad85139dd8a17a702102a2fc7912da820b93cb4d36e7b79e19f6722cbc217c7c23096dd6a4e922d9993dd555c2bcc2d2319a3f2dea400f411607f298dad696612eeba8022783a8722a931233aa4fd83d356ce5873b9d09d99e91ced2320644662ac4573bab7a2fb7270ad0dcbd2db9b0f406153a39cbfd656ae46658801474def9b60df5b1e8c118fb2f451331bbb32d377ef5ad0248525cdc133de06aed59a8489749c6c6d3551ab6968861be4bee45e0e16b4f4fb7386762e14cedb0c1d6c40f3cfcb0631eb97fe621f129c985af8f8a1a7727f78e8837a23811da5407720e7e3252711a0fdf4e0e85f85f803c71bfe95cef295174c04fad46a0cbed074109a80a7d07c0fd7110bb033d2cea5933ef256d53be4816005ba356bce2983efe6a15d9651077c2de417049274b7682941ff779181f03e7374d9716bdabde77256ae8472ee86588dc1a5f8008eed0c2416a75fdb629800bee3525a58d538a426399b164740844c49dec505c5b03490f45c717d0abcb9a86f87c89bade92269ebd8833a4aa5efdb92d170616a0c24db41644d747bb6e4762e5d7608ea89e6ab2929bcc132bd2340bd7d24871145068c5521d86d4656a1096857a4d2b6c3ca12a494b13f3979f318f55718356d9216bdc3a4f07cf839c196fb6e1710628ff314153dfc0521e51ade4f2231b49157bbb825045ac49cf48dc92347ba2e47ef762d911db7cdc475ec42f8b8ff0931322650f70010720479677fb50595e594beaba70b90b13e4e4101d08e69a1a78c10c5cd4d391635ca5dc7318f23e3dbe04dcb841e5b29d7fae96f3bf18220e121f45a02ccdaf83e1e15fe051407837ca6c64403ac5eeef998b8edb0a7c1f37d891f67654d47f3d7cb1aafffc52b7e2d2891734c57b78d085a750a4bd6081aa6f00a14ee960ef2272d2949efd0a332ef8af8ba8e42545208f59d2f1ffd5006a72c252ee42efc7f8b1aa677f4de5766407534666ad2b8ce1ee1010d4405dbc852e08296a6aeb4d41293dd16b2ef4b055f9bf6935e0ab340505b53574ea88b200c6296abae47e9b5ec60f10aa0031ce4649398069052aa8dcf610862c31acfb023b463d43511f02ccd82b97060c96fe613d70c3e44bc37f4df3d0aab5317b467b4f73056069f043258b1ceb9e954098d23c532513ded351c3b5cdbfec5256f0b4260d85192a01cf1f8c99001bc3fec568aede0c4cf13675aa00f9a25d51620b8b74f746cd7429fb5c3357c3a4db562f75f4bb3a3564befa48928d297dde3dd3010a1dffa9c8d572e1e894bb37dc0af7a8680adf1874445936415b382d7b1769b327e7704dfa4e9b32d6b8d9dee0350ab5e7d64ca541dc912c6cc9ef2c1d3a45c2cf1aac55ac74436d9da9aa97ccccd76763c02eb817e32ef1fb783b8a8835fac706cbfd2d4c25827bb0740ca85ab1e930b954942d4d704aae8aa8332c81d27a4f5aa99245cb22b18d4250311ca1abfa167e67f7679c9c22f654775d166b7e1a554a5eeca02e8adb4ec18fea1a6c12fc5ca44ea456c439c09533eccac090b85bd1e7b81ea764148f9b930eaa4220de09e5332d605e2b057e9b56db6d2fa743ef687bc1430bccf23d95e19761adbdaab064d75fa1b7768f3dd0304364dc8b75709836f1180f19061246ee6f0042600c7b8105e6d6418f7b72e2908f987a5ffe0909c7adbb0be613d84b17a13b997de34f242f8c27bb03e92e34ce6583d44b0f6cd347ee4ca189b10a0dee17b9db8ec51d184be64f61c11544d914fe5e67f85e774668051f1829071591c480173894cb54f3768264e142914611c583760c8d6b1c6c031c32d70d1578fc48e2177101f84681a2a1003f614814af9d5334816a6e31181ea7d25242d9dd5c3425d27c1b1bd41404a384cd5b528fe0f406f4c4931e23b2861f0988c55f9886a45486cb025efea50b681113d21ce175bc192adbef1bd0352b7070b17d3dc256b6ede169c695b52ce94fb58edf4c4021769c4c931904260fd7ecc01bb7b9b4c8fd1bd20a1d1447acfb6c04e6e26ad9d814ae5b629960c0a18e9afff0434e8aff8b909b5c692566a7e7c3faac325bcdd944c9fe8d0b797ec42b6649abe50f35618c920a5f3a7a75618e8213b16073f9ac9b0785881961c627364b80083743f72d6dc0362a62f006df51472d836c823d66ecfcad824ffe8e8cdaf6c05f2fddc42ccaaf625631881104325fb184b3ae41e5b6380e24bb57cb159c4ef6acb3b4a5b24947fb014e41c594e84d5ffa4571cbc8d46fb06ab205e2dad001c0d0f2ddce405500af5f768c5edd071a3c4709100e132ed77118ad7cae594e9daddc36839a33d5ed25dc87e9325ead22d80d5d902426ce04044ce7e0eb0f7bc5efd419aa8b11b160b6b8b61550da5e7c338445785ef8a5b7dc62c278f62f550a0378fb62066cd6bee07c30a345f3defee92b05c1e9e1cae8c032a0589de2692adfb7ae7ff1bf70a667ac37cbde4613cd2dc03b12ef75a4e17e85c4bb02bc52a6813cb782cae80bab49f59484e2dc1e0c8d0f83ba3687bd064a96286c09ce8d0c5303a734cd550818861b758f12ae0902b1d4385e0292825e83bd65ae5b68f28f014b35cdbc2ffd70139ce9c87006fbeba0c7c1f88dcaa0a7afe36fb5883da9f75588f15b038058eba8453616f9695d34e3036238ff93c3db0d2cba92e861f949f1495c720c56f536588310f40e40fa5edd1f145b2327871a6e903ac8f150f67f752ad72afc684ca0802f58bbf4ffb300933b26a98b7f18a62559d6d9c7e6e9580508e3de0ef34d3c82eec1b11df197662de585ece7b275f19adf9810d871744fb06658c81890dfac5286d8657577222eb9aef3fe91685bcd4980a06ddbb622e3d8d579efdbdc8186fb8baa0c580e18678d6397915adf86670de356552671671e0cd04e1ea9b2284852a3bb9f13e18277b8956f751e021ef6a59194f4533e0452be96d37dbf9f249cadbe27db0fe9fb163061bf3f6a472783082cfebfffa6528bf3e80bc925fb9ad6d212e36694d984c78ab21b3eb1e08cf67de833b493d4602d9402e13665ca3336213eb4dba72ac1bacea4e7ae67c28f036b03dadc19aa9fe10b80c3ca0d7c7f721bbce1f06de99e5669ca9ca2f3c0d7fd1b42254b86c4f183d18618f4e9e08fb805abd635b6def125af0e18f1e12ddabe55205b701a6c9f354254691010bd9fabde12b8ca6f75945c5d0e068ceee6a4e3e93a67c374e14d01f2c3597f0042d902760fa601382a3266782e5dd8d881846df9be04903bbd182bd078d59dfe319e66d34e869c58f56050390292280074aae88b030c49717d1c523f670561348eb886a2ed5d733a770b3212e9b9b2e36480932272693a9752807c42f7e47a1775e271789cb1e18c1db2ef8b77923240d2f1d56d0a7eed2511e5d7cb21f6e883c9f91311e3775652ace721f1dc60f3d8e818c6e386ed004499a9c2f6046293ce6532929044dc4ad3158630a8cd894194ae141f658b626a3e07d0f3ef6b15a0334cac704241692eb4e409d49743cf0888adbb8ce4c04ece97a028e26f0b802548d6642331662469c104cb7c5466af9c47a7d80e4c08dbba1b65f509873428f2e53b87350341e66cb327f1e04d296ce4fe18f8fe5c5cd97de82182377f5c0c5ccc15ce074ccb7f1291c32336016665bd40743329467b5f6f0dcd4510b691dabac8e020fd7f537871c0939bc6012355a6d9805c021", 0x1000}], 0x7, &(0x7f0000006d00)=[@iv={0xf0, 0x117, 0x2, 0xd5, "ae4079cc9858f74fb7c2ecc8ec138afca0defda994f59addcf054dee1e852f32bbfbfd9963bf4792b5489289982dea799ae7d3aa704ea92c09ea4a6d7ca94670f95b8c54a20930d84b6750b61ecea3fafea24a533dceae5e83acf9f04dbf135918a18b486af4d2f74e62248e20743b2cf5ba5fa99d780b0432a5875f60d0315019de7888a34c2cbd3eccb999bf5e9595ae79756a9e7f7d7d9cf371c324e0450f5c70d2820bd08b719e3bb2df93993b9bc6ec423d72cb3cd389287389d6d21a4bbd366561e46d57dc10eaa3282905ce9472145985df"}, @iv={0x88, 0x117, 0x2, 0x6d, "41337a84b898f2108659a7a76767ae020013c0f35ced49229921ecd1ec9917dc41a27e716ed630da59e995aa255f9a292c201bd5473536bd3c3126565921703d2f52a236cba8e50db9a86c5689770e814b03eeb7b4aedb35364c251f196b09f51b66785720b0ffb09c905729bd"}, @op={0x18}, @iv={0x38, 0x117, 0x2, 0x22, "a12319f99228f62882d8513a0a738ee45f94f7abbf2e2192f5b42dd6760d7717090e"}, @iv={0x68, 0x117, 0x2, 0x52, "d01baf6d7823ef4e1f0a1361729399a9a8dacd31d9189c3550dcfcc58b9ea47036a487c532cdb82c773a8a9e08f832c40ec09ea684d3a6a7a14135715639a81ae948669b55b2cd68f7f2d98374174ad9bc9e"}], 0x230, 0x6d12179675a79698}, {0x0, 0x0, &(0x7f0000007480)=[{&(0x7f0000006f40)="2512b794317355ea6f4810ab5cee8f12a3075cba63cc5bd96d3eeca15795c020c9e4aad5ccc4a06ce1e42ee6c0a17b95124c9aba0c647b0040518a2d75c0e43da1564ede2b7f63fa06ee290ef2eeb3b4ca4d593432f1eb231b7d50b2fb0a945fe8da186dcf0ec72b91ba4015b2b9e4a791822d41", 0x74}, {&(0x7f0000006fc0)="cca76d18cc119d007329eabb10afc5b29655befb540c6c72b538f8c83a0bf48f80792809fcf73b7bf7ea90978abcd7b5878f92fcdcc3fc969c3941563c4f697f6eb40bd838e0a8a3404ceb2d807c524a1cdb05228780be59a50bfb9800fd8a4691f60a19207d2d58584103f7d40f62fd6c55e35753a1928ef484af514aa532b35a6e4c01308c86134ebea00c0538663c144babc8a95f0e9ed5a6762c960dba16a2172d87dc64f6aeeda839b6d630cd6bdb56ebdbe0121abaa165d8411aa84fcf71f853826a99a03515d1ae1387fc4ad7", 0xd0}, {&(0x7f00000070c0)="dbb2a1ff97b757ec1385438d64d052e3fe14b1", 0x13}, {&(0x7f0000007100)="825ec06d8eb7d1c3cd88be832d7fc22d52f861711577762ed993ba54d5a616d2f1b31c4e2d705769e384aebb4a830bd7a40444a4a659ea11307eeb1c6fe1b4a7ebf535fa60624eb1f0b7575b9f2d0623ddf74940f613602d9610dd00ca7ab044786e77a2616f83ea78aa263fb037c8543ffc87bdd8a50f03560e9c5a46a3607cbf048dc0f7250d1fe230158daf618ded50edc325f6a157b1992b5964cab89b9d8fc5012166549f2c7e5e9b203b9fe785e15749b5df069815", 0xb8}, {&(0x7f00000071c0)="19865cd32a744ae6623b95804870d059fe16ee94b7e6dafdc596ce74efaefd927d21488b10da0ef22a620eeb2423c5bb7a5d7223a92d1c87cf26988a7edd40eb8af1a774bcc90f8145f99977d319628e5b03402dbbbfdf19233aea913e02ba2a1619eea08b11fcce2e35b5e45712087a7bf6513c291f8c6d29b3a87197bb6eb2247c2ec0ac2df3e270240954f1005a8ddd0b22957ef4452a67ec4b866a2e416a5365348ceefdf565194ebd3ef1e7d72590baaf2241c7a5af160d323b2b57917737dcb1abf23efb0d37828a3c65c15262a8c6b9589875883e99b486a58647eb2d0c", 0xe1}, {&(0x7f00000072c0)="777de7777ffcab29e64396081d606155d4dee502518be5c3543757967bc8dee034700ed8c6072a22731b4e6f61d8df02de250c4be3ed812676538af1d62c6f47d6bbddaf0c27933bcad30550340faf3d10c02b59975c166959", 0x59}, {&(0x7f0000007340)="470070c0e14a3a22c03562add629a5e94b98907c1a32f6a58eff103b8f00a03ef351b12ed6f475b549f1a5c5e729dd9a3c30d48f05645216767d0527dcaa9573131b2c670dd732146a738aefaeab9620532313e61799417925fd88daa6d4ff6e3ff823db18ddb5b3b81ebd0f54f3edc597d32861dee75f667a91c4ec1785a22bfb37d18114f5e3f4dd87649b1fb0064cc1bbe7894ff683a0b3916d9b6ce3ad6ed28a7b60448eaa829efc0338963e9f47cd3acf4d366ec7276d925cd8c0f62197d39811a5ce42558764c00ed03bff5d9646b391321f31f8ccb06c172e7982b8a9b605385bc2e3b3cc4208faa108a66817a038b95c97", 0xf5}, {&(0x7f0000007440)="a5ae", 0x2}], 0x8, &(0x7f0000007500)=[@iv={0x80, 0x117, 0x2, 0x69, "1becaa4dccd5c24dbfecfc42e8b70c4530e7e8f5a23994ef02c6cd78dabf0abf6fa76bbaf1651958e0237f59ab5f5a9f55e2e56814b0f23a4b18669573e5bc5abc85bce46a14567d798569294aa1660fd0863ed694295f023a03fe08cdee962012fa97d0b0271a8672"}, @iv={0x70, 0x117, 0x2, 0x5b, "f408625a728026df9af7f7d8eda2affb110e1d03df8573b473dab68d9c30751cfe20ff1d224c73fba1a1630ca885f8fb568d622ac8f07b94b642d8f3c4bde55e9cc6718a79f520fa5589b8116eea836d66d8a8f2ad01c6be4b2bd4"}, @op={0x18, 0x117, 0x3, 0x1}, @op={0x18}], 0x120, 0x4000}, {0x0, 0x0, &(0x7f0000008ac0)=[{&(0x7f0000007640)="6c9596fb3928cc769572f85e84711b3e304f3aa87cf0cbe4606f705dd1d04a224d81c9ae81e9f4d375dfca9131da7f3afdfe50d865886bfe4aca7c427f2bb1d713d8a5af51793f4d880e0fc71c66b1115af62ce84194292f6c974fa94ae0fdb0fc466249f6ac355031cbc529bb23f15fff62de5330697835f0696bc2cda4966deeda8fefc39b6f97ae1040472020ce4b20379cb0d53272d8e1b8a277b203a6cda88582fa045c944756ab23aefcd410ac40ca93679725efa95a34b3157918c6f12c0ba15751c7949313384eb480d3d3b5cd803275a6a6edaeb64edcd6932df7bbfef04d988b329b35b0839dd038d70a3d7130", 0xf2}, {&(0x7f0000007740)="60549d3fc5d662a5a5aa924e723b18e8d362c317e92304cf485169cff3f9321aea2e1937505a81ae7bf4bbf2c1bcd614609d39b6ebebd0a2607bcdc14a850144bf883ca0afae18c79fa1a7a8905b29995caa02d1e3db2211c281393cd3e675eb50d7d5943b9f42e74d5f7dc2c60d5a62c34cd2e671d0aa6b2d93caf3054104529c154df1698521c17fa1f304aee123282696e251dd14b88fa266e32cdad7d2d77aa7b4c895f836e95ab5bd4de605158a943d324889245c68181cffadcb05dca564b7349d38918cc2acc64bf7583029db7de14965dff197", 0xd7}, {&(0x7f0000007840)="436ab274cba2f32da36399772448a932d5efd07e3b42953d0dc0b0e6ad86ba487e2ebc66a98c9495f5a730a97c6a2fcee32a14e0270be57d577dc5388ad6805b382f7fe7571608d380e5645c1ea570ab5d1155ecf488a74c59e228ccef38f154e880b0a61b73dbd127b3ab0be525", 0x6e}, {&(0x7f00000078c0)="3cabcdf3681d687aeaa2766d63f374821ed461aaea30785c54539e2e8f85b4eecfd2ce209db7c66c488d9a24b4038c8fcdfd6f8a4b2da7ad4156cfa27bb650e14cbcb3c2ed47708a2cbbfab6fc41b99ff2558747ac9324e0adcd1f93e4417a79bcd18a284b16c830c3d85d149c9b6c0fb47acf47a9b3c4a9ca97336e3c66c919451015fb88dbb5e80062624daf", 0x8d}, {&(0x7f0000007980)="add6ac609254b3d1b3d1a2be3c15fa5d1efaa13766118bdbb4a4e1984517f5520d8c81536eb56d1fc6622899b02d87f103b1b66a0521dceca1cbdfa6507adc0fadbe7b784dfa8ed78c30dab1a29c728843d1d7391eab9ce6b93318dcf1792679de43cb939b755502a7beff5f1d30ad52d8cd48324e0e1182ab507b44bc30698abe68a5a453bcbaa73fc0051b120e85c3f559ec4a7d4cf3904577586e76e0ee84e1c804e90acbd1febda30e489fa8bf7e508ad483eae8675e992d267102f683112bd2bdf88275831139dbd3c1569de861304e7f20a35696f6c388f03155657bb64da247757923ec5d6b621a4562fb192ed6c2d5310af685aa1b9b429e9cd031bc1e861467989e28a651858423cc51a811748ff9d487283704aec8893161a3f92738f5cc78b20ec65370acdacaf2fad4433913a10ce8abe8b6a8eabf91b2cd2c35bc098d5ccfbc5579243357a25217c5d467dde857f52e44f4b77dc85a3f11dfdc3ab79c792d4c4fff7f30586186234f154a5c7f0e28d88316b38d6c861965aedb0f3e77d4c7e304b8b354cde6738b13949e9e90b08ad114386d784adb9c6e46b542ddb0025350cdd9f5a295fedf223effdacebd8d915724b32789924639f3903f2ef7a5475fbc101a0aa4124c9d1b83c0bdf8c52515eaf06db3af4837b5ca20063692f869501cb3ea4962b77fb60a544a891bc3e42d409035ea0587ce48ee8be62c454c205fb2a3c700ea3dbd55ecb27d78d14902ae092855624c3c806486f19a66fbd6a668ab09e4d2ce5b6e73dc1db5f9c31e188f7b3e892bcec176655e0989bd095a4abfac55b24ddb59fcf77be67146d205163884a555dc868107565fdd73aa143e7baba9fff7c5593c0470396ffdd7dcef038bb82703a460c99d787c765ca1cbb0edc396f74a78db271db3a156b28dc6a97cf5a3d0a68492fa1e61509ac1521a17ddaa19a9a068482aed770ef78a861917cfaeef36860c0e7e8677059c1c43a6615803e75acc7226e9af76e645690d762af355703ebb6b86e8cf7d06a64128639d18e1d092302eb9cb5b453a8d155f22dc76b644adf961a2d02e60a58f35128e05ceb0fe3f4dd8f94e2677076cdb7000c93708c6113cf4275c40b4d9fedd5036c9cb78321a6231360e921e4de822e8e61b7afcffa1cd6dc2ffb1d4ee936a584039973b7cd8aaec461323727f8de04c923b65414556704d907af5cd283804f85b3a9db4612bf7db61aa4d59fe705202a4e9c5a3e2adaebf4f8b9da76960a7f3a355a111520c98af7e2bbb974dbfb07043d79998ab4ca035386cd9eadfd613bb1a2278394a1df4dadb344d352724029f3b710d0bee0d601e30a269ff57eb32412293441bfdefb6b7646f05aac71ae679c3b48a3186fd0d5adead031524c255a8844bf1d75a29f110386c5c5a909a45e0b91427eaf60800a9799468ca8cefd0f210252fc6831da39bf6a0af509ea56a04d01b9625d5b266d76b3f871a08469bd3154729f318e11be10773fa5c3899bcd6155bdeb668a0ce12796dc35d3e531eb4e14f6c97b0e9eb2f2442b6bc28381c861c2466d8cbb2c3b073145b11fd65b92699b29a17e50d575b8b4dcfe27fa6b1d6415de9a6ddb68d4317e10fd44a99d74dd94a5171adc6807d1bbdfe79c41f5a6a11bce51c50dc386671f5911aa1d77cbaca8e9745ed5e9a7c8e346455d1511ce6c0315bfddfa0fa7b5be28bac139acf16ddb61db60be6d2ba5b3513a36e54c20e31251efd430093178001e8812124bcb22ab0782029d175e981fb60a46cd74f1b51014095a700ad840b56ceadf451ed5ff897bf4093967048d3660b77c11676ea09e0d31ffd092ab1197c18b4edbbe91165281e7d80a1248dc01bb66e60715412fd099d9a31d44ca1cad6f0010279c220732d3dae4899ce87ded5b2feeb54b340905706b145a94a8eff52a25c4c5e4aab8bead56517198bbdfe9a8b627ed9d5b9f0d0bb602921027eb8cc02a9e15cf6e79f0dd51bc140e7c351aa005dbc6c81bd69534750137a33427dcd91ec0d2f779aa3a8f762f5fbc87f79946710a781230ff52fcfdc9c5eac2bf684018d8dd54978205ee6bc29d67b5b26a93b891d659d73ffa359ff63baa62245f9dd7d0416486664d237710adbb011433b993640d194ff89c349246dc906ad565ae53f7b7f926a3dca3b8bb39cda88b8598cf5d1f7f128d105a3ad4df4b5a1eb3c666262f358987d4efcd00eb4c08f211f27dfced335acc5ef5aa57a8dfb023bc431db31b519d95defe0f7c323e4850e2731819c485a7b349a1833b64842471b479f3fedbb47c465c01d89cee844412eaea34002b7621bc62210aa177ef0f6fc86b493a91aaceb0119c3d442440309f2b2283a429e320c427ec33ebc8f53613114083fb1db21620dd6ebf73affa95884348aba2429b593bf0a81c314b9ab3c93d4a6657561a8bcc28f47b4eaf3b93878c66781343fac8bd50904c472b719923d367d8622f4b376be511407c6e337c2df4372a29c5e80592349ef884d43412107d4563a0dbd8c5e8d21093782084595e2bbafb7919865539b98c81a2bae17366b44059f90a10dcedfeebbae9420ae10d6fedfd4b7250289be9c4b3fd0a2cc419109a048038a855f5c3d108377f0777dfe9b689db280d06bda9e8588f871a7efdcdcd425d389a75212f3daabc9279115ae27be605563a550a539df1b93f9995ebe466290fcebc8c843e59f904b3c0cb112b3f51405fe2caaf49eb4f5a88fe6cde0e3b32bb404bea63a7f2d0cd78a173136e412f393641bb2b9138730a1858da8aa2790d7186fd4407e947098dca076aad61f37243f4b1a988d7df070d6ec7172047a6f48dd2b264b98ab25c6045a7b6a3d3d933af3a4b11cca06a22781fa26b490712f7fd113f824021babe48316c2bab56ee5fdbb31cc818e5cfea5952f333c1ae4483d8dda1086b18255f1f0a6093edfa7ce22052d150d7239ed1f693b42f309b37be3eaff8c665cf60d561a80b30f7c2a40e01a97890f23a5627d4d7e9eced7e3dbe41d45eb0e3616293924d2fa604869d2a61cc4b27958b5a1289f7fc87c52148a2154aefc239fa109eecf5488ba7de526316331978db89e8b1a1e473e4775438e26c91fd7899ad59577188c14f5f411644f730e80f24052b3e45419d23378d62300afda298172d79d5618e5c6bb574d68928e7a8a9b628e3e8717cd9773318ab3e03eec361bb2505132b5d9f564242cb5b2e6103769c95be9e15657bcac7f457d44151407bef2b6fedc272a52abe81b2b54a986a7b72f83dec09e2f52558f5cd45b5e64ee8f10d510e8994f67ac0381657d7d3966e68fb646c8a8093947745c2df117b8a4d35e8640b403a0fd22367c5517416b59b0b04b7e5a995ba1bbe4d2644e9ea6f617302cdce5869313818a879b6c7c839886a7ff3054e73c0865a44e0862472a939167146435494e909f7b32e941475737bbbfeae0d9909b9519c41d2e29bce991f4cbc822020a95c43ce2dee041a7998bb2281f5d8de9bf7cf1d1c93738d91b6193e61bfd7d0be62f815a37377964552bceba52f3304fb2438502bade647e5643ce81021e8ac3237ea926269fb8de6b962bb96645fac19ca7d647d85869b7a5b671e9f667c16c6d89f390923910a930c7c1d27ae79f61b4d3fcd279f243c47ec7254b9f1bba6015d92974c68113a779fc7b0d0146e6d40bc16b2773ca43a8a384fe91b57c4a222474778507972195c8d56fda00aec1ae2a558d9366fc272b3a8f5bcb5c3001705b165729c9d01f7f6b2884732ed27214b9d02d65d3c528478d094a09fcf020fbf07ae80d72710e8f5c3705ca5533cd718b419a52f616d341d4be93b1cc40fb5a44ab124305fe48c046f9b4992e466f80a9649c20bec2fe8692a8c1c851588260e320c55aa46f54fd8c94b94987449dfcd4628295e4588c276178ca6fc341c284d76dc16a28eb429615e4fb6c0d1c3cd2026bf4edb54c68d8b6f531004fde5e86d6919ce7ac28cb773798f7c39cdabcdb3fa001c9b493e8ead2b23a996fd0008427702a4a3a0c81be4e1a29b38a273288f7880ab428a6c0ffdd95afcb5e33fbc0ca6fe698dc25b153e00d4e5a7a97d2a2dfd0f4bc024bac369d87c725d8ddd5ec00d53ea9bfbba6add3f2bedea91dce30c3b0a5b4fe252f836dfa385a84176bc27b66d3afcb504261ad7399004fc4992a3538ef453b6388c63430968c0b09376e6ead7817a80e583f9a846fdf2f27d956fcff8fe4a7539defb75d29e17613cc03942aee23bb2b3f811f194fc1f9a63fbf6949c4146306b67e911dfbcdadbd8dec8d73ddb47e269fe35e1c37b5509dd15e1af032df9952a82b2709b0c38f0f27d2963f4ed2cef7f30263681d505eddc71e03c763651fe501e7d9ca7e12c119e6a20ac0fb38002df73d15a06c8c8ca01fb2c8ac72e4299f8ad8011d9c2bd215eb5606a1af3053e0852b96094e161158f59767a0b7bef045dd560a51f745c23b03402bd26186f512f4ddfd5f59410d773e8abffda8b79b027f2574f83e5ef9647de30aec256c3512cca880e9073aa06aeb7783e68d47790ef9e6e6ac044e7d9ae7bd9facbdf6dc5cf9519ba40a973bccb761c4fc41df13cf3a92cff54fcb0f3197356d542959b5c7d308173bd158b3e92786d4c290c1e9e472cd8a69224bb21aa2303a51563785719612b697e850017b2e192e27c6d4ca526873a2f2ce03f64bf816092c3337dee213ee24dba3de09ff90d137325f0c95cc7e85aa25316ea9e13eab3ec82207d473e28d7b931305565f16ba058d56e0918c5459b5e01030ce4f25f62089179bd06b359fbcfc8aa9480ee7edc1fb8e657dbbb93c20c70a9ef46fdfcb29048863e6bcbd14ee011593207f1743e02d9b1519defdc78f37f8c9110dfc66fae948e3c31cc1ce3f9eacc8852cec756c15a14d12f512aa3e2fb4666d9c2bb5e66a7f6a6d2a62d9f434067fe54f3cc68e9369c042889297d863cae27411b8b83702a5009aba7d0d848ed3f9e8de625be51308287ee54b40025095556f1faba3eca8715b122b452040236a71104b44d7682996929b0e38ca424c23f35a39ea9dc6a73e6ee2229202f711d1fd2ad0a2f4159911db8b7bd1ca4c4ebd1af1d60225fb26561b37d44d9d9ef9e62a15e9a1a7f503dc860d8bf273ab7761c1c2e44ba32ee341d5073170b375ed9560ce9fae3fe75269b0ed78975da96dc019b970e17d2c10cd5c5c70be1ca53e18687bbc8ee2938c69a748e7a397df6c13d6ad07222204dc669c42111b1367fcc4856931bfc5136dce71834ef4c3ebdbca7edd7083f3171b45f42e9820a9b38d45c6bf623492569e286faf4a806c2aeb7ac9bbe98f6899ef1a5fd337658ff632a5d75ab29b77b5e0ba41031adff206c2eccd5d66c26c480b7f3d3a4a8ecb29098a36bf5b962f897aefea6a0b122bcd4571e70bf709e384262073ee955fd36e4de45fc0119bae990886523e1db561f847dce12fc2050f483ff2c6a25e83e9051da77004195cd6e78ce840ffaaa2d707c0459844b719dbf94c3b62f8a39ea80a94c8623df1fd79caf4b70c286fa412a543f18babc6b6b76c1a8a47930067bb384d4cca18494118b08c1c6228daf66842d6adc24ab968ccabb5943e1b2b751f2af3726a36c4c227af5abdf828976ad1f3772c92d48f27df4f2a089fdcb8eeb1c07684128dc55d45eea580c2b0e7d44171bd2b3a369e2e5d96df010e2b6d5e6f6d407f9a48d22d70963404343dd0fff5c6effbb7e457199661fdc37e5dc4e81f90b38b71fa4adc2e81e95892324cf4ccfbde", 0x1000}, {&(0x7f0000008980)="ea117d9909e45c14cce40660d4c5573648be9877ede663fb802c38363830587178c9d2b13f08210cbc2a3aefcc40c5bf911dea22506770aced9f853a9b721790afbc497e58e7fa6c45cbe3fb713256e4898e820490ded671306ee1f52e88229b278ec42009639a2fba719c2377411b5b4ebacc507df615c264cbb30af5683ea01b6e3d3e07a85437757894622901c2abeb615dd0883ca1ca0d9e21968bb4344f8167f00bf130c429994ae0be89d8fa3282cf0e32b8dbf6177315971e808f3d836f428a55bc02dd336e047a7f8926a7f7c481", 0xd2}, {&(0x7f0000008a80)}], 0x7, 0x0, 0x0, 0x20000001}, {0x0, 0x0, &(0x7f0000008d00)=[{&(0x7f0000008b40)="6af4314cfdd0474559e466f18b7465e8a31c2c03306e46cc5288d4fb5a3269e17e3ef34ac7dd872a53f5a85941a52e5b067d681cc27893a694380ff1da9d8041c6b15787914cb99a6110236adb0f8a0b0df07fb26b800c3becae31fddb9a9e2c82fe66f6a18ea1bb3ab9c88fc5d1327227df46c36e4251067e7098286d583e4eee6d12a92503cc6cd103dd2ed98e483436d627cca75ba1b7e51b6ae4005871de605e", 0xa2}, {&(0x7f0000008c00)="449873464ed0d1b1666c57fdf156c92647a8ffd94d7f55a8c24679c5c75ba90beb344568b6a9b65feef1254cfb31e4c3fd5833ceabef24af1583c1e83a3b29bcff6ef7", 0x43}, {&(0x7f0000008c80)="e56b4ba787c487f317721f2bb829d647512c4b70615f912d777e3ea2756cef2e314dec4df06491a48c09f5f9deb02ad7de1d1d48f510836b570ccf4bffba03484a806dc02e3fc32d99cb8a8d6eff", 0x4e}], 0x3, &(0x7f0000008d40)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18, 0x40000}], 0xa, 0x20000000) splice(r1, &(0x7f0000000240)=0x45, r0, &(0x7f0000000280), 0x6e0, 0x2) sendmsg$IPVS_CMD_SET_CONFIG(r2, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000080)={&(0x7f0000000140)={0x9c, r3, 0x0, 0x70bd28, 0x25dfdbfc, {}, [@IPVS_CMD_ATTR_DAEMON={0x44, 0x3, [@IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x1}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x8, 0x8, 0x5}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @ipv4={[], [], @initdev={0xac, 0x1e, 0x1, 0x0}}}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x2}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'teql0\x00'}]}, @IPVS_CMD_ATTR_DAEMON={0x34, 0x3, [@IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'lo\x00'}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x8, 0x8, 0x46}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'nr0\x00'}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x5}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x7ff}]}, 0x9c}, 0x1, 0x0, 0x0, 0x40}, 0x4000) ioctl$EVIOCGRAB(r0, 0x40044590, &(0x7f00000002c0)) ioctl$EVIOCGRAB(r1, 0x40044590, 0x0) 11:07:40 executing program 0: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, 0x0, 0x0) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000400)={0xa0}, 0xa0) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) lstat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000380)) 11:07:40 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c000000000000003118000000", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) 11:07:40 executing program 0: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[], 0x0) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000400)={0xa0}, 0xa0) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) lstat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000380)) 11:07:40 executing program 3: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff038000000800395032303030264c"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000400)={0xa0}, 0xa0) bind$vsock_stream(r2, &(0x7f0000000040)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) chdir(&(0x7f0000000000)='./file0\x00') mknod(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) 11:07:40 executing program 1: r0 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r0, 0x8003f1) open(&(0x7f00000004c0)='./bus\x00', 0x0, 0x4a00) 11:07:40 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c000000000000000020000000", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) 11:07:40 executing program 4: ioctl$SNDRV_TIMER_IOCTL_STATUS(0xffffffffffffffff, 0x80605414, &(0x7f0000001500)=""/172) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$rds(0xffffffffffffffff, &(0x7f00000014c0)={0x0, 0x0, &(0x7f0000000bc0)=[{0x0}], 0x1, &(0x7f0000001300)=ANY=[@ANYBLOB, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYBLOB="17000000", @ANYPTR, @ANYBLOB], 0x2c}, 0x1) r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000180)={0x2, 0x0, @loopback}, 0x10) perf_event_open(&(0x7f0000000880)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000100), 0x6000, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {&(0x7f0000000040)=""/156, 0x80305}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x2c}, {&(0x7f00000001c0)=""/67, 0x43}, {&(0x7f0000000240)=""/198, 0xc6}, {&(0x7f0000000140)=""/15, 0xf}, {&(0x7f0000000340)=""/54, 0x7ffff}, {&(0x7f0000000380)=""/42, 0x2a}, {&(0x7f00000003c0)=""/77, 0x4d}, {&(0x7f0000000440)=""/244, 0xf4}, {&(0x7f0000000540)=""/219, 0xdb}], 0x7}}], 0x48}, 0x0) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000640)={0x52, 0x9, 0x3, {0x9, 0x8}, {0x5}, @rumble={0x7, 0x7}}) 11:07:40 executing program 0: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[], 0x0) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000400)={0xa0}, 0xa0) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) lstat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000380)) 11:07:40 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c000000000000001831000000", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) 11:07:40 executing program 4: ioctl$SNDRV_TIMER_IOCTL_STATUS(0xffffffffffffffff, 0x80605414, &(0x7f0000001500)=""/172) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$rds(0xffffffffffffffff, &(0x7f00000014c0)={0x0, 0x0, &(0x7f0000000bc0)=[{0x0}], 0x1, &(0x7f0000001300)=ANY=[@ANYBLOB, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYBLOB="17000000", @ANYPTR, @ANYBLOB], 0x2c}, 0x1) r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000180)={0x2, 0x0, @loopback}, 0x10) perf_event_open(&(0x7f0000000880)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000100), 0x6800, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {&(0x7f0000000040)=""/156, 0x80305}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x2c}, {&(0x7f00000001c0)=""/67, 0x43}, {&(0x7f0000000240)=""/198, 0xc6}, {&(0x7f0000000140)=""/15, 0xf}, {&(0x7f0000000340)=""/54, 0x7ffff}, {&(0x7f0000000380)=""/42, 0x2a}, {&(0x7f00000003c0)=""/77, 0x4d}, {&(0x7f0000000440)=""/244, 0xf4}, {&(0x7f0000000540)=""/219, 0xdb}], 0x7}}], 0x48}, 0x0) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000640)={0x52, 0x9, 0x3, {0x9, 0x8}, {0x5}, @rumble={0x7, 0x7}}) 11:07:40 executing program 2: r0 = syz_open_dev$evdev(&(0x7f0000000100)='/dev/input/event#\x00', 0x0, 0x0) r1 = syz_open_dev$adsp(&(0x7f0000000000)='/dev/adsp#\x00', 0x81, 0x100) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000040)='ip6erspan0\x00', 0x10) r2 = syz_open_dev$evdev(0x0, 0x0, 0x0) dup3(r0, r2, 0x0) ioctl$EVIOCGRAB(r0, 0x40044590, &(0x7f00000002c0)) ioctl$EVIOCGRAB(r2, 0x40044590, 0x0) 11:07:40 executing program 0: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[], 0x0) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000400)={0xa0}, 0xa0) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) lstat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000380)) 11:07:40 executing program 3: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff038000000800395032303030264c"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000400)={0xa0}, 0xa0) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f00000004c0)="e9124d4a3ca2d23fe1a141cdedaee1bf4d3c52baf67bd03a1bc7dbb92e23fcea0551919e2fbdd6f0c870b5beba835271a37331129aa3d97e1cbf1f8683bf75b0750e8668b3e5e99718f630b2a948526ed3ade4fe154b357d09271ab0545f66dbc6cff319138188e3c0529a6555c182de51124ad45fa8b28cbb9b2de555a0336294434d037eae6e1665bf37be465caae72585125b98bcbedd77d5ad0bcb0eb2334bd09ad320a0f94d4b7a40a124af65aaee32a966ba0bdab2c81a7c1acf034cb6a41203aeeb737209dc850dfd4b5117766ecd341218e45e168f65397e6acb7dd0ac63e55425116868c5a6b9b988998f66b7f2e0", 0xf3) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) chdir(&(0x7f0000000000)='./file0\x00') io_setup(0x2, &(0x7f0000000040)=0x0) io_submit(r3, 0x3, &(0x7f00000006c0)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x2, 0x8, r2, &(0x7f0000000600)="ce923c687f9cf2644f1f6094b5884bada343cc93aa73eebede52617c9fef2d7d1ef8918bf2b0b7e61f7b1a735ec0d81e581e0dafbccd18e6f5061f9d8b56c752f67ee32931c5b43e36350b0ba1c716d8d1eb32281159b47d70656f067bbb9814c105bcede85f149183337c9393626bc5c21a56e0f7fe88369801d8baf5d495f37806aa2c44b16404", 0x88, 0x9, 0x0, 0x1, r2}, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x7, 0x20, r1, &(0x7f00000001c0)="39ae409c87b48696973a3722d5a64f7e7994d209555e6aad13cb7d36bab3de7276314f6b6dddddb2fcaee4241da6b4db53f0bab163dea3d1", 0x38, 0x9, 0x0, 0x2, r2}, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x3, 0x9, r0, &(0x7f0000000380)="97dbbf3fa7ae244602b2289404108ff847f6ae74b269503a7dacb867c1356dc13bdbaf492ecc820ae2e74506198b8dedd062fa4a2fbd7833a2836054a9e572d0e66294c2bdfaaf54750134f9594676a2cba16c930fe9f031ead6936a24355f846bffb26220f682485e5bbe92a80b06f904cb88d7795a6a", 0x77, 0x298, 0x0, 0x2, r2}]) mknod(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) 11:07:40 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c000000000000000040000000", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) 11:07:40 executing program 0: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB], 0x0) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000400)={0xa0}, 0xa0) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) lstat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000380)) 11:07:40 executing program 4: ioctl$SNDRV_TIMER_IOCTL_STATUS(0xffffffffffffffff, 0x80605414, &(0x7f0000001500)=""/172) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$rds(0xffffffffffffffff, &(0x7f00000014c0)={0x0, 0x0, &(0x7f0000000bc0)=[{0x0}], 0x1, &(0x7f0000001300)=ANY=[@ANYBLOB, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYBLOB="17000000", @ANYPTR, @ANYBLOB], 0x2c}, 0x1) r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000180)={0x2, 0x0, @loopback}, 0x10) perf_event_open(&(0x7f0000000880)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000100), 0x6c00, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {&(0x7f0000000040)=""/156, 0x80305}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x2c}, {&(0x7f00000001c0)=""/67, 0x43}, {&(0x7f0000000240)=""/198, 0xc6}, {&(0x7f0000000140)=""/15, 0xf}, {&(0x7f0000000340)=""/54, 0x7ffff}, {&(0x7f0000000380)=""/42, 0x2a}, {&(0x7f00000003c0)=""/77, 0x4d}, {&(0x7f0000000440)=""/244, 0xf4}, {&(0x7f0000000540)=""/219, 0xdb}], 0x7}}], 0x48}, 0x0) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000640)={0x52, 0x9, 0x3, {0x9, 0x8}, {0x5}, @rumble={0x7, 0x7}}) 11:07:41 executing program 1: r0 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r0, 0x8003f1) open(&(0x7f00000004c0)='./bus\x00', 0x0, 0x4b00) 11:07:41 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c000000000000000048000000", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) 11:07:41 executing program 0: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB], 0x0) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000400)={0xa0}, 0xa0) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) lstat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000380)) 11:07:41 executing program 4: ioctl$SNDRV_TIMER_IOCTL_STATUS(0xffffffffffffffff, 0x80605414, &(0x7f0000001500)=""/172) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$rds(0xffffffffffffffff, &(0x7f00000014c0)={0x0, 0x0, &(0x7f0000000bc0)=[{0x0}], 0x1, &(0x7f0000001300)=ANY=[@ANYBLOB, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYBLOB="17000000", @ANYPTR, @ANYBLOB], 0x2c}, 0x1) r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000180)={0x2, 0x0, @loopback}, 0x10) perf_event_open(&(0x7f0000000880)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000100), 0x7400, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {&(0x7f0000000040)=""/156, 0x80305}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x2c}, {&(0x7f00000001c0)=""/67, 0x43}, {&(0x7f0000000240)=""/198, 0xc6}, {&(0x7f0000000140)=""/15, 0xf}, {&(0x7f0000000340)=""/54, 0x7ffff}, {&(0x7f0000000380)=""/42, 0x2a}, {&(0x7f00000003c0)=""/77, 0x4d}, {&(0x7f0000000440)=""/244, 0xf4}, {&(0x7f0000000540)=""/219, 0xdb}], 0x7}}], 0x48}, 0x0) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000640)={0x52, 0x9, 0x3, {0x9, 0x8}, {0x5}, @rumble={0x7, 0x7}}) 11:07:41 executing program 2: r0 = syz_open_dev$evdev(&(0x7f0000000100)='/dev/input/event#\x00', 0x0, 0x0) r1 = syz_open_dev$evdev(0x0, 0x0, 0x0) dup3(r0, r1, 0x0) ioctl$EVIOCGRAB(r0, 0x40044590, &(0x7f00000002c0)) ioctl$EVIOCGRAB(r1, 0x40044590, 0x0) set_thread_area(&(0x7f0000000000)={0xbf, 0x20000000, 0x400, 0x800, 0x1000, 0x5, 0x7, 0x7, 0xb8d, 0x100}) 11:07:41 executing program 3: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000400)={0xa0}, 0xa0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000180)='/dev/autofs\x00', 0x40000, 0x0) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) ioctl$KVM_XEN_HVM_CONFIG(r2, 0x4038ae7a, &(0x7f0000000280)={0x4, 0x8248d784d3018139, &(0x7f00000001c0)="965d0993d8a8e10f97ca88320b1aa67927aa88", &(0x7f00000004c0)="60cefce429ca4431aef095c817c402370e097ce1dc832bb100fc85c01612eea2fd7e14eab4698ea06e41ea4ffd94f170acac8b17452e6cddf4b2aac38c5e533649b09e9b060ded15064442008b29d71e6f8fc59dc5d8c5d3fbba467bc7fe79e6f0360c566f815133a689ea93da96746b13a0b902fb352b019b1a3e0902b0fc1a7ec48daa592c902145c613d6c596267a9b825f61fc619ddf205d630282818b38d0a90861d5749eb16cf28a672adbd70aafc598094e7b3dc0de5a8c3913fe6835b19dc4562dabeff3e41864774ecbe5023e08af7df9bf3a5066113591e3628651c59a72b7b600d8deb9dcf0d54973baee7d", 0x13, 0xf1}) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="747261e533a70ce907cd69646e6f3d86266b0b4cd459e5df1202182fb0c0ab617af4c5f6c1", @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) setsockopt$inet6_MCAST_LEAVE_GROUP(r2, 0x29, 0x2d, &(0x7f00000005c0)={0x0, {{0xa, 0x4e23, 0x1, @loopback, 0x401}}}, 0x88) write$P9_RVERSION(r2, &(0x7f0000000040)={0x15, 0x65, 0xffff, 0x200, 0x8, '9P2000.L'}, 0x15) chdir(&(0x7f0000000000)='./file0\x00') mknod(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) 11:07:41 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c00000000000000004c000000", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) 11:07:41 executing program 0: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB], 0x0) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000400)={0xa0}, 0xa0) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) lstat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000380)) [ 1176.753926][T12720] syz-executor.4 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 11:07:41 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c000000000000006558000000", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) [ 1176.816197][T12720] CPU: 0 PID: 12720 Comm: syz-executor.4 Not tainted 5.3.0-rc6 #127 [ 1176.824205][T12720] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1176.834248][T12720] Call Trace: [ 1176.837526][T12720] dump_stack+0x172/0x1f0 [ 1176.841844][T12720] dump_header+0x10b/0x82d [ 1176.846246][T12720] oom_kill_process.cold+0x10/0x15 [ 1176.851346][T12720] out_of_memory+0x79a/0x12c0 [ 1176.856013][T12720] ? lock_downgrade+0x920/0x920 11:07:41 executing program 0: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff03800000"], 0xb) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000400)={0xa0}, 0xa0) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) lstat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000380)) [ 1176.860851][T12720] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1176.867076][T12720] ? oom_killer_disable+0x280/0x280 [ 1176.872267][T12720] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1176.877825][T12720] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1176.883471][T12720] ? do_raw_spin_unlock+0x57/0x270 [ 1176.888570][T12720] ? _raw_spin_unlock+0x2d/0x50 [ 1176.893417][T12720] try_charge+0xf4b/0x1440 [ 1176.897821][T12720] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1176.903357][T12720] ? get_mem_cgroup_from_mm+0x139/0x320 [ 1176.908887][T12720] ? __kasan_check_read+0x11/0x20 11:07:41 executing program 0: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff03800000"], 0xb) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000400)={0xa0}, 0xa0) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) lstat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000380)) [ 1176.913902][T12720] ? lock_downgrade+0x920/0x920 [ 1176.918738][T12720] ? percpu_ref_tryget_live+0x111/0x290 [ 1176.924271][T12720] __memcg_kmem_charge_memcg+0x71/0xf0 [ 1176.929716][T12720] ? memcg_kmem_put_cache+0x50/0x50 [ 1176.934906][T12720] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1176.940438][T12720] __memcg_kmem_charge+0x13a/0x3a0 [ 1176.940454][T12720] __alloc_pages_nodemask+0x4f4/0x900 [ 1176.950877][T12720] ? __alloc_pages_slowpath+0x2520/0x2520 [ 1176.950887][T12720] ? percpu_ref_put_many+0xb6/0x190 [ 1176.950902][T12720] ? trace_hardirqs_on+0x67/0x240 [ 1176.966751][T12720] ? __kasan_check_read+0x11/0x20 [ 1176.971763][T12720] copy_process+0x3f8/0x6b00 [ 1176.976345][T12720] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1176.982577][T12720] ? __cleanup_sighand+0x60/0x60 [ 1176.987502][T12720] ? refcount_dec_and_mutex_lock+0x90/0x90 [ 1176.987523][T12720] _do_fork+0x146/0xfa0 [ 1176.987539][T12720] ? copy_init_mm+0x20/0x20 [ 1177.001912][T12720] ? __kasan_check_read+0x11/0x20 [ 1177.006925][T12720] ? _copy_to_user+0x118/0x160 [ 1177.011689][T12720] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1177.017922][T12720] ? put_timespec64+0xda/0x140 [ 1177.017940][T12720] __x64_sys_clone+0x18d/0x250 [ 1177.027419][T12720] ? __ia32_sys_vfork+0xc0/0xc0 [ 1177.032266][T12720] ? trace_hardirqs_off_caller+0x65/0x230 [ 1177.037969][T12720] ? trace_hardirqs_on+0x67/0x240 [ 1177.037985][T12720] do_syscall_64+0xfd/0x6a0 [ 1177.038003][T12720] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1177.053331][T12720] RIP: 0033:0x459879 11:07:41 executing program 0: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff03800000"], 0xb) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000400)={0xa0}, 0xa0) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) lstat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000380)) [ 1177.057216][T12720] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1177.076802][T12720] RSP: 002b:00007fd57ae39c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1177.076814][T12720] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000459879 [ 1177.076822][T12720] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1177.076829][T12720] RBP: 000000000075bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 1177.076836][T12720] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd57ae3a6d4 [ 1177.076843][T12720] R13: 00000000004bfd46 R14: 00000000004d1af8 R15: 00000000ffffffff [ 1177.095702][T12720] memory: usage 307200kB, limit 307200kB, failcnt 4777 [ 1177.195570][T12720] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1177.212474][T12720] Memory cgroup stats for /syz4: [ 1177.212568][T12720] anon 229486592 [ 1177.212568][T12720] file 8192 [ 1177.212568][T12720] kernel_stack 12910592 [ 1177.212568][T12720] slab 19591168 [ 1177.212568][T12720] sock 0 [ 1177.212568][T12720] shmem 0 [ 1177.212568][T12720] file_mapped 0 [ 1177.212568][T12720] file_dirty 0 [ 1177.212568][T12720] file_writeback 0 [ 1177.212568][T12720] anon_thp 146800640 [ 1177.212568][T12720] inactive_anon 135168 [ 1177.212568][T12720] active_anon 229490688 [ 1177.212568][T12720] inactive_file 0 [ 1177.212568][T12720] active_file 0 [ 1177.212568][T12720] unevictable 135168 [ 1177.212568][T12720] slab_reclaimable 2973696 [ 1177.212568][T12720] slab_unreclaimable 16617472 [ 1177.212568][T12720] pgfault 242517 [ 1177.212568][T12720] pgmajfault 0 [ 1177.212568][T12720] workingset_refault 396 [ 1177.212568][T12720] workingset_activate 66 [ 1177.212568][T12720] workingset_nodereclaim 0 [ 1177.212568][T12720] pgrefill 6153 [ 1177.212568][T12720] pgscan 6035 [ 1177.212568][T12720] pgsteal 675 [ 1177.307837][T12720] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=6234,uid=0 [ 1177.323764][T12720] Memory cgroup out of memory: Killed process 6234 (syz-executor.4) total-vm:72708kB, anon-rss:2200kB, file-rss:34816kB, shmem-rss:0kB 11:07:41 executing program 1: r0 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r0, 0x8003f1) open(&(0x7f00000004c0)='./bus\x00', 0x0, 0x4c00) 11:07:41 executing program 3: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff038000000800395032303030264c"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000400)={0xa0}, 0xa0) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f0000000040)={0xfc, 0x5, 0x0, {0x0, 0x0, 0x2}}, 0x30) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) chdir(&(0x7f0000000000)='./file0\x00') mknod(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) 11:07:41 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c000000000000000060000000", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) [ 1177.342384][ T1058] oom_reaper: reaped process 6234 (syz-executor.4), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 1177.358695][T12716] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1177.372321][T12716] CPU: 0 PID: 12716 Comm: syz-executor.4 Not tainted 5.3.0-rc6 #127 [ 1177.380305][T12716] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1177.390357][T12716] Call Trace: [ 1177.390379][T12716] dump_stack+0x172/0x1f0 [ 1177.390397][T12716] dump_header+0x10b/0x82d [ 1177.397950][T12716] ? oom_kill_process+0x94/0x3f0 [ 1177.407243][T12716] oom_kill_process.cold+0x10/0x15 [ 1177.412342][T12716] out_of_memory+0x79a/0x12c0 [ 1177.417013][T12716] ? lock_downgrade+0x920/0x920 [ 1177.421856][T12716] ? oom_killer_disable+0x280/0x280 [ 1177.427045][T12716] ? __kasan_check_read+0x11/0x20 [ 1177.432063][T12716] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1177.437597][T12716] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1177.443216][T12716] ? do_raw_spin_unlock+0x57/0x270 [ 1177.448311][T12716] ? _raw_spin_unlock+0x2d/0x50 [ 1177.453145][T12716] try_charge+0xa2d/0x1440 [ 1177.457549][T12716] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1177.463078][T12716] ? percpu_ref_tryget_live+0x111/0x290 [ 1177.468616][T12716] ? get_mem_cgroup_from_mm+0x16/0x320 [ 1177.474068][T12716] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1177.479599][T12716] mem_cgroup_try_charge+0x136/0x590 [ 1177.484867][T12716] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1177.491106][T12716] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1177.496725][T12716] __handle_mm_fault+0x1e34/0x3f20 [ 1177.501829][T12716] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1177.507450][T12716] ? __kasan_check_read+0x11/0x20 [ 1177.512471][T12716] ? trace_hardirqs_on+0x67/0x240 [ 1177.517497][T12716] handle_mm_fault+0x1b5/0x6b0 [ 1177.522256][T12716] __do_page_fault+0x536/0xdd0 [ 1177.527014][T12716] do_page_fault+0x38/0x590 [ 1177.531512][T12716] page_fault+0x39/0x40 [ 1177.535650][T12716] RIP: 0033:0x4006c4 [ 1177.539535][T12716] Code: 01 e9 c9 00 00 00 48 8b 44 24 10 48 0b 44 24 28 be 08 00 00 00 48 8b 14 24 75 17 48 8b 7c 24 20 e8 41 54 00 00 48 8b 4c 24 08 <48> 89 01 e9 9d 00 00 00 48 8b 44 24 08 48 8b 38 e8 27 54 00 00 8a [ 1177.559122][T12716] RSP: 002b:00007ffd9399f510 EFLAGS: 00010202 [ 1177.565168][T12716] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00000000200014c0 [ 1177.573125][T12716] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000000 [ 1177.581082][T12716] RBP: 00000000007600f0 R08: 0000000000000000 R09: 0000000000000000 [ 1177.589035][T12716] R10: 00000000004395d0 R11: 0000000000000012 R12: 00000000004c5e06 [ 1177.596991][T12716] R13: 000000000000012c R14: 00000000007600f8 R15: fffffffffffffffe [ 1177.606573][T12716] memory: usage 304932kB, limit 307200kB, failcnt 4777 [ 1177.614953][T12716] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1177.631891][T12716] Memory cgroup stats for /syz4: [ 1177.631979][T12716] anon 227307520 [ 1177.631979][T12716] file 8192 [ 1177.631979][T12716] kernel_stack 12910592 [ 1177.631979][T12716] slab 19591168 [ 1177.631979][T12716] sock 0 [ 1177.631979][T12716] shmem 0 [ 1177.631979][T12716] file_mapped 0 [ 1177.631979][T12716] file_dirty 0 [ 1177.631979][T12716] file_writeback 0 [ 1177.631979][T12716] anon_thp 144703488 [ 1177.631979][T12716] inactive_anon 135168 [ 1177.631979][T12716] active_anon 227307520 [ 1177.631979][T12716] inactive_file 0 [ 1177.631979][T12716] active_file 0 [ 1177.631979][T12716] unevictable 135168 [ 1177.631979][T12716] slab_reclaimable 2973696 [ 1177.631979][T12716] slab_unreclaimable 16617472 [ 1177.631979][T12716] pgfault 242517 [ 1177.631979][T12716] pgmajfault 0 [ 1177.631979][T12716] workingset_refault 396 [ 1177.631979][T12716] workingset_activate 66 [ 1177.631979][T12716] workingset_nodereclaim 0 [ 1177.631979][T12716] pgrefill 6153 [ 1177.631979][T12716] pgscan 6035 [ 1177.631979][T12716] pgsteal 675 11:07:42 executing program 4: ioctl$SNDRV_TIMER_IOCTL_STATUS(0xffffffffffffffff, 0x80605414, &(0x7f0000001500)=""/172) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$rds(0xffffffffffffffff, &(0x7f00000014c0)={0x0, 0x0, &(0x7f0000000bc0)=[{0x0}], 0x1, &(0x7f0000001300)=ANY=[@ANYBLOB, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYBLOB="17000000", @ANYPTR, @ANYBLOB], 0x2c}, 0x1) r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000180)={0x2, 0x0, @loopback}, 0x10) perf_event_open(&(0x7f0000000880)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000100), 0x7a00, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {&(0x7f0000000040)=""/156, 0x80305}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x2c}, {&(0x7f00000001c0)=""/67, 0x43}, {&(0x7f0000000240)=""/198, 0xc6}, {&(0x7f0000000140)=""/15, 0xf}, {&(0x7f0000000340)=""/54, 0x7ffff}, {&(0x7f0000000380)=""/42, 0x2a}, {&(0x7f00000003c0)=""/77, 0x4d}, {&(0x7f0000000440)=""/244, 0xf4}, {&(0x7f0000000540)=""/219, 0xdb}], 0x7}}], 0x48}, 0x0) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000640)={0x52, 0x9, 0x3, {0x9, 0x8}, {0x5}, @rumble={0x7, 0x7}}) 11:07:42 executing program 0: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff038000000800395032"], 0x10) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000400)={0xa0}, 0xa0) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) lstat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000380)) 11:07:42 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c000000000000005865000000", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) 11:07:42 executing program 2: r0 = syz_open_dev$evdev(&(0x7f0000000100)='/dev/input/event#\x00', 0x0, 0x0) r1 = syz_open_dev$evdev(0x0, 0x0, 0x0) r2 = dup3(r0, r1, 0x0) ioctl$EVIOCGRAB(r0, 0x40044590, &(0x7f00000002c0)) r3 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') sendmsg$IPVS_CMD_DEL_DEST(r2, &(0x7f0000000340)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000300)={&(0x7f00000001c0)={0xe0, r3, 0x400, 0x70bd27, 0x25dfdbfd, {}, [@IPVS_CMD_ATTR_DAEMON={0x14, 0x3, [@IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x8}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @loopback}]}, @IPVS_CMD_ATTR_DEST={0x38, 0x2, [@IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv4=@empty}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x4}, @IPVS_DEST_ATTR_TUN_PORT={0x8, 0xe, 0x4e23}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x2}, @IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0x2}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x2}, @IPVS_CMD_ATTR_DEST={0x3c, 0x2, [@IPVS_DEST_ATTR_PORT={0x8, 0x2, 0x4e24}, @IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x1}, @IPVS_DEST_ATTR_L_THRESH={0x8}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8}, @IPVS_DEST_ATTR_TUN_PORT={0x8, 0xe, 0x4e22}, @IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0x1}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x1865}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0xe065}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x3}, @IPVS_CMD_ATTR_DAEMON={0x2c, 0x3, [@IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'lapb0\x00'}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'gretap0\x00'}]}]}, 0xe0}, 0x1, 0x0, 0x0, 0x20040014}, 0x40000) ioctl$EVIOCGRAB(r1, 0x40044590, 0x0) ioctl$EVIOCGMTSLOTS(r1, 0x8040450a, &(0x7f0000000380)=""/116) ioctl$EVIOCGMTSLOTS(r0, 0x8040450a, &(0x7f0000000000)=""/213) 11:07:42 executing program 1: r0 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r0, 0x8003f1) open(&(0x7f00000004c0)='./bus\x00', 0x0, 0x4d00) [ 1177.735704][T12716] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=6190,uid=0 [ 1177.758812][T12716] Memory cgroup out of memory: Killed process 6190 (syz-executor.4) total-vm:72708kB, anon-rss:2200kB, file-rss:34816kB, shmem-rss:0kB [ 1177.776548][ T1058] oom_reaper: reaped process 6190 (syz-executor.4), now anon-rss:0kB, file-rss:34688kB, shmem-rss:0kB [ 1177.843767][T12777] validate_nla: 13 callbacks suppressed [ 1177.843776][T12777] netlink: 'syz-executor.5': attribute type 4 has an invalid length. [ 1177.857497][ T23] kauditd_printk_skb: 11 callbacks suppressed [ 1177.857508][ T23] audit: type=1804 audit(1566904062.284:1163): pid=12778 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir582042889/syzkaller.EPHjOp/2387/bus" dev="sda1" ino=18675 res=1 11:07:42 executing program 0: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff038000000800395032"], 0x10) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000400)={0xa0}, 0xa0) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) lstat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000380)) 11:07:42 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c000000000000000068000000", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) 11:07:42 executing program 4: ioctl$SNDRV_TIMER_IOCTL_STATUS(0xffffffffffffffff, 0x80605414, &(0x7f0000001500)=""/172) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$rds(0xffffffffffffffff, &(0x7f00000014c0)={0x0, 0x0, &(0x7f0000000bc0)=[{0x0}], 0x1, &(0x7f0000001300)=ANY=[@ANYBLOB, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYPTR, @ANYBLOB, @ANYPTR, @ANYBLOB="17000000", @ANYPTR, @ANYBLOB], 0x2c}, 0x1) r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000180)={0x2, 0x0, @loopback}, 0x10) perf_event_open(&(0x7f0000000880)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000100), 0x1a000, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {&(0x7f0000000040)=""/156, 0x80305}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x2c}, {&(0x7f00000001c0)=""/67, 0x43}, {&(0x7f0000000240)=""/198, 0xc6}, {&(0x7f0000000140)=""/15, 0xf}, {&(0x7f0000000340)=""/54, 0x7ffff}, {&(0x7f0000000380)=""/42, 0x2a}, {&(0x7f00000003c0)=""/77, 0x4d}, {&(0x7f0000000440)=""/244, 0xf4}, {&(0x7f0000000540)=""/219, 0xdb}], 0x7}}], 0x48}, 0x0) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000640)={0x52, 0x9, 0x3, {0x9, 0x8}, {0x5}, @rumble={0x7, 0x7}}) [ 1178.021704][T12795] netlink: 'syz-executor.5': attribute type 4 has an invalid length. 11:07:42 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000090c00000000000000006c000000", @ANYRES32=0x0, @ANYBLOB="0000009be11d23001c0012000c00010069706970000000650c0002000800040000010000"], 0x3c}}, 0x0) 11:07:42 executing program 0: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff038000000800395032"], 0x10) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000400)={0xa0}, 0xa0) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) lstat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000380)) [ 1178.123987][ T23] audit: type=1804 audit(1566904062.564:1164): pid=12804 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir582042889/syzkaller.EPHjOp/2387/bus" dev="sda1" ino=18675 res=1 [ 1178.194149][T12808] netlink: 'syz-executor.5': attribute type 4 has an invalid length. [ 1326.056670][ T1057] INFO: task syz-executor.3:12815 blocked for more than 143 seconds. [ 1326.064882][ T1057] Not tainted 5.3.0-rc6 #127 [ 1326.070230][ T1057] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1326.078900][ T1057] syz-executor.3 D29936 12815 9695 0x00000004 [ 1326.085217][ T1057] Call Trace: [ 1326.088616][ T1057] __schedule+0x755/0x1580 [ 1326.093006][ T1057] ? __sched_text_start+0x8/0x8 [ 1326.097880][ T1057] ? rwlock_bug.part.0+0x90/0x90 [ 1326.102796][ T1057] ? rwsem_down_write_slowpath+0x27d/0xf60 [ 1326.108604][ T1057] schedule+0xd9/0x260 [ 1326.112654][ T1057] rwsem_down_write_slowpath+0x708/0xf60 [ 1326.118299][ T1057] ? mntput+0x74/0xa0 [ 1326.122259][ T1057] ? downgrade_write+0x3c0/0x3c0 [ 1326.127209][ T1057] ? filename_parentat.isra.0+0x2d5/0x410 [ 1326.132905][ T1057] ? mark_held_locks+0xf0/0xf0 [ 1326.137673][ T1057] ? lock_acquire+0x190/0x410 [ 1326.142324][ T1057] ? filename_create+0x17c/0x4f0 [ 1326.147281][ T1057] down_write_nested+0x140/0x160 [ 1326.152195][ T1057] ? down_write_nested+0x140/0x160 [ 1326.157309][ T1057] ? _down_write_nest_lock+0x150/0x150 [ 1326.162742][ T1057] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1326.168984][ T1057] ? __mnt_want_write+0x1f1/0x2f0 [ 1326.173983][ T1057] filename_create+0x17c/0x4f0 [ 1326.178762][ T1057] ? kern_path_mountpoint+0x40/0x40 [ 1326.183944][ T1057] ? strncpy_from_user+0x2b4/0x400 [ 1326.189087][ T1057] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1326.195531][ T1057] ? getname_flags+0x277/0x5b0 [ 1326.200275][ T1057] ? nsecs_to_jiffies+0x30/0x30 [ 1326.205096][ T1057] do_mkdirat+0xb5/0x2a0 [ 1326.209338][ T1057] ? __ia32_sys_mknod+0xb0/0xb0 [ 1326.214158][ T1057] ? __x64_sys_clock_gettime+0x16d/0x240 [ 1326.219828][ T1057] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 1326.225880][ T1057] ? trace_hardirqs_off_caller+0x65/0x230 [ 1326.231573][ T1057] __x64_sys_mkdir+0x5c/0x80 [ 1326.236162][ T1057] do_syscall_64+0xfd/0x6a0 [ 1326.240644][ T1057] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1326.246534][ T1057] RIP: 0033:0x459879 [ 1326.250402][ T1057] Code: 30 48 c7 44 24 38 00 00 00 00 48 c7 44 24 40 00 00 00 00 48 c7 44 24 48 00 00 00 00 e8 b0 67 ff ff 48 8b 44 24 50 48 8b 4c 24 <58> 48 89 01 48 8b 6c 24 60 48 83 c4 68 c3 e8 14 06 fd ff 0f 0b e8 [ 1326.270002][ T1057] RSP: 002b:00007f3f5160bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 1326.278413][ T1057] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 0000000000459879 [ 1326.286493][ T1057] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000080 [ 1326.294440][ T1057] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 1326.302533][ T1057] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3f5160c6d4 [ 1326.310510][ T1057] R13: 00000000004bf081 R14: 00000000004da720 R15: 00000000ffffffff [ 1326.318526][ T1057] INFO: task syz-executor.3:12816 blocked for more than 143 seconds. [ 1326.326776][ T1057] Not tainted 5.3.0-rc6 #127 [ 1326.331869][ T1057] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1326.340545][ T1057] syz-executor.3 D29600 12816 9695 0x00000004 [ 1326.346867][ T1057] Call Trace: [ 1326.350152][ T1057] __schedule+0x755/0x1580 [ 1326.354546][ T1057] ? __sched_text_start+0x8/0x8 [ 1326.359429][ T1057] ? rwlock_bug.part.0+0x90/0x90 [ 1326.364362][ T1057] ? rwsem_down_read_slowpath+0x647/0xfb0 [ 1326.370101][ T1057] schedule+0xd9/0x260 [ 1326.374145][ T1057] rwsem_down_read_slowpath+0x4cc/0xfb0 [ 1326.379859][ T1057] ? down_write_killable_nested+0x180/0x180 [ 1326.385759][ T1057] ? mark_held_locks+0xf0/0xf0 [ 1326.390500][ T1057] ? do_raw_spin_unlock+0x57/0x270 [ 1326.395619][ T1057] ? _raw_spin_unlock+0x2d/0x50 [ 1326.400562][ T1057] ? lock_acquire+0x190/0x410 [ 1326.405222][ T1057] ? lookup_slow+0x4a/0x80 [ 1326.409649][ T1057] down_read+0x1f4/0x3f0 [ 1326.413877][ T1057] ? down_read+0x1f4/0x3f0 [ 1326.418323][ T1057] ? down_read_killable+0x460/0x460 [ 1326.423505][ T1057] ? trailing_symlink+0x990/0x990 [ 1326.428557][ T1057] lookup_slow+0x4a/0x80 [ 1326.432790][ T1057] walk_component+0x747/0x2000 [ 1326.437552][ T1057] ? inode_permission+0xb4/0x560 [ 1326.442481][ T1057] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1326.448730][ T1057] ? path_init+0x18f0/0x18f0 [ 1326.453300][ T1057] ? walk_component+0x2000/0x2000 [ 1326.458532][ T1057] ? __kasan_check_write+0x10/0x20 [ 1326.463649][ T1057] path_lookupat.isra.0+0x1f5/0x8d0 [ 1326.468867][ T1057] ? path_parentat.isra.0+0x160/0x160 [ 1326.474215][ T1057] ? __kasan_check_read+0x11/0x20 [ 1326.479252][ T1057] ? __alloc_pages_nodemask+0x578/0x900 [ 1326.484770][ T1057] ? cache_grow_end+0xa4/0x190 [ 1326.489540][ T1057] ? __kasan_check_read+0x11/0x20 [ 1326.494547][ T1057] filename_lookup+0x1b0/0x410 [ 1326.499329][ T1057] ? nd_jump_link+0x1d0/0x1d0 [ 1326.503988][ T1057] ? __kasan_check_read+0x11/0x20 [ 1326.509025][ T1057] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1326.515270][ T1057] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1326.521611][ T1057] ? __phys_addr_symbol+0x30/0x70 [ 1326.526646][ T1057] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 1326.532342][ T1057] ? __check_object_size+0x3d/0x437 [ 1326.538068][ T1057] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1326.544293][ T1057] ? strncpy_from_user+0x2b4/0x400 [ 1326.549418][ T1057] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1326.555644][ T1057] ? getname_flags+0x277/0x5b0 [ 1326.560381][ T1057] user_path_at_empty+0x43/0x50 [ 1326.565366][ T1057] do_mount+0x150/0x1c30 [ 1326.569585][ T1057] ? kasan_kmalloc+0x9/0x10 [ 1326.574060][ T1057] ? copy_mount_string+0x40/0x40 [ 1326.579008][ T1057] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1326.585261][ T1057] ? copy_mount_options+0x2e8/0x3f0 [ 1326.590537][ T1057] ksys_mount+0xdb/0x150 [ 1326.594758][ T1057] __x64_sys_mount+0xbe/0x150 [ 1326.599661][ T1057] do_syscall_64+0xfd/0x6a0 [ 1326.604214][ T1057] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1326.610141][ T1057] RIP: 0033:0x459879 [ 1326.614038][ T1057] Code: 30 48 c7 44 24 38 00 00 00 00 48 c7 44 24 40 00 00 00 00 48 c7 44 24 48 00 00 00 00 e8 b0 67 ff ff 48 8b 44 24 50 48 8b 4c 24 <58> 48 89 01 48 8b 6c 24 60 48 83 c4 68 c3 e8 14 06 fd ff 0f 0b e8 [ 1326.634154][ T1057] RSP: 002b:00007f3f515eac78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1326.642576][ T1057] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000459879 [ 1326.650625][ T1057] RDX: 0000000020000300 RSI: 0000000020000200 RDI: 0000000000000000 [ 1326.658593][ T1057] RBP: 000000000075c070 R08: 00000000200005c0 R09: 0000000000000000 [ 1326.666563][ T1057] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3f515eb6d4 [ 1326.674735][ T1057] R13: 00000000004c5e2f R14: 00000000004da930 R15: 00000000ffffffff [ 1326.682748][ T1057] INFO: task syz-executor.3:12817 blocked for more than 143 seconds. [ 1326.690799][ T1057] Not tainted 5.3.0-rc6 #127 [ 1326.695925][ T1057] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1326.704571][ T1057] syz-executor.3 D29808 12817 9695 0x00000004 [ 1326.710926][ T1057] Call Trace: [ 1326.714205][ T1057] __schedule+0x755/0x1580 [ 1326.718629][ T1057] ? __sched_text_start+0x8/0x8 [ 1326.723457][ T1057] ? rwlock_bug.part.0+0x90/0x90 [ 1326.728623][ T1057] ? rwsem_down_read_slowpath+0x647/0xfb0 [ 1326.734319][ T1057] schedule+0xd9/0x260 [ 1326.738399][ T1057] rwsem_down_read_slowpath+0x4cc/0xfb0 [ 1326.743925][ T1057] ? down_write_killable_nested+0x180/0x180 [ 1326.749827][ T1057] ? mark_held_locks+0xf0/0xf0 [ 1326.754567][ T1057] ? do_raw_spin_unlock+0x57/0x270 [ 1326.759709][ T1057] ? _raw_spin_unlock+0x2d/0x50 [ 1326.764544][ T1057] ? lock_acquire+0x190/0x410 [ 1326.769230][ T1057] ? lookup_slow+0x4a/0x80 [ 1326.773623][ T1057] down_read+0x1f4/0x3f0 [ 1326.778017][ T1057] ? down_read+0x1f4/0x3f0 [ 1326.782410][ T1057] ? down_read_killable+0x460/0x460 [ 1326.787615][ T1057] ? trailing_symlink+0x990/0x990 [ 1326.792615][ T1057] lookup_slow+0x4a/0x80 [ 1326.796858][ T1057] walk_component+0x747/0x2000 [ 1326.801610][ T1057] ? inode_permission+0xb4/0x560 [ 1326.806589][ T1057] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1326.812926][ T1057] ? path_init+0x18f0/0x18f0 [ 1326.817556][ T1057] ? walk_component+0x2000/0x2000 [ 1326.822569][ T1057] ? __kasan_kmalloc.constprop.0+0x60/0xe0 [ 1326.828386][ T1057] path_lookupat.isra.0+0x1f5/0x8d0 [ 1326.833559][ T1057] ? path_parentat.isra.0+0x160/0x160 [ 1326.838965][ T1057] ? __kasan_check_read+0x11/0x20 [ 1326.843979][ T1057] ? __alloc_pages_nodemask+0x578/0x900 [ 1326.849524][ T1057] ? cache_grow_end+0xa4/0x190 [ 1326.854260][ T1057] ? __kasan_check_read+0x11/0x20 [ 1326.859502][ T1057] filename_lookup+0x1b0/0x410 [ 1326.864257][ T1057] ? rwlock_bug.part.0+0x90/0x90 [ 1326.869220][ T1057] ? nd_jump_link+0x1d0/0x1d0 [ 1326.873891][ T1057] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1326.880152][ T1057] ? __phys_addr_symbol+0x30/0x70 [ 1326.885152][ T1057] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 1326.890875][ T1057] ? __check_object_size+0x3d/0x437 [ 1326.896070][ T1057] ? strncpy_from_user+0x2b4/0x400 [ 1326.901160][ T1057] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1326.907401][ T1057] ? getname_flags+0x277/0x5b0 [ 1326.912139][ T1057] user_path_at_empty+0x43/0x50 [ 1326.916990][ T1057] ksys_chdir+0x98/0x1f0 [ 1326.921224][ T1057] ? __ia32_sys_access+0x80/0x80 [ 1326.926178][ T1057] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 1326.932241][ T1057] ? trace_hardirqs_off_caller+0x65/0x230 [ 1326.937997][ T1057] __x64_sys_chdir+0x31/0x40 [ 1326.942570][ T1057] do_syscall_64+0xfd/0x6a0 [ 1326.947075][ T1057] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1326.952944][ T1057] RIP: 0033:0x459879 [ 1326.956848][ T1057] Code: 30 48 c7 44 24 38 00 00 00 00 48 c7 44 24 40 00 00 00 00 48 c7 44 24 48 00 00 00 00 e8 b0 67 ff ff 48 8b 44 24 50 48 8b 4c 24 <58> 48 89 01 48 8b 6c 24 60 48 83 c4 68 c3 e8 14 06 fd ff 0f 0b e8 [ 1326.976458][ T1057] RSP: 002b:00007f3f515c9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000050 [ 1326.984843][ T1057] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000459879 [ 1326.993051][ T1057] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000000 [ 1327.001034][ T1057] RBP: 000000000075c118 R08: 0000000000000000 R09: 0000000000000000 [ 1327.009016][ T1057] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3f515ca6d4 [ 1327.017022][ T1057] R13: 00000000004bf0ea R14: 00000000004d1a20 R15: 00000000ffffffff [ 1327.025036][ T1057] INFO: lockdep is turned off. [ 1327.029798][ T1057] NMI backtrace for cpu 0 [ 1327.034106][ T1057] CPU: 0 PID: 1057 Comm: khungtaskd Not tainted 5.3.0-rc6 #127 [ 1327.041618][ T1057] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1327.051644][ T1057] Call Trace: [ 1327.054909][ T1057] dump_stack+0x172/0x1f0 [ 1327.059212][ T1057] nmi_cpu_backtrace.cold+0x70/0xb2 [ 1327.064386][ T1057] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1327.070606][ T1057] ? lapic_can_unplug_cpu.cold+0x45/0x45 [ 1327.076389][ T1057] nmi_trigger_cpumask_backtrace+0x23b/0x28b [ 1327.082360][ T1057] arch_trigger_cpumask_backtrace+0x14/0x20 [ 1327.088221][ T1057] watchdog+0x9d0/0xef0 [ 1327.092348][ T1057] kthread+0x361/0x430 [ 1327.096391][ T1057] ? reset_hung_task_detector+0x30/0x30 [ 1327.101912][ T1057] ? kthread_cancel_delayed_work_sync+0x20/0x20 [ 1327.108147][ T1057] ret_from_fork+0x24/0x30 [ 1327.112607][ T1057] Sending NMI from CPU 0 to CPUs 1: [ 1327.117861][ C1] NMI backtrace for cpu 1 skipped: idling at native_safe_halt+0xe/0x10 [ 1327.119013][ T1057] Kernel panic - not syncing: hung_task: blocked tasks [ 1327.132920][ T1057] CPU: 0 PID: 1057 Comm: khungtaskd Not tainted 5.3.0-rc6 #127 [ 1327.140430][ T1057] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1327.150454][ T1057] Call Trace: [ 1327.153713][ T1057] dump_stack+0x172/0x1f0 [ 1327.158017][ T1057] panic+0x2dc/0x755 [ 1327.161883][ T1057] ? add_taint.cold+0x16/0x16 [ 1327.166543][ T1057] ? lapic_can_unplug_cpu.cold+0x45/0x45 [ 1327.172224][ T1057] ? ___preempt_schedule+0x16/0x20 [ 1327.177328][ T1057] ? nmi_trigger_cpumask_backtrace+0x21b/0x28b [ 1327.183465][ T1057] ? nmi_trigger_cpumask_backtrace+0x24c/0x28b [ 1327.189596][ T1057] ? nmi_trigger_cpumask_backtrace+0x256/0x28b [ 1327.195726][ T1057] ? nmi_trigger_cpumask_backtrace+0x21b/0x28b [ 1327.201878][ T1057] watchdog+0x9e1/0xef0 [ 1327.206012][ T1057] kthread+0x361/0x430 [ 1327.210050][ T1057] ? reset_hung_task_detector+0x30/0x30 [ 1327.215580][ T1057] ? kthread_cancel_delayed_work_sync+0x20/0x20 [ 1327.221801][ T1057] ret_from_fork+0x24/0x30 [ 1327.227474][ T1057] Kernel Offset: disabled [ 1327.231800][ T1057] Rebooting in 86400 seconds..