t$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000040), 0x0) r6 = accept$alg(r5, 0x0, 0x0) r7 = dup(r6) recvmsg$can_raw(r7, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r7, 0xae47, 0x0) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r9, 0xae60) ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r10 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) [ 3085.153286][T13644] Memory cgroup stats for /syz0: [ 3085.153479][T13644] anon 224747520 [ 3085.153479][T13644] file 47108096 [ 3085.153479][T13644] kernel_stack 3907584 [ 3085.153479][T13644] slab 8495104 [ 3085.153479][T13644] sock 0 [ 3085.153479][T13644] shmem 46977024 [ 3085.153479][T13644] file_mapped 0 [ 3085.153479][T13644] file_dirty 0 [ 3085.153479][T13644] file_writeback 0 [ 3085.153479][T13644] anon_thp 190840832 [ 3085.153479][T13644] inactive_anon 0 [ 3085.153479][T13644] active_anon 271687680 [ 3085.153479][T13644] inactive_file 0 [ 3085.153479][T13644] active_file 57344 [ 3085.153479][T13644] unevictable 0 [ 3085.153479][T13644] slab_reclaimable 1486848 [ 3085.153479][T13644] slab_unreclaimable 7008256 [ 3085.153479][T13644] pgfault 342870 [ 3085.153479][T13644] pgmajfault 0 [ 3085.153479][T13644] workingset_refault 264 [ 3085.153479][T13644] workingset_activate 66 [ 3085.153479][T13644] workingset_nodereclaim 0 [ 3085.153479][T13644] pgrefill 1274 [ 3085.153479][T13644] pgscan 1485 [ 3085.153479][T13644] pgsteal 657 05:59:10 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x175, 0x0) 05:59:10 executing program 1: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r5 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000040), 0x0) r6 = accept$alg(r5, 0x0, 0x0) r7 = dup(r6) recvmsg$can_raw(r7, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r7, 0xae47, 0x0) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r9, 0xae60) ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r10 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r11, 0xae60) ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r11, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r12 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r12, 0x117, 0x1, &(0x7f0000000040), 0x0) 05:59:10 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x176, 0x0) 05:59:10 executing program 5: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r5 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000040), 0x0) r6 = accept$alg(r5, 0x0, 0x0) r7 = dup(r6) recvmsg$can_raw(r7, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r7, 0xae47, 0x0) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r9, 0xae60) ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) 05:59:11 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x177, 0x0) [ 3086.433044][T13644] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=29652,uid=0 [ 3086.520999][T13644] Memory cgroup out of memory: Killed process 29652 (syz-executor.0) total-vm:74836kB, anon-rss:2220kB, file-rss:35796kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 [ 3086.625289][ T1078] oom_reaper: reaped process 29652 (syz-executor.0), now anon-rss:0kB, file-rss:34836kB, shmem-rss:0kB [ 3086.637762][T13642] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3086.666039][T13642] CPU: 0 PID: 13642 Comm: syz-executor.0 Not tainted 5.6.0-rc1-syzkaller #0 [ 3086.674745][T13642] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3086.684804][T13642] Call Trace: [ 3086.688135][T13642] dump_stack+0x11d/0x181 [ 3086.692486][T13642] dump_header+0xaa/0x39c [ 3086.696833][T13642] oom_kill_process.cold+0x10/0x15 [ 3086.702144][T13642] out_of_memory+0x231/0xa60 [ 3086.706870][T13642] mem_cgroup_out_of_memory+0x128/0x150 [ 3086.712554][T13642] try_charge+0x800/0xbf0 [ 3086.716915][T13642] mem_cgroup_try_charge+0xd2/0x260 [ 3086.722179][T13642] mem_cgroup_try_charge_delay+0x3a/0x80 [ 3086.727838][T13642] __handle_mm_fault+0x197f/0x2e00 [ 3086.733001][T13642] handle_mm_fault+0x21b/0x530 [ 3086.737920][T13642] do_page_fault+0x496/0xa3d [ 3086.742543][T13642] page_fault+0x34/0x40 [ 3086.746963][T13642] RIP: 0033:0x45edfd [ 3086.751827][T13642] Code: 5b 5d f3 c3 66 0f 1f 84 00 00 00 00 00 48 c7 c0 ea ff ff ff 48 85 ff 0f 84 e0 8c fb ff 48 85 f6 0f 84 d7 8c fb ff 48 83 ee 10 <48> 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 [ 3086.771571][T13642] RSP: 002b:00007ffde03e8dd8 EFLAGS: 00010202 [ 3086.777643][T13642] RAX: ffffffffffffffea RBX: 00007fc022a22700 RCX: 00007fc022a22700 [ 3086.785619][T13642] RDX: 00000000003d0f00 RSI: 00007fc022a21db0 RDI: 0000000000413030 [ 3086.793638][T13642] RBP: 00007ffde03e8ff0 R08: 00007fc022a229d0 R09: 00007fc022a22700 [ 3086.801631][T13642] R10: 00007fc022a21dc0 R11: 0000000000000246 R12: 0000000000000000 [ 3086.809611][T13642] R13: 00007ffde03e8e8f R14: 00007fc022a229c0 R15: 000000000076c06c [ 3087.020906][T13642] memory: usage 304872kB, limit 307200kB, failcnt 1548 [ 3087.036651][T13642] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3087.052711][T13642] Memory cgroup stats for /syz0: [ 3087.052899][T13642] anon 222437376 [ 3087.052899][T13642] file 47108096 [ 3087.052899][T13642] kernel_stack 3907584 [ 3087.052899][T13642] slab 8495104 [ 3087.052899][T13642] sock 0 [ 3087.052899][T13642] shmem 46977024 [ 3087.052899][T13642] file_mapped 0 [ 3087.052899][T13642] file_dirty 0 [ 3087.052899][T13642] file_writeback 0 [ 3087.052899][T13642] anon_thp 188743680 [ 3087.052899][T13642] inactive_anon 0 [ 3087.052899][T13642] active_anon 269463552 [ 3087.052899][T13642] inactive_file 0 [ 3087.052899][T13642] active_file 57344 [ 3087.052899][T13642] unevictable 0 [ 3087.052899][T13642] slab_reclaimable 1486848 [ 3087.052899][T13642] slab_unreclaimable 7008256 [ 3087.052899][T13642] pgfault 342870 [ 3087.052899][T13642] pgmajfault 0 [ 3087.052899][T13642] workingset_refault 264 [ 3087.052899][T13642] workingset_activate 66 [ 3087.052899][T13642] workingset_nodereclaim 0 [ 3087.052899][T13642] pgrefill 1274 [ 3087.052899][T13642] pgscan 1485 [ 3087.052899][T13642] pgsteal 657 [ 3087.152927][T13642] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=22596,uid=0 [ 3087.178187][T13642] Memory cgroup out of memory: Killed process 22596 (syz-executor.0) total-vm:74836kB, anon-rss:2220kB, file-rss:35796kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 [ 3087.385542][T13719] syz-executor.5 invoked oom-killer: gfp_mask=0x40cc0(GFP_KERNEL|__GFP_COMP), order=1, oom_score_adj=1000 [ 3087.431363][T13719] CPU: 0 PID: 13719 Comm: syz-executor.5 Not tainted 5.6.0-rc1-syzkaller #0 [ 3087.440118][T13719] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3087.450178][T13719] Call Trace: [ 3087.453542][T13719] dump_stack+0x11d/0x181 [ 3087.457901][T13719] dump_header+0xaa/0x39c [ 3087.462357][T13719] oom_kill_process.cold+0x10/0x15 [ 3087.467513][T13719] out_of_memory+0x231/0xa60 [ 3087.472176][T13719] mem_cgroup_out_of_memory+0x128/0x150 [ 3087.477757][T13719] try_charge+0xb6c/0xbf0 [ 3087.482158][T13719] __memcg_kmem_charge_memcg+0x4a/0xe0 [ 3087.487655][T13719] ? __rcu_read_unlock+0x66/0x2f0 [ 3087.492747][T13719] cache_grow_begin+0x3bb/0x5c0 [ 3087.497835][T13719] fallback_alloc+0x161/0x1f0 [ 3087.502548][T13719] ____cache_alloc_node+0x1b1/0x1c0 [ 3087.507793][T13719] ? mempolicy_slab_node+0xdf/0x200 [ 3087.513021][T13719] alternate_node_alloc.part.0+0x59/0x80 [ 3087.518697][T13719] alternate_node_alloc+0x21/0x30 [ 3087.523747][T13719] kmem_cache_alloc+0x92/0x5d0 [ 3087.528525][T13719] ? __this_cpu_preempt_check+0x45/0x140 [ 3087.534320][T13719] ? __mod_memcg_state+0x9a/0x120 [ 3087.539373][T13719] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3087.545774][T13719] ? shmem_destroy_inode+0x70/0x70 [ 3087.550909][T13719] shmem_alloc_inode+0x31/0x60 [ 3087.555744][T13719] alloc_inode+0x48/0x130 [ 3087.560175][T13719] new_inode_pseudo+0x35/0xe0 [ 3087.564884][T13719] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3087.571169][T13719] new_inode+0x28/0x50 [ 3087.575259][T13719] shmem_get_inode+0x85/0x490 [ 3087.580052][T13719] __shmem_file_setup.part.0+0x189/0x1f0 [ 3087.585730][T13719] shmem_zero_setup+0xbe/0x2d1 [ 3087.590736][T13719] mmap_region+0xcf5/0xd50 [ 3087.595241][T13719] do_mmap+0x6c8/0xba0 [ 3087.599362][T13719] vm_mmap_pgoff+0x12d/0x190 [ 3087.604266][T13719] vm_mmap+0x9d/0xd0 [ 3087.608199][T13719] __x86_set_memory_region+0x2c6/0x350 [ 3087.613712][T13719] ? vmx_prepare_switch_to_host+0x6b/0x520 [ 3087.619621][T13719] ? kvm_arch_has_assigned_device+0x58/0x80 [ 3087.625653][T13719] vmx_create_vcpu+0x1db5/0x2280 [ 3087.630704][T13719] ? kvm_hv_vcpu_init+0x1d4/0x200 [ 3087.635759][T13719] kvm_arch_vcpu_create+0x401/0x660 [ 3087.641031][T13719] kvm_vm_ioctl+0xdd5/0x14e0 [ 3087.645650][T13719] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 3087.651597][T13719] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3087.657859][T13719] ? do_vfs_ioctl+0x3c0/0xd00 [ 3087.663069][T13719] ? tomoyo_file_ioctl+0x34/0x40 [ 3087.668032][T13719] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3087.674311][T13719] ? kvm_unregister_device_ops+0x80/0x80 [ 3087.679971][T13719] ksys_ioctl+0x109/0x150 [ 3087.684372][T13719] __x64_sys_ioctl+0x4c/0x60 [ 3087.689100][T13719] do_syscall_64+0xcc/0x3a0 [ 3087.693631][T13719] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 3087.699536][T13719] RIP: 0033:0x45c449 [ 3087.703450][T13719] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3087.723057][T13719] RSP: 002b:00007ff5fc42cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3087.731479][T13719] RAX: ffffffffffffffda RBX: 00007ff5fc42d6d4 RCX: 000000000045c449 [ 3087.739482][T13719] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000005 [ 3087.747612][T13719] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 3087.755592][T13719] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 3087.763571][T13719] R13: 000000000000038f R14: 00000000004c5c3b R15: 000000000076bf2c 05:59:13 executing program 0: set_mempolicy(0x3, &(0x7f0000000300)=0x762, 0x200000000000008) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f00000001c0)='NLBL_UNLBL\x00') pivot_root(&(0x7f0000000000)='.\x00', &(0x7f0000000040)='./file0\x00') r0 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r0, &(0x7f0000000080)=[{&(0x7f0000000200)="580000001500add427323b470c45b4560a067fffffff81004e22000d00ff0028925aa80020007b00090080000efffeffe809000000ff0000f03ac710d1070000ffffffffffffffffffe7ee00000000000000000200000000", 0x58}], 0x1) r1 = syz_genetlink_get_family_id$netlbl_calipso(&(0x7f00000000c0)='NLBL_CALIPSO\x00') sendmsg$NLBL_CALIPSO_C_REMOVE(r0, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x34, r1, 0xc, 0x70bd2b, 0x25dfdbfb, {}, [@NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x3}, @NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_DOI={0x8}]}, 0x34}, 0x1, 0x0, 0x0, 0x20048000}, 0x4004000) 05:59:13 executing program 4: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r5 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000040), 0x0) r6 = accept$alg(r5, 0x0, 0x0) r7 = dup(r6) recvmsg$can_raw(r7, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r7, 0xae47, 0x0) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r9, 0xae60) ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r10 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) 05:59:13 executing program 3: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r5 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000040), 0x0) r6 = accept$alg(r5, 0x0, 0x0) r7 = dup(r6) recvmsg$can_raw(r7, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r7, 0xae47, 0x0) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r9, 0xae60) ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r10 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r11, 0xae60) ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r11, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) socket$alg(0x26, 0x5, 0x0) 05:59:13 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x178, 0x0) 05:59:13 executing program 1: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r5 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000040), 0x0) r6 = accept$alg(r5, 0x0, 0x0) r7 = dup(r6) recvmsg$can_raw(r7, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r7, 0xae47, 0x0) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r9, 0xae60) ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r10 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) [ 3087.965443][T13719] memory: usage 307200kB, limit 307200kB, failcnt 1157 05:59:13 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x179, 0x0) [ 3088.011045][T13719] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3088.031336][T13719] Memory cgroup stats for /syz5: [ 3088.031542][T13719] anon 271106048 [ 3088.031542][T13719] file 81920 [ 3088.031542][T13719] kernel_stack 3686400 [ 3088.031542][T13719] slab 10706944 [ 3088.031542][T13719] sock 8192 [ 3088.031542][T13719] shmem 40960 [ 3088.031542][T13719] file_mapped 0 [ 3088.031542][T13719] file_dirty 0 [ 3088.031542][T13719] file_writeback 0 [ 3088.031542][T13719] anon_thp 236978176 [ 3088.031542][T13719] inactive_anon 32768 [ 3088.031542][T13719] active_anon 271048704 [ 3088.031542][T13719] inactive_file 86016 [ 3088.031542][T13719] active_file 40960 [ 3088.031542][T13719] unevictable 0 [ 3088.031542][T13719] slab_reclaimable 2162688 [ 3088.031542][T13719] slab_unreclaimable 8544256 [ 3088.031542][T13719] pgfault 302016 [ 3088.031542][T13719] pgmajfault 0 [ 3088.031542][T13719] workingset_refault 231 [ 3088.031542][T13719] workingset_activate 99 [ 3088.031542][T13719] workingset_nodereclaim 0 [ 3088.031542][T13719] pgrefill 2866 [ 3088.031542][T13719] pgscan 12422 [ 3088.031542][T13719] pgsteal 592 05:59:13 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x17a, 0x0) 05:59:13 executing program 1: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r5 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000040), 0x0) r6 = accept$alg(r5, 0x0, 0x0) r7 = dup(r6) recvmsg$can_raw(r7, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r7, 0xae47, 0x0) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r9, 0xae60) ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r10 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) [ 3088.300964][T13719] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=11811,uid=0 [ 3088.405535][T13719] Memory cgroup out of memory: Killed process 11811 (syz-executor.5) total-vm:74836kB, anon-rss:2220kB, file-rss:35832kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 [ 3088.471254][ T1078] oom_reaper: reaped process 11811 (syz-executor.5), now anon-rss:0kB, file-rss:34872kB, shmem-rss:0kB 05:59:13 executing program 0: r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0) setsockopt$pppl2tp_PPPOL2TP_SO_DEBUG(r0, 0x111, 0x1, 0x9, 0x4) set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 05:59:13 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x17b, 0x0) 05:59:14 executing program 5: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r5 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000040), 0x0) r6 = accept$alg(r5, 0x0, 0x0) r7 = dup(r6) recvmsg$can_raw(r7, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r7, 0xae47, 0x0) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r9, 0xae60) ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) 05:59:14 executing program 1: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r5 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000040), 0x0) r6 = accept$alg(r5, 0x0, 0x0) r7 = dup(r6) recvmsg$can_raw(r7, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r7, 0xae47, 0x0) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r9, 0xae60) ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r10 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) 05:59:14 executing program 3: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r5 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000040), 0x0) r6 = accept$alg(r5, 0x0, 0x0) r7 = dup(r6) recvmsg$can_raw(r7, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r7, 0xae47, 0x0) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r9, 0xae60) ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r10 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r11, 0xae60) ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r11, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000040), 0x0) [ 3089.320413][ C1] print_req_error: 173 callbacks suppressed [ 3089.320433][ C1] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3089.337429][ C1] buffer_io_error: 173 callbacks suppressed [ 3089.337439][ C1] Buffer I/O error on dev loop0, logical block 0, async page read [ 3089.365293][T13836] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3089.403184][T13836] CPU: 1 PID: 13836 Comm: syz-executor.3 Not tainted 5.6.0-rc1-syzkaller #0 [ 3089.411909][T13836] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3089.421968][T13836] Call Trace: [ 3089.425271][T13836] dump_stack+0x11d/0x181 [ 3089.429630][T13836] dump_header+0xaa/0x39c [ 3089.433971][T13836] oom_kill_process.cold+0x10/0x15 [ 3089.439092][T13836] out_of_memory+0x231/0xa60 [ 3089.443693][T13836] ? __rcu_read_unlock+0x66/0x2f0 [ 3089.448829][T13836] mem_cgroup_out_of_memory+0x128/0x150 [ 3089.454402][T13836] try_charge+0xb6c/0xbf0 [ 3089.458834][T13836] mem_cgroup_try_charge+0xd2/0x260 [ 3089.464075][T13836] mem_cgroup_try_charge_delay+0x3a/0x80 [ 3089.469729][T13836] __handle_mm_fault+0x197f/0x2e00 [ 3089.474950][T13836] handle_mm_fault+0x21b/0x530 [ 3089.479730][T13836] do_page_fault+0x496/0xa3d [ 3089.484345][T13836] page_fault+0x34/0x40 [ 3089.488508][T13836] RIP: 0033:0x413c3f [ 3089.492478][T13836] Code: 0f 84 c8 02 00 00 48 83 bd 78 ff ff ff 00 0f 84 f9 04 00 00 48 8b 95 68 ff ff ff 44 89 95 38 ff ff ff 4c 8d ac 10 00 f7 ff ff <49> 89 85 90 06 00 00 49 8d 85 10 03 00 00 49 89 95 98 06 00 00 41 [ 3089.512113][T13836] RSP: 002b:00007ffc79c5d860 EFLAGS: 00010206 [ 3089.518192][T13836] RAX: 00007f331e2ac000 RBX: 0000000000020000 RCX: 000000000045c49a [ 3089.526186][T13836] RDX: 0000000000021000 RSI: 0000000000021000 RDI: 0000000000000000 [ 3089.534166][T13836] RBP: 00007ffc79c5d940 R08: ffffffffffffffff R09: 0000000000000000 [ 3089.542158][T13836] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffc79c5da30 [ 3089.550136][T13836] R13: 00007f331e2cc700 R14: 0000000000000002 R15: 000000000076c06c [ 3089.558981][ C1] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3089.570050][ C1] Buffer I/O error on dev loop0, logical block 0, async page read [ 3089.597242][T13836] memory: usage 307200kB, limit 307200kB, failcnt 100 05:59:14 executing program 4: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r5 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000040), 0x0) r6 = accept$alg(r5, 0x0, 0x0) r7 = dup(r6) recvmsg$can_raw(r7, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r7, 0xae47, 0x0) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r9, 0xae60) ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r10 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) 05:59:14 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x17c, 0x0) 05:59:14 executing program 0: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) userfaultfd(0x800) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) getsockopt$rose(0xffffffffffffffff, 0x104, 0x7, &(0x7f0000000000), &(0x7f0000000040)=0x4) ioctl$KVM_SET_TSS_ADDR(r2, 0xae47, 0x0) ioctl$SNDRV_TIMER_IOCTL_PAUSE(r2, 0x54a3) 05:59:14 executing program 1: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r5 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000040), 0x0) r6 = accept$alg(r5, 0x0, 0x0) r7 = dup(r6) recvmsg$can_raw(r7, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r7, 0xae47, 0x0) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r9, 0xae60) ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) 05:59:14 executing program 5: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r5 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000040), 0x0) r6 = accept$alg(r5, 0x0, 0x0) r7 = dup(r6) recvmsg$can_raw(r7, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r7, 0xae47, 0x0) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r9, 0xae60) ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) [ 3089.615262][ C1] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3089.628726][ C1] Buffer I/O error on dev loop0, logical block 0, async page read [ 3089.658830][T13836] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3089.711151][ C1] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3089.722073][ C1] Buffer I/O error on dev loop0, logical block 0, async page read 05:59:15 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x17d, 0x0) [ 3089.757449][ C1] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3089.768508][ C1] Buffer I/O error on dev loop0, logical block 0, async page read [ 3089.776970][ C1] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3089.787921][ C1] Buffer I/O error on dev loop0, logical block 0, async page read [ 3089.806520][ C1] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3089.817483][ C1] Buffer I/O error on dev loop0, logical block 0, async page read [ 3089.822981][T13836] Memory cgroup stats for /syz3: [ 3089.823180][T13836] anon 285847552 [ 3089.823180][T13836] file 159744 [ 3089.823180][T13836] kernel_stack 2174976 [ 3089.823180][T13836] slab 8257536 [ 3089.823180][T13836] sock 0 [ 3089.823180][T13836] shmem 106496 [ 3089.823180][T13836] file_mapped 0 [ 3089.823180][T13836] file_dirty 0 [ 3089.823180][T13836] file_writeback 0 [ 3089.823180][T13836] anon_thp 270532608 [ 3089.823180][T13836] inactive_anon 135168 [ 3089.823180][T13836] active_anon 285900800 [ 3089.823180][T13836] inactive_file 0 [ 3089.823180][T13836] active_file 69632 [ 3089.823180][T13836] unevictable 0 [ 3089.823180][T13836] slab_reclaimable 1622016 [ 3089.823180][T13836] slab_unreclaimable 6635520 [ 3089.823180][T13836] pgfault 220110 [ 3089.823180][T13836] pgmajfault 0 [ 3089.823180][T13836] workingset_refault 66 [ 3089.823180][T13836] workingset_activate 0 [ 3089.823180][T13836] workingset_nodereclaim 0 [ 3089.823180][T13836] pgrefill 433 [ 3089.823180][T13836] pgscan 446 [ 3089.823180][T13836] pgsteal 211 [ 3089.859118][ C1] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3089.930770][ C1] Buffer I/O error on dev loop0, logical block 0, async page read [ 3089.945354][ C1] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3089.956300][ C1] Buffer I/O error on dev loop0, logical block 0, async page read [ 3089.967513][T13836] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=26010,uid=0 [ 3089.985933][ C1] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3089.996977][ C1] Buffer I/O error on dev loop0, logical block 0, async page read [ 3090.035649][T13836] Memory cgroup out of memory: Killed process 26010 (syz-executor.3) total-vm:74836kB, anon-rss:4268kB, file-rss:35884kB, shmem-rss:0kB, UID:0 pgtables:136kB oom_score_adj:1000 [ 3090.111079][ T1078] oom_reaper: reaped process 26010 (syz-executor.3), now anon-rss:0kB, file-rss:34924kB, shmem-rss:0kB [ 3090.123498][T13867] syz-executor.0 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 3090.137764][T13867] CPU: 1 PID: 13867 Comm: syz-executor.0 Not tainted 5.6.0-rc1-syzkaller #0 [ 3090.146487][T13867] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3090.156566][T13867] Call Trace: [ 3090.159885][T13867] dump_stack+0x11d/0x181 [ 3090.164326][T13867] dump_header+0xaa/0x39c [ 3090.168723][T13867] oom_kill_process.cold+0x10/0x15 [ 3090.173996][T13867] out_of_memory+0x231/0xa60 [ 3090.178664][T13867] mem_cgroup_out_of_memory+0x128/0x150 [ 3090.184345][T13867] try_charge+0xb6c/0xbf0 [ 3090.188736][T13867] __memcg_kmem_charge_memcg+0x4a/0xe0 [ 3090.194453][T13867] __memcg_kmem_charge+0xcf/0x1b0 [ 3090.199525][T13867] __alloc_pages_nodemask+0x26c/0x310 [ 3090.204960][T13867] alloc_pages_current+0xd1/0x170 05:59:15 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x17e, 0x0) [ 3090.210036][T13867] pte_alloc_one+0x18/0x50 [ 3090.214477][T13867] __pte_alloc+0x2d/0x220 [ 3090.218929][T13867] copy_page_range+0x13a2/0x1a00 [ 3090.223915][T13867] ? __list_add_valid+0x62/0x80 [ 3090.228832][T13867] ? __rb_rotate_set_parents+0x9a/0xf0 [ 3090.234358][T13867] dup_mm+0x74a/0xba0 [ 3090.238404][T13867] copy_process+0x39d7/0x3b40 [ 3090.243246][T13867] _do_fork+0xfe/0x7a0 [ 3090.247568][T13867] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3090.253820][T13867] ? ktime_get_ts64+0x286/0x2c0 [ 3090.258718][T13867] __x64_sys_clone+0x130/0x170 [ 3090.263527][T13867] do_syscall_64+0xcc/0x3a0 [ 3090.268237][T13867] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 3090.274154][T13867] RIP: 0033:0x45c449 [ 3090.278077][T13867] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3090.297722][T13867] RSP: 002b:00007fc022a63c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 3090.306231][T13867] RAX: ffffffffffffffda RBX: 00007fc022a646d4 RCX: 000000000045c449 [ 3090.314308][T13867] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 3090.322290][T13867] RBP: 000000000076bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 3090.331145][T13867] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 3090.339178][T13867] R13: 0000000000000074 R14: 00000000004c2ce6 R15: 000000000076bf2c [ 3090.368226][T13867] memory: usage 307200kB, limit 307200kB, failcnt 1581 [ 3090.377936][T13867] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3090.401091][T13867] Memory cgroup stats for /syz0: [ 3090.401244][T13867] anon 224608256 [ 3090.401244][T13867] file 47108096 [ 3090.401244][T13867] kernel_stack 3907584 [ 3090.401244][T13867] slab 8495104 [ 3090.401244][T13867] sock 0 [ 3090.401244][T13867] shmem 46977024 [ 3090.401244][T13867] file_mapped 0 [ 3090.401244][T13867] file_dirty 0 [ 3090.401244][T13867] file_writeback 0 [ 3090.401244][T13867] anon_thp 190840832 [ 3090.401244][T13867] inactive_anon 0 [ 3090.401244][T13867] active_anon 271634432 [ 3090.401244][T13867] inactive_file 0 [ 3090.401244][T13867] active_file 57344 [ 3090.401244][T13867] unevictable 0 [ 3090.401244][T13867] slab_reclaimable 1486848 [ 3090.401244][T13867] slab_unreclaimable 7008256 [ 3090.401244][T13867] pgfault 343200 [ 3090.401244][T13867] pgmajfault 0 [ 3090.401244][T13867] workingset_refault 264 [ 3090.401244][T13867] workingset_activate 66 [ 3090.401244][T13867] workingset_nodereclaim 0 [ 3090.401244][T13867] pgrefill 1274 [ 3090.401244][T13867] pgscan 1485 [ 3090.401244][T13867] pgsteal 657 05:59:15 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x17f, 0x0) 05:59:16 executing program 3: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r5 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000040), 0x0) r6 = accept$alg(r5, 0x0, 0x0) r7 = dup(r6) recvmsg$can_raw(r7, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r7, 0xae47, 0x0) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r9, 0xae60) ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r10 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r11, 0xae60) ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r11, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000040), 0x0) [ 3090.804401][T13867] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=19144,uid=0 05:59:16 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x180, 0x0) [ 3090.848787][T13867] Memory cgroup out of memory: Killed process 19144 (syz-executor.0) total-vm:74836kB, anon-rss:2220kB, file-rss:35796kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 [ 3090.933704][T13869] syz-executor.1 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=0 [ 3090.971127][T13869] CPU: 1 PID: 13869 Comm: syz-executor.1 Not tainted 5.6.0-rc1-syzkaller #0 [ 3090.979884][T13869] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3090.990061][T13869] Call Trace: [ 3090.993373][T13869] dump_stack+0x11d/0x181 [ 3090.997729][T13869] dump_header+0xaa/0x39c [ 3091.002099][T13869] oom_kill_process.cold+0x10/0x15 [ 3091.007253][T13869] out_of_memory+0x231/0xa60 [ 3091.011880][T13869] mem_cgroup_out_of_memory+0x128/0x150 [ 3091.017653][T13869] try_charge+0xb6c/0xbf0 [ 3091.022152][T13869] __memcg_kmem_charge_memcg+0x4a/0xe0 [ 3091.027636][T13869] __memcg_kmem_charge+0xcf/0x1b0 [ 3091.032812][T13869] __alloc_pages_nodemask+0x26c/0x310 [ 3091.038395][T13869] alloc_pages_current+0xd1/0x170 [ 3091.043445][T13869] pte_alloc_one+0x18/0x50 [ 3091.047882][T13869] __pte_alloc+0x2d/0x220 [ 3091.052224][T13869] ? pud_alloc+0xa2/0x100 [ 3091.056641][T13869] copy_page_range+0x13a2/0x1a00 [ 3091.061586][T13869] ? __list_add_valid+0x62/0x80 [ 3091.066530][T13869] ? __rb_rotate_set_parents+0x9a/0xf0 [ 3091.072195][T13869] dup_mm+0x74a/0xba0 [ 3091.076434][T13869] copy_process+0x39d7/0x3b40 05:59:16 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x181, 0x0) [ 3091.081226][T13869] _do_fork+0xfe/0x7a0 [ 3091.085431][T13869] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3091.091848][T13869] ? ktime_get_ts64+0x286/0x2c0 [ 3091.096850][T13869] __x64_sys_clone+0x130/0x170 [ 3091.101658][T13869] do_syscall_64+0xcc/0x3a0 [ 3091.106212][T13869] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 3091.112114][T13869] RIP: 0033:0x45c449 [ 3091.116113][T13869] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3091.135815][T13869] RSP: 002b:00007f86ddabac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 3091.144286][T13869] RAX: ffffffffffffffda RBX: 00007f86ddabb6d4 RCX: 000000000045c449 [ 3091.152287][T13869] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 3091.160273][T13869] RBP: 000000000076bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 3091.168519][T13869] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 3091.176531][T13869] R13: 0000000000000074 R14: 00000000004c2ce6 R15: 000000000076bf2c 05:59:16 executing program 0: r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r2, 0xae47, 0x0) read$char_usb(r2, &(0x7f0000000000)=""/76, 0x4c) set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 3091.401232][T13869] memory: usage 307200kB, limit 307200kB, failcnt 2501 [ 3091.415349][T13869] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3091.479672][T13869] Memory cgroup stats for /syz1: [ 3091.481373][T13869] anon 280879104 [ 3091.481373][T13869] file 45056 [ 3091.481373][T13869] kernel_stack 2912256 [ 3091.481373][T13869] slab 7544832 [ 3091.481373][T13869] sock 12288 [ 3091.481373][T13869] shmem 28672 [ 3091.481373][T13869] file_mapped 135168 [ 3091.481373][T13869] file_dirty 0 [ 3091.481373][T13869] file_writeback 0 [ 3091.481373][T13869] anon_thp 253755392 [ 3091.481373][T13869] inactive_anon 139264 [ 3091.481373][T13869] active_anon 280879104 05:59:16 executing program 4: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r5 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000040), 0x0) r6 = accept$alg(r5, 0x0, 0x0) r7 = dup(r6) recvmsg$can_raw(r7, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r7, 0xae47, 0x0) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r9, 0xae60) ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r10 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) 05:59:16 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x182, 0x0) 05:59:16 executing program 0: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 3091.481373][T13869] inactive_file 32768 [ 3091.481373][T13869] active_file 69632 [ 3091.481373][T13869] unevictable 8192 [ 3091.481373][T13869] slab_reclaimable 1622016 [ 3091.481373][T13869] slab_unreclaimable 5922816 [ 3091.481373][T13869] pgfault 333102 [ 3091.481373][T13869] pgmajfault 0 [ 3091.481373][T13869] workingset_refault 165 [ 3091.481373][T13869] workingset_activate 33 [ 3091.481373][T13869] workingset_nodereclaim 0 [ 3091.481373][T13869] pgrefill 1292 [ 3091.481373][T13869] pgscan 6593 [ 3091.481373][T13869] pgsteal 5730 [ 3091.750893][T13869] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=9350,uid=0 [ 3091.790075][T13869] Memory cgroup out of memory: Killed process 9350 (syz-executor.1) total-vm:74968kB, anon-rss:4272kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:124kB oom_score_adj:1000 [ 3091.946909][T13871] syz-executor.5 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 3091.992608][T13871] CPU: 1 PID: 13871 Comm: syz-executor.5 Not tainted 5.6.0-rc1-syzkaller #0 [ 3092.001338][T13871] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3092.011396][T13871] Call Trace: [ 3092.014744][T13871] dump_stack+0x11d/0x181 [ 3092.019188][T13871] dump_header+0xaa/0x39c [ 3092.023558][T13871] oom_kill_process.cold+0x10/0x15 [ 3092.028831][T13871] out_of_memory+0x231/0xa60 [ 3092.033458][T13871] mem_cgroup_out_of_memory+0x128/0x150 [ 3092.039036][T13871] try_charge+0xb6c/0xbf0 [ 3092.043414][T13871] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3092.049936][T13871] __memcg_kmem_charge_memcg+0x4a/0xe0 [ 3092.055615][T13871] __memcg_kmem_charge+0xcf/0x1b0 [ 3092.060858][T13871] __alloc_pages_nodemask+0x26c/0x310 [ 3092.067070][T13871] alloc_pages_current+0xd1/0x170 [ 3092.072120][T13871] pte_alloc_one+0x18/0x50 [ 3092.076715][T13871] __pte_alloc+0x2d/0x220 [ 3092.081073][T13871] copy_page_range+0x13a2/0x1a00 [ 3092.086168][T13871] ? __vma_link_rb+0x3f4/0x440 [ 3092.091086][T13871] dup_mm+0x74a/0xba0 [ 3092.095157][T13871] copy_process+0x39d7/0x3b40 [ 3092.099894][T13871] _do_fork+0xfe/0x7a0 [ 3092.104002][T13871] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3092.110261][T13871] ? ktime_get_ts64+0x286/0x2c0 [ 3092.115149][T13871] __x64_sys_clone+0x130/0x170 [ 3092.120027][T13871] do_syscall_64+0xcc/0x3a0 [ 3092.124571][T13871] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 3092.130471][T13871] RIP: 0033:0x45c449 [ 3092.134497][T13871] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3092.154389][T13871] RSP: 002b:00007ff5fc42cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 3092.162881][T13871] RAX: ffffffffffffffda RBX: 00007ff5fc42d6d4 RCX: 000000000045c449 [ 3092.170860][T13871] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 3092.178943][T13871] RBP: 000000000076bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 3092.186930][T13871] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 3092.194944][T13871] R13: 0000000000000074 R14: 00000000004c2ce6 R15: 000000000076bf2c [ 3092.251299][T13871] memory: usage 307196kB, limit 307200kB, failcnt 1191 [ 3092.273085][T13871] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3092.299638][T13871] Memory cgroup stats for /syz5: [ 3092.299809][T13871] anon 270954496 [ 3092.299809][T13871] file 81920 [ 3092.299809][T13871] kernel_stack 3686400 [ 3092.299809][T13871] slab 10706944 [ 3092.299809][T13871] sock 8192 [ 3092.299809][T13871] shmem 40960 [ 3092.299809][T13871] file_mapped 0 [ 3092.299809][T13871] file_dirty 0 [ 3092.299809][T13871] file_writeback 0 [ 3092.299809][T13871] anon_thp 236978176 [ 3092.299809][T13871] inactive_anon 32768 [ 3092.299809][T13871] active_anon 271032320 [ 3092.299809][T13871] inactive_file 86016 [ 3092.299809][T13871] active_file 40960 [ 3092.299809][T13871] unevictable 0 [ 3092.299809][T13871] slab_reclaimable 2162688 [ 3092.299809][T13871] slab_unreclaimable 8544256 [ 3092.299809][T13871] pgfault 302181 [ 3092.299809][T13871] pgmajfault 0 [ 3092.299809][T13871] workingset_refault 231 [ 3092.299809][T13871] workingset_activate 99 [ 3092.299809][T13871] workingset_nodereclaim 0 [ 3092.299809][T13871] pgrefill 2899 [ 3092.299809][T13871] pgscan 12623 [ 3092.299809][T13871] pgsteal 592 05:59:17 executing program 1: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r5 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000040), 0x0) r6 = accept$alg(r5, 0x0, 0x0) r7 = dup(r6) recvmsg$can_raw(r7, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r7, 0xae47, 0x0) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r9, 0xae60) ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) [ 3092.511331][T13871] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=9716,uid=0 [ 3092.551234][T13871] Memory cgroup out of memory: Killed process 9716 (syz-executor.5) total-vm:74968kB, anon-rss:2232kB, file-rss:35808kB, shmem-rss:0kB, UID:0 pgtables:136kB oom_score_adj:1000 [ 3092.614030][ T1078] oom_reaper: reaped process 9716 (syz-executor.5), now anon-rss:0kB, file-rss:34848kB, shmem-rss:0kB 05:59:18 executing program 5: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r5 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000040), 0x0) r6 = accept$alg(r5, 0x0, 0x0) r7 = dup(r6) recvmsg$can_raw(r7, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r7, 0xae47, 0x0) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r9, 0xae60) 05:59:18 executing program 0: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r2, 0xae47, 0x0) execveat(r2, &(0x7f0000000000)='./file0\x00', &(0x7f0000000240)=[&(0x7f0000000040)='eth1,cpuset\x00', &(0x7f0000000080)='+system:wlan0\x00', &(0x7f00000000c0)='[!Nsystem\x00', &(0x7f0000000100)='security\x00', &(0x7f0000000140)='\x00', &(0x7f0000000180)='\x00', &(0x7f00000001c0)='\x00', &(0x7f0000000200)='\',ppp1+nodev@@bdev\x00'], &(0x7f0000000400)=[&(0x7f0000000280)='\x00', &(0x7f00000002c0)='\x00', &(0x7f0000000340)='/GPL\x00', &(0x7f0000000380)='bdev\x00', &(0x7f00000003c0)='em1&(}.vboxnet1\x00'], 0x100) 05:59:18 executing program 3: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r5 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000040), 0x0) r6 = accept$alg(r5, 0x0, 0x0) r7 = dup(r6) recvmsg$can_raw(r7, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r7, 0xae47, 0x0) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r9, 0xae60) ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r10 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r11, 0xae60) ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r11, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000040), 0x0) 05:59:18 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x183, 0x0) 05:59:18 executing program 1: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r5 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000040), 0x0) r6 = accept$alg(r5, 0x0, 0x0) r7 = dup(r6) recvmsg$can_raw(r7, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r7, 0xae47, 0x0) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r9, 0xae60) ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) 05:59:18 executing program 4: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r5 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000040), 0x0) r6 = accept$alg(r5, 0x0, 0x0) r7 = dup(r6) recvmsg$can_raw(r7, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r7, 0xae47, 0x0) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r9, 0xae60) ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r10 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r11, 0xae60) ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r11, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000040), 0x0) 05:59:18 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x184, 0x0) 05:59:18 executing program 1: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r5 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000040), 0x0) r6 = accept$alg(r5, 0x0, 0x0) r7 = dup(r6) recvmsg$can_raw(r7, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r7, 0xae47, 0x0) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r9, 0xae60) ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) [ 3093.232856][T13983] syz-executor.5 invoked oom-killer: gfp_mask=0x402dc2(GFP_KERNEL_ACCOUNT|__GFP_HIGHMEM|__GFP_NOWARN|__GFP_ZERO), order=0, oom_score_adj=1000 05:59:18 executing program 0: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x57108100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r2, 0xae47, 0x0) ioctl$VIDIOC_LOG_STATUS(r2, 0x5646, 0x0) [ 3093.371220][T13983] CPU: 1 PID: 13983 Comm: syz-executor.5 Not tainted 5.6.0-rc1-syzkaller #0 [ 3093.379954][T13983] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3093.390128][T13983] Call Trace: [ 3093.393520][T13983] dump_stack+0x11d/0x181 [ 3093.397861][T13983] dump_header+0xaa/0x39c [ 3093.402212][T13983] oom_kill_process.cold+0x10/0x15 [ 3093.407338][T13983] out_of_memory+0x231/0xa60 [ 3093.411948][T13983] ? __rcu_read_unlock+0x66/0x2f0 [ 3093.417011][T13983] mem_cgroup_out_of_memory+0x128/0x150 [ 3093.422600][T13983] try_charge+0xb6c/0xbf0 [ 3093.426958][T13983] ? _raw_spin_unlock+0x4b/0x60 [ 3093.431917][T13983] __memcg_kmem_charge_memcg+0x4a/0xe0 [ 3093.437409][T13983] __memcg_kmem_charge+0xcf/0x1b0 [ 3093.442447][T13983] __alloc_pages_nodemask+0x26c/0x310 [ 3093.447852][T13983] alloc_pages_current+0xd1/0x170 [ 3093.452896][T13983] __vmalloc_node_range+0x2c4/0x4a0 [ 3093.458113][T13983] __vmalloc+0x4d/0x70 [ 3093.462191][T13983] ? vmx_vm_alloc+0x40/0x50 [ 3093.466707][T13983] vmx_vm_alloc+0x40/0x50 05:59:18 executing program 1: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r5 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000040), 0x0) r6 = accept$alg(r5, 0x0, 0x0) r7 = dup(r6) recvmsg$can_raw(r7, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r7, 0xae47, 0x0) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r9, 0xae60) ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) [ 3093.471048][T13983] kvm_dev_ioctl+0x137/0xcb0 [ 3093.475677][T13983] ? tomoyo_file_ioctl+0x34/0x40 [ 3093.480643][T13983] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3093.486983][T13983] ? kvm_put_kvm+0x6a0/0x6a0 [ 3093.491608][T13983] ksys_ioctl+0x109/0x150 [ 3093.496036][T13983] __x64_sys_ioctl+0x4c/0x60 [ 3093.500717][T13983] do_syscall_64+0xcc/0x3a0 [ 3093.505296][T13983] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 3093.511307][T13983] RIP: 0033:0x45c449 [ 3093.515214][T13983] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3093.534826][T13983] RSP: 002b:00007ff5fc40bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3093.543318][T13983] RAX: ffffffffffffffda RBX: 00007ff5fc40c6d4 RCX: 000000000045c449 [ 3093.551603][T13983] RDX: 0000000000000000 RSI: 000000000000ae01 RDI: 0000000000000006 [ 3093.560796][T13983] RBP: 000000000076bfc0 R08: 0000000000000000 R09: 0000000000000000 05:59:18 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x185, 0x0) [ 3093.568776][T13983] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 3093.576752][T13983] R13: 0000000000000390 R14: 00000000004c5c51 R15: 000000000076bfcc [ 3093.636948][T14005] IPVS: ftp: loaded support on port[0] = 21 05:59:19 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x186, 0x0) [ 3093.953600][T13983] memory: usage 307200kB, limit 307200kB, failcnt 1235 [ 3093.960497][T13983] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3093.987141][T13983] Memory cgroup stats for /syz5: [ 3093.987311][T13983] anon 271167488 [ 3093.987311][T13983] file 81920 [ 3093.987311][T13983] kernel_stack 3686400 [ 3093.987311][T13983] slab 10571776 [ 3093.987311][T13983] sock 8192 [ 3093.987311][T13983] shmem 40960 [ 3093.987311][T13983] file_mapped 0 [ 3093.987311][T13983] file_dirty 0 [ 3093.987311][T13983] file_writeback 0 [ 3093.987311][T13983] anon_thp 236978176 [ 3093.987311][T13983] inactive_anon 32768 [ 3093.987311][T13983] active_anon 271187968 [ 3093.987311][T13983] inactive_file 86016 [ 3093.987311][T13983] active_file 40960 [ 3093.987311][T13983] unevictable 0 [ 3093.987311][T13983] slab_reclaimable 2162688 [ 3093.987311][T13983] slab_unreclaimable 8409088 [ 3093.987311][T13983] pgfault 302346 [ 3093.987311][T13983] pgmajfault 0 [ 3093.987311][T13983] workingset_refault 231 [ 3093.987311][T13983] workingset_activate 99 [ 3093.987311][T13983] workingset_nodereclaim 0 [ 3093.987311][T13983] pgrefill 2932 [ 3093.987311][T13983] pgscan 12900 [ 3093.987311][T13983] pgsteal 592 [ 3094.193491][T13161] tipc: TX() has been purged, node left! [ 3094.232919][T13983] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=2357,uid=0 [ 3094.269104][T13983] Memory cgroup out of memory: Killed process 2357 (syz-executor.5) total-vm:74704kB, anon-rss:2212kB, file-rss:35836kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 [ 3094.366298][T13979] syz-executor.5 invoked oom-killer: gfp_mask=0x40cc0(GFP_KERNEL|__GFP_COMP), order=0, oom_score_adj=1000 [ 3094.392073][T13979] CPU: 0 PID: 13979 Comm: syz-executor.5 Not tainted 5.6.0-rc1-syzkaller #0 [ 3094.400909][T13979] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3094.410979][T13979] Call Trace: [ 3094.414289][T13979] dump_stack+0x11d/0x181 [ 3094.418744][T13979] dump_header+0xaa/0x39c [ 3094.423102][T13979] oom_kill_process.cold+0x10/0x15 [ 3094.428252][T13979] out_of_memory+0x231/0xa60 [ 3094.432884][T13979] mem_cgroup_out_of_memory+0x128/0x150 [ 3094.438467][T13979] try_charge+0x800/0xbf0 [ 3094.442914][T13979] __memcg_kmem_charge_memcg+0x4a/0xe0 [ 3094.448394][T13979] ? __rcu_read_unlock+0x66/0x2f0 [ 3094.453442][T13979] cache_grow_begin+0x3bb/0x5c0 [ 3094.458315][T13979] fallback_alloc+0x161/0x1f0 [ 3094.463029][T13979] ____cache_alloc_node+0x1b1/0x1c0 [ 3094.468246][T13979] ? mempolicy_slab_node+0xdf/0x200 [ 3094.473564][T13979] alternate_node_alloc.part.0+0x59/0x80 [ 3094.479313][T13979] alternate_node_alloc+0x21/0x30 [ 3094.484356][T13979] kmem_cache_alloc_trace+0x92/0x5d0 [ 3094.489693][T13979] ? __debugfs_create_file+0x1e1/0x230 [ 3094.495193][T13979] kvm_uevent_notify_change+0x323/0x3b0 [ 3094.500764][T13979] kvm_dev_ioctl+0x92c/0xcb0 [ 3094.505515][T13979] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3094.511793][T13979] ? kvm_put_kvm+0x6a0/0x6a0 [ 3094.516606][T13979] ksys_ioctl+0x109/0x150 [ 3094.520969][T13979] __x64_sys_ioctl+0x4c/0x60 [ 3094.525593][T13979] do_syscall_64+0xcc/0x3a0 [ 3094.530137][T13979] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 3094.536047][T13979] RIP: 0033:0x45c449 [ 3094.541899][T13979] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3094.561513][T13979] RSP: 002b:00007ff5fc42cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3094.569958][T13979] RAX: ffffffffffffffda RBX: 00007ff5fc42d6d4 RCX: 000000000045c449 [ 3094.577992][T13979] RDX: 0000000000000000 RSI: 000000000000ae01 RDI: 0000000000000004 [ 3094.585979][T13979] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 3094.593953][T13979] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 3094.602008][T13979] R13: 0000000000000390 R14: 00000000004c5c51 R15: 000000000076bf2c [ 3094.721146][T13979] memory: usage 305004kB, limit 307200kB, failcnt 1235 [ 3094.733416][T13979] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3094.744073][T13979] Memory cgroup stats for /syz5: [ 3094.744278][T13979] anon 268984320 [ 3094.744278][T13979] file 81920 [ 3094.744278][T13979] kernel_stack 3686400 [ 3094.744278][T13979] slab 10571776 [ 3094.744278][T13979] sock 8192 [ 3094.744278][T13979] shmem 40960 [ 3094.744278][T13979] file_mapped 0 [ 3094.744278][T13979] file_dirty 0 [ 3094.744278][T13979] file_writeback 0 [ 3094.744278][T13979] anon_thp 234881024 [ 3094.744278][T13979] inactive_anon 32768 [ 3094.744278][T13979] active_anon 269004800 [ 3094.744278][T13979] inactive_file 86016 [ 3094.744278][T13979] active_file 40960 [ 3094.744278][T13979] unevictable 0 [ 3094.744278][T13979] slab_reclaimable 2162688 [ 3094.744278][T13979] slab_unreclaimable 8409088 [ 3094.744278][T13979] pgfault 302346 [ 3094.744278][T13979] pgmajfault 0 [ 3094.744278][T13979] workingset_refault 231 [ 3094.744278][T13979] workingset_activate 99 [ 3094.744278][T13979] workingset_nodereclaim 0 [ 3094.744278][T13979] pgrefill 2932 [ 3094.744278][T13979] pgscan 12900 [ 3094.744278][T13979] pgsteal 592 [ 3095.010917][T13979] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=11831,uid=0 [ 3095.064997][T13979] Memory cgroup out of memory: Killed process 11831 (syz-executor.5) total-vm:74836kB, anon-rss:2220kB, file-rss:35828kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 [ 3095.153146][ T1078] oom_reaper: reaped process 11831 (syz-executor.5), now anon-rss:0kB, file-rss:34868kB, shmem-rss:0kB [ 3095.163421][T13985] syz-executor.3 invoked oom-killer: gfp_mask=0x40cc0(GFP_KERNEL|__GFP_COMP), order=0, oom_score_adj=1000 [ 3095.188834][T13985] CPU: 0 PID: 13985 Comm: syz-executor.3 Not tainted 5.6.0-rc1-syzkaller #0 [ 3095.197570][T13985] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3095.207627][T13985] Call Trace: [ 3095.211142][T13985] dump_stack+0x11d/0x181 [ 3095.215594][T13985] dump_header+0xaa/0x39c [ 3095.219942][T13985] oom_kill_process.cold+0x10/0x15 [ 3095.225089][T13985] out_of_memory+0x231/0xa60 [ 3095.229714][T13985] mem_cgroup_out_of_memory+0x128/0x150 [ 3095.235295][T13985] try_charge+0x800/0xbf0 [ 3095.239707][T13985] __memcg_kmem_charge_memcg+0x4a/0xe0 [ 3095.245184][T13985] ? __rcu_read_unlock+0x66/0x2f0 [ 3095.250248][T13985] cache_grow_begin+0x3bb/0x5c0 [ 3095.255124][T13985] fallback_alloc+0x161/0x1f0 [ 3095.259855][T13985] ____cache_alloc_node+0x1b1/0x1c0 [ 3095.265079][T13985] ? mempolicy_slab_node+0xdf/0x200 [ 3095.270303][T13985] alternate_node_alloc.part.0+0x59/0x80 [ 3095.275973][T13985] alternate_node_alloc+0x21/0x30 [ 3095.281025][T13985] kmem_cache_alloc_trace+0x92/0x5d0 [ 3095.286382][T13985] ? __debugfs_create_file+0x1e1/0x230 [ 3095.291925][T13985] kvm_uevent_notify_change+0x323/0x3b0 [ 3095.297511][T13985] kvm_dev_ioctl+0x92c/0xcb0 [ 3095.302140][T13985] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3095.308413][T13985] ? kvm_put_kvm+0x6a0/0x6a0 [ 3095.313021][T13985] ksys_ioctl+0x109/0x150 [ 3095.317379][T13985] __x64_sys_ioctl+0x4c/0x60 [ 3095.321993][T13985] do_syscall_64+0xcc/0x3a0 [ 3095.326530][T13985] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 3095.332428][T13985] RIP: 0033:0x45c449 [ 3095.336360][T13985] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3095.356080][T13985] RSP: 002b:00007f331e30dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3095.364516][T13985] RAX: ffffffffffffffda RBX: 00007f331e30e6d4 RCX: 000000000045c449 [ 3095.372555][T13985] RDX: 0000000000000000 RSI: 000000000000ae01 RDI: 0000000000000006 [ 3095.380660][T13985] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 3095.388725][T13985] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 3095.396709][T13985] R13: 0000000000000390 R14: 00000000004c5c51 R15: 000000000076bf2c 05:59:20 executing program 5: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r5 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000040), 0x0) r6 = accept$alg(r5, 0x0, 0x0) r7 = dup(r6) recvmsg$can_raw(r7, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r7, 0xae47, 0x0) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) 05:59:20 executing program 1: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r5 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000040), 0x0) r6 = accept$alg(r5, 0x0, 0x0) r7 = dup(r6) recvmsg$can_raw(r7, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r7, 0xae47, 0x0) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r9, 0xae60) ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) [ 3095.899053][T13985] memory: usage 307200kB, limit 307200kB, failcnt 154 [ 3095.952199][T13985] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3096.024383][T13985] Memory cgroup stats for /syz3: [ 3096.024609][T13985] anon 285970432 [ 3096.024609][T13985] file 159744 [ 3096.024609][T13985] kernel_stack 2211840 [ 3096.024609][T13985] slab 8122368 [ 3096.024609][T13985] sock 0 [ 3096.024609][T13985] shmem 106496 [ 3096.024609][T13985] file_mapped 0 [ 3096.024609][T13985] file_dirty 0 [ 3096.024609][T13985] file_writeback 0 [ 3096.024609][T13985] anon_thp 270532608 [ 3096.024609][T13985] inactive_anon 135168 [ 3096.024609][T13985] active_anon 285970432 [ 3096.024609][T13985] inactive_file 0 [ 3096.024609][T13985] active_file 69632 [ 3096.024609][T13985] unevictable 0 [ 3096.024609][T13985] slab_reclaimable 1622016 [ 3096.024609][T13985] slab_unreclaimable 6500352 [ 3096.024609][T13985] pgfault 220308 [ 3096.024609][T13985] pgmajfault 0 [ 3096.024609][T13985] workingset_refault 66 [ 3096.024609][T13985] workingset_activate 0 [ 3096.024609][T13985] workingset_nodereclaim 0 [ 3096.024609][T13985] pgrefill 433 [ 3096.024609][T13985] pgscan 446 [ 3096.024609][T13985] pgsteal 211 [ 3096.460927][T13985] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=7463,uid=0 [ 3096.494210][T13985] Memory cgroup out of memory: Killed process 7463 (syz-executor.3) total-vm:74704kB, anon-rss:4260kB, file-rss:35888kB, shmem-rss:0kB, UID:0 pgtables:136kB oom_score_adj:1000 [ 3096.516777][T14027] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 3096.547878][T14027] CPU: 1 PID: 14027 Comm: syz-executor.4 Not tainted 5.6.0-rc1-syzkaller #0 [ 3096.556865][T14027] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3096.567170][T14027] Call Trace: [ 3096.570528][T14027] dump_stack+0x11d/0x181 [ 3096.574885][T14027] dump_header+0xaa/0x39c [ 3096.579250][T14027] oom_kill_process.cold+0x10/0x15 [ 3096.584413][T14027] out_of_memory+0x231/0xa60 [ 3096.589192][T14027] mem_cgroup_out_of_memory+0x128/0x150 [ 3096.594799][T14027] try_charge+0xb6c/0xbf0 [ 3096.599180][T14027] mem_cgroup_try_charge+0xd2/0x260 [ 3096.604679][T14027] mem_cgroup_try_charge_delay+0x3a/0x80 [ 3096.610327][T14027] wp_page_copy+0x322/0xf20 [ 3096.615245][T14027] ? __read_once_size+0x41/0xe0 [ 3096.620117][T14027] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 3096.626216][T14027] do_wp_page+0x192/0xd20 [ 3096.630595][T14027] __handle_mm_fault+0x1d16/0x2e00 [ 3096.635920][T14027] handle_mm_fault+0x21b/0x530 [ 3096.640701][T14027] do_page_fault+0x496/0xa3d [ 3096.645496][T14027] page_fault+0x34/0x40 [ 3096.649724][T14027] RIP: 0033:0x45ee57 [ 3096.653755][T14027] Code: 00 75 25 48 f7 c7 00 01 00 00 b8 ff ff ff ff 75 07 b8 27 00 00 00 0f 05 64 89 04 25 d4 02 00 00 64 89 04 25 d0 02 00 00 58 5f d0 48 89 c7 e8 2f be ff ff 66 2e 0f 1f 84 00 00 00 00 00 0f 1f [ 3096.673729][T14027] RSP: 002b:00007f7e679b8dc0 EFLAGS: 00010206 [ 3096.680023][T14027] RAX: 0000000000413030 RBX: 00007f7e679b9700 RCX: 000000000045ee19 [ 3096.688201][T14027] RDX: 00007f7e679b99d0 RSI: 00007f7e679b8db0 RDI: 00007f7e679b9700 [ 3096.696311][T14027] RBP: 0000000000000000 R08: 00007f7e679b9700 R09: 00007f7e679b9700 [ 3096.704287][T14027] R10: 00007f7e679b99d0 R11: 0000000000000202 R12: 0000000000000000 [ 3096.712265][T14027] R13: 00007fff0da7701f R14: 00007f7e679b99c0 R15: 000000000076bf2c [ 3096.731003][T14027] memory: usage 307200kB, limit 307200kB, failcnt 1353 [ 3096.738132][T14027] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3096.771125][T14027] Memory cgroup stats for /syz4: [ 3096.771347][T14027] anon 242561024 [ 3096.771347][T14027] file 38240256 [ 3096.771347][T14027] kernel_stack 2764800 [ 3096.771347][T14027] slab 7839744 [ 3096.771347][T14027] sock 94208 [ 3096.771347][T14027] shmem 35209216 [ 3096.771347][T14027] file_mapped 0 [ 3096.771347][T14027] file_dirty 0 [ 3096.771347][T14027] file_writeback 0 [ 3096.771347][T14027] anon_thp 222298112 [ 3096.771347][T14027] inactive_anon 32768 [ 3096.771347][T14027] active_anon 277889024 [ 3096.771347][T14027] inactive_file 2658304 [ 3096.771347][T14027] active_file 57344 [ 3096.771347][T14027] unevictable 4096 [ 3096.771347][T14027] slab_reclaimable 1757184 [ 3096.771347][T14027] slab_unreclaimable 6082560 [ 3096.771347][T14027] pgfault 300498 [ 3096.771347][T14027] pgmajfault 0 [ 3096.771347][T14027] workingset_refault 198 [ 3096.771347][T14027] workingset_activate 66 [ 3096.771347][T14027] workingset_nodereclaim 0 [ 3096.771347][T14027] pgrefill 2860 [ 3096.771347][T14027] pgscan 5648776 [ 3096.771347][T14027] pgsteal 450 [ 3096.900239][T14027] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=9353,uid=0 [ 3096.931072][T14027] Memory cgroup out of memory: Killed process 9353 (syz-executor.4) total-vm:74968kB, anon-rss:4280kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 05:59:22 executing program 3: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r5 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000040), 0x0) r6 = accept$alg(r5, 0x0, 0x0) r7 = dup(r6) recvmsg$can_raw(r7, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r7, 0xae47, 0x0) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r9, 0xae60) ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r10 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r11, 0xae60) ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x0) r12 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r12, 0x117, 0x1, &(0x7f0000000040), 0x0) 05:59:22 executing program 0: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$drirender128(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dri/renderD128\x00', 0x8000, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r2, 0xae47, 0x0) r3 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r3, &(0x7f0000000080)=[{&(0x7f0000000200)="580000001500add427323b470c45b4560a067fffffff81004e22000d00ff0028925aa80020007b00090080000efffeffe809000000ff0000f03ac710d1070000ffffffffffffffffffe7ee00000000000000000200000000", 0x58}], 0x1) sendmsg$RDMA_NLDEV_CMD_PORT_GET(r3, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x80, 0x1405, 0x20, 0x70bd2b, 0x25dfdbfd, "", [{{0x8}, {0x8, 0x3, 0x1}}, {{0x8}, {0x8}}, {{0x8, 0x1, 0x2}, {0x8, 0x3, 0x1}}, {{0x8, 0x1, 0x1}, {0x8, 0x3, 0x4}}, {{0x8}, {0x8, 0x3, 0x2}}, {{0x8}, {0x8, 0x3, 0x4}}, {{0x8, 0x1, 0x1}, {0x8, 0x3, 0x1}}]}, 0x80}, 0x1, 0x0, 0x0, 0x8000000}, 0x400c0) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r2, 0xc00c642d, &(0x7f0000000080)={0x0, 0x0, 0xffffffffffffffff}) ioctl$DRM_IOCTL_MODE_ADDFB(r4, 0xc01c64ae, &(0x7f0000000040)={0x4, 0x0, 0x3f, 0x99, 0x40, 0x7fffffff, 0x6}) 05:59:22 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x187, 0x0) 05:59:22 executing program 4: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r5 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000040), 0x0) r6 = accept$alg(r5, 0x0, 0x0) r7 = dup(r6) recvmsg$can_raw(r7, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r7, 0xae47, 0x0) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r9, 0xae60) ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r10 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r11, 0xae60) ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r11, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000040), 0x0) 05:59:22 executing program 1: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r5 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000040), 0x0) r6 = accept$alg(r5, 0x0, 0x0) r7 = dup(r6) recvmsg$can_raw(r7, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r7, 0xae47, 0x0) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r9, 0xae60) 05:59:22 executing program 5: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r5 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000040), 0x0) r6 = accept$alg(r5, 0x0, 0x0) r7 = dup(r6) recvmsg$can_raw(r7, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r7, 0xae47, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) 05:59:22 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x188, 0x0) 05:59:22 executing program 0: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$drirender128(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dri/renderD128\x00', 0x8000, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r2, 0xae47, 0x0) r3 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r3, &(0x7f0000000080)=[{&(0x7f0000000200)="580000001500add427323b470c45b4560a067fffffff81004e22000d00ff0028925aa80020007b00090080000efffeffe809000000ff0000f03ac710d1070000ffffffffffffffffffe7ee00000000000000000200000000", 0x58}], 0x1) sendmsg$RDMA_NLDEV_CMD_PORT_GET(r3, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x80, 0x1405, 0x20, 0x70bd2b, 0x25dfdbfd, "", [{{0x8}, {0x8, 0x3, 0x1}}, {{0x8}, {0x8}}, {{0x8, 0x1, 0x2}, {0x8, 0x3, 0x1}}, {{0x8, 0x1, 0x1}, {0x8, 0x3, 0x4}}, {{0x8}, {0x8, 0x3, 0x2}}, {{0x8}, {0x8, 0x3, 0x4}}, {{0x8, 0x1, 0x1}, {0x8, 0x3, 0x1}}]}, 0x80}, 0x1, 0x0, 0x0, 0x8000000}, 0x400c0) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r2, 0xc00c642d, &(0x7f0000000080)={0x0, 0x0, 0xffffffffffffffff}) ioctl$DRM_IOCTL_MODE_ADDFB(r4, 0xc01c64ae, &(0x7f0000000040)={0x4, 0x0, 0x3f, 0x99, 0x40, 0x7fffffff, 0x6}) 05:59:22 executing program 1: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r5 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000040), 0x0) r6 = accept$alg(r5, 0x0, 0x0) r7 = dup(r6) recvmsg$can_raw(r7, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r7, 0xae47, 0x0) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r9, 0xae60) 05:59:22 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x189, 0x0) [ 3097.496513][ C1] print_req_error: 295 callbacks suppressed [ 3097.496533][ C1] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3097.514263][ C1] buffer_io_error: 295 callbacks suppressed [ 3097.514292][ C1] Buffer I/O error on dev loop0, logical block 0, async page read [ 3097.548777][T14097] syz-executor.5 invoked oom-killer: gfp_mask=0x400cc0(GFP_KERNEL_ACCOUNT), order=0, oom_score_adj=1000 [ 3097.632177][ C1] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3097.636144][T14097] CPU: 0 PID: 14097 Comm: syz-executor.5 Not tainted 5.6.0-rc1-syzkaller #0 [ 3097.643511][ C1] Buffer I/O error on dev loop0, logical block 0, async page read [ 3097.652352][T14097] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3097.652357][T14097] Call Trace: [ 3097.652387][T14097] dump_stack+0x11d/0x181 [ 3097.652422][T14097] dump_header+0xaa/0x39c [ 3097.683068][T14097] oom_kill_process.cold+0x10/0x15 [ 3097.688363][T14097] out_of_memory+0x231/0xa60 [ 3097.693390][T14097] mem_cgroup_out_of_memory+0x128/0x150 [ 3097.699466][T14097] try_charge+0xb6c/0xbf0 [ 3097.703909][T14097] __memcg_kmem_charge_memcg+0x4a/0xe0 [ 3097.709742][T14097] __memcg_kmem_charge+0xcf/0x1b0 [ 3097.714849][T14097] __alloc_pages_nodemask+0x26c/0x310 [ 3097.720427][T14097] alloc_pages_current+0xd1/0x170 [ 3097.725469][T14097] __get_free_pages+0xc/0x40 [ 3097.730125][T14097] alloc_loaded_vmcs+0xfd/0x160 [ 3097.735029][T14097] vmx_create_vcpu+0x267/0x2280 [ 3097.740036][T14097] ? kvm_hv_vcpu_init+0x1d4/0x200 [ 3097.745261][T14097] kvm_arch_vcpu_create+0x401/0x660 [ 3097.750552][T14097] kvm_vm_ioctl+0xdd5/0x14e0 [ 3097.755297][T14097] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 3097.761533][T14097] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3097.767841][T14097] ? do_vfs_ioctl+0x3c0/0xd00 [ 3097.772606][T14097] ? tomoyo_file_ioctl+0x34/0x40 [ 3097.777807][T14097] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3097.784213][T14097] ? kvm_unregister_device_ops+0x80/0x80 [ 3097.789864][T14097] ksys_ioctl+0x109/0x150 [ 3097.794599][T14097] __x64_sys_ioctl+0x4c/0x60 [ 3097.799209][T14097] do_syscall_64+0xcc/0x3a0 [ 3097.804136][T14097] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 3097.810252][T14097] RIP: 0033:0x45c449 [ 3097.814161][T14097] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3097.834108][T14097] RSP: 002b:00007ff5fc40bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3097.842898][T14097] RAX: ffffffffffffffda RBX: 00007ff5fc40c6d4 RCX: 000000000045c449 [ 3097.851213][T14097] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000005 [ 3097.859333][T14097] RBP: 000000000076bfc0 R08: 0000000000000000 R09: 0000000000000000 [ 3097.867430][T14097] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 3097.875780][T14097] R13: 000000000000038f R14: 00000000004c5c3b R15: 000000000076bfcc 05:59:23 executing program 4: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r5 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000040), 0x0) r6 = accept$alg(r5, 0x0, 0x0) r7 = dup(r6) recvmsg$can_raw(r7, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r7, 0xae47, 0x0) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r9, 0xae60) ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r10 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r11, 0xae60) ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r11, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000040), 0x0) 05:59:23 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x18a, 0x0) [ 3098.035455][ C1] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3098.047360][ C1] Buffer I/O error on dev loop0, logical block 0, async page read 05:59:23 executing program 3: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r5 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000040), 0x0) r6 = accept$alg(r5, 0x0, 0x0) r7 = dup(r6) recvmsg$can_raw(r7, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r7, 0xae47, 0x0) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r9, 0xae60) ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r10 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r11, 0xae60) ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x0) r12 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r12, 0x117, 0x1, &(0x7f0000000040), 0x0) 05:59:23 executing program 0: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r5 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000040), 0x0) r6 = accept$alg(r5, 0x0, 0x0) r7 = dup(r6) recvmsg$can_raw(r7, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r7, 0xae47, 0x0) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r9, 0xae60) [ 3098.144361][ C1] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3098.155705][ C1] Buffer I/O error on dev loop0, logical block 0, async page read [ 3098.232164][ C1] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3098.243348][ C1] Buffer I/O error on dev loop0, logical block 0, async page read [ 3098.320296][ C1] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3098.331516][ C1] Buffer I/O error on dev loop0, logical block 0, async page read [ 3098.383175][ C1] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3098.394519][ C1] Buffer I/O error on dev loop0, logical block 0, async page read [ 3098.408066][ C1] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3098.419814][ C1] Buffer I/O error on dev loop0, logical block 0, async page read [ 3098.428403][ C1] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3098.439383][ C1] Buffer I/O error on dev loop0, logical block 0, async page read [ 3098.450537][ C1] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3098.461458][ C1] Buffer I/O error on dev loop0, logical block 0, async page read [ 3098.588605][T14097] memory: usage 307184kB, limit 307200kB, failcnt 1283 [ 3098.611141][T14097] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3098.631093][T14097] Memory cgroup stats for /syz5: [ 3098.641212][T14097] anon 270979072 [ 3098.641212][T14097] file 81920 [ 3098.641212][T14097] kernel_stack 3686400 [ 3098.641212][T14097] slab 10571776 [ 3098.641212][T14097] sock 8192 [ 3098.641212][T14097] shmem 40960 [ 3098.641212][T14097] file_mapped 0 [ 3098.641212][T14097] file_dirty 0 [ 3098.641212][T14097] file_writeback 0 [ 3098.641212][T14097] anon_thp 236978176 [ 3098.641212][T14097] inactive_anon 32768 [ 3098.641212][T14097] active_anon 270995456 [ 3098.641212][T14097] inactive_file 0 [ 3098.641212][T14097] active_file 40960 [ 3098.641212][T14097] unevictable 0 [ 3098.641212][T14097] slab_reclaimable 2162688 [ 3098.641212][T14097] slab_unreclaimable 8409088 [ 3098.641212][T14097] pgfault 302544 [ 3098.641212][T14097] pgmajfault 0 [ 3098.641212][T14097] workingset_refault 231 [ 3098.641212][T14097] workingset_activate 99 [ 3098.641212][T14097] workingset_nodereclaim 0 [ 3098.641212][T14097] pgrefill 2965 [ 3098.641212][T14097] pgscan 13202 [ 3098.641212][T14097] pgsteal 592 05:59:24 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x18b, 0x0) 05:59:24 executing program 1: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r5 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000040), 0x0) r6 = accept$alg(r5, 0x0, 0x0) r7 = dup(r6) recvmsg$can_raw(r7, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r7, 0xae47, 0x0) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r9, 0xae60) 05:59:24 executing program 3: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r5 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000040), 0x0) r6 = accept$alg(r5, 0x0, 0x0) r7 = dup(r6) recvmsg$can_raw(r7, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r7, 0xae47, 0x0) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r9, 0xae60) ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r10 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r11, 0xae60) ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x0) r12 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r12, 0x117, 0x1, &(0x7f0000000040), 0x0) [ 3099.155551][T14097] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=11793,uid=0 [ 3099.222322][T14097] Memory cgroup out of memory: Killed process 11793 (syz-executor.5) total-vm:74836kB, anon-rss:2220kB, file-rss:35828kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 [ 3099.283745][ T1078] oom_reaper: reaped process 11793 (syz-executor.5), now anon-rss:0kB, file-rss:34868kB, shmem-rss:0kB [ 3099.301636][T14151] syz-executor.3 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 3099.385770][T14151] CPU: 0 PID: 14151 Comm: syz-executor.3 Not tainted 5.6.0-rc1-syzkaller #0 [ 3099.394736][T14151] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3099.405357][T14151] Call Trace: [ 3099.408765][T14151] dump_stack+0x11d/0x181 [ 3099.413129][T14151] dump_header+0xaa/0x39c [ 3099.417846][T14151] oom_kill_process.cold+0x10/0x15 [ 3099.423256][T14151] out_of_memory+0x231/0xa60 [ 3099.428178][T14151] mem_cgroup_out_of_memory+0x128/0x150 [ 3099.433752][T14151] try_charge+0xb6c/0xbf0 [ 3099.438387][T14151] __memcg_kmem_charge_memcg+0x4a/0xe0 [ 3099.443912][T14151] __memcg_kmem_charge+0xcf/0x1b0 [ 3099.448961][T14151] __alloc_pages_nodemask+0x26c/0x310 [ 3099.454508][T14151] alloc_pages_current+0xd1/0x170 [ 3099.459628][T14151] __pmd_alloc+0x4b/0x2b0 [ 3099.464116][T14151] copy_page_range+0x14ef/0x1a00 [ 3099.469355][T14151] ? __list_add_valid+0x62/0x80 [ 3099.474548][T14151] ? __write_once_size.constprop.0+0x20/0x20 [ 3099.480875][T14151] ? vm_get_page_prot+0x90/0x90 [ 3099.485830][T14151] dup_mm+0x74a/0xba0 [ 3099.490105][T14151] copy_process+0x39d7/0x3b40 [ 3099.495065][T14151] _do_fork+0xfe/0x7a0 [ 3099.499385][T14151] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3099.505717][T14151] ? ktime_get_ts64+0x286/0x2c0 [ 3099.510661][T14151] __x64_sys_clone+0x130/0x170 [ 3099.515547][T14151] do_syscall_64+0xcc/0x3a0 [ 3099.520091][T14151] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 3099.526118][T14151] RIP: 0033:0x45c449 [ 3099.530430][T14151] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3099.551319][T14151] RSP: 002b:00007f331e30dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 3099.559909][T14151] RAX: ffffffffffffffda RBX: 00007f331e30e6d4 RCX: 000000000045c449 [ 3099.568210][T14151] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 3099.576742][T14151] RBP: 000000000076bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 3099.585200][T14151] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 3099.593272][T14151] R13: 0000000000000074 R14: 00000000004c2ce6 R15: 000000000076bf2c [ 3099.611477][T14151] memory: usage 307200kB, limit 307200kB, failcnt 172 [ 3099.618845][T14151] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3099.626016][T14151] Memory cgroup stats for /syz3: [ 3099.626191][T14151] anon 285978624 [ 3099.626191][T14151] file 159744 [ 3099.626191][T14151] kernel_stack 2211840 [ 3099.626191][T14151] slab 8122368 [ 3099.626191][T14151] sock 0 [ 3099.626191][T14151] shmem 106496 [ 3099.626191][T14151] file_mapped 0 [ 3099.626191][T14151] file_dirty 0 [ 3099.626191][T14151] file_writeback 0 [ 3099.626191][T14151] anon_thp 270532608 [ 3099.626191][T14151] inactive_anon 135168 [ 3099.626191][T14151] active_anon 285978624 [ 3099.626191][T14151] inactive_file 0 [ 3099.626191][T14151] active_file 69632 [ 3099.626191][T14151] unevictable 0 [ 3099.626191][T14151] slab_reclaimable 1622016 [ 3099.626191][T14151] slab_unreclaimable 6500352 [ 3099.626191][T14151] pgfault 220572 [ 3099.626191][T14151] pgmajfault 0 [ 3099.626191][T14151] workingset_refault 66 [ 3099.626191][T14151] workingset_activate 0 [ 3099.626191][T14151] workingset_nodereclaim 0 [ 3099.626191][T14151] pgrefill 433 [ 3099.626191][T14151] pgscan 479 [ 3099.626191][T14151] pgsteal 211 [ 3099.740346][T14151] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=11836,uid=0 [ 3099.756910][T14151] Memory cgroup out of memory: Killed process 11836 (syz-executor.3) total-vm:74704kB, anon-rss:4260kB, file-rss:35872kB, shmem-rss:0kB, UID:0 pgtables:136kB oom_score_adj:1000 [ 3099.834474][T14078] syz-executor.5 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 3099.860993][T14078] CPU: 0 PID: 14078 Comm: syz-executor.5 Not tainted 5.6.0-rc1-syzkaller #0 [ 3099.870034][T14078] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3099.880517][T14078] Call Trace: [ 3099.884301][T14078] dump_stack+0x11d/0x181 [ 3099.888698][T14078] dump_header+0xaa/0x39c [ 3099.893191][T14078] oom_kill_process.cold+0x10/0x15 [ 3099.898448][T14078] out_of_memory+0x231/0xa60 [ 3099.903102][T14078] mem_cgroup_out_of_memory+0x128/0x150 [ 3099.908763][T14078] try_charge+0x800/0xbf0 [ 3099.913195][T14078] ? vma_gap_callbacks_rotate+0x126/0x190 [ 3099.919331][T14078] __memcg_kmem_charge_memcg+0x4a/0xe0 [ 3099.925181][T14078] __memcg_kmem_charge+0xcf/0x1b0 [ 3099.930478][T14078] __alloc_pages_nodemask+0x26c/0x310 [ 3099.936095][T14078] alloc_pages_current+0xd1/0x170 [ 3099.941148][T14078] pte_alloc_one+0x18/0x50 [ 3099.945611][T14078] __pte_alloc+0x2d/0x220 [ 3099.950284][T14078] __handle_mm_fault+0x1ffb/0x2e00 [ 3099.955695][T14078] handle_mm_fault+0x21b/0x530 [ 3099.960467][T14078] do_page_fault+0x496/0xa3d [ 3099.965146][T14078] page_fault+0x34/0x40 [ 3099.969341][T14078] RIP: 0033:0x413c3f [ 3099.973370][T14078] Code: 0f 84 c8 02 00 00 48 83 bd 78 ff ff ff 00 0f 84 f9 04 00 00 48 8b 95 68 ff ff ff 44 89 95 38 ff ff ff 4c 8d ac 10 00 f7 ff ff <49> 89 85 90 06 00 00 49 8d 85 10 03 00 00 49 89 95 98 06 00 00 41 [ 3099.993672][T14078] RSP: 002b:00007ffdc7864c70 EFLAGS: 00010206 [ 3100.000008][T14078] RAX: 00007ff5fc3cb000 RBX: 0000000000020000 RCX: 000000000045c49a [ 3100.008304][T14078] RDX: 0000000000021000 RSI: 0000000000021000 RDI: 0000000000000000 [ 3100.016730][T14078] RBP: 00007ffdc7864d50 R08: ffffffffffffffff R09: 0000000000000000 [ 3100.025112][T14078] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffdc7864e40 [ 3100.033218][T14078] R13: 00007ff5fc3eb700 R14: 0000000000000002 R15: 000000000076c06c [ 3100.044195][T14078] memory: usage 304852kB, limit 307200kB, failcnt 1283 [ 3100.068188][T14078] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3100.089389][T14078] Memory cgroup stats for /syz5: [ 3100.089615][T14078] anon 268906496 [ 3100.089615][T14078] file 81920 [ 3100.089615][T14078] kernel_stack 3686400 [ 3100.089615][T14078] slab 10571776 [ 3100.089615][T14078] sock 8192 [ 3100.089615][T14078] shmem 40960 [ 3100.089615][T14078] file_mapped 0 [ 3100.089615][T14078] file_dirty 0 [ 3100.089615][T14078] file_writeback 0 [ 3100.089615][T14078] anon_thp 234881024 [ 3100.089615][T14078] inactive_anon 32768 [ 3100.089615][T14078] active_anon 268902400 [ 3100.089615][T14078] inactive_file 0 [ 3100.089615][T14078] active_file 40960 [ 3100.089615][T14078] unevictable 0 [ 3100.089615][T14078] slab_reclaimable 2162688 [ 3100.089615][T14078] slab_unreclaimable 8409088 [ 3100.089615][T14078] pgfault 302544 [ 3100.089615][T14078] pgmajfault 0 [ 3100.089615][T14078] workingset_refault 231 [ 3100.089615][T14078] workingset_activate 99 [ 3100.089615][T14078] workingset_nodereclaim 0 [ 3100.089615][T14078] pgrefill 2965 [ 3100.089615][T14078] pgscan 13202 [ 3100.089615][T14078] pgsteal 592 [ 3100.235777][T14078] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=10236,uid=0 [ 3100.255565][T14078] Memory cgroup out of memory: Killed process 10236 (syz-executor.5) total-vm:74968kB, anon-rss:2228kB, file-rss:35808kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000 [ 3100.327770][T14116] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3100.354287][T14116] CPU: 0 PID: 14116 Comm: syz-executor.0 Not tainted 5.6.0-rc1-syzkaller #0 [ 3100.363247][T14116] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3100.373620][T14116] Call Trace: [ 3100.377293][T14116] dump_stack+0x11d/0x181 [ 3100.381748][T14116] dump_header+0xaa/0x39c [ 3100.386108][T14116] oom_kill_process.cold+0x10/0x15 [ 3100.391263][T14116] out_of_memory+0x231/0xa60 [ 3100.396014][T14116] mem_cgroup_out_of_memory+0x128/0x150 [ 3100.401741][T14116] try_charge+0xb6c/0xbf0 [ 3100.406266][T14116] mem_cgroup_try_charge+0xd2/0x260 [ 3100.411575][T14116] mem_cgroup_try_charge_delay+0x3a/0x80 [ 3100.417428][T14116] wp_page_copy+0x322/0xf20 [ 3100.422058][T14116] ? __read_once_size+0x41/0xe0 [ 3100.427029][T14116] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 3100.433230][T14116] do_wp_page+0x192/0xd20 [ 3100.437839][T14116] __handle_mm_fault+0x1d16/0x2e00 [ 3100.443358][T14116] handle_mm_fault+0x21b/0x530 [ 3100.448192][T14116] do_page_fault+0x496/0xa3d [ 3100.452949][T14116] page_fault+0x34/0x40 [ 3100.457290][T14116] RIP: 0033:0x411498 [ 3100.461403][T14116] Code: 8b 34 c6 4a 8d 04 2e 48 3d ff ff ff 7e 0f 86 77 ff ff ff bf 58 1d 4c 00 31 c0 e8 13 0a ff ff 31 ff e8 5c 06 ff ff 0f 1f 40 00 <89> 3c b5 00 00 74 00 eb b6 31 ed 0f 1f 44 00 00 80 3d ae 11 87 00 [ 3100.481452][T14116] RSP: 002b:00007ffde03e8e40 EFLAGS: 00010246 [ 3100.488126][T14116] RAX: 00000000b4145251 RBX: 00000000acbaa6d1 RCX: 0000001b32f20000 [ 3100.496344][T14116] RDX: 0000000000000000 RSI: 0000000000001251 RDI: ffffffffb4145251 [ 3100.506228][T14116] RBP: 0000000000000018 R08: 00000000b4145251 R09: 00000000b4145255 [ 3100.514676][T14116] R10: 00007ffde03e8fe0 R11: 0000000000000246 R12: 000000000076bfa8 05:59:25 executing program 5: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r5 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000040), 0x0) r6 = accept$alg(r5, 0x0, 0x0) r7 = dup(r6) recvmsg$can_raw(r7, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r7, 0xae47, 0x0) 05:59:25 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x18c, 0x0) 05:59:25 executing program 3: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r5 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000040), 0x0) r6 = accept$alg(r5, 0x0, 0x0) r7 = dup(r6) recvmsg$can_raw(r7, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r7, 0xae47, 0x0) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r9, 0xae60) ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r10 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x0) r12 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r12, 0x117, 0x1, &(0x7f0000000040), 0x0) [ 3100.522672][T14116] R13: 0000000080000000 R14: 00007fc024a65008 R15: 0000000000000021 [ 3100.550399][T14116] memory: usage 307200kB, limit 307200kB, failcnt 1624 [ 3100.590939][T14116] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3100.598251][T14116] Memory cgroup stats for /syz0: [ 3100.598433][T14116] anon 223277056 [ 3100.598433][T14116] file 47108096 [ 3100.598433][T14116] kernel_stack 4018176 [ 3100.598433][T14116] slab 8630272 [ 3100.598433][T14116] sock 0 [ 3100.598433][T14116] shmem 46977024 [ 3100.598433][T14116] file_mapped 0 [ 3100.598433][T14116] file_dirty 0 [ 3100.598433][T14116] file_writeback 0 [ 3100.598433][T14116] anon_thp 188743680 [ 3100.598433][T14116] inactive_anon 0 [ 3100.598433][T14116] active_anon 270303232 [ 3100.598433][T14116] inactive_file 0 [ 3100.598433][T14116] active_file 57344 [ 3100.598433][T14116] unevictable 0 [ 3100.598433][T14116] slab_reclaimable 1486848 [ 3100.598433][T14116] slab_unreclaimable 7143424 [ 3100.598433][T14116] pgfault 343893 [ 3100.598433][T14116] pgmajfault 0 [ 3100.598433][T14116] workingset_refault 264 [ 3100.598433][T14116] workingset_activate 66 [ 3100.598433][T14116] workingset_nodereclaim 0 [ 3100.598433][T14116] pgrefill 1307 [ 3100.598433][T14116] pgscan 1551 [ 3100.598433][T14116] pgsteal 657 [ 3100.710936][T14116] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=25118,uid=0 [ 3100.763711][T14116] Memory cgroup out of memory: Killed process 25118 (syz-executor.0) total-vm:74836kB, anon-rss:2228kB, file-rss:35784kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 05:59:26 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x18d, 0x0) 05:59:26 executing program 5: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r5 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000040), 0x0) r6 = accept$alg(r5, 0x0, 0x0) r7 = dup(r6) recvmsg$can_raw(r7, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) [ 3101.083620][T14145] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 3101.124606][T14145] CPU: 1 PID: 14145 Comm: syz-executor.1 Not tainted 5.6.0-rc1-syzkaller #0 [ 3101.133467][T14145] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3101.143833][T14145] Call Trace: [ 3101.147142][T14145] dump_stack+0x11d/0x181 [ 3101.151732][T14145] dump_header+0xaa/0x39c [ 3101.156282][T14145] oom_kill_process.cold+0x10/0x15 [ 3101.161571][T14145] out_of_memory+0x231/0xa60 [ 3101.166311][T14145] mem_cgroup_out_of_memory+0x128/0x150 [ 3101.172011][T14145] try_charge+0xb6c/0xbf0 [ 3101.176583][T14145] mem_cgroup_try_charge+0xd2/0x260 [ 3101.181845][T14145] mem_cgroup_try_charge_delay+0x3a/0x80 [ 3101.187687][T14145] wp_page_copy+0x322/0xf20 [ 3101.192580][T14145] ? __read_once_size+0x41/0xe0 [ 3101.197547][T14145] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 3101.203839][T14145] do_wp_page+0x192/0xd20 [ 3101.208446][T14145] __handle_mm_fault+0x1d16/0x2e00 [ 3101.213802][T14145] handle_mm_fault+0x21b/0x530 [ 3101.218967][T14145] do_page_fault+0x496/0xa3d [ 3101.223937][T14145] page_fault+0x34/0x40 [ 3101.228328][T14145] RIP: 0033:0x413d0c [ 3101.232415][T14145] Code: 89 b5 38 ff ff ff 48 83 c8 01 48 89 05 9d e9 86 00 48 8b 05 96 c1 30 00 49 c7 85 c8 02 00 00 90 fe 71 00 49 89 85 c0 02 00 00 <4c> 89 70 08 4c 89 35 79 c1 30 00 48 c7 05 6e e9 86 00 00 00 00 00 [ 3101.252612][T14145] RSP: 002b:00007ffdc74b0440 EFLAGS: 00010202 [ 3101.258705][T14145] RAX: 00007f86ddabb9c0 RBX: 0000000000020000 RCX: 00000000ffffffe0 [ 3101.266688][T14145] RDX: 0000000000000040 RSI: 0000000000000001 RDI: 00007f86dda9a6a0 05:59:26 executing program 4: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r5 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000040), 0x0) r6 = accept$alg(r5, 0x0, 0x0) r7 = dup(r6) recvmsg$can_raw(r7, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r7, 0xae47, 0x0) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r9, 0xae60) ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r10 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x0) r12 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r12, 0x117, 0x1, &(0x7f0000000040), 0x0) 05:59:26 executing program 3: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r5 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000040), 0x0) r6 = accept$alg(r5, 0x0, 0x0) r7 = dup(r6) recvmsg$can_raw(r7, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r7, 0xae47, 0x0) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r9, 0xae60) ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r10 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x0) r12 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r12, 0x117, 0x1, &(0x7f0000000040), 0x0) 05:59:26 executing program 5: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r5 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000040), 0x0) r6 = accept$alg(r5, 0x0, 0x0) dup(r6) [ 3101.275109][T14145] RBP: 00007ffdc74b0520 R08: 0000000000721800 R09: 0000000000721800 [ 3101.283365][T14145] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffdc74b0610 [ 3101.291619][T14145] R13: 00007f86dda9a700 R14: 00007f86dda9a9c0 R15: 000000000076bfcc [ 3101.350938][T14145] memory: usage 307200kB, limit 307200kB, failcnt 2556 [ 3101.358254][T14145] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3101.394803][T14145] Memory cgroup stats for /syz1: [ 3101.395046][T14145] anon 279580672 [ 3101.395046][T14145] file 45056 [ 3101.395046][T14145] kernel_stack 2985984 [ 3101.395046][T14145] slab 7680000 [ 3101.395046][T14145] sock 12288 [ 3101.395046][T14145] shmem 28672 [ 3101.395046][T14145] file_mapped 135168 [ 3101.395046][T14145] file_dirty 0 [ 3101.395046][T14145] file_writeback 0 [ 3101.395046][T14145] anon_thp 251658240 [ 3101.395046][T14145] inactive_anon 139264 [ 3101.395046][T14145] active_anon 279580672 05:59:26 executing program 0: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r5 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000040), 0x0) r6 = accept$alg(r5, 0x0, 0x0) r7 = dup(r6) recvmsg$can_raw(r7, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r7, 0xae47, 0x0) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r9, 0xae60) 05:59:26 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x18e, 0x0) [ 3101.395046][T14145] inactive_file 32768 [ 3101.395046][T14145] active_file 69632 [ 3101.395046][T14145] unevictable 8192 [ 3101.395046][T14145] slab_reclaimable 1622016 [ 3101.395046][T14145] slab_unreclaimable 6057984 [ 3101.395046][T14145] pgfault 333927 [ 3101.395046][T14145] pgmajfault 0 [ 3101.395046][T14145] workingset_refault 165 [ 3101.395046][T14145] workingset_activate 33 [ 3101.395046][T14145] workingset_nodereclaim 0 [ 3101.395046][T14145] pgrefill 1358 [ 3101.395046][T14145] pgscan 6626 [ 3101.395046][T14145] pgsteal 5763 [ 3101.623416][T14145] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=16543,uid=0 [ 3101.691061][T14145] Memory cgroup out of memory: Killed process 16543 (syz-executor.1) total-vm:74836kB, anon-rss:4268kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:124kB oom_score_adj:1000 [ 3101.760571][ T1078] oom_reaper: reaped process 16543 (syz-executor.1), now anon-rss:0kB, file-rss:34688kB, shmem-rss:0kB [ 3101.893722][T14213] syz-executor.0 invoked oom-killer: gfp_mask=0x400cc0(GFP_KERNEL_ACCOUNT), order=0, oom_score_adj=1000 [ 3101.990982][T14213] CPU: 0 PID: 14213 Comm: syz-executor.0 Not tainted 5.6.0-rc1-syzkaller #0 [ 3101.999761][T14213] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3102.010064][T14213] Call Trace: [ 3102.013545][T14213] dump_stack+0x11d/0x181 [ 3102.018002][T14213] dump_header+0xaa/0x39c [ 3102.022519][T14213] oom_kill_process.cold+0x10/0x15 [ 3102.027725][T14213] out_of_memory+0x231/0xa60 [ 3102.032339][T14213] ? __rcu_read_unlock+0x66/0x2f0 [ 3102.037568][T14213] mem_cgroup_out_of_memory+0x128/0x150 [ 3102.043337][T14213] try_charge+0xb6c/0xbf0 [ 3102.048062][T14213] __memcg_kmem_charge_memcg+0x4a/0xe0 [ 3102.053711][T14213] __memcg_kmem_charge+0xcf/0x1b0 [ 3102.058859][T14213] __alloc_pages_nodemask+0x26c/0x310 [ 3102.065313][T14213] alloc_pages_current+0xd1/0x170 [ 3102.070513][T14213] __get_free_pages+0xc/0x40 [ 3102.075192][T14213] alloc_loaded_vmcs+0xfd/0x160 [ 3102.080201][T14213] vmx_create_vcpu+0x267/0x2280 [ 3102.085088][T14213] ? kvm_hv_vcpu_init+0x1d4/0x200 [ 3102.090137][T14213] kvm_arch_vcpu_create+0x401/0x660 [ 3102.095638][T14213] kvm_vm_ioctl+0xdd5/0x14e0 [ 3102.100316][T14213] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 3102.106266][T14213] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3102.112529][T14213] ? do_vfs_ioctl+0x3c0/0xd00 [ 3102.117345][T14213] ? tomoyo_file_ioctl+0x34/0x40 [ 3102.122551][T14213] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3102.128821][T14213] ? kvm_unregister_device_ops+0x80/0x80 [ 3102.134814][T14213] ksys_ioctl+0x109/0x150 [ 3102.139629][T14213] __x64_sys_ioctl+0x4c/0x60 [ 3102.144460][T14213] do_syscall_64+0xcc/0x3a0 [ 3102.149202][T14213] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 3102.155233][T14213] RIP: 0033:0x45c449 [ 3102.159174][T14213] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3102.179465][T14213] RSP: 002b:00007fc022a63c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3102.188296][T14213] RAX: ffffffffffffffda RBX: 00007fc022a646d4 RCX: 000000000045c449 [ 3102.196752][T14213] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000005 [ 3102.204765][T14213] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 3102.212994][T14213] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 3102.221180][T14213] R13: 000000000000038f R14: 00000000004c5c3b R15: 000000000076bf2c 05:59:27 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x18f, 0x0) 05:59:27 executing program 1: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r5 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000040), 0x0) r6 = accept$alg(r5, 0x0, 0x0) r7 = dup(r6) recvmsg$can_raw(r7, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r7, 0xae47, 0x0) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r9, 0xae60) ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r10 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x0) r12 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r12, 0x117, 0x1, &(0x7f0000000040), 0x0) 05:59:27 executing program 3: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r5 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000040), 0x0) r6 = accept$alg(r5, 0x0, 0x0) r7 = dup(r6) recvmsg$can_raw(r7, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r7, 0xae47, 0x0) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r9, 0xae60) ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r10 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x0) r12 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r12, 0x117, 0x1, &(0x7f0000000040), 0x0) 05:59:27 executing program 5: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r5 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000040), 0x0) accept$alg(r5, 0x0, 0x0) 05:59:27 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x190, 0x0) [ 3102.661024][T14213] memory: usage 307196kB, limit 307200kB, failcnt 1672 [ 3102.668379][T14213] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3102.733891][T14213] Memory cgroup stats for /syz0: [ 3102.736515][T14213] anon 223281152 [ 3102.736515][T14213] file 47108096 [ 3102.736515][T14213] kernel_stack 4018176 [ 3102.736515][T14213] slab 8814592 [ 3102.736515][T14213] sock 0 [ 3102.736515][T14213] shmem 46977024 [ 3102.736515][T14213] file_mapped 0 [ 3102.736515][T14213] file_dirty 0 [ 3102.736515][T14213] file_writeback 0 [ 3102.736515][T14213] anon_thp 188743680 [ 3102.736515][T14213] inactive_anon 0 [ 3102.736515][T14213] active_anon 270307328 05:59:28 executing program 1: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r5 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000040), 0x0) r6 = accept$alg(r5, 0x0, 0x0) r7 = dup(r6) recvmsg$can_raw(r7, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r7, 0xae47, 0x0) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r9, 0xae60) ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r10 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x0) r12 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r12, 0x117, 0x1, &(0x7f0000000040), 0x0) [ 3102.736515][T14213] inactive_file 0 [ 3102.736515][T14213] active_file 57344 [ 3102.736515][T14213] unevictable 0 [ 3102.736515][T14213] slab_reclaimable 1486848 [ 3102.736515][T14213] slab_unreclaimable 7327744 [ 3102.736515][T14213] pgfault 344025 [ 3102.736515][T14213] pgmajfault 0 [ 3102.736515][T14213] workingset_refault 264 [ 3102.736515][T14213] workingset_activate 66 [ 3102.736515][T14213] workingset_nodereclaim 0 [ 3102.736515][T14213] pgrefill 1307 [ 3102.736515][T14213] pgscan 1551 [ 3102.736515][T14213] pgsteal 657 05:59:28 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x191, 0x0) [ 3103.144455][T14213] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=12308,uid=0 [ 3103.187964][T14213] Memory cgroup out of memory: Killed process 12308 (syz-executor.0) total-vm:74836kB, anon-rss:2220kB, file-rss:35792kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 [ 3103.229277][ T1078] oom_reaper: reaped process 12308 (syz-executor.0), now anon-rss:0kB, file-rss:34832kB, shmem-rss:0kB [ 3103.255261][T14211] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3103.279360][T14211] CPU: 1 PID: 14211 Comm: syz-executor.0 Not tainted 5.6.0-rc1-syzkaller #0 [ 3103.288424][T14211] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3103.299036][T14211] Call Trace: [ 3103.302762][T14211] dump_stack+0x11d/0x181 [ 3103.307296][T14211] dump_header+0xaa/0x39c [ 3103.311877][T14211] oom_kill_process.cold+0x10/0x15 [ 3103.318219][T14211] out_of_memory+0x231/0xa60 [ 3103.323168][T14211] mem_cgroup_out_of_memory+0x128/0x150 [ 3103.329173][T14211] try_charge+0x800/0xbf0 [ 3103.333645][T14211] mem_cgroup_try_charge+0xd2/0x260 [ 3103.339148][T14211] mem_cgroup_try_charge_delay+0x3a/0x80 [ 3103.345133][T14211] __handle_mm_fault+0x197f/0x2e00 [ 3103.350524][T14211] handle_mm_fault+0x21b/0x530 [ 3103.355523][T14211] do_page_fault+0x496/0xa3d [ 3103.360582][T14211] page_fault+0x34/0x40 [ 3103.366968][T14211] RIP: 0033:0x413c3f [ 3103.371503][T14211] Code: 0f 84 c8 02 00 00 48 83 bd 78 ff ff ff 00 0f 84 f9 04 00 00 48 8b 95 68 ff ff ff 44 89 95 38 ff ff ff 4c 8d ac 10 00 f7 ff ff <49> 89 85 90 06 00 00 49 8d 85 10 03 00 00 49 89 95 98 06 00 00 41 [ 3103.391917][T14211] RSP: 002b:00007ffde03e8e20 EFLAGS: 00010206 [ 3103.398357][T14211] RAX: 00007fc022a02000 RBX: 0000000000020000 RCX: 000000000045c49a [ 3103.407454][T14211] RDX: 0000000000021000 RSI: 0000000000021000 RDI: 0000000000000000 [ 3103.415790][T14211] RBP: 00007ffde03e8f00 R08: ffffffffffffffff R09: 0000000000000000 [ 3103.423892][T14211] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffde03e8ff0 [ 3103.432201][T14211] R13: 00007fc022a22700 R14: 0000000000000002 R15: 000000000076c06c [ 3103.471005][T14211] memory: usage 304872kB, limit 307200kB, failcnt 1672 [ 3103.485227][T14211] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3103.519015][T14211] Memory cgroup stats for /syz0: [ 3103.519233][T14211] anon 221052928 [ 3103.519233][T14211] file 47108096 [ 3103.519233][T14211] kernel_stack 4018176 [ 3103.519233][T14211] slab 8814592 [ 3103.519233][T14211] sock 0 [ 3103.519233][T14211] shmem 46977024 [ 3103.519233][T14211] file_mapped 0 [ 3103.519233][T14211] file_dirty 0 [ 3103.519233][T14211] file_writeback 0 [ 3103.519233][T14211] anon_thp 186646528 [ 3103.519233][T14211] inactive_anon 0 [ 3103.519233][T14211] active_anon 268079104 [ 3103.519233][T14211] inactive_file 0 [ 3103.519233][T14211] active_file 57344 [ 3103.519233][T14211] unevictable 0 [ 3103.519233][T14211] slab_reclaimable 1486848 [ 3103.519233][T14211] slab_unreclaimable 7327744 [ 3103.519233][T14211] pgfault 344025 [ 3103.519233][T14211] pgmajfault 0 [ 3103.519233][T14211] workingset_refault 264 [ 3103.519233][T14211] workingset_activate 66 [ 3103.519233][T14211] workingset_nodereclaim 0 [ 3103.519233][T14211] pgrefill 1307 [ 3103.519233][T14211] pgscan 1551 [ 3103.519233][T14211] pgsteal 657 [ 3104.022009][T14211] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=11200,uid=0 [ 3104.060343][T14211] Memory cgroup out of memory: Killed process 11200 (syz-executor.0) total-vm:74968kB, anon-rss:2228kB, file-rss:35784kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 [ 3104.132549][T14214] syz-executor.0 invoked oom-killer: gfp_mask=0x402dc2(GFP_KERNEL_ACCOUNT|__GFP_HIGHMEM|__GFP_NOWARN|__GFP_ZERO), order=0, oom_score_adj=1000 [ 3104.214871][T14214] CPU: 1 PID: 14214 Comm: syz-executor.0 Not tainted 5.6.0-rc1-syzkaller #0 [ 3104.224016][T14214] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3104.234593][T14214] Call Trace: [ 3104.239161][T14214] dump_stack+0x11d/0x181 [ 3104.243556][T14214] dump_header+0xaa/0x39c [ 3104.248268][T14214] oom_kill_process.cold+0x10/0x15 [ 3104.253564][T14214] out_of_memory+0x231/0xa60 [ 3104.258343][T14214] mem_cgroup_out_of_memory+0x128/0x150 [ 3104.264174][T14214] try_charge+0x800/0xbf0 [ 3104.268836][T14214] __memcg_kmem_charge_memcg+0x4a/0xe0 [ 3104.274732][T14214] __memcg_kmem_charge+0xcf/0x1b0 [ 3104.279917][T14214] __alloc_pages_nodemask+0x26c/0x310 [ 3104.291692][T14214] alloc_pages_current+0xd1/0x170 [ 3104.297363][T14214] __vmalloc_node_range+0x2c4/0x4a0 [ 3104.302599][T14214] ? __kvm_set_memory_region+0x991/0x1380 [ 3104.308886][T14214] __vmalloc_node_flags_caller+0x6b/0x90 [ 3104.314633][T14214] ? __kvm_set_memory_region+0x991/0x1380 [ 3104.320769][T14214] kvmalloc_node+0xea/0x100 [ 3104.325314][T14214] __kvm_set_memory_region+0x991/0x1380 [ 3104.332464][T14214] kvm_set_memory_region+0x36/0x60 [ 3104.337894][T14214] kvm_vm_ioctl+0x684/0x14e0 [ 3104.342889][T14214] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3104.349273][T14214] ? do_vfs_ioctl+0x3c0/0xd00 [ 3104.354147][T14214] ? tomoyo_file_ioctl+0x34/0x40 [ 3104.359410][T14214] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3104.366005][T14214] ? kvm_unregister_device_ops+0x80/0x80 [ 3104.371847][T14214] ksys_ioctl+0x109/0x150 [ 3104.376215][T14214] __x64_sys_ioctl+0x4c/0x60 [ 3104.380968][T14214] do_syscall_64+0xcc/0x3a0 [ 3104.385619][T14214] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 3104.391695][T14214] RIP: 0033:0x45c449 [ 3104.395753][T14214] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3104.416040][T14214] RSP: 002b:00007fc022a42c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3104.424629][T14214] RAX: ffffffffffffffda RBX: 00007fc022a436d4 RCX: 000000000045c449 [ 3104.433053][T14214] RDX: 0000000020000000 RSI: 000000004020ae46 RDI: 0000000000000005 [ 3104.442026][T14214] RBP: 000000000076bfc0 R08: 0000000000000000 R09: 0000000000000000 [ 3104.450113][T14214] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 3104.458185][T14214] R13: 00000000000003dc R14: 00000000004d2f10 R15: 000000000076bfcc [ 3104.470384][T14214] memory: usage 302764kB, limit 307200kB, failcnt 1672 [ 3104.478120][T14214] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3104.502017][T14214] Memory cgroup stats for /syz0: [ 3104.502170][T14214] anon 218812416 [ 3104.502170][T14214] file 47108096 [ 3104.502170][T14214] kernel_stack 3981312 [ 3104.502170][T14214] slab 8949760 [ 3104.502170][T14214] sock 0 [ 3104.502170][T14214] shmem 46977024 [ 3104.502170][T14214] file_mapped 0 [ 3104.502170][T14214] file_dirty 0 [ 3104.502170][T14214] file_writeback 0 [ 3104.502170][T14214] anon_thp 184549376 [ 3104.502170][T14214] inactive_anon 0 [ 3104.502170][T14214] active_anon 265838592 [ 3104.502170][T14214] inactive_file 0 [ 3104.502170][T14214] active_file 57344 [ 3104.502170][T14214] unevictable 0 [ 3104.502170][T14214] slab_reclaimable 1486848 05:59:29 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x192, 0x0) 05:59:29 executing program 3: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r5 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000040), 0x0) r6 = accept$alg(r5, 0x0, 0x0) r7 = dup(r6) recvmsg$can_raw(r7, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r7, 0xae47, 0x0) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r9, 0xae60) ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) r10 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r10, 0x117, 0x1, &(0x7f0000000040), 0x0) 05:59:29 executing program 4: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r5 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000040), 0x0) r6 = accept$alg(r5, 0x0, 0x0) r7 = dup(r6) recvmsg$can_raw(r7, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r7, 0xae47, 0x0) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r9, 0xae60) ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r10 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x0) r12 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r12, 0x117, 0x1, &(0x7f0000000040), 0x0) [ 3104.502170][T14214] slab_unreclaimable 7462912 [ 3104.502170][T14214] pgfault 344058 [ 3104.502170][T14214] pgmajfault 0 [ 3104.502170][T14214] workingset_refault 264 [ 3104.502170][T14214] workingset_activate 66 [ 3104.502170][T14214] workingset_nodereclaim 0 [ 3104.502170][T14214] pgrefill 1307 [ 3104.502170][T14214] pgscan 1551 [ 3104.502170][T14214] pgsteal 657 [ 3104.820768][T14214] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=14211,uid=0 [ 3104.916774][T14214] Memory cgroup out of memory: Killed process 14211 (syz-executor.0) total-vm:75100kB, anon-rss:2228kB, file-rss:35780kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 [ 3105.008778][T14239] syz-executor.5 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 3105.010180][ T1078] oom_reaper: reaped process 14211 (syz-executor.0), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB [ 3105.059669][T14239] CPU: 0 PID: 14239 Comm: syz-executor.5 Not tainted 5.6.0-rc1-syzkaller #0 [ 3105.068511][T14239] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3105.078744][T14239] Call Trace: [ 3105.082283][T14239] dump_stack+0x11d/0x181 [ 3105.087286][T14239] dump_header+0xaa/0x39c [ 3105.091890][T14239] oom_kill_process.cold+0x10/0x15 [ 3105.098344][T14239] out_of_memory+0x231/0xa60 [ 3105.103222][T14239] mem_cgroup_out_of_memory+0x128/0x150 [ 3105.109378][T14239] try_charge+0xb6c/0xbf0 [ 3105.113750][T14239] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3105.120381][T14239] __memcg_kmem_charge_memcg+0x4a/0xe0 [ 3105.126211][T14239] __memcg_kmem_charge+0xcf/0x1b0 [ 3105.131572][T14239] __alloc_pages_nodemask+0x26c/0x310 [ 3105.137366][T14239] alloc_pages_current+0xd1/0x170 [ 3105.142591][T14239] pte_alloc_one+0x18/0x50 [ 3105.147316][T14239] __pte_alloc+0x2d/0x220 [ 3105.152032][T14239] copy_page_range+0x13a2/0x1a00 [ 3105.157514][T14239] ? __vma_link_rb+0x3f4/0x440 [ 3105.162309][T14239] dup_mm+0x74a/0xba0 [ 3105.166568][T14239] copy_process+0x39d7/0x3b40 [ 3105.171403][T14239] _do_fork+0xfe/0x7a0 [ 3105.175500][T14239] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3105.182462][T14239] ? ktime_get_ts64+0x286/0x2c0 [ 3105.187534][T14239] __x64_sys_clone+0x130/0x170 [ 3105.192338][T14239] do_syscall_64+0xcc/0x3a0 [ 3105.197130][T14239] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 3105.203533][T14239] RIP: 0033:0x45c449 [ 3105.207598][T14239] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3105.227435][T14239] RSP: 002b:00007ff5fc42cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 3105.236079][T14239] RAX: ffffffffffffffda RBX: 00007ff5fc42d6d4 RCX: 000000000045c449 [ 3105.244729][T14239] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 05:59:30 executing program 0: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r5 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000040), 0x0) r6 = accept$alg(r5, 0x0, 0x0) r7 = dup(r6) recvmsg$can_raw(r7, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r7, 0xae47, 0x0) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r9, 0xae60) 05:59:30 executing program 1: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r5 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000040), 0x0) r6 = accept$alg(r5, 0x0, 0x0) r7 = dup(r6) recvmsg$can_raw(r7, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r7, 0xae47, 0x0) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r9, 0xae60) ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r10 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x0) r12 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r12, 0x117, 0x1, &(0x7f0000000040), 0x0) 05:59:30 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x193, 0x0) 05:59:30 executing program 3: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r5 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000040), 0x0) r6 = accept$alg(r5, 0x0, 0x0) r7 = dup(r6) recvmsg$can_raw(r7, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r7, 0xae47, 0x0) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r9, 0xae60) ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) r10 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r10, 0x117, 0x1, &(0x7f0000000040), 0x0) [ 3105.252993][T14239] RBP: 000000000076bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 3105.263899][T14239] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 3105.272023][T14239] R13: 0000000000000074 R14: 00000000004c2ce6 R15: 000000000076bf2c [ 3105.461087][T14239] memory: usage 307192kB, limit 307200kB, failcnt 1344 [ 3105.468950][T14239] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3105.514583][T14239] Memory cgroup stats for /syz5: [ 3105.514751][T14239] anon 271003648 [ 3105.514751][T14239] file 81920 [ 3105.514751][T14239] kernel_stack 3686400 [ 3105.514751][T14239] slab 10706944 [ 3105.514751][T14239] sock 8192 [ 3105.514751][T14239] shmem 40960 [ 3105.514751][T14239] file_mapped 0 [ 3105.514751][T14239] file_dirty 0 [ 3105.514751][T14239] file_writeback 0 [ 3105.514751][T14239] anon_thp 236978176 [ 3105.514751][T14239] inactive_anon 32768 [ 3105.514751][T14239] active_anon 271020032 05:59:30 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x194, 0x0) [ 3105.514751][T14239] inactive_file 0 [ 3105.514751][T14239] active_file 40960 [ 3105.514751][T14239] unevictable 0 [ 3105.514751][T14239] slab_reclaimable 2162688 [ 3105.514751][T14239] slab_unreclaimable 8544256 [ 3105.514751][T14239] pgfault 302874 [ 3105.514751][T14239] pgmajfault 0 [ 3105.514751][T14239] workingset_refault 264 [ 3105.514751][T14239] workingset_activate 99 [ 3105.514751][T14239] workingset_nodereclaim 0 [ 3105.514751][T14239] pgrefill 3132 [ 3105.514751][T14239] pgscan 13827 [ 3105.514751][T14239] pgsteal 592 [ 3105.715969][ C1] print_req_error: 112 callbacks suppressed [ 3105.715991][ C1] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3105.733672][ C1] buffer_io_error: 112 callbacks suppressed [ 3105.733684][ C1] Buffer I/O error on dev loop0, logical block 0, async page read [ 3105.822200][T14239] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=25536,uid=0 [ 3105.836982][ C1] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3105.849764][ C1] Buffer I/O error on dev loop0, logical block 0, async page read [ 3105.883511][ C1] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3105.884930][T14239] Memory cgroup out of memory: Killed process 25536 (syz-executor.5) total-vm:75100kB, anon-rss:2236kB, file-rss:35800kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000 [ 3105.894806][ C1] Buffer I/O error on dev loop0, logical block 0, async page read [ 3105.922544][ C1] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3105.936708][ C1] Buffer I/O error on dev loop0, logical block 0, async page read [ 3105.972933][ C1] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3105.983989][ C1] Buffer I/O error on dev loop0, logical block 0, async page read [ 3106.017014][ C1] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3106.028646][ C1] Buffer I/O error on dev loop0, logical block 0, async page read [ 3106.046464][T14300] syz-executor.1 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=0 [ 3106.100685][T14300] CPU: 0 PID: 14300 Comm: syz-executor.1 Not tainted 5.6.0-rc1-syzkaller #0 [ 3106.105533][ C1] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3106.109475][T14300] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3106.109481][T14300] Call Trace: [ 3106.109509][T14300] dump_stack+0x11d/0x181 [ 3106.109538][T14300] dump_header+0xaa/0x39c [ 3106.120524][ C1] Buffer I/O error on dev loop0, logical block 0, async page read [ 3106.130777][T14300] oom_kill_process.cold+0x10/0x15 [ 3106.130841][T14300] out_of_memory+0x231/0xa60 [ 3106.161297][T14300] mem_cgroup_out_of_memory+0x128/0x150 [ 3106.167285][T14300] try_charge+0xb6c/0xbf0 [ 3106.172082][T14300] __memcg_kmem_charge_memcg+0x4a/0xe0 [ 3106.178008][T14300] __memcg_kmem_charge+0xcf/0x1b0 [ 3106.183923][T14300] __alloc_pages_nodemask+0x26c/0x310 [ 3106.189779][T14300] alloc_pages_current+0xd1/0x170 [ 3106.194928][T14300] pte_alloc_one+0x18/0x50 [ 3106.199746][T14300] __pte_alloc+0x2d/0x220 [ 3106.204101][T14300] ? pud_alloc+0xa2/0x100 [ 3106.208643][T14300] copy_page_range+0x13a2/0x1a00 [ 3106.213765][T14300] ? __list_add_valid+0x62/0x80 [ 3106.219039][T14300] ? __rb_rotate_set_parents+0x9a/0xf0 [ 3106.224958][T14300] dup_mm+0x74a/0xba0 [ 3106.229060][T14300] copy_process+0x39d7/0x3b40 [ 3106.234116][T14300] _do_fork+0xfe/0x7a0 [ 3106.238213][T14300] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3106.244688][T14300] ? ktime_get_ts64+0x286/0x2c0 [ 3106.249678][T14300] __x64_sys_clone+0x130/0x170 [ 3106.254832][T14300] do_syscall_64+0xcc/0x3a0 [ 3106.259569][T14300] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 3106.265501][T14300] RIP: 0033:0x45c449 [ 3106.269561][T14300] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3106.290117][T14300] RSP: 002b:00007f86ddabac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 3106.298724][T14300] RAX: ffffffffffffffda RBX: 00007f86ddabb6d4 RCX: 000000000045c449 [ 3106.306978][T14300] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 3106.315201][T14300] RBP: 000000000076bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 3106.323639][T14300] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 3106.331935][T14300] R13: 0000000000000074 R14: 00000000004c2ce6 R15: 000000000076bf2c [ 3106.344104][ C1] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3106.355288][ C1] Buffer I/O error on dev loop0, logical block 0, async page read 05:59:31 executing program 5: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r5 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000040), 0x0) accept$alg(r5, 0x0, 0x0) 05:59:31 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x195, 0x0) 05:59:31 executing program 0: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r5 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000040), 0x0) r6 = accept$alg(r5, 0x0, 0x0) r7 = dup(r6) recvmsg$can_raw(r7, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r7, 0xae47, 0x0) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) 05:59:31 executing program 3: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r5 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000040), 0x0) r6 = accept$alg(r5, 0x0, 0x0) r7 = dup(r6) recvmsg$can_raw(r7, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r7, 0xae47, 0x0) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r9, 0xae60) ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) r10 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r10, 0x117, 0x1, &(0x7f0000000040), 0x0) [ 3106.433233][ C1] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3106.444359][ C1] Buffer I/O error on dev loop0, logical block 0, async page read [ 3106.527198][ C1] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3106.539165][ C1] Buffer I/O error on dev loop0, logical block 0, async page read [ 3106.589775][T14300] memory: usage 307168kB, limit 307200kB, failcnt 2580 [ 3106.631259][T14300] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3106.694897][T14300] Memory cgroup stats for /syz1: [ 3106.695087][T14300] anon 279711744 [ 3106.695087][T14300] file 45056 [ 3106.695087][T14300] kernel_stack 3059712 [ 3106.695087][T14300] slab 7680000 [ 3106.695087][T14300] sock 12288 [ 3106.695087][T14300] shmem 28672 [ 3106.695087][T14300] file_mapped 135168 [ 3106.695087][T14300] file_dirty 0 [ 3106.695087][T14300] file_writeback 0 [ 3106.695087][T14300] anon_thp 251658240 [ 3106.695087][T14300] inactive_anon 139264 [ 3106.695087][T14300] active_anon 279789568 [ 3106.695087][T14300] inactive_file 32768 [ 3106.695087][T14300] active_file 69632 [ 3106.695087][T14300] unevictable 8192 [ 3106.695087][T14300] slab_reclaimable 1622016 [ 3106.695087][T14300] slab_unreclaimable 6057984 [ 3106.695087][T14300] pgfault 334224 [ 3106.695087][T14300] pgmajfault 0 [ 3106.695087][T14300] workingset_refault 165 [ 3106.695087][T14300] workingset_activate 33 [ 3106.695087][T14300] workingset_nodereclaim 0 [ 3106.695087][T14300] pgrefill 1358 [ 3106.695087][T14300] pgscan 6626 [ 3106.695087][T14300] pgsteal 5763 [ 3106.837238][T14300] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=16472,uid=0 [ 3106.931467][T14300] Memory cgroup out of memory: Killed process 16472 (syz-executor.1) total-vm:74836kB, anon-rss:4268kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:124kB oom_score_adj:1000 [ 3107.019067][T14296] syz-executor.4 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=0 [ 3107.070915][T14296] CPU: 1 PID: 14296 Comm: syz-executor.4 Not tainted 5.6.0-rc1-syzkaller #0 [ 3107.079761][T14296] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3107.089927][T14296] Call Trace: [ 3107.093272][T14296] dump_stack+0x11d/0x181 [ 3107.097643][T14296] dump_header+0xaa/0x39c [ 3107.102225][T14296] oom_kill_process.cold+0x10/0x15 [ 3107.107370][T14296] out_of_memory+0x231/0xa60 [ 3107.111997][T14296] mem_cgroup_out_of_memory+0x128/0x150 [ 3107.117572][T14296] try_charge+0xb6c/0xbf0 [ 3107.122016][T14296] __memcg_kmem_charge_memcg+0x4a/0xe0 [ 3107.127515][T14296] __memcg_kmem_charge+0xcf/0x1b0 [ 3107.132567][T14296] __alloc_pages_nodemask+0x26c/0x310 [ 3107.138046][T14296] alloc_pages_current+0xd1/0x170 [ 3107.143091][T14296] pte_alloc_one+0x18/0x50 [ 3107.147552][T14296] __pte_alloc+0x2d/0x220 [ 3107.151937][T14296] copy_page_range+0x13a2/0x1a00 [ 3107.156907][T14296] ? __list_add_valid+0x62/0x80 [ 3107.162394][T14296] ? __rb_rotate_set_parents+0x9a/0xf0 [ 3107.167900][T14296] dup_mm+0x74a/0xba0 [ 3107.171965][T14296] copy_process+0x39d7/0x3b40 [ 3107.176754][T14296] _do_fork+0xfe/0x7a0 [ 3107.180849][T14296] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3107.187503][T14296] ? ktime_get_ts64+0x286/0x2c0 [ 3107.192416][T14296] __x64_sys_clone+0x130/0x170 [ 3107.197309][T14296] do_syscall_64+0xcc/0x3a0 [ 3107.201956][T14296] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 3107.207868][T14296] RIP: 0033:0x45c449 [ 3107.211773][T14296] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3107.231394][T14296] RSP: 002b:00007f7e679b8c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 3107.240070][T14296] RAX: ffffffffffffffda RBX: 00007f7e679b96d4 RCX: 000000000045c449 [ 3107.249024][T14296] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 3107.257002][T14296] RBP: 000000000076bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 3107.264978][T14296] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 3107.272952][T14296] R13: 0000000000000074 R14: 00000000004c2ce6 R15: 000000000076bf2c [ 3107.393474][T14296] memory: usage 307200kB, limit 307200kB, failcnt 1476 [ 3107.400503][T14296] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3107.455554][T14296] Memory cgroup stats for /syz4: [ 3107.455709][T14296] anon 242700288 [ 3107.455709][T14296] file 38240256 [ 3107.455709][T14296] kernel_stack 2727936 [ 3107.455709][T14296] slab 7974912 [ 3107.455709][T14296] sock 94208 [ 3107.455709][T14296] shmem 35209216 [ 3107.455709][T14296] file_mapped 0 [ 3107.455709][T14296] file_dirty 0 [ 3107.455709][T14296] file_writeback 0 [ 3107.455709][T14296] anon_thp 222298112 [ 3107.455709][T14296] inactive_anon 32768 [ 3107.455709][T14296] active_anon 277893120 [ 3107.455709][T14296] inactive_file 2797568 [ 3107.455709][T14296] active_file 57344 [ 3107.455709][T14296] unevictable 4096 [ 3107.455709][T14296] slab_reclaimable 1757184 [ 3107.455709][T14296] slab_unreclaimable 6217728 [ 3107.455709][T14296] pgfault 300795 [ 3107.455709][T14296] pgmajfault 0 [ 3107.455709][T14296] workingset_refault 198 [ 3107.455709][T14296] workingset_activate 66 [ 3107.455709][T14296] workingset_nodereclaim 0 [ 3107.455709][T14296] pgrefill 2893 [ 3107.455709][T14296] pgscan 5746946 [ 3107.455709][T14296] pgsteal 450 [ 3107.566850][T14296] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=13531,uid=0 [ 3107.583111][T14296] Memory cgroup out of memory: Killed process 13531 (syz-executor.4) total-vm:74836kB, anon-rss:4272kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 [ 3107.645673][T14328] syz-executor.0 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 3107.658655][T14328] CPU: 0 PID: 14328 Comm: syz-executor.0 Not tainted 5.6.0-rc1-syzkaller #0 [ 3107.667345][T14328] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3107.677402][T14328] Call Trace: [ 3107.680703][T14328] dump_stack+0x11d/0x181 [ 3107.685061][T14328] dump_header+0xaa/0x39c [ 3107.689547][T14328] oom_kill_process.cold+0x10/0x15 [ 3107.694682][T14328] out_of_memory+0x231/0xa60 [ 3107.699469][T14328] mem_cgroup_out_of_memory+0x128/0x150 [ 3107.705175][T14328] try_charge+0xb6c/0xbf0 [ 3107.709677][T14328] __memcg_kmem_charge_memcg+0x4a/0xe0 [ 3107.715273][T14328] __memcg_kmem_charge+0xcf/0x1b0 [ 3107.720498][T14328] __alloc_pages_nodemask+0x26c/0x310 [ 3107.726086][T14328] alloc_pages_current+0xd1/0x170 [ 3107.731422][T14328] get_zeroed_page+0x14/0x50 [ 3107.736028][T14328] __pud_alloc+0x48/0x250 [ 3107.740390][T14328] ? __mod_lruvec_state+0x105/0x1e0 [ 3107.745603][T14328] pud_alloc+0xc3/0x100 [ 3107.749849][T14328] copy_page_range+0x270/0x1a00 [ 3107.754717][T14328] ? __write_once_size.constprop.0+0x20/0x20 [ 3107.760778][T14328] ? __rb_rotate_set_parents+0x9a/0xf0 [ 3107.766261][T14328] ? __rb_insert_augmented+0x11a/0x370 [ 3107.771811][T14328] ? vm_get_page_prot+0x90/0x90 [ 3107.776694][T14328] dup_mm+0x74a/0xba0 [ 3107.780744][T14328] copy_process+0x39d7/0x3b40 [ 3107.785567][T14328] _do_fork+0xfe/0x7a0 [ 3107.789676][T14328] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3107.795940][T14328] ? ktime_get_ts64+0x286/0x2c0 [ 3107.800880][T14328] __x64_sys_clone+0x130/0x170 [ 3107.805925][T14328] do_syscall_64+0xcc/0x3a0 [ 3107.810455][T14328] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 3107.816354][T14328] RIP: 0033:0x45c449 [ 3107.820479][T14328] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3107.840287][T14328] RSP: 002b:00007fc022a63c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 3107.848763][T14328] RAX: ffffffffffffffda RBX: 00007fc022a646d4 RCX: 000000000045c449 [ 3107.856859][T14328] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 3107.865487][T14328] RBP: 000000000076bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 3107.874084][T14328] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 3107.882062][T14328] R13: 0000000000000074 R14: 00000000004c2ce6 R15: 000000000076bf2c [ 3107.913440][T14328] memory: usage 307200kB, limit 307200kB, failcnt 1690 [ 3107.920647][T14328] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3107.930303][T14328] Memory cgroup stats for /syz0: [ 3107.930481][T14328] anon 223162368 [ 3107.930481][T14328] file 47108096 [ 3107.930481][T14328] kernel_stack 3981312 [ 3107.930481][T14328] slab 9089024 [ 3107.930481][T14328] sock 0 [ 3107.930481][T14328] shmem 46977024 [ 3107.930481][T14328] file_mapped 0 [ 3107.930481][T14328] file_dirty 0 [ 3107.930481][T14328] file_writeback 0 [ 3107.930481][T14328] anon_thp 188743680 [ 3107.930481][T14328] inactive_anon 0 [ 3107.930481][T14328] active_anon 270188544 [ 3107.930481][T14328] inactive_file 0 [ 3107.930481][T14328] active_file 57344 [ 3107.930481][T14328] unevictable 0 [ 3107.930481][T14328] slab_reclaimable 1486848 [ 3107.930481][T14328] slab_unreclaimable 7602176 [ 3107.930481][T14328] pgfault 344256 [ 3107.930481][T14328] pgmajfault 0 [ 3107.930481][T14328] workingset_refault 264 [ 3107.930481][T14328] workingset_activate 99 05:59:33 executing program 4: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r5 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000040), 0x0) r6 = accept$alg(r5, 0x0, 0x0) r7 = dup(r6) recvmsg$can_raw(r7, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r7, 0xae47, 0x0) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r9, 0xae60) ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r10 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x0) r12 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r12, 0x117, 0x1, &(0x7f0000000040), 0x0) 05:59:33 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x196, 0x0) 05:59:33 executing program 5: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r5 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000040), 0x0) accept$alg(r5, 0x0, 0x0) 05:59:33 executing program 1: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r5 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000040), 0x0) r6 = accept$alg(r5, 0x0, 0x0) r7 = dup(r6) recvmsg$can_raw(r7, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r7, 0xae47, 0x0) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r9, 0xae60) ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r10 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x0) r12 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r12, 0x117, 0x1, &(0x7f0000000040), 0x0) 05:59:33 executing program 3: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r5 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000040), 0x0) r6 = accept$alg(r5, 0x0, 0x0) r7 = dup(r6) recvmsg$can_raw(r7, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r7, 0xae47, 0x0) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r9, 0xae60) ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r10 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r10, 0xae60) ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x0) r11 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r11, 0x117, 0x1, &(0x7f0000000040), 0x0) [ 3107.930481][T14328] workingset_nodereclaim 0 [ 3107.930481][T14328] pgrefill 1340 [ 3107.930481][T14328] pgscan 1584 [ 3107.930481][T14328] pgsteal 657 [ 3108.032229][T14328] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=7272,uid=0 [ 3108.103317][T14328] Memory cgroup out of memory: Killed process 7272 (syz-executor.0) total-vm:74836kB, anon-rss:2220kB, file-rss:35788kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 05:59:33 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x197, 0x0) [ 3108.386300][T14378] syz-executor.3 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 3108.493377][T14378] CPU: 0 PID: 14378 Comm: syz-executor.3 Not tainted 5.6.0-rc1-syzkaller #0 [ 3108.502145][T14378] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3108.512229][T14378] Call Trace: [ 3108.515582][T14378] dump_stack+0x11d/0x181 [ 3108.519955][T14378] dump_header+0xaa/0x39c [ 3108.524318][T14378] oom_kill_process.cold+0x10/0x15 [ 3108.529586][T14378] out_of_memory+0x231/0xa60 [ 3108.534338][T14378] mem_cgroup_out_of_memory+0x128/0x150 [ 3108.539924][T14378] try_charge+0xb6c/0xbf0 [ 3108.544363][T14378] __memcg_kmem_charge_memcg+0x4a/0xe0 [ 3108.549982][T14378] __memcg_kmem_charge+0xcf/0x1b0 [ 3108.555206][T14378] __alloc_pages_nodemask+0x26c/0x310 [ 3108.560680][T14378] alloc_pages_current+0xd1/0x170 [ 3108.565735][T14378] get_zeroed_page+0x14/0x50 [ 3108.570343][T14378] __pud_alloc+0x48/0x250 [ 3108.574686][T14378] ? __anon_vma_interval_tree_augment_rotate+0xfd/0x110 [ 3108.581644][T14378] pud_alloc+0xc3/0x100 [ 3108.585965][T14378] copy_page_range+0x270/0x1a00 [ 3108.590916][T14378] ? __list_add_valid+0x62/0x80 [ 3108.595961][T14378] ? __write_once_size.constprop.0+0x20/0x20 [ 3108.601959][T14378] ? __rb_rotate_set_parents+0x9a/0xf0 [ 3108.607434][T14378] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 3108.613201][T14378] ? vma_gap_callbacks_rotate+0x126/0x190 [ 3108.618967][T14378] ? vm_get_page_prot+0x90/0x90 [ 3108.623868][T14378] dup_mm+0x74a/0xba0 [ 3108.627990][T14378] copy_process+0x39d7/0x3b40 [ 3108.632755][T14378] _do_fork+0xfe/0x7a0 [ 3108.636853][T14378] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3108.643110][T14378] ? ktime_get_ts64+0x286/0x2c0 [ 3108.648141][T14378] __x64_sys_clone+0x130/0x170 [ 3108.652949][T14378] do_syscall_64+0xcc/0x3a0 [ 3108.657528][T14378] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 3108.663434][T14378] RIP: 0033:0x45c449 [ 3108.667351][T14378] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 05:59:33 executing program 5: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r5 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000040), 0x0) [ 3108.687373][T14378] RSP: 002b:00007f331e30dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 3108.695974][T14378] RAX: ffffffffffffffda RBX: 00007f331e30e6d4 RCX: 000000000045c449 [ 3108.704039][T14378] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 3108.712044][T14378] RBP: 000000000076bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 3108.720024][T14378] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 3108.728148][T14378] R13: 0000000000000074 R14: 00000000004c2ce6 R15: 000000000076bf2c 05:59:34 executing program 1: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r5 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000040), 0x0) r6 = accept$alg(r5, 0x0, 0x0) r7 = dup(r6) recvmsg$can_raw(r7, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r7, 0xae47, 0x0) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r9, 0xae60) ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r10 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r11, 0xae60) ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x0) r12 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r12, 0x117, 0x1, &(0x7f0000000040), 0x0) 05:59:34 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x198, 0x0) [ 3108.747409][T14378] memory: usage 307200kB, limit 307200kB, failcnt 208 [ 3108.770913][T14378] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3108.777799][T14378] Memory cgroup stats for /syz3: [ 3108.778055][T14378] anon 284590080 [ 3108.778055][T14378] file 159744 [ 3108.778055][T14378] kernel_stack 2285568 [ 3108.778055][T14378] slab 8572928 [ 3108.778055][T14378] sock 0 [ 3108.778055][T14378] shmem 106496 [ 3108.778055][T14378] file_mapped 0 [ 3108.778055][T14378] file_dirty 0 [ 3108.778055][T14378] file_writeback 0 [ 3108.778055][T14378] anon_thp 268435456 [ 3108.778055][T14378] inactive_anon 135168 [ 3108.778055][T14378] active_anon 284561408 [ 3108.778055][T14378] inactive_file 0 [ 3108.778055][T14378] active_file 69632 [ 3108.778055][T14378] unevictable 0 [ 3108.778055][T14378] slab_reclaimable 1622016 [ 3108.778055][T14378] slab_unreclaimable 6950912 05:59:34 executing program 4: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x57108100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r2, 0xae47, 0x0) ioctl$VIDIOC_LOG_STATUS(r2, 0x5646, 0x0) [ 3108.778055][T14378] pgfault 221331 [ 3108.778055][T14378] pgmajfault 0 [ 3108.778055][T14378] workingset_refault 99 [ 3108.778055][T14378] workingset_activate 0 [ 3108.778055][T14378] workingset_nodereclaim 0 [ 3108.778055][T14378] pgrefill 466 [ 3108.778055][T14378] pgscan 479 [ 3108.778055][T14378] pgsteal 244 [ 3108.948649][T14378] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=23633,uid=0 [ 3108.982979][T14378] Memory cgroup out of memory: Killed process 23633 (syz-executor.3) total-vm:74968kB, anon-rss:4276kB, file-rss:35848kB, shmem-rss:0kB, UID:0 pgtables:136kB oom_score_adj:1000 [ 3109.106663][T14328] syz-executor.0 invoked oom-killer: gfp_mask=0x402dc2(GFP_KERNEL_ACCOUNT|__GFP_HIGHMEM|__GFP_NOWARN|__GFP_ZERO), order=0, oom_score_adj=1000 [ 3109.135099][T14328] CPU: 1 PID: 14328 Comm: syz-executor.0 Not tainted 5.6.0-rc1-syzkaller #0 [ 3109.143811][T14328] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3109.154046][T14328] Call Trace: [ 3109.157351][T14328] dump_stack+0x11d/0x181 [ 3109.161702][T14328] dump_header+0xaa/0x39c [ 3109.166062][T14328] oom_kill_process.cold+0x10/0x15 [ 3109.171193][T14328] out_of_memory+0x231/0xa60 [ 3109.175811][T14328] mem_cgroup_out_of_memory+0x128/0x150 [ 3109.181397][T14328] try_charge+0xb6c/0xbf0 [ 3109.185778][T14328] __memcg_kmem_charge_memcg+0x4a/0xe0 [ 3109.191312][T14328] __memcg_kmem_charge+0xcf/0x1b0 [ 3109.196359][T14328] __alloc_pages_nodemask+0x26c/0x310 [ 3109.201859][T14328] alloc_pages_current+0xd1/0x170 [ 3109.207037][T14328] __vmalloc_node_range+0x2c4/0x4a0 [ 3109.212278][T14328] __vmalloc+0x4d/0x70 [ 3109.216370][T14328] ? vmx_vm_alloc+0x40/0x50 [ 3109.220951][T14328] vmx_vm_alloc+0x40/0x50 [ 3109.225315][T14328] kvm_dev_ioctl+0x137/0xcb0 [ 3109.229931][T14328] ? tomoyo_file_ioctl+0x34/0x40 [ 3109.234896][T14328] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3109.241159][T14328] ? kvm_put_kvm+0x6a0/0x6a0 [ 3109.245764][T14328] ksys_ioctl+0x109/0x150 [ 3109.250243][T14328] __x64_sys_ioctl+0x4c/0x60 [ 3109.254856][T14328] do_syscall_64+0xcc/0x3a0 [ 3109.259387][T14328] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 3109.265311][T14328] RIP: 0033:0x45c449 [ 3109.269223][T14328] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3109.288839][T14328] RSP: 002b:00007fc022a63c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3109.297286][T14328] RAX: ffffffffffffffda RBX: 00007fc022a646d4 RCX: 000000000045c449 [ 3109.305280][T14328] RDX: 0000000000000000 RSI: 000000000000ae01 RDI: 0000000000000004 [ 3109.313317][T14328] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 3109.321308][T14328] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 3109.329329][T14328] R13: 0000000000000390 R14: 00000000004c5c51 R15: 000000000076bf2c [ 3109.341748][T14328] memory: usage 307200kB, limit 307200kB, failcnt 1713 [ 3109.349031][T14328] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3109.358810][T14328] Memory cgroup stats for /syz0: [ 3109.358972][T14328] anon 223117312 [ 3109.358972][T14328] file 47108096 [ 3109.358972][T14328] kernel_stack 3981312 [ 3109.358972][T14328] slab 9089024 [ 3109.358972][T14328] sock 0 [ 3109.358972][T14328] shmem 46977024 [ 3109.358972][T14328] file_mapped 0 [ 3109.358972][T14328] file_dirty 0 [ 3109.358972][T14328] file_writeback 0 [ 3109.358972][T14328] anon_thp 188743680 [ 3109.358972][T14328] inactive_anon 0 [ 3109.358972][T14328] active_anon 270143488 [ 3109.358972][T14328] inactive_file 0 [ 3109.358972][T14328] active_file 57344 [ 3109.358972][T14328] unevictable 0 [ 3109.358972][T14328] slab_reclaimable 1486848 [ 3109.358972][T14328] slab_unreclaimable 7602176 [ 3109.358972][T14328] pgfault 344289 [ 3109.358972][T14328] pgmajfault 0 [ 3109.358972][T14328] workingset_refault 264 [ 3109.358972][T14328] workingset_activate 99 [ 3109.358972][T14328] workingset_nodereclaim 0 [ 3109.358972][T14328] pgrefill 1340 [ 3109.358972][T14328] pgscan 1584 [ 3109.358972][T14328] pgsteal 657 [ 3109.470236][T14328] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=14326,uid=0 [ 3109.489000][T14328] Memory cgroup out of memory: Killed process 14326 (syz-executor.0) total-vm:74968kB, anon-rss:2228kB, file-rss:35780kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 [ 3109.544325][ T1078] oom_reaper: reaped process 14326 (syz-executor.0), now anon-rss:0kB, file-rss:34836kB, shmem-rss:0kB [ 3109.565750][T14401] syz-executor.5 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 3109.598709][T14401] CPU: 1 PID: 14401 Comm: syz-executor.5 Not tainted 5.6.0-rc1-syzkaller #0 [ 3109.607430][T14401] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3109.617546][T14401] Call Trace: [ 3109.620985][T14401] dump_stack+0x11d/0x181 [ 3109.625361][T14401] dump_header+0xaa/0x39c [ 3109.629739][T14401] oom_kill_process.cold+0x10/0x15 [ 3109.634873][T14401] out_of_memory+0x231/0xa60 [ 3109.639525][T14401] mem_cgroup_out_of_memory+0x128/0x150 [ 3109.645113][T14401] try_charge+0xb6c/0xbf0 [ 3109.649511][T14401] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3109.655865][T14401] __memcg_kmem_charge_memcg+0x4a/0xe0 [ 3109.661413][T14401] __memcg_kmem_charge+0xcf/0x1b0 [ 3109.666477][T14401] __alloc_pages_nodemask+0x26c/0x310 [ 3109.671872][T14401] alloc_pages_current+0xd1/0x170 [ 3109.676916][T14401] pte_alloc_one+0x18/0x50 [ 3109.681353][T14401] __pte_alloc+0x2d/0x220 [ 3109.685750][T14401] copy_page_range+0x13a2/0x1a00 [ 3109.690837][T14401] ? __vma_link_rb+0x3f4/0x440 [ 3109.695620][T14401] dup_mm+0x74a/0xba0 [ 3109.699660][T14401] copy_process+0x39d7/0x3b40 [ 3109.704398][T14401] _do_fork+0xfe/0x7a0 [ 3109.708497][T14401] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3109.714967][T14401] ? ktime_get_ts64+0x286/0x2c0 [ 3109.719857][T14401] __x64_sys_clone+0x130/0x170 [ 3109.724697][T14401] do_syscall_64+0xcc/0x3a0 [ 3109.729288][T14401] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 3109.735197][T14401] RIP: 0033:0x45c449 [ 3109.739110][T14401] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3109.758827][T14401] RSP: 002b:00007ff5fc42cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 3109.767316][T14401] RAX: ffffffffffffffda RBX: 00007ff5fc42d6d4 RCX: 000000000045c449 [ 3109.775535][T14401] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 3109.783652][T14401] RBP: 000000000076bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 3109.791631][T14401] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff 05:59:35 executing program 0: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r5 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000040), 0x0) r6 = accept$alg(r5, 0x0, 0x0) r7 = dup(r6) recvmsg$can_raw(r7, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r7, 0xae47, 0x0) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) 05:59:35 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x199, 0x0) 05:59:35 executing program 4: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x57108100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r2, 0xae47, 0x0) ioctl$VIDIOC_LOG_STATUS(r2, 0x5646, 0x0) 05:59:35 executing program 1: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r5 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000040), 0x0) r6 = accept$alg(r5, 0x0, 0x0) r7 = dup(r6) recvmsg$can_raw(r7, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r7, 0xae47, 0x0) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r9, 0xae60) ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r10 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r11, 0xae60) ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x0) r12 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r12, 0x117, 0x1, &(0x7f0000000040), 0x0) 05:59:35 executing program 3: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r5 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000040), 0x0) r6 = accept$alg(r5, 0x0, 0x0) r7 = dup(r6) recvmsg$can_raw(r7, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r7, 0xae47, 0x0) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r9, 0xae60) ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r10 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r10, 0xae60) ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x0) r11 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r11, 0x117, 0x1, &(0x7f0000000040), 0x0) [ 3109.799627][T14401] R13: 0000000000000074 R14: 00000000004c2ce6 R15: 000000000076bf2c [ 3109.820944][T14401] memory: usage 307200kB, limit 307200kB, failcnt 1403 [ 3109.827883][T14401] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3109.909406][T14401] Memory cgroup stats for /syz5: [ 3109.909616][T14401] anon 271126528 [ 3109.909616][T14401] file 81920 [ 3109.909616][T14401] kernel_stack 3760128 [ 3109.909616][T14401] slab 10547200 [ 3109.909616][T14401] sock 8192 [ 3109.909616][T14401] shmem 40960 [ 3109.909616][T14401] file_mapped 0 [ 3109.909616][T14401] file_dirty 0 [ 3109.909616][T14401] file_writeback 0 [ 3109.909616][T14401] anon_thp 236978176 [ 3109.909616][T14401] inactive_anon 32768 [ 3109.909616][T14401] active_anon 271142912 [ 3109.909616][T14401] inactive_file 0 [ 3109.909616][T14401] active_file 40960 [ 3109.909616][T14401] unevictable 0 [ 3109.909616][T14401] slab_reclaimable 2162688 [ 3109.909616][T14401] slab_unreclaimable 8384512 [ 3109.909616][T14401] pgfault 303171 [ 3109.909616][T14401] pgmajfault 0 [ 3109.909616][T14401] workingset_refault 264 [ 3109.909616][T14401] workingset_activate 99 [ 3109.909616][T14401] workingset_nodereclaim 0 [ 3109.909616][T14401] pgrefill 3233 [ 3109.909616][T14401] pgscan 14279 [ 3109.909616][T14401] pgsteal 592 [ 3110.021228][T14401] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=14729,uid=0 05:59:35 executing program 4: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x57108100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r2, 0xae47, 0x0) ioctl$VIDIOC_LOG_STATUS(r2, 0x5646, 0x0) 05:59:35 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x19a, 0x0) [ 3110.095362][T14401] Memory cgroup out of memory: Killed process 14729 (syz-executor.5) total-vm:74704kB, anon-rss:2212kB, file-rss:35828kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 05:59:35 executing program 1: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r5 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000040), 0x0) r6 = accept$alg(r5, 0x0, 0x0) r7 = dup(r6) recvmsg$can_raw(r7, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r7, 0xae47, 0x0) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r9, 0xae60) ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r10 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r11, 0xae60) ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x0) r12 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r12, 0x117, 0x1, &(0x7f0000000040), 0x0) 05:59:35 executing program 5: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) socket$alg(0x26, 0x5, 0x0) 05:59:35 executing program 0: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r5 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000040), 0x0) r6 = accept$alg(r5, 0x0, 0x0) r7 = dup(r6) recvmsg$can_raw(r7, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r7, 0xae47, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) 05:59:35 executing program 4: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r5 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000040), 0x0) r6 = accept$alg(r5, 0x0, 0x0) r7 = dup(r6) recvmsg$can_raw(r7, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r7, 0xae47, 0x0) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r9, 0xae60) ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r10 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r11, 0xae60) ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r11, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) socket$alg(0x26, 0x5, 0x0) 05:59:35 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x19b, 0x0) 05:59:35 executing program 1: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r5 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000040), 0x0) r6 = accept$alg(r5, 0x0, 0x0) r7 = dup(r6) recvmsg$can_raw(r7, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r7, 0xae47, 0x0) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r9, 0xae60) ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r10 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r11, 0xae60) ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r11, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) socket$alg(0x26, 0x5, 0x0) 05:59:35 executing program 3: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r5 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000040), 0x0) r6 = accept$alg(r5, 0x0, 0x0) r7 = dup(r6) recvmsg$can_raw(r7, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r7, 0xae47, 0x0) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r9, 0xae60) ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r10 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r10, 0xae60) ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x0) r11 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r11, 0x117, 0x1, &(0x7f0000000040), 0x0) 05:59:36 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x19c, 0x0) [ 3110.894082][T14491] syz-executor.5 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 3110.939309][T14491] CPU: 0 PID: 14491 Comm: syz-executor.5 Not tainted 5.6.0-rc1-syzkaller #0 [ 3110.948195][T14491] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3110.958255][T14491] Call Trace: [ 3110.961565][T14491] dump_stack+0x11d/0x181 [ 3110.965924][T14491] dump_header+0xaa/0x39c [ 3110.970270][T14491] oom_kill_process.cold+0x10/0x15 [ 3110.975399][T14491] out_of_memory+0x231/0xa60 [ 3110.980016][T14491] ? __rcu_read_unlock+0x66/0x2f0 [ 3110.985171][T14491] mem_cgroup_out_of_memory+0x128/0x150 [ 3110.990743][T14491] try_charge+0xb6c/0xbf0 [ 3110.995147][T14491] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3111.001417][T14491] __memcg_kmem_charge_memcg+0x4a/0xe0 [ 3111.007502][T14491] __memcg_kmem_charge+0xcf/0x1b0 [ 3111.012552][T14491] __alloc_pages_nodemask+0x26c/0x310 [ 3111.017969][T14491] alloc_pages_current+0xd1/0x170 [ 3111.023061][T14491] pte_alloc_one+0x18/0x50 [ 3111.027710][T14491] __pte_alloc+0x2d/0x220 [ 3111.032073][T14491] copy_page_range+0x13a2/0x1a00 [ 3111.037068][T14491] ? __vma_link_rb+0x3f4/0x440 [ 3111.041854][T14491] dup_mm+0x74a/0xba0 [ 3111.045876][T14491] copy_process+0x39d7/0x3b40 [ 3111.050603][T14491] _do_fork+0xfe/0x7a0 [ 3111.054725][T14491] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3111.060977][T14491] ? ktime_get_ts64+0x286/0x2c0 [ 3111.065875][T14491] __x64_sys_clone+0x130/0x170 [ 3111.070678][T14491] do_syscall_64+0xcc/0x3a0 [ 3111.075289][T14491] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 3111.081273][T14491] RIP: 0033:0x45c449 [ 3111.085215][T14491] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3111.104953][T14491] RSP: 002b:00007ff5fc42cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 3111.113386][T14491] RAX: ffffffffffffffda RBX: 00007ff5fc42d6d4 RCX: 000000000045c449 [ 3111.121653][T14491] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 3111.129739][T14491] RBP: 000000000076bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 3111.137715][T14491] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 3111.145792][T14491] R13: 0000000000000074 R14: 00000000004c2ce6 R15: 000000000076bf2c [ 3111.155058][T14491] memory: usage 307200kB, limit 307200kB, failcnt 1420 [ 3111.162534][T14491] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3111.169872][T14491] Memory cgroup stats for /syz5: [ 3111.170120][T14491] anon 271093760 [ 3111.170120][T14491] file 81920 [ 3111.170120][T14491] kernel_stack 3760128 [ 3111.170120][T14491] slab 10412032 [ 3111.170120][T14491] sock 8192 [ 3111.170120][T14491] shmem 40960 [ 3111.170120][T14491] file_mapped 0 [ 3111.170120][T14491] file_dirty 0 [ 3111.170120][T14491] file_writeback 0 [ 3111.170120][T14491] anon_thp 236978176 [ 3111.170120][T14491] inactive_anon 32768 [ 3111.170120][T14491] active_anon 271110144 [ 3111.170120][T14491] inactive_file 0 [ 3111.170120][T14491] active_file 40960 [ 3111.170120][T14491] unevictable 0 [ 3111.170120][T14491] slab_reclaimable 2162688 [ 3111.170120][T14491] slab_unreclaimable 8249344 [ 3111.170120][T14491] pgfault 303270 [ 3111.170120][T14491] pgmajfault 0 [ 3111.170120][T14491] workingset_refault 264 [ 3111.170120][T14491] workingset_activate 99 [ 3111.170120][T14491] workingset_nodereclaim 0 [ 3111.170120][T14491] pgrefill 3266 [ 3111.170120][T14491] pgscan 14386 [ 3111.170120][T14491] pgsteal 592 [ 3111.265342][T14491] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=14711,uid=0 [ 3111.292882][T14491] Memory cgroup out of memory: Killed process 14711 (syz-executor.5) total-vm:74704kB, anon-rss:2212kB, file-rss:35828kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 05:59:36 executing program 1: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r5 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000040), 0x0) r6 = accept$alg(r5, 0x0, 0x0) r7 = dup(r6) recvmsg$can_raw(r7, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r7, 0xae47, 0x0) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r9, 0xae60) ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r10 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r11, 0xae60) ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r11, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) socket$alg(0x26, 0x5, 0x0) 05:59:36 executing program 4: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r5 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000040), 0x0) r6 = accept$alg(r5, 0x0, 0x0) r7 = dup(r6) recvmsg$can_raw(r7, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r7, 0xae47, 0x0) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r9, 0xae60) ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r10 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r11, 0xae60) ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r11, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) socket$alg(0x26, 0x5, 0x0) 05:59:36 executing program 0: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r5 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000040), 0x0) r6 = accept$alg(r5, 0x0, 0x0) r7 = dup(r6) recvmsg$can_raw(r7, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r7, 0xae47, 0x0) 05:59:36 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x19d, 0x0) 05:59:36 executing program 3: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r5 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000040), 0x0) r6 = accept$alg(r5, 0x0, 0x0) r7 = dup(r6) recvmsg$can_raw(r7, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r7, 0xae47, 0x0) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r9, 0xae60) ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) r10 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r11, 0xae60) ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x0) r12 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r12, 0x117, 0x1, &(0x7f0000000040), 0x0) [ 3111.755389][ C1] print_req_error: 173 callbacks suppressed [ 3111.755406][ C1] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3111.772358][ C1] buffer_io_error: 173 callbacks suppressed [ 3111.772370][ C1] Buffer I/O error on dev loop0, logical block 0, async page read [ 3111.786424][ C0] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3111.797348][ C0] Buffer I/O error on dev loop0, logical block 0, async page read [ 3111.865472][ C0] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3111.876431][ C0] Buffer I/O error on dev loop0, logical block 0, async page read 05:59:37 executing program 5: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) 05:59:37 executing program 4: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r5 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000040), 0x0) r6 = accept$alg(r5, 0x0, 0x0) r7 = dup(r6) recvmsg$can_raw(r7, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r7, 0xae47, 0x0) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r9, 0xae60) ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r10 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r11, 0xae60) ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r11, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) socket$alg(0x26, 0x5, 0x0) 05:59:37 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x19e, 0x0) 05:59:37 executing program 0: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r5 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000040), 0x0) r6 = accept$alg(r5, 0x0, 0x0) r7 = dup(r6) recvmsg$can_raw(r7, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) [ 3111.955193][ C0] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3111.966131][ C0] Buffer I/O error on dev loop0, logical block 0, async page read 05:59:37 executing program 1: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r5 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000040), 0x0) r6 = accept$alg(r5, 0x0, 0x0) r7 = dup(r6) recvmsg$can_raw(r7, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r7, 0xae47, 0x0) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r9, 0xae60) ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r10 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r11, 0xae60) ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r11, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) socket$alg(0x26, 0x5, 0x0) [ 3112.030269][ C0] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3112.041326][ C0] Buffer I/O error on dev loop0, logical block 0, async page read [ 3112.088927][ C0] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3112.099998][ C0] Buffer I/O error on dev loop0, logical block 0, async page read [ 3112.211188][ C0] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3112.222317][ C0] Buffer I/O error on dev loop0, logical block 0, async page read [ 3112.236559][ C0] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3112.247614][ C0] Buffer I/O error on dev loop0, logical block 0, async page read [ 3112.258422][ C0] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3112.269356][ C0] Buffer I/O error on dev loop0, logical block 0, async page read [ 3112.277873][ C0] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3112.288876][ C0] Buffer I/O error on dev loop0, logical block 0, async page read 05:59:37 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x19f, 0x0) [ 3112.434122][T14555] syz-executor.5 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 3112.488384][T14555] CPU: 0 PID: 14555 Comm: syz-executor.5 Not tainted 5.6.0-rc1-syzkaller #0 [ 3112.497124][T14555] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3112.507192][T14555] Call Trace: [ 3112.510517][T14555] dump_stack+0x11d/0x181 [ 3112.514900][T14555] dump_header+0xaa/0x39c [ 3112.519276][T14555] oom_kill_process.cold+0x10/0x15 [ 3112.524587][T14555] out_of_memory+0x231/0xa60 [ 3112.529209][T14555] ? __rcu_read_unlock+0x66/0x2f0 [ 3112.534493][T14555] mem_cgroup_out_of_memory+0x128/0x150 [ 3112.540149][T14555] try_charge+0xb6c/0xbf0 [ 3112.544533][T14555] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3112.550971][T14555] ? debug_smp_processor_id+0x43/0x137 [ 3112.556718][T14555] __memcg_kmem_charge_memcg+0x4a/0xe0 [ 3112.562215][T14555] __memcg_kmem_charge+0xcf/0x1b0 [ 3112.567270][T14555] __alloc_pages_nodemask+0x26c/0x310 [ 3112.572675][T14555] alloc_pages_current+0xd1/0x170 [ 3112.577715][T14555] pte_alloc_one+0x18/0x50 [ 3112.582155][T14555] __pte_alloc+0x2d/0x220 [ 3112.586659][T14555] copy_page_range+0x13a2/0x1a00 [ 3112.591646][T14555] ? __vma_link_rb+0x3f4/0x440 [ 3112.596487][T14555] dup_mm+0x74a/0xba0 [ 3112.600531][T14555] copy_process+0x39d7/0x3b40 [ 3112.605678][T14555] _do_fork+0xfe/0x7a0 [ 3112.609778][T14555] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3112.616034][T14555] ? ktime_get_ts64+0x286/0x2c0 [ 3112.621026][T14555] __x64_sys_clone+0x130/0x170 [ 3112.625858][T14555] do_syscall_64+0xcc/0x3a0 [ 3112.630403][T14555] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 3112.636415][T14555] RIP: 0033:0x45c449 [ 3112.640323][T14555] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3112.660015][T14555] RSP: 002b:00007ff5fc42cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 3112.668485][T14555] RAX: ffffffffffffffda RBX: 00007ff5fc42d6d4 RCX: 000000000045c449 [ 3112.676461][T14555] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 05:59:37 executing program 0: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r5 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000040), 0x0) r6 = accept$alg(r5, 0x0, 0x0) r7 = dup(r6) recvmsg$can_raw(r7, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) 05:59:37 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x1a0, 0x0) 05:59:38 executing program 3: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r5 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000040), 0x0) r6 = accept$alg(r5, 0x0, 0x0) r7 = dup(r6) recvmsg$can_raw(r7, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r7, 0xae47, 0x0) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r9, 0xae60) ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) r10 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r11, 0xae60) ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x0) r12 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r12, 0x117, 0x1, &(0x7f0000000040), 0x0) 05:59:38 executing program 4: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r5 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000040), 0x0) r6 = accept$alg(r5, 0x0, 0x0) r7 = dup(r6) recvmsg$can_raw(r7, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r7, 0xae47, 0x0) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r9, 0xae60) ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) r10 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r11, 0xae60) ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x0) r12 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r12, 0x117, 0x1, &(0x7f0000000040), 0x0) [ 3112.684446][T14555] RBP: 000000000076bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 3112.692518][T14555] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 3112.700490][T14555] R13: 0000000000000074 R14: 00000000004c2ce6 R15: 000000000076bf2c 05:59:38 executing program 1: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r5 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000040), 0x0) r6 = accept$alg(r5, 0x0, 0x0) r7 = dup(r6) recvmsg$can_raw(r7, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r7, 0xae47, 0x0) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r9, 0xae60) ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r10 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r11, 0xae60) ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r11, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) socket$alg(0x26, 0x5, 0x0) 05:59:38 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x1a1, 0x0) [ 3113.232788][T14555] memory: usage 307200kB, limit 307200kB, failcnt 1459 [ 3113.241077][T14555] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3113.297629][T14555] Memory cgroup stats for /syz5: [ 3113.297829][T14555] anon 270991360 [ 3113.297829][T14555] file 81920 [ 3113.297829][T14555] kernel_stack 3723264 [ 3113.297829][T14555] slab 10412032 [ 3113.297829][T14555] sock 8192 [ 3113.297829][T14555] shmem 40960 [ 3113.297829][T14555] file_mapped 0 [ 3113.297829][T14555] file_dirty 0 [ 3113.297829][T14555] file_writeback 0 [ 3113.297829][T14555] anon_thp 236978176 [ 3113.297829][T14555] inactive_anon 32768 [ 3113.297829][T14555] active_anon 271007744 [ 3113.297829][T14555] inactive_file 0 [ 3113.297829][T14555] active_file 40960 [ 3113.297829][T14555] unevictable 0 [ 3113.297829][T14555] slab_reclaimable 2162688 [ 3113.297829][T14555] slab_unreclaimable 8249344 [ 3113.297829][T14555] pgfault 303369 [ 3113.297829][T14555] pgmajfault 0 [ 3113.297829][T14555] workingset_refault 264 [ 3113.297829][T14555] workingset_activate 99 [ 3113.297829][T14555] workingset_nodereclaim 0 [ 3113.297829][T14555] pgrefill 3266 [ 3113.297829][T14555] pgscan 14590 [ 3113.297829][T14555] pgsteal 592 [ 3113.560929][T14555] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=14682,uid=0 [ 3113.593075][T14555] Memory cgroup out of memory: Killed process 14682 (syz-executor.5) total-vm:74704kB, anon-rss:2212kB, file-rss:35828kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 [ 3113.655376][ T1078] oom_reaper: reaped process 14682 (syz-executor.5), now anon-rss:0kB, file-rss:34868kB, shmem-rss:0kB 05:59:39 executing program 5: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) 05:59:39 executing program 0: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r5 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000040), 0x0) r6 = accept$alg(r5, 0x0, 0x0) dup(r6) 05:59:39 executing program 3: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r5 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000040), 0x0) r6 = accept$alg(r5, 0x0, 0x0) r7 = dup(r6) recvmsg$can_raw(r7, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r7, 0xae47, 0x0) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r9, 0xae60) r10 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r11, 0xae60) ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x0) r12 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r12, 0x117, 0x1, &(0x7f0000000040), 0x0) 05:59:39 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x1a2, 0x0) 05:59:39 executing program 1: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x1a1, 0x0) 05:59:39 executing program 4: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r5 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000040), 0x0) r6 = accept$alg(r5, 0x0, 0x0) r7 = dup(r6) recvmsg$can_raw(r7, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r7, 0xae47, 0x0) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r9, 0xae60) ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) r10 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r11, 0xae60) ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x0) r12 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r12, 0x117, 0x1, &(0x7f0000000040), 0x0) 05:59:39 executing program 1: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x1a1, 0x0) [ 3114.160533][T14630] syz-executor.5 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 3114.252954][T14630] CPU: 0 PID: 14630 Comm: syz-executor.5 Not tainted 5.6.0-rc1-syzkaller #0 [ 3114.261677][T14630] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3114.271849][T14630] Call Trace: [ 3114.275152][T14630] dump_stack+0x11d/0x181 [ 3114.282462][T14630] dump_header+0xaa/0x39c [ 3114.286816][T14630] oom_kill_process.cold+0x10/0x15 [ 3114.292003][T14630] out_of_memory+0x231/0xa60 [ 3114.296618][T14630] ? __rcu_read_unlock+0x66/0x2f0 [ 3114.301784][T14630] mem_cgroup_out_of_memory+0x128/0x150 [ 3114.307455][T14630] try_charge+0xb6c/0xbf0 [ 3114.311829][T14630] __memcg_kmem_charge_memcg+0x4a/0xe0 [ 3114.317429][T14630] __memcg_kmem_charge+0xcf/0x1b0 [ 3114.322562][T14630] __alloc_pages_nodemask+0x26c/0x310 [ 3114.327962][T14630] alloc_pages_current+0xd1/0x170 [ 3114.333010][T14630] get_zeroed_page+0x14/0x50 [ 3114.337697][T14630] __pud_alloc+0x48/0x250 [ 3114.342150][T14630] ? __anon_vma_interval_tree_augment_rotate+0xfd/0x110 [ 3114.349167][T14630] pud_alloc+0xc3/0x100 [ 3114.353356][T14630] copy_page_range+0x270/0x1a00 [ 3114.358229][T14630] ? __list_add_valid+0x62/0x80 [ 3114.363108][T14630] ? __write_once_size.constprop.0+0x20/0x20 [ 3114.369113][T14630] ? __rb_rotate_set_parents+0x9a/0xf0 [ 3114.374715][T14630] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 3114.381149][T14630] ? vma_gap_callbacks_rotate+0x126/0x190 [ 3114.386947][T14630] ? vm_get_page_prot+0x90/0x90 [ 3114.391861][T14630] dup_mm+0x74a/0xba0 [ 3114.395906][T14630] copy_process+0x39d7/0x3b40 05:59:39 executing program 0: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r5 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000040), 0x0) accept$alg(r5, 0x0, 0x0) 05:59:39 executing program 1: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x1a1, 0x0) [ 3114.400693][T14630] _do_fork+0xfe/0x7a0 [ 3114.404796][T14630] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3114.411110][T14630] ? ktime_get_ts64+0x286/0x2c0 [ 3114.416110][T14630] __x64_sys_clone+0x130/0x170 [ 3114.420945][T14630] do_syscall_64+0xcc/0x3a0 [ 3114.425466][T14630] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 3114.431366][T14630] RIP: 0033:0x45c449 05:59:39 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x1a3, 0x0) [ 3114.435388][T14630] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3114.455077][T14630] RSP: 002b:00007ff5fc42cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 3114.463529][T14630] RAX: ffffffffffffffda RBX: 00007ff5fc42d6d4 RCX: 000000000045c449 [ 3114.471512][T14630] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 3114.479504][T14630] RBP: 000000000076bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 3114.487483][T14630] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 3114.495474][T14630] R13: 0000000000000074 R14: 00000000004c2ce6 R15: 000000000076bf2c 05:59:39 executing program 1: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) [ 3114.714067][T14630] memory: usage 307184kB, limit 307200kB, failcnt 1493 [ 3114.743887][T14630] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3114.785108][T14630] Memory cgroup stats for /syz5: [ 3114.785351][T14630] anon 271142912 [ 3114.785351][T14630] file 81920 [ 3114.785351][T14630] kernel_stack 3723264 [ 3114.785351][T14630] slab 10412032 [ 3114.785351][T14630] sock 8192 [ 3114.785351][T14630] shmem 40960 [ 3114.785351][T14630] file_mapped 0 [ 3114.785351][T14630] file_dirty 0 [ 3114.785351][T14630] file_writeback 0 [ 3114.785351][T14630] anon_thp 236978176 [ 3114.785351][T14630] inactive_anon 32768 [ 3114.785351][T14630] active_anon 271159296 [ 3114.785351][T14630] inactive_file 0 [ 3114.785351][T14630] active_file 40960 [ 3114.785351][T14630] unevictable 0 [ 3114.785351][T14630] slab_reclaimable 2162688 [ 3114.785351][T14630] slab_unreclaimable 8249344 [ 3114.785351][T14630] pgfault 303468 [ 3114.785351][T14630] pgmajfault 0 [ 3114.785351][T14630] workingset_refault 264 [ 3114.785351][T14630] workingset_activate 99 [ 3114.785351][T14630] workingset_nodereclaim 0 [ 3114.785351][T14630] pgrefill 3299 [ 3114.785351][T14630] pgscan 14797 [ 3114.785351][T14630] pgsteal 626 05:59:40 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x1a4, 0x0) [ 3115.395133][T14630] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=7527,uid=0 [ 3115.412278][T14630] Memory cgroup out of memory: Killed process 7527 (syz-executor.5) total-vm:74968kB, anon-rss:2228kB, file-rss:35804kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000 05:59:40 executing program 5: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) 05:59:40 executing program 0: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r5 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000040), 0x0) 05:59:40 executing program 4: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r5 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000040), 0x0) r6 = accept$alg(r5, 0x0, 0x0) r7 = dup(r6) recvmsg$can_raw(r7, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r7, 0xae47, 0x0) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r9, 0xae60) ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) r10 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r11, 0xae60) ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x0) r12 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r12, 0x117, 0x1, &(0x7f0000000040), 0x0) 05:59:40 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x1a5, 0x0) 05:59:40 executing program 1: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) 05:59:40 executing program 3: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r5 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000040), 0x0) r6 = accept$alg(r5, 0x0, 0x0) r7 = dup(r6) recvmsg$can_raw(r7, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r7, 0xae47, 0x0) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r9, 0xae60) r10 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r11, 0xae60) ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x0) r12 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r12, 0x117, 0x1, &(0x7f0000000040), 0x0) [ 3115.850336][T14712] syz-executor.1 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=0 [ 3115.878840][T14712] CPU: 1 PID: 14712 Comm: syz-executor.1 Not tainted 5.6.0-rc1-syzkaller #0 [ 3115.887594][T14712] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3115.897651][T14712] Call Trace: [ 3115.901074][T14712] dump_stack+0x11d/0x181 [ 3115.905446][T14712] dump_header+0xaa/0x39c [ 3115.909816][T14712] oom_kill_process.cold+0x10/0x15 [ 3115.914957][T14712] out_of_memory+0x231/0xa60 [ 3115.919571][T14712] ? __rcu_read_unlock+0x66/0x2f0 [ 3115.924650][T14712] mem_cgroup_out_of_memory+0x128/0x150 [ 3115.930233][T14712] try_charge+0xb6c/0xbf0 [ 3115.934611][T14712] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3115.940905][T14712] __memcg_kmem_charge_memcg+0x4a/0xe0 [ 3115.946423][T14712] __memcg_kmem_charge+0xcf/0x1b0 [ 3115.951467][T14712] __alloc_pages_nodemask+0x26c/0x310 [ 3115.956984][T14712] alloc_pages_current+0xd1/0x170 [ 3115.962059][T14712] pte_alloc_one+0x18/0x50 [ 3115.966822][T14712] __pte_alloc+0x2d/0x220 [ 3115.971251][T14712] copy_page_range+0x13a2/0x1a00 [ 3115.976263][T14712] ? __vma_link_rb+0x3f4/0x440 [ 3115.981403][T14712] dup_mm+0x74a/0xba0 [ 3115.985504][T14712] copy_process+0x39d7/0x3b40 [ 3115.990267][T14712] _do_fork+0xfe/0x7a0 [ 3115.994519][T14712] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3116.000781][T14712] ? ktime_get_ts64+0x286/0x2c0 [ 3116.006190][T14712] __x64_sys_clone+0x130/0x170 [ 3116.010990][T14712] do_syscall_64+0xcc/0x3a0 [ 3116.015587][T14712] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 3116.021506][T14712] RIP: 0033:0x45c449 [ 3116.025528][T14712] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 05:59:41 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x1a6, 0x0) [ 3116.045142][T14712] RSP: 002b:00007f86ddabac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 3116.053594][T14712] RAX: ffffffffffffffda RBX: 00007f86ddabb6d4 RCX: 000000000045c449 [ 3116.061599][T14712] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 3116.069574][T14712] RBP: 000000000076bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 3116.077925][T14712] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 3116.085945][T14712] R13: 0000000000000074 R14: 00000000004c2ce6 R15: 000000000076bf2c [ 3116.140933][T14712] memory: usage 307200kB, limit 307200kB, failcnt 2633 [ 3116.193989][T14712] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3116.278024][T14712] Memory cgroup stats for /syz1: [ 3116.278240][T14712] anon 278691840 [ 3116.278240][T14712] file 45056 [ 3116.278240][T14712] kernel_stack 3244032 [ 3116.278240][T14712] slab 7667712 [ 3116.278240][T14712] sock 12288 [ 3116.278240][T14712] shmem 28672 [ 3116.278240][T14712] file_mapped 135168 [ 3116.278240][T14712] file_dirty 0 [ 3116.278240][T14712] file_writeback 0 [ 3116.278240][T14712] anon_thp 249561088 [ 3116.278240][T14712] inactive_anon 139264 [ 3116.278240][T14712] active_anon 278691840 [ 3116.278240][T14712] inactive_file 32768 [ 3116.278240][T14712] active_file 69632 [ 3116.278240][T14712] unevictable 8192 [ 3116.278240][T14712] slab_reclaimable 1622016 [ 3116.278240][T14712] slab_unreclaimable 6045696 [ 3116.278240][T14712] pgfault 335478 [ 3116.278240][T14712] pgmajfault 0 [ 3116.278240][T14712] workingset_refault 165 [ 3116.278240][T14712] workingset_activate 33 [ 3116.278240][T14712] workingset_nodereclaim 0 [ 3116.278240][T14712] pgrefill 1391 [ 3116.278240][T14712] pgscan 6694 [ 3116.278240][T14712] pgsteal 5763 05:59:41 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x1a7, 0x0) 05:59:41 executing program 3: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r5 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000040), 0x0) r6 = accept$alg(r5, 0x0, 0x0) r7 = dup(r6) recvmsg$can_raw(r7, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r7, 0xae47, 0x0) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r9, 0xae60) r10 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r11, 0xae60) ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x0) r12 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r12, 0x117, 0x1, &(0x7f0000000040), 0x0) 05:59:41 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x1a8, 0x0) [ 3116.771031][T14712] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=9439,uid=0 [ 3116.862851][T14712] Memory cgroup out of memory: Killed process 9439 (syz-executor.1) total-vm:74836kB, anon-rss:4264kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:124kB oom_score_adj:1000 [ 3116.923880][ T1078] oom_reaper: reaped process 9439 (syz-executor.1), now anon-rss:0kB, file-rss:34688kB, shmem-rss:0kB [ 3116.935718][T14718] syz-executor.5 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 3116.973153][T14718] CPU: 1 PID: 14718 Comm: syz-executor.5 Not tainted 5.6.0-rc1-syzkaller #0 [ 3116.983086][T14718] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3116.993243][T14718] Call Trace: [ 3116.996557][T14718] dump_stack+0x11d/0x181 [ 3117.001029][T14718] dump_header+0xaa/0x39c [ 3117.005464][T14718] oom_kill_process.cold+0x10/0x15 [ 3117.010745][T14718] out_of_memory+0x231/0xa60 [ 3117.015382][T14718] mem_cgroup_out_of_memory+0x128/0x150 [ 3117.021029][T14718] try_charge+0xb6c/0xbf0 [ 3117.025393][T14718] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3117.031679][T14718] __memcg_kmem_charge_memcg+0x4a/0xe0 [ 3117.037173][T14718] __memcg_kmem_charge+0xcf/0x1b0 [ 3117.042226][T14718] __alloc_pages_nodemask+0x26c/0x310 [ 3117.047648][T14718] alloc_pages_current+0xd1/0x170 [ 3117.052689][T14718] pte_alloc_one+0x18/0x50 [ 3117.057158][T14718] __pte_alloc+0x2d/0x220 [ 3117.061528][T14718] copy_page_range+0x13a2/0x1a00 [ 3117.066590][T14718] ? __vma_link_rb+0x3f4/0x440 [ 3117.071380][T14718] dup_mm+0x74a/0xba0 [ 3117.075417][T14718] copy_process+0x39d7/0x3b40 [ 3117.080586][T14718] _do_fork+0xfe/0x7a0 [ 3117.084681][T14718] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3117.091050][T14718] ? ktime_get_ts64+0x286/0x2c0 [ 3117.095970][T14718] __x64_sys_clone+0x130/0x170 [ 3117.100781][T14718] do_syscall_64+0xcc/0x3a0 [ 3117.105311][T14718] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 3117.112441][T14718] RIP: 0033:0x45c449 [ 3117.116350][T14718] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3117.136149][T14718] RSP: 002b:00007ff5fc42cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 3117.144581][T14718] RAX: ffffffffffffffda RBX: 00007ff5fc42d6d4 RCX: 000000000045c449 [ 3117.152567][T14718] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 3117.160655][T14718] RBP: 000000000076bf20 R08: ffffffffffffffff R09: 0000000000000000 05:59:42 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x1a9, 0x0) [ 3117.168704][T14718] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 3117.176771][T14718] R13: 0000000000000074 R14: 00000000004c2ce6 R15: 000000000076bf2c [ 3117.190371][T14718] memory: usage 307200kB, limit 307200kB, failcnt 1521 [ 3117.197927][T14718] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3117.205800][T14718] Memory cgroup stats for /syz5: [ 3117.205952][T14718] anon 271089664 [ 3117.205952][T14718] file 81920 [ 3117.205952][T14718] kernel_stack 3723264 [ 3117.205952][T14718] slab 10547200 [ 3117.205952][T14718] sock 8192 [ 3117.205952][T14718] shmem 40960 [ 3117.205952][T14718] file_mapped 0 [ 3117.205952][T14718] file_dirty 0 [ 3117.205952][T14718] file_writeback 0 [ 3117.205952][T14718] anon_thp 236978176 [ 3117.205952][T14718] inactive_anon 32768 [ 3117.205952][T14718] active_anon 271106048 [ 3117.205952][T14718] inactive_file 0 [ 3117.205952][T14718] active_file 40960 [ 3117.205952][T14718] unevictable 0 [ 3117.205952][T14718] slab_reclaimable 2162688 [ 3117.205952][T14718] slab_unreclaimable 8384512 05:59:42 executing program 1: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) [ 3117.205952][T14718] pgfault 303534 [ 3117.205952][T14718] pgmajfault 0 [ 3117.205952][T14718] workingset_refault 264 [ 3117.205952][T14718] workingset_activate 99 [ 3117.205952][T14718] workingset_nodereclaim 0 [ 3117.205952][T14718] pgrefill 3332 [ 3117.205952][T14718] pgscan 14901 [ 3117.205952][T14718] pgsteal 626 [ 3117.478173][T14718] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=5581,uid=0 [ 3117.533707][T14718] Memory cgroup out of memory: Killed process 5581 (syz-executor.5) total-vm:74704kB, anon-rss:2212kB, file-rss:35824kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 [ 3117.665791][T14702] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3117.692419][T14702] CPU: 1 PID: 14702 Comm: syz-executor.0 Not tainted 5.6.0-rc1-syzkaller #0 [ 3117.701134][T14702] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3117.711267][T14702] Call Trace: [ 3117.714597][T14702] dump_stack+0x11d/0x181 [ 3117.718947][T14702] dump_header+0xaa/0x39c [ 3117.723304][T14702] oom_kill_process.cold+0x10/0x15 [ 3117.728438][T14702] out_of_memory+0x231/0xa60 [ 3117.733098][T14702] mem_cgroup_out_of_memory+0x128/0x150 [ 3117.738668][T14702] try_charge+0xb6c/0xbf0 [ 3117.743058][T14702] __memcg_kmem_charge_memcg+0x4a/0xe0 [ 3117.748674][T14702] __memcg_kmem_charge+0xcf/0x1b0 [ 3117.753725][T14702] copy_process+0x12bc/0x3b40 [ 3117.758414][T14702] ? record_times+0x16/0x90 [ 3117.762935][T14702] ? psi_task_change+0x1ad/0x2d0 [ 3117.767899][T14702] ? try_to_free_mem_cgroup_pages+0x258/0x4d0 [ 3117.774066][T14702] _do_fork+0xfe/0x7a0 [ 3117.778256][T14702] ? __rcu_read_unlock+0x66/0x2f0 [ 3117.783420][T14702] ? blkcg_maybe_throttle_current+0x23d/0x580 [ 3117.789516][T14702] __x64_sys_clone+0x130/0x170 [ 3117.794321][T14702] do_syscall_64+0xcc/0x3a0 [ 3117.798869][T14702] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 3117.804959][T14702] RIP: 0033:0x45ee19 [ 3117.808995][T14702] Code: ff 48 85 f6 0f 84 d7 8c fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8c fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 3117.828619][T14702] RSP: 002b:00007ffde03e8dd8 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 3117.837045][T14702] RAX: ffffffffffffffda RBX: 00007fc022a43700 RCX: 000000000045ee19 [ 3117.845027][T14702] RDX: 00007fc022a439d0 RSI: 00007fc022a42db0 RDI: 00000000003d0f00 [ 3117.853010][T14702] RBP: 00007ffde03e8ff0 R08: 00007fc022a43700 R09: 00007fc022a43700 [ 3117.861042][T14702] R10: 00007fc022a439d0 R11: 0000000000000202 R12: 0000000000000000 [ 3117.869016][T14702] R13: 00007ffde03e8e8f R14: 00007fc022a439c0 R15: 000000000076bfcc [ 3118.010250][T14702] memory: usage 307200kB, limit 307200kB, failcnt 1756 [ 3118.037044][T14702] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3118.061451][T14702] Memory cgroup stats for /syz0: [ 3118.061640][T14702] anon 221782016 [ 3118.061640][T14702] file 47108096 [ 3118.061640][T14702] kernel_stack 4055040 [ 3118.061640][T14702] slab 9494528 [ 3118.061640][T14702] sock 0 [ 3118.061640][T14702] shmem 46977024 [ 3118.061640][T14702] file_mapped 0 [ 3118.061640][T14702] file_dirty 0 [ 3118.061640][T14702] file_writeback 0 [ 3118.061640][T14702] anon_thp 186646528 [ 3118.061640][T14702] inactive_anon 0 [ 3118.061640][T14702] active_anon 268808192 05:59:43 executing program 5: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) [ 3118.061640][T14702] inactive_file 0 [ 3118.061640][T14702] active_file 57344 [ 3118.061640][T14702] unevictable 0 [ 3118.061640][T14702] slab_reclaimable 1486848 [ 3118.061640][T14702] slab_unreclaimable 8007680 [ 3118.061640][T14702] pgfault 345114 [ 3118.061640][T14702] pgmajfault 0 [ 3118.061640][T14702] workingset_refault 264 [ 3118.061640][T14702] workingset_activate 99 [ 3118.061640][T14702] workingset_nodereclaim 0 [ 3118.061640][T14702] pgrefill 1373 [ 3118.061640][T14702] pgscan 1584 [ 3118.061640][T14702] pgsteal 690 [ 3118.257389][T14702] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=1461,uid=0 [ 3118.275812][T14702] Memory cgroup out of memory: Killed process 1461 (syz-executor.0) total-vm:74836kB, anon-rss:2220kB, file-rss:35788kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 [ 3118.299022][ T1078] oom_reaper: reaped process 1461 (syz-executor.0), now anon-rss:0kB, file-rss:34828kB, shmem-rss:0kB 05:59:43 executing program 0: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) socket$alg(0x26, 0x5, 0x0) 05:59:43 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x1aa, 0x0) 05:59:43 executing program 4: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r5 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000040), 0x0) r6 = accept$alg(r5, 0x0, 0x0) r7 = dup(r6) recvmsg$can_raw(r7, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r7, 0xae47, 0x0) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r9, 0xae60) r10 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r11, 0xae60) ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x0) r12 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r12, 0x117, 0x1, &(0x7f0000000040), 0x0) 05:59:43 executing program 1: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) 05:59:43 executing program 3: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r5 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000040), 0x0) r6 = accept$alg(r5, 0x0, 0x0) r7 = dup(r6) recvmsg$can_raw(r7, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r7, 0xae47, 0x0) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) r10 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r11, 0xae60) ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x0) r12 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r12, 0x117, 0x1, &(0x7f0000000040), 0x0) 05:59:43 executing program 5: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) [ 3118.703542][ C0] print_req_error: 234 callbacks suppressed [ 3118.703563][ C0] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3118.720534][ C0] buffer_io_error: 234 callbacks suppressed [ 3118.720553][ C0] Buffer I/O error on dev loop0, logical block 0, async page read 05:59:44 executing program 5: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) [ 3118.821344][T14814] syz-executor.3 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 3118.838011][ C0] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3118.848939][ C0] Buffer I/O error on dev loop0, logical block 0, async page read [ 3118.860956][ C1] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 05:59:44 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x1ab, 0x0) [ 3118.871856][ C1] Buffer I/O error on dev loop0, logical block 0, async page read 05:59:44 executing program 1: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r5 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000040), 0x0) [ 3118.922127][T14814] CPU: 0 PID: 14814 Comm: syz-executor.3 Not tainted 5.6.0-rc1-syzkaller #0 [ 3118.930915][T14814] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3118.941088][T14814] Call Trace: [ 3118.944399][T14814] dump_stack+0x11d/0x181 [ 3118.948763][T14814] dump_header+0xaa/0x39c [ 3118.953122][T14814] oom_kill_process.cold+0x10/0x15 [ 3118.958330][T14814] out_of_memory+0x231/0xa60 [ 3118.962933][T14814] ? __rcu_read_unlock+0x66/0x2f0 [ 3118.967988][T14814] mem_cgroup_out_of_memory+0x128/0x150 [ 3118.973203][ C1] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3118.973554][T14814] try_charge+0xb6c/0xbf0 [ 3118.973649][T14814] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3118.984478][ C1] Buffer I/O error on dev loop0, logical block 0, async page read [ 3118.988820][T14814] __memcg_kmem_charge_memcg+0x4a/0xe0 [ 3119.008314][T14814] __memcg_kmem_charge+0xcf/0x1b0 [ 3119.013377][T14814] __alloc_pages_nodemask+0x26c/0x310 [ 3119.018802][T14814] alloc_pages_current+0xd1/0x170 [ 3119.023932][T14814] pte_alloc_one+0x18/0x50 [ 3119.028374][T14814] __pte_alloc+0x2d/0x220 [ 3119.032871][T14814] copy_page_range+0x13a2/0x1a00 [ 3119.037981][T14814] ? __vma_link_rb+0x3f4/0x440 [ 3119.042777][T14814] dup_mm+0x74a/0xba0 [ 3119.046947][T14814] copy_process+0x39d7/0x3b40 [ 3119.051672][T14814] _do_fork+0xfe/0x7a0 [ 3119.055793][T14814] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3119.062057][T14814] ? ktime_get_ts64+0x286/0x2c0 [ 3119.067061][T14814] __x64_sys_clone+0x130/0x170 [ 3119.067643][ C1] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3119.071886][T14814] do_syscall_64+0xcc/0x3a0 [ 3119.071917][T14814] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 3119.083002][ C1] Buffer I/O error on dev loop0, logical block 0, async page read [ 3119.087522][T14814] RIP: 0033:0x45c449 [ 3119.105248][T14814] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3119.124945][T14814] RSP: 002b:00007f331e30dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 3119.133520][T14814] RAX: ffffffffffffffda RBX: 00007f331e30e6d4 RCX: 000000000045c449 [ 3119.141503][T14814] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 3119.149484][T14814] RBP: 000000000076bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 3119.157472][T14814] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 3119.165555][T14814] R13: 0000000000000074 R14: 00000000004c2ce6 R15: 000000000076bf2c 05:59:44 executing program 5: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) [ 3119.168499][ C1] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3119.184471][ C1] Buffer I/O error on dev loop0, logical block 0, async page read 05:59:44 executing program 1: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r5 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000040), 0x0) accept$alg(r5, 0x0, 0x0) [ 3119.272513][ C1] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3119.283451][ C1] Buffer I/O error on dev loop0, logical block 0, async page read 05:59:44 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x1ac, 0x0) [ 3119.359314][ C1] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3119.370266][ C1] Buffer I/O error on dev loop0, logical block 0, async page read [ 3119.453679][ C1] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3119.464629][ C1] Buffer I/O error on dev loop0, logical block 0, async page read [ 3119.537039][ C1] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3119.548005][ C1] Buffer I/O error on dev loop0, logical block 0, async page read [ 3119.654492][T14814] memory: usage 306908kB, limit 307200kB, failcnt 304 [ 3119.701596][T14814] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3119.726668][T14814] Memory cgroup stats for /syz3: [ 3119.726816][T14814] anon 283201536 [ 3119.726816][T14814] file 159744 [ 3119.726816][T14814] kernel_stack 2396160 [ 3119.726816][T14814] slab 8687616 [ 3119.726816][T14814] sock 0 [ 3119.726816][T14814] shmem 106496 [ 3119.726816][T14814] file_mapped 0 [ 3119.726816][T14814] file_dirty 0 [ 3119.726816][T14814] file_writeback 0 [ 3119.726816][T14814] anon_thp 266338304 [ 3119.726816][T14814] inactive_anon 135168 [ 3119.726816][T14814] active_anon 283201536 [ 3119.726816][T14814] inactive_file 0 [ 3119.726816][T14814] active_file 69632 [ 3119.726816][T14814] unevictable 0 [ 3119.726816][T14814] slab_reclaimable 1622016 [ 3119.726816][T14814] slab_unreclaimable 7065600 [ 3119.726816][T14814] pgfault 222222 [ 3119.726816][T14814] pgmajfault 0 [ 3119.726816][T14814] workingset_refault 99 [ 3119.726816][T14814] workingset_activate 0 [ 3119.726816][T14814] workingset_nodereclaim 0 [ 3119.726816][T14814] pgrefill 565 [ 3119.726816][T14814] pgscan 545 [ 3119.726816][T14814] pgsteal 244 [ 3119.902747][T14814] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=23502,uid=0 [ 3119.965012][T14814] Memory cgroup out of memory: Killed process 23502 (syz-executor.3) total-vm:74836kB, anon-rss:4268kB, file-rss:35852kB, shmem-rss:0kB, UID:0 pgtables:136kB oom_score_adj:1000 [ 3120.042016][T14805] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3120.075028][T14805] CPU: 1 PID: 14805 Comm: syz-executor.0 Not tainted 5.6.0-rc1-syzkaller #0 [ 3120.083747][T14805] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3120.093921][T14805] Call Trace: [ 3120.097228][T14805] dump_stack+0x11d/0x181 [ 3120.101644][T14805] dump_header+0xaa/0x39c [ 3120.106005][T14805] oom_kill_process.cold+0x10/0x15 [ 3120.111148][T14805] out_of_memory+0x231/0xa60 [ 3120.115771][T14805] mem_cgroup_out_of_memory+0x128/0x150 [ 3120.121403][T14805] try_charge+0xb6c/0xbf0 [ 3120.125873][T14805] mem_cgroup_try_charge+0xd2/0x260 [ 3120.131119][T14805] mem_cgroup_try_charge_delay+0x3a/0x80 [ 3120.136775][T14805] wp_page_copy+0x322/0xf20 [ 3120.141305][T14805] ? __read_once_size+0x41/0xe0 [ 3120.146319][T14805] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 3120.152271][T14805] do_wp_page+0x192/0xd20 [ 3120.156688][T14805] __handle_mm_fault+0x1d16/0x2e00 [ 3120.161834][T14805] handle_mm_fault+0x21b/0x530 [ 3120.166625][T14805] do_page_fault+0x496/0xa3d [ 3120.171237][T14805] page_fault+0x34/0x40 [ 3120.175438][T14805] RIP: 0033:0x411498 [ 3120.179481][T14805] Code: 8b 34 c6 4a 8d 04 2e 48 3d ff ff ff 7e 0f 86 77 ff ff ff bf 58 1d 4c 00 31 c0 e8 13 0a ff ff 31 ff e8 5c 06 ff ff 0f 1f 40 00 <89> 3c b5 00 00 74 00 eb b6 31 ed 0f 1f 44 00 00 80 3d ae 11 87 00 [ 3120.199093][T14805] RSP: 002b:00007ffde03e8e40 EFLAGS: 00010246 [ 3120.205156][T14805] RAX: 000000000ee1c7b2 RBX: 000000005bac9637 RCX: 0000001b32f20000 [ 3120.213124][T14805] RDX: 0000000000000000 RSI: 00000000000007b2 RDI: ffffffff0ee1c7b2 [ 3120.221094][T14805] RBP: 0000000000000001 R08: 000000000ee1c7b2 R09: 000000000ee1c7b6 [ 3120.229068][T14805] R10: 00007ffde03e8fe0 R11: 0000000000000246 R12: 000000000076c048 [ 3120.237045][T14805] R13: 0000000080000000 R14: 00007fc024865008 R15: 0000000000000006 [ 3120.258854][T14805] memory: usage 307140kB, limit 307200kB, failcnt 1796 [ 3120.266064][T14805] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3120.273692][T14805] Memory cgroup stats for /syz0: [ 3120.273973][T14805] anon 221577216 [ 3120.273973][T14805] file 47108096 [ 3120.273973][T14805] kernel_stack 4055040 [ 3120.273973][T14805] slab 9494528 [ 3120.273973][T14805] sock 0 [ 3120.273973][T14805] shmem 46977024 [ 3120.273973][T14805] file_mapped 0 [ 3120.273973][T14805] file_dirty 0 [ 3120.273973][T14805] file_writeback 0 [ 3120.273973][T14805] anon_thp 186646528 [ 3120.273973][T14805] inactive_anon 0 [ 3120.273973][T14805] active_anon 268603392 [ 3120.273973][T14805] inactive_file 0 [ 3120.273973][T14805] active_file 57344 [ 3120.273973][T14805] unevictable 0 [ 3120.273973][T14805] slab_reclaimable 1486848 [ 3120.273973][T14805] slab_unreclaimable 8007680 [ 3120.273973][T14805] pgfault 345213 [ 3120.273973][T14805] pgmajfault 0 [ 3120.273973][T14805] workingset_refault 264 [ 3120.273973][T14805] workingset_activate 99 [ 3120.273973][T14805] workingset_nodereclaim 0 [ 3120.273973][T14805] pgrefill 1373 [ 3120.273973][T14805] pgscan 1617 [ 3120.273973][T14805] pgsteal 690 [ 3120.484664][T14805] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=14805,uid=0 [ 3120.504500][T14805] Memory cgroup out of memory: Killed process 14805 (syz-executor.0) total-vm:74836kB, anon-rss:2228kB, file-rss:35780kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 [ 3120.550901][ T1078] oom_reaper: reaped process 14805 (syz-executor.0), now anon-rss:0kB, file-rss:34820kB, shmem-rss:0kB 05:59:45 executing program 0: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) socket$alg(0x26, 0x5, 0x0) 05:59:45 executing program 5: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) dup(r1) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) 05:59:45 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x1ad, 0x0) 05:59:45 executing program 1: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r5 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000040), 0x0) r6 = accept$alg(r5, 0x0, 0x0) r7 = dup(r6) recvmsg$can_raw(r7, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r7, 0xae47, 0x0) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r9, 0xae60) ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) r10 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r11, 0xae60) ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x0) r12 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r12, 0x117, 0x1, &(0x7f0000000040), 0x0) [ 3120.784164][T14884] syz-executor.0 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 3120.823501][T14884] CPU: 1 PID: 14884 Comm: syz-executor.0 Not tainted 5.6.0-rc1-syzkaller #0 [ 3120.832232][T14884] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3120.842292][T14884] Call Trace: [ 3120.845628][T14884] dump_stack+0x11d/0x181 [ 3120.850053][T14884] dump_header+0xaa/0x39c [ 3120.854504][T14884] oom_kill_process.cold+0x10/0x15 [ 3120.859626][T14884] out_of_memory+0x231/0xa60 [ 3120.864228][T14884] ? __rcu_read_unlock+0x66/0x2f0 [ 3120.869283][T14884] mem_cgroup_out_of_memory+0x128/0x150 [ 3120.874959][T14884] try_charge+0xb6c/0xbf0 [ 3120.879320][T14884] __memcg_kmem_charge_memcg+0x4a/0xe0 [ 3120.884813][T14884] __memcg_kmem_charge+0xcf/0x1b0 [ 3120.889858][T14884] __alloc_pages_nodemask+0x26c/0x310 [ 3120.895249][T14884] alloc_pages_current+0xd1/0x170 [ 3120.900289][T14884] get_zeroed_page+0x14/0x50 [ 3120.904892][T14884] __pud_alloc+0x48/0x250 [ 3120.909238][T14884] ? __anon_vma_interval_tree_augment_rotate+0xfd/0x110 [ 3120.916339][T14884] pud_alloc+0xc3/0x100 [ 3120.920523][T14884] copy_page_range+0x270/0x1a00 [ 3120.925393][T14884] ? __list_add_valid+0x62/0x80 [ 3120.930263][T14884] ? __write_once_size.constprop.0+0x20/0x20 [ 3120.936451][T14884] ? __rb_rotate_set_parents+0x9a/0xf0 [ 3120.942181][T14884] ? __rb_insert_augmented+0x11a/0x370 [ 3120.947767][T14884] ? vm_get_page_prot+0x90/0x90 [ 3120.952731][T14884] dup_mm+0x74a/0xba0 [ 3120.956782][T14884] copy_process+0x39d7/0x3b40 [ 3120.961546][T14884] _do_fork+0xfe/0x7a0 [ 3120.965635][T14884] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3120.971893][T14884] ? ktime_get_ts64+0x286/0x2c0 [ 3120.976775][T14884] __x64_sys_clone+0x130/0x170 [ 3120.981708][T14884] do_syscall_64+0xcc/0x3a0 [ 3120.986295][T14884] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 3120.992255][T14884] RIP: 0033:0x45c449 [ 3120.996158][T14884] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3121.015853][T14884] RSP: 002b:00007fc022a63c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 3121.024388][T14884] RAX: ffffffffffffffda RBX: 00007fc022a646d4 RCX: 000000000045c449 [ 3121.032503][T14884] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 3121.040480][T14884] RBP: 000000000076bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 3121.048569][T14884] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 3121.056544][T14884] R13: 0000000000000074 R14: 00000000004c2ce6 R15: 000000000076bf2c 05:59:46 executing program 1: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r5 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000040), 0x0) r6 = accept$alg(r5, 0x0, 0x0) r7 = dup(r6) recvmsg$can_raw(r7, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r7, 0xae47, 0x0) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r9, 0xae60) ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) r10 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r11, 0xae60) ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x0) r12 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r12, 0x117, 0x1, &(0x7f0000000040), 0x0) 05:59:46 executing program 4: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r5 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000040), 0x0) r6 = accept$alg(r5, 0x0, 0x0) r7 = dup(r6) recvmsg$can_raw(r7, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r7, 0xae47, 0x0) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r9, 0xae60) r10 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r11, 0xae60) ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x0) r12 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r12, 0x117, 0x1, &(0x7f0000000040), 0x0) 05:59:46 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x1ae, 0x0) 05:59:46 executing program 3: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r5 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000040), 0x0) r6 = accept$alg(r5, 0x0, 0x0) r7 = dup(r6) recvmsg$can_raw(r7, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r7, 0xae47, 0x0) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) r10 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r11, 0xae60) ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x0) r12 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r12, 0x117, 0x1, &(0x7f0000000040), 0x0) [ 3121.081167][T14884] memory: usage 307200kB, limit 307200kB, failcnt 1821 [ 3121.146658][T14884] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3121.177510][T14884] Memory cgroup stats for /syz0: [ 3121.177658][T14884] anon 221712384 [ 3121.177658][T14884] file 47108096 [ 3121.177658][T14884] kernel_stack 4055040 [ 3121.177658][T14884] slab 9494528 05:59:46 executing program 5: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) accept$alg(r0, 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) [ 3121.177658][T14884] sock 0 [ 3121.177658][T14884] shmem 46977024 [ 3121.177658][T14884] file_mapped 0 [ 3121.177658][T14884] file_dirty 0 [ 3121.177658][T14884] file_writeback 0 [ 3121.177658][T14884] anon_thp 186646528 [ 3121.177658][T14884] inactive_anon 0 [ 3121.177658][T14884] active_anon 268738560 [ 3121.177658][T14884] inactive_file 0 [ 3121.177658][T14884] active_file 57344 [ 3121.177658][T14884] unevictable 0 [ 3121.177658][T14884] slab_reclaimable 1486848 [ 3121.177658][T14884] slab_unreclaimable 8007680 [ 3121.177658][T14884] pgfault 345279 [ 3121.177658][T14884] pgmajfault 0 [ 3121.177658][T14884] workingset_refault 264 [ 3121.177658][T14884] workingset_activate 99 [ 3121.177658][T14884] workingset_nodereclaim 0 [ 3121.177658][T14884] pgrefill 1406 [ 3121.177658][T14884] pgscan 1617 [ 3121.177658][T14884] pgsteal 690 05:59:46 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x1af, 0x0) 05:59:46 executing program 1: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r5 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000040), 0x0) r6 = accept$alg(r5, 0x0, 0x0) r7 = dup(r6) recvmsg$can_raw(r7, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r7, 0xae47, 0x0) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r9, 0xae60) ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) r10 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r11, 0xae60) ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x0) r12 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r12, 0x117, 0x1, &(0x7f0000000040), 0x0) [ 3121.367799][T14884] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=18904,uid=0 [ 3121.456762][T14884] Memory cgroup out of memory: Killed process 18904 (syz-executor.0) total-vm:74704kB, anon-rss:2212kB, file-rss:35796kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 [ 3121.550490][ T1078] oom_reaper: reaped process 18904 (syz-executor.0), now anon-rss:0kB, file-rss:34836kB, shmem-rss:0kB 05:59:46 executing program 5: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) accept$alg(r0, 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) [ 3121.691556][T14901] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3121.753567][T14901] CPU: 1 PID: 14901 Comm: syz-executor.3 Not tainted 5.6.0-rc1-syzkaller #0 [ 3121.762377][T14901] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3121.772432][T14901] Call Trace: [ 3121.775850][T14901] dump_stack+0x11d/0x181 [ 3121.780218][T14901] dump_header+0xaa/0x39c [ 3121.784576][T14901] oom_kill_process.cold+0x10/0x15 [ 3121.789912][T14901] out_of_memory+0x231/0xa60 [ 3121.794532][T14901] ? __rcu_read_unlock+0x66/0x2f0 [ 3121.799586][T14901] mem_cgroup_out_of_memory+0x128/0x150 [ 3121.805242][T14901] try_charge+0xb6c/0xbf0 [ 3121.809626][T14901] mem_cgroup_try_charge+0xd2/0x260 [ 3121.814933][T14901] mem_cgroup_try_charge_delay+0x3a/0x80 [ 3121.820752][T14901] __handle_mm_fault+0x197f/0x2e00 [ 3121.826296][T14901] handle_mm_fault+0x21b/0x530 [ 3121.831091][T14901] do_page_fault+0x496/0xa3d [ 3121.835709][T14901] page_fault+0x34/0x40 [ 3121.839914][T14901] RIP: 0033:0x413c3f [ 3121.843870][T14901] Code: 0f 84 c8 02 00 00 48 83 bd 78 ff ff ff 00 0f 84 f9 04 00 00 48 8b 95 68 ff ff ff 44 89 95 38 ff ff ff 4c 8d ac 10 00 f7 ff ff <49> 89 85 90 06 00 00 49 8d 85 10 03 00 00 49 89 95 98 06 00 00 41 [ 3121.863509][T14901] RSP: 002b:00007ffc79c5d860 EFLAGS: 00010206 [ 3121.869591][T14901] RAX: 00007f331e2ac000 RBX: 0000000000020000 RCX: 000000000045c49a [ 3121.877566][T14901] RDX: 0000000000021000 RSI: 0000000000021000 RDI: 0000000000000000 [ 3121.885585][T14901] RBP: 00007ffc79c5d940 R08: ffffffffffffffff R09: 0000000000000000 [ 3121.893570][T14901] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffc79c5da30 05:59:47 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x1b0, 0x0) 05:59:47 executing program 1: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) accept$alg(r0, 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) 05:59:47 executing program 0: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) socket$alg(0x26, 0x5, 0x0) [ 3121.901578][T14901] R13: 00007f331e2cc700 R14: 0000000000000002 R15: 000000000076c06c [ 3122.038718][T14901] memory: usage 307200kB, limit 307200kB, failcnt 353 [ 3122.046269][T14901] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3122.134478][T14901] Memory cgroup stats for /syz3: [ 3122.134643][T14901] anon 283283456 [ 3122.134643][T14901] file 159744 [ 3122.134643][T14901] kernel_stack 2396160 [ 3122.134643][T14901] slab 8687616 [ 3122.134643][T14901] sock 0 [ 3122.134643][T14901] shmem 106496 [ 3122.134643][T14901] file_mapped 0 [ 3122.134643][T14901] file_dirty 0 [ 3122.134643][T14901] file_writeback 0 [ 3122.134643][T14901] anon_thp 266338304 [ 3122.134643][T14901] inactive_anon 135168 [ 3122.134643][T14901] active_anon 283283456 [ 3122.134643][T14901] inactive_file 0 05:59:47 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x1b1, 0x0) 05:59:47 executing program 5: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) [ 3122.134643][T14901] active_file 69632 [ 3122.134643][T14901] unevictable 0 [ 3122.134643][T14901] slab_reclaimable 1622016 [ 3122.134643][T14901] slab_unreclaimable 7065600 [ 3122.134643][T14901] pgfault 222354 [ 3122.134643][T14901] pgmajfault 0 [ 3122.134643][T14901] workingset_refault 99 [ 3122.134643][T14901] workingset_activate 0 [ 3122.134643][T14901] workingset_nodereclaim 0 [ 3122.134643][T14901] pgrefill 565 [ 3122.134643][T14901] pgscan 578 [ 3122.134643][T14901] pgsteal 244 05:59:47 executing program 4: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r5 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000040), 0x0) r6 = accept$alg(r5, 0x0, 0x0) r7 = dup(r6) recvmsg$can_raw(r7, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r7, 0xae47, 0x0) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r9, 0xae60) r10 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r11, 0xae60) ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x0) r12 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r12, 0x117, 0x1, &(0x7f0000000040), 0x0) 05:59:47 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x1b2, 0x0) [ 3122.712992][T14901] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=30696,uid=0 [ 3122.795857][T14901] Memory cgroup out of memory: Killed process 30696 (syz-executor.3) total-vm:74836kB, anon-rss:4268kB, file-rss:35844kB, shmem-rss:0kB, UID:0 pgtables:136kB oom_score_adj:1000 [ 3123.055300][T14902] syz-executor.3 invoked oom-killer: gfp_mask=0x402dc2(GFP_KERNEL_ACCOUNT|__GFP_HIGHMEM|__GFP_NOWARN|__GFP_ZERO), order=0, oom_score_adj=1000 [ 3123.108627][T14902] CPU: 1 PID: 14902 Comm: syz-executor.3 Not tainted 5.6.0-rc1-syzkaller #0 [ 3123.117425][T14902] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3123.127483][T14902] Call Trace: [ 3123.130792][T14902] dump_stack+0x11d/0x181 [ 3123.135135][T14902] dump_header+0xaa/0x39c [ 3123.139474][T14902] oom_kill_process.cold+0x10/0x15 [ 3123.144677][T14902] out_of_memory+0x231/0xa60 [ 3123.149336][T14902] mem_cgroup_out_of_memory+0x128/0x150 [ 3123.155083][T14902] try_charge+0x800/0xbf0 [ 3123.159481][T14902] ? delay_tsc+0x8f/0xc0 [ 3123.163842][T14902] __memcg_kmem_charge_memcg+0x4a/0xe0 [ 3123.169349][T14902] __memcg_kmem_charge+0xcf/0x1b0 [ 3123.174430][T14902] __alloc_pages_nodemask+0x26c/0x310 [ 3123.179899][T14902] alloc_pages_current+0xd1/0x170 [ 3123.184934][T14902] __vmalloc_node_range+0x2c4/0x4a0 [ 3123.190184][T14902] __vmalloc+0x4d/0x70 [ 3123.194272][T14902] ? vmx_vm_alloc+0x40/0x50 [ 3123.198810][T14902] vmx_vm_alloc+0x40/0x50 [ 3123.203157][T14902] kvm_dev_ioctl+0x137/0xcb0 [ 3123.207845][T14902] ? tomoyo_file_ioctl+0x34/0x40 [ 3123.212790][T14902] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3123.219063][T14902] ? kvm_put_kvm+0x6a0/0x6a0 [ 3123.223662][T14902] ksys_ioctl+0x109/0x150 [ 3123.228106][T14902] __x64_sys_ioctl+0x4c/0x60 [ 3123.232775][T14902] do_syscall_64+0xcc/0x3a0 [ 3123.237303][T14902] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 3123.243201][T14902] RIP: 0033:0x45c449 [ 3123.247146][T14902] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3123.266885][T14902] RSP: 002b:00007f331e30dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3123.275468][T14902] RAX: ffffffffffffffda RBX: 00007f331e30e6d4 RCX: 000000000045c449 [ 3123.283463][T14902] RDX: 0000000000000000 RSI: 000000000000ae01 RDI: 0000000000000008 [ 3123.291444][T14902] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 3123.299433][T14902] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 3123.307517][T14902] R13: 0000000000000390 R14: 00000000004c5c51 R15: 000000000076bf2c [ 3123.346876][T14902] memory: usage 302964kB, limit 307200kB, failcnt 353 [ 3123.382024][T14902] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3123.419603][T14902] Memory cgroup stats for /syz3: [ 3123.419825][T14902] anon 279003136 [ 3123.419825][T14902] file 159744 [ 3123.419825][T14902] kernel_stack 2396160 [ 3123.419825][T14902] slab 8687616 [ 3123.419825][T14902] sock 0 [ 3123.419825][T14902] shmem 106496 [ 3123.419825][T14902] file_mapped 0 [ 3123.419825][T14902] file_dirty 0 [ 3123.419825][T14902] file_writeback 0 [ 3123.419825][T14902] anon_thp 262144000 [ 3123.419825][T14902] inactive_anon 135168 [ 3123.419825][T14902] active_anon 279003136 [ 3123.419825][T14902] inactive_file 0 [ 3123.419825][T14902] active_file 69632 [ 3123.419825][T14902] unevictable 0 [ 3123.419825][T14902] slab_reclaimable 1622016 [ 3123.419825][T14902] slab_unreclaimable 7065600 [ 3123.419825][T14902] pgfault 222387 [ 3123.419825][T14902] pgmajfault 0 [ 3123.419825][T14902] workingset_refault 99 [ 3123.419825][T14902] workingset_activate 0 [ 3123.419825][T14902] workingset_nodereclaim 0 [ 3123.419825][T14902] pgrefill 565 [ 3123.419825][T14902] pgscan 578 [ 3123.419825][T14902] pgsteal 244 [ 3123.672318][T14902] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=30735,uid=0 [ 3123.731994][T14902] Memory cgroup out of memory: Killed process 30735 (syz-executor.3) total-vm:74836kB, anon-rss:4268kB, file-rss:35836kB, shmem-rss:0kB, UID:0 pgtables:136kB oom_score_adj:1000 [ 3123.794698][T14940] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 3123.812459][T14940] CPU: 1 PID: 14940 Comm: syz-executor.1 Not tainted 5.6.0-rc1-syzkaller #0 [ 3123.821256][T14940] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3123.831321][T14940] Call Trace: [ 3123.834635][T14940] dump_stack+0x11d/0x181 [ 3123.838987][T14940] dump_header+0xaa/0x39c 05:59:49 executing program 3: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r5 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000040), 0x0) r6 = accept$alg(r5, 0x0, 0x0) r7 = dup(r6) recvmsg$can_raw(r7, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r7, 0xae47, 0x0) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) r10 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r11, 0xae60) ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x0) r12 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r12, 0x117, 0x1, &(0x7f0000000040), 0x0) 05:59:49 executing program 5: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) 05:59:49 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x1b3, 0x0) [ 3123.844022][T14940] oom_kill_process.cold+0x10/0x15 [ 3123.849202][T14940] out_of_memory+0x231/0xa60 [ 3123.853851][T14940] mem_cgroup_out_of_memory+0x128/0x150 [ 3123.859527][T14940] try_charge+0xb6c/0xbf0 [ 3123.863869][T14940] ? vmpressure+0x19e/0x290 [ 3123.868537][T14940] ? __rcu_read_unlock+0x66/0x2f0 [ 3123.873716][T14940] __memcg_kmem_charge_memcg+0x4a/0xe0 [ 3123.879218][T14940] __memcg_kmem_charge+0xcf/0x1b0 [ 3123.884292][T14940] copy_process+0x12bc/0x3b40 [ 3123.889026][T14940] ? record_times+0x16/0x90 [ 3123.893829][T14940] ? psi_task_change+0x1ad/0x2d0 [ 3123.898992][T14940] ? try_to_free_mem_cgroup_pages+0x258/0x4d0 [ 3123.905167][T14940] _do_fork+0xfe/0x7a0 [ 3123.909342][T14940] ? __rcu_read_unlock+0x66/0x2f0 [ 3123.914405][T14940] ? blkcg_maybe_throttle_current+0x23d/0x580 [ 3123.920504][T14940] __x64_sys_clone+0x130/0x170 [ 3123.925298][T14940] do_syscall_64+0xcc/0x3a0 [ 3123.929885][T14940] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 3123.935798][T14940] RIP: 0033:0x45ee19 [ 3123.939783][T14940] Code: ff 48 85 f6 0f 84 d7 8c fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8c fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 3123.959412][T14940] RSP: 002b:00007ffdc74b03f8 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 3123.967839][T14940] RAX: ffffffffffffffda RBX: 00007f86dda9a700 RCX: 000000000045ee19 [ 3123.975818][T14940] RDX: 00007f86dda9a9d0 RSI: 00007f86dda99db0 RDI: 00000000003d0f00 [ 3123.983871][T14940] RBP: 00007ffdc74b0610 R08: 00007f86dda9a700 R09: 00007f86dda9a700 [ 3123.991855][T14940] R10: 00007f86dda9a9d0 R11: 0000000000000202 R12: 0000000000000000 [ 3123.999834][T14940] R13: 00007ffdc74b04af R14: 00007f86dda9a9c0 R15: 000000000076bfcc [ 3124.028593][T14940] memory: usage 307200kB, limit 307200kB, failcnt 2663 [ 3124.038997][T14940] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 05:59:49 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x1b4, 0x0) [ 3124.051528][T14940] Memory cgroup stats for /syz1: [ 3124.051680][T14940] anon 277434368 [ 3124.051680][T14940] file 45056 [ 3124.051680][T14940] kernel_stack 3317760 [ 3124.051680][T14940] slab 7802880 [ 3124.051680][T14940] sock 12288 [ 3124.051680][T14940] shmem 28672 [ 3124.051680][T14940] file_mapped 135168 [ 3124.051680][T14940] file_dirty 0 [ 3124.051680][T14940] file_writeback 0 [ 3124.051680][T14940] anon_thp 247463936 [ 3124.051680][T14940] inactive_anon 139264 [ 3124.051680][T14940] active_anon 277434368 [ 3124.051680][T14940] inactive_file 32768 [ 3124.051680][T14940] active_file 0 [ 3124.051680][T14940] unevictable 8192 [ 3124.051680][T14940] slab_reclaimable 1622016 [ 3124.051680][T14940] slab_unreclaimable 6180864 [ 3124.051680][T14940] pgfault 336336 [ 3124.051680][T14940] pgmajfault 0 [ 3124.051680][T14940] workingset_refault 165 [ 3124.051680][T14940] workingset_activate 33 [ 3124.051680][T14940] workingset_nodereclaim 0 [ 3124.051680][T14940] pgrefill 1458 [ 3124.051680][T14940] pgscan 6727 [ 3124.051680][T14940] pgsteal 5763 [ 3124.191102][T14940] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=9387,uid=0 [ 3124.239367][T14940] Memory cgroup out of memory: Killed process 9387 (syz-executor.1) total-vm:74836kB, anon-rss:4264kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:124kB oom_score_adj:1000 05:59:49 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x1b5, 0x0) [ 3124.352821][T14955] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3124.372152][T14955] CPU: 0 PID: 14955 Comm: syz-executor.0 Not tainted 5.6.0-rc1-syzkaller #0 [ 3124.380879][T14955] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3124.391549][T14955] Call Trace: [ 3124.394868][T14955] dump_stack+0x11d/0x181 [ 3124.399247][T14955] dump_header+0xaa/0x39c [ 3124.403753][T14955] oom_kill_process.cold+0x10/0x15 [ 3124.408897][T14955] out_of_memory+0x231/0xa60 [ 3124.413521][T14955] mem_cgroup_out_of_memory+0x128/0x150 [ 3124.419098][T14955] try_charge+0xb6c/0xbf0 [ 3124.423599][T14955] __memcg_kmem_charge_memcg+0x4a/0xe0 [ 3124.429130][T14955] __memcg_kmem_charge+0xcf/0x1b0 [ 3124.434269][T14955] copy_process+0x12bc/0x3b40 [ 3124.439006][T14955] _do_fork+0xfe/0x7a0 [ 3124.443168][T14955] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3124.449554][T14955] ? ktime_get_ts64+0x286/0x2c0 [ 3124.454451][T14955] __x64_sys_clone+0x130/0x170 [ 3124.459275][T14955] do_syscall_64+0xcc/0x3a0 [ 3124.463814][T14955] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 3124.469726][T14955] RIP: 0033:0x45c449 [ 3124.473639][T14955] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3124.493624][T14955] RSP: 002b:00007fc022a63c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 3124.502174][T14955] RAX: ffffffffffffffda RBX: 00007fc022a646d4 RCX: 000000000045c449 [ 3124.510196][T14955] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 3124.518963][T14955] RBP: 000000000076bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 3124.527060][T14955] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 3124.535047][T14955] R13: 0000000000000074 R14: 00000000004c2ce6 R15: 000000000076bf2c 05:59:49 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x1b6, 0x0) [ 3124.647506][T14955] memory: usage 306984kB, limit 307200kB, failcnt 1857 [ 3124.662102][T14955] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3124.669402][T14955] Memory cgroup stats for /syz0: [ 3124.669554][T14955] anon 221757440 [ 3124.669554][T14955] file 47108096 [ 3124.669554][T14955] kernel_stack 4018176 [ 3124.669554][T14955] slab 9469952 [ 3124.669554][T14955] sock 0 [ 3124.669554][T14955] shmem 46977024 [ 3124.669554][T14955] file_mapped 0 [ 3124.669554][T14955] file_dirty 0 [ 3124.669554][T14955] file_writeback 0 [ 3124.669554][T14955] anon_thp 186646528 [ 3124.669554][T14955] inactive_anon 0 [ 3124.669554][T14955] active_anon 268783616 [ 3124.669554][T14955] inactive_file 0 [ 3124.669554][T14955] active_file 57344 [ 3124.669554][T14955] unevictable 0 [ 3124.669554][T14955] slab_reclaimable 1486848 [ 3124.669554][T14955] slab_unreclaimable 7983104 [ 3124.669554][T14955] pgfault 345378 [ 3124.669554][T14955] pgmajfault 0 [ 3124.669554][T14955] workingset_refault 264 [ 3124.669554][T14955] workingset_activate 99 [ 3124.669554][T14955] workingset_nodereclaim 0 [ 3124.669554][T14955] pgrefill 1406 [ 3124.669554][T14955] pgscan 1650 [ 3124.669554][T14955] pgsteal 690 [ 3124.771041][T14955] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=23785,uid=0 05:59:50 executing program 1: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) accept$alg(r0, 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) [ 3124.843910][T14955] Memory cgroup out of memory: Killed process 23785 (syz-executor.0) total-vm:74704kB, anon-rss:2212kB, file-rss:35796kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 [ 3124.945127][ T1078] oom_reaper: reaped process 23785 (syz-executor.0), now anon-rss:0kB, file-rss:34836kB, shmem-rss:0kB [ 3125.052001][T14950] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3125.141524][T14950] CPU: 1 PID: 14950 Comm: syz-executor.0 Not tainted 5.6.0-rc1-syzkaller #0 [ 3125.150396][T14950] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3125.160453][T14950] Call Trace: [ 3125.163765][T14950] dump_stack+0x11d/0x181 [ 3125.168117][T14950] dump_header+0xaa/0x39c [ 3125.172464][T14950] oom_kill_process.cold+0x10/0x15 [ 3125.177595][T14950] out_of_memory+0x231/0xa60 [ 3125.182214][T14950] mem_cgroup_out_of_memory+0x128/0x150 [ 3125.187780][T14950] try_charge+0x800/0xbf0 [ 3125.192250][T14950] mem_cgroup_try_charge+0xd2/0x260 [ 3125.197523][T14950] mem_cgroup_try_charge_delay+0x3a/0x80 [ 3125.203338][T14950] __handle_mm_fault+0x197f/0x2e00 [ 3125.209459][T14950] handle_mm_fault+0x21b/0x530 [ 3125.214289][T14950] do_page_fault+0x496/0xa3d [ 3125.218909][T14950] page_fault+0x34/0x40 [ 3125.223070][T14950] RIP: 0033:0x413c3f [ 3125.226976][T14950] Code: 0f 84 c8 02 00 00 48 83 bd 78 ff ff ff 00 0f 84 f9 04 00 00 48 8b 95 68 ff ff ff 44 89 95 38 ff ff ff 4c 8d ac 10 00 f7 ff ff <49> 89 85 90 06 00 00 49 8d 85 10 03 00 00 49 89 95 98 06 00 00 41 [ 3125.246757][T14950] RSP: 002b:00007ffde03e8e20 EFLAGS: 00010206 [ 3125.252829][T14950] RAX: 00007fc022a23000 RBX: 0000000000020000 RCX: 000000000045c49a [ 3125.260809][T14950] RDX: 0000000000021000 RSI: 0000000000021000 RDI: 0000000000000000 [ 3125.269016][T14950] RBP: 00007ffde03e8f00 R08: ffffffffffffffff R09: 0000000000000000 [ 3125.276996][T14950] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffde03e8ff0 [ 3125.284975][T14950] R13: 00007fc022a43700 R14: 0000000000000001 R15: 000000000076bfcc [ 3125.529756][T14950] memory: usage 304696kB, limit 307200kB, failcnt 1857 [ 3125.556787][T14950] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3125.579754][T14950] Memory cgroup stats for /syz0: [ 3125.579989][T14950] anon 219545600 [ 3125.579989][T14950] file 47108096 [ 3125.579989][T14950] kernel_stack 4055040 [ 3125.579989][T14950] slab 9469952 [ 3125.579989][T14950] sock 0 [ 3125.579989][T14950] shmem 46977024 [ 3125.579989][T14950] file_mapped 0 [ 3125.579989][T14950] file_dirty 0 [ 3125.579989][T14950] file_writeback 0 [ 3125.579989][T14950] anon_thp 184549376 [ 3125.579989][T14950] inactive_anon 0 [ 3125.579989][T14950] active_anon 266571776 [ 3125.579989][T14950] inactive_file 0 [ 3125.579989][T14950] active_file 57344 [ 3125.579989][T14950] unevictable 0 [ 3125.579989][T14950] slab_reclaimable 1486848 [ 3125.579989][T14950] slab_unreclaimable 7983104 [ 3125.579989][T14950] pgfault 345378 [ 3125.579989][T14950] pgmajfault 0 [ 3125.579989][T14950] workingset_refault 264 [ 3125.579989][T14950] workingset_activate 99 [ 3125.579989][T14950] workingset_nodereclaim 0 [ 3125.579989][T14950] pgrefill 1406 [ 3125.579989][T14950] pgscan 1650 [ 3125.579989][T14950] pgsteal 690 [ 3125.853305][T14950] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=16859,uid=0 [ 3125.894708][T14950] Memory cgroup out of memory: Killed process 16859 (syz-executor.0) total-vm:74836kB, anon-rss:2220kB, file-rss:35788kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 [ 3125.938360][T14979] syz-executor.4 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=0 [ 3125.966012][T14979] CPU: 0 PID: 14979 Comm: syz-executor.4 Not tainted 5.6.0-rc1-syzkaller #0 [ 3125.974888][T14979] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3125.985149][T14979] Call Trace: [ 3125.988493][T14979] dump_stack+0x11d/0x181 [ 3125.992848][T14979] dump_header+0xaa/0x39c [ 3125.997262][T14979] oom_kill_process.cold+0x10/0x15 [ 3126.002536][T14979] out_of_memory+0x231/0xa60 [ 3126.007159][T14979] mem_cgroup_out_of_memory+0x128/0x150 [ 3126.012753][T14979] try_charge+0xb6c/0xbf0 [ 3126.017225][T14979] __memcg_kmem_charge_memcg+0x4a/0xe0 [ 3126.022719][T14979] __memcg_kmem_charge+0xcf/0x1b0 [ 3126.027823][T14979] __alloc_pages_nodemask+0x26c/0x310 [ 3126.033344][T14979] alloc_pages_current+0xd1/0x170 [ 3126.038391][T14979] pte_alloc_one+0x18/0x50 [ 3126.042826][T14979] __pte_alloc+0x2d/0x220 [ 3126.047177][T14979] ? pud_alloc+0xa2/0x100 [ 3126.051531][T14979] copy_page_range+0x13a2/0x1a00 [ 3126.056611][T14979] ? __list_add_valid+0x62/0x80 [ 3126.061497][T14979] ? __rb_rotate_set_parents+0x9a/0xf0 [ 3126.067040][T14979] dup_mm+0x74a/0xba0 [ 3126.071065][T14979] copy_process+0x39d7/0x3b40 [ 3126.075959][T14979] _do_fork+0xfe/0x7a0 [ 3126.080194][T14979] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3126.086509][T14979] ? ktime_get_ts64+0x286/0x2c0 [ 3126.091398][T14979] __x64_sys_clone+0x130/0x170 [ 3126.096251][T14979] do_syscall_64+0xcc/0x3a0 [ 3126.100905][T14979] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 3126.106976][T14979] RIP: 0033:0x45c449 [ 3126.110888][T14979] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3126.130582][T14979] RSP: 002b:00007f7e679b8c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 05:59:51 executing program 0: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000040), 0x0) 05:59:51 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x1b7, 0x0) 05:59:51 executing program 3: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r5 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000040), 0x0) r6 = accept$alg(r5, 0x0, 0x0) r7 = dup(r6) recvmsg$can_raw(r7, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r7, 0xae47, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r9, 0xae60) ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) r10 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r10, 0x117, 0x1, &(0x7f0000000040), 0x0) [ 3126.139024][T14979] RAX: ffffffffffffffda RBX: 00007f7e679b96d4 RCX: 000000000045c449 [ 3126.147007][T14979] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 3126.155100][T14979] RBP: 000000000076bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 3126.163291][T14979] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 3126.171372][T14979] R13: 0000000000000074 R14: 00000000004c2ce6 R15: 000000000076bf2c [ 3126.189403][T14979] memory: usage 307200kB, limit 307200kB, failcnt 1509 [ 3126.217366][T14979] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3126.249319][T14979] Memory cgroup stats for /syz4: [ 3126.249480][T14979] anon 241430528 [ 3126.249480][T14979] file 38240256 [ 3126.249480][T14979] kernel_stack 2875392 [ 3126.249480][T14979] slab 8110080 [ 3126.249480][T14979] sock 94208 [ 3126.249480][T14979] shmem 35209216 [ 3126.249480][T14979] file_mapped 0 [ 3126.249480][T14979] file_dirty 0 [ 3126.249480][T14979] file_writeback 0 [ 3126.249480][T14979] anon_thp 220200960 [ 3126.249480][T14979] inactive_anon 32768 [ 3126.249480][T14979] active_anon 276701184 [ 3126.249480][T14979] inactive_file 2916352 [ 3126.249480][T14979] active_file 0 [ 3126.249480][T14979] unevictable 4096 [ 3126.249480][T14979] slab_reclaimable 1757184 [ 3126.249480][T14979] slab_unreclaimable 6352896 [ 3126.249480][T14979] pgfault 302016 [ 3126.249480][T14979] pgmajfault 0 [ 3126.249480][T14979] workingset_refault 198 [ 3126.249480][T14979] workingset_activate 66 [ 3126.249480][T14979] workingset_nodereclaim 0 [ 3126.249480][T14979] pgrefill 2959 [ 3126.249480][T14979] pgscan 5904273 [ 3126.249480][T14979] pgsteal 450 [ 3126.266429][ C0] print_req_error: 173 callbacks suppressed [ 3126.266449][ C0] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3126.367921][ C0] buffer_io_error: 173 callbacks suppressed [ 3126.367932][ C0] Buffer I/O error on dev loop0, logical block 0, async page read [ 3126.411246][ C0] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3126.422225][ C0] Buffer I/O error on dev loop0, logical block 0, async page read [ 3126.431870][ C0] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3126.442818][ C0] Buffer I/O error on dev loop0, logical block 0, async page read [ 3126.451603][ C0] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3126.462539][ C0] Buffer I/O error on dev loop0, logical block 0, async page read [ 3126.485196][ C0] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3126.496175][ C0] Buffer I/O error on dev loop0, logical block 0, async page read [ 3126.505028][ C0] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3126.515963][ C0] Buffer I/O error on dev loop0, logical block 0, async page read [ 3126.525178][T14979] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=13455,uid=0 [ 3126.551408][ C0] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3126.562482][ C0] Buffer I/O error on dev loop0, logical block 0, async page read [ 3126.571572][T14979] Memory cgroup out of memory: Killed process 13455 (syz-executor.4) total-vm:74836kB, anon-rss:4272kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 [ 3126.589582][ C0] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3126.600534][ C0] Buffer I/O error on dev loop0, logical block 0, async page read [ 3126.609209][ C0] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3126.620296][ C0] Buffer I/O error on dev loop0, logical block 0, async page read [ 3126.628935][ C0] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3126.640109][ C0] Buffer I/O error on dev loop0, logical block 0, async page read [ 3126.777659][T14998] syz-executor.5 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 3126.813666][T14998] CPU: 0 PID: 14998 Comm: syz-executor.5 Not tainted 5.6.0-rc1-syzkaller #0 [ 3126.822491][T14998] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3126.832609][T14998] Call Trace: [ 3126.835937][T14998] dump_stack+0x11d/0x181 [ 3126.840593][T14998] dump_header+0xaa/0x39c [ 3126.844976][T14998] oom_kill_process.cold+0x10/0x15 [ 3126.850113][T14998] out_of_memory+0x231/0xa60 [ 3126.854742][T14998] mem_cgroup_out_of_memory+0x128/0x150 [ 3126.860324][T14998] try_charge+0xb6c/0xbf0 [ 3126.864724][T14998] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3126.871003][T14998] __memcg_kmem_charge_memcg+0x4a/0xe0 [ 3126.876500][T14998] __memcg_kmem_charge+0xcf/0x1b0 [ 3126.881556][T14998] __alloc_pages_nodemask+0x26c/0x310 [ 3126.886960][T14998] alloc_pages_current+0xd1/0x170 [ 3126.892013][T14998] pte_alloc_one+0x18/0x50 [ 3126.896482][T14998] __pte_alloc+0x2d/0x220 [ 3126.900897][T14998] copy_page_range+0x13a2/0x1a00 [ 3126.905896][T14998] ? __vma_link_rb+0x3f4/0x440 [ 3126.910691][T14998] dup_mm+0x74a/0xba0 [ 3126.914731][T14998] copy_process+0x39d7/0x3b40 [ 3126.919634][T14998] _do_fork+0xfe/0x7a0 [ 3126.923766][T14998] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3126.930042][T14998] ? ktime_get_ts64+0x286/0x2c0 [ 3126.934922][T14998] __x64_sys_clone+0x130/0x170 [ 3126.939739][T14998] do_syscall_64+0xcc/0x3a0 [ 3126.944273][T14998] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 3126.950175][T14998] RIP: 0033:0x45c449 [ 3126.954083][T14998] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3126.973705][T14998] RSP: 002b:00007ff5fc42cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 3126.982197][T14998] RAX: ffffffffffffffda RBX: 00007ff5fc42d6d4 RCX: 000000000045c449 [ 3126.990287][T14998] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 3126.998361][T14998] RBP: 000000000076bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 3127.006447][T14998] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 3127.014432][T14998] R13: 0000000000000074 R14: 00000000004c2ce6 R15: 000000000076bf2c 05:59:52 executing program 4: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r5 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000040), 0x0) r6 = accept$alg(r5, 0x0, 0x0) r7 = dup(r6) recvmsg$can_raw(r7, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r7, 0xae47, 0x0) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) r10 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r11, 0xae60) ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x0) r12 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r12, 0x117, 0x1, &(0x7f0000000040), 0x0) 05:59:52 executing program 1: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) accept$alg(r0, 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) 05:59:52 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x1b8, 0x0) [ 3127.033498][T14998] memory: usage 307200kB, limit 307200kB, failcnt 1567 [ 3127.040398][T14998] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3127.080874][T14998] Memory cgroup stats for /syz5: [ 3127.081083][T14998] anon 269746176 [ 3127.081083][T14998] file 81920 [ 3127.081083][T14998] kernel_stack 3833856 [ 3127.081083][T14998] slab 10547200 [ 3127.081083][T14998] sock 8192 [ 3127.081083][T14998] shmem 40960 [ 3127.081083][T14998] file_mapped 0 [ 3127.081083][T14998] file_dirty 0 [ 3127.081083][T14998] file_writeback 0 [ 3127.081083][T14998] anon_thp 234881024 [ 3127.081083][T14998] inactive_anon 32768 [ 3127.081083][T14998] active_anon 269787136 [ 3127.081083][T14998] inactive_file 0 [ 3127.081083][T14998] active_file 40960 [ 3127.081083][T14998] unevictable 0 [ 3127.081083][T14998] slab_reclaimable 2162688 [ 3127.081083][T14998] slab_unreclaimable 8384512 [ 3127.081083][T14998] pgfault 304392 [ 3127.081083][T14998] pgmajfault 0 [ 3127.081083][T14998] workingset_refault 264 [ 3127.081083][T14998] workingset_activate 99 [ 3127.081083][T14998] workingset_nodereclaim 0 [ 3127.081083][T14998] pgrefill 3365 [ 3127.081083][T14998] pgscan 15139 [ 3127.081083][T14998] pgsteal 659 [ 3127.370409][T14998] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=5561,uid=0 [ 3127.410036][T14998] Memory cgroup out of memory: Killed process 5561 (syz-executor.5) total-vm:74704kB, anon-rss:2212kB, file-rss:35824kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 [ 3127.462664][T15073] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 3127.493320][T15073] CPU: 0 PID: 15073 Comm: syz-executor.1 Not tainted 5.6.0-rc1-syzkaller #0 [ 3127.502034][T15073] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3127.512391][T15073] Call Trace: [ 3127.515763][T15073] dump_stack+0x11d/0x181 [ 3127.520155][T15073] dump_header+0xaa/0x39c [ 3127.524516][T15073] oom_kill_process.cold+0x10/0x15 [ 3127.529658][T15073] out_of_memory+0x231/0xa60 [ 3127.534377][T15073] mem_cgroup_out_of_memory+0x128/0x150 [ 3127.539973][T15073] try_charge+0xb6c/0xbf0 [ 3127.544335][T15073] mem_cgroup_try_charge+0xd2/0x260 [ 3127.549623][T15073] mem_cgroup_try_charge_delay+0x3a/0x80 [ 3127.555284][T15073] wp_page_copy+0x322/0xf20 [ 3127.559858][T15073] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 3127.565683][T15073] do_wp_page+0x192/0xd20 [ 3127.575248][T15073] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 3127.581186][T15073] __handle_mm_fault+0x1d16/0x2e00 [ 3127.586439][T15073] handle_mm_fault+0x21b/0x530 [ 3127.591512][T15073] do_page_fault+0x496/0xa3d [ 3127.596135][T15073] page_fault+0x34/0x40 [ 3127.600303][T15073] RIP: 0033:0x411498 [ 3127.604215][T15073] Code: 8b 34 c6 4a 8d 04 2e 48 3d ff ff ff 7e 0f 86 77 ff ff ff bf 58 1d 4c 00 31 c0 e8 13 0a ff ff 31 ff e8 5c 06 ff ff 0f 1f 40 00 <89> 3c b5 00 00 74 00 eb b6 31 ed 0f 1f 44 00 00 80 3d ae 11 87 00 [ 3127.624645][T15073] RSP: 002b:00007ffdc74b0460 EFLAGS: 00010246 [ 3127.630850][T15073] RAX: 00000000810071b2 RBX: 000000001f644883 RCX: 0000001b33120000 [ 3127.639054][T15073] RDX: 0000000000000000 RSI: 00000000000011b2 RDI: ffffffff810071b2 [ 3127.647035][T15073] RBP: 0000000000000000 R08: 00000000810071b2 R09: 00000000810071b6 [ 3127.655022][T15073] R10: 00007ffdc74b0600 R11: 0000000000000246 R12: 000000000076bfa8 [ 3127.663012][T15073] R13: 0000000080000000 R14: 00007f86dfabc008 R15: 0000000000000000 [ 3127.671081][T15073] ? do_syscall_64+0x32/0x3a0 [ 3127.682269][T15073] memory: usage 307200kB, limit 307200kB, failcnt 2688 [ 3127.689151][T15073] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 05:59:53 executing program 5: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) 05:59:53 executing program 0: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000040), 0x0) 05:59:53 executing program 3: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r5 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000040), 0x0) r6 = accept$alg(r5, 0x0, 0x0) r7 = dup(r6) recvmsg$can_raw(r7, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r7, 0xae47, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r9, 0xae60) ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) r10 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r10, 0x117, 0x1, &(0x7f0000000040), 0x0) 05:59:53 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x1b9, 0x0) 05:59:53 executing program 4: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r5 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000040), 0x0) r6 = accept$alg(r5, 0x0, 0x0) r7 = dup(r6) recvmsg$can_raw(r7, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r7, 0xae47, 0x0) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) r10 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r11, 0xae60) ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x0) r12 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r12, 0x117, 0x1, &(0x7f0000000040), 0x0) [ 3127.741132][T15073] Memory cgroup stats for /syz1: [ 3127.741347][T15073] anon 277422080 [ 3127.741347][T15073] file 45056 [ 3127.741347][T15073] kernel_stack 3354624 [ 3127.741347][T15073] slab 7802880 [ 3127.741347][T15073] sock 12288 [ 3127.741347][T15073] shmem 28672 [ 3127.741347][T15073] file_mapped 135168 [ 3127.741347][T15073] file_dirty 0 [ 3127.741347][T15073] file_writeback 0 [ 3127.741347][T15073] anon_thp 247463936 [ 3127.741347][T15073] inactive_anon 139264 [ 3127.741347][T15073] active_anon 277422080 [ 3127.741347][T15073] inactive_file 32768 [ 3127.741347][T15073] active_file 0 [ 3127.741347][T15073] unevictable 8192 [ 3127.741347][T15073] slab_reclaimable 1622016 [ 3127.741347][T15073] slab_unreclaimable 6180864 [ 3127.741347][T15073] pgfault 336501 [ 3127.741347][T15073] pgmajfault 0 [ 3127.741347][T15073] workingset_refault 198 [ 3127.741347][T15073] workingset_activate 33 [ 3127.741347][T15073] workingset_nodereclaim 0 [ 3127.741347][T15073] pgrefill 1492 [ 3127.741347][T15073] pgscan 6760 [ 3127.741347][T15073] pgsteal 5763 [ 3127.965962][T15073] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=16571,uid=0 [ 3128.006117][T15073] Memory cgroup out of memory: Killed process 16571 (syz-executor.1) total-vm:74704kB, anon-rss:4260kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:124kB oom_score_adj:1000 05:59:53 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x1ba, 0x0) 05:59:53 executing program 0: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000040), 0x0) 05:59:53 executing program 5: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) socket$alg(0x26, 0x5, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) 05:59:53 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x1bb, 0x0) 05:59:53 executing program 1: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$hfsplus(&(0x7f00000004c0)='hfsplus\x00', &(0x7f0000000500)='./bus\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000940)={[{@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) 05:59:53 executing program 5: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) socket$alg(0x26, 0x5, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) [ 3128.617823][T15116] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 05:59:53 executing program 3: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r5 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000040), 0x0) r6 = accept$alg(r5, 0x0, 0x0) r7 = dup(r6) recvmsg$can_raw(r7, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r7, 0xae47, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r9, 0xae60) ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) r10 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r10, 0x117, 0x1, &(0x7f0000000040), 0x0) [ 3128.789490][T15116] CPU: 0 PID: 15116 Comm: syz-executor.0 Not tainted 5.6.0-rc1-syzkaller #0 [ 3128.798309][T15116] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3128.808442][T15116] Call Trace: [ 3128.811748][T15116] dump_stack+0x11d/0x181 [ 3128.816098][T15116] dump_header+0xaa/0x39c [ 3128.820454][T15116] oom_kill_process.cold+0x10/0x15 [ 3128.825592][T15116] out_of_memory+0x231/0xa60 [ 3128.830198][T15116] ? __rcu_read_unlock+0x66/0x2f0 [ 3128.835259][T15116] mem_cgroup_out_of_memory+0x128/0x150 [ 3128.840924][T15116] try_charge+0xb6c/0xbf0 [ 3128.845326][T15116] mem_cgroup_try_charge+0xd2/0x260 [ 3128.850555][T15116] mem_cgroup_try_charge_delay+0x3a/0x80 [ 3128.856331][T15116] wp_page_copy+0x322/0xf20 [ 3128.860865][T15116] ? __read_once_size+0x41/0xe0 [ 3128.865847][T15116] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 3128.871770][T15116] do_wp_page+0x192/0xd20 [ 3128.876152][T15116] __handle_mm_fault+0x1d16/0x2e00 [ 3128.881363][T15116] handle_mm_fault+0x21b/0x530 [ 3128.886251][T15116] do_page_fault+0x496/0xa3d [ 3128.891015][T15116] page_fault+0x34/0x40 [ 3128.895189][T15116] RIP: 0033:0x433526 [ 3128.899141][T15116] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 06 72 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 1c 3c 85 00 85 c0 0f 84 [ 3128.918755][T15116] RSP: 002b:00007ffde03e8d00 EFLAGS: 00010206 [ 3128.924848][T15116] RAX: 0000000000020491 RBX: 0000000000720640 RCX: 0000000000000121 05:59:54 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040)='nl80211\x00') sendmsg$NL80211_CMD_GET_INTERFACE(r0, &(0x7f0000000900)={0x0, 0x0, &(0x7f00000008c0)={&(0x7f0000000080)={0x14, r1, 0xb0343aabd1184b87}, 0x14}}, 0x0) 05:59:54 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x1bc, 0x0) [ 3128.933012][T15116] RDX: 00000000019d3a50 RSI: 00000000019d3b70 RDI: 0000000000000000 [ 3128.941074][T15116] RBP: 0000000000000121 R08: ffffffffffffffff R09: 0000000000000000 [ 3128.949230][T15116] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000720698 [ 3128.957367][T15116] R13: 0000000000720698 R14: 0000000000000001 R15: 0000000000002710 [ 3129.070930][T15116] memory: usage 307200kB, limit 307200kB, failcnt 1909 [ 3129.087140][T15116] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3129.127285][T15116] Memory cgroup stats for /syz0: [ 3129.127508][T15116] anon 221671424 [ 3129.127508][T15116] file 47108096 [ 3129.127508][T15116] kernel_stack 4055040 [ 3129.127508][T15116] slab 9469952 [ 3129.127508][T15116] sock 0 [ 3129.127508][T15116] shmem 46977024 [ 3129.127508][T15116] file_mapped 0 [ 3129.127508][T15116] file_dirty 0 [ 3129.127508][T15116] file_writeback 0 [ 3129.127508][T15116] anon_thp 186646528 [ 3129.127508][T15116] inactive_anon 0 [ 3129.127508][T15116] active_anon 268697600 05:59:54 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040)='nl80211\x00') sendmsg$NL80211_CMD_GET_INTERFACE(r0, &(0x7f0000000900)={0x0, 0x0, &(0x7f00000008c0)={&(0x7f0000000080)={0x14, r1, 0xb0343aabd1184b87}, 0x14}}, 0x0) [ 3129.127508][T15116] inactive_file 0 [ 3129.127508][T15116] active_file 57344 [ 3129.127508][T15116] unevictable 0 [ 3129.127508][T15116] slab_reclaimable 1486848 [ 3129.127508][T15116] slab_unreclaimable 7983104 [ 3129.127508][T15116] pgfault 345675 [ 3129.127508][T15116] pgmajfault 0 [ 3129.127508][T15116] workingset_refault 264 [ 3129.127508][T15116] workingset_activate 132 [ 3129.127508][T15116] workingset_nodereclaim 0 [ 3129.127508][T15116] pgrefill 1406 [ 3129.127508][T15116] pgscan 1650 [ 3129.127508][T15116] pgsteal 690 05:59:54 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x1bd, 0x0) [ 3130.100962][T15116] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=10634,uid=0 [ 3130.130966][T15116] Memory cgroup out of memory: Killed process 10634 (syz-executor.0) total-vm:74704kB, anon-rss:2212kB, file-rss:35796kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 [ 3130.175151][T15122] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3130.228832][T15122] CPU: 1 PID: 15122 Comm: syz-executor.0 Not tainted 5.6.0-rc1-syzkaller #0 [ 3130.237638][T15122] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3130.247732][T15122] Call Trace: [ 3130.251146][T15122] dump_stack+0x11d/0x181 [ 3130.255546][T15122] dump_header+0xaa/0x39c [ 3130.260005][T15122] oom_kill_process.cold+0x10/0x15 [ 3130.265131][T15122] out_of_memory+0x231/0xa60 [ 3130.269784][T15122] mem_cgroup_out_of_memory+0x128/0x150 [ 3130.275463][T15122] try_charge+0x800/0xbf0 [ 3130.279835][T15122] mem_cgroup_try_charge+0xd2/0x260 [ 3130.285080][T15122] mem_cgroup_try_charge_delay+0x3a/0x80 [ 3130.290749][T15122] wp_page_copy+0x322/0xf20 [ 3130.295329][T15122] ? __read_once_size+0x41/0xe0 [ 3130.300284][T15122] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 3130.306199][T15122] do_wp_page+0x192/0xd20 [ 3130.310613][T15122] __handle_mm_fault+0x1d16/0x2e00 [ 3130.315833][T15122] handle_mm_fault+0x21b/0x530 [ 3130.320659][T15122] do_page_fault+0x496/0xa3d [ 3130.325281][T15122] page_fault+0x34/0x40 [ 3130.329452][T15122] RIP: 0033:0x403f80 [ 3130.333451][T15122] Code: 80 3d fb e6 87 00 00 c6 85 84 00 00 00 00 74 0f 8b 05 e8 e6 87 00 39 45 24 0f 84 46 02 00 00 44 8b a5 80 00 00 00 48 8b 5d 78 fb e6 ff ff 48 2b 05 84 40 34 00 8b 75 00 4c 89 f1 45 89 e1 49 [ 3130.353279][T15122] RSP: 002b:00007fc022a63c90 EFLAGS: 00010246 [ 3130.359352][T15122] RAX: 00007fc024a65000 RBX: 000000000000766f RCX: 0000000000000000 [ 3130.367346][T15122] RDX: 000000000003ffff RSI: 0000000000403ecc RDI: 0000000000000000 [ 3130.375412][T15122] RBP: 000000000076bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 3130.383387][T15122] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3130.391364][T15122] R13: 0000000000000074 R14: 00000000004c2ce6 R15: 000000000076bf2c [ 3130.410141][T15122] memory: usage 305032kB, limit 307200kB, failcnt 1909 [ 3130.417468][T15122] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3130.427684][T15122] Memory cgroup stats for /syz0: [ 3130.427947][T15122] anon 219574272 [ 3130.427947][T15122] file 47108096 [ 3130.427947][T15122] kernel_stack 4055040 [ 3130.427947][T15122] slab 9469952 [ 3130.427947][T15122] sock 0 [ 3130.427947][T15122] shmem 46977024 [ 3130.427947][T15122] file_mapped 0 [ 3130.427947][T15122] file_dirty 0 [ 3130.427947][T15122] file_writeback 0 [ 3130.427947][T15122] anon_thp 184549376 [ 3130.427947][T15122] inactive_anon 0 [ 3130.427947][T15122] active_anon 266600448 [ 3130.427947][T15122] inactive_file 0 [ 3130.427947][T15122] active_file 57344 [ 3130.427947][T15122] unevictable 0 [ 3130.427947][T15122] slab_reclaimable 1486848 [ 3130.427947][T15122] slab_unreclaimable 7983104 [ 3130.427947][T15122] pgfault 345675 [ 3130.427947][T15122] pgmajfault 0 [ 3130.427947][T15122] workingset_refault 264 [ 3130.427947][T15122] workingset_activate 132 [ 3130.427947][T15122] workingset_nodereclaim 0 [ 3130.427947][T15122] pgrefill 1406 [ 3130.427947][T15122] pgscan 1650 [ 3130.427947][T15122] pgsteal 690 [ 3130.526731][T15122] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=10589,uid=0 [ 3130.545279][T15122] Memory cgroup out of memory: Killed process 10589 (syz-executor.0) total-vm:74836kB, anon-rss:2220kB, file-rss:35788kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 [ 3130.591824][T15127] syz-executor.0 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 3130.630303][T15127] CPU: 1 PID: 15127 Comm: syz-executor.0 Not tainted 5.6.0-rc1-syzkaller #0 [ 3130.639028][T15127] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3130.649087][T15127] Call Trace: [ 3130.652540][T15127] dump_stack+0x11d/0x181 [ 3130.656890][T15127] dump_header+0xaa/0x39c [ 3130.661240][T15127] oom_kill_process.cold+0x10/0x15 [ 3130.666372][T15127] out_of_memory+0x231/0xa60 [ 3130.670992][T15127] mem_cgroup_out_of_memory+0x128/0x150 [ 3130.676569][T15127] try_charge+0x800/0xbf0 [ 3130.681001][T15127] __memcg_kmem_charge_memcg+0x4a/0xe0 [ 3130.686539][T15127] __memcg_kmem_charge+0xcf/0x1b0 [ 3130.691592][T15127] __alloc_pages_nodemask+0x26c/0x310 [ 3130.696993][T15127] alloc_pages_current+0xd1/0x170 [ 3130.702873][T15127] pte_alloc_one+0x18/0x50 [ 3130.707338][T15127] __handle_mm_fault+0x2be6/0x2e00 [ 3130.712499][T15127] handle_mm_fault+0x21b/0x530 [ 3130.717310][T15127] do_page_fault+0x496/0xa3d [ 3130.722039][T15127] page_fault+0x34/0x40 [ 3130.726236][T15127] RIP: 0033:0x45c449 [ 3130.730143][T15127] Code: Bad RIP value. [ 3130.734211][T15127] RSP: 002b:00007fc022a63c78 EFLAGS: 00010246 [ 3130.740277][T15127] RAX: 0000000000000000 RBX: 00007fc022a646d4 RCX: 000000000045c449 [ 3130.748357][T15127] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 3130.756388][T15127] RBP: 000000000076bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 3130.764893][T15127] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 3130.773007][T15127] R13: 0000000000000074 R14: 00000000004c2ce6 R15: 000000000076bf2c [ 3130.786061][T15127] memory: usage 304880kB, limit 307200kB, failcnt 1909 [ 3130.793068][T15127] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3130.800098][T15127] Memory cgroup stats for /syz0: [ 3130.800363][T15127] anon 219475968 [ 3130.800363][T15127] file 47108096 [ 3130.800363][T15127] kernel_stack 4055040 [ 3130.800363][T15127] slab 9469952 [ 3130.800363][T15127] sock 0 [ 3130.800363][T15127] shmem 46977024 [ 3130.800363][T15127] file_mapped 0 [ 3130.800363][T15127] file_dirty 0 [ 3130.800363][T15127] file_writeback 0 [ 3130.800363][T15127] anon_thp 184549376 [ 3130.800363][T15127] inactive_anon 0 [ 3130.800363][T15127] active_anon 266502144 [ 3130.800363][T15127] inactive_file 0 [ 3130.800363][T15127] active_file 57344 [ 3130.800363][T15127] unevictable 0 [ 3130.800363][T15127] slab_reclaimable 1486848 [ 3130.800363][T15127] slab_unreclaimable 7983104 [ 3130.800363][T15127] pgfault 345675 [ 3130.800363][T15127] pgmajfault 0 [ 3130.800363][T15127] workingset_refault 264 [ 3130.800363][T15127] workingset_activate 132 [ 3130.800363][T15127] workingset_nodereclaim 0 [ 3130.800363][T15127] pgrefill 1406 [ 3130.800363][T15127] pgscan 1650 [ 3130.800363][T15127] pgsteal 690 [ 3130.897818][T15127] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=7306,uid=0 [ 3130.913666][T15127] Memory cgroup out of memory: Killed process 7306 (syz-executor.0) total-vm:74704kB, anon-rss:2212kB, file-rss:35792kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 [ 3130.935266][ T1078] oom_reaper: reaped process 7306 (syz-executor.0), now anon-rss:0kB, file-rss:34832kB, shmem-rss:0kB [ 3130.947408][T15133] syz-executor.5 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 3130.961011][T15133] CPU: 1 PID: 15133 Comm: syz-executor.5 Not tainted 5.6.0-rc1-syzkaller #0 [ 3130.969699][T15133] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3130.982880][T15133] Call Trace: [ 3130.986240][T15133] dump_stack+0x11d/0x181 [ 3130.990612][T15133] dump_header+0xaa/0x39c [ 3130.994967][T15133] oom_kill_process.cold+0x10/0x15 [ 3131.000105][T15133] out_of_memory+0x231/0xa60 [ 3131.004719][T15133] mem_cgroup_out_of_memory+0x128/0x150 [ 3131.010394][T15133] try_charge+0xb6c/0xbf0 [ 3131.014747][T15133] ? kernel_init_free_pages+0x7b/0xb0 [ 3131.020157][T15133] __memcg_kmem_charge_memcg+0x4a/0xe0 [ 3131.025786][T15133] __memcg_kmem_charge+0xcf/0x1b0 [ 3131.030855][T15133] __alloc_pages_nodemask+0x26c/0x310 [ 3131.036278][T15133] alloc_pages_current+0xd1/0x170 [ 3131.041318][T15133] get_zeroed_page+0x14/0x50 [ 3131.045920][T15133] __pud_alloc+0x48/0x250 [ 3131.050413][T15133] ? __anon_vma_interval_tree_augment_rotate+0xfd/0x110 [ 3131.057559][T15133] pud_alloc+0xc3/0x100 [ 3131.061753][T15133] copy_page_range+0x270/0x1a00 [ 3131.066617][T15133] ? __list_add_valid+0x62/0x80 [ 3131.071584][T15133] ? __write_once_size.constprop.0+0x20/0x20 [ 3131.077623][T15133] ? __rb_rotate_set_parents+0x9a/0xf0 [ 3131.083106][T15133] ? __rb_insert_augmented+0x11a/0x370 [ 3131.088576][T15133] ? vm_get_page_prot+0x90/0x90 [ 3131.093572][T15133] dup_mm+0x74a/0xba0 [ 3131.097594][T15133] copy_process+0x39d7/0x3b40 [ 3131.102308][T15133] _do_fork+0xfe/0x7a0 [ 3131.106399][T15133] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3131.112657][T15133] ? ktime_get_ts64+0x286/0x2c0 [ 3131.117540][T15133] __x64_sys_clone+0x130/0x170 [ 3131.122349][T15133] do_syscall_64+0xcc/0x3a0 [ 3131.126880][T15133] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 3131.132777][T15133] RIP: 0033:0x45c449 [ 3131.136686][T15133] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3131.156440][T15133] RSP: 002b:00007ff5fc42cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 3131.164861][T15133] RAX: ffffffffffffffda RBX: 00007ff5fc42d6d4 RCX: 000000000045c449 [ 3131.172885][T15133] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 3131.180982][T15133] RBP: 000000000076bf20 R08: ffffffffffffffff R09: 0000000000000000 05:59:56 executing program 4: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r5 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000040), 0x0) r6 = accept$alg(r5, 0x0, 0x0) r7 = dup(r6) recvmsg$can_raw(r7, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r7, 0xae47, 0x0) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) r10 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r11, 0xae60) ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x0) r12 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r12, 0x117, 0x1, &(0x7f0000000040), 0x0) 05:59:56 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040)='nl80211\x00') sendmsg$NL80211_CMD_GET_INTERFACE(r0, &(0x7f0000000900)={0x0, 0x0, &(0x7f00000008c0)={&(0x7f0000000080)={0x14, r1, 0xb0343aabd1184b87}, 0x14}}, 0x0) 05:59:56 executing program 3: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r5 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000040), 0x0) r6 = accept$alg(r5, 0x0, 0x0) r7 = dup(r6) recvmsg$can_raw(r7, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r7, 0xae47, 0x0) r8 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r8, 0xae60) ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0) r9 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r10, 0xae60) ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x0) r11 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r11, 0x117, 0x1, &(0x7f0000000040), 0x0) 05:59:56 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x1be, 0x0) 05:59:56 executing program 0: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000040), 0x0) [ 3131.188963][T15133] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 3131.196952][T15133] R13: 0000000000000074 R14: 00000000004c2ce6 R15: 000000000076bf2c [ 3131.387950][ C0] print_req_error: 112 callbacks suppressed [ 3131.387970][ C0] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3131.405001][ C0] buffer_io_error: 112 callbacks suppressed [ 3131.405012][ C0] Buffer I/O error on dev loop0, logical block 0, async page read [ 3131.421125][ C1] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 05:59:56 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x1bf, 0x0) [ 3131.432051][ C1] Buffer I/O error on dev loop0, logical block 0, async page read [ 3131.451230][T15133] memory: usage 307196kB, limit 307200kB, failcnt 1592 [ 3131.463845][T15133] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3131.482417][ C1] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3131.493422][ C1] Buffer I/O error on dev loop0, logical block 0, async page read [ 3131.496433][T15133] Memory cgroup stats for /syz5: [ 3131.496577][T15133] anon 270041088 [ 3131.496577][T15133] file 81920 [ 3131.496577][T15133] kernel_stack 3870720 [ 3131.496577][T15133] slab 10493952 [ 3131.496577][T15133] sock 8192 [ 3131.496577][T15133] shmem 40960 [ 3131.496577][T15133] file_mapped 0 [ 3131.496577][T15133] file_dirty 0 [ 3131.496577][T15133] file_writeback 0 [ 3131.496577][T15133] anon_thp 234881024 [ 3131.496577][T15133] inactive_anon 32768 [ 3131.496577][T15133] active_anon 270057472 [ 3131.496577][T15133] inactive_file 0 [ 3131.496577][T15133] active_file 40960 [ 3131.496577][T15133] unevictable 0 [ 3131.496577][T15133] slab_reclaimable 2162688 [ 3131.496577][T15133] slab_unreclaimable 8331264 [ 3131.496577][T15133] pgfault 304656 [ 3131.496577][T15133] pgmajfault 0 [ 3131.496577][T15133] workingset_refault 264 [ 3131.496577][T15133] workingset_activate 99 [ 3131.496577][T15133] workingset_nodereclaim 0 [ 3131.496577][T15133] pgrefill 3398 [ 3131.496577][T15133] pgscan 15307 [ 3131.496577][T15133] pgsteal 659 [ 3131.534087][ C1] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3131.608035][ C1] Buffer I/O error on dev loop0, logical block 0, async page read [ 3131.617457][ C1] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3131.628373][ C1] Buffer I/O error on dev loop0, logical block 0, async page read [ 3131.726420][ C1] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3131.737342][ C1] Buffer I/O error on dev loop0, logical block 0, async page read [ 3131.770762][ C1] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3131.781713][ C1] Buffer I/O error on dev loop0, logical block 0, async page read [ 3131.804582][ C1] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3131.815755][ C1] Buffer I/O error on dev loop0, logical block 0, async page read [ 3131.861122][ C1] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3131.872127][ C1] Buffer I/O error on dev loop0, logical block 0, async page read [ 3131.929376][ C1] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3131.940340][ C1] Buffer I/O error on dev loop0, logical block 0, async page read [ 3131.970971][T15133] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=4393,uid=0 [ 3132.030018][T15133] Memory cgroup out of memory: Killed process 4393 (syz-executor.5) total-vm:74704kB, anon-rss:2212kB, file-rss:35824kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 05:59:57 executing program 5: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) socket$alg(0x26, 0x5, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) 05:59:57 executing program 4: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000000)={0x1, {{0xa, 0x0, 0x0, @mcast2}}, {{0xa, 0x0, 0x0, @ipv4={[], [], @multicast2}}}}, 0x124) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000640)=""/148, 0x94}], 0x100000000000026e, 0x0) pipe2(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}, 0x82800) ioctl$DRM_IOCTL_ADD_MAP(r1, 0xc0286415, &(0x7f0000000180)={&(0x7f0000ffb000/0x4000)=nil, 0x5, 0x1, 0x8, &(0x7f0000ffc000/0x3000)=nil, 0x8001}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000040)='net/mcfilter6\x00') preadv(r2, &(0x7f0000000100), 0x130, 0x6c00) 05:59:57 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040)='nl80211\x00') sendmsg$NL80211_CMD_GET_INTERFACE(r0, &(0x7f0000000900)={0x0, 0x0, &(0x7f00000008c0)={&(0x7f0000000080)={0x14, r1, 0xb0343aabd1184b87}, 0x14}}, 0x0) 05:59:57 executing program 0: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000040), 0x0) 05:59:57 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x1c0, 0x0) 05:59:57 executing program 3: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r5 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000040), 0x0) r6 = accept$alg(r5, 0x0, 0x0) r7 = dup(r6) recvmsg$can_raw(r7, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r7, 0xae47, 0x0) r8 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r8, 0xae60) ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0) r9 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r10, 0xae60) ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x0) r11 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r11, 0x117, 0x1, &(0x7f0000000040), 0x0) 05:59:57 executing program 4: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000000)={0x1, {{0xa, 0x0, 0x0, @mcast2}}, {{0xa, 0x0, 0x0, @ipv4={[], [], @multicast2}}}}, 0x124) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000640)=""/148, 0x94}], 0x100000000000026e, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/mcfilter6\x00') preadv(r1, &(0x7f0000000100), 0x12b, 0x6c00) 05:59:57 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_GET_INTERFACE(r0, &(0x7f0000000900)={0x0, 0x0, &(0x7f00000008c0)={&(0x7f0000000080)={0x14, 0x0, 0xb0343aabd1184b87}, 0x14}}, 0x0) 05:59:57 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x1c1, 0x0) 05:59:57 executing program 0: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000040), 0x0) 05:59:57 executing program 4: r0 = gettid() r1 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0xe7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x5, 0x3, &(0x7f0000000400)=ANY=[@ANYBLOB="850000000f00000025000000000000009500000000000000c7905faaaca74ae5bd71f5b27df7b091c97554bb007c101e46008000000000075900001943449fc1dcf86e0000b1b5af027400005822e8f98b234077445b2fef3efdd4547d08d3f4215a73e8d9ffcd33b84c22d397a1ac6d36fc1107b9cf2a89a797cd5c578f0900000000000000000000000000009b28a2bbd93c5d476ecc2fcb8e6ce945292938585e0e39650a079283bfa7f761657eb5bc5a049d3690f62392c0595f75ec87fbebe6686a9f77e3950e17868405c1980de93ac341f44a0436900c6c3bce7f6d0da0ffe994f5ddb56b9fbf24de6967111c9ab6d884a965346b1eb306eb47f2458f769d5b2577aa5a89f4c0af61872c7c1ab888231656a91f812636fa6e9f419d6d930c39cc6f066ec28f401606e5b580c9912ee67ef16b6b25b3dd37169e80ac9e9001bcedf8eb2453d79c4de4af90ea379f6d6e1be522a3a1284f267d4929ae24887d7d887aeb6b1ee9547419b34774acfdb7cae7bcb5363c083155a84c5843811fbaed03ad16c08de687d6956ea1951989753cd798115c543ffc88b2e9d0823727e2f5f125d1bda009ce43e1643976e7f0a59c17733dbdf7afb5fe20ecf2114a9b1c4eb2153308b860e08d3d6f159460bff88cf5b1ec9bff6e0be62ec1508e860c7500c7823422"], &(0x7f0000000000)='GPL\x00', 0x5, 0x252, &(0x7f000000cf3d)=""/195}, 0x48) ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r2) ioctl$TUNATTACHFILTER(0xffffffffffffffff, 0x400854d5, &(0x7f0000000140)={0x34, &(0x7f0000000200)}) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000340)={r0, r1, 0x0, 0x0, 0x0}, 0x30) ioctl$PERF_EVENT_IOC_QUERY_BPF(r3, 0xc008240a, &(0x7f0000000140)=ANY=[]) 05:59:57 executing program 5: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) 05:59:57 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_GET_INTERFACE(r0, &(0x7f0000000900)={0x0, 0x0, &(0x7f00000008c0)={&(0x7f0000000080)={0x14, 0x0, 0xb0343aabd1184b87}, 0x14}}, 0x0) 05:59:58 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x1c2, 0x0) [ 3132.795713][T15251] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3132.852856][T15251] CPU: 0 PID: 15251 Comm: syz-executor.0 Not tainted 5.6.0-rc1-syzkaller #0 [ 3132.861645][T15251] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3132.871729][T15251] Call Trace: [ 3132.875088][T15251] dump_stack+0x11d/0x181 [ 3132.879433][T15251] dump_header+0xaa/0x39c [ 3132.883873][T15251] oom_kill_process.cold+0x10/0x15 [ 3132.889003][T15251] out_of_memory+0x231/0xa60 [ 3132.893722][T15251] ? __rcu_read_unlock+0x66/0x2f0 [ 3132.898782][T15251] mem_cgroup_out_of_memory+0x128/0x150 [ 3132.904411][T15251] try_charge+0xb6c/0xbf0 [ 3132.908839][T15251] mem_cgroup_try_charge+0xd2/0x260 [ 3132.914212][T15251] mem_cgroup_try_charge_delay+0x3a/0x80 [ 3132.919869][T15251] __handle_mm_fault+0x197f/0x2e00 [ 3132.925017][T15251] handle_mm_fault+0x21b/0x530 [ 3132.929791][T15251] do_page_fault+0x496/0xa3d [ 3132.934505][T15251] page_fault+0x34/0x40 [ 3132.938665][T15251] RIP: 0033:0x413c3f [ 3132.942618][T15251] Code: 0f 84 c8 02 00 00 48 83 bd 78 ff ff ff 00 0f 84 f9 04 00 00 48 8b 95 68 ff ff ff 44 89 95 38 ff ff ff 4c 8d ac 10 00 f7 ff ff <49> 89 85 90 06 00 00 49 8d 85 10 03 00 00 49 89 95 98 06 00 00 41 [ 3132.962319][T15251] RSP: 002b:00007ffde03e8e20 EFLAGS: 00010206 [ 3132.968445][T15251] RAX: 00007fc022a23000 RBX: 0000000000020000 RCX: 000000000045c49a [ 3132.976418][T15251] RDX: 0000000000021000 RSI: 0000000000021000 RDI: 0000000000000000 [ 3132.984400][T15251] RBP: 00007ffde03e8f00 R08: ffffffffffffffff R09: 0000000000000000 [ 3132.992457][T15251] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffde03e8ff0 [ 3133.000444][T15251] R13: 00007fc022a43700 R14: 0000000000000001 R15: 000000000076bfcc 05:59:58 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_GET_INTERFACE(r0, &(0x7f0000000900)={0x0, 0x0, &(0x7f00000008c0)={&(0x7f0000000080)={0x14, 0x0, 0xb0343aabd1184b87}, 0x14}}, 0x0) [ 3133.170981][T15251] memory: usage 307200kB, limit 307200kB, failcnt 1951 [ 3133.199802][T15251] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3133.225855][T15251] Memory cgroup stats for /syz0: [ 3133.226062][T15251] anon 221757440 [ 3133.226062][T15251] file 47108096 [ 3133.226062][T15251] kernel_stack 4091904 [ 3133.226062][T15251] slab 9605120 [ 3133.226062][T15251] sock 0 [ 3133.226062][T15251] shmem 46977024 [ 3133.226062][T15251] file_mapped 0 [ 3133.226062][T15251] file_dirty 0 [ 3133.226062][T15251] file_writeback 0 [ 3133.226062][T15251] anon_thp 186646528 [ 3133.226062][T15251] inactive_anon 0 [ 3133.226062][T15251] active_anon 268705792 [ 3133.226062][T15251] inactive_file 0 [ 3133.226062][T15251] active_file 57344 [ 3133.226062][T15251] unevictable 0 [ 3133.226062][T15251] slab_reclaimable 1486848 [ 3133.226062][T15251] slab_unreclaimable 8118272 [ 3133.226062][T15251] pgfault 345972 [ 3133.226062][T15251] pgmajfault 0 [ 3133.226062][T15251] workingset_refault 264 [ 3133.226062][T15251] workingset_activate 132 [ 3133.226062][T15251] workingset_nodereclaim 0 [ 3133.226062][T15251] pgrefill 1439 [ 3133.226062][T15251] pgscan 1650 [ 3133.226062][T15251] pgsteal 690 05:59:58 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x1c3, 0x0) 05:59:58 executing program 1: r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040)='nl80211\x00') sendmsg$NL80211_CMD_GET_INTERFACE(0xffffffffffffffff, &(0x7f0000000900)={0x0, 0x0, &(0x7f00000008c0)={&(0x7f0000000080)={0x14, r0, 0xb0343aabd1184b87}, 0x14}}, 0x0) [ 3133.335815][T15251] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=19548,uid=0 05:59:58 executing program 3: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r5 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000040), 0x0) r6 = accept$alg(r5, 0x0, 0x0) r7 = dup(r6) recvmsg$can_raw(r7, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r7, 0xae47, 0x0) r8 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r8, 0xae60) ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0) r9 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r10, 0xae60) ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x0) r11 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r11, 0x117, 0x1, &(0x7f0000000040), 0x0) 05:59:58 executing program 1: r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040)='nl80211\x00') sendmsg$NL80211_CMD_GET_INTERFACE(0xffffffffffffffff, &(0x7f0000000900)={0x0, 0x0, &(0x7f00000008c0)={&(0x7f0000000080)={0x14, r0, 0xb0343aabd1184b87}, 0x14}}, 0x0) 05:59:58 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x1c4, 0x0) 05:59:58 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$netlink(0x10, 0x3, 0x0) r5 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r4, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f00000013c0)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r6, @ANYBLOB="000200000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000003180f370223d6ad5bba646758b833df62563019031f47ece1f51fae9be85e2280eb2dade989932df70117e861db939b1d4dc672786ed2057814196c6fa660b0758b3e5194bc5335a0219e379b05aee150a693e2610c8a9dc28c6fd2dc9f327472bb4d85a7137f7f799f1914294de2712e18e67b75dfe78a0ca0e98295f02d80cf6c1e80e1034c091e877652ef3c90d78e44e2ec83bf71d7ecafb41374d3f5d2a"], 0x48}}, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005020000", @ANYRES32=r6, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000480)=@newtfilter={0x3c, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {0x0, 0xc}, {}, {0x2}}, [@filter_kind_options=@f_route={{0xa, 0x1, 'route\x00'}, {0xc, 0x2, [@TCA_ROUTE4_IIF={0x8}]}}]}, 0x3c}}, 0x0) [ 3133.640406][T15251] Memory cgroup out of memory: Killed process 19548 (syz-executor.0) total-vm:74704kB, anon-rss:2212kB, file-rss:35792kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 [ 3133.837925][T15266] syz-executor.0 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 3133.925657][T15266] CPU: 0 PID: 15266 Comm: syz-executor.0 Not tainted 5.6.0-rc1-syzkaller #0 [ 3133.934371][T15266] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3133.944622][T15266] Call Trace: [ 3133.947924][T15266] dump_stack+0x11d/0x181 [ 3133.952322][T15266] dump_header+0xaa/0x39c [ 3133.956724][T15266] oom_kill_process.cold+0x10/0x15 [ 3133.961850][T15266] out_of_memory+0x231/0xa60 [ 3133.966549][T15266] mem_cgroup_out_of_memory+0x128/0x150 [ 3133.972142][T15266] try_charge+0x800/0xbf0 [ 3133.976654][T15266] __memcg_kmem_charge_memcg+0x4a/0xe0 [ 3133.982201][T15266] __memcg_kmem_charge+0xcf/0x1b0 [ 3133.987240][T15266] __alloc_pages_nodemask+0x26c/0x310 [ 3133.992638][T15266] alloc_pages_current+0xd1/0x170 [ 3133.997683][T15266] pte_alloc_one+0x18/0x50 [ 3134.002115][T15266] __handle_mm_fault+0x2be6/0x2e00 [ 3134.007282][T15266] handle_mm_fault+0x21b/0x530 [ 3134.012070][T15266] do_page_fault+0x496/0xa3d [ 3134.016795][T15266] page_fault+0x34/0x40 [ 3134.020952][T15266] RIP: 0033:0x45c449 [ 3134.024850][T15266] Code: Bad RIP value. [ 3134.028911][T15266] RSP: 002b:00007fc022a63c78 EFLAGS: 00010246 [ 3134.034976][T15266] RAX: 0000000000000000 RBX: 00007fc022a646d4 RCX: 000000000045c449 [ 3134.042973][T15266] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 3134.050947][T15266] RBP: 000000000076bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 3134.059023][T15266] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 3134.067005][T15266] R13: 0000000000000074 R14: 00000000004c2ce6 R15: 000000000076bf2c 05:59:59 executing program 0: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000040), 0x0) 05:59:59 executing program 1: r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040)='nl80211\x00') sendmsg$NL80211_CMD_GET_INTERFACE(0xffffffffffffffff, &(0x7f0000000900)={0x0, 0x0, &(0x7f00000008c0)={&(0x7f0000000080)={0x14, r0, 0xb0343aabd1184b87}, 0x14}}, 0x0) [ 3134.160994][T15266] memory: usage 304732kB, limit 307200kB, failcnt 1951 [ 3134.180063][T15266] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3134.226194][T15266] Memory cgroup stats for /syz0: [ 3134.226462][T15266] anon 219586560 [ 3134.226462][T15266] file 47108096 [ 3134.226462][T15266] kernel_stack 4055040 [ 3134.226462][T15266] slab 9605120 [ 3134.226462][T15266] sock 0 [ 3134.226462][T15266] shmem 46977024 [ 3134.226462][T15266] file_mapped 0 [ 3134.226462][T15266] file_dirty 0 [ 3134.226462][T15266] file_writeback 0 [ 3134.226462][T15266] anon_thp 184549376 [ 3134.226462][T15266] inactive_anon 0 [ 3134.226462][T15266] active_anon 266534912 [ 3134.226462][T15266] inactive_file 0 [ 3134.226462][T15266] active_file 57344 [ 3134.226462][T15266] unevictable 0 [ 3134.226462][T15266] slab_reclaimable 1486848 [ 3134.226462][T15266] slab_unreclaimable 8118272 [ 3134.226462][T15266] pgfault 345972 [ 3134.226462][T15266] pgmajfault 0 [ 3134.226462][T15266] workingset_refault 264 [ 3134.226462][T15266] workingset_activate 132 [ 3134.226462][T15266] workingset_nodereclaim 0 [ 3134.226462][T15266] pgrefill 1439 [ 3134.226462][T15266] pgscan 1650 [ 3134.226462][T15266] pgsteal 690 [ 3134.410494][T15266] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=23804,uid=0 [ 3134.454252][T15266] Memory cgroup out of memory: Killed process 23804 (syz-executor.0) total-vm:74704kB, anon-rss:2212kB, file-rss:35792kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 [ 3134.544586][T15274] syz-executor.5 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 3134.573641][T15274] CPU: 1 PID: 15274 Comm: syz-executor.5 Not tainted 5.6.0-rc1-syzkaller #0 [ 3134.582350][T15274] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3134.593014][T15274] Call Trace: [ 3134.596315][T15274] dump_stack+0x11d/0x181 [ 3134.600764][T15274] dump_header+0xaa/0x39c [ 3134.605186][T15274] oom_kill_process.cold+0x10/0x15 [ 3134.610360][T15274] out_of_memory+0x231/0xa60 [ 3134.615010][T15274] mem_cgroup_out_of_memory+0x128/0x150 [ 3134.620909][T15274] try_charge+0xb6c/0xbf0 [ 3134.625281][T15274] __memcg_kmem_charge_memcg+0x4a/0xe0 [ 3134.630755][T15274] __memcg_kmem_charge+0xcf/0x1b0 [ 3134.635847][T15274] __alloc_pages_nodemask+0x26c/0x310 [ 3134.641270][T15274] alloc_pages_current+0xd1/0x170 [ 3134.646321][T15274] pte_alloc_one+0x18/0x50 [ 3134.650870][T15274] __handle_mm_fault+0x2be6/0x2e00 [ 3134.656033][T15274] handle_mm_fault+0x21b/0x530 [ 3134.660814][T15274] do_page_fault+0x496/0xa3d [ 3134.665426][T15274] page_fault+0x34/0x40 [ 3134.669584][T15274] RIP: 0033:0x45c449 [ 3134.673480][T15274] Code: Bad RIP value. [ 3134.677603][T15274] RSP: 002b:00007ff5fc42cc78 EFLAGS: 00010246 [ 3134.683668][T15274] RAX: 0000000000000000 RBX: 00007ff5fc42d6d4 RCX: 000000000045c449 [ 3134.691641][T15274] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 3134.699833][T15274] RBP: 000000000076bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 3134.707852][T15274] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 3134.715832][T15274] R13: 0000000000000074 R14: 00000000004c2ce6 R15: 000000000076bf2c [ 3134.757210][T15274] memory: usage 307196kB, limit 307200kB, failcnt 1630 [ 3134.773518][T15274] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3134.789365][T15274] Memory cgroup stats for /syz5: [ 3134.789576][T15274] anon 269975552 [ 3134.789576][T15274] file 81920 [ 3134.789576][T15274] kernel_stack 3870720 [ 3134.789576][T15274] slab 10321920 [ 3134.789576][T15274] sock 8192 [ 3134.789576][T15274] shmem 40960 [ 3134.789576][T15274] file_mapped 0 [ 3134.789576][T15274] file_dirty 0 [ 3134.789576][T15274] file_writeback 0 [ 3134.789576][T15274] anon_thp 234881024 [ 3134.789576][T15274] inactive_anon 32768 [ 3134.789576][T15274] active_anon 269991936 [ 3134.789576][T15274] inactive_file 0 [ 3134.789576][T15274] active_file 40960 [ 3134.789576][T15274] unevictable 0 [ 3134.789576][T15274] slab_reclaimable 2162688 [ 3134.789576][T15274] slab_unreclaimable 8159232 [ 3134.789576][T15274] pgfault 304821 [ 3134.789576][T15274] pgmajfault 0 [ 3134.789576][T15274] workingset_refault 264 [ 3134.789576][T15274] workingset_activate 99 [ 3134.789576][T15274] workingset_nodereclaim 0 [ 3134.789576][T15274] pgrefill 3398 [ 3134.789576][T15274] pgscan 15543 [ 3134.789576][T15274] pgsteal 659 [ 3134.901333][T15274] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=25261,uid=0 [ 3134.946135][T15274] Memory cgroup out of memory: Killed process 25261 (syz-executor.5) total-vm:74704kB, anon-rss:2212kB, file-rss:35824kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 [ 3134.969244][ T1078] oom_reaper: reaped process 25261 (syz-executor.5), now anon-rss:0kB, file-rss:34864kB, shmem-rss:0kB [ 3134.992308][T15261] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3135.028276][T15261] CPU: 1 PID: 15261 Comm: syz-executor.5 Not tainted 5.6.0-rc1-syzkaller #0 [ 3135.037080][T15261] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3135.047302][T15261] Call Trace: [ 3135.050747][T15261] dump_stack+0x11d/0x181 [ 3135.055188][T15261] dump_header+0xaa/0x39c [ 3135.059564][T15261] oom_kill_process.cold+0x10/0x15 [ 3135.064721][T15261] out_of_memory+0x231/0xa60 [ 3135.069389][T15261] mem_cgroup_out_of_memory+0x128/0x150 [ 3135.075109][T15261] try_charge+0x800/0xbf0 [ 3135.079483][T15261] mem_cgroup_try_charge+0xd2/0x260 [ 3135.084860][T15261] mem_cgroup_try_charge_delay+0x3a/0x80 [ 3135.090519][T15261] wp_page_copy+0x322/0xf20 [ 3135.095055][T15261] ? __read_once_size+0x41/0xe0 [ 3135.099929][T15261] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 3135.105854][T15261] do_wp_page+0x192/0xd20 [ 3135.110268][T15261] __handle_mm_fault+0x1d16/0x2e00 [ 3135.115551][T15261] handle_mm_fault+0x21b/0x530 [ 3135.120567][T15261] do_page_fault+0x496/0xa3d [ 3135.125190][T15261] page_fault+0x34/0x40 [ 3135.129350][T15261] RIP: 0033:0x411498 [ 3135.133282][T15261] Code: 8b 34 c6 4a 8d 04 2e 48 3d ff ff ff 7e 0f 86 77 ff ff ff bf 58 1d 4c 00 31 c0 e8 13 0a ff ff 31 ff e8 5c 06 ff ff 0f 1f 40 00 <89> 3c b5 00 00 74 00 eb b6 31 ed 0f 1f 44 00 00 80 3d ae 11 87 00 [ 3135.152921][T15261] RSP: 002b:00007ffdc7864c90 EFLAGS: 00010246 [ 3135.158992][T15261] RAX: 00000000c4ae6164 RBX: 000000003e57cacd RCX: 0000001b34420000 [ 3135.166973][T15261] RDX: 0000000000000000 RSI: 0000000000000164 RDI: ffffffffc4ae6164 [ 3135.174952][T15261] RBP: 000000000000000c R08: 00000000c4ae6164 R09: 00000000c4ae6168 [ 3135.183095][T15261] R10: 00007ffdc7864e30 R11: 0000000000000246 R12: 000000000076c048 [ 3135.191132][T15261] R13: 0000000080000000 R14: 00007ff5fe22e008 R15: 0000000000000011 [ 3135.202395][T15261] memory: usage 304896kB, limit 307200kB, failcnt 1630 [ 3135.209609][T15261] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3135.217848][T15261] Memory cgroup stats for /syz5: [ 3135.218003][T15261] anon 267898880 [ 3135.218003][T15261] file 81920 [ 3135.218003][T15261] kernel_stack 3870720 [ 3135.218003][T15261] slab 10321920 [ 3135.218003][T15261] sock 8192 [ 3135.218003][T15261] shmem 40960 [ 3135.218003][T15261] file_mapped 0 [ 3135.218003][T15261] file_dirty 0 [ 3135.218003][T15261] file_writeback 0 [ 3135.218003][T15261] anon_thp 232783872 [ 3135.218003][T15261] inactive_anon 32768 [ 3135.218003][T15261] active_anon 267915264 [ 3135.218003][T15261] inactive_file 0 [ 3135.218003][T15261] active_file 40960 [ 3135.218003][T15261] unevictable 0 [ 3135.218003][T15261] slab_reclaimable 2162688 [ 3135.218003][T15261] slab_unreclaimable 8159232 [ 3135.218003][T15261] pgfault 304821 [ 3135.218003][T15261] pgmajfault 0 [ 3135.218003][T15261] workingset_refault 264 [ 3135.218003][T15261] workingset_activate 99 [ 3135.218003][T15261] workingset_nodereclaim 0 [ 3135.218003][T15261] pgrefill 3398 [ 3135.218003][T15261] pgscan 15543 [ 3135.218003][T15261] pgsteal 659 [ 3135.316287][T15261] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=10171,uid=0 [ 3135.334239][T15261] Memory cgroup out of memory: Killed process 10171 (syz-executor.5) total-vm:74836kB, anon-rss:2220kB, file-rss:35812kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 [ 3135.383204][T15324] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3135.411374][T15324] CPU: 1 PID: 15324 Comm: syz-executor.0 Not tainted 5.6.0-rc1-syzkaller #0 [ 3135.420088][T15324] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3135.430145][T15324] Call Trace: [ 3135.433448][T15324] dump_stack+0x11d/0x181 [ 3135.437788][T15324] dump_header+0xaa/0x39c [ 3135.442272][T15324] oom_kill_process.cold+0x10/0x15 [ 3135.447392][T15324] out_of_memory+0x231/0xa60 [ 3135.452013][T15324] mem_cgroup_out_of_memory+0x128/0x150 [ 3135.457777][T15324] try_charge+0xb6c/0xbf0 [ 3135.462140][T15324] mem_cgroup_try_charge+0xd2/0x260 [ 3135.467368][T15324] mem_cgroup_try_charge_delay+0x3a/0x80 [ 3135.473212][T15324] wp_page_copy+0x322/0xf20 [ 3135.477875][T15324] ? __read_once_size+0x41/0xe0 [ 3135.482751][T15324] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 3135.488670][T15324] do_wp_page+0x192/0xd20 [ 3135.493047][T15324] __handle_mm_fault+0x1d16/0x2e00 [ 3135.498196][T15324] handle_mm_fault+0x21b/0x530 [ 3135.502985][T15324] do_page_fault+0x496/0xa3d [ 3135.507649][T15324] page_fault+0x34/0x40 [ 3135.511929][T15324] RIP: 0033:0x411498 [ 3135.515830][T15324] Code: 8b 34 c6 4a 8d 04 2e 48 3d ff ff ff 7e 0f 86 77 ff ff ff bf 58 1d 4c 00 31 c0 e8 13 0a ff ff 31 ff e8 5c 06 ff ff 0f 1f 40 00 <89> 3c b5 00 00 74 00 eb b6 31 ed 0f 1f 44 00 00 80 3d ae 11 87 00 [ 3135.535439][T15324] RSP: 002b:00007ffde03e8e40 EFLAGS: 00010246 [ 3135.541514][T15324] RAX: 00000000ac41b873 RBX: 00000000e1dfd00e RCX: 0000001b32f20000 [ 3135.549585][T15324] RDX: 0000000000000000 RSI: 0000000000001873 RDI: ffffffffac41b873 [ 3135.557560][T15324] RBP: 0000000000000003 R08: 00000000ac41b873 R09: 00000000ac41b877 [ 3135.565629][T15324] R10: 00007ffde03e8fe0 R11: 0000000000000246 R12: 000000000076bfa8 [ 3135.573871][T15324] R13: 0000000080000000 R14: 00007fc024a65008 R15: 0000000000000008 [ 3135.600193][T15324] memory: usage 304900kB, limit 307200kB, failcnt 1988 [ 3135.607588][T15324] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3135.617916][T15324] Memory cgroup stats for /syz0: [ 3135.618061][T15324] anon 219533312 [ 3135.618061][T15324] file 47108096 [ 3135.618061][T15324] kernel_stack 4091904 [ 3135.618061][T15324] slab 9605120 [ 3135.618061][T15324] sock 0 [ 3135.618061][T15324] shmem 46977024 [ 3135.618061][T15324] file_mapped 0 [ 3135.618061][T15324] file_dirty 0 [ 3135.618061][T15324] file_writeback 0 [ 3135.618061][T15324] anon_thp 184549376 [ 3135.618061][T15324] inactive_anon 0 [ 3135.618061][T15324] active_anon 266559488 [ 3135.618061][T15324] inactive_file 0 [ 3135.618061][T15324] active_file 57344 [ 3135.618061][T15324] unevictable 0 [ 3135.618061][T15324] slab_reclaimable 1486848 [ 3135.618061][T15324] slab_unreclaimable 8118272 [ 3135.618061][T15324] pgfault 346038 [ 3135.618061][T15324] pgmajfault 0 [ 3135.618061][T15324] workingset_refault 264 [ 3135.618061][T15324] workingset_activate 132 [ 3135.618061][T15324] workingset_nodereclaim 0 [ 3135.618061][T15324] pgrefill 1439 [ 3135.618061][T15324] pgscan 1650 [ 3135.618061][T15324] pgsteal 690 06:00:01 executing program 5: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) 06:00:01 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x1c5, 0x0) 06:00:01 executing program 4: r0 = syz_open_procfs(0x0, &(0x7f0000000080)='net/dev_snmp6\x00') r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = dup3(r1, r0, 0x0) ioctl$TCXONC(r2, 0x4b45, 0x2) 06:00:01 executing program 3: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r5 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000040), 0x0) r6 = accept$alg(r5, 0x0, 0x0) r7 = dup(r6) recvmsg$can_raw(r7, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r8 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r8, 0xae60) ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0) r9 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r10, 0xae60) ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x0) r11 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r11, 0x117, 0x1, &(0x7f0000000040), 0x0) 06:00:01 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(0x0) sendmsg$NL80211_CMD_GET_INTERFACE(r0, &(0x7f0000000900)={0x0, 0x0, &(0x7f00000008c0)={&(0x7f0000000080)={0x14, r1, 0xb0343aabd1184b87}, 0x14}}, 0x0) [ 3135.750226][T15324] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=18727,uid=0 [ 3135.790931][T15324] Memory cgroup out of memory: Killed process 18727 (syz-executor.0) total-vm:74704kB, anon-rss:2212kB, file-rss:35792kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 06:00:01 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x1c6, 0x0) 06:00:01 executing program 4: r0 = socket$inet(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x4e23, @dev}, 0x10) getsockopt$EBT_SO_GET_INFO(0xffffffffffffffff, 0x0, 0x80, 0x0, 0x0) sendto$inet(r0, 0x0, 0xfffffffffffffc6d, 0x20000800, &(0x7f0000000240)={0x2, 0x4e23, @local}, 0x10) socketpair$unix(0x1, 0x1, 0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000400)='auxv\x00') ioctl$SG_IO(r1, 0x2285, &(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, @scatter={0x0, 0x0, 0x0}, 0x0, &(0x7f0000000780)=""/79, 0x0, 0x34, 0x0, &(0x7f0000000680)}) r2 = open(0x0, 0x200c2, 0xfffffffffffffffc) write$binfmt_elf64(r2, 0x0, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000001c0)={r0}) setsockopt$inet_tcp_TCP_CONGESTION(r3, 0x6, 0xd, &(0x7f00000002c0)='cubic\x00', 0x6) r4 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000300)='/dev/sequencer2\x00', 0x0, 0x0) setsockopt$inet6_icmp_ICMP_FILTER(r4, 0x1, 0x1, &(0x7f0000000340)={0x2}, 0x4) fsetxattr$security_capability(r2, &(0x7f0000000000)='security.capability\x00', 0x0, 0x0, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000440)='/dev/audio\x00', 0x200, 0x0) ioctl$VIDIOC_ENUMSTD(r1, 0xc0485619, &(0x7f0000000140)={0x101, 0x0, "bfa5d12bb09c62e3dc38f8893eea216b52dd1fadf03dd48e", {0x5}, 0x9}) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0) setsockopt$inet_mtu(r0, 0x0, 0xa, 0x0, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000080)='ip6_vti0\x00', 0x10) perf_event_open(&(0x7f0000000000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffccf, 0x240, 0x0, 0xffffffffffffff37) 06:00:01 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(0x0) sendmsg$NL80211_CMD_GET_INTERFACE(r0, &(0x7f0000000900)={0x0, 0x0, &(0x7f00000008c0)={&(0x7f0000000080)={0x14, r1, 0xb0343aabd1184b87}, 0x14}}, 0x0) [ 3136.029148][T15327] syz-executor.0 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 06:00:01 executing program 5: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) [ 3136.172906][T15327] CPU: 1 PID: 15327 Comm: syz-executor.0 Not tainted 5.6.0-rc1-syzkaller #0 [ 3136.181625][T15327] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3136.191688][T15327] Call Trace: [ 3136.195000][T15327] dump_stack+0x11d/0x181 [ 3136.199352][T15327] dump_header+0xaa/0x39c [ 3136.203725][T15327] oom_kill_process.cold+0x10/0x15 [ 3136.208862][T15327] out_of_memory+0x231/0xa60 [ 3136.213494][T15327] mem_cgroup_out_of_memory+0x128/0x150 [ 3136.219072][T15327] try_charge+0x800/0xbf0 [ 3136.223647][T15327] __memcg_kmem_charge_memcg+0x4a/0xe0 [ 3136.229139][T15327] __memcg_kmem_charge+0xcf/0x1b0 [ 3136.234224][T15327] __alloc_pages_nodemask+0x26c/0x310 [ 3136.239639][T15327] alloc_pages_current+0xd1/0x170 [ 3136.244688][T15327] pte_alloc_one+0x18/0x50 [ 3136.249146][T15327] __handle_mm_fault+0x2be6/0x2e00 [ 3136.254305][T15327] handle_mm_fault+0x21b/0x530 [ 3136.259110][T15327] do_page_fault+0x496/0xa3d [ 3136.263737][T15327] page_fault+0x34/0x40 [ 3136.267922][T15327] RIP: 0033:0x45c449 06:00:01 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x20698, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) accept4(0xffffffffffffffff, &(0x7f0000000040)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @loopback}}}, &(0x7f00000000c0)=0x80, 0x80000) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000000c0)="230000005e0081aee4050c00000f0000008bc609f6d8ffffff9e000000000000000000", 0x23}], 0x1}, 0x0) recvmsg(r0, &(0x7f000000c0c0)={&(0x7f000000a880)=@xdp, 0x80, &(0x7f000000c000)=[{0x0}, {0x0}, {&(0x7f00000006c0)=""/243, 0xfffffef4}, {&(0x7f000000be40)=""/122, 0x7a}, {&(0x7f000000bec0)=""/121, 0x79}], 0x5}, 0x40) bpf$PROG_LOAD(0x5, &(0x7f000000c1c0)={0x16, 0x0, &(0x7f0000000280)=ANY=[], 0x0, 0x3f, 0x0, 0x0, 0x0, 0x1, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000380)={0x6, 0x7}, 0x8, 0x10, &(0x7f000000c180)={0x0, 0x7, 0x0, 0x9}, 0x10}, 0x78) r1 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000000c0)="230000005e0081aee4050c00000f0000008bc609f6d8ffffff9e000000000000000000", 0x23}], 0x1}, 0x0) recvmsg(r1, &(0x7f000000c0c0)={&(0x7f000000a880)=@xdp={0x2c, 0x0, 0x0}, 0x80, &(0x7f000000c000)=[{0x0}, {0x0}, {&(0x7f00000006c0)=""/243, 0xfffffef4}, {&(0x7f000000be40)=""/122, 0x7a}, {&(0x7f000000bec0)=""/121, 0x79}], 0x5}, 0x40) bpf$PROG_LOAD(0x5, &(0x7f000000c1c0)={0x16, 0x0, &(0x7f0000000280)=ANY=[], 0x0, 0x3f, 0x0, 0x0, 0x0, 0x1, [], r2, 0x0, 0xffffffffffffffff, 0x8, &(0x7f000000c140)={0x6, 0x7}, 0x8, 0x10, &(0x7f000000c180)={0x0, 0x7, 0x0, 0x9}, 0x10}, 0x70) recvfrom(r0, &(0x7f0000000240)=""/110, 0x6e, 0x40, &(0x7f00000002c0)=@xdp={0x2c, 0x8, r2, 0x7}, 0x80) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000000)=0x2, 0x12) 06:00:01 executing program 0: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000040), 0x0) [ 3136.271830][T15327] Code: Bad RIP value. [ 3136.275900][T15327] RSP: 002b:00007fc022a63c78 EFLAGS: 00010246 [ 3136.282186][T15327] RAX: 0000000000000000 RBX: 00007fc022a646d4 RCX: 000000000045c449 [ 3136.290182][T15327] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 3136.298312][T15327] RBP: 000000000076bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 3136.306469][T15327] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 3136.314444][T15327] R13: 0000000000000074 R14: 00000000004c2ce6 R15: 000000000076bf2c 06:00:01 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x1c7, 0x0) [ 3136.480232][ C1] print_req_error: 173 callbacks suppressed [ 3136.480250][ C1] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3136.497369][ C1] buffer_io_error: 173 callbacks suppressed [ 3136.497382][ C1] Buffer I/O error on dev loop0, logical block 0, async page read [ 3136.511532][ C0] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3136.522549][ C0] Buffer I/O error on dev loop0, logical block 0, async page read 06:00:01 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(0x0) sendmsg$NL80211_CMD_GET_INTERFACE(r0, &(0x7f0000000900)={0x0, 0x0, &(0x7f00000008c0)={&(0x7f0000000080)={0x14, r1, 0xb0343aabd1184b87}, 0x14}}, 0x0) [ 3136.574139][ C0] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3136.585090][ C0] Buffer I/O error on dev loop0, logical block 0, async page read 06:00:01 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) 06:00:01 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x20698, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) accept4(0xffffffffffffffff, &(0x7f0000000040)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @loopback}}}, &(0x7f00000000c0)=0x80, 0x80000) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000000c0)="230000005e0081aee4050c00000f0000008bc609f6d8ffffff9e000000000000000000", 0x23}], 0x1}, 0x0) recvmsg(r0, &(0x7f000000c0c0)={&(0x7f000000a880)=@xdp, 0x80, &(0x7f000000c000)=[{0x0}, {0x0}, {&(0x7f00000006c0)=""/243, 0xfffffef4}, {&(0x7f000000be40)=""/122, 0x7a}, {&(0x7f000000bec0)=""/121, 0x79}], 0x5}, 0x40) bpf$PROG_LOAD(0x5, &(0x7f000000c1c0)={0x16, 0x0, &(0x7f0000000280)=ANY=[], 0x0, 0x3f, 0x0, 0x0, 0x0, 0x1, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000380)={0x6, 0x7}, 0x8, 0x10, &(0x7f000000c180)={0x0, 0x7, 0x0, 0x9}, 0x10}, 0x78) r1 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000000c0)="230000005e0081aee4050c00000f0000008bc609f6d8ffffff9e000000000000000000", 0x23}], 0x1}, 0x0) recvmsg(r1, &(0x7f000000c0c0)={&(0x7f000000a880)=@xdp={0x2c, 0x0, 0x0}, 0x80, &(0x7f000000c000)=[{0x0}, {0x0}, {&(0x7f00000006c0)=""/243, 0xfffffef4}, {&(0x7f000000be40)=""/122, 0x7a}, {&(0x7f000000bec0)=""/121, 0x79}], 0x5}, 0x40) bpf$PROG_LOAD(0x5, &(0x7f000000c1c0)={0x16, 0x0, &(0x7f0000000280)=ANY=[], 0x0, 0x3f, 0x0, 0x0, 0x0, 0x1, [], r2, 0x0, 0xffffffffffffffff, 0x8, &(0x7f000000c140)={0x6, 0x7}, 0x8, 0x10, &(0x7f000000c180)={0x0, 0x7, 0x0, 0x9}, 0x10}, 0x70) recvfrom(r0, &(0x7f0000000240)=""/110, 0x6e, 0x40, &(0x7f00000002c0)=@xdp={0x2c, 0x8, r2, 0x7}, 0x80) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000000)=0x2, 0x12) [ 3136.668488][ C0] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3136.679490][ C0] Buffer I/O error on dev loop0, logical block 0, async page read [ 3136.689281][ C0] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3136.700509][ C0] Buffer I/O error on dev loop0, logical block 0, async page read [ 3136.764850][ C0] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3136.776080][ C0] Buffer I/O error on dev loop0, logical block 0, async page read 06:00:02 executing program 3: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r5 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000040), 0x0) r6 = accept$alg(r5, 0x0, 0x0) r7 = dup(r6) recvmsg$can_raw(r7, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r8 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r8, 0xae60) ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0) r9 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r10, 0xae60) ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x0) r11 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r11, 0x117, 0x1, &(0x7f0000000040), 0x0) [ 3136.884128][ C0] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3136.895226][ C0] Buffer I/O error on dev loop0, logical block 0, async page read 06:00:02 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x1c8, 0x0) 06:00:02 executing program 1: socket$nl_generic(0x10, 0x3, 0x10) r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040)='nl80211\x00') sendmsg$NL80211_CMD_GET_INTERFACE(0xffffffffffffffff, &(0x7f0000000900)={0x0, 0x0, &(0x7f00000008c0)={&(0x7f0000000080)={0x14, r0, 0xb0343aabd1184b87}, 0x14}}, 0x0) [ 3136.963696][ C0] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3136.974640][ C0] Buffer I/O error on dev loop0, logical block 0, async page read [ 3137.000388][ C0] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3137.011356][ C0] Buffer I/O error on dev loop0, logical block 0, async page read [ 3137.019731][ C0] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3137.024451][T15327] memory: usage 302252kB, limit 307200kB, failcnt 1988 [ 3137.030687][ C0] Buffer I/O error on dev loop0, logical block 0, async page read [ 3137.141132][T15327] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3137.190187][T15327] Memory cgroup stats for /syz0: [ 3137.190341][T15327] anon 219414528 [ 3137.190341][T15327] file 47108096 [ 3137.190341][T15327] kernel_stack 4055040 [ 3137.190341][T15327] slab 9469952 [ 3137.190341][T15327] sock 0 [ 3137.190341][T15327] shmem 46977024 [ 3137.190341][T15327] file_mapped 0 [ 3137.190341][T15327] file_dirty 0 [ 3137.190341][T15327] file_writeback 0 [ 3137.190341][T15327] anon_thp 184549376 [ 3137.190341][T15327] inactive_anon 0 [ 3137.190341][T15327] active_anon 266440704 [ 3137.190341][T15327] inactive_file 0 06:00:02 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) 06:00:02 executing program 1: socket$nl_generic(0x10, 0x3, 0x10) r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040)='nl80211\x00') sendmsg$NL80211_CMD_GET_INTERFACE(0xffffffffffffffff, &(0x7f0000000900)={0x0, 0x0, &(0x7f00000008c0)={&(0x7f0000000080)={0x14, r0, 0xb0343aabd1184b87}, 0x14}}, 0x0) [ 3137.190341][T15327] active_file 57344 [ 3137.190341][T15327] unevictable 0 [ 3137.190341][T15327] slab_reclaimable 1486848 [ 3137.190341][T15327] slab_unreclaimable 7983104 [ 3137.190341][T15327] pgfault 346104 [ 3137.190341][T15327] pgmajfault 0 [ 3137.190341][T15327] workingset_refault 264 [ 3137.190341][T15327] workingset_activate 132 [ 3137.190341][T15327] workingset_nodereclaim 0 [ 3137.190341][T15327] pgrefill 1439 [ 3137.190341][T15327] pgscan 1650 [ 3137.190341][T15327] pgsteal 690 06:00:02 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x1c9, 0x0) 06:00:02 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x20698, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) accept4(0xffffffffffffffff, &(0x7f0000000040)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @loopback}}}, &(0x7f00000000c0)=0x80, 0x80000) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000000c0)="230000005e0081aee4050c00000f0000008bc609f6d8ffffff9e000000000000000000", 0x23}], 0x1}, 0x0) recvmsg(r0, &(0x7f000000c0c0)={&(0x7f000000a880)=@xdp, 0x80, &(0x7f000000c000)=[{0x0}, {0x0}, {&(0x7f00000006c0)=""/243, 0xfffffef4}, {&(0x7f000000be40)=""/122, 0x7a}, {&(0x7f000000bec0)=""/121, 0x79}], 0x5}, 0x40) bpf$PROG_LOAD(0x5, &(0x7f000000c1c0)={0x16, 0x0, &(0x7f0000000280)=ANY=[], 0x0, 0x3f, 0x0, 0x0, 0x0, 0x1, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000380)={0x6, 0x7}, 0x8, 0x10, &(0x7f000000c180)={0x0, 0x7, 0x0, 0x9}, 0x10}, 0x78) r1 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000000c0)="230000005e0081aee4050c00000f0000008bc609f6d8ffffff9e000000000000000000", 0x23}], 0x1}, 0x0) recvmsg(r1, &(0x7f000000c0c0)={&(0x7f000000a880)=@xdp={0x2c, 0x0, 0x0}, 0x80, &(0x7f000000c000)=[{0x0}, {0x0}, {&(0x7f00000006c0)=""/243, 0xfffffef4}, {&(0x7f000000be40)=""/122, 0x7a}, {&(0x7f000000bec0)=""/121, 0x79}], 0x5}, 0x40) bpf$PROG_LOAD(0x5, &(0x7f000000c1c0)={0x16, 0x0, &(0x7f0000000280)=ANY=[], 0x0, 0x3f, 0x0, 0x0, 0x0, 0x1, [], r2, 0x0, 0xffffffffffffffff, 0x8, &(0x7f000000c140)={0x6, 0x7}, 0x8, 0x10, &(0x7f000000c180)={0x0, 0x7, 0x0, 0x9}, 0x10}, 0x70) recvfrom(r0, &(0x7f0000000240)=""/110, 0x6e, 0x40, &(0x7f00000002c0)=@xdp={0x2c, 0x8, r2, 0x7}, 0x80) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000000)=0x2, 0x12) [ 3137.476351][T15327] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=18710,uid=0 [ 3137.602548][T15327] Memory cgroup out of memory: Killed process 18710 (syz-executor.0) total-vm:74704kB, anon-rss:2212kB, file-rss:35792kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 06:00:03 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x20698, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) accept4(0xffffffffffffffff, &(0x7f0000000040)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @loopback}}}, &(0x7f00000000c0)=0x80, 0x80000) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000000c0)="230000005e0081aee4050c00000f0000008bc609f6d8ffffff9e000000000000000000", 0x23}], 0x1}, 0x0) recvmsg(r0, &(0x7f000000c0c0)={&(0x7f000000a880)=@xdp, 0x80, &(0x7f000000c000)=[{0x0}, {0x0}, {&(0x7f00000006c0)=""/243, 0xfffffef4}, {&(0x7f000000be40)=""/122, 0x7a}, {&(0x7f000000bec0)=""/121, 0x79}], 0x5}, 0x40) bpf$PROG_LOAD(0x5, &(0x7f000000c1c0)={0x16, 0x0, &(0x7f0000000280)=ANY=[], 0x0, 0x3f, 0x0, 0x0, 0x0, 0x1, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000380)={0x6, 0x7}, 0x8, 0x10, &(0x7f000000c180)={0x0, 0x7, 0x0, 0x9}, 0x10}, 0x78) r1 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000000c0)="230000005e0081aee4050c00000f0000008bc609f6d8ffffff9e000000000000000000", 0x23}], 0x1}, 0x0) recvmsg(r1, &(0x7f000000c0c0)={&(0x7f000000a880)=@xdp={0x2c, 0x0, 0x0}, 0x80, &(0x7f000000c000)=[{0x0}, {0x0}, {&(0x7f00000006c0)=""/243, 0xfffffef4}, {&(0x7f000000be40)=""/122, 0x7a}, {&(0x7f000000bec0)=""/121, 0x79}], 0x5}, 0x40) bpf$PROG_LOAD(0x5, &(0x7f000000c1c0)={0x16, 0x0, &(0x7f0000000280)=ANY=[], 0x0, 0x3f, 0x0, 0x0, 0x0, 0x1, [], r2, 0x0, 0xffffffffffffffff, 0x8, &(0x7f000000c140)={0x6, 0x7}, 0x8, 0x10, &(0x7f000000c180)={0x0, 0x7, 0x0, 0x9}, 0x10}, 0x70) recvfrom(r0, &(0x7f0000000240)=""/110, 0x6e, 0x40, &(0x7f00000002c0)=@xdp={0x2c, 0x8, r2, 0x7}, 0x80) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000000)=0x2, 0x12) 06:00:03 executing program 0: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) dup(r1) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000040), 0x0) 06:00:03 executing program 1: socket$nl_generic(0x10, 0x3, 0x10) r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040)='nl80211\x00') sendmsg$NL80211_CMD_GET_INTERFACE(0xffffffffffffffff, &(0x7f0000000900)={0x0, 0x0, &(0x7f00000008c0)={&(0x7f0000000080)={0x14, r0, 0xb0343aabd1184b87}, 0x14}}, 0x0) 06:00:03 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) 06:00:03 executing program 3: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r5 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000040), 0x0) r6 = accept$alg(r5, 0x0, 0x0) r7 = dup(r6) recvmsg$can_raw(r7, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r8 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r8, 0xae60) ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0) r9 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r10, 0xae60) ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x0) r11 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r11, 0x117, 0x1, &(0x7f0000000040), 0x0) 06:00:03 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x1ca, 0x0) 06:00:03 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040)='nl80211\x00') sendmsg$NL80211_CMD_GET_INTERFACE(r0, 0x0, 0x0) 06:00:03 executing program 5: set_mempolicy(0x0, &(0x7f0000000300)=0x762, 0x9) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) 06:00:03 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x1cb, 0x0) 06:00:03 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x20698, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) accept4(0xffffffffffffffff, &(0x7f0000000040)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @loopback}}}, &(0x7f00000000c0)=0x80, 0x80000) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000000c0)="230000005e0081aee4050c00000f0000008bc609f6d8ffffff9e000000000000000000", 0x23}], 0x1}, 0x0) recvmsg(r0, &(0x7f000000c0c0)={&(0x7f000000a880)=@xdp, 0x80, &(0x7f000000c000)=[{0x0}, {0x0}, {&(0x7f00000006c0)=""/243, 0xfffffef4}, {&(0x7f000000be40)=""/122, 0x7a}, {&(0x7f000000bec0)=""/121, 0x79}], 0x5}, 0x40) bpf$PROG_LOAD(0x5, &(0x7f000000c1c0)={0x16, 0x0, &(0x7f0000000280)=ANY=[], 0x0, 0x3f, 0x0, 0x0, 0x0, 0x1, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000380)={0x6, 0x7}, 0x8, 0x10, &(0x7f000000c180)={0x0, 0x7, 0x0, 0x9}, 0x10}, 0x78) r1 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000000c0)="230000005e0081aee4050c00000f0000008bc609f6d8ffffff9e000000000000000000", 0x23}], 0x1}, 0x0) recvmsg(r1, &(0x7f000000c0c0)={&(0x7f000000a880)=@xdp={0x2c, 0x0, 0x0}, 0x80, &(0x7f000000c000)=[{0x0}, {0x0}, {&(0x7f00000006c0)=""/243, 0xfffffef4}, {&(0x7f000000be40)=""/122, 0x7a}, {&(0x7f000000bec0)=""/121, 0x79}], 0x5}, 0x40) bpf$PROG_LOAD(0x5, &(0x7f000000c1c0)={0x16, 0x0, &(0x7f0000000280)=ANY=[], 0x0, 0x3f, 0x0, 0x0, 0x0, 0x1, [], r2, 0x0, 0xffffffffffffffff, 0x8, &(0x7f000000c140)={0x6, 0x7}, 0x8, 0x10, &(0x7f000000c180)={0x0, 0x7, 0x0, 0x9}, 0x10}, 0x70) recvfrom(r0, &(0x7f0000000240)=""/110, 0x6e, 0x40, &(0x7f00000002c0)=@xdp={0x2c, 0x8, r2, 0x7}, 0x80) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000000)=0x2, 0x12) [ 3138.232658][T15446] syz-executor.3 invoked oom-killer: gfp_mask=0x402dc2(GFP_KERNEL_ACCOUNT|__GFP_HIGHMEM|__GFP_NOWARN|__GFP_ZERO), order=0, oom_score_adj=1000 06:00:03 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040)='nl80211\x00') sendmsg$NL80211_CMD_GET_INTERFACE(r0, 0x0, 0x0) 06:00:03 executing program 0: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) accept$alg(r0, 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000040), 0x0) 06:00:03 executing program 5: set_mempolicy(0x0, &(0x7f0000000300)=0x762, 0x9) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) [ 3138.441268][T15446] CPU: 1 PID: 15446 Comm: syz-executor.3 Not tainted 5.6.0-rc1-syzkaller #0 [ 3138.450116][T15446] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3138.460334][T15446] Call Trace: [ 3138.463648][T15446] dump_stack+0x11d/0x181 [ 3138.468184][T15446] dump_header+0xaa/0x39c [ 3138.472551][T15446] oom_kill_process.cold+0x10/0x15 [ 3138.477690][T15446] out_of_memory+0x231/0xa60 [ 3138.482303][T15446] ? __rcu_read_unlock+0x66/0x2f0 06:00:03 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x1cc, 0x0) [ 3138.487364][T15446] mem_cgroup_out_of_memory+0x128/0x150 [ 3138.493076][T15446] try_charge+0xb6c/0xbf0 [ 3138.497425][T15446] ? _raw_spin_unlock+0x4b/0x60 [ 3138.502336][T15446] __memcg_kmem_charge_memcg+0x4a/0xe0 [ 3138.507949][T15446] __memcg_kmem_charge+0xcf/0x1b0 [ 3138.513096][T15446] __alloc_pages_nodemask+0x26c/0x310 [ 3138.518617][T15446] alloc_pages_current+0xd1/0x170 [ 3138.523807][T15446] __vmalloc_node_range+0x2c4/0x4a0 [ 3138.529036][T15446] __vmalloc+0x4d/0x70 [ 3138.533142][T15446] ? vmx_vm_alloc+0x40/0x50 06:00:03 executing program 4: sendmmsg$nfc_llcp(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_emit_ethernet(0x82, &(0x7f0000000000)=ANY=[@ANYBLOB="ffffffffffffffffffff7fff86dd60e1d3d2004c2f00fe8000000000000000000000000000aaff0200000000000000000000000000013b0008000066d28d24ce9ecb8a00000000000800000086dd080088be00000000100000010100000000000000080022eb000000000800655800000000"], 0x0) [ 3138.537672][T15446] vmx_vm_alloc+0x40/0x50 [ 3138.542031][T15446] kvm_dev_ioctl+0x137/0xcb0 [ 3138.546657][T15446] ? tomoyo_file_ioctl+0x34/0x40 [ 3138.551620][T15446] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3138.557894][T15446] ? kvm_put_kvm+0x6a0/0x6a0 [ 3138.562618][T15446] ksys_ioctl+0x109/0x150 [ 3138.567836][T15446] __x64_sys_ioctl+0x4c/0x60 [ 3138.572477][T15446] do_syscall_64+0xcc/0x3a0 [ 3138.577024][T15446] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 3138.582986][T15446] RIP: 0033:0x45c449 [ 3138.586901][T15446] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3138.606564][T15446] RSP: 002b:00007f331e30dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3138.614992][T15446] RAX: ffffffffffffffda RBX: 00007f331e30e6d4 RCX: 000000000045c449 [ 3138.622981][T15446] RDX: 0000000000000000 RSI: 000000000000ae01 RDI: 0000000000000004 [ 3138.631190][T15446] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 3138.639173][T15446] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 3138.647156][T15446] R13: 0000000000000390 R14: 00000000004c5c51 R15: 000000000076bf2c [ 3139.021025][T15446] memory: usage 307200kB, limit 307200kB, failcnt 405 [ 3139.036296][T15446] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3139.062608][T15446] Memory cgroup stats for /syz3: [ 3139.062812][T15446] anon 281989120 [ 3139.062812][T15446] file 159744 [ 3139.062812][T15446] kernel_stack 2543616 [ 3139.062812][T15446] slab 8957952 [ 3139.062812][T15446] sock 0 [ 3139.062812][T15446] shmem 106496 [ 3139.062812][T15446] file_mapped 0 [ 3139.062812][T15446] file_dirty 0 [ 3139.062812][T15446] file_writeback 0 [ 3139.062812][T15446] anon_thp 264241152 [ 3139.062812][T15446] inactive_anon 135168 [ 3139.062812][T15446] active_anon 281964544 [ 3139.062812][T15446] inactive_file 0 [ 3139.062812][T15446] active_file 69632 [ 3139.062812][T15446] unevictable 0 [ 3139.062812][T15446] slab_reclaimable 1622016 [ 3139.062812][T15446] slab_unreclaimable 7335936 [ 3139.062812][T15446] pgfault 223410 [ 3139.062812][T15446] pgmajfault 0 [ 3139.062812][T15446] workingset_refault 99 [ 3139.062812][T15446] workingset_activate 0 [ 3139.062812][T15446] workingset_nodereclaim 0 [ 3139.062812][T15446] pgrefill 565 [ 3139.062812][T15446] pgscan 578 [ 3139.062812][T15446] pgsteal 244 [ 3139.366032][T15446] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=30804,uid=0 [ 3139.400983][T15446] Memory cgroup out of memory: Killed process 30804 (syz-executor.3) total-vm:74704kB, anon-rss:4260kB, file-rss:35832kB, shmem-rss:0kB, UID:0 pgtables:136kB oom_score_adj:1000 [ 3139.452345][T15453] syz-executor.3 invoked oom-killer: gfp_mask=0x402dc2(GFP_KERNEL_ACCOUNT|__GFP_HIGHMEM|__GFP_NOWARN|__GFP_ZERO), order=0, oom_score_adj=1000 [ 3139.483449][T15453] CPU: 1 PID: 15453 Comm: syz-executor.3 Not tainted 5.6.0-rc1-syzkaller #0 [ 3139.492175][T15453] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3139.502370][T15453] Call Trace: [ 3139.505693][T15453] dump_stack+0x11d/0x181 [ 3139.510050][T15453] dump_header+0xaa/0x39c [ 3139.514443][T15453] oom_kill_process.cold+0x10/0x15 [ 3139.519579][T15453] out_of_memory+0x231/0xa60 [ 3139.524318][T15453] mem_cgroup_out_of_memory+0x128/0x150 [ 3139.531723][T15453] try_charge+0x800/0xbf0 [ 3139.531758][T15453] ? _raw_spin_unlock+0x4b/0x60 [ 3139.531789][T15453] __memcg_kmem_charge_memcg+0x4a/0xe0 [ 3139.546696][T15453] __memcg_kmem_charge+0xcf/0x1b0 [ 3139.551796][T15453] __alloc_pages_nodemask+0x26c/0x310 [ 3139.557243][T15453] alloc_pages_current+0xd1/0x170 [ 3139.562320][T15453] __vmalloc_node_range+0x2c4/0x4a0 [ 3139.567615][T15453] __vmalloc+0x4d/0x70 [ 3139.571708][T15453] ? vmx_vm_alloc+0x40/0x50 [ 3139.576241][T15453] vmx_vm_alloc+0x40/0x50 [ 3139.580719][T15453] kvm_dev_ioctl+0x137/0xcb0 [ 3139.585334][T15453] ? tomoyo_file_ioctl+0x34/0x40 [ 3139.590574][T15453] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3139.596848][T15453] ? kvm_put_kvm+0x6a0/0x6a0 [ 3139.601502][T15453] ksys_ioctl+0x109/0x150 [ 3139.605854][T15453] __x64_sys_ioctl+0x4c/0x60 [ 3139.610484][T15453] do_syscall_64+0xcc/0x3a0 [ 3139.615029][T15453] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 3139.620951][T15453] RIP: 0033:0x45c449 [ 3139.624864][T15453] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3139.644542][T15453] RSP: 002b:00007f331e2ecc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3139.652974][T15453] RAX: ffffffffffffffda RBX: 00007f331e2ed6d4 RCX: 000000000045c449 [ 3139.661224][T15453] RDX: 0000000000000000 RSI: 000000000000ae01 RDI: 0000000000000006 [ 3139.669337][T15453] RBP: 000000000076bfc0 R08: 0000000000000000 R09: 0000000000000000 [ 3139.677318][T15453] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 3139.685308][T15453] R13: 0000000000000390 R14: 00000000004c5c51 R15: 000000000076bfcc [ 3139.990938][T15453] memory: usage 302972kB, limit 307200kB, failcnt 405 [ 3139.997761][T15453] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3140.007519][T15453] Memory cgroup stats for /syz3: [ 3140.007682][T15453] anon 277655552 [ 3140.007682][T15453] file 159744 [ 3140.007682][T15453] kernel_stack 2543616 [ 3140.007682][T15453] slab 8957952 [ 3140.007682][T15453] sock 0 [ 3140.007682][T15453] shmem 106496 [ 3140.007682][T15453] file_mapped 0 [ 3140.007682][T15453] file_dirty 0 [ 3140.007682][T15453] file_writeback 0 [ 3140.007682][T15453] anon_thp 260046848 [ 3140.007682][T15453] inactive_anon 135168 [ 3140.007682][T15453] active_anon 277655552 [ 3140.007682][T15453] inactive_file 0 [ 3140.007682][T15453] active_file 69632 [ 3140.007682][T15453] unevictable 0 [ 3140.007682][T15453] slab_reclaimable 1622016 [ 3140.007682][T15453] slab_unreclaimable 7335936 [ 3140.007682][T15453] pgfault 223410 [ 3140.007682][T15453] pgmajfault 0 [ 3140.007682][T15453] workingset_refault 99 [ 3140.007682][T15453] workingset_activate 0 [ 3140.007682][T15453] workingset_nodereclaim 0 [ 3140.007682][T15453] pgrefill 565 [ 3140.007682][T15453] pgscan 578 [ 3140.007682][T15453] pgsteal 244 [ 3140.249397][T15453] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=11601,uid=0 [ 3140.280954][T15453] Memory cgroup out of memory: Killed process 11601 (syz-executor.3) total-vm:74836kB, anon-rss:4268kB, file-rss:35820kB, shmem-rss:0kB, UID:0 pgtables:136kB oom_score_adj:1000 [ 3140.333235][T15435] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3140.350936][T15435] CPU: 1 PID: 15435 Comm: syz-executor.3 Not tainted 5.6.0-rc1-syzkaller #0 [ 3140.359741][T15435] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3140.369797][T15435] Call Trace: [ 3140.373168][T15435] dump_stack+0x11d/0x181 [ 3140.377583][T15435] dump_header+0xaa/0x39c [ 3140.381939][T15435] oom_kill_process.cold+0x10/0x15 [ 3140.387149][T15435] out_of_memory+0x231/0xa60 [ 3140.391774][T15435] mem_cgroup_out_of_memory+0x128/0x150 [ 3140.397403][T15435] try_charge+0x800/0xbf0 [ 3140.401839][T15435] mem_cgroup_try_charge+0xd2/0x260 [ 3140.407180][T15435] mem_cgroup_try_charge_delay+0x3a/0x80 [ 3140.413055][T15435] __handle_mm_fault+0x197f/0x2e00 [ 3140.418297][T15435] handle_mm_fault+0x21b/0x530 [ 3140.423271][T15435] do_page_fault+0x496/0xa3d [ 3140.427925][T15435] page_fault+0x34/0x40 [ 3140.432113][T15435] RIP: 0033:0x413c3f [ 3140.436033][T15435] Code: 0f 84 c8 02 00 00 48 83 bd 78 ff ff ff 00 0f 84 f9 04 00 00 48 8b 95 68 ff ff ff 44 89 95 38 ff ff ff 4c 8d ac 10 00 f7 ff ff <49> 89 85 90 06 00 00 49 8d 85 10 03 00 00 49 89 95 98 06 00 00 41 [ 3140.455845][T15435] RSP: 002b:00007ffc79c5d860 EFLAGS: 00010206 [ 3140.461921][T15435] RAX: 00007f331e2ac000 RBX: 0000000000020000 RCX: 000000000045c49a [ 3140.469986][T15435] RDX: 0000000000021000 RSI: 0000000000021000 RDI: 0000000000000000 [ 3140.478017][T15435] RBP: 00007ffc79c5d940 R08: ffffffffffffffff R09: 0000000000000000 [ 3140.486181][T15435] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffc79c5da30 [ 3140.494246][T15435] R13: 00007f331e2cc700 R14: 0000000000000002 R15: 000000000076c06c [ 3140.518011][T15435] memory: usage 298552kB, limit 307200kB, failcnt 405 [ 3140.524903][T15435] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3140.534421][T15435] Memory cgroup stats for /syz3: [ 3140.534656][T15435] anon 273334272 [ 3140.534656][T15435] file 159744 [ 3140.534656][T15435] kernel_stack 2543616 [ 3140.534656][T15435] slab 8957952 [ 3140.534656][T15435] sock 0 [ 3140.534656][T15435] shmem 106496 [ 3140.534656][T15435] file_mapped 0 [ 3140.534656][T15435] file_dirty 0 [ 3140.534656][T15435] file_writeback 0 [ 3140.534656][T15435] anon_thp 255852544 [ 3140.534656][T15435] inactive_anon 135168 [ 3140.534656][T15435] active_anon 273334272 [ 3140.534656][T15435] inactive_file 0 [ 3140.534656][T15435] active_file 69632 [ 3140.534656][T15435] unevictable 0 [ 3140.534656][T15435] slab_reclaimable 1622016 [ 3140.534656][T15435] slab_unreclaimable 7335936 [ 3140.534656][T15435] pgfault 223410 [ 3140.534656][T15435] pgmajfault 0 [ 3140.534656][T15435] workingset_refault 99 [ 3140.534656][T15435] workingset_activate 0 [ 3140.534656][T15435] workingset_nodereclaim 0 [ 3140.534656][T15435] pgrefill 565 [ 3140.534656][T15435] pgscan 578 [ 3140.534656][T15435] pgsteal 244 [ 3140.632787][T15435] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=24476,uid=0 [ 3140.670948][T15435] Memory cgroup out of memory: Killed process 24476 (syz-executor.3) total-vm:74836kB, anon-rss:4268kB, file-rss:35784kB, shmem-rss:0kB, UID:0 pgtables:136kB oom_score_adj:1000 [ 3140.706906][ T1078] oom_reaper: reaped process 24476 (syz-executor.3), now anon-rss:0kB, file-rss:34824kB, shmem-rss:0kB 06:00:06 executing program 3: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r5 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000040), 0x0) r6 = accept$alg(r5, 0x0, 0x0) r7 = dup(r6) ioctl$KVM_SET_TSS_ADDR(r7, 0xae47, 0x0) r8 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r8, 0xae60) ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0) r9 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r10, 0xae60) ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x0) r11 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r11, 0x117, 0x1, &(0x7f0000000040), 0x0) 06:00:06 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040)='nl80211\x00') sendmsg$NL80211_CMD_GET_INTERFACE(r0, 0x0, 0x0) 06:00:06 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) gettid() io_submit(0x0, 0x1, &(0x7f00000003c0)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000400)="04", 0x36c, 0x0, 0x0, 0x1}]) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0xec}], 0x1000000000000409, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@loopback, 0x15c}) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/57, 0x39}], 0x3, 0x0, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000300)=[{&(0x7f0000000180)='\'', 0xfd37}], 0x1) write$FUSE_NOTIFY_DELETE(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB], 0x0) tkill(r0, 0x3c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) 06:00:06 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x1cd, 0x0) 06:00:06 executing program 5: set_mempolicy(0x0, &(0x7f0000000300)=0x762, 0x9) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) 06:00:06 executing program 0: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000040), 0x0) 06:00:06 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000037000510d25a80648c63940d0124fc60100010400a000500053582c137153e370948018000f01700d1bd", 0x33fe0}], 0x1}, 0x0) 06:00:06 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040)='nl80211\x00') sendmsg$NL80211_CMD_GET_INTERFACE(r0, &(0x7f0000000900)={0x0, 0x0, 0x0}, 0x0) [ 3141.110306][T15543] syz-executor.0 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 3141.162770][T15543] CPU: 1 PID: 15543 Comm: syz-executor.0 Not tainted 5.6.0-rc1-syzkaller #0 [ 3141.171516][T15543] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3141.181570][T15543] Call Trace: [ 3141.184876][T15543] dump_stack+0x11d/0x181 [ 3141.189221][T15543] dump_header+0xaa/0x39c [ 3141.193582][T15543] oom_kill_process.cold+0x10/0x15 [ 3141.198780][T15543] out_of_memory+0x231/0xa60 [ 3141.203446][T15543] ? __rcu_read_unlock+0x66/0x2f0 [ 3141.208497][T15543] mem_cgroup_out_of_memory+0x128/0x150 [ 3141.214191][T15543] try_charge+0xb6c/0xbf0 [ 3141.218636][T15543] __memcg_kmem_charge_memcg+0x4a/0xe0 [ 3141.224130][T15543] __memcg_kmem_charge+0xcf/0x1b0 [ 3141.229179][T15543] __alloc_pages_nodemask+0x26c/0x310 [ 3141.234589][T15543] alloc_pages_current+0xd1/0x170 [ 3141.239735][T15543] pte_alloc_one+0x18/0x50 [ 3141.244236][T15543] __pte_alloc+0x2d/0x220 [ 3141.248600][T15543] copy_page_range+0x13a2/0x1a00 [ 3141.253572][T15543] ? __list_add_valid+0x62/0x80 [ 3141.258550][T15543] dup_mm+0x74a/0xba0 [ 3141.262848][T15543] copy_process+0x39d7/0x3b40 [ 3141.267568][T15543] _do_fork+0xfe/0x7a0 [ 3141.271656][T15543] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3141.277915][T15543] ? ktime_get_ts64+0x286/0x2c0 [ 3141.282843][T15543] __x64_sys_clone+0x130/0x170 [ 3141.289850][T15543] do_syscall_64+0xcc/0x3a0 [ 3141.294430][T15543] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 3141.300334][T15543] RIP: 0033:0x45c449 [ 3141.304277][T15543] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3141.324681][T15543] RSP: 002b:00007fc022a63c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 3141.333190][T15543] RAX: ffffffffffffffda RBX: 00007fc022a646d4 RCX: 000000000045c449 [ 3141.342002][T15543] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 3141.350117][T15543] RBP: 000000000076bf20 R08: ffffffffffffffff R09: 0000000000000000 06:00:06 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040)='nl80211\x00') sendmsg$NL80211_CMD_GET_INTERFACE(r0, &(0x7f0000000900)={0x0, 0x0, 0x0}, 0x0) 06:00:06 executing program 5: set_mempolicy(0x1, 0x0, 0x9) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) [ 3141.358098][T15543] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 3141.366082][T15543] R13: 0000000000000074 R14: 00000000004c2ce6 R15: 000000000076bf2c [ 3141.400935][T15543] memory: usage 307200kB, limit 307200kB, failcnt 2035 06:00:06 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x1ce, 0x0) [ 3141.407841][T15543] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3141.460318][T15543] Memory cgroup stats for /syz0: [ 3141.460548][T15543] anon 221765632 [ 3141.460548][T15543] file 47108096 [ 3141.460548][T15543] kernel_stack 4091904 [ 3141.460548][T15543] slab 9469952 [ 3141.460548][T15543] sock 0 [ 3141.460548][T15543] shmem 46977024 [ 3141.460548][T15543] file_mapped 0 [ 3141.460548][T15543] file_dirty 0 [ 3141.460548][T15543] file_writeback 0 [ 3141.460548][T15543] anon_thp 186646528 [ 3141.460548][T15543] inactive_anon 0 [ 3141.460548][T15543] active_anon 268791808 [ 3141.460548][T15543] inactive_file 0 06:00:06 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0xf, &(0x7f0000000080)={&(0x7f00000004c0)=ANY=[@ANYBLOB="60000000020601000000000000000000000f000011000300686173683a6e65742c6e65740000000005000400000000000900020073797a3000000000140007800800134000001b000800064000000000050005000a00000005000100b9152307"], 0x60}}, 0x0) [ 3141.460548][T15543] active_file 57344 [ 3141.460548][T15543] unevictable 0 [ 3141.460548][T15543] slab_reclaimable 1486848 [ 3141.460548][T15543] slab_unreclaimable 7983104 [ 3141.460548][T15543] pgfault 346434 [ 3141.460548][T15543] pgmajfault 0 [ 3141.460548][T15543] workingset_refault 264 [ 3141.460548][T15543] workingset_activate 132 [ 3141.460548][T15543] workingset_nodereclaim 0 [ 3141.460548][T15543] pgrefill 1439 [ 3141.460548][T15543] pgscan 1683 [ 3141.460548][T15543] pgsteal 723 [ 3141.630941][T15543] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=18697,uid=0 06:00:07 executing program 3: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r5 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000040), 0x0) r6 = accept$alg(r5, 0x0, 0x0) r7 = dup(r6) ioctl$KVM_SET_TSS_ADDR(r7, 0xae47, 0x0) r8 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r8, 0xae60) ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0) r9 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r10, 0xae60) ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x0) r11 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r11, 0x117, 0x1, &(0x7f0000000040), 0x0) 06:00:07 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x1cf, 0x0) 06:00:07 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040)='nl80211\x00') sendmsg$NL80211_CMD_GET_INTERFACE(r0, &(0x7f0000000900)={0x0, 0x0, 0x0}, 0x0) 06:00:07 executing program 5: set_mempolicy(0x1, 0x0, 0x9) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) 06:00:07 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0xf, &(0x7f0000000080)={&(0x7f00000004c0)=ANY=[@ANYBLOB="60000000020601000000000000000000000f000011000300686173683a6e65742c6e65740000000005000400000000000900020073797a3000000000140007800800134000001b000800064000000000050005000a00000005000100b9152307"], 0x60}}, 0x0) [ 3141.859139][T15543] Memory cgroup out of memory: Killed process 18697 (syz-executor.0) total-vm:74704kB, anon-rss:2212kB, file-rss:35792kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 06:00:07 executing program 0: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000040), 0x0) 06:00:07 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0xf, &(0x7f0000000080)={&(0x7f00000004c0)=ANY=[@ANYBLOB="60000000020601000000000000000000000f000011000300686173683a6e65742c6e65740000000005000400000000000900020073797a3000000000140007800800134000001b000800064000000000050005000a00000005000100b9152307"], 0x60}}, 0x0) 06:00:07 executing program 5: set_mempolicy(0x1, 0x0, 0x9) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) 06:00:07 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040)='nl80211\x00') sendmsg$NL80211_CMD_GET_INTERFACE(r0, &(0x7f0000000900)={0x0, 0x0, &(0x7f00000008c0)={0x0}}, 0x0) 06:00:07 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x1d0, 0x0) 06:00:07 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040)='nl80211\x00') sendmsg$NL80211_CMD_GET_INTERFACE(r0, &(0x7f0000000900)={0x0, 0x0, &(0x7f00000008c0)={0x0}}, 0x0) 06:00:07 executing program 5: set_mempolicy(0x1, &(0x7f0000000300), 0x9) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) [ 3142.588659][ C1] print_req_error: 234 callbacks suppressed [ 3142.588681][ C1] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3142.605539][ C1] buffer_io_error: 234 callbacks suppressed [ 3142.605550][ C1] Buffer I/O error on dev loop0, logical block 0, async page read 06:00:08 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0xf, &(0x7f0000000080)={&(0x7f00000004c0)=ANY=[@ANYBLOB="60000000020601000000000000000000000f000011000300686173683a6e65742c6e65740000000005000400000000000900020073797a3000000000140007800800134000001b000800064000000000050005000a00000005000100b9152307"], 0x60}}, 0x0) 06:00:08 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x1d1, 0x0) 06:00:08 executing program 0: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) socket$alg(0x26, 0x5, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000040), 0x0) 06:00:08 executing program 3: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r5 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000040), 0x0) r6 = accept$alg(r5, 0x0, 0x0) r7 = dup(r6) ioctl$KVM_SET_TSS_ADDR(r7, 0xae47, 0x0) r8 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r8, 0xae60) ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0) r9 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r10, 0xae60) ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x0) r11 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r11, 0x117, 0x1, &(0x7f0000000040), 0x0) 06:00:08 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040)='nl80211\x00') sendmsg$NL80211_CMD_GET_INTERFACE(r0, &(0x7f0000000900)={0x0, 0x0, &(0x7f00000008c0)={0x0}}, 0x0) [ 3142.714879][ C1] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3142.725813][ C1] Buffer I/O error on dev loop0, logical block 0, async page read [ 3142.790742][ C1] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3142.801816][ C1] Buffer I/O error on dev loop0, logical block 0, async page read [ 3142.810067][ C1] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3142.821104][ C1] Buffer I/O error on dev loop0, logical block 0, async page read [ 3142.841786][ C1] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3142.852752][ C1] Buffer I/O error on dev loop0, logical block 0, async page read 06:00:08 executing program 5: set_mempolicy(0x1, &(0x7f0000000300), 0x9) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) [ 3142.966353][ C1] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3142.977285][ C1] Buffer I/O error on dev loop0, logical block 0, async page read 06:00:08 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040)='nl80211\x00') sendmsg$NL80211_CMD_GET_INTERFACE(r0, &(0x7f0000000900)={0x0, 0x0, &(0x7f00000008c0)={&(0x7f0000000080)={0x14, 0x0, 0xb0343aabd1184b87}, 0x14}}, 0x0) 06:00:08 executing program 4: r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$GIO_SCRNMAP(r0, 0x4b40, 0x0) 06:00:08 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x1d2, 0x0) 06:00:08 executing program 0: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000040), 0x0) [ 3143.094533][ C1] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3143.105485][ C1] Buffer I/O error on dev loop0, logical block 0, async page read [ 3143.163384][ C1] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3143.174320][ C1] Buffer I/O error on dev loop0, logical block 0, async page read 06:00:08 executing program 4: r0 = syz_open_dev$evdev(&(0x7f0000000680)='/dev/input/event#\x00', 0x0, 0x0) syncfs(r0) [ 3143.213226][ C1] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3143.224434][ C1] Buffer I/O error on dev loop0, logical block 0, async page read [ 3143.262570][ C1] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3143.273523][ C1] Buffer I/O error on dev loop0, logical block 0, async page read 06:00:08 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x1d3, 0x0) 06:00:08 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040)='nl80211\x00') sendmsg$NL80211_CMD_GET_INTERFACE(r0, &(0x7f0000000900)={0x0, 0x0, &(0x7f00000008c0)={&(0x7f0000000080)={0x14, 0x0, 0xb0343aabd1184b87}, 0x14}}, 0x0) 06:00:08 executing program 5: set_mempolicy(0x1, &(0x7f0000000300), 0x9) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) 06:00:08 executing program 3: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r5 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000040), 0x0) accept$alg(r5, 0x0, 0x0) recvmsg$can_raw(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(0xffffffffffffffff, 0xae47, 0x0) r6 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60) ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r8, 0xae60) ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0) r9 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r9, 0x117, 0x1, &(0x7f0000000040), 0x0) 06:00:08 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x1d4, 0x0) 06:00:08 executing program 0: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000040), 0x0) 06:00:08 executing program 4: r0 = timerfd_create(0x0, 0x0) close(r0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)) sendmsg$NLBL_CALIPSO_C_REMOVE(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0}}, 0x0) 06:00:08 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040)='nl80211\x00') sendmsg$NL80211_CMD_GET_INTERFACE(r0, &(0x7f0000000900)={0x0, 0x0, &(0x7f00000008c0)={&(0x7f0000000080)={0x14, 0x0, 0xb0343aabd1184b87}, 0x14}}, 0x0) 06:00:09 executing program 5: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) 06:00:09 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x1d5, 0x0) 06:00:09 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040)='nl80211\x00') sendmsg$NL80211_CMD_GET_INTERFACE(r0, &(0x7f0000000900)={0x0, 0x0, &(0x7f00000008c0)={&(0x7f0000000080)={0x14, r1}, 0x14}}, 0x0) 06:00:09 executing program 4: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000fc0)='./cgroup.cpu/syz1\x00', 0x200002, 0x0) dup(r0) 06:00:09 executing program 0: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000040), 0x0) 06:00:09 executing program 5: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) 06:00:09 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040)='nl80211\x00') sendmsg$NL80211_CMD_GET_INTERFACE(r0, &(0x7f0000000900)={0x0, 0x0, &(0x7f00000008c0)={&(0x7f0000000080)={0x14, r1}, 0x14}}, 0x0) 06:00:09 executing program 3: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r5 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000040), 0x0) accept$alg(r5, 0x0, 0x0) recvmsg$can_raw(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(0xffffffffffffffff, 0xae47, 0x0) r6 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60) ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r8, 0xae60) ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0) r9 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r9, 0x117, 0x1, &(0x7f0000000040), 0x0) 06:00:09 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x1d6, 0x0) 06:00:09 executing program 4: syz_open_dev$tty1(0xc, 0x4, 0x4) 06:00:09 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040)='nl80211\x00') sendmsg$NL80211_CMD_GET_INTERFACE(r0, &(0x7f0000000900)={0x0, 0x0, &(0x7f00000008c0)={&(0x7f0000000080)={0x14, r1}, 0x14}}, 0x0) 06:00:09 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4) r1 = dup2(r0, r0) connect$unix(r1, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x5) sendmmsg(r1, &(0x7f0000004640)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) 06:00:09 executing program 0: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000040), 0x0) 06:00:09 executing program 5: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) 06:00:09 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x1d7, 0x0) 06:00:09 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x1c, 0x4, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0) 06:00:10 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4) r1 = dup2(r0, r0) connect$unix(r1, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x5) sendmmsg(r1, &(0x7f0000004640)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) 06:00:10 executing program 5: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) 06:00:10 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x1d8, 0x0) 06:00:10 executing program 3: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r5 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000040), 0x0) accept$alg(r5, 0x0, 0x0) recvmsg$can_raw(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(0xffffffffffffffff, 0xae47, 0x0) r6 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60) ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r8, 0xae60) ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0) r9 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r9, 0x117, 0x1, &(0x7f0000000040), 0x0) 06:00:10 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000040), 0x0) 06:00:10 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x1c, 0x4, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0) 06:00:10 executing program 4: perf_event_open(&(0x7f0000000400)={0x2, 0x70, 0xe7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @empty}, 0x1c) r1 = syz_open_procfs(0x0, &(0x7f0000000140)='net/route\x00') sendfile(r0, r1, 0x0, 0x1000003) 06:00:10 executing program 5: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) 06:00:10 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x1d9, 0x0) 06:00:10 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x1c, 0x4, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0) 06:00:10 executing program 4: getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000340)='/dev/ubi_ctrl\x00', 0x0, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x223e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x10006, 0x80011, r0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000000)='comm\x00') writev(r1, &(0x7f0000000080), 0x5b) 06:00:10 executing program 5: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) 06:00:10 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000040), 0x0) 06:00:10 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x1da, 0x0) 06:00:10 executing program 4: openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$vcsa(0x0, 0x8000, 0x200) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000003}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$media(&(0x7f00000000c0)='/dev/media#\x00', 0x0, 0x0) ioctl$RTC_EPOCH_READ(r0, 0xc01c7c02, &(0x7f0000000040)) 06:00:11 executing program 3: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r5 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000040), 0x0) r6 = dup(0xffffffffffffffff) recvmsg$can_raw(r6, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r6, 0xae47, 0x0) r7 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r7, 0xae60) ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r9, 0xae60) ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) r10 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r10, 0x117, 0x1, &(0x7f0000000040), 0x0) 06:00:11 executing program 5: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) 06:00:11 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000040), 0x0) 06:00:11 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x1c, 0x4, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0) 06:00:11 executing program 4: perf_event_open(&(0x7f0000000400)={0x2, 0x70, 0xe7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) 06:00:11 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x1db, 0x0) 06:00:11 executing program 4: perf_event_open(&(0x7f0000000400)={0x2, 0x70, 0xe7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f00000000c0)={0x2, 0x0, 0x0, @empty}, 0x1c) 06:00:11 executing program 1: sendmsg$IPSET_CMD_FLUSH(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x1c, 0x4, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0) 06:00:11 executing program 0: set_mempolicy(0x0, &(0x7f0000000300)=0x762, 0x9) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000040), 0x0) 06:00:11 executing program 5: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) 06:00:11 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x1dc, 0x0) 06:00:11 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)=@ipv6_newrule={0x30, 0x20, 0xbc155b926d363b35, 0x0, 0x0, {0xa, 0x10}, [@FRA_DST={0x14, 0x1, @rand_addr="5cc668e6b054bc0610431f27dfa8aa5e"}]}, 0x30}}, 0x0) 06:00:12 executing program 3: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r5 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000040), 0x0) r6 = dup(0xffffffffffffffff) recvmsg$can_raw(r6, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r6, 0xae47, 0x0) r7 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r7, 0xae60) ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r9, 0xae60) ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) r10 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r10, 0x117, 0x1, &(0x7f0000000040), 0x0) 06:00:12 executing program 1: sendmsg$IPSET_CMD_FLUSH(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x1c, 0x4, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0) 06:00:12 executing program 5: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) 06:00:12 executing program 0: set_mempolicy(0x0, &(0x7f0000000300)=0x762, 0x9) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000040), 0x0) 06:00:12 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x1dd, 0x0) 06:00:12 executing program 4: open(&(0x7f0000000300)='./bus\x00', 0xc15c2, 0x0) r0 = syz_open_dev$loop(&(0x7f0000ca9ff5)='/dev/loop#\x00', 0x0, 0x105082) r1 = memfd_create(&(0x7f0000000140)=',!\x00', 0x0) pwritev(r1, &(0x7f0000000400)=[{&(0x7f0000000340)="a8", 0x1}], 0x1, 0x81003) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) mmap(&(0x7f000000d000/0x1000)=nil, 0x1000, 0x800002, 0x11, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) write(r4, &(0x7f00000001c0), 0x526987c9) sendfile(r0, r1, 0x0, 0x80003) 06:00:12 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x1de, 0x0) 06:00:12 executing program 1: sendmsg$IPSET_CMD_FLUSH(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x1c, 0x4, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0) 06:00:12 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet6(0xa, 0x800000000000002, 0x0) connect$inet6(r2, &(0x7f0000004540)={0xa, 0xe20, 0x0, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x25}}}, 0x7d) sendmmsg$inet(r2, &(0x7f0000002640)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)=[@ip_retopts={{0x14, 0x0, 0x7, {[@noop]}}}], 0x18}}], 0x1, 0x0) 06:00:12 executing program 0: set_mempolicy(0x0, &(0x7f0000000300)=0x762, 0x9) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000040), 0x0) 06:00:12 executing program 1: socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_FLUSH(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x1c, 0x4, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0) 06:00:12 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x1df, 0x0) [ 3147.722312][ C0] print_req_error: 234 callbacks suppressed [ 3147.722346][ C0] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3147.739434][ C0] buffer_io_error: 234 callbacks suppressed [ 3147.739444][ C0] Buffer I/O error on dev loop0, logical block 0, async page read [ 3147.873596][ C0] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3147.884642][ C0] Buffer I/O error on dev loop0, logical block 0, async page read 06:00:13 executing program 3: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r5 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000040), 0x0) r6 = dup(0xffffffffffffffff) recvmsg$can_raw(r6, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r6, 0xae47, 0x0) r7 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r7, 0xae60) ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r9, 0xae60) ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) r10 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r10, 0x117, 0x1, &(0x7f0000000040), 0x0) 06:00:13 executing program 0: set_mempolicy(0x1, 0x0, 0x9) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000040), 0x0) 06:00:13 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) perf_event_open(&(0x7f0000000240)={0x2, 0x70, 0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) io_setup(0x9, &(0x7f00000002c0)=0x0) keyctl$set_timeout(0xf, 0x0, 0x0) io_cancel(r2, 0x0, 0x0) 06:00:13 executing program 1: socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_FLUSH(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x1c, 0x4, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0) 06:00:13 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x1e0, 0x0) [ 3147.931112][ C0] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3147.942155][ C0] Buffer I/O error on dev loop0, logical block 0, async page read [ 3148.028835][ C0] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3148.039943][ C0] Buffer I/O error on dev loop0, logical block 0, async page read 06:00:13 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x1b, &(0x7f0000000000)={@dev}, 0x20) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x1b, &(0x7f00000001c0)={@dev}, 0x20) close(r0) [ 3148.131017][ C0] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3148.142007][ C0] Buffer I/O error on dev loop0, logical block 0, async page read [ 3148.164664][ C0] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3148.175714][ C0] Buffer I/O error on dev loop0, logical block 0, async page read [ 3148.197818][ C0] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3148.208885][ C0] Buffer I/O error on dev loop0, logical block 0, async page read [ 3148.217753][ C0] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3148.228676][ C0] Buffer I/O error on dev loop0, logical block 0, async page read 06:00:13 executing program 1: socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_FLUSH(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x1c, 0x4, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0) 06:00:13 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x1e1, 0x0) [ 3148.292801][ C0] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3148.303884][ C0] Buffer I/O error on dev loop0, logical block 0, async page read [ 3148.375672][ C0] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3148.386712][ C0] Buffer I/O error on dev loop0, logical block 0, async page read 06:00:13 executing program 0: set_mempolicy(0x1, 0x0, 0x9) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000040), 0x0) 06:00:13 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x1b, &(0x7f0000000000)={@dev}, 0x20) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x1b, &(0x7f00000001c0)={@dev}, 0x20) close(r0) 06:00:13 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_FLUSH(r0, 0x0, 0x0) 06:00:13 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone3(&(0x7f0000001680)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x40) process_vm_writev(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) sched_rr_get_interval(0x0, &(0x7f0000000100)) 06:00:14 executing program 3: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r5 = socket$alg(0x26, 0x5, 0x0) r6 = accept$alg(r5, 0x0, 0x0) r7 = dup(r6) recvmsg$can_raw(r7, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r7, 0xae47, 0x0) r8 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r8, 0xae60) ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0) r9 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r10, 0xae60) ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x0) r11 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r11, 0x117, 0x1, &(0x7f0000000040), 0x0) 06:00:14 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x1e2, 0x0) 06:00:14 executing program 0: set_mempolicy(0x1, 0x0, 0x9) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000040), 0x0) 06:00:14 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) perf_event_open(&(0x7f0000000240)={0x2, 0x70, 0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) io_setup(0x9, &(0x7f00000002c0)=0x0) keyctl$set_timeout(0xf, 0x0, 0x0) io_cancel(r2, 0x0, 0x0) 06:00:14 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_FLUSH(r0, 0x0, 0x0) 06:00:14 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x1e3, 0x0) 06:00:14 executing program 4: r0 = socket$inet6(0xa, 0x2, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) clone(0x800100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r3, 0x4000000000000, 0x40, &(0x7f00000002c0)=@raw={'raw\x00', 0x2, 0x3, 0x2c8, 0x0, 0x158, 0x0, 0x158, 0x0, 0x230, 0x230, 0x230, 0x230, 0x230, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4], 0x0, 0xf0, 0x158, 0x0, {}, [@common=@unspec=@limit={{0x48, 'limit\x00'}, {0x2000000, 0x1}}, @common=@unspec=@time={{0x38, 'time\x00'}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'pptp\x00', 'syz1\x00'}}}, {{@uncond, 0x0, 0x70, 0xd8}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x0, 0x0, 0x0, 0x0, 'snmp_trap\x00', 'syz0\x00'}}}], {{[], 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x328) 06:00:14 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_FLUSH(r0, 0x0, 0x0) [ 3149.273521][T15977] xt_CT: No such helper "pptp" 06:00:14 executing program 0: set_mempolicy(0x1, &(0x7f0000000300), 0x9) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000040), 0x0) 06:00:14 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) perf_event_open(&(0x7f0000000240)={0x2, 0x70, 0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) io_setup(0x9, &(0x7f00000002c0)=0x0) keyctl$set_timeout(0xf, 0x0, 0x0) io_cancel(r2, 0x0, 0x0) 06:00:14 executing program 4: r0 = socket$inet6(0xa, 0x2, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) clone(0x800100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r3, 0x4000000000000, 0x40, &(0x7f00000002c0)=@raw={'raw\x00', 0x2, 0x3, 0x2c8, 0x0, 0x158, 0x0, 0x158, 0x0, 0x230, 0x230, 0x230, 0x230, 0x230, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4], 0x0, 0xf0, 0x158, 0x0, {}, [@common=@unspec=@limit={{0x48, 'limit\x00'}, {0x2000000, 0x1}}, @common=@unspec=@time={{0x38, 'time\x00'}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'pptp\x00', 'syz1\x00'}}}, {{@uncond, 0x0, 0x70, 0xd8}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x0, 0x0, 0x0, 0x0, 'snmp_trap\x00', 'syz0\x00'}}}], {{[], 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x328) [ 3149.373921][T15979] xt_CT: No such helper "pptp" 06:00:14 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0) 06:00:15 executing program 3: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r5 = socket$alg(0x26, 0x5, 0x0) r6 = accept$alg(r5, 0x0, 0x0) r7 = dup(r6) recvmsg$can_raw(r7, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r7, 0xae47, 0x0) r8 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r8, 0xae60) ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0) r9 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r10, 0xae60) ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x0) r11 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r11, 0x117, 0x1, &(0x7f0000000040), 0x0) 06:00:15 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x1e4, 0x0) 06:00:15 executing program 0: set_mempolicy(0x1, &(0x7f0000000300), 0x9) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000040), 0x0) 06:00:15 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0) 06:00:15 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) perf_event_open(&(0x7f0000000240)={0x2, 0x70, 0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) io_setup(0x9, &(0x7f00000002c0)=0x0) keyctl$set_timeout(0xf, 0x0, 0x0) io_cancel(r2, 0x0, 0x0) 06:00:15 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0) 06:00:15 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x1e5, 0x0) 06:00:15 executing program 0: set_mempolicy(0x1, &(0x7f0000000300), 0x9) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000040), 0x0) 06:00:15 executing program 4: r0 = socket$inet6(0xa, 0x2, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) clone(0x800100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r3, 0x4000000000000, 0x40, &(0x7f00000002c0)=@raw={'raw\x00', 0x2, 0x3, 0x2c8, 0x0, 0x158, 0x0, 0x158, 0x0, 0x230, 0x230, 0x230, 0x230, 0x230, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4], 0x0, 0xf0, 0x158, 0x0, {}, [@common=@unspec=@limit={{0x48, 'limit\x00'}, {0x2000000, 0x1}}, @common=@unspec=@time={{0x38, 'time\x00'}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'pptp\x00', 'syz1\x00'}}}, {{@uncond, 0x0, 0x70, 0xd8}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x0, 0x0, 0x0, 0x0, 'snmp_trap\x00', 'syz0\x00'}}}], {{[], 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x328) [ 3150.112369][T16021] xt_CT: No such helper "pptp" 06:00:15 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) perf_event_open(&(0x7f0000000240)={0x2, 0x70, 0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) io_setup(0x9, &(0x7f00000002c0)) keyctl$set_timeout(0xf, 0x0, 0x0) 06:00:15 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0) [ 3150.232968][T16020] syz-executor.3 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 3150.316261][T16020] CPU: 0 PID: 16020 Comm: syz-executor.3 Not tainted 5.6.0-rc1-syzkaller #0 [ 3150.325085][T16020] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3150.335176][T16020] Call Trace: [ 3150.338581][T16020] dump_stack+0x11d/0x181 [ 3150.342936][T16020] dump_header+0xaa/0x39c [ 3150.347294][T16020] oom_kill_process.cold+0x10/0x15 [ 3150.352534][T16020] out_of_memory+0x231/0xa60 [ 3150.357150][T16020] ? __rcu_read_unlock+0x66/0x2f0 [ 3150.362214][T16020] mem_cgroup_out_of_memory+0x128/0x150 [ 3150.367901][T16020] try_charge+0xb6c/0xbf0 [ 3150.372364][T16020] __memcg_kmem_charge_memcg+0x4a/0xe0 [ 3150.377853][T16020] __memcg_kmem_charge+0xcf/0x1b0 [ 3150.383079][T16020] __alloc_pages_nodemask+0x26c/0x310 [ 3150.388711][T16020] alloc_pages_current+0xd1/0x170 [ 3150.393868][T16020] pte_alloc_one+0x18/0x50 [ 3150.398356][T16020] __pte_alloc+0x2d/0x220 [ 3150.402709][T16020] copy_page_range+0x13a2/0x1a00 [ 3150.407709][T16020] ? __vma_link_rb+0x3f4/0x440 [ 3150.412632][T16020] dup_mm+0x74a/0xba0 [ 3150.416729][T16020] copy_process+0x39d7/0x3b40 [ 3150.421709][T16020] _do_fork+0xfe/0x7a0 [ 3150.425964][T16020] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3150.432204][T16020] ? ktime_get_ts64+0x286/0x2c0 [ 3150.437281][T16020] __x64_sys_clone+0x130/0x170 [ 3150.442330][T16020] do_syscall_64+0xcc/0x3a0 [ 3150.446866][T16020] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 3150.452757][T16020] RIP: 0033:0x45c449 [ 3150.456666][T16020] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3150.476490][T16020] RSP: 002b:00007f331e30dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 3150.485055][T16020] RAX: ffffffffffffffda RBX: 00007f331e30e6d4 RCX: 000000000045c449 [ 3150.493054][T16020] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 3150.501031][T16020] RBP: 000000000076bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 3150.509175][T16020] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 3150.517177][T16020] R13: 0000000000000074 R14: 00000000004c2ce6 R15: 000000000076bf2c 06:00:15 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x1e6, 0x0) [ 3150.974491][T16020] memory: usage 307200kB, limit 307200kB, failcnt 464 [ 3151.001542][T16048] xt_CT: No such helper "pptp" [ 3151.094128][T16020] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3151.110603][T16020] Memory cgroup stats for /syz3: [ 3151.110718][T16020] anon 280657920 [ 3151.110718][T16020] file 159744 [ 3151.110718][T16020] kernel_stack 2691072 [ 3151.110718][T16020] slab 9228288 [ 3151.110718][T16020] sock 0 [ 3151.110718][T16020] shmem 106496 [ 3151.110718][T16020] file_mapped 0 [ 3151.110718][T16020] file_dirty 0 [ 3151.110718][T16020] file_writeback 0 [ 3151.110718][T16020] anon_thp 262144000 [ 3151.110718][T16020] inactive_anon 135168 [ 3151.110718][T16020] active_anon 280657920 [ 3151.110718][T16020] inactive_file 0 [ 3151.110718][T16020] active_file 69632 [ 3151.110718][T16020] unevictable 0 [ 3151.110718][T16020] slab_reclaimable 1622016 [ 3151.110718][T16020] slab_unreclaimable 7606272 [ 3151.110718][T16020] pgfault 224565 [ 3151.110718][T16020] pgmajfault 0 [ 3151.110718][T16020] workingset_refault 99 [ 3151.110718][T16020] workingset_activate 0 [ 3151.110718][T16020] workingset_nodereclaim 0 [ 3151.110718][T16020] pgrefill 631 [ 3151.110718][T16020] pgscan 644 [ 3151.110718][T16020] pgsteal 279 [ 3151.310954][T16020] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=25150,uid=0 [ 3151.402781][T16020] Memory cgroup out of memory: Killed process 25150 (syz-executor.3) total-vm:74836kB, anon-rss:4268kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:140kB oom_score_adj:1000 06:00:17 executing program 3: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r5 = socket$alg(0x26, 0x5, 0x0) r6 = accept$alg(r5, 0x0, 0x0) r7 = dup(r6) recvmsg$can_raw(r7, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r7, 0xae47, 0x0) r8 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r8, 0xae60) ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0) r9 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r10, 0xae60) ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x0) r11 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r11, 0x117, 0x1, &(0x7f0000000040), 0x0) 06:00:17 executing program 0: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000040), 0x0) 06:00:17 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0) 06:00:17 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x1e7, 0x0) 06:00:17 executing program 4: r0 = socket$inet6(0xa, 0x2, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) clone(0x800100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r3, 0x4000000000000, 0x40, &(0x7f00000002c0)=@raw={'raw\x00', 0x2, 0x3, 0x2c8, 0x0, 0x158, 0x0, 0x158, 0x0, 0x230, 0x230, 0x230, 0x230, 0x230, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4], 0x0, 0xf0, 0x158, 0x0, {}, [@common=@unspec=@limit={{0x48, 'limit\x00'}, {0x2000000, 0x1}}, @common=@unspec=@time={{0x38, 'time\x00'}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'pptp\x00', 'syz1\x00'}}}, {{@uncond, 0x0, 0x70, 0xd8}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x0, 0x0, 0x0, 0x0, 'snmp_trap\x00', 'syz0\x00'}}}], {{[], 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x328) 06:00:17 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) perf_event_open(&(0x7f0000000240)={0x2, 0x70, 0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) io_setup(0x9, &(0x7f00000002c0)) 06:00:17 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0) 06:00:17 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x1e8, 0x0) 06:00:17 executing program 0: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000040), 0x0) 06:00:17 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) io_setup(0x9, &(0x7f00000002c0)) 06:00:17 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x1c, 0x4, 0x6, 0x0, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0) 06:00:17 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x1e9, 0x0) 06:00:17 executing program 3: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000040), 0x0) r5 = accept$alg(0xffffffffffffffff, 0x0, 0x0) r6 = dup(r5) recvmsg$can_raw(r6, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r6, 0xae47, 0x0) r7 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r7, 0xae60) ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r9, 0xae60) ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) r10 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r10, 0x117, 0x1, &(0x7f0000000040), 0x0) 06:00:17 executing program 0: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000040), 0x0) 06:00:17 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r0, 0x0, r0) io_setup(0x9, &(0x7f00000002c0)) 06:00:17 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x1c, 0x4, 0x6, 0x0, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0) [ 3152.765932][ C0] print_req_error: 539 callbacks suppressed [ 3152.765973][ C0] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3152.783420][ C0] buffer_io_error: 539 callbacks suppressed [ 3152.783430][ C0] Buffer I/O error on dev loop0, logical block 0, async page read [ 3152.841129][ C0] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3152.852093][ C0] Buffer I/O error on dev loop0, logical block 0, async page read [ 3152.915651][ C0] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3152.926600][ C0] Buffer I/O error on dev loop0, logical block 0, async page read [ 3152.943759][ C0] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3152.954841][ C0] Buffer I/O error on dev loop0, logical block 0, async page read [ 3152.963431][ C0] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3152.974372][ C0] Buffer I/O error on dev loop0, logical block 0, async page read [ 3152.991146][ C0] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3153.002083][ C0] Buffer I/O error on dev loop0, logical block 0, async page read [ 3153.057085][ C0] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3153.070916][ C0] Buffer I/O error on dev loop0, logical block 0, async page read [ 3153.107109][ C0] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3153.118074][ C0] Buffer I/O error on dev loop0, logical block 0, async page read [ 3153.137295][ C0] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3153.148324][ C0] Buffer I/O error on dev loop0, logical block 0, async page read [ 3153.171946][ C0] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3153.182926][ C0] Buffer I/O error on dev loop0, logical block 0, async page read 06:00:18 executing program 4: perf_event_open(&(0x7f0000000300)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet_sctp(0x2, 0x5, 0x84) getsockopt$inet_IP_IPSEC_POLICY(r0, 0x0, 0x10, &(0x7f0000000480)={{{@in=@multicast2, @in6=@initdev}}, {{@in=@empty}, 0x0, @in6=@remote}}, &(0x7f0000000040)=0xe8) r1 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x5) write$binfmt_misc(r1, &(0x7f0000000800)=ANY=[@ANYBLOB="5300000044a6aeabec2e1520000000000000001000fff64017db9c20000000003b08d403ffff91b2633b27e59aa144175dd106736d17c3f2c876c699115a5017e40c278fd4b480a1de1184018081000000000025da3f0fc7ec6826560000080049c4e181886e12dbbaf9459c5c953948c6801d2c0945c08ba8c552fc99a7422007653872ecb4f63acdf680812d274014ae40b88f15ff2258dd247239ece16a61fd063f026e"], 0xa5) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_IRQCHIP(r3, 0x4020aea5, &(0x7f00000003c0)={0x0, 0x0, @ioapic}) ioctl$EXT4_IOC_PRECACHE_EXTENTS(r3, 0x6612) r4 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f00000001c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000100), 0x111}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r4, 0x0, 0x0) 06:00:18 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x1ea, 0x0) 06:00:18 executing program 0: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000040), 0x0) 06:00:18 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x1c, 0x4, 0x6, 0x0, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0) 06:00:18 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r0, 0x0, r0) io_setup(0x9, &(0x7f00000002c0)) [ 3153.388008][T16142] xt_CT: No such helper "pptp" 06:00:18 executing program 3: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000040), 0x0) r5 = accept$alg(0xffffffffffffffff, 0x0, 0x0) r6 = dup(r5) recvmsg$can_raw(r6, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r6, 0xae47, 0x0) r7 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r7, 0xae60) ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r9, 0xae60) ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) r10 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r10, 0x117, 0x1, &(0x7f0000000040), 0x0) 06:00:18 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x14, 0x4, 0x6, 0x3}, 0x14}}, 0x0) 06:00:18 executing program 0: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000040), 0x0) 06:00:18 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r0, 0x0, r0) io_setup(0x9, &(0x7f00000002c0)) 06:00:18 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x1eb, 0x0) 06:00:19 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x14, 0x4, 0x6, 0x3}, 0x14}}, 0x0) 06:00:19 executing program 5: socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) io_setup(0x9, &(0x7f00000002c0)) 06:00:19 executing program 4: syz_open_dev$media(0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000300)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$dsp1(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dsp1\x00', 0x0, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_MRT6_ADD_MIF(r0, 0x29, 0xca, &(0x7f0000000080)={0x8, 0x0, 0x0, 0x9}, 0xc) setsockopt$inet6_MRT6_ADD_MFC_PROXY(r0, 0x29, 0xd2, &(0x7f00000000c0)={{0xa, 0x4e22, 0x0, @local, 0xfffffffe}, {0xa, 0x3, 0x0, @mcast1}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff]}, 0x5c) r1 = creat(&(0x7f0000000280)='./file0\x00', 0x1) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, 0x0, 0x0) setsockopt$inet6_MRT6_DEL_MFC(r0, 0x29, 0xd4, &(0x7f0000000000)={{0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffa4]}}, {0xa, 0x0, 0x0, @mcast2}}, 0x4) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000280), &(0x7f0000000580)=0xc) 06:00:19 executing program 0: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000040), 0x0) 06:00:19 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x1ec, 0x0) 06:00:19 executing program 3: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000040), 0x0) r5 = accept$alg(0xffffffffffffffff, 0x0, 0x0) r6 = dup(r5) recvmsg$can_raw(r6, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r6, 0xae47, 0x0) r7 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r7, 0xae60) ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r9, 0xae60) ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) r10 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r10, 0x117, 0x1, &(0x7f0000000040), 0x0) 06:00:19 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x14, 0x4, 0x6, 0x3}, 0x14}}, 0x0) 06:00:19 executing program 5: socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) io_setup(0x9, &(0x7f00000002c0)) 06:00:19 executing program 1: r0 = perf_event_open(&(0x7f0000000300)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$sg(0x0, 0x0, 0x5) write$binfmt_misc(r1, &(0x7f0000000440)=ANY=[@ANYBLOB], 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r0, 0x800c6613, &(0x7f0000000040)=@v1={0x0, @aes256, 0x3, "be6a8e36571d6feb"}) r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f00000001c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000100), 0x111}}, 0x20) flock(r2, 0xc) 06:00:19 executing program 0: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000040), 0x0) 06:00:19 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x1ed, 0x0) 06:00:19 executing program 5: socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) io_setup(0x9, &(0x7f00000002c0)) 06:00:20 executing program 1: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_MRT6_ADD_MFC_PROXY(r0, 0x29, 0xd2, &(0x7f00000000c0)={{0xa, 0x0, 0x0, @local}, {0xa, 0x0, 0x0, @mcast1}}, 0x5c) 06:00:20 executing program 0: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000040), 0x0) 06:00:20 executing program 3: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) r5 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000040), 0x0) r6 = accept$alg(r5, 0x0, 0x0) r7 = dup(r6) recvmsg$can_raw(r7, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r7, 0xae47, 0x0) r8 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r8, 0xae60) ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0) r9 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r10, 0xae60) ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x0) r11 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r11, 0x117, 0x1, &(0x7f0000000040), 0x0) 06:00:20 executing program 5: r0 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) io_setup(0x9, &(0x7f00000002c0)) 06:00:20 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x1ee, 0x0) 06:00:20 executing program 1: r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000080)='/dev/hwrng\x00', 0x18000, 0x0) ioctl$VHOST_RESET_OWNER(r0, 0xaf02, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/nullb0\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x4, 0x13, r1, 0x0) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_MRT6_DEL_MFC(r2, 0x29, 0xd4, &(0x7f0000000000)={{0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffa4]}}, {0xa, 0x0, 0x0, @mcast2}}, 0x4) 06:00:20 executing program 4: syz_open_dev$media(0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000300)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$dsp1(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dsp1\x00', 0x0, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_MRT6_ADD_MIF(r0, 0x29, 0xca, &(0x7f0000000080)={0x8, 0x0, 0x0, 0x9}, 0xc) setsockopt$inet6_MRT6_ADD_MFC_PROXY(r0, 0x29, 0xd2, &(0x7f00000000c0)={{0xa, 0x4e22, 0x0, @local, 0xfffffffe}, {0xa, 0x3, 0x0, @mcast1}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff]}, 0x5c) r1 = creat(&(0x7f0000000280)='./file0\x00', 0x1) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, 0x0, 0x0) setsockopt$inet6_MRT6_DEL_MFC(r0, 0x29, 0xd4, &(0x7f0000000000)={{0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffa4]}}, {0xa, 0x0, 0x0, @mcast2}}, 0x4) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000280), &(0x7f0000000580)=0xc) 06:00:20 executing program 0: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000040), 0x0) 06:00:20 executing program 0: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0) 06:00:20 executing program 1: syz_open_dev$media(0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000300)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$dsp1(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dsp1\x00', 0x0, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_MRT6_ADD_MIF(r0, 0x29, 0xca, &(0x7f0000000080)={0x8, 0x0, 0x0, 0x9}, 0xc) setsockopt$inet6_MRT6_ADD_MFC_PROXY(r0, 0x29, 0xd2, &(0x7f00000000c0)={{0xa, 0x4e22, 0x0, @local, 0xfffffffe}, {0xa, 0x3, 0x0, @mcast1}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff]}, 0x5c) r1 = creat(&(0x7f0000000280)='./file0\x00', 0x1) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, 0x0, 0x0) setsockopt$inet6_MRT6_DEL_MFC(r0, 0x29, 0xd4, &(0x7f0000000000)={{0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffa4]}}, {0xa, 0x0, 0x0, @mcast2}}, 0x4) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000280), &(0x7f0000000580)=0xc) 06:00:20 executing program 5: r0 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) io_setup(0x9, &(0x7f00000002c0)) 06:00:21 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x1ef, 0x0) 06:00:21 executing program 0: syz_open_dev$media(0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000300)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$dsp1(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dsp1\x00', 0x0, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_MRT6_ADD_MIF(r0, 0x29, 0xca, &(0x7f0000000080)={0x8, 0x0, 0x0, 0x9}, 0xc) setsockopt$inet6_MRT6_ADD_MFC_PROXY(r0, 0x29, 0xd2, &(0x7f00000000c0)={{0xa, 0x4e22, 0x0, @local, 0xfffffffe}, {0xa, 0x3, 0x0, @mcast1}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff]}, 0x5c) r1 = creat(&(0x7f0000000280)='./file0\x00', 0x1) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, 0x0, 0x0) setsockopt$inet6_MRT6_DEL_MFC(r0, 0x29, 0xd4, &(0x7f0000000000)={{0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffa4]}}, {0xa, 0x0, 0x0, @mcast2}}, 0x4) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000280), &(0x7f0000000580)=0xc) 06:00:21 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, "8000"}) ioctl$TCSETA(r0, 0x5406, &(0x7f00000000c0)={0xfffe, 0x0, 0x0, 0x0, 0x0, "1a3af908056eb416"}) r1 = syz_open_pts(r0, 0x0) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000100)={0xa}) 06:00:21 executing program 3: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) r5 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000040), 0x0) r6 = accept$alg(r5, 0x0, 0x0) r7 = dup(r6) recvmsg$can_raw(r7, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r7, 0xae47, 0x0) r8 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r8, 0xae60) ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0) r9 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r10, 0xae60) ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x0) r11 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r11, 0x117, 0x1, &(0x7f0000000040), 0x0) 06:00:21 executing program 5: r0 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) io_setup(0x9, &(0x7f00000002c0)) 06:00:21 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x1f0, 0x0) 06:00:21 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f00000003c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000440)={[{@fat=@tz_utc='tz=UTC'}, {@fat=@fmask={'fmask'}}]}) 06:00:22 executing program 4: syz_open_dev$media(0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000300)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$dsp1(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dsp1\x00', 0x0, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_MRT6_ADD_MIF(r0, 0x29, 0xca, &(0x7f0000000080)={0x8, 0x0, 0x0, 0x9}, 0xc) setsockopt$inet6_MRT6_ADD_MFC_PROXY(r0, 0x29, 0xd2, &(0x7f00000000c0)={{0xa, 0x4e22, 0x0, @local, 0xfffffffe}, {0xa, 0x3, 0x0, @mcast1}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff]}, 0x5c) r1 = creat(&(0x7f0000000280)='./file0\x00', 0x1) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, 0x0, 0x0) setsockopt$inet6_MRT6_DEL_MFC(r0, 0x29, 0xd4, &(0x7f0000000000)={{0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffa4]}}, {0xa, 0x0, 0x0, @mcast2}}, 0x4) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000280), &(0x7f0000000580)=0xc) 06:00:22 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x1f1, 0x0) 06:00:22 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) io_setup(0x9, &(0x7f00000002c0)) 06:00:22 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, "8000"}) write$binfmt_aout(r0, &(0x7f0000000240)=ANY=[], 0x35b) ioctl$TCSETA(r0, 0x5406, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x100000009b4b62b, 0x0, "1a3af908056eb416"}) r1 = syz_open_pts(r0, 0x0) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000100)={0xfffffff9}) 06:00:22 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r0, 0x40086602, 0x400007) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[], 0x32600) 06:00:22 executing program 1: r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/binder/transaction_log\x00', 0x0, 0x0) read$char_usb(r0, 0x0, 0x0) 06:00:22 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) io_setup(0x9, &(0x7f00000002c0)) 06:00:22 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x1f2, 0x0) 06:00:22 executing program 3: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) r5 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000040), 0x0) r6 = accept$alg(r5, 0x0, 0x0) r7 = dup(r6) recvmsg$can_raw(r7, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r7, 0xae47, 0x0) r8 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r8, 0xae60) ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0) r9 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r10, 0xae60) ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x0) r11 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r11, 0x117, 0x1, &(0x7f0000000040), 0x0) 06:00:22 executing program 0: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000205010002000270fff8", 0x16}], 0x0, 0x0) 06:00:22 executing program 1: syz_mount_image$tmpfs(&(0x7f00000002c0)='tmpfs\x00', &(0x7f0000000300)='./bus\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001c00)={[{@nr_inodes={'nr_inodes', 0x3d, [0x6b]}}]}) statfs(&(0x7f0000000080)='./bus\x00', &(0x7f00000000c0)=""/113) 06:00:22 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x1f3, 0x0) [ 3157.784526][ C1] print_req_error: 600 callbacks suppressed [ 3157.784545][ C1] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3157.801480][ C1] buffer_io_error: 600 callbacks suppressed [ 3157.801491][ C1] Buffer I/O error on dev loop0, logical block 0, async page read [ 3157.815452][ C0] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3157.826513][ C0] Buffer I/O error on dev loop0, logical block 0, async page read [ 3157.902941][ C0] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3157.913909][ C0] Buffer I/O error on dev loop0, logical block 0, async page read [ 3157.960962][ C0] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3157.971901][ C0] Buffer I/O error on dev loop0, logical block 0, async page read [ 3157.985078][ C0] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3157.996005][ C0] Buffer I/O error on dev loop0, logical block 0, async page read [ 3158.004879][ C0] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3158.015887][ C0] Buffer I/O error on dev loop0, logical block 0, async page read [ 3158.024402][ C0] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3158.035413][ C0] Buffer I/O error on dev loop0, logical block 0, async page read [ 3158.044184][ C0] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3158.055096][ C0] Buffer I/O error on dev loop0, logical block 0, async page read [ 3158.063874][ C0] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3158.074879][ C0] Buffer I/O error on dev loop0, logical block 0, async page read [ 3158.083495][ C0] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3158.094408][ C0] Buffer I/O error on dev loop0, logical block 0, async page read [ 3158.131664][T16346] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3158.142090][T16346] CPU: 1 PID: 16346 Comm: syz-executor.3 Not tainted 5.6.0-rc1-syzkaller #0 [ 3158.150864][T16346] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3158.160927][T16346] Call Trace: [ 3158.164232][T16346] dump_stack+0x11d/0x181 [ 3158.168776][T16346] dump_header+0xaa/0x39c [ 3158.173188][T16346] oom_kill_process.cold+0x10/0x15 [ 3158.178331][T16346] out_of_memory+0x231/0xa60 [ 3158.182948][T16346] ? __rcu_read_unlock+0x66/0x2f0 [ 3158.188022][T16346] mem_cgroup_out_of_memory+0x128/0x150 [ 3158.193644][T16346] try_charge+0xb6c/0xbf0 [ 3158.198232][T16346] __memcg_kmem_charge_memcg+0x4a/0xe0 [ 3158.203729][T16346] __memcg_kmem_charge+0xcf/0x1b0 [ 3158.208770][T16346] copy_process+0x12bc/0x3b40 [ 3158.213459][T16346] ? record_times+0x16/0x90 [ 3158.218019][T16346] ? psi_task_change+0x1ad/0x2d0 [ 3158.222995][T16346] ? try_to_free_mem_cgroup_pages+0x258/0x4d0 [ 3158.229227][T16346] _do_fork+0xfe/0x7a0 [ 3158.233428][T16346] ? __rcu_read_unlock+0x66/0x2f0 [ 3158.238580][T16346] ? blkcg_maybe_throttle_current+0x23d/0x580 [ 3158.244691][T16346] __x64_sys_clone+0x130/0x170 [ 3158.249632][T16346] do_syscall_64+0xcc/0x3a0 [ 3158.254275][T16346] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 3158.260282][T16346] RIP: 0033:0x45ee19 [ 3158.264287][T16346] Code: ff 48 85 f6 0f 84 d7 8c fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8c fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 3158.284689][T16346] RSP: 002b:00007ffc79c5d818 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 3158.293229][T16346] RAX: ffffffffffffffda RBX: 00007f331e2cc700 RCX: 000000000045ee19 [ 3158.301348][T16346] RDX: 00007f331e2cc9d0 RSI: 00007f331e2cbdb0 RDI: 00000000003d0f00 [ 3158.309450][T16346] RBP: 00007ffc79c5da30 R08: 00007f331e2cc700 R09: 00007f331e2cc700 [ 3158.318057][T16346] R10: 00007f331e2cc9d0 R11: 0000000000000202 R12: 0000000000000000 [ 3158.327254][T16346] R13: 00007ffc79c5d8cf R14: 00007f331e2cc9c0 R15: 000000000076c06c [ 3158.387217][T16346] memory: usage 307200kB, limit 307200kB, failcnt 511 [ 3158.433229][T16346] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3158.440350][T16346] Memory cgroup stats for /syz3: [ 3158.440461][T16346] anon 279384064 [ 3158.440461][T16346] file 159744 [ 3158.440461][T16346] kernel_stack 2801664 [ 3158.440461][T16346] slab 9367552 [ 3158.440461][T16346] sock 0 [ 3158.440461][T16346] shmem 106496 [ 3158.440461][T16346] file_mapped 0 [ 3158.440461][T16346] file_dirty 0 [ 3158.440461][T16346] file_writeback 0 [ 3158.440461][T16346] anon_thp 260046848 [ 3158.440461][T16346] inactive_anon 135168 [ 3158.440461][T16346] active_anon 279384064 [ 3158.440461][T16346] inactive_file 126976 [ 3158.440461][T16346] active_file 0 [ 3158.440461][T16346] unevictable 0 [ 3158.440461][T16346] slab_reclaimable 1622016 [ 3158.440461][T16346] slab_unreclaimable 7745536 [ 3158.440461][T16346] pgfault 225324 [ 3158.440461][T16346] pgmajfault 0 [ 3158.440461][T16346] workingset_refault 132 [ 3158.440461][T16346] workingset_activate 33 [ 3158.440461][T16346] workingset_nodereclaim 0 [ 3158.440461][T16346] pgrefill 631 [ 3158.440461][T16346] pgscan 677 [ 3158.440461][T16346] pgsteal 312 06:00:23 executing program 4: syz_open_dev$media(0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000300)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$dsp1(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dsp1\x00', 0x0, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_MRT6_ADD_MIF(r0, 0x29, 0xca, &(0x7f0000000080)={0x8, 0x0, 0x0, 0x9}, 0xc) setsockopt$inet6_MRT6_ADD_MFC_PROXY(r0, 0x29, 0xd2, &(0x7f00000000c0)={{0xa, 0x4e22, 0x0, @local, 0xfffffffe}, {0xa, 0x3, 0x0, @mcast1}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff]}, 0x5c) r1 = creat(&(0x7f0000000280)='./file0\x00', 0x1) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, 0x0, 0x0) setsockopt$inet6_MRT6_DEL_MFC(r0, 0x29, 0xd4, &(0x7f0000000000)={{0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffa4]}}, {0xa, 0x0, 0x0, @mcast2}}, 0x4) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000280), &(0x7f0000000580)=0xc) 06:00:23 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) io_setup(0x9, &(0x7f00000002c0)) 06:00:23 executing program 1: syz_emit_ethernet(0x437, &(0x7f0000003340)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd60c22df704011100fe8000000000f8ff0000000000000000fe8000000000000000000000000000aa00004e2004019078030000000005ff002b00b32def4f115cb6793bb530f9b20e90aa25d5c2e9431efd844a07c1922833b2c789aefbbaee9f63cbab38a8acfb8dba0595ecb683e74ea2bc44a7aee9c52e18ca01c06a5c354712b8b1ff75f45ba55a34aab93849023d37e037d2d3e3e842e9ba099e9e58775d1173d8e78335aa65d58f54c1d78d4fce897cfefa24b6f268f90be76c7f4e1bfe4d84a869353e931c3732afea55697618a1318ecb657b34172b93fd59d7988d43630cf81e976a0ea01fd8b2547ab593bc605c985f56664b84ed3c9f90ffb666e030c794e2d2d5070af38d83dc275da88cfe6910b2ded59f6c418af5d247237e00b14857c1d7c3ee32e729d9793040f8f4e432eb875a89fe31cbed117f0e76643797169fba3dac3f377d145ce97980ba626da7a279e698a9e040a22d63c535f0ad7295e6601f3a5fe9b581975993c6c7757342120635aaeef44910dbc5c6b3985a48bccb26288d42a672c965d40e80d0e1908f1b425a60a28241378ec7ff88315de083b64c5f9647e51732be34988e0948f12e6c5603edbece811bca501d4389dbfe20e4df5160cd7324c0670c7b3e8980b061e31b1c8461d6f7a63f9e6a80db7690689fd24326924c076e01631a0b9703a6106accfaa064075fa1f16e16c5171b6a324e8642b2ab76618b8200000080ab12d9f65d6a980634a6a7cba8bf89e01a91259f446232076a1c490982636b78d1300befab1a2f6e8261e07336c5692db37bb7d3cebf4a942b62f2fa6cceb7e488aa02b2e52c6f82bd3792845fff41cce52e0469d14821ce1149f71864860c0900000000000000b23106a0c679d2b1f0a9809b56abdcf893f9531508f24e64eca726fce804d959b7baaadac9acd194be7e53549c1719bdf678887a0e19db83b5356f8f7d93cbef1ef3505dcc40d0d2a02a2745ab518979b9c3774babfe8e70ead767c7a00289b8cc6e51d1a957548270cb3f5064960688f61b34f9442d78ae5a8551713f9afb4269d689f9adb6a4a902a637184f7f899efe9fa0ddb45cd1076c4eeeda51ca8dc20dcf1c425f56768073b3f4c2c9f5433a4a4fd0b8bc7b050032bf85bf222394fa4336ab4f07d7ad2dc85afa6eb79ad2624c4be6c674ee98fce9a51786b7cc2b500d98114d36d2690e13bcedf96590c7d5aeb8040b74c4d6a5aa38a7c1f0857522f4f968795056b9a7034dc3444784f9486b575e44dec3216d72845500e6f4bde0197961e7e593ea3411001d1d47ba42ef0e7af8e9127eec634e57b9babd22c13e16eb0246c02d7e37ff0eb6bf28bc37dd00315b4fbb09e77a6b5f858441818ebcfafecf622731f1db8a11fa2de8e30d808bedbfee104b3b1100f5094675521da07dd2a28be7e4865b0c60e4c2b7f3293bda997504b9b325a0f0e6d75116be1bbc2aa20deb44a6e4e7b824b12d009e6f1802f5a8e31559b125d71d00a5684fbde4668f5a469a2cf6cc6d1718a5d8958e0844bcf1eb4ca0f53c90c45e72cf9f0856e0077baa1adb9c9dab6cd55a1e6ff67f8a02bea505adbee8820c158477eb019e5e037f43152c72927aad087f5b67616e0d51e9e7e82d5d6f0bc801b9ff693f0dc8014132dc250749dc95305a29b702edaec9fde87783bf1cdb342f94d9299c0d000063e1b86bd6348f3e6834822da764c049a57f22631809593ae57f69c8694c10c8f113c742d03c135a6f70e5769db5440692d35062236ba9174bffc0ceb971c69edece8461c8289c245f05a83b88106f7000df5a37932d7bc2c8a9a3f9a253298a29daf9ac65461cc21035ccd72140ce2237fdca9e9d41a19a40ccd05eee23d0b7bc25b577021ef286cd942c8a07fe51b0892623982d01ca164ffea54f226f67b34cc2fdf80800000000000000bd4a726587ebcec7ba09b4b9176d65206f56964c7f60d939e89517951c45e072716545a2e6bed5e6005bb36264eb8493d592c076a2c1845fe075550527596e65ceace382bbe53b2c4f0d3196876e5454d2b8aaa91c278094234d385e1d6119c46771c3742d364efbb937072a3198ab765a91bf764c679d6f2ae8ce149703fe73f92a7dcdae42b4f2d8cfe4f6713074c7cda10c67edb73b83637be74f4c9f08fbecb0c8d916e49cbc8670aee9326d3412070000000000000039b5be661eebcab2e1e0045c30211fd0109317a7992b1f47dc339669bcb907c7c4d6e5edad51cbd81f37881e55e9c46730734552a50aacdeddc4c766a1ce03de72b5117dc2985e19de1196658ec770bfe37b99e6666d971850f14ca388954f0141f7b417d1f5468cce631d77e361cd2a7ad33b689f2235375ef570dadd88f455866809c92c174cf5ed1998037932fc026359ed2246236ddc7d0051dcf26ad9003c2e433d1da41f820bb3a3f2ee23dc077f5bc86d00ef912eb510f7429f77d00f6ca83d9b239b4ab3a5bf85c59712d2dcda45d593b9df9a59409ce62567a0e670cc4e0f90eeff2769e115a490dcc6b343a5403d1059fcf2963266bcf1fbb6854b18edad486392b4e7cab2b6b342a7a9186cc4fd2d194dc327ef8a1c9f9de01192ecfc4dabd6cb4f5d2e75591e12fcdb3ee97addd3503a351b136ab9a8c8d3f7ba7a86a9b843c1e0422e99e3e2778d342396e24442d9840f3b838832602ac15b3280d84fa21118b3fa6d23810eb0cb4de344488100000000000000d4e1ad8829d1b305dfe15e49130ae4006cf49041f39eab0f7f8af85d6e40f807c5e2cdf6aca119c31649fd28a6ecadd0264421d69c2a0fe71d59fc6bda047305f4ac9f8b08c20c10faf419402a1037f20f858f523dbca9a1751ab61059bb1066d86a8808b6134f39013e8c23882ff814e1532ad91d7751b46b96447c00"/2094], 0x0) 06:00:23 executing program 0: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller1\x00', 0x420000015001}) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=@newlink={0x28, 0x10, 0xc362e63b3f31ba5f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x3}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0) write$tun(r0, &(0x7f0000001900)=ANY=[@ANYBLOB="0300000000001a0000006879d1b312a006051b55c2a2ddfc423f10b62d745a7bdb3afe8000000000000000000000000000aa2b04000000000000000100075000000003060005000100000000000000090000000000000004000000000000000000002f05000000000000072800000003080508000300000000000000070000000000000003000000000000000500000000000000000000000000040000000000000001030000000000002e1700000000000001060000000000000800cd6f630199e91095fc87e1a9cf796b00be2def90545dc7fc71ad7c8639ce7afcb3fdb7293fb41b14ad358ffe7f92638ca2b9ce0a804008e179c026a54be6acaf4af1d60d58b7dff90c5b45dc0845932e6243134753a007b063f161f2b3f194f90e09239e9070ec827e937947c7aa74beb3b7eb4c7aa29dce913b847040339f0e5a2743b65019e1361fcd5ee1ac16659503b00ac4efdda822bee123362cdbe79689a0ea0073b67080e089ea3ce7e0a30d7da1cfd7c7ed890df588864fd1d8d60a0d092741f09223fb48b8e7b794d13dcd1a1aff94d7cd368525965b0c0f3381df7cb7b837b85281587c580f4dd9a622b7c426f4bd10efd6bda71f033fb29ddb78619f665a3d88375bf4306c23568ac97fb4f3aae618a3d24a8d7ce9a514014de56370dce902096ee08a99d80093acbd403ac083eed514a456ad59bc746262446a9f805fba03e10744056e57767982ddaf88ce865492830b4f80b2af71954be24af20453696e7ecba2f015b68c756653e73a4c79bb18fa08415b106e6e4acfe9973f4764632512ed95b4cc1c7e3c7ed04528f69a30f3c3a49901dba94026a219b38b5a7357b9ef0af0b8378cd938b6085489999300453305aeca09cbbe15f732180e23e5816484d8df6617e364acb639d4c1b91700e16fb755b5db73202e147b4bcf406065211af42f34659f05ac011fe3194cf5de2e4967e23f13c19938f19cafc82ad4db4b007dc591df7b5aed1a687df81296b8f4181fe2ef81b3f74e69ac18f3418649f4108325249b2c40f4cf362e484f1d9f967ae39e1017e6a0ecc1cdaa2d191117cf5ffa0bf806702d39674c2e099ab6b82e155ad61f3bb82d83c657aa1fecd0203ea21808d7625c7fea014ca078e294a7c6367a3d506d9bef5aef6307e4f176b96f340eb677eb0fee01ad5c8c500e51e5a32df46756da716865e92e1a36fe03f2e7d2bcb1f547b7b185b9d07bf69ea1c7f8c0a06ee1192a40cbccaf165ead38247131b68442445192698ab5e6cff97060230253691aeb8824974cc494fc046f6719c3a6d72313bc203794a97efbda044f42ca3cb211579bcce09397a984044c69959eca486c2a4fa97adcfe1a5097019bc8d40d724e182e4d32c42476861f53874a1814689bd73948c88b37c732f2d55d162b96a9bb7fa83c7475afb3e50086d5f117d35ff72065c0470e7991d021d62206a61da12afb4523cb14dfaecd70f4f44166714f078b5e0fb84d460b9ecad3e8c410eda685c008708137e7af1154cb97b0351705d7286d2e9c18309dc768e04cce138abb0f346071504517fb0db0c954c6aa72f9d5ad51eaea4299b6e9bd539576f3213d63a5b84dfd6804c37f49080f45c363918398a69fa61eb4ea63d868511e7a731194b1b29b625222f52d345c9672119708353669c5a36892ec8a9634622abe5da7b2cc54e3c2514735d96f32bd3f4dbbf5ea9d31d483e8e820431805929c9b4d945237e965a1adf40c3d36196620a0b4748a327cdb036c99e62f9d2035f6026ec9430ff8675c43d606079257f7780a5bca0e5b84553d9459c8ffdbdfb51f59fa1273b8b99db1e3bd42bca4fd2222836cae81a655333d3391d7c06428e90c604961d1bb82ad786465394c2513c8f947351242b201fd3fb7652fff2ef3611193d3271dbec95af069c25db7d97fafabc91f83c2806299d89d732195c368f76a218191348ddbd5b041ecb8a3bade91388ffcf89fbf24a24f49097ca514f1cf46bf00b3fe1e87008f0a2599dbd991d8852c31ebfda49fb349bede73047f1900c46778eee3a69eceafd183c9eb8e891c35e76f53ee6a7eda9c93cc3dd47a362a7edfbb9d0f14ddfca033ff46ce7c3c77c3521f90d8a3c953f05693c405ae963c69740acf5f13561328c80095ea9f053af99dda91dc002f2ffc06c2d2e10be19ac1b4bd6c21aa2865e8d43dddcd4c447454e9a1663dc362347aaffd0ed9be40c6f730f6bac6b0f388f862a918f714eb730120c9e4380a034b38b02b972b21832af390f1f191eaee7573ee6a4b308503e579e4f3cb47827e106869fb937f8dfc8655c96a497e08a32dadb84b41918ab7a95edc71891c939c9322f64c8b8377a3a2a2263582b9a830a5da36f81ad170aca1045dc4d8dc6c4d2419bfa7ed01bc2560ec10e841205d15f0f961b9eb23cdd3dfab36614d9b3491891048886c873e24ff105624d3f8a6b87b42a1564c87dc8a7bede1713e35b5b4841a551d621e36cd5af13764b4418b3f2ba5134cc1f86244094d007c3f05c8d9f97bbbb58b2b1f0230f856448d5d31e3f280433c9b4113c921e77caaa80a527eab4ed1f580f5d3dee110a27ef39d272903e16ebc3b44f2256167aba581ec428cf7f59148d8b6174ae27570e90cf33072608f0fb6332a8318fb354f5aff4d163f2b09ccb76a270f3b233f73f76784012030f426abb8377cb01f0ac177ecefd43ce1613f900ba5b973c40aa83d42459f4015f7872f99b196409dead8387734baa5705d4065f849c5d2bd35d885e196a6c63d8edc1c5fc7816bd1290b93aac182f7ee8d6d824eaf8bc53e012cc896db760942cbfd012c2765cf5c8e0c4fc3931c4907c54b1dfb6178acd03aee956f5cbdb6438e40eef93cb00f538623236158e03f88e98486504011630871c5ee5fe6a49688cafe84a019b43b371768a933f8db0b80864d811016773d4700a31ab9bde84f1fde4d18c3fd314aa2332f325697667a1a5a7533c1e9db2f8ed5717a04954356b5bff6263377bc52437f5001c60d23606e6752e1983f0c1ddab0f2bb7caa757b280047a985b66c848f0ce1d9352ae6369adff23485767842a74f017c3e9ce35d34440a588820912c75e4d38c754d48eb79c5231f5bba34c1342ddbcaca61222f185fc88c957d4dab4ca228a3cd6414b72ea7896f9cedc308c19a945512b265b0a4a7d9af13d96735231a72b6e52977092c38188884a3ca087283c48e086bc4c2233dbe66ef6c0d1ab02effc671dbaae1cf03362ef0b56111fc636e6443bf6ed139e9a370aa1e14f10e3fd2138a94772ea7d1536b0bde3db34c8e3b3ca2d9b0574d21dc9909eda1f32b2971e1506f716c6974fbb037faca8b3cd998e373e2d792202da6362c242ee57d8f51b080cd6e3cd2707481525279ec4a9ac4de5ef7f016e0b2a3ed23ab082d05575a9bc5cf2821c9f9f5c79f58944d94318ad5775c54e917099b2e79789bd9a953f582688129da52c68de30ea06a73a2e5cee080a6c0a97a887c5649ded32ff68387db17e0a14e39e51732b3a5b870eabf9a9027cf8544ac555341a7189de21283118044e7ef4611e437e555cd4d2b3fcb57b4fb856a8d01b368b1391be367f34abb3bc3c311341f63a3b6afb43fcb5089b3e15d18a2e76fac2095f57220333a08f71926c6b65d5fa76cf21f36e353f23b0768ee019db9f9a4d37f9271ae9a4258ddffcfbf22b71c993fd8fb8299712e19bee13e0d25b5fbaa63f5ede70a1e125ffcfa3c54225f7ca4b4f7773e873656437db1962564f707d1f4159b068eb004b344f7d63a02719c2d33b4049ae8502ea8711358ad1e48ff1711b9c4d0a33681c363e16cddd76e438d3d5d1755a82aaf1acef917acd7de9948edc05bcbf2aef3f3e794eda4062e10cc6a149555fcaddfe93f04858d5bc94f808e9ce82029487ccb99cfba0d051f249e89d9b81f5a453213ff501d2744238b1c3cbf05e6fac3101258cd024470e45224d3c46b6edd1894cf14859de5f32994e8ef3934fc5f8b6e792c804571cfd18ff91bbc83b87ae2cdce5d09cc8b765b0438567fcb876b066d64f1ec92660bc9f2112d57225d79201d06e7e66b948146f5da002e45089c4aa02de030bde9eff5b932d854aa4ef8068180c340b9aa255b491f155e158c2f9675285608450e540bc85a3d00f3d8bada3e3fefe6d08692509379c73da1a58e1379a08ac183c91a88bdfbc748b38f5cdf101aa7d6c34470f79ceac46982453a25b901cb4fc785e8aa4e0eca3f13d5b73c49b7d1468cdebae7e1b3ba8dbf9e8202043a8404d3aeae24c245482df57c6ebe7907a0102c0ff61d29c0cc035154f90498279668d1460297ea18ff4b5f70599ca8def2d974c2edeb6cce7b1da33e9ed39b1caa2c653e342c0eab1aa3dfed6c4a4b0909544fcab67b26e23bc2d4209a8d65df4fa2f0bbd288403c1dab4d18b2abd2c419ed71fcf30c7d5bc3677306c46c6bd842abaa7cc8a1a99891b0e385d4edd4530f3e485fd15ea1d9c8cdc6cb81330e7899ea0670088402b5113495f9df22d17d914509e3c84db09bdacf71a273fd331c3fbfa5f33eaeead251c2bf3b17bc2d3881c9cea87f153220f0b430bdad6e3e0c14e32be6a3ec9c50e13ba70a7c916837b262752b7cf07b43246646a285bbf08daea7808f4f1567be28a8eeb0ab754edcb2f1f7ae3bd4fe0cfe98b3f082dce80dee037d3aaa661ee458f97ea91f6721ad14a8249ce0d7d95b16521e4d909073e07d7bf1fdb7d6e311729fec7dbcda2030bac10783ac9d4802c40835e916e4d9c46154eada1aafbbf3e22f65cda0652f6cc935de5da57cfc229247dcc3be2a921c31e2e14631511f2fd5501e593c7f5edf909da65c8999d2c5ad4311426600d455b018306058bd954b8641ad4f016b8266757dcb0dbc5935ddbb01004c86c36a23ac15adba5fddf3fc2debc290031b03ab5327393389eb0197cb5c86b7ea0e683fb2be9e38480b759b0329c42fee024dce8e5041ed0bb1aff7c8d7a0f2babf3ff770c937454bb843183e017cc4fbe0747f2d13e0e2d0dd520964b6bb68503536d1a6cd79b4a9031db29c5a77c30a29b3ac515efa19246ed0a02a931f37aaeab7e833fd5273abab16ec30ce8e670461d600be3862d2b17264a2aff5a2f0b841dff4df68e5cac8f4cb3d7f32c7aef0b7f505d35872149be7b30d48dc34fef437cd00b3ccccc976a4c85c93ece485a1b10306de1ecd4d15ad6ec36d7324ba76e6acc41dc5c9b508a33db1b2198d5c4b6f5523206693564393806a6b21ce132e510d722148060c49da0482f66eacd211a0b0dc209f222a1622446603f1582d6945c6ad271cc8e3cc1a9be51c9f495a0bf94cb19f831d401210d83b67855dd2a888ec533e97d544a31de644f0a7f9726f4b0449da3817e7e02588b5bab2feb0e13b9f1a726cc1cbb522a011447b72e9a0d2ff057a25e2acd59ab84e6f4ac8b6d01e0dde92f54b976a05aa78aaa725886e5c4c2c14b0edceb6cf115d8eb68a7ff5b208578f0e8f78e719318c4a9ea64d65061d92e6d616219fc701cad53222498bd8c4e30950921c7bb9cc0c07c685536615e4e1a9d868ada04f00dfaeb239741515918181d01c8524f8bee16259f1e095961666852548755350a602bae703a4412433b7780a41ae06ff87629ad1ee6f785ebed7a700a6ab8946fd96cad2316afda4bde1be01e6537c365119b7224b94adc725574ace79527d9edf48282de2af5bdf4efcc9cfe475fda85b5f7d15d55e3e2aee62d10aa4929dd9faa145f1f48035da6fb15e87f376c4d422b5a17d4202cbe5e6f341ac9f4ab7b7b96b6dcb335cf80911b2c3185e2bb74a35bc773379b7b91ded9c2fd3e3564819fd724f4b99e047ae54bdf54bf53987fae7505e0b7b865f6a31366a6ff16055392295420607f6839cd8c35f608ac025bd799e244df62d723e841642046ab68a4b5af69f26fe2f3d1dfe17dffc4b1358b73c30ae3d1a3dd5eb1550b9e4a2cef7899a6ed6044aa921748bf6cf6bf0116a1e8d25348196f35b372a070feb1fdc95b90ccf3e404e36e6e34840070f5c0231a91d732c26a5c1bba0e1c4f4260c035b83f2040cb1f94e26a7e0b2b5c360ad9f110df0344fbcbb30bc8313d761e22b333a3c3e9f04dff3c020bea9ccfe1c16cf921c320a000100b15977510a380da95d6abe903a22a844fa402d7e339d2e1f20e6e817612a87e31b378a35e2f039533b085a63a39f39bd4f0124ce9c3f4f61d097c6ddcffee3b5e9c061d0f35ac34d65dd3e37aa6a5fc7cf312205ea113d847ea69d4e234e200000", @ANYRES32, @ANYRES32, @ANYBLOB="c0020001907800000402050e0000003f0000000600000003221032df263b82160ae83af77f61c36b1e7400b410188e282b830d73efc53d0c8637acd4ef3a99ab86e463e2b20612dda6ebf860c73c23f49650d336f602d984957e842a547087a6532bb9429db7c4a21056272a2b9a3fb1c52b83b36153413d709779699755d992dbf502083e228193ac77d8974bf8e63be1f9cb3e9da5199b72ec3c72fe06e2d4c3d90000cabbdbe145f5024ef656c34cf4002d489679abb601892c6df310f31544c04e3e492941d4d910517401a544b28dbdea5659225bdd5de461fdb6ab0dd8a07e2531b992bb387780aa0d012545658d4327f9ae3f08a9a0f1ec623acf3d26f7911461e7966889ea17f68d1166ade68eef8defd4385c57ae67caa280b0f6519ada96aa938d838b2a12214e738c929e0df8df52d90eb0574fba34e062ecacc3ac78d9302f8d4cc8eb2e20ececdf5193e189e567a2591771c405eae9"], 0x12d2) 06:00:23 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x1f4, 0x0) 06:00:23 executing program 1: mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000880)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) close(r0) umount2(&(0x7f0000000040)='./file0\x00', 0x0) 06:00:24 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x1f5, 0x0) 06:00:24 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) io_setup(0x9, &(0x7f00000002c0)) [ 3158.769881][T16373] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 3158.797363][T16373] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 3158.837618][T16379] fuse: Bad value for 'fd' [ 3158.883646][T16383] fuse: Bad value for 'fd' [ 3158.901348][T16373] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 3158.917480][T16346] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=25089,uid=0 [ 3159.044275][T16346] Memory cgroup out of memory: Killed process 25089 (syz-executor.3) total-vm:74836kB, anon-rss:4268kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:140kB oom_score_adj:1000 [ 3159.090146][T16375] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 3159.219597][T16375] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. 06:00:24 executing program 3: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) r5 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000040), 0x0) r6 = accept$alg(r5, 0x0, 0x0) r7 = dup(r6) recvmsg$can_raw(r7, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r7, 0xae47, 0x0) r8 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r8, 0xae60) ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0) r9 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r10, 0xae60) ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x0) r11 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r11, 0x117, 0x1, &(0x7f0000000040), 0x0) 06:00:24 executing program 1: mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000880)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) close(r0) umount2(&(0x7f0000000040)='./file0\x00', 0x9) 06:00:24 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) io_setup(0x9, &(0x7f00000002c0)) 06:00:24 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x1f6, 0x0) 06:00:24 executing program 4: syz_open_dev$media(0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000300)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$dsp1(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dsp1\x00', 0x0, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_MRT6_ADD_MIF(r0, 0x29, 0xca, &(0x7f0000000080)={0x8, 0x0, 0x0, 0x9}, 0xc) setsockopt$inet6_MRT6_ADD_MFC_PROXY(r0, 0x29, 0xd2, &(0x7f00000000c0)={{0xa, 0x4e22, 0x0, @local, 0xfffffffe}, {0xa, 0x3, 0x0, @mcast1}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff]}, 0x5c) r1 = creat(&(0x7f0000000280)='./file0\x00', 0x1) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, 0x0, 0x0) setsockopt$inet6_MRT6_DEL_MFC(r0, 0x29, 0xd4, &(0x7f0000000000)={{0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffa4]}}, {0xa, 0x0, 0x0, @mcast2}}, 0x4) 06:00:24 executing program 0: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller1\x00', 0x420000015001}) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=@newlink={0x28, 0x10, 0xc362e63b3f31ba5f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x3}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0) write$tun(r0, &(0x7f0000001900)=ANY=[@ANYBLOB="0300000000001a0000006879d1b312a006051b55c2a2ddfc423f10b62d745a7bdb3afe8000000000000000000000000000aa2b04000000000000000100075000000003060005000100000000000000090000000000000004000000000000000000002f05000000000000072800000003080508000300000000000000070000000000000003000000000000000500000000000000000000000000040000000000000001030000000000002e1700000000000001060000000000000800cd6f630199e91095fc87e1a9cf796b00be2def90545dc7fc71ad7c8639ce7afcb3fdb7293fb41b14ad358ffe7f92638ca2b9ce0a804008e179c026a54be6acaf4af1d60d58b7dff90c5b45dc0845932e6243134753a007b063f161f2b3f194f90e09239e9070ec827e937947c7aa74beb3b7eb4c7aa29dce913b847040339f0e5a2743b65019e1361fcd5ee1ac16659503b00ac4efdda822bee123362cdbe79689a0ea0073b67080e089ea3ce7e0a30d7da1cfd7c7ed890df588864fd1d8d60a0d092741f09223fb48b8e7b794d13dcd1a1aff94d7cd368525965b0c0f3381df7cb7b837b85281587c580f4dd9a622b7c426f4bd10efd6bda71f033fb29ddb78619f665a3d88375bf4306c23568ac97fb4f3aae618a3d24a8d7ce9a514014de56370dce902096ee08a99d80093acbd403ac083eed514a456ad59bc746262446a9f805fba03e10744056e57767982ddaf88ce865492830b4f80b2af71954be24af20453696e7ecba2f015b68c756653e73a4c79bb18fa08415b106e6e4acfe9973f4764632512ed95b4cc1c7e3c7ed04528f69a30f3c3a49901dba94026a219b38b5a7357b9ef0af0b8378cd938b6085489999300453305aeca09cbbe15f732180e23e5816484d8df6617e364acb639d4c1b91700e16fb755b5db73202e147b4bcf406065211af42f34659f05ac011fe3194cf5de2e4967e23f13c19938f19cafc82ad4db4b007dc591df7b5aed1a687df81296b8f4181fe2ef81b3f74e69ac18f3418649f4108325249b2c40f4cf362e484f1d9f967ae39e1017e6a0ecc1cdaa2d191117cf5ffa0bf806702d39674c2e099ab6b82e155ad61f3bb82d83c657aa1fecd0203ea21808d7625c7fea014ca078e294a7c6367a3d506d9bef5aef6307e4f176b96f340eb677eb0fee01ad5c8c500e51e5a32df46756da716865e92e1a36fe03f2e7d2bcb1f547b7b185b9d07bf69ea1c7f8c0a06ee1192a40cbccaf165ead38247131b68442445192698ab5e6cff97060230253691aeb8824974cc494fc046f6719c3a6d72313bc203794a97efbda044f42ca3cb211579bcce09397a984044c69959eca486c2a4fa97adcfe1a5097019bc8d40d724e182e4d32c42476861f53874a1814689bd73948c88b37c732f2d55d162b96a9bb7fa83c7475afb3e50086d5f117d35ff72065c0470e7991d021d62206a61da12afb4523cb14dfaecd70f4f44166714f078b5e0fb84d460b9ecad3e8c410eda685c008708137e7af1154cb97b0351705d7286d2e9c18309dc768e04cce138abb0f346071504517fb0db0c954c6aa72f9d5ad51eaea4299b6e9bd539576f3213d63a5b84dfd6804c37f49080f45c363918398a69fa61eb4ea63d868511e7a731194b1b29b625222f52d345c9672119708353669c5a36892ec8a9634622abe5da7b2cc54e3c2514735d96f32bd3f4dbbf5ea9d31d483e8e820431805929c9b4d945237e965a1adf40c3d36196620a0b4748a327cdb036c99e62f9d2035f6026ec9430ff8675c43d606079257f7780a5bca0e5b84553d9459c8ffdbdfb51f59fa1273b8b99db1e3bd42bca4fd2222836cae81a655333d3391d7c06428e90c604961d1bb82ad786465394c2513c8f947351242b201fd3fb7652fff2ef3611193d3271dbec95af069c25db7d97fafabc91f83c2806299d89d732195c368f76a218191348ddbd5b041ecb8a3bade91388ffcf89fbf24a24f49097ca514f1cf46bf00b3fe1e87008f0a2599dbd991d8852c31ebfda49fb349bede73047f1900c46778eee3a69eceafd183c9eb8e891c35e76f53ee6a7eda9c93cc3dd47a362a7edfbb9d0f14ddfca033ff46ce7c3c77c3521f90d8a3c953f05693c405ae963c69740acf5f13561328c80095ea9f053af99dda91dc002f2ffc06c2d2e10be19ac1b4bd6c21aa2865e8d43dddcd4c447454e9a1663dc362347aaffd0ed9be40c6f730f6bac6b0f388f862a918f714eb730120c9e4380a034b38b02b972b21832af390f1f191eaee7573ee6a4b308503e579e4f3cb47827e106869fb937f8dfc8655c96a497e08a32dadb84b41918ab7a95edc71891c939c9322f64c8b8377a3a2a2263582b9a830a5da36f81ad170aca1045dc4d8dc6c4d2419bfa7ed01bc2560ec10e841205d15f0f961b9eb23cdd3dfab36614d9b3491891048886c873e24ff105624d3f8a6b87b42a1564c87dc8a7bede1713e35b5b4841a551d621e36cd5af13764b4418b3f2ba5134cc1f86244094d007c3f05c8d9f97bbbb58b2b1f0230f856448d5d31e3f280433c9b4113c921e77caaa80a527eab4ed1f580f5d3dee110a27ef39d272903e16ebc3b44f2256167aba581ec428cf7f59148d8b6174ae27570e90cf33072608f0fb6332a8318fb354f5aff4d163f2b09ccb76a270f3b233f73f76784012030f426abb8377cb01f0ac177ecefd43ce1613f900ba5b973c40aa83d42459f4015f7872f99b196409dead8387734baa5705d4065f849c5d2bd35d885e196a6c63d8edc1c5fc7816bd1290b93aac182f7ee8d6d824eaf8bc53e012cc896db760942cbfd012c2765cf5c8e0c4fc3931c4907c54b1dfb6178acd03aee956f5cbdb6438e40eef93cb00f538623236158e03f88e98486504011630871c5ee5fe6a49688cafe84a019b43b371768a933f8db0b80864d811016773d4700a31ab9bde84f1fde4d18c3fd314aa2332f325697667a1a5a7533c1e9db2f8ed5717a04954356b5bff6263377bc52437f5001c60d23606e6752e1983f0c1ddab0f2bb7caa757b280047a985b66c848f0ce1d9352ae6369adff23485767842a74f017c3e9ce35d34440a588820912c75e4d38c754d48eb79c5231f5bba34c1342ddbcaca61222f185fc88c957d4dab4ca228a3cd6414b72ea7896f9cedc308c19a945512b265b0a4a7d9af13d96735231a72b6e52977092c38188884a3ca087283c48e086bc4c2233dbe66ef6c0d1ab02effc671dbaae1cf03362ef0b56111fc636e6443bf6ed139e9a370aa1e14f10e3fd2138a94772ea7d1536b0bde3db34c8e3b3ca2d9b0574d21dc9909eda1f32b2971e1506f716c6974fbb037faca8b3cd998e373e2d792202da6362c242ee57d8f51b080cd6e3cd2707481525279ec4a9ac4de5ef7f016e0b2a3ed23ab082d05575a9bc5cf2821c9f9f5c79f58944d94318ad5775c54e917099b2e79789bd9a953f582688129da52c68de30ea06a73a2e5cee080a6c0a97a887c5649ded32ff68387db17e0a14e39e51732b3a5b870eabf9a9027cf8544ac555341a7189de21283118044e7ef4611e437e555cd4d2b3fcb57b4fb856a8d01b368b1391be367f34abb3bc3c311341f63a3b6afb43fcb5089b3e15d18a2e76fac2095f57220333a08f71926c6b65d5fa76cf21f36e353f23b0768ee019db9f9a4d37f9271ae9a4258ddffcfbf22b71c993fd8fb8299712e19bee13e0d25b5fbaa63f5ede70a1e125ffcfa3c54225f7ca4b4f7773e873656437db1962564f707d1f4159b068eb004b344f7d63a02719c2d33b4049ae8502ea8711358ad1e48ff1711b9c4d0a33681c363e16cddd76e438d3d5d1755a82aaf1acef917acd7de9948edc05bcbf2aef3f3e794eda4062e10cc6a149555fcaddfe93f04858d5bc94f808e9ce82029487ccb99cfba0d051f249e89d9b81f5a453213ff501d2744238b1c3cbf05e6fac3101258cd024470e45224d3c46b6edd1894cf14859de5f32994e8ef3934fc5f8b6e792c804571cfd18ff91bbc83b87ae2cdce5d09cc8b765b0438567fcb876b066d64f1ec92660bc9f2112d57225d79201d06e7e66b948146f5da002e45089c4aa02de030bde9eff5b932d854aa4ef8068180c340b9aa255b491f155e158c2f9675285608450e540bc85a3d00f3d8bada3e3fefe6d08692509379c73da1a58e1379a08ac183c91a88bdfbc748b38f5cdf101aa7d6c34470f79ceac46982453a25b901cb4fc785e8aa4e0eca3f13d5b73c49b7d1468cdebae7e1b3ba8dbf9e8202043a8404d3aeae24c245482df57c6ebe7907a0102c0ff61d29c0cc035154f90498279668d1460297ea18ff4b5f70599ca8def2d974c2edeb6cce7b1da33e9ed39b1caa2c653e342c0eab1aa3dfed6c4a4b0909544fcab67b26e23bc2d4209a8d65df4fa2f0bbd288403c1dab4d18b2abd2c419ed71fcf30c7d5bc3677306c46c6bd842abaa7cc8a1a99891b0e385d4edd4530f3e485fd15ea1d9c8cdc6cb81330e7899ea0670088402b5113495f9df22d17d914509e3c84db09bdacf71a273fd331c3fbfa5f33eaeead251c2bf3b17bc2d3881c9cea87f153220f0b430bdad6e3e0c14e32be6a3ec9c50e13ba70a7c916837b262752b7cf07b43246646a285bbf08daea7808f4f1567be28a8eeb0ab754edcb2f1f7ae3bd4fe0cfe98b3f082dce80dee037d3aaa661ee458f97ea91f6721ad14a8249ce0d7d95b16521e4d909073e07d7bf1fdb7d6e311729fec7dbcda2030bac10783ac9d4802c40835e916e4d9c46154eada1aafbbf3e22f65cda0652f6cc935de5da57cfc229247dcc3be2a921c31e2e14631511f2fd5501e593c7f5edf909da65c8999d2c5ad4311426600d455b018306058bd954b8641ad4f016b8266757dcb0dbc5935ddbb01004c86c36a23ac15adba5fddf3fc2debc290031b03ab5327393389eb0197cb5c86b7ea0e683fb2be9e38480b759b0329c42fee024dce8e5041ed0bb1aff7c8d7a0f2babf3ff770c937454bb843183e017cc4fbe0747f2d13e0e2d0dd520964b6bb68503536d1a6cd79b4a9031db29c5a77c30a29b3ac515efa19246ed0a02a931f37aaeab7e833fd5273abab16ec30ce8e670461d600be3862d2b17264a2aff5a2f0b841dff4df68e5cac8f4cb3d7f32c7aef0b7f505d35872149be7b30d48dc34fef437cd00b3ccccc976a4c85c93ece485a1b10306de1ecd4d15ad6ec36d7324ba76e6acc41dc5c9b508a33db1b2198d5c4b6f5523206693564393806a6b21ce132e510d722148060c49da0482f66eacd211a0b0dc209f222a1622446603f1582d6945c6ad271cc8e3cc1a9be51c9f495a0bf94cb19f831d401210d83b67855dd2a888ec533e97d544a31de644f0a7f9726f4b0449da3817e7e02588b5bab2feb0e13b9f1a726cc1cbb522a011447b72e9a0d2ff057a25e2acd59ab84e6f4ac8b6d01e0dde92f54b976a05aa78aaa725886e5c4c2c14b0edceb6cf115d8eb68a7ff5b208578f0e8f78e719318c4a9ea64d65061d92e6d616219fc701cad53222498bd8c4e30950921c7bb9cc0c07c685536615e4e1a9d868ada04f00dfaeb239741515918181d01c8524f8bee16259f1e095961666852548755350a602bae703a4412433b7780a41ae06ff87629ad1ee6f785ebed7a700a6ab8946fd96cad2316afda4bde1be01e6537c365119b7224b94adc725574ace79527d9edf48282de2af5bdf4efcc9cfe475fda85b5f7d15d55e3e2aee62d10aa4929dd9faa145f1f48035da6fb15e87f376c4d422b5a17d4202cbe5e6f341ac9f4ab7b7b96b6dcb335cf80911b2c3185e2bb74a35bc773379b7b91ded9c2fd3e3564819fd724f4b99e047ae54bdf54bf53987fae7505e0b7b865f6a31366a6ff16055392295420607f6839cd8c35f608ac025bd799e244df62d723e841642046ab68a4b5af69f26fe2f3d1dfe17dffc4b1358b73c30ae3d1a3dd5eb1550b9e4a2cef7899a6ed6044aa921748bf6cf6bf0116a1e8d25348196f35b372a070feb1fdc95b90ccf3e404e36e6e34840070f5c0231a91d732c26a5c1bba0e1c4f4260c035b83f2040cb1f94e26a7e0b2b5c360ad9f110df0344fbcbb30bc8313d761e22b333a3c3e9f04dff3c020bea9ccfe1c16cf921c320a000100b15977510a380da95d6abe903a22a844fa402d7e339d2e1f20e6e817612a87e31b378a35e2f039533b085a63a39f39bd4f0124ce9c3f4f61d097c6ddcffee3b5e9c061d0f35ac34d65dd3e37aa6a5fc7cf312205ea113d847ea69d4e234e200000", @ANYRES32, @ANYRES32, @ANYBLOB="c0020001907800000402050e0000003f0000000600000003221032df263b82160ae83af77f61c36b1e7400b410188e282b830d73efc53d0c8637acd4ef3a99ab86e463e2b20612dda6ebf860c73c23f49650d336f602d984957e842a547087a6532bb9429db7c4a21056272a2b9a3fb1c52b83b36153413d709779699755d992dbf502083e228193ac77d8974bf8e63be1f9cb3e9da5199b72ec3c72fe06e2d4c3d90000cabbdbe145f5024ef656c34cf4002d489679abb601892c6df310f31544c04e3e492941d4d910517401a544b28dbdea5659225bdd5de461fdb6ab0dd8a07e2531b992bb387780aa0d012545658d4327f9ae3f08a9a0f1ec623acf3d26f7911461e7966889ea17f68d1166ade68eef8defd4385c57ae67caa280b0f6519ada96aa938d838b2a12214e738c929e0df8df52d90eb0574fba34e062ecacc3ac78d9302f8d4cc8eb2e20ececdf5193e189e567a2591771c405eae9"], 0x12d2) [ 3159.473660][T16406] fuse: Bad value for 'fd' [ 3159.489965][T16407] fuse: Bad value for 'fd' 06:00:24 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) io_setup(0x9, &(0x7f00000002c0)) 06:00:24 executing program 1: syz_mount_image$msdos(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) lchown(&(0x7f0000000040)='./file0\x00', 0xee01, 0x0) [ 3159.617799][T16413] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready 06:00:24 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x1f7, 0x0) [ 3159.761053][T16413] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. 06:00:25 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) io_setup(0x9, &(0x7f00000002c0)) 06:00:25 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x1f8, 0x0) 06:00:25 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x24, 0x0, &(0x7f0000000140)=[@acquire, @release={0x40046306, 0x1}, @release={0x400c630e}, @dead_binder_done], 0x0, 0x717000, 0x0}) 06:00:25 executing program 3: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) r5 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000040), 0x0) r6 = accept$alg(r5, 0x0, 0x0) r7 = dup(r6) recvmsg$can_raw(r7, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r7, 0xae47, 0x0) r8 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r8, 0xae60) ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0) r9 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r10, 0xae60) ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x0) r11 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r11, 0x117, 0x1, &(0x7f0000000040), 0x0) 06:00:25 executing program 0: r0 = socket$inet6(0xa, 0x80003, 0xff) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='net/arp\x00') io_setup(0x3, &(0x7f00000001c0)=0x0) io_submit(r2, 0x2, &(0x7f0000000280)=[&(0x7f00000000c0)={0x2c, 0x0, 0x0, 0x0, 0x0, r0, 0x0}, &(0x7f0000000240)={0x0, 0x0, 0x2, 0x2, 0x0, r1, 0x0}]) 06:00:25 executing program 1: r0 = eventfd(0x0) read$eventfd(r0, &(0x7f0000000100), 0x8) 06:00:25 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) io_setup(0x9, &(0x7f00000002c0)) [ 3160.575577][T16457] syz-executor.3 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 3160.590785][T16457] CPU: 0 PID: 16457 Comm: syz-executor.3 Not tainted 5.6.0-rc1-syzkaller #0 [ 3160.599605][T16457] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3160.609706][T16457] Call Trace: [ 3160.613014][T16457] dump_stack+0x11d/0x181 [ 3160.617380][T16457] dump_header+0xaa/0x39c [ 3160.621742][T16457] oom_kill_process.cold+0x10/0x15 [ 3160.626878][T16457] out_of_memory+0x231/0xa60 [ 3160.631587][T16457] ? __rcu_read_unlock+0x66/0x2f0 [ 3160.636659][T16457] mem_cgroup_out_of_memory+0x128/0x150 [ 3160.642227][T16457] try_charge+0xb6c/0xbf0 [ 3160.647198][T16457] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3160.653569][T16457] __memcg_kmem_charge_memcg+0x4a/0xe0 [ 3160.659055][T16457] __memcg_kmem_charge+0xcf/0x1b0 [ 3160.664189][T16457] __alloc_pages_nodemask+0x26c/0x310 [ 3160.669588][T16457] alloc_pages_current+0xd1/0x170 [ 3160.674643][T16457] pte_alloc_one+0x18/0x50 [ 3160.679202][T16457] __pte_alloc+0x2d/0x220 [ 3160.683564][T16457] copy_page_range+0x13a2/0x1a00 [ 3160.688738][T16457] ? __vma_link_rb+0x3f4/0x440 [ 3160.693545][T16457] dup_mm+0x74a/0xba0 [ 3160.697577][T16457] copy_process+0x39d7/0x3b40 [ 3160.702297][T16457] _do_fork+0xfe/0x7a0 [ 3160.706387][T16457] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3160.712642][T16457] ? ktime_get_ts64+0x286/0x2c0 [ 3160.717553][T16457] __x64_sys_clone+0x130/0x170 [ 3160.722363][T16457] do_syscall_64+0xcc/0x3a0 [ 3160.726994][T16457] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 3160.733014][T16457] RIP: 0033:0x45c449 [ 3160.736917][T16457] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3160.756654][T16457] RSP: 002b:00007f331e30dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 3160.765230][T16457] RAX: ffffffffffffffda RBX: 00007f331e30e6d4 RCX: 000000000045c449 [ 3160.773225][T16457] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 3160.781341][T16457] RBP: 000000000076bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 3160.789419][T16457] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 3160.798479][T16457] R13: 0000000000000074 R14: 00000000004c2ce6 R15: 000000000076bf2c [ 3160.837630][T16457] memory: usage 307200kB, limit 307200kB, failcnt 541 06:00:26 executing program 4: syz_open_dev$media(0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000300)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$dsp1(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dsp1\x00', 0x0, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_MRT6_ADD_MIF(r0, 0x29, 0xca, &(0x7f0000000080)={0x8, 0x0, 0x0, 0x9}, 0xc) setsockopt$inet6_MRT6_ADD_MFC_PROXY(r0, 0x29, 0xd2, &(0x7f00000000c0)={{0xa, 0x4e22, 0x0, @local, 0xfffffffe}, {0xa, 0x3, 0x0, @mcast1}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff]}, 0x5c) creat(&(0x7f0000000280)='./file0\x00', 0x1) setsockopt$inet6_MRT6_DEL_MFC(r0, 0x29, 0xd4, &(0x7f0000000000)={{0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffa4]}}, {0xa, 0x0, 0x0, @mcast2}}, 0x4) 06:00:26 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x1f9, 0x0) 06:00:26 executing program 0: r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) setsockopt$llc_int(r0, 0x10c, 0x6, &(0x7f0000000c40)=0xffffab5b, 0x4) 06:00:26 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) io_setup(0x9, &(0x7f00000002c0)) [ 3160.907839][T16457] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3160.969723][T16457] Memory cgroup stats for /syz3: [ 3160.970011][T16457] anon 279375872 [ 3160.970011][T16457] file 159744 [ 3160.970011][T16457] kernel_stack 2764800 [ 3160.970011][T16457] slab 9502720 [ 3160.970011][T16457] sock 0 [ 3160.970011][T16457] shmem 106496 [ 3160.970011][T16457] file_mapped 0 [ 3160.970011][T16457] file_dirty 0 [ 3160.970011][T16457] file_writeback 0 [ 3160.970011][T16457] anon_thp 260046848 [ 3160.970011][T16457] inactive_anon 135168 [ 3160.970011][T16457] active_anon 279375872 06:00:26 executing program 0: r0 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000100)=[@in6={0xa, 0x0, 0x0, @ipv4={[], [], @remote}}, @in={0x2, 0x0, @loopback}], 0x2c) setsockopt$inet_sctp6_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000000)=0x800, 0x4) [ 3160.970011][T16457] inactive_file 126976 [ 3160.970011][T16457] active_file 0 [ 3160.970011][T16457] unevictable 0 [ 3160.970011][T16457] slab_reclaimable 1622016 [ 3160.970011][T16457] slab_unreclaimable 7880704 [ 3160.970011][T16457] pgfault 225489 [ 3160.970011][T16457] pgmajfault 0 [ 3160.970011][T16457] workingset_refault 132 [ 3160.970011][T16457] workingset_activate 33 [ 3160.970011][T16457] workingset_nodereclaim 0 [ 3160.970011][T16457] pgrefill 631 [ 3160.970011][T16457] pgscan 677 [ 3160.970011][T16457] pgsteal 312 06:00:26 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x1fa, 0x0) 06:00:26 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x0) io_setup(0x9, &(0x7f00000002c0)) 06:00:26 executing program 1: r0 = socket$kcm(0x10, 0x3, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000100)="230000005a00810a91bc655067d7aee4050c00000f00020001000000acecf0a3000000", 0x23}], 0x1}, 0x0) [ 3161.245561][T16457] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=25036,uid=0 [ 3161.341138][T16457] Memory cgroup out of memory: Killed process 25036 (syz-executor.3) total-vm:74704kB, anon-rss:4260kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:140kB oom_score_adj:1000 06:00:27 executing program 3: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r4 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000000040), 0x0) r5 = accept$alg(r4, 0x0, 0x0) r6 = dup(r5) recvmsg$can_raw(r6, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r6, 0xae47, 0x0) r7 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r7, 0xae60) ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r9, 0xae60) ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) r10 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r10, 0x117, 0x1, &(0x7f0000000040), 0x0) 06:00:27 executing program 0: perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_buf(r0, 0x6, 0x5, &(0x7f00000001c0)="178be3afbb9ac1", 0x7) 06:00:27 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x1fb, 0x0) 06:00:27 executing program 1: sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='net/ip6_mr_vif\x00') clock_gettime(0x0, 0x0) r0 = socket(0x1e, 0x1, 0x0) getsockopt$TIPC_SOCK_RECVQ_DEPTH(r0, 0x6, 0x84, 0x0, 0x0) sendmsg$IPSET_CMD_TEST(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f00000000c0), 0xc, &(0x7f00000002c0)={&(0x7f0000000240)={0x50, 0xb, 0x6, 0x301, 0x0, 0x0, {0x7, 0x0, 0x7}, [@IPSET_ATTR_LINENO={0x8, 0x9, 0x1, 0x0, 0x8}, @IPSET_ATTR_DATA={0x34, 0x7, 0x0, 0x1, [@IPSET_ATTR_COMMENT={0x10, 0x1a, 'em0ppp1eth0\x00'}, @IPSET_ATTR_PROTO={0x5, 0x7, 0x62}, @IPSET_ATTR_PORT_TO={0x6, 0x5, 0x1, 0x0, 0x4e20}, @IPSET_ATTR_TIMEOUT={0x8, 0x6, 0x1, 0x0, 0x6}, @IPSET_ATTR_LINENO={0x8, 0x9, 0x1, 0x0, 0xec}]}]}, 0x50}, 0x1, 0x0, 0x0, 0x2400c000}, 0x44800) ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc0585611, &(0x7f0000000100)={0x156, 0x1, 0x4, 0x0, 0x6e, {}, {0x5, 0x0, 0x0, 0x7f, 0x1, 0x3, "c051e379"}, 0xfffff001, 0x1, @planes=&(0x7f0000000040)={0xc04c, 0x0, @mem_offset=0x7, 0x3f}, 0x7}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0xfc, &(0x7f0000000180)={&(0x7f0000000580)=ANY=[@ANYBLOB="5400000010003f0e000000000000004c00000000", @ANYRES32=0x0, @ANYBLOB="002200160002000008000a00", @ANYRES32, @ANYBLOB="2c0012000c000100697036746e6c00001c00020014000200ff02000000000000000000000000000104001300"], 0x54}, 0x1, 0x0, 0x0, 0x4084}, 0x0) 06:00:27 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x0) io_setup(0x9, &(0x7f00000002c0)) 06:00:27 executing program 4: syz_open_dev$media(0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000300)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$dsp1(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dsp1\x00', 0x0, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_MRT6_ADD_MIF(r0, 0x29, 0xca, &(0x7f0000000080)={0x8, 0x0, 0x0, 0x9}, 0xc) setsockopt$inet6_MRT6_ADD_MFC_PROXY(r0, 0x29, 0xd2, &(0x7f00000000c0)={{0xa, 0x4e22, 0x0, @local, 0xfffffffe}, {0xa, 0x3, 0x0, @mcast1}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff]}, 0x5c) setsockopt$inet6_MRT6_DEL_MFC(r0, 0x29, 0xd4, &(0x7f0000000000)={{0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffa4]}}, {0xa, 0x0, 0x0, @mcast2}}, 0x4) [ 3162.038061][T16513] bond5: (slave ip6tnl2): The slave device specified does not support setting the MAC address [ 3162.122310][T16513] bond5: (slave ip6tnl2): Error -95 calling set_mac_address 06:00:27 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x0) io_setup(0x9, &(0x7f00000002c0)) 06:00:27 executing program 0: syz_open_procfs(0x0, 0x0) sendmsg$IPSET_CMD_TEST(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f00000000c0), 0xc, &(0x7f00000002c0)={0x0}, 0x1, 0x0, 0x0, 0x2400c000}, 0x44800) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0xfc, &(0x7f0000000180)={&(0x7f0000000580)=ANY=[@ANYBLOB="5400000012003f0e000000000000004c00000000", @ANYRES32=0x0, @ANYBLOB="002200160002000008000a00", @ANYRES32, @ANYBLOB="2c0012000c000100697036746e6c00001c00020014000200ff02000000000000000000000000000104001300"], 0x54}, 0x1, 0x0, 0x0, 0x4084}, 0x0) 06:00:27 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x1fc, 0x0) 06:00:27 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) io_setup(0x0, &(0x7f00000002c0)) 06:00:27 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x1fd, 0x0) 06:00:28 executing program 0: r0 = perf_event_open(&(0x7f0000000000)={0x1000000002, 0x70, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) close(r0) 06:00:28 executing program 3: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r3 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000040), 0x0) r4 = accept$alg(r3, 0x0, 0x0) r5 = dup(r4) recvmsg$can_raw(r5, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r5, 0xae47, 0x0) r6 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60) ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r8, 0xae60) ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0) r9 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r9, 0x117, 0x1, &(0x7f0000000040), 0x0) 06:00:28 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) io_setup(0x0, &(0x7f00000002c0)) 06:00:28 executing program 1: sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='net/ip6_mr_vif\x00') clock_gettime(0x0, 0x0) r0 = socket(0x1e, 0x1, 0x0) getsockopt$TIPC_SOCK_RECVQ_DEPTH(r0, 0x6, 0x84, 0x0, 0x0) sendmsg$IPSET_CMD_TEST(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f00000000c0), 0xc, &(0x7f00000002c0)={&(0x7f0000000240)={0x50, 0xb, 0x6, 0x301, 0x0, 0x0, {0x7, 0x0, 0x7}, [@IPSET_ATTR_LINENO={0x8, 0x9, 0x1, 0x0, 0x8}, @IPSET_ATTR_DATA={0x34, 0x7, 0x0, 0x1, [@IPSET_ATTR_COMMENT={0x10, 0x1a, 'em0ppp1eth0\x00'}, @IPSET_ATTR_PROTO={0x5, 0x7, 0x62}, @IPSET_ATTR_PORT_TO={0x6, 0x5, 0x1, 0x0, 0x4e20}, @IPSET_ATTR_TIMEOUT={0x8, 0x6, 0x1, 0x0, 0x6}, @IPSET_ATTR_LINENO={0x8, 0x9, 0x1, 0x0, 0xec}]}]}, 0x50}, 0x1, 0x0, 0x0, 0x2400c000}, 0x44800) ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc0585611, &(0x7f0000000100)={0x156, 0x1, 0x4, 0x0, 0x6e, {}, {0x5, 0x0, 0x0, 0x7f, 0x1, 0x3, "c051e379"}, 0xfffff001, 0x1, @planes=&(0x7f0000000040)={0xc04c, 0x0, @mem_offset=0x7, 0x3f}, 0x7}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0xfc, &(0x7f0000000180)={&(0x7f0000000580)=ANY=[@ANYBLOB="5400000010003f0e000000000000004c00000000", @ANYRES32=0x0, @ANYBLOB="002200160002000008000a00", @ANYRES32, @ANYBLOB="2c0012000c000100697036746e6c00001c00020014000200ff02000000000000000000000000000104001300"], 0x54}, 0x1, 0x0, 0x0, 0x4084}, 0x0) 06:00:28 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x1fe, 0x0) [ 3162.941036][ C0] print_req_error: 417 callbacks suppressed [ 3162.941055][ C0] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3162.958257][ C0] buffer_io_error: 417 callbacks suppressed [ 3162.958286][ C0] Buffer I/O error on dev loop0, logical block 0, async page read 06:00:28 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) io_setup(0x0, &(0x7f00000002c0)) [ 3163.091393][ C0] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3163.102335][ C0] Buffer I/O error on dev loop0, logical block 0, async page read [ 3163.124472][T16572] bond5: (slave ip6tnl2): The slave device specified does not support setting the MAC address [ 3163.157360][ C0] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3163.168444][ C0] Buffer I/O error on dev loop0, logical block 0, async page read [ 3163.204227][ C0] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3163.215300][ C0] Buffer I/O error on dev loop0, logical block 0, async page read [ 3163.292334][ C0] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3163.296345][T16572] bond5: (slave ip6tnl2): Error -95 calling set_mac_address [ 3163.303293][ C0] Buffer I/O error on dev loop0, logical block 0, async page read [ 3163.329481][ C0] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3163.340531][ C0] Buffer I/O error on dev loop0, logical block 0, async page read [ 3163.348900][ C0] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3163.359940][ C0] Buffer I/O error on dev loop0, logical block 0, async page read [ 3163.370582][ C0] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3163.381622][ C0] Buffer I/O error on dev loop0, logical block 0, async page read [ 3163.389962][ C0] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3163.401216][ C0] Buffer I/O error on dev loop0, logical block 0, async page read [ 3163.422396][ C0] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3163.433358][ C0] Buffer I/O error on dev loop0, logical block 0, async page read 06:00:28 executing program 4: syz_open_dev$media(0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000300)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$dsp1(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dsp1\x00', 0x0, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_MRT6_ADD_MIF(r0, 0x29, 0xca, &(0x7f0000000080)={0x8, 0x0, 0x0, 0x9}, 0xc) setsockopt$inet6_MRT6_DEL_MFC(r0, 0x29, 0xd4, &(0x7f0000000000)={{0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffa4]}}, {0xa, 0x0, 0x0, @mcast2}}, 0x4) 06:00:28 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x201, 0x0) 06:00:28 executing program 0: sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='net/ip6_mr_vif\x00') clock_gettime(0x0, 0x0) r0 = socket(0x1e, 0x1, 0x0) getsockopt$TIPC_SOCK_RECVQ_DEPTH(r0, 0x6, 0x84, 0x0, 0x0) sendmsg$IPSET_CMD_TEST(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f00000000c0), 0xc, 0x0, 0x1, 0x0, 0x0, 0x2400c000}, 0x44800) ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc0585611, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0xfc, &(0x7f0000000180)={&(0x7f0000000580)=ANY=[@ANYBLOB="5400000010003f0e000000000000004c00000000", @ANYRES32=0x0, @ANYBLOB="002200160002000008000a00", @ANYRES32, @ANYBLOB="2c0012000c000100697036746e6c00001c00020014000200ff02000000000000000000000000000104001300"], 0x54}, 0x1, 0x0, 0x0, 0x4084}, 0x0) 06:00:28 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) io_setup(0x9, 0x0) 06:00:28 executing program 1: r0 = openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) dup2(r0, r0) perf_event_open(&(0x7f0000000540)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x20480, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d20680648c63940d0424fc6004000e400a001100053582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0xf000) 06:00:29 executing program 3: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r3 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000040), 0x0) r4 = accept$alg(r3, 0x0, 0x0) r5 = dup(r4) recvmsg$can_raw(r5, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r5, 0xae47, 0x0) r6 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60) ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r8, 0xae60) ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0) r9 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r9, 0x117, 0x1, &(0x7f0000000040), 0x0) 06:00:29 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) io_setup(0x9, 0x0) 06:00:29 executing program 1: socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x86, 0x1, @perf_bp={&(0x7f0000000480), 0x3}, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000440)='./file1\x00', 0x0) mkdir(&(0x7f0000000340)='./file0\x00', 0x0) r2 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000280)='/dev/qat_adf_ctl\x00', 0x0, 0x0) ioctl$DRM_IOCTL_SET_VERSION(r0, 0xc0106407, 0x0) mmap$usbfs(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r2, 0xff) newfstatat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x1000) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x8ae082, 0x0) read$usbfs(0xffffffffffffffff, &(0x7f0000000540)=""/56, 0x38) r3 = getuid() getsockopt$bt_sco_SCO_OPTIONS(0xffffffffffffffff, 0x11, 0x1, &(0x7f0000000800)=""/4096, 0x0) r4 = syz_init_net_socket$x25(0x9, 0x5, 0x0) r5 = fcntl$dupfd(r4, 0x0, 0xffffffffffffffff) sendmsg$nl_route_sched(r5, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000280)}, 0x4040001) r6 = syz_init_net_socket$x25(0x9, 0x5, 0x0) r7 = fcntl$dupfd(r6, 0x0, 0xffffffffffffffff) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=@ipv4_newrule={0x24, 0x20, 0x300, 0x70bd2d, 0x25dfdbfb, {0x2, 0x20, 0x0, 0x3, 0x4, 0x0, 0x0, 0x0, 0x14}, [@FRA_GENERIC_POLICY=@FRA_GOTO={0x8, 0x4, 0x7ff}]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x0) r8 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r8, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r8, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r8, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe5}]}, 0x10) sendto$inet(r8, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r8, 0x6, 0xd, &(0x7f0000000000)='bbr\x00', 0x3) setsockopt$sock_int(r8, 0x1, 0x8, &(0x7f0000000600)=0xda9, 0x4) sendto$inet(r8, &(0x7f00000012c0)="20048a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf9221a750fbf746bec66ba", 0xfe6a, 0xe, 0x0, 0xfffffffffffffe2b) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) sendmsg$nl_route_sched(r7, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000640)=ANY=[@ANYPTR64=&(0x7f0000000600)=ANY=[@ANYRES64=r1, @ANYPTR64=&(0x7f0000001800)=ANY=[@ANYBLOB="7960922a02fd0867f50f69c2b693776a042a43cf1a44f2d81c1fd516f76d90acab007b79c2e30139ca7b6035", @ANYRES16, @ANYBLOB, @ANYRESOCT, @ANYRES64=r7, @ANYBLOB="7fb4bfa5d170a0f1705c5f73cdbadc31f61b217715d32c21dc58f5d0fbadf3c6fdaeda41d8c63b99f4575fa0130e", @ANYRES16=0x0, @ANYRES16], @ANYRES32], @ANYRES16, @ANYRESHEX=0x0], 0x3}, 0x1, 0x0, 0x0, 0x28004895}, 0x4040001) lsetxattr$system_posix_acl(&(0x7f0000000080)='./file0\x00', &(0x7f00000001c0)='system.posix_acl_access\x00', &(0x7f00000006c0)=ANY=[@ANYRES32=0x0, @ANYBLOB="bfcd062f7215bad8e82eed366a73f26a613d", @ANYRES32=0x0, @ANYBLOB="02000000", @ANYRES32=0x0, @ANYBLOB="040000000000000008000200", @ANYRES32=0x0, @ANYBLOB="10000500000000002000010000000000"], 0x8, 0x2) fstat(r7, 0x0) lsetxattr$system_posix_acl(&(0x7f0000000380)='.//ile0\x00', &(0x7f00000003c0)='system.posix_acl_access\x00', &(0x7f0000000400)={{}, {0x1, 0x7}, [{0x2, 0x4, r3}], {0x4, 0x2}, [{0x8, 0x1}, {0x8, 0x3, 0xffffffffffffffff}], {0x10, 0x2}, {0x20, 0xd}}, 0x3c, 0x1) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="75707042726469723d2e2f66696c65302c6c6f7765726469723d2e3a66696c65302c776f726b6469721d2e2f66696c6531"]) mknod$loop(&(0x7f0000000000)='.//ile0\x00', 0x0, 0x0) r9 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) setsockopt$inet6_tcp_TCP_ULP(0xffffffffffffffff, 0x6, 0x1f, &(0x7f0000000140)='tls\x00', 0x4) ioctl$INOTIFY_IOC_SETNEXTWD(r9, 0x40044900, 0x10001) [ 3163.913663][T16607] bond1: (slave ip6tnl3): The slave device specified does not support setting the MAC address [ 3163.977714][T16607] bond1: (slave ip6tnl3): Error -95 calling set_mac_address 06:00:29 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x202, 0x0) [ 3164.409004][T16639] overlayfs: unrecognized mount option "uppBrdir=./file0" or missing value 06:00:29 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x203, 0x0) 06:00:29 executing program 3: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r3 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000040), 0x0) r4 = accept$alg(r3, 0x0, 0x0) r5 = dup(r4) recvmsg$can_raw(r5, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r5, 0xae47, 0x0) r6 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60) ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r8, 0xae60) ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0) r9 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r9, 0x117, 0x1, &(0x7f0000000040), 0x0) 06:00:30 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) io_setup(0x9, 0x0) [ 3164.770675][T16618] overlayfs: unrecognized mount option "uppBrdir=./file0" or missing value 06:00:30 executing program 4: syz_open_dev$media(0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000300)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$dsp1(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dsp1\x00', 0x0, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_MRT6_DEL_MFC(r0, 0x29, 0xd4, &(0x7f0000000000)={{0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffa4]}}, {0xa, 0x0, 0x0, @mcast2}}, 0x4) 06:00:30 executing program 0: sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='net/ip6_mr_vif\x00') clock_gettime(0x0, 0x0) r0 = socket(0x1e, 0x1, 0x0) getsockopt$TIPC_SOCK_RECVQ_DEPTH(r0, 0x6, 0x84, 0x0, 0x0) sendmsg$IPSET_CMD_TEST(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f00000000c0), 0xc, 0x0, 0x1, 0x0, 0x0, 0x2400c000}, 0x44800) ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc0585611, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0xfc, &(0x7f0000000180)={&(0x7f0000000580)=ANY=[@ANYBLOB="5400000010003f0e000000000000004c00000000", @ANYRES32=0x0, @ANYBLOB="002200160002000008000a00", @ANYRES32, @ANYBLOB="2c0012000c000100697036746e6c00001c00020014000200ff02000000000000000000000000000104001300"], 0x54}, 0x1, 0x0, 0x0, 0x4084}, 0x0) 06:00:30 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x204, 0x0) 06:00:30 executing program 1: socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x86, 0x1, @perf_bp={&(0x7f0000000480), 0x3}, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000440)='./file1\x00', 0x0) mkdir(&(0x7f0000000340)='./file0\x00', 0x0) r2 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000280)='/dev/qat_adf_ctl\x00', 0x0, 0x0) ioctl$DRM_IOCTL_SET_VERSION(r0, 0xc0106407, 0x0) mmap$usbfs(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r2, 0xff) newfstatat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x1000) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x8ae082, 0x0) read$usbfs(0xffffffffffffffff, &(0x7f0000000540)=""/56, 0x38) r3 = getuid() getsockopt$bt_sco_SCO_OPTIONS(0xffffffffffffffff, 0x11, 0x1, &(0x7f0000000800)=""/4096, 0x0) r4 = syz_init_net_socket$x25(0x9, 0x5, 0x0) r5 = fcntl$dupfd(r4, 0x0, 0xffffffffffffffff) sendmsg$nl_route_sched(r5, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000280)}, 0x4040001) r6 = syz_init_net_socket$x25(0x9, 0x5, 0x0) r7 = fcntl$dupfd(r6, 0x0, 0xffffffffffffffff) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=@ipv4_newrule={0x24, 0x20, 0x300, 0x70bd2d, 0x25dfdbfb, {0x2, 0x20, 0x0, 0x3, 0x4, 0x0, 0x0, 0x0, 0x14}, [@FRA_GENERIC_POLICY=@FRA_GOTO={0x8, 0x4, 0x7ff}]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x0) r8 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r8, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r8, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r8, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe5}]}, 0x10) sendto$inet(r8, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r8, 0x6, 0xd, &(0x7f0000000000)='bbr\x00', 0x3) setsockopt$sock_int(r8, 0x1, 0x8, &(0x7f0000000600)=0xda9, 0x4) sendto$inet(r8, &(0x7f00000012c0)="20048a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf9221a750fbf746bec66ba", 0xfe6a, 0xe, 0x0, 0xfffffffffffffe2b) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) sendmsg$nl_route_sched(r7, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000640)=ANY=[@ANYPTR64=&(0x7f0000000600)=ANY=[@ANYRES64=r1, @ANYPTR64=&(0x7f0000001800)=ANY=[@ANYBLOB="7960922a02fd0867f50f69c2b693776a042a43cf1a44f2d81c1fd516f76d90acab007b79c2e30139ca7b6035", @ANYRES16, @ANYBLOB, @ANYRESOCT, @ANYRES64=r7, @ANYBLOB="7fb4bfa5d170a0f1705c5f73cdbadc31f61b217715d32c21dc58f5d0fbadf3c6fdaeda41d8c63b99f4575fa0130e", @ANYRES16=0x0, @ANYRES16], @ANYRES32], @ANYRES16, @ANYRESHEX=0x0], 0x3}, 0x1, 0x0, 0x0, 0x28004895}, 0x4040001) lsetxattr$system_posix_acl(&(0x7f0000000080)='./file0\x00', &(0x7f00000001c0)='system.posix_acl_access\x00', &(0x7f00000006c0)=ANY=[@ANYRES32=0x0, @ANYBLOB="bfcd062f7215bad8e82eed366a73f26a613d", @ANYRES32=0x0, @ANYBLOB="02000000", @ANYRES32=0x0, @ANYBLOB="040000000000000008000200", @ANYRES32=0x0, @ANYBLOB="10000500000000002000010000000000"], 0x8, 0x2) fstat(r7, 0x0) lsetxattr$system_posix_acl(&(0x7f0000000380)='.//ile0\x00', &(0x7f00000003c0)='system.posix_acl_access\x00', &(0x7f0000000400)={{}, {0x1, 0x7}, [{0x2, 0x4, r3}], {0x4, 0x2}, [{0x8, 0x1}, {0x8, 0x3, 0xffffffffffffffff}], {0x10, 0x2}, {0x20, 0xd}}, 0x3c, 0x1) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="75707042726469723d2e2f66696c65302c6c6f7765726469723d2e3a66696c65302c776f726b6469721d2e2f66696c6531"]) mknod$loop(&(0x7f0000000000)='.//ile0\x00', 0x0, 0x0) r9 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) setsockopt$inet6_tcp_TCP_ULP(0xffffffffffffffff, 0x6, 0x1f, &(0x7f0000000140)='tls\x00', 0x4) ioctl$INOTIFY_IOC_SETNEXTWD(r9, 0x40044900, 0x10001) 06:00:30 executing program 5: socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x86, 0x1, @perf_bp={&(0x7f0000000480), 0x3}, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000440)='./file1\x00', 0x0) mkdir(&(0x7f0000000340)='./file0\x00', 0x0) r2 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000280)='/dev/qat_adf_ctl\x00', 0x0, 0x0) ioctl$DRM_IOCTL_SET_VERSION(r0, 0xc0106407, 0x0) mmap$usbfs(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r2, 0xff) newfstatat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x1000) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x8ae082, 0x0) read$usbfs(0xffffffffffffffff, &(0x7f0000000540)=""/56, 0x38) r3 = getuid() getsockopt$bt_sco_SCO_OPTIONS(0xffffffffffffffff, 0x11, 0x1, &(0x7f0000000800)=""/4096, 0x0) r4 = syz_init_net_socket$x25(0x9, 0x5, 0x0) r5 = fcntl$dupfd(r4, 0x0, 0xffffffffffffffff) sendmsg$nl_route_sched(r5, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000280)}, 0x4040001) r6 = syz_init_net_socket$x25(0x9, 0x5, 0x0) r7 = fcntl$dupfd(r6, 0x0, 0xffffffffffffffff) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=@ipv4_newrule={0x24, 0x20, 0x300, 0x70bd2d, 0x25dfdbfb, {0x2, 0x20, 0x0, 0x3, 0x4, 0x0, 0x0, 0x0, 0x14}, [@FRA_GENERIC_POLICY=@FRA_GOTO={0x8, 0x4, 0x7ff}]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x0) r8 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r8, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r8, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r8, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe5}]}, 0x10) sendto$inet(r8, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r8, 0x6, 0xd, &(0x7f0000000000)='bbr\x00', 0x3) setsockopt$sock_int(r8, 0x1, 0x8, &(0x7f0000000600)=0xda9, 0x4) sendto$inet(r8, &(0x7f00000012c0)="20048a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf9221a750fbf746bec66ba", 0xfe6a, 0xe, 0x0, 0xfffffffffffffe2b) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) sendmsg$nl_route_sched(r7, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000640)=ANY=[@ANYPTR64=&(0x7f0000000600)=ANY=[@ANYRES64=r1, @ANYPTR64=&(0x7f0000001800)=ANY=[@ANYBLOB="7960922a02fd0867f50f69c2b693776a042a43cf1a44f2d81c1fd516f76d90acab007b79c2e30139ca7b6035", @ANYRES16, @ANYBLOB, @ANYRESOCT, @ANYRES64=r7, @ANYBLOB="7fb4bfa5d170a0f1705c5f73cdbadc31f61b217715d32c21dc58f5d0fbadf3c6fdaeda41d8c63b99f4575fa0130e", @ANYRES16=0x0, @ANYRES16], @ANYRES32], @ANYRES16, @ANYRESHEX=0x0], 0x3}, 0x1, 0x0, 0x0, 0x28004895}, 0x4040001) lsetxattr$system_posix_acl(&(0x7f0000000080)='./file0\x00', &(0x7f00000001c0)='system.posix_acl_access\x00', &(0x7f00000006c0)=ANY=[@ANYRES32=0x0, @ANYBLOB="bfcd062f7215bad8e82eed366a73f26a613d", @ANYRES32=0x0, @ANYBLOB="02000000", @ANYRES32=0x0, @ANYBLOB="040000000000000008000200", @ANYRES32=0x0, @ANYBLOB="10000500000000002000010000000000"], 0x8, 0x2) fstat(r7, 0x0) lsetxattr$system_posix_acl(&(0x7f0000000380)='.//ile0\x00', &(0x7f00000003c0)='system.posix_acl_access\x00', &(0x7f0000000400)={{}, {0x1, 0x7}, [{0x2, 0x4, r3}], {0x4, 0x2}, [{0x8, 0x1}, {0x8, 0x3, 0xffffffffffffffff}], {0x10, 0x2}, {0x20, 0xd}}, 0x3c, 0x1) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="75707042726469723d2e2f66696c65302c6c6f7765726469723d2e3a66696c65302c776f726b6469721d2e2f66696c6531"]) mknod$loop(&(0x7f0000000000)='.//ile0\x00', 0x0, 0x0) r9 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) setsockopt$inet6_tcp_TCP_ULP(0xffffffffffffffff, 0x6, 0x1f, &(0x7f0000000140)='tls\x00', 0x4) ioctl$INOTIFY_IOC_SETNEXTWD(r9, 0x40044900, 0x10001) [ 3165.263430][T16675] bond1: (slave ip6tnl3): The slave device specified does not support setting the MAC address 06:00:30 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x205, 0x0) 06:00:30 executing program 3: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r3 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000040), 0x0) r4 = accept$alg(r3, 0x0, 0x0) r5 = dup(r4) recvmsg$can_raw(r5, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r5, 0xae47, 0x0) r6 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60) ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r8, 0xae60) ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0) r9 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r9, 0x117, 0x1, &(0x7f0000000040), 0x0) [ 3165.361700][T16675] bond1: (slave ip6tnl3): Error -95 calling set_mac_address [ 3165.620094][T16680] overlayfs: unrecognized mount option "uppBrdir=./file0" or missing value 06:00:31 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x206, 0x0) 06:00:31 executing program 0: socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x86, 0x1, @perf_bp={&(0x7f0000000480), 0x3}, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000440)='./file1\x00', 0x0) mkdir(&(0x7f0000000340)='./file0\x00', 0x0) r2 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000280)='/dev/qat_adf_ctl\x00', 0x0, 0x0) ioctl$DRM_IOCTL_SET_VERSION(r0, 0xc0106407, 0x0) mmap$usbfs(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r2, 0xff) newfstatat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x1000) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x8ae082, 0x0) read$usbfs(0xffffffffffffffff, &(0x7f0000000540)=""/56, 0x38) r3 = getuid() getsockopt$bt_sco_SCO_OPTIONS(0xffffffffffffffff, 0x11, 0x1, &(0x7f0000000800)=""/4096, 0x0) r4 = syz_init_net_socket$x25(0x9, 0x5, 0x0) r5 = fcntl$dupfd(r4, 0x0, 0xffffffffffffffff) sendmsg$nl_route_sched(r5, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000280)}, 0x4040001) r6 = syz_init_net_socket$x25(0x9, 0x5, 0x0) r7 = fcntl$dupfd(r6, 0x0, 0xffffffffffffffff) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=@ipv4_newrule={0x24, 0x20, 0x300, 0x70bd2d, 0x25dfdbfb, {0x2, 0x20, 0x0, 0x3, 0x4, 0x0, 0x0, 0x0, 0x14}, [@FRA_GENERIC_POLICY=@FRA_GOTO={0x8, 0x4, 0x7ff}]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x0) r8 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r8, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r8, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r8, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe5}]}, 0x10) sendto$inet(r8, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r8, 0x6, 0xd, &(0x7f0000000000)='bbr\x00', 0x3) setsockopt$sock_int(r8, 0x1, 0x8, &(0x7f0000000600)=0xda9, 0x4) sendto$inet(r8, &(0x7f00000012c0)="20048a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf9221a750fbf746bec66ba", 0xfe6a, 0xe, 0x0, 0xfffffffffffffe2b) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) sendmsg$nl_route_sched(r7, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000640)=ANY=[@ANYPTR64=&(0x7f0000000600)=ANY=[@ANYRES64=r1, @ANYPTR64=&(0x7f0000001800)=ANY=[@ANYBLOB="7960922a02fd0867f50f69c2b693776a042a43cf1a44f2d81c1fd516f76d90acab007b79c2e30139ca7b6035", @ANYRES16, @ANYBLOB, @ANYRESOCT, @ANYRES64=r7, @ANYBLOB="7fb4bfa5d170a0f1705c5f73cdbadc31f61b217715d32c21dc58f5d0fbadf3c6fdaeda41d8c63b99f4575fa0130e", @ANYRES16=0x0, @ANYRES16], @ANYRES32], @ANYRES16, @ANYRESHEX=0x0], 0x3}, 0x1, 0x0, 0x0, 0x28004895}, 0x4040001) lsetxattr$system_posix_acl(&(0x7f0000000080)='./file0\x00', &(0x7f00000001c0)='system.posix_acl_access\x00', &(0x7f00000006c0)=ANY=[@ANYRES32=0x0, @ANYBLOB="bfcd062f7215bad8e82eed366a73f26a613d", @ANYRES32=0x0, @ANYBLOB="02000000", @ANYRES32=0x0, @ANYBLOB="040000000000000008000200", @ANYRES32=0x0, @ANYBLOB="10000500000000002000010000000000"], 0x8, 0x2) fstat(r7, 0x0) lsetxattr$system_posix_acl(&(0x7f0000000380)='.//ile0\x00', &(0x7f00000003c0)='system.posix_acl_access\x00', &(0x7f0000000400)={{}, {0x1, 0x7}, [{0x2, 0x4, r3}], {0x4, 0x2}, [{0x8, 0x1}, {0x8, 0x3, 0xffffffffffffffff}], {0x10, 0x2}, {0x20, 0xd}}, 0x3c, 0x1) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="75707042726469723d2e2f66696c65302c6c6f7765726469723d2e3a66696c65302c776f726b6469721d2e2f66696c6531"]) mknod$loop(&(0x7f0000000000)='.//ile0\x00', 0x0, 0x0) r9 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) setsockopt$inet6_tcp_TCP_ULP(0xffffffffffffffff, 0x6, 0x1f, &(0x7f0000000140)='tls\x00', 0x4) ioctl$INOTIFY_IOC_SETNEXTWD(r9, 0x40044900, 0x10001) 06:00:31 executing program 5: socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x86, 0x1, @perf_bp={&(0x7f0000000480), 0x3}, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000440)='./file1\x00', 0x0) mkdir(&(0x7f0000000340)='./file0\x00', 0x0) r2 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000280)='/dev/qat_adf_ctl\x00', 0x0, 0x0) ioctl$DRM_IOCTL_SET_VERSION(r0, 0xc0106407, 0x0) mmap$usbfs(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r2, 0xff) newfstatat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x1000) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x8ae082, 0x0) read$usbfs(0xffffffffffffffff, &(0x7f0000000540)=""/56, 0x38) r3 = getuid() getsockopt$bt_sco_SCO_OPTIONS(0xffffffffffffffff, 0x11, 0x1, &(0x7f0000000800)=""/4096, 0x0) r4 = syz_init_net_socket$x25(0x9, 0x5, 0x0) r5 = fcntl$dupfd(r4, 0x0, 0xffffffffffffffff) sendmsg$nl_route_sched(r5, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000280)}, 0x4040001) r6 = syz_init_net_socket$x25(0x9, 0x5, 0x0) r7 = fcntl$dupfd(r6, 0x0, 0xffffffffffffffff) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=@ipv4_newrule={0x24, 0x20, 0x300, 0x70bd2d, 0x25dfdbfb, {0x2, 0x20, 0x0, 0x3, 0x4, 0x0, 0x0, 0x0, 0x14}, [@FRA_GENERIC_POLICY=@FRA_GOTO={0x8, 0x4, 0x7ff}]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x0) r8 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r8, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r8, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r8, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe5}]}, 0x10) sendto$inet(r8, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r8, 0x6, 0xd, &(0x7f0000000000)='bbr\x00', 0x3) setsockopt$sock_int(r8, 0x1, 0x8, &(0x7f0000000600)=0xda9, 0x4) sendto$inet(r8, &(0x7f00000012c0)="20048a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf9221a750fbf746bec66ba", 0xfe6a, 0xe, 0x0, 0xfffffffffffffe2b) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) sendmsg$nl_route_sched(r7, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000640)=ANY=[@ANYPTR64=&(0x7f0000000600)=ANY=[@ANYRES64=r1, @ANYPTR64=&(0x7f0000001800)=ANY=[@ANYBLOB="7960922a02fd0867f50f69c2b693776a042a43cf1a44f2d81c1fd516f76d90acab007b79c2e30139ca7b6035", @ANYRES16, @ANYBLOB, @ANYRESOCT, @ANYRES64=r7, @ANYBLOB="7fb4bfa5d170a0f1705c5f73cdbadc31f61b217715d32c21dc58f5d0fbadf3c6fdaeda41d8c63b99f4575fa0130e", @ANYRES16=0x0, @ANYRES16], @ANYRES32], @ANYRES16, @ANYRESHEX=0x0], 0x3}, 0x1, 0x0, 0x0, 0x28004895}, 0x4040001) lsetxattr$system_posix_acl(&(0x7f0000000080)='./file0\x00', &(0x7f00000001c0)='system.posix_acl_access\x00', &(0x7f00000006c0)=ANY=[@ANYRES32=0x0, @ANYBLOB="bfcd062f7215bad8e82eed366a73f26a613d", @ANYRES32=0x0, @ANYBLOB="02000000", @ANYRES32=0x0, @ANYBLOB="040000000000000008000200", @ANYRES32=0x0, @ANYBLOB="10000500000000002000010000000000"], 0x8, 0x2) fstat(r7, 0x0) lsetxattr$system_posix_acl(&(0x7f0000000380)='.//ile0\x00', &(0x7f00000003c0)='system.posix_acl_access\x00', &(0x7f0000000400)={{}, {0x1, 0x7}, [{0x2, 0x4, r3}], {0x4, 0x2}, [{0x8, 0x1}, {0x8, 0x3, 0xffffffffffffffff}], {0x10, 0x2}, {0x20, 0xd}}, 0x3c, 0x1) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="75707042726469723d2e2f66696c65302c6c6f7765726469723d2e3a66696c65302c776f726b6469721d2e2f66696c6531"]) mknod$loop(&(0x7f0000000000)='.//ile0\x00', 0x0, 0x0) r9 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) setsockopt$inet6_tcp_TCP_ULP(0xffffffffffffffff, 0x6, 0x1f, &(0x7f0000000140)='tls\x00', 0x4) ioctl$INOTIFY_IOC_SETNEXTWD(r9, 0x40044900, 0x10001) 06:00:31 executing program 4: syz_open_dev$media(0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000300)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$dsp1(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dsp1\x00', 0x0, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_MRT6_DEL_MFC(r0, 0x29, 0xd4, &(0x7f0000000000)={{0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffa4]}}, {0xa, 0x0, 0x0, @mcast2}}, 0x4) 06:00:31 executing program 3: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r3 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000040), 0x0) r4 = accept$alg(r3, 0x0, 0x0) r5 = dup(r4) recvmsg$can_raw(r5, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r5, 0xae47, 0x0) r6 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60) ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r8, 0xae60) ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0) r9 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r9, 0x117, 0x1, &(0x7f0000000040), 0x0) 06:00:31 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x207, 0x0) 06:00:31 executing program 1: pipe(&(0x7f0000000140)) socket$packet(0x11, 0x2, 0x300) socket$inet6_tcp(0xa, 0x1, 0x0) perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000240)) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff, 0x0, 0xd6be}, &(0x7f0000000200), 0x0) [ 3166.441644][T16721] overlayfs: unrecognized mount option "uppBrdir=./file0" or missing value 06:00:31 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x208, 0x0) 06:00:31 executing program 5: socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x86, 0x1, @perf_bp={&(0x7f0000000480), 0x3}, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000440)='./file1\x00', 0x0) mkdir(&(0x7f0000000340)='./file0\x00', 0x0) r2 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000280)='/dev/qat_adf_ctl\x00', 0x0, 0x0) ioctl$DRM_IOCTL_SET_VERSION(r0, 0xc0106407, 0x0) mmap$usbfs(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r2, 0xff) newfstatat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x1000) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x8ae082, 0x0) read$usbfs(0xffffffffffffffff, &(0x7f0000000540)=""/56, 0x38) r3 = getuid() getsockopt$bt_sco_SCO_OPTIONS(0xffffffffffffffff, 0x11, 0x1, &(0x7f0000000800)=""/4096, 0x0) r4 = syz_init_net_socket$x25(0x9, 0x5, 0x0) r5 = fcntl$dupfd(r4, 0x0, 0xffffffffffffffff) sendmsg$nl_route_sched(r5, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000280)}, 0x4040001) r6 = syz_init_net_socket$x25(0x9, 0x5, 0x0) r7 = fcntl$dupfd(r6, 0x0, 0xffffffffffffffff) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=@ipv4_newrule={0x24, 0x20, 0x300, 0x70bd2d, 0x25dfdbfb, {0x2, 0x20, 0x0, 0x3, 0x4, 0x0, 0x0, 0x0, 0x14}, [@FRA_GENERIC_POLICY=@FRA_GOTO={0x8, 0x4, 0x7ff}]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x0) r8 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r8, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r8, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r8, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe5}]}, 0x10) sendto$inet(r8, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r8, 0x6, 0xd, &(0x7f0000000000)='bbr\x00', 0x3) setsockopt$sock_int(r8, 0x1, 0x8, &(0x7f0000000600)=0xda9, 0x4) sendto$inet(r8, &(0x7f00000012c0)="20048a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf9221a750fbf746bec66ba", 0xfe6a, 0xe, 0x0, 0xfffffffffffffe2b) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) sendmsg$nl_route_sched(r7, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000640)=ANY=[@ANYPTR64=&(0x7f0000000600)=ANY=[@ANYRES64=r1, @ANYPTR64=&(0x7f0000001800)=ANY=[@ANYBLOB="7960922a02fd0867f50f69c2b693776a042a43cf1a44f2d81c1fd516f76d90acab007b79c2e30139ca7b6035", @ANYRES16, @ANYBLOB, @ANYRESOCT, @ANYRES64=r7, @ANYBLOB="7fb4bfa5d170a0f1705c5f73cdbadc31f61b217715d32c21dc58f5d0fbadf3c6fdaeda41d8c63b99f4575fa0130e", @ANYRES16=0x0, @ANYRES16], @ANYRES32], @ANYRES16, @ANYRESHEX=0x0], 0x3}, 0x1, 0x0, 0x0, 0x28004895}, 0x4040001) lsetxattr$system_posix_acl(&(0x7f0000000080)='./file0\x00', &(0x7f00000001c0)='system.posix_acl_access\x00', &(0x7f00000006c0)=ANY=[@ANYRES32=0x0, @ANYBLOB="bfcd062f7215bad8e82eed366a73f26a613d", @ANYRES32=0x0, @ANYBLOB="02000000", @ANYRES32=0x0, @ANYBLOB="040000000000000008000200", @ANYRES32=0x0, @ANYBLOB="10000500000000002000010000000000"], 0x8, 0x2) fstat(r7, 0x0) lsetxattr$system_posix_acl(&(0x7f0000000380)='.//ile0\x00', &(0x7f00000003c0)='system.posix_acl_access\x00', &(0x7f0000000400)={{}, {0x1, 0x7}, [{0x2, 0x4, r3}], {0x4, 0x2}, [{0x8, 0x1}, {0x8, 0x3, 0xffffffffffffffff}], {0x10, 0x2}, {0x20, 0xd}}, 0x3c, 0x1) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="75707042726469723d2e2f66696c65302c6c6f7765726469723d2e3a66696c65302c776f726b6469721d2e2f66696c6531"]) mknod$loop(&(0x7f0000000000)='.//ile0\x00', 0x0, 0x0) r9 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) setsockopt$inet6_tcp_TCP_ULP(0xffffffffffffffff, 0x6, 0x1f, &(0x7f0000000140)='tls\x00', 0x4) ioctl$INOTIFY_IOC_SETNEXTWD(r9, 0x40044900, 0x10001) 06:00:32 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x209, 0x0) 06:00:32 executing program 0: perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000000f00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r5 = socket$inet(0x10, 0x3, 0x0) sendmsg(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000003c0)="4c0000001200ef09fffefd956fa283b7270fd917df226c24a6008000200000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f", 0x4c}], 0x1}, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) recvmmsg(r5, &(0x7f0000001380), 0x4000056, 0x0, &(0x7f0000000200)={0x77359400}) prctl$PR_SET_DUMPABLE(0x4, 0x1) sendto$inet(0xffffffffffffffff, &(0x7f0000001680)="0fa9f2190522725fbaea", 0xa, 0x0, 0x0, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS(0xffffffffffffffff, 0xc0406619, &(0x7f0000000140)={{0x1, 0x0, @descriptor="cd111b0b41b648ad"}}) sendto$inet(r0, 0x0, 0x0, 0x210007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) 06:00:32 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x0, 0x0, &(0x7f0000000500), 0x0, &(0x7f0000000580)) 06:00:32 executing program 3: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r3 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000040), 0x0) r4 = accept$alg(r3, 0x0, 0x0) r5 = dup(r4) recvmsg$can_raw(r5, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r5, 0xae47, 0x0) r6 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60) ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r8, 0xae60) ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0) r9 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r9, 0x117, 0x1, &(0x7f0000000040), 0x0) 06:00:32 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x20a, 0x0) 06:00:32 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000000c0)=@newlink={0x40, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @ip6gretap={{0xe, 0x1, 'ip6gretap\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_TYPE={0x6}]}}}]}, 0x40}}, 0x0) 06:00:32 executing program 4: syz_open_dev$media(0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000300)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$dsp1(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dsp1\x00', 0x0, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_MRT6_DEL_MFC(r0, 0x29, 0xd4, &(0x7f0000000000)={{0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffa4]}}, {0xa, 0x0, 0x0, @mcast2}}, 0x4) 06:00:32 executing program 1: getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e23, @multicast2}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000640)='dctcp\x00', 0x6) sendto$inet(r0, 0x0, 0x0, 0x210007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) write(r0, &(0x7f00000001c0)="ee0107200c9f8fbf5ca312794d57d7c84858f6d02ac7044478a1ceaba80c756a581354e1c3bc0f39ab71266531e5c6b4d607559441a2a1492bc86146e4a205b0b8db310441cf08c043a775bb5e3a82dbc589f50c52e15266c634790cab6745980751ca698dbd91bc", 0x7f37) [ 3167.398395][T16762] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3167.407843][T16762] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3167.418344][T16762] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3167.427965][T16762] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3167.437567][T16762] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3167.447136][T16762] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3167.456684][T16762] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3167.467000][T16762] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3167.476962][T16762] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3167.486648][T16762] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.0'. 06:00:32 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x20b, 0x0) 06:00:32 executing program 1: getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e23, @multicast2}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000640)='dctcp\x00', 0x6) sendto$inet(r0, 0x0, 0x0, 0x210007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) write(r0, &(0x7f00000001c0)="ee0107200c9f8fbf5ca312794d57d7c84858f6d02ac7044478a1ceaba80c756a581354e1c3bc0f39ab71266531e5c6b4d607559441a2a1492bc86146e4a205b0b8db310441cf08c043a775bb5e3a82dbc589f50c52e15266c634790cab6745980751ca698dbd91bc", 0x7f37) 06:00:32 executing program 5: open(&(0x7f00000000c0)='./file0\x00', 0x80044, 0x0) lsetxattr$security_capability(&(0x7f0000000140)='./file0\x00', &(0x7f0000000080)='security.capability\x00', &(0x7f0000000000)=@v3, 0x18, 0x0) getxattr(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)=ANY=[], 0x0, 0xffb6) 06:00:33 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x20c, 0x0) 06:00:33 executing program 5: open(&(0x7f00000000c0)='./file0\x00', 0x80044, 0x0) lsetxattr$security_capability(&(0x7f0000000140)='./file0\x00', &(0x7f0000000080)='security.capability\x00', &(0x7f0000000000)=@v3, 0x18, 0x0) getxattr(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)=ANY=[], 0x0, 0xffb6) 06:00:33 executing program 0: perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000000f00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r5 = socket$inet(0x10, 0x3, 0x0) sendmsg(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000003c0)="4c0000001200ef09fffefd956fa283b7270fd917df226c24a6008000200000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f", 0x4c}], 0x1}, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) recvmmsg(r5, &(0x7f0000001380), 0x4000056, 0x0, &(0x7f0000000200)={0x77359400}) prctl$PR_SET_DUMPABLE(0x4, 0x1) sendto$inet(0xffffffffffffffff, &(0x7f0000001680)="0fa9f2190522725fbaea", 0xa, 0x0, 0x0, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS(0xffffffffffffffff, 0xc0406619, &(0x7f0000000140)={{0x1, 0x0, @descriptor="cd111b0b41b648ad"}}) sendto$inet(r0, 0x0, 0x0, 0x210007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) 06:00:33 executing program 1: getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e23, @multicast2}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000640)='dctcp\x00', 0x6) sendto$inet(r0, 0x0, 0x0, 0x210007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) write(r0, &(0x7f00000001c0)="ee0107200c9f8fbf5ca312794d57d7c84858f6d02ac7044478a1ceaba80c756a581354e1c3bc0f39ab71266531e5c6b4d607559441a2a1492bc86146e4a205b0b8db310441cf08c043a775bb5e3a82dbc589f50c52e15266c634790cab6745980751ca698dbd91bc", 0x7f37) 06:00:33 executing program 3: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) dup(r1) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r3 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000040), 0x0) r4 = accept$alg(r3, 0x0, 0x0) r5 = dup(r4) recvmsg$can_raw(r5, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r5, 0xae47, 0x0) r6 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60) ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r8, 0xae60) ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0) r9 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r9, 0x117, 0x1, &(0x7f0000000040), 0x0) 06:00:33 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x20d, 0x0) [ 3168.314216][ C0] print_req_error: 295 callbacks suppressed [ 3168.314243][ C0] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3168.331264][ C0] buffer_io_error: 295 callbacks suppressed [ 3168.331274][ C0] Buffer I/O error on dev loop0, logical block 0, async page read [ 3168.345513][ C1] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3168.358452][ C1] Buffer I/O error on dev loop0, logical block 0, async page read 06:00:33 executing program 5: perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000000f00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r5 = socket$inet(0x10, 0x3, 0x0) sendmsg(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000003c0)="4c0000001200ef09fffefd956fa283b7270fd917df226c24a6008000200000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f", 0x4c}], 0x1}, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) recvmmsg(r5, &(0x7f0000001380), 0x4000056, 0x0, &(0x7f0000000200)={0x77359400}) prctl$PR_SET_DUMPABLE(0x4, 0x1) sendto$inet(0xffffffffffffffff, &(0x7f0000001680)="0fa9f2190522725fbaea", 0xa, 0x0, 0x0, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS(0xffffffffffffffff, 0xc0406619, &(0x7f0000000140)={{0x1, 0x0, @descriptor="cd111b0b41b648ad"}}) sendto$inet(r0, 0x0, 0x0, 0x210007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) [ 3168.423481][ C1] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3168.434399][ C1] Buffer I/O error on dev loop0, logical block 0, async page read [ 3168.544065][ C1] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3168.555015][ C1] Buffer I/O error on dev loop0, logical block 0, async page read [ 3168.639956][ C1] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3168.651139][ C1] Buffer I/O error on dev loop0, logical block 0, async page read [ 3168.706345][ C1] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3168.719510][ C1] Buffer I/O error on dev loop0, logical block 0, async page read [ 3168.733763][ C1] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3168.744691][ C1] Buffer I/O error on dev loop0, logical block 0, async page read [ 3168.755491][ C1] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3168.766455][ C1] Buffer I/O error on dev loop0, logical block 0, async page read [ 3168.795896][ C1] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3168.806898][ C1] Buffer I/O error on dev loop0, logical block 0, async page read [ 3168.819125][ C1] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3168.830065][ C1] Buffer I/O error on dev loop0, logical block 0, async page read 06:00:34 executing program 1: getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e23, @multicast2}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000640)='dctcp\x00', 0x6) sendto$inet(r0, 0x0, 0x0, 0x210007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) write(r0, &(0x7f00000001c0)="ee0107200c9f8fbf5ca312794d57d7c84858f6d02ac7044478a1ceaba80c756a581354e1c3bc0f39ab71266531e5c6b4d607559441a2a1492bc86146e4a205b0b8db310441cf08c043a775bb5e3a82dbc589f50c52e15266c634790cab6745980751ca698dbd91bc", 0x7f37) 06:00:34 executing program 4: syz_open_dev$media(0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000300)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$dsp1(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dsp1\x00', 0x0, 0x0) setsockopt$inet6_MRT6_ADD_MIF(0xffffffffffffffff, 0x29, 0xca, &(0x7f0000000080)={0x8, 0x0, 0x0, 0x9}, 0xc) setsockopt$inet6_MRT6_DEL_MFC(0xffffffffffffffff, 0x29, 0xd4, &(0x7f0000000000)={{0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffa4]}}, {0xa, 0x0, 0x0, @mcast2}}, 0x4) 06:00:34 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x20e, 0x0) 06:00:34 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x20f, 0x0) 06:00:34 executing program 3: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) dup(r1) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r3 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000040), 0x0) r4 = accept$alg(r3, 0x0, 0x0) r5 = dup(r4) recvmsg$can_raw(r5, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r5, 0xae47, 0x0) r6 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60) ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r8, 0xae60) ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0) r9 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r9, 0x117, 0x1, &(0x7f0000000040), 0x0) 06:00:34 executing program 0: open(&(0x7f00000000c0)='./file0\x00', 0x80044, 0x0) lsetxattr$security_capability(&(0x7f0000000140)='./file0\x00', &(0x7f0000000080)='security.capability\x00', &(0x7f0000000000)=@v3, 0x18, 0x0) getxattr(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)=ANY=[], 0x0, 0xffb6) 06:00:34 executing program 1: r0 = memfd_create(&(0x7f0000000140)='\x00\x04\x00\x00', 0x0) write$binfmt_elf32(r0, &(0x7f00000004c0)=ANY=[@ANYBLOB="7f454c4605ead736373f764365ce27b90300060000000000000000b738000000000035f4c38442a3bc8220"], 0x2b) execveat(r0, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000) openat$md(0xffffffffffffff9c, 0x0, 0x0, 0x0) 06:00:34 executing program 5: perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000000f00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r5 = socket$inet(0x10, 0x3, 0x0) sendmsg(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000003c0)="4c0000001200ef09fffefd956fa283b7270fd917df226c24a6008000200000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f", 0x4c}], 0x1}, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) recvmmsg(r5, &(0x7f0000001380), 0x4000056, 0x0, &(0x7f0000000200)={0x77359400}) prctl$PR_SET_DUMPABLE(0x4, 0x1) sendto$inet(0xffffffffffffffff, &(0x7f0000001680)="0fa9f2190522725fbaea", 0xa, 0x0, 0x0, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS(0xffffffffffffffff, 0xc0406619, &(0x7f0000000140)={{0x1, 0x0, @descriptor="cd111b0b41b648ad"}}) sendto$inet(r0, 0x0, 0x0, 0x210007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) 06:00:34 executing program 4: syz_open_dev$media(0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000300)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$dsp1(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dsp1\x00', 0x0, 0x0) setsockopt$inet6_MRT6_ADD_MIF(0xffffffffffffffff, 0x29, 0xca, &(0x7f0000000080)={0x8, 0x0, 0x0, 0x9}, 0xc) setsockopt$inet6_MRT6_DEL_MFC(0xffffffffffffffff, 0x29, 0xd4, &(0x7f0000000000)={{0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffa4]}}, {0xa, 0x0, 0x0, @mcast2}}, 0x4) 06:00:34 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x0, 0x0) recvmmsg(r1, &(0x7f0000000f00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r4 = socket$inet(0x10, 0x3, 0x0) sendmsg(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000003c0)="4c0000001200ef09fffefd956fa283b7270fd917df226c24a6008000200000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f", 0x4c}], 0x1}, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) recvmmsg(r4, &(0x7f0000001380), 0x4000056, 0x0, &(0x7f0000000200)={0x77359400}) prctl$PR_SET_DUMPABLE(0x4, 0x1) sendto$inet(0xffffffffffffffff, &(0x7f0000001680)="0fa9f2190522725fbaea", 0xa, 0x0, 0x0, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x4e23, @multicast2}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000640)='dctcp\x00', 0x6) ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS(0xffffffffffffffff, 0xc0406619, &(0x7f0000000140)={{0x1, 0x0, @descriptor="cd111b0b41b648ad"}}) preadv(0xffffffffffffffff, &(0x7f0000000700)=[{&(0x7f0000000780)=""/164, 0xa4}, {&(0x7f0000000440)=""/210, 0xd2}, {&(0x7f0000000100)=""/7, 0x7}, {&(0x7f0000000580)=""/74, 0x4a}, {&(0x7f0000000680)=""/97, 0x61}], 0x5, 0x81) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x210007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) [ 3169.650351][T16855] syz-executor.3 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 06:00:35 executing program 1: perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000000f00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r5 = socket$inet(0x10, 0x3, 0x0) sendmsg(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000003c0)="4c0000001200ef09fffefd956fa283b7270fd917df226c24a6008000200000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f", 0x4c}], 0x1}, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) recvmmsg(r5, &(0x7f0000001380), 0x4000056, 0x0, &(0x7f0000000200)={0x77359400}) prctl$PR_SET_DUMPABLE(0x4, 0x0) sendto$inet(0xffffffffffffffff, &(0x7f0000001680)="0fa9f2190522725fbaea", 0xa, 0x0, 0x0, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS(0xffffffffffffffff, 0xc0406619, &(0x7f0000000140)={{0x1, 0x0, @descriptor="cd111b0b41b648ad"}}) preadv(0xffffffffffffffff, &(0x7f0000000700)=[{&(0x7f0000000780)=""/164, 0xa4}, {&(0x7f0000000440)=""/210, 0xd2}, {&(0x7f0000000100)=""/7, 0x7}, {&(0x7f0000000580)=""/74, 0x4a}, {&(0x7f0000000680)=""/97, 0x61}], 0x5, 0x81) sendto$inet(r0, 0x0, 0x0, 0x210007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) 06:00:35 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x210, 0x0) [ 3169.879308][T16855] CPU: 1 PID: 16855 Comm: syz-executor.3 Not tainted 5.6.0-rc1-syzkaller #0 [ 3169.888124][T16855] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3169.898324][T16855] Call Trace: [ 3169.901678][T16855] dump_stack+0x11d/0x181 [ 3169.906030][T16855] dump_header+0xaa/0x39c [ 3169.910378][T16855] oom_kill_process.cold+0x10/0x15 [ 3169.915509][T16855] out_of_memory+0x231/0xa60 [ 3169.920119][T16855] ? __rcu_read_unlock+0x66/0x2f0 [ 3169.925207][T16855] mem_cgroup_out_of_memory+0x128/0x150 [ 3169.930782][T16855] try_charge+0xb6c/0xbf0 [ 3169.935219][T16855] __memcg_kmem_charge_memcg+0x4a/0xe0 [ 3169.940746][T16855] __memcg_kmem_charge+0xcf/0x1b0 [ 3169.945813][T16855] __alloc_pages_nodemask+0x26c/0x310 [ 3169.951241][T16855] alloc_pages_current+0xd1/0x170 [ 3169.956369][T16855] pte_alloc_one+0x18/0x50 [ 3169.960805][T16855] __handle_mm_fault+0x2be6/0x2e00 [ 3169.966030][T16855] handle_mm_fault+0x21b/0x530 [ 3169.970823][T16855] do_page_fault+0x496/0xa3d [ 3169.975540][T16855] page_fault+0x34/0x40 [ 3169.979701][T16855] RIP: 0033:0x45c449 [ 3169.983602][T16855] Code: Bad RIP value. [ 3169.987668][T16855] RSP: 002b:00007f331e30dc78 EFLAGS: 00010246 [ 3169.993877][T16855] RAX: 0000000000000000 RBX: 00007f331e30e6d4 RCX: 000000000045c449 [ 3170.001854][T16855] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 3170.009897][T16855] RBP: 000000000076bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 3170.017885][T16855] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 3170.026134][T16855] R13: 0000000000000074 R14: 00000000004c2ce6 R15: 000000000076bf2c [ 3170.143467][T16855] memory: usage 307200kB, limit 307200kB, failcnt 603 [ 3170.224621][T16855] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3170.239152][T16855] Memory cgroup stats for /syz3: [ 3170.246014][T16855] anon 278077440 [ 3170.246014][T16855] file 24576 [ 3170.246014][T16855] kernel_stack 2949120 [ 3170.246014][T16855] slab 9502720 [ 3170.246014][T16855] sock 0 [ 3170.246014][T16855] shmem 106496 [ 3170.246014][T16855] file_mapped 0 [ 3170.246014][T16855] file_dirty 0 [ 3170.246014][T16855] file_writeback 0 [ 3170.246014][T16855] anon_thp 257949696 [ 3170.246014][T16855] inactive_anon 135168 [ 3170.246014][T16855] active_anon 278151168 [ 3170.246014][T16855] inactive_file 0 [ 3170.246014][T16855] active_file 0 [ 3170.246014][T16855] unevictable 0 [ 3170.246014][T16855] slab_reclaimable 1622016 [ 3170.246014][T16855] slab_unreclaimable 7880704 [ 3170.246014][T16855] pgfault 226413 [ 3170.246014][T16855] pgmajfault 0 [ 3170.246014][T16855] workingset_refault 132 [ 3170.246014][T16855] workingset_activate 33 [ 3170.246014][T16855] workingset_nodereclaim 0 [ 3170.246014][T16855] pgrefill 664 [ 3170.246014][T16855] pgscan 677 [ 3170.246014][T16855] pgsteal 312 [ 3170.355601][T16855] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=16661,uid=0 [ 3170.375958][T16855] Memory cgroup out of memory: Killed process 16661 (syz-executor.3) total-vm:74836kB, anon-rss:4272kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 06:00:35 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x211, 0x0) 06:00:35 executing program 5: perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000000f00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r5 = socket$inet(0x10, 0x3, 0x0) sendmsg(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000003c0)="4c0000001200ef09fffefd956fa283b7270fd917df226c24a6008000200000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f", 0x4c}], 0x1}, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) recvmmsg(r5, &(0x7f0000001380), 0x4000056, 0x0, &(0x7f0000000200)={0x77359400}) prctl$PR_SET_DUMPABLE(0x4, 0x1) sendto$inet(0xffffffffffffffff, &(0x7f0000001680)="0fa9f2190522725fbaea", 0xa, 0x0, 0x0, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS(0xffffffffffffffff, 0xc0406619, &(0x7f0000000140)={{0x1, 0x0, @descriptor="cd111b0b41b648ad"}}) sendto$inet(r0, 0x0, 0x0, 0x210007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) [ 3170.484576][T16844] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3170.550416][T16844] CPU: 1 PID: 16844 Comm: syz-executor.3 Not tainted 5.6.0-rc1-syzkaller #0 [ 3170.559515][T16844] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3170.569777][T16844] Call Trace: [ 3170.573086][T16844] dump_stack+0x11d/0x181 [ 3170.577455][T16844] dump_header+0xaa/0x39c [ 3170.581946][T16844] oom_kill_process.cold+0x10/0x15 [ 3170.587088][T16844] out_of_memory+0x231/0xa60 [ 3170.591722][T16844] mem_cgroup_out_of_memory+0x128/0x150 [ 3170.597314][T16844] try_charge+0x800/0xbf0 [ 3170.601745][T16844] mem_cgroup_try_charge+0xd2/0x260 [ 3170.607062][T16844] mem_cgroup_try_charge_delay+0x3a/0x80 [ 3170.612767][T16844] wp_page_copy+0x322/0xf20 [ 3170.617477][T16844] ? __read_once_size+0x41/0xe0 [ 3170.622368][T16844] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 3170.628398][T16844] do_wp_page+0x192/0xd20 [ 3170.632790][T16844] __handle_mm_fault+0x1d16/0x2e00 [ 3170.637973][T16844] handle_mm_fault+0x21b/0x530 [ 3170.642909][T16844] do_page_fault+0x496/0xa3d [ 3170.647558][T16844] page_fault+0x34/0x40 [ 3170.651724][T16844] RIP: 0033:0x413d10 [ 3170.655645][T16844] Code: ff ff 48 83 c8 01 48 89 05 9d e9 86 00 48 8b 05 96 c1 30 00 49 c7 85 c8 02 00 00 90 fe 71 00 49 89 85 c0 02 00 00 4c 89 70 08 <4c> 89 35 79 c1 30 00 48 c7 05 6e e9 86 00 00 00 00 00 f0 ff 0d 6f [ 3170.675404][T16844] RSP: 002b:00007ffc79c5d860 EFLAGS: 00010202 [ 3170.681647][T16844] RAX: 00007f331e30e9c0 RBX: 0000000000020000 RCX: 00000000ffffffe0 [ 3170.689628][T16844] RDX: 0000000000000040 RSI: 0000000000000001 RDI: 00007f331e2ed6a0 [ 3170.697611][T16844] RBP: 00007ffc79c5d940 R08: 0000000000721800 R09: 0000000000721800 [ 3170.705609][T16844] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffc79c5da30 [ 3170.713590][T16844] R13: 00007f331e2ed700 R14: 00007f331e2ed9c0 R15: 000000000076bfcc 06:00:36 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x0, 0x0) recvmmsg(r1, &(0x7f0000000f00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r4 = socket$inet(0x10, 0x3, 0x0) sendmsg(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000003c0)="4c0000001200ef09fffefd956fa283b7270fd917df226c24a6008000200000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f", 0x4c}], 0x1}, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) recvmmsg(r4, &(0x7f0000001380), 0x4000056, 0x0, &(0x7f0000000200)={0x77359400}) prctl$PR_SET_DUMPABLE(0x4, 0x1) sendto$inet(0xffffffffffffffff, &(0x7f0000001680)="0fa9f2190522725fbaea", 0xa, 0x0, 0x0, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x4e23, @multicast2}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000640)='dctcp\x00', 0x6) ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS(0xffffffffffffffff, 0xc0406619, &(0x7f0000000140)={{0x1, 0x0, @descriptor="cd111b0b41b648ad"}}) preadv(0xffffffffffffffff, &(0x7f0000000700)=[{&(0x7f0000000780)=""/164, 0xa4}, {&(0x7f0000000440)=""/210, 0xd2}, {&(0x7f0000000100)=""/7, 0x7}, {&(0x7f0000000580)=""/74, 0x4a}, {&(0x7f0000000680)=""/97, 0x61}], 0x5, 0x81) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x210007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) 06:00:36 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x212, 0x0) [ 3171.280919][T16844] memory: usage 302412kB, limit 307200kB, failcnt 603 [ 3171.298014][T16844] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3171.327551][T16844] Memory cgroup stats for /syz3: [ 3171.327805][T16844] anon 273899520 [ 3171.327805][T16844] file 24576 [ 3171.327805][T16844] kernel_stack 2949120 [ 3171.327805][T16844] slab 9310208 [ 3171.327805][T16844] sock 0 [ 3171.327805][T16844] shmem 106496 [ 3171.327805][T16844] file_mapped 0 [ 3171.327805][T16844] file_dirty 0 [ 3171.327805][T16844] file_writeback 0 [ 3171.327805][T16844] anon_thp 253755392 [ 3171.327805][T16844] inactive_anon 135168 [ 3171.327805][T16844] active_anon 273973248 [ 3171.327805][T16844] inactive_file 0 [ 3171.327805][T16844] active_file 0 [ 3171.327805][T16844] unevictable 0 [ 3171.327805][T16844] slab_reclaimable 1622016 [ 3171.327805][T16844] slab_unreclaimable 7688192 [ 3171.327805][T16844] pgfault 226413 [ 3171.327805][T16844] pgmajfault 0 [ 3171.327805][T16844] workingset_refault 132 [ 3171.327805][T16844] workingset_activate 33 [ 3171.327805][T16844] workingset_nodereclaim 0 [ 3171.327805][T16844] pgrefill 664 [ 3171.327805][T16844] pgscan 677 [ 3171.327805][T16844] pgsteal 312 [ 3171.432288][T16844] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=16499,uid=0 [ 3171.451141][T16844] Memory cgroup out of memory: Killed process 16499 (syz-executor.3) total-vm:74836kB, anon-rss:4272kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 [ 3171.585705][T16851] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3171.634359][T16851] CPU: 1 PID: 16851 Comm: syz-executor.3 Not tainted 5.6.0-rc1-syzkaller #0 [ 3171.643082][T16851] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3171.653461][T16851] Call Trace: [ 3171.656850][T16851] dump_stack+0x11d/0x181 [ 3171.661239][T16851] dump_header+0xaa/0x39c [ 3171.665715][T16851] oom_kill_process.cold+0x10/0x15 [ 3171.670848][T16851] out_of_memory+0x231/0xa60 [ 3171.675476][T16851] mem_cgroup_out_of_memory+0x128/0x150 [ 3171.681088][T16851] try_charge+0x800/0xbf0 [ 3171.685504][T16851] mem_cgroup_try_charge+0xd2/0x260 [ 3171.690740][T16851] mem_cgroup_try_charge_delay+0x3a/0x80 [ 3171.696394][T16851] wp_page_copy+0x322/0xf20 [ 3171.701092][T16851] ? __read_once_size+0x41/0xe0 [ 3171.706052][T16851] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 3171.711995][T16851] do_wp_page+0x192/0xd20 [ 3171.716514][T16851] __handle_mm_fault+0x1d16/0x2e00 [ 3171.721702][T16851] handle_mm_fault+0x21b/0x530 [ 3171.726540][T16851] do_page_fault+0x496/0xa3d [ 3171.731157][T16851] page_fault+0x34/0x40 [ 3171.735334][T16851] RIP: 0033:0x403f80 [ 3171.739376][T16851] Code: 80 3d fb e6 87 00 00 c6 85 84 00 00 00 00 74 0f 8b 05 e8 e6 87 00 39 45 24 0f 84 46 02 00 00 44 8b a5 80 00 00 00 48 8b 5d 78 fb e6 ff ff 48 2b 05 84 40 34 00 8b 75 00 4c 89 f1 45 89 e1 49 [ 3171.759305][T16851] RSP: 002b:00007f331e30dc90 EFLAGS: 00010246 [ 3171.765372][T16851] RAX: 00007f332030f000 RBX: 0000000000005d1c RCX: 0000000000000000 [ 3171.773483][T16851] RDX: 000000000003ffff RSI: 0000000000403ecc RDI: 0000000000000000 [ 3171.781612][T16851] RBP: 000000000076bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 3171.789761][T16851] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3171.797743][T16851] R13: 0000000000000074 R14: 00000000004c2ce6 R15: 000000000076bf2c [ 3171.898333][T16851] memory: usage 297852kB, limit 307200kB, failcnt 603 [ 3171.974324][T16851] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3171.991935][T16851] Memory cgroup stats for /syz3: [ 3171.992173][T16851] anon 269590528 [ 3171.992173][T16851] file 24576 [ 3171.992173][T16851] kernel_stack 2912256 [ 3171.992173][T16851] slab 9310208 [ 3171.992173][T16851] sock 0 [ 3171.992173][T16851] shmem 106496 [ 3171.992173][T16851] file_mapped 0 [ 3171.992173][T16851] file_dirty 0 [ 3171.992173][T16851] file_writeback 0 [ 3171.992173][T16851] anon_thp 249561088 [ 3171.992173][T16851] inactive_anon 135168 [ 3171.992173][T16851] active_anon 269590528 [ 3171.992173][T16851] inactive_file 0 [ 3171.992173][T16851] active_file 0 [ 3171.992173][T16851] unevictable 0 [ 3171.992173][T16851] slab_reclaimable 1622016 [ 3171.992173][T16851] slab_unreclaimable 7688192 [ 3171.992173][T16851] pgfault 226413 [ 3171.992173][T16851] pgmajfault 0 [ 3171.992173][T16851] workingset_refault 132 [ 3171.992173][T16851] workingset_activate 33 [ 3171.992173][T16851] workingset_nodereclaim 0 [ 3171.992173][T16851] pgrefill 664 [ 3171.992173][T16851] pgscan 677 [ 3171.992173][T16851] pgsteal 312 [ 3172.205469][T16851] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=16579,uid=0 [ 3172.232254][T16851] Memory cgroup out of memory: Killed process 16579 (syz-executor.3) total-vm:74704kB, anon-rss:4264kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 06:00:37 executing program 3: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) dup(r1) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r3 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000040), 0x0) r4 = accept$alg(r3, 0x0, 0x0) r5 = dup(r4) recvmsg$can_raw(r5, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r5, 0xae47, 0x0) r6 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60) ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r8, 0xae60) ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0) r9 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r9, 0x117, 0x1, &(0x7f0000000040), 0x0) 06:00:37 executing program 1: perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000000f00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r5 = socket$inet(0x10, 0x3, 0x0) sendmsg(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000003c0)="4c0000001200ef09fffefd956fa283b7270fd917df226c24a6008000200000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f", 0x4c}], 0x1}, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) recvmmsg(r5, &(0x7f0000001380), 0x4000056, 0x0, &(0x7f0000000200)={0x77359400}) prctl$PR_SET_DUMPABLE(0x4, 0x0) sendto$inet(0xffffffffffffffff, &(0x7f0000001680)="0fa9f2190522725fbaea", 0xa, 0x0, 0x0, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS(0xffffffffffffffff, 0xc0406619, &(0x7f0000000140)={{0x1, 0x0, @descriptor="cd111b0b41b648ad"}}) preadv(0xffffffffffffffff, &(0x7f0000000700)=[{&(0x7f0000000780)=""/164, 0xa4}, {&(0x7f0000000440)=""/210, 0xd2}, {&(0x7f0000000100)=""/7, 0x7}, {&(0x7f0000000580)=""/74, 0x4a}, {&(0x7f0000000680)=""/97, 0x61}], 0x5, 0x81) sendto$inet(r0, 0x0, 0x0, 0x210007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) 06:00:37 executing program 4: syz_open_dev$media(0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000300)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$dsp1(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dsp1\x00', 0x0, 0x0) setsockopt$inet6_MRT6_ADD_MIF(0xffffffffffffffff, 0x29, 0xca, &(0x7f0000000080)={0x8, 0x0, 0x0, 0x9}, 0xc) setsockopt$inet6_MRT6_DEL_MFC(0xffffffffffffffff, 0x29, 0xd4, &(0x7f0000000000)={{0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffa4]}}, {0xa, 0x0, 0x0, @mcast2}}, 0x4) 06:00:37 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x213, 0x0) 06:00:37 executing program 5: perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000000f00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r5 = socket$inet(0x10, 0x3, 0x0) sendmsg(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000003c0)="4c0000001200ef09fffefd956fa283b7270fd917df226c24a6008000200000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f", 0x4c}], 0x1}, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) recvmmsg(r5, &(0x7f0000001380), 0x4000056, 0x0, &(0x7f0000000200)={0x77359400}) prctl$PR_SET_DUMPABLE(0x4, 0x0) sendto$inet(0xffffffffffffffff, &(0x7f0000001680)="0fa9f2190522725fbaea", 0xa, 0x0, 0x0, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS(0xffffffffffffffff, 0xc0406619, &(0x7f0000000140)={{0x1, 0x0, @descriptor="cd111b0b41b648ad"}}) preadv(0xffffffffffffffff, &(0x7f0000000700)=[{&(0x7f0000000780)=""/164, 0xa4}, {&(0x7f0000000440)=""/210, 0xd2}, {&(0x7f0000000100)=""/7, 0x7}, {&(0x7f0000000580)=""/74, 0x4a}, {&(0x7f0000000680)=""/97, 0x61}], 0x5, 0x81) sendto$inet(r0, 0x0, 0x0, 0x210007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) 06:00:37 executing program 0: perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000000f00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r5 = socket$inet(0x10, 0x3, 0x0) sendmsg(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000003c0)="4c0000001200ef09fffefd956fa283b7270fd917df226c24a6008000200000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f", 0x4c}], 0x1}, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) recvmmsg(r5, &(0x7f0000001380), 0x4000056, 0x0, &(0x7f0000000200)={0x77359400}) prctl$PR_SET_DUMPABLE(0x4, 0x0) sendto$inet(0xffffffffffffffff, &(0x7f0000001680)="0fa9f2190522725fbaea", 0xa, 0x0, 0x0, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS(0xffffffffffffffff, 0xc0406619, &(0x7f0000000140)={{0x1, 0x0, @descriptor="cd111b0b41b648ad"}}) preadv(0xffffffffffffffff, &(0x7f0000000700)=[{&(0x7f0000000780)=""/164, 0xa4}, {&(0x7f0000000440)=""/210, 0xd2}, {&(0x7f0000000100)=""/7, 0x7}, {&(0x7f0000000580)=""/74, 0x4a}, {&(0x7f0000000680)=""/97, 0x61}], 0x5, 0x81) sendto$inet(r0, 0x0, 0x0, 0x210007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) [ 3172.911361][T16975] __nla_validate_parse: 658 callbacks suppressed [ 3172.911372][T16975] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3172.927328][T16975] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3172.937618][T16976] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.5'. [ 3172.943138][T16975] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3172.958931][T16976] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.5'. [ 3172.968573][T16975] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3172.978138][T16976] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.5'. [ 3172.989034][T16977] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3172.989723][T16976] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.5'. 06:00:38 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x214, 0x0) [ 3173.010100][T16975] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.0'. 06:00:38 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x215, 0x0) 06:00:38 executing program 4: syz_open_dev$media(0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000300)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_MRT6_ADD_MIF(r0, 0x29, 0xca, &(0x7f0000000080)={0x8, 0x0, 0x0, 0x9}, 0xc) setsockopt$inet6_MRT6_DEL_MFC(r0, 0x29, 0xd4, &(0x7f0000000000)={{0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffa4]}}, {0xa, 0x0, 0x0, @mcast2}}, 0x4) 06:00:38 executing program 3: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) accept$alg(r0, 0x0, 0x0) recvmsg$can_raw(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r2 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000040), 0x0) r3 = accept$alg(r2, 0x0, 0x0) r4 = dup(r3) recvmsg$can_raw(r4, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r4, 0xae47, 0x0) r5 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r5, 0xae60) ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r7, 0xae60) ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0) r8 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r8, 0x117, 0x1, &(0x7f0000000040), 0x0) 06:00:38 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x0, 0x0) recvmmsg(r1, &(0x7f0000000f00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r4 = socket$inet(0x10, 0x3, 0x0) sendmsg(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000003c0)="4c0000001200ef09fffefd956fa283b7270fd917df226c24a6008000200000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f", 0x4c}], 0x1}, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) recvmmsg(r4, &(0x7f0000001380), 0x4000056, 0x0, &(0x7f0000000200)={0x77359400}) prctl$PR_SET_DUMPABLE(0x4, 0x1) sendto$inet(0xffffffffffffffff, &(0x7f0000001680)="0fa9f2190522725fbaea", 0xa, 0x0, 0x0, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x4e23, @multicast2}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000640)='dctcp\x00', 0x6) ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS(0xffffffffffffffff, 0xc0406619, &(0x7f0000000140)={{0x1, 0x0, @descriptor="cd111b0b41b648ad"}}) preadv(0xffffffffffffffff, &(0x7f0000000700)=[{&(0x7f0000000780)=""/164, 0xa4}, {&(0x7f0000000440)=""/210, 0xd2}, {&(0x7f0000000100)=""/7, 0x7}, {&(0x7f0000000580)=""/74, 0x4a}, {&(0x7f0000000680)=""/97, 0x61}], 0x5, 0x81) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x210007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) 06:00:38 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) getpid() sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000000f00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r3 = socket$inet(0x10, 0x3, 0x0) sendmsg(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000003c0)="4c0000001200ef09fffefd956fa283b7270fd917df226c24a6008000200000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f", 0x4c}], 0x1}, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) recvmmsg(r3, &(0x7f0000001380), 0x4000056, 0x0, &(0x7f0000000200)={0x77359400}) sendto$inet(0xffffffffffffffff, &(0x7f0000001680)="0fa9f2190522725fbaea", 0xa, 0x0, 0x0, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x4e23, @multicast2}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000640)='dctcp\x00', 0x6) ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS(0xffffffffffffffff, 0xc0406619, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000700)=[{&(0x7f0000000780)=""/164, 0xa4}, {&(0x7f0000000440)=""/210, 0xd2}, {&(0x7f0000000100)=""/7, 0x7}, {&(0x7f0000000580)=""/74, 0x4a}], 0x4, 0x81) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x210007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) 06:00:38 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000340)=@newlink={0x40, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, r2}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_ADDRESS={0xa, 0x5, @empty=[0x4]}]}, 0x40}}, 0x0) 06:00:38 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x216, 0x0) [ 3173.910308][T17015] netlink: 'syz-executor.0': attribute type 5 has an invalid length. [ 3173.948249][ C0] print_req_error: 295 callbacks suppressed [ 3173.948279][ C0] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3173.965149][ C0] buffer_io_error: 295 callbacks suppressed [ 3173.965162][ C0] Buffer I/O error on dev loop0, logical block 0, async page read [ 3174.022084][ C0] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3174.033207][ C0] Buffer I/O error on dev loop0, logical block 0, async page read [ 3174.066129][T17023] netlink: 'syz-executor.0': attribute type 5 has an invalid length. [ 3174.077665][ C0] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3174.088664][ C0] Buffer I/O error on dev loop0, logical block 0, async page read 06:00:39 executing program 0: [ 3174.185587][ C0] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3174.196683][ C0] Buffer I/O error on dev loop0, logical block 0, async page read 06:00:39 executing program 3: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) accept$alg(r0, 0x0, 0x0) recvmsg$can_raw(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r2 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000040), 0x0) r3 = accept$alg(r2, 0x0, 0x0) r4 = dup(r3) recvmsg$can_raw(r4, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r4, 0xae47, 0x0) r5 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r5, 0xae60) ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r7, 0xae60) ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0) r8 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r8, 0x117, 0x1, &(0x7f0000000040), 0x0) 06:00:39 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x217, 0x0) [ 3174.252498][ C0] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3174.263463][ C0] Buffer I/O error on dev loop0, logical block 0, async page read [ 3174.317469][ C0] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3174.328435][ C0] Buffer I/O error on dev loop0, logical block 0, async page read [ 3174.388780][ C0] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3174.399977][ C0] Buffer I/O error on dev loop0, logical block 0, async page read 06:00:39 executing program 0: 06:00:39 executing program 4: syz_open_dev$media(0x0, 0x0, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_MRT6_ADD_MIF(r0, 0x29, 0xca, &(0x7f0000000080)={0x8, 0x0, 0x0, 0x9}, 0xc) setsockopt$inet6_MRT6_DEL_MFC(r0, 0x29, 0xd4, &(0x7f0000000000)={{0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffa4]}}, {0xa, 0x0, 0x0, @mcast2}}, 0x4) [ 3174.466848][ C0] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3174.477830][ C0] Buffer I/O error on dev loop0, logical block 0, async page read [ 3174.550758][ C0] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3174.561827][ C0] Buffer I/O error on dev loop0, logical block 0, async page read 06:00:39 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) getpid() sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000000f00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r3 = socket$inet(0x10, 0x3, 0x0) sendmsg(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000003c0)="4c0000001200ef09fffefd956fa283b7270fd917df226c24a6008000200000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f", 0x4c}], 0x1}, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) recvmmsg(r3, &(0x7f0000001380), 0x4000056, 0x0, &(0x7f0000000200)={0x77359400}) sendto$inet(0xffffffffffffffff, &(0x7f0000001680)="0fa9f2190522725fbaea", 0xa, 0x0, 0x0, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x4e23, @multicast2}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000640)='dctcp\x00', 0x6) ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS(0xffffffffffffffff, 0xc0406619, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000700)=[{&(0x7f0000000780)=""/164, 0xa4}, {&(0x7f0000000440)=""/210, 0xd2}, {&(0x7f0000000100)=""/7, 0x7}, {&(0x7f0000000580)=""/74, 0x4a}], 0x4, 0x81) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x210007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) 06:00:40 executing program 1: [ 3174.678361][ C0] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3174.689472][ C0] Buffer I/O error on dev loop0, logical block 0, async page read 06:00:40 executing program 0: 06:00:40 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x218, 0x0) 06:00:40 executing program 1: 06:00:40 executing program 3: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) accept$alg(r0, 0x0, 0x0) recvmsg$can_raw(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r2 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000040), 0x0) r3 = accept$alg(r2, 0x0, 0x0) r4 = dup(r3) recvmsg$can_raw(r4, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r4, 0xae47, 0x0) r5 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r5, 0xae60) ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r7, 0xae60) ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0) r8 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r8, 0x117, 0x1, &(0x7f0000000040), 0x0) 06:00:40 executing program 0: 06:00:40 executing program 1: 06:00:40 executing program 0: 06:00:40 executing program 1: 06:00:40 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x219, 0x0) 06:00:41 executing program 4: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_MRT6_ADD_MIF(r0, 0x29, 0xca, &(0x7f0000000080)={0x8, 0x0, 0x0, 0x9}, 0xc) setsockopt$inet6_MRT6_DEL_MFC(r0, 0x29, 0xd4, &(0x7f0000000000)={{0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffa4]}}, {0xa, 0x0, 0x0, @mcast2}}, 0x4) 06:00:41 executing program 0: 06:00:41 executing program 1: 06:00:41 executing program 5: 06:00:41 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x21a, 0x0) 06:00:41 executing program 3: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = dup(0xffffffffffffffff) recvmsg$can_raw(r1, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r3 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000040), 0x0) r4 = accept$alg(r3, 0x0, 0x0) r5 = dup(r4) recvmsg$can_raw(r5, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r5, 0xae47, 0x0) r6 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60) ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r8, 0xae60) ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0) r9 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r9, 0x117, 0x1, &(0x7f0000000040), 0x0) 06:00:41 executing program 1: 06:00:41 executing program 5: 06:00:41 executing program 0: 06:00:41 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x21b, 0x0) 06:00:41 executing program 1: 06:00:41 executing program 5: 06:00:41 executing program 4: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_MRT6_ADD_MIF(0xffffffffffffffff, 0x29, 0xca, &(0x7f0000000080)={0x8, 0x0, 0x0, 0x9}, 0xc) setsockopt$inet6_MRT6_DEL_MFC(r0, 0x29, 0xd4, &(0x7f0000000000)={{0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffa4]}}, {0xa, 0x0, 0x0, @mcast2}}, 0x4) 06:00:41 executing program 0: 06:00:41 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x21c, 0x0) 06:00:41 executing program 1: request_key(&(0x7f00000002c0)='user\x00', &(0x7f0000000300)={'syz', 0x3}, 0x0, 0x0) 06:00:41 executing program 5: seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0xfffffffc}]}) rt_sigqueueinfo(0x0, 0x0, 0x0) 06:00:41 executing program 3: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = dup(0xffffffffffffffff) recvmsg$can_raw(r1, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r3 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000040), 0x0) r4 = accept$alg(r3, 0x0, 0x0) r5 = dup(r4) recvmsg$can_raw(r5, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r5, 0xae47, 0x0) r6 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60) ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r8, 0xae60) ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0) r9 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r9, 0x117, 0x1, &(0x7f0000000040), 0x0) 06:00:42 executing program 0: perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shmctl$SHM_STAT(0x0, 0xd, &(0x7f0000000040)=""/178) [ 3176.801174][ T26] audit: type=1326 audit(1582696842.066:25124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=17132 comm="syz-executor.5" exe="/root/syz-executor.5" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45f28a code=0xffff0000 06:00:42 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x21d, 0x0) 06:00:42 executing program 1: r0 = socket$inet_tcp(0x2, 0x3, 0x6) bind$inet(r0, &(0x7f0000000000)={0x2, 0x0, @local}, 0x10) ioctl$int_in(r0, 0x5452, &(0x7f0000000080)=0x2) connect$inet(r0, &(0x7f0000000140)={0x2, 0x0, @multicast1}, 0x10) write$binfmt_script(r0, 0x0, 0x0) [ 3177.088415][T17136] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 06:00:42 executing program 4: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_MRT6_ADD_MIF(0xffffffffffffffff, 0x29, 0xca, &(0x7f0000000080)={0x8, 0x0, 0x0, 0x9}, 0xc) setsockopt$inet6_MRT6_DEL_MFC(r0, 0x29, 0xd4, &(0x7f0000000000)={{0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffa4]}}, {0xa, 0x0, 0x0, @mcast2}}, 0x4) 06:00:42 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x21e, 0x0) [ 3177.187092][T17136] CPU: 0 PID: 17136 Comm: syz-executor.3 Not tainted 5.6.0-rc1-syzkaller #0 [ 3177.195932][T17136] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3177.205997][T17136] Call Trace: [ 3177.209473][T17136] dump_stack+0x11d/0x181 [ 3177.213858][T17136] dump_header+0xaa/0x39c [ 3177.218214][T17136] oom_kill_process.cold+0x10/0x15 [ 3177.223370][T17136] out_of_memory+0x231/0xa60 [ 3177.227973][T17136] ? __rcu_read_unlock+0x66/0x2f0 [ 3177.233018][T17136] mem_cgroup_out_of_memory+0x128/0x150 [ 3177.238598][T17136] try_charge+0xb6c/0xbf0 [ 3177.242962][T17136] mem_cgroup_try_charge+0xd2/0x260 [ 3177.248204][T17136] mem_cgroup_try_charge_delay+0x3a/0x80 [ 3177.253947][T17136] wp_page_copy+0x322/0xf20 [ 3177.258566][T17136] ? __read_once_size+0x41/0xe0 [ 3177.263436][T17136] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 3177.269545][T17136] do_wp_page+0x192/0xd20 [ 3177.273922][T17136] __handle_mm_fault+0x1d16/0x2e00 [ 3177.279146][T17136] handle_mm_fault+0x21b/0x530 [ 3177.284091][T17136] do_page_fault+0x496/0xa3d [ 3177.288838][T17136] page_fault+0x34/0x40 [ 3177.293003][T17136] RIP: 0033:0x411498 [ 3177.296913][T17136] Code: 8b 34 c6 4a 8d 04 2e 48 3d ff ff ff 7e 0f 86 77 ff ff ff bf 58 1d 4c 00 31 c0 e8 13 0a ff ff 31 ff e8 5c 06 ff ff 0f 1f 40 00 <89> 3c b5 00 00 74 00 eb b6 31 ed 0f 1f 44 00 00 80 3d ae 11 87 00 [ 3177.316712][T17136] RSP: 002b:00007ffc79c5d880 EFLAGS: 00010246 [ 3177.322788][T17136] RAX: 00000000c4ae6164 RBX: 000000003e57cacd RCX: 0000001b33e20000 06:00:42 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_emit_ethernet(0x46, &(0x7f0000000340)={@local, @broadcast, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "4df88c", 0x10, 0x3a, 0x0, @remote, @mcast2, {[], @ndisc_ra}}}}}, 0x0) 06:00:42 executing program 1: semop(0x0, &(0x7f0000000000)=[{0x0, 0x8001}], 0x1) semop(0x0, &(0x7f0000000080)=[{0x0, 0x80, 0x1800}, {}], 0x2) semop(0x0, &(0x7f0000000380)=[{0x0, 0x3, 0x400}], 0x1) arch_prctl$ARCH_MAP_VDSO_X32(0x2001, 0x40) r0 = semget$private(0x0, 0x0, 0x460) clock_gettime(0x0, &(0x7f00000008c0)={0x0, 0x0}) semtimedop(r0, &(0x7f0000000880)=[{0x1, 0x8b6, 0x1800}, {0x2, 0x81}, {0x1, 0x2b3, 0x1000}, {0x0, 0x1, 0x1800}, {0x3, 0x8001, 0x1000}], 0x5, &(0x7f0000000900)={r1, r2+30000000}) r3 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r3, 0x29, 0x23, &(0x7f0000000780)={{{@in=@multicast1, @in6=@rand_addr="1e03f3df79b7bb69650a7649ab658260", 0x0, 0x0, 0x0, 0x6c3, 0xa}, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x4}, {0x4000000000, 0x0, 0x0, 0x1}, 0x0, 0x6e6bc0, 0x1, 0x1}, {{@in=@remote, 0x2, 0x33}, 0x0, @in=@rand_addr=0x2}}, 0xe8) connect$inet6(r3, &(0x7f0000000a40)={0xa, 0x0, 0x0, @mcast1, 0x6}, 0x1c) sendmmsg(r3, &(0x7f0000000000)=[{{0x0, 0x0, 0x0}}, {{&(0x7f0000000580)=@in={0x2, 0x4e21, @broadcast}, 0x80, 0x0}}], 0x4000000000000e5, 0x0) getsockname(r3, &(0x7f00000000c0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @empty}}}, &(0x7f0000000040)=0x80) semctl$IPC_RMID(0x0, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) syz_open_procfs(0x0, &(0x7f0000000680)='wchan\x00') sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)={0x5c, 0x2, 0x6, 0x801, 0x0, 0x0, {0x4, 0x0, 0x1}, [@IPSET_ATTR_REVISION={0x5, 0x4, 0x2}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x38, 0x7, 0x0, 0x1, [@IPSET_ATTR_CIDR={0x5, 0x3, 0x3}, @IPSET_ATTR_LINENO={0x8, 0x9, 0x1, 0x0, 0x100}, @IPSET_ATTR_PROTO={0x5, 0x7, 0xc}, @IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @dev={0xac, 0x14, 0x14, 0x2b}}}, @IPSET_ATTR_MAXELEM={0x8, 0x13, 0x1, 0x0, 0x4}, @IPSET_ATTR_MAXELEM={0x8, 0x13, 0x1, 0x0, 0x8000}]}]}, 0x5c}, 0x1, 0x0, 0x0, 0x20000000}, 0x4000000) r5 = socket(0xa, 0x1, 0x0) setsockopt$IP_VS_SO_SET_STOPDAEMON(0xffffffffffffffff, 0x0, 0x48c, &(0x7f0000000000)={0x0, 'veth1_to_hsr\x00', 0x23}, 0x18) ioctl(r5, 0x8916, &(0x7f0000000000)) [ 3177.330820][T17136] RDX: 0000000000000000 RSI: 0000000000000164 RDI: ffffffffc4ae6164 [ 3177.338900][T17136] RBP: 000000000000000c R08: 00000000c4ae6164 R09: 00000000c4ae6168 [ 3177.346898][T17136] R10: 00007ffc79c5da20 R11: 0000000000000246 R12: 000000000076c048 [ 3177.354880][T17136] R13: 0000000080000000 R14: 00007f332010f008 R15: 0000000000000011 [ 3177.523543][ T26] audit: type=1326 audit(1582696842.786:25125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=17132 comm="syz-executor.5" exe="/root/syz-executor.5" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45f28a code=0xffff0000 [ 3177.552483][T17136] memory: usage 307200kB, limit 307200kB, failcnt 656 06:00:42 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x21f, 0x0) 06:00:42 executing program 0: clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000500)='map_files\x00') fchdir(r0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='maps\x00') preadv(r3, &(0x7f0000000080)=[{&(0x7f00000002c0)=""/169, 0x11}], 0x1, 0x0) quotactl(0x2080000201, &(0x7f0000000100)='./file1\x00', 0x0, &(0x7f00000002c0)) quotactl(0x2080000201, &(0x7f0000000100)='./file1\x00', 0x0, &(0x7f00000002c0)) [ 3177.599565][T17136] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 06:00:42 executing program 5: r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r1, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r0, &(0x7f0000000000), 0x10000}]) r2 = socket$inet6(0xa, 0x3, 0x2c) connect$inet6(r2, &(0x7f0000000180)={0xa, 0x0, 0x0, @remote, 0x3}, 0x1c) r3 = open(&(0x7f0000000040)='./bus\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x8482) 06:00:42 executing program 4: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_MRT6_ADD_MIF(0xffffffffffffffff, 0x29, 0xca, &(0x7f0000000080)={0x8, 0x0, 0x0, 0x9}, 0xc) setsockopt$inet6_MRT6_DEL_MFC(r0, 0x29, 0xd4, &(0x7f0000000000)={{0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffa4]}}, {0xa, 0x0, 0x0, @mcast2}}, 0x4) [ 3177.800433][T17136] Memory cgroup stats for /syz3: [ 3177.800622][T17136] anon 278548480 [ 3177.800622][T17136] file 24576 [ 3177.800622][T17136] kernel_stack 2949120 [ 3177.800622][T17136] slab 9445376 [ 3177.800622][T17136] sock 0 [ 3177.800622][T17136] shmem 106496 [ 3177.800622][T17136] file_mapped 0 [ 3177.800622][T17136] file_dirty 0 [ 3177.800622][T17136] file_writeback 0 [ 3177.800622][T17136] anon_thp 257949696 [ 3177.800622][T17136] inactive_anon 135168 [ 3177.800622][T17136] active_anon 278548480 [ 3177.800622][T17136] inactive_file 0 [ 3177.800622][T17136] active_file 0 [ 3177.800622][T17136] unevictable 0 [ 3177.800622][T17136] slab_reclaimable 1622016 [ 3177.800622][T17136] slab_unreclaimable 7823360 [ 3177.800622][T17136] pgfault 227073 [ 3177.800622][T17136] pgmajfault 0 [ 3177.800622][T17136] workingset_refault 132 [ 3177.800622][T17136] workingset_activate 33 [ 3177.800622][T17136] workingset_nodereclaim 0 [ 3177.800622][T17136] pgrefill 664 [ 3177.800622][T17136] pgscan 710 [ 3177.800622][T17136] pgsteal 312 [ 3178.024204][ T26] audit: type=1804 audit(1582696843.286:25126): pid=17189 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir528032586/syzkaller.k1n7MO/2992/bus" dev="sda1" ino=17683 res=1 [ 3178.112051][ T26] audit: type=1804 audit(1582696843.366:25127): pid=17193 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir528032586/syzkaller.k1n7MO/2992/bus" dev="sda1" ino=17683 res=1 [ 3178.189741][T17136] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=8845,uid=0 [ 3178.282844][T17136] Memory cgroup out of memory: Killed process 8845 (syz-executor.3) total-vm:74704kB, anon-rss:4252kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 [ 3178.398706][T17141] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3178.441063][T17141] CPU: 0 PID: 17141 Comm: syz-executor.3 Not tainted 5.6.0-rc1-syzkaller #0 [ 3178.449899][T17141] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3178.459972][T17141] Call Trace: [ 3178.463292][T17141] dump_stack+0x11d/0x181 [ 3178.467646][T17141] dump_header+0xaa/0x39c [ 3178.472009][T17141] oom_kill_process.cold+0x10/0x15 [ 3178.477153][T17141] out_of_memory+0x231/0xa60 [ 3178.481890][T17141] mem_cgroup_out_of_memory+0x128/0x150 [ 3178.487613][T17141] try_charge+0x800/0xbf0 [ 3178.492056][T17141] mem_cgroup_try_charge+0xd2/0x260 [ 3178.497299][T17141] mem_cgroup_try_charge_delay+0x3a/0x80 [ 3178.502943][T17141] wp_page_copy+0x322/0xf20 [ 3178.507473][T17141] ? __read_once_size+0x41/0xe0 [ 3178.512402][T17141] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 3178.518615][T17141] do_wp_page+0x192/0xd20 [ 3178.522981][T17141] __handle_mm_fault+0x1d16/0x2e00 [ 3178.528137][T17141] handle_mm_fault+0x21b/0x530 [ 3178.532928][T17141] do_page_fault+0x496/0xa3d [ 3178.537602][T17141] page_fault+0x34/0x40 [ 3178.541782][T17141] RIP: 0033:0x403f80 [ 3178.545696][T17141] Code: 80 3d fb e6 87 00 00 c6 85 84 00 00 00 00 74 0f 8b 05 e8 e6 87 00 39 45 24 0f 84 46 02 00 00 44 8b a5 80 00 00 00 48 8b 5d 78 fb e6 ff ff 48 2b 05 84 40 34 00 8b 75 00 4c 89 f1 45 89 e1 49 [ 3178.565312][T17141] RSP: 002b:00007f331e30dc90 EFLAGS: 00010246 [ 3178.571795][T17141] RAX: 00007f332030f000 RBX: 0000000000005d38 RCX: 0000000000000000 [ 3178.579780][T17141] RDX: 000000000003ffff RSI: 0000000000403ecc RDI: 0000000000000000 [ 3178.587870][T17141] RBP: 000000000076bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 3178.595848][T17141] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3178.603833][T17141] R13: 0000000000000074 R14: 00000000004c2ce6 R15: 000000000076bf2c [ 3178.622248][T17141] memory: usage 305136kB, limit 307200kB, failcnt 656 [ 3178.649336][T17141] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3178.664949][T17141] Memory cgroup stats for /syz3: [ 3178.665107][T17141] anon 276328448 [ 3178.665107][T17141] file 24576 [ 3178.665107][T17141] kernel_stack 2949120 [ 3178.665107][T17141] slab 9445376 [ 3178.665107][T17141] sock 0 [ 3178.665107][T17141] shmem 106496 [ 3178.665107][T17141] file_mapped 0 [ 3178.665107][T17141] file_dirty 0 [ 3178.665107][T17141] file_writeback 0 [ 3178.665107][T17141] anon_thp 255852544 [ 3178.665107][T17141] inactive_anon 135168 [ 3178.665107][T17141] active_anon 276328448 [ 3178.665107][T17141] inactive_file 0 [ 3178.665107][T17141] active_file 0 [ 3178.665107][T17141] unevictable 0 [ 3178.665107][T17141] slab_reclaimable 1622016 [ 3178.665107][T17141] slab_unreclaimable 7823360 [ 3178.665107][T17141] pgfault 227073 [ 3178.665107][T17141] pgmajfault 0 [ 3178.665107][T17141] workingset_refault 132 [ 3178.665107][T17141] workingset_activate 33 [ 3178.665107][T17141] workingset_nodereclaim 0 [ 3178.665107][T17141] pgrefill 664 [ 3178.665107][T17141] pgscan 710 [ 3178.665107][T17141] pgsteal 312 [ 3178.915526][T17141] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=13714,uid=0 [ 3178.956216][T17141] Memory cgroup out of memory: Killed process 13714 (syz-executor.3) total-vm:75100kB, anon-rss:2236kB, file-rss:35960kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000 [ 3179.011595][T17146] syz-executor.3 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 3179.051204][T17146] CPU: 1 PID: 17146 Comm: syz-executor.3 Not tainted 5.6.0-rc1-syzkaller #0 [ 3179.060021][T17146] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3179.070100][T17146] Call Trace: [ 3179.073401][T17146] dump_stack+0x11d/0x181 [ 3179.077765][T17146] dump_header+0xaa/0x39c [ 3179.082158][T17146] oom_kill_process.cold+0x10/0x15 [ 3179.087297][T17146] out_of_memory+0x231/0xa60 [ 3179.092109][T17146] mem_cgroup_out_of_memory+0x128/0x150 [ 3179.097686][T17146] try_charge+0x800/0xbf0 [ 3179.102111][T17146] __memcg_kmem_charge_memcg+0x4a/0xe0 [ 3179.107613][T17146] __memcg_kmem_charge+0xcf/0x1b0 [ 3179.112666][T17146] __alloc_pages_nodemask+0x26c/0x310 [ 3179.118069][T17146] alloc_pages_current+0xd1/0x170 [ 3179.123131][T17146] pte_alloc_one+0x18/0x50 [ 3179.127677][T17146] __handle_mm_fault+0x2be6/0x2e00 [ 3179.132902][T17146] handle_mm_fault+0x21b/0x530 [ 3179.137870][T17146] do_page_fault+0x496/0xa3d [ 3179.142991][T17146] page_fault+0x34/0x40 [ 3179.147153][T17146] RIP: 0033:0x45c449 [ 3179.151057][T17146] Code: Bad RIP value. [ 3179.156081][T17146] RSP: 002b:00007f331e30dc78 EFLAGS: 00010246 [ 3179.162266][T17146] RAX: 0000000000000000 RBX: 00007f331e30e6d4 RCX: 000000000045c449 [ 3179.170242][T17146] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 3179.178310][T17146] RBP: 000000000076bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 3179.186329][T17146] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 3179.194442][T17146] R13: 0000000000000074 R14: 00000000004c2ce6 R15: 000000000076bf2c [ 3179.213534][T17146] memory: usage 302788kB, limit 307200kB, failcnt 656 [ 3179.229020][T17146] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3179.236347][T17146] Memory cgroup stats for /syz3: [ 3179.236508][T17146] anon 274120704 [ 3179.236508][T17146] file 24576 [ 3179.236508][T17146] kernel_stack 2949120 [ 3179.236508][T17146] slab 9445376 [ 3179.236508][T17146] sock 0 [ 3179.236508][T17146] shmem 106496 [ 3179.236508][T17146] file_mapped 0 [ 3179.236508][T17146] file_dirty 0 [ 3179.236508][T17146] file_writeback 0 [ 3179.236508][T17146] anon_thp 253755392 [ 3179.236508][T17146] inactive_anon 135168 [ 3179.236508][T17146] active_anon 274120704 [ 3179.236508][T17146] inactive_file 0 [ 3179.236508][T17146] active_file 0 [ 3179.236508][T17146] unevictable 0 [ 3179.236508][T17146] slab_reclaimable 1622016 [ 3179.236508][T17146] slab_unreclaimable 7823360 [ 3179.236508][T17146] pgfault 227073 [ 3179.236508][T17146] pgmajfault 0 [ 3179.236508][T17146] workingset_refault 132 [ 3179.236508][T17146] workingset_activate 33 [ 3179.236508][T17146] workingset_nodereclaim 0 [ 3179.236508][T17146] pgrefill 664 [ 3179.236508][T17146] pgscan 710 [ 3179.236508][T17146] pgsteal 312 [ 3179.369834][T17146] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=13769,uid=0 [ 3179.430970][T17146] Memory cgroup out of memory: Killed process 13769 (syz-executor.3) total-vm:75100kB, anon-rss:2236kB, file-rss:35944kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000 [ 3179.463453][ T1078] oom_reaper: reaped process 13769 (syz-executor.3), now anon-rss:0kB, file-rss:34984kB, shmem-rss:0kB 06:00:44 executing program 3: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = dup(0xffffffffffffffff) recvmsg$can_raw(r1, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r3 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000040), 0x0) r4 = accept$alg(r3, 0x0, 0x0) r5 = dup(r4) recvmsg$can_raw(r5, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r5, 0xae47, 0x0) r6 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60) ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r8, 0xae60) ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0) r9 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r9, 0x117, 0x1, &(0x7f0000000040), 0x0) 06:00:44 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller1\x00', 0x420000015001}) write$tun(r0, &(0x7f0000001200)={@void, @val, @mpls={[], @ipv4=@gre={{0x5, 0x4, 0x0, 0x0, 0x58, 0x0, 0x0, 0x0, 0x2f, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast2}, {{0x0, 0x0, 0x1, 0x0, 0x0, 0x1}}}}}, 0x62) 06:00:44 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x220, 0x0) 06:00:44 executing program 0: r0 = creat(&(0x7f0000000240)='./file0\x00', 0x0) lseek(r0, 0x0, 0x6) 06:00:44 executing program 5: r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r1, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r0, &(0x7f0000000000), 0x10000}]) r2 = socket$inet6(0xa, 0x3, 0x2c) connect$inet6(r2, &(0x7f0000000180)={0xa, 0x0, 0x0, @remote, 0x3}, 0x1c) r3 = open(&(0x7f0000000040)='./bus\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x8482) 06:00:44 executing program 4: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_MRT6_ADD_MIF(r0, 0x29, 0xca, 0x0, 0x0) setsockopt$inet6_MRT6_DEL_MFC(r0, 0x29, 0xd4, &(0x7f0000000000)={{0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffa4]}}, {0xa, 0x0, 0x0, @mcast2}}, 0x4) 06:00:45 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f0000000500)='map_files\x00') fchdir(r0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='maps\x00') preadv(r3, &(0x7f0000000080)=[{&(0x7f00000002c0)=""/169, 0x11}], 0x1, 0x0) quotactl(0x2080000201, &(0x7f0000000100)='./file1\x00', 0x0, &(0x7f00000002c0)) 06:00:45 executing program 0: seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0xfffffffc}]}) msgrcv(0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB], 0x1, 0x0, 0x0) msgsnd(0x0, 0x0, 0x0, 0x0) msgctl$IPC_SET(0x0, 0x1, 0x0) 06:00:45 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x221, 0x0) [ 3179.859815][ T26] audit: type=1804 audit(1582696845.116:25128): pid=17233 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir528032586/syzkaller.k1n7MO/2993/bus" dev="sda1" ino=17732 res=1 [ 3180.076119][ C1] print_req_error: 600 callbacks suppressed [ 3180.076154][ C1] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3180.093047][ C1] buffer_io_error: 600 callbacks suppressed [ 3180.093060][ C1] Buffer I/O error on dev loop0, logical block 0, async page read 06:00:45 executing program 5: r0 = inotify_init1(0x0) fcntl$setown(r0, 0x8, 0xffffffffffffffff) fcntl$getownex(r0, 0x10, &(0x7f0000000000)={0x0, 0x0}) process_vm_writev(r1, &(0x7f00000003c0)=[{&(0x7f00000000c0)=""/219, 0xdb}], 0x1, &(0x7f0000001940)=[{&(0x7f0000000440)=""/109, 0x6d}, {0x0}, {0x0}], 0x3, 0x0) [ 3180.109399][ T26] audit: type=1326 audit(1582696845.366:25129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=17241 comm="syz-executor.0" exe="/root/syz-executor.0" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45f28a code=0xffff0000 [ 3180.155655][ C1] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3180.166593][ C1] Buffer I/O error on dev loop0, logical block 0, async page read 06:00:45 executing program 1: r0 = socket$inet6(0xa, 0x803, 0x2) connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) [ 3180.200539][ C1] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3180.211601][ C1] Buffer I/O error on dev loop0, logical block 0, async page read [ 3180.234566][ C1] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3180.246160][ C1] Buffer I/O error on dev loop0, logical block 0, async page read [ 3180.313669][T17260] ptrace attach of "/root/syz-executor.5"[8058] was attempted by "/root/syz-executor.5"[17260] [ 3180.375668][ C1] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3180.386930][ C1] Buffer I/O error on dev loop0, logical block 0, async page read 06:00:45 executing program 3: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r4 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000000040), 0x0) r5 = accept$alg(r4, 0x0, 0x0) r6 = dup(r5) recvmsg$can_raw(r6, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r6, 0xae47, 0x0) r7 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r7, 0xae60) ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r9, 0xae60) ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) r10 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r10, 0x117, 0x1, &(0x7f0000000040), 0x0) 06:00:45 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x222, 0x0) 06:00:45 executing program 1: perf_event_open(&(0x7f000001d000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @perf_bp={&(0x7f0000000000), 0x8}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getresgid(&(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000080)) 06:00:45 executing program 5: seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0xfffffffc}]}) msync(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0) [ 3180.481037][ C1] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3180.492226][ C1] Buffer I/O error on dev loop0, logical block 0, async page read 06:00:45 executing program 4: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_MRT6_ADD_MIF(r0, 0x29, 0xca, 0x0, 0x0) setsockopt$inet6_MRT6_DEL_MFC(r0, 0x29, 0xd4, &(0x7f0000000000)={{0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffa4]}}, {0xa, 0x0, 0x0, @mcast2}}, 0x4) [ 3180.611075][ C1] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3180.622213][ C1] Buffer I/O error on dev loop0, logical block 0, async page read [ 3180.670084][ T26] audit: type=1326 audit(1582696845.926:25130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=17267 comm="syz-executor.5" exe="/root/syz-executor.5" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45f28a code=0xffff0000 [ 3180.686734][ C1] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3180.703940][ C1] Buffer I/O error on dev loop0, logical block 0, async page read 06:00:46 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x0, 0x40, &(0x7f0000000040)=@mangle={'mangle\x00', 0x1f, 0x6, 0x510, 0x348, 0x3e0, 0x130, 0x3e0, 0x0, 0x478, 0x478, 0x478, 0x478, 0x478, 0x6, 0x0, {[{{@ip={@broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, '\x00', 'veth1\x00'}, 0x0, 0x70, 0x98}, @TTL={0x28, 'TTL\x00'}}, {{@uncond, 0x0, 0x70, 0x98}, @TTL={0x28, 'TTL\x00'}}, {{@ip={@initdev={0xac, 0x1e, 0x0, 0x0}, @local, 0x0, 0x0, '\x00', 'erspan0\x00'}, 0x0, 0x1f0, 0x218, 0x0, {}, [@common=@inet=@policy={{0x158, 'policy\x00'}, {[{@ipv4=@loopback, [], @ipv4=@remote}, {@ipv4=@loopback, [], @ipv6=@dev}, {@ipv4=@dev, [], @ipv6=@rand_addr="6d3b77e70000000000001600"}, {@ipv6=@initdev={0xfe, 0x88, [], 0x0, 0x0}, [], @ipv4=@multicast1}], 0xe}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @unspec=@CHECKSUM={0x28, 'CHECKSUM\x00'}}, {{@ip={@initdev={0xac, 0x1e, 0x0, 0x0}, @empty, 0x0, 0x0, 'netdevsim0\x00', 'veth1_to_team\x00'}, 0x0, 0x70, 0x98}, @TTL={0x28, 'TTL\x00'}}, {{@uncond, 0x0, 0x70, 0x98}, @inet=@DSCP={0x28, 'DSCP\x00'}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x570) [ 3180.828075][ C1] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3180.839055][ C1] Buffer I/O error on dev loop0, logical block 0, async page read [ 3180.850995][ T26] audit: type=1326 audit(1582696846.106:25131): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=17241 comm="syz-executor.0" exe="/root/syz-executor.0" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45f28a code=0xffff0000 06:00:46 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x223, 0x0) [ 3180.917765][ C1] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3180.928849][ C1] Buffer I/O error on dev loop0, logical block 0, async page read 06:00:46 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket(0x10, 0x803, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r5, &(0x7f0000000080)={0x0, 0x382, &(0x7f0000000140)={0x0, 0xb7ff}}, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000001280)=ANY=[@ANYBLOB="3400000010000104000009040000000000000000", @ANYRES32=r6, @ANYBLOB="0000000000000000140012000c00010062726964676500000300020092ab29e6bc90313f5c14a8d5d4534e466f18e765b4fd2a0e0ffabd5f884b8215627962f7a4aab6691329692afb3fdcc3e7378871f430fe0e63a139f8432b7c88d952fec2b4b0543063914575e89dce08917ef4c83982304f91f231dc1ecf62c4bf0541ff2b5060b6a4d69b9403c96422fd8632e43e946636599dedd725bcd83c8971198e43e29e4b1c15388e01dee5bf7c4e128ff5b5c146c15db0684e76186c1d4209d8b4158f7b359d8efa69231277e09c47884e9fb0b010687409fc6fa73c91c9504b4460a91a865e0897f10dc1c1e0edc0d560f18478d67cc5cf8dbb0ee5003f6cc7185e99bc93bcb9eb76abba12076a8d076c853092edf73f4224c4e770006630b3a7e43c7e4c90ce6a20fac946584d406aa1cc75103f746d1f026456e44c9a39c62eecdb8bb82ca275e24c5c9095cbc8a6701a2447f9f6e6e4a372717366f176f0e4df46e9e28ede8a00e2a8b3dc"], 0x34}}, 0x0) sendmsg$nl_route(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)=@ipv6_newaddr={0x2c, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x0, 0x0, 0x0, r6}, [@IFA_LOCAL={0x14, 0x2, @ipv4}]}, 0x2c}}, 0x0) [ 3180.999883][T17285] x_tables: duplicate underflow at hook 1 06:00:46 executing program 1: seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0xfffffffc}]}) io_getevents(0x0, 0x0, 0x0, 0x0, 0x0) [ 3181.169799][T17296] __nla_validate_parse: 234 callbacks suppressed [ 3181.169810][T17296] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. 06:00:46 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x224, 0x0) [ 3181.317858][ T26] audit: type=1326 audit(1582696846.576:25132): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=17301 comm="syz-executor.1" exe="/root/syz-executor.1" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45f28a code=0xffff0000 [ 3181.381139][T17305] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3181.447427][ T26] audit: type=1326 audit(1582696846.706:25133): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=17267 comm="syz-executor.5" exe="/root/syz-executor.5" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45f28a code=0xffff0000 06:00:46 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) unshare(0x8000400) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000340)='/dev/zero\x00', 0x0, 0x0) sendmmsg$inet6(r1, 0x0, 0x0, 0x0) 06:00:46 executing program 3: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r4 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000000040), 0x0) r5 = accept$alg(r4, 0x0, 0x0) r6 = dup(r5) recvmsg$can_raw(r6, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r6, 0xae47, 0x0) r7 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r7, 0xae60) ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r9, 0xae60) ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) r10 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r10, 0x117, 0x1, &(0x7f0000000040), 0x0) 06:00:46 executing program 4: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_MRT6_ADD_MIF(r0, 0x29, 0xca, 0x0, 0x0) setsockopt$inet6_MRT6_DEL_MFC(r0, 0x29, 0xd4, &(0x7f0000000000)={{0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffa4]}}, {0xa, 0x0, 0x0, @mcast2}}, 0x4) 06:00:46 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$IPT_SO_SET_REPLACE(r3, 0x4000000000000, 0x40, &(0x7f0000000640)=ANY=[@ANYBLOB="72617700000000000000000000000000000000000000000000000000000000000200000003000000c80200005801000000000000580100000000000000000000300200003002000030020000300200003002000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000f0005801000000000000000000000000000000000000000048006c696d69740000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000380074696d65000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000068004354000000000000000000000000000000000000000000000000000000020000000000000000000000007070747000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000d800000000000000000000000000000000000000000068004354000000000000000000000000000000000000000000000000000000020000000000000000000000007070747000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff"], 0x1) 06:00:46 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x225, 0x0) 06:00:47 executing program 0: pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) socket$inet(0x2, 0x200000003, 0x84) bind$inet(r2, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) connect$inet(r2, &(0x7f0000000100)={0x2, 0x0, @multicast1}, 0x10) r3 = socket$inet(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r3, 0x0, 0x40, &(0x7f00000001c0)=ANY=[@ANYBLOB="66696c74657200000000000000000000000000000000000000000000000000000e0000000400000090020000c80007000000000000000000c800000060010000f8010000f8010000f8010000f8010000f801000004000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a000c8000000000000000000000000000000000000000000300061646472747970650000000000000000000000000000000000000000000000000000000000000000000000000000280052454a4543540000000000000000000000000000000000000000000000000000000000000000e0000001ac1414bb000000000000000067726530000000000000000000000000000000000000000000000000000000ca00000000000000000000000000000000000000000000000000000000000000000000000000000000700098000000000000000000000000000000000000000000280052454a45435400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000070009800000000000000000000000000000000000000000028005345540000000000000000000000000000000000000000000000000000010000030000000081000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000005000000000000000000000000000000feffffff"], 0x1) splice(r0, 0x0, r2, 0x0, 0x19404, 0x0) 06:00:47 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sched_getscheduler(0x0) [ 3181.881781][T17326] xt_CT: No such helper "pptp" 06:00:47 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x226, 0x0) [ 3182.091692][T17346] x_tables: duplicate underflow at hook 2 [ 3182.140346][ T26] audit: type=1326 audit(1582696847.396:25134): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=17301 comm="syz-executor.1" exe="/root/syz-executor.1" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45f28a code=0xffff0000 06:00:47 executing program 1: r0 = socket(0x10, 0x803, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000080)={0x0, 0x382, &(0x7f0000000140)={0x0, 0xb7ff}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000001280)=ANY=[@ANYBLOB="3400000010000104000009040000000000000000", @ANYRES32=r3, @ANYBLOB="0000000000000000140012000c00010062726964676500000300020092ab29e6bc90313f5c14a8d5d4534e466f18e765b4fd2a0e0ffabd5f884b8215627962f7a4aab6691329692afb3fdcc3e7378871f430fe0e63a139f8432b7c88d952fec2b4b0543063914575e89dce08917ef4c83982304f91f231dc1ecf62c4bf0541ff2b5060b6a4d69b9403c96422fd8632e43e946636599dedd725bcd83c8971198e43e29e4b1c15388e01dee5bf7c4e128ff5b5c146c15db0684e76186c1d4209d8b4158f7b359d8efa69231277e09c47884e9fb0b010687409fc6fa73c91c9504b4460a91a865e0897f10dc1c1e0edc0d560f18478d67cc5cf8dbb0ee5003f6cc7185e99bc93bcb9eb76abba12076a8d076c853092edf73f4224c4e770006630b3a7e43c7e4c90ce6a20fac946584d406aa1cc75103f746d1f026456e44c9a39c62eecdb8bb82ca275e24c5c9095cbc8a6701a2447f9f6e6e4a372717366f176f0e4df46e9e28ede8a00e2a8b3dc"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)=@ipv6_newaddr={0x2c, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x0, 0x0, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @ipv4}]}, 0x2c}}, 0x0) 06:00:47 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x227, 0x0) 06:00:47 executing program 5: r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000340)='/dev/vhost-vsock\x00', 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af04, &(0x7f00000000c0)) [ 3182.430709][T17359] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. 06:00:47 executing program 3: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = socket$alg(0x26, 0x5, 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r4 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000000040), 0x0) r5 = accept$alg(r4, 0x0, 0x0) r6 = dup(r5) recvmsg$can_raw(r6, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r6, 0xae47, 0x0) r7 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r7, 0xae60) ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r9, 0xae60) ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) r10 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r10, 0x117, 0x1, &(0x7f0000000040), 0x0) [ 3182.504031][T17359] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. 06:00:47 executing program 4: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_MRT6_ADD_MIF(r0, 0x29, 0xca, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x9}, 0xc) setsockopt$inet6_MRT6_DEL_MFC(r0, 0x29, 0xd4, &(0x7f0000000000)={{0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffa4]}}, {0xa, 0x0, 0x0, @mcast2}}, 0x4) 06:00:48 executing program 1: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0xe6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000180)='TIPC\x00') ioctl$VIDIOC_QBUF(0xffffffffffffffff, 0xc058560f, &(0x7f00000001c0)={0x4, 0x2, 0x4, 0x1, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x7, 0x0, "5d198dc9"}, 0x0, 0x0, @userptr=0xfffffffeffffffff}) ioctl$KVM_GET_ONE_REG(0xffffffffffffffff, 0x4010aeab, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, 0xffffffffffffffff) sendmsg$TIPC_CMD_SET_NETID(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x24, r1, 0x221, 0x0, 0x0, {{}, {}, {0x8}}}, 0x24}}, 0x0) 06:00:48 executing program 5: r0 = socket$inet6(0xa, 0x80003, 0xff) setsockopt$inet6_int(r0, 0x29, 0x16, &(0x7f0000fcb000), 0x4) setsockopt$inet6_int(r0, 0x29, 0x16, &(0x7f0000000040)=0xfffffffe, 0x4) [ 3182.768298][T17376] syz-executor.3 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 06:00:48 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x228, 0x0) 06:00:48 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x26b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='numa_maps\x00') syz_open_dev$loop(0x0, 0x0, 0x0) ioctl$KVM_IOEVENTFD(0xffffffffffffffff, 0x4040ae79, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x4000, 0x0) [ 3182.948739][T17376] CPU: 0 PID: 17376 Comm: syz-executor.3 Not tainted 5.6.0-rc1-syzkaller #0 [ 3182.957452][T17376] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3182.967511][T17376] Call Trace: [ 3182.970883][T17376] dump_stack+0x11d/0x181 [ 3182.975280][T17376] dump_header+0xaa/0x39c [ 3182.979633][T17376] oom_kill_process.cold+0x10/0x15 [ 3182.984838][T17376] out_of_memory+0x231/0xa60 [ 3182.989548][T17376] ? __rcu_read_unlock+0x66/0x2f0 [ 3182.994640][T17376] mem_cgroup_out_of_memory+0x128/0x150 [ 3183.000229][T17376] try_charge+0xb6c/0xbf0 [ 3183.004648][T17376] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3183.010965][T17376] __memcg_kmem_charge_memcg+0x4a/0xe0 [ 3183.016470][T17376] __memcg_kmem_charge+0xcf/0x1b0 [ 3183.021520][T17376] __alloc_pages_nodemask+0x26c/0x310 [ 3183.027109][T17376] alloc_pages_current+0xd1/0x170 [ 3183.032255][T17376] pte_alloc_one+0x18/0x50 [ 3183.036695][T17376] __pte_alloc+0x2d/0x220 [ 3183.041186][T17376] copy_page_range+0x13a2/0x1a00 [ 3183.046182][T17376] ? __vma_link_rb+0x3f4/0x440 [ 3183.051050][T17376] dup_mm+0x74a/0xba0 [ 3183.055166][T17376] copy_process+0x39d7/0x3b40 [ 3183.059928][T17376] _do_fork+0xfe/0x7a0 [ 3183.064011][T17376] ? __const_udelay+0x36/0x40 [ 3183.068707][T17376] ? __udelay+0x10/0x20 [ 3183.072991][T17376] __x64_sys_clone+0x130/0x170 [ 3183.077795][T17376] do_syscall_64+0xcc/0x3a0 [ 3183.082323][T17376] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 3183.088717][T17376] RIP: 0033:0x45c449 [ 3183.092687][T17376] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3183.112299][T17376] RSP: 002b:00007f331e30dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 3183.120734][T17376] RAX: ffffffffffffffda RBX: 00007f331e30e6d4 RCX: 000000000045c449 [ 3183.128713][T17376] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 3183.136700][T17376] RBP: 000000000076bf20 R08: ffffffffffffffff R09: 0000000000000000 06:00:48 executing program 5: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x1, 0x0) r1 = dup2(r0, r0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000100)) 06:00:48 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x26b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='numa_maps\x00') syz_open_dev$loop(0x0, 0x0, 0x0) ioctl$KVM_IOEVENTFD(0xffffffffffffffff, 0x4040ae79, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x4000, 0x0) [ 3183.144677][T17376] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 3183.152654][T17376] R13: 0000000000000074 R14: 00000000004c2ce6 R15: 000000000076bf2c [ 3183.176344][T17376] memory: usage 307200kB, limit 307200kB, failcnt 667 06:00:48 executing program 5: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETOBJ(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)={0x20, 0x15, 0xa, 0x301, 0x0, 0x0, {}, [@NFTA_OBJ_TABLE={0x9, 0x1, 'syz1\x00'}]}, 0x20}}, 0x0) [ 3183.250076][T17376] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3183.302141][T17376] Memory cgroup stats for /syz3: [ 3183.302310][T17376] anon 278343680 [ 3183.302310][T17376] file 24576 [ 3183.302310][T17376] kernel_stack 2949120 [ 3183.302310][T17376] slab 9445376 [ 3183.302310][T17376] sock 0 [ 3183.302310][T17376] shmem 106496 [ 3183.302310][T17376] file_mapped 0 [ 3183.302310][T17376] file_dirty 0 [ 3183.302310][T17376] file_writeback 0 [ 3183.302310][T17376] anon_thp 257949696 [ 3183.302310][T17376] inactive_anon 135168 [ 3183.302310][T17376] active_anon 278343680 06:00:48 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x229, 0x0) 06:00:48 executing program 1: r0 = openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/mISDNtimer\x00', 0x0, 0x0) ioctl$IMDELTIMER(r0, 0x80044941, &(0x7f0000000080)) [ 3183.302310][T17376] inactive_file 0 [ 3183.302310][T17376] active_file 0 [ 3183.302310][T17376] unevictable 0 [ 3183.302310][T17376] slab_reclaimable 1622016 [ 3183.302310][T17376] slab_unreclaimable 7823360 [ 3183.302310][T17376] pgfault 227436 [ 3183.302310][T17376] pgmajfault 0 [ 3183.302310][T17376] workingset_refault 132 [ 3183.302310][T17376] workingset_activate 66 [ 3183.302310][T17376] workingset_nodereclaim 0 [ 3183.302310][T17376] pgrefill 697 [ 3183.302310][T17376] pgscan 710 [ 3183.302310][T17376] pgsteal 312 [ 3183.460918][T17376] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=24785,uid=0 [ 3183.517236][T17376] Memory cgroup out of memory: Killed process 24785 (syz-executor.3) total-vm:74836kB, anon-rss:2220kB, file-rss:35868kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000 06:00:48 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETOBJ(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)={0x28, 0x15, 0xa, 0x101, 0x0, 0x0, {}, [@NFTA_OBJ_TYPE={0x8, 0x3, 0x1, 0x0, 0x3}, @NFTA_OBJ_TABLE={0x9, 0x1, 'syz0\x00'}]}, 0x28}}, 0x0) 06:00:49 executing program 3: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = accept$alg(0xffffffffffffffff, 0x0, 0x0) r1 = dup(r0) recvmsg$can_raw(r1, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r3 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000040), 0x0) r4 = accept$alg(r3, 0x0, 0x0) r5 = dup(r4) recvmsg$can_raw(r5, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r5, 0xae47, 0x0) r6 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60) ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r8, 0xae60) ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0) r9 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r9, 0x117, 0x1, &(0x7f0000000040), 0x0) [ 3184.365733][T17429] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3184.422752][T17429] CPU: 1 PID: 17429 Comm: syz-executor.3 Not tainted 5.6.0-rc1-syzkaller #0 [ 3184.431471][T17429] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3184.441678][T17429] Call Trace: [ 3184.445025][T17429] dump_stack+0x11d/0x181 [ 3184.449677][T17429] dump_header+0xaa/0x39c [ 3184.454136][T17429] oom_kill_process.cold+0x10/0x15 [ 3184.459267][T17429] out_of_memory+0x231/0xa60 [ 3184.463881][T17429] ? __rcu_read_unlock+0x66/0x2f0 [ 3184.468999][T17429] mem_cgroup_out_of_memory+0x128/0x150 [ 3184.474576][T17429] try_charge+0xb6c/0xbf0 [ 3184.478947][T17429] mem_cgroup_try_charge+0xd2/0x260 [ 3184.484233][T17429] mem_cgroup_try_charge_delay+0x3a/0x80 [ 3184.490071][T17429] wp_page_copy+0x322/0xf20 [ 3184.494613][T17429] ? __read_once_size+0x41/0xe0 [ 3184.499479][T17429] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 3184.505443][T17429] do_wp_page+0x192/0xd20 [ 3184.509798][T17429] __handle_mm_fault+0x1d16/0x2e00 [ 3184.515031][T17429] handle_mm_fault+0x21b/0x530 [ 3184.519941][T17429] do_page_fault+0x496/0xa3d [ 3184.524626][T17429] page_fault+0x34/0x40 [ 3184.528792][T17429] RIP: 0033:0x413d10 [ 3184.532693][T17429] Code: ff ff 48 83 c8 01 48 89 05 9d e9 86 00 48 8b 05 96 c1 30 00 49 c7 85 c8 02 00 00 90 fe 71 00 49 89 85 c0 02 00 00 4c 89 70 08 <4c> 89 35 79 c1 30 00 48 c7 05 6e e9 86 00 00 00 00 00 f0 ff 0d 6f [ 3184.552305][T17429] RSP: 002b:00007ffc79c5d860 EFLAGS: 00010202 [ 3184.558482][T17429] RAX: 00007f331e30e9c0 RBX: 0000000000020000 RCX: 00000000ffffffe0 [ 3184.566464][T17429] RDX: 0000000000000040 RSI: 0000000000000001 RDI: 00007f331e2ed6a0 [ 3184.574460][T17429] RBP: 00007ffc79c5d940 R08: 0000000000721800 R09: 0000000000721800 [ 3184.582439][T17429] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffc79c5da30 [ 3184.590491][T17429] R13: 00007f331e2ed700 R14: 00007f331e2ed9c0 R15: 000000000076bfcc 06:00:50 executing program 4: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_MRT6_ADD_MIF(r0, 0x29, 0xca, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x9}, 0xc) setsockopt$inet6_MRT6_DEL_MFC(r0, 0x29, 0xd4, &(0x7f0000000000)={{0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffa4]}}, {0xa, 0x0, 0x0, @mcast2}}, 0x4) 06:00:50 executing program 5: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xe6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_mreq(r0, 0x0, 0x20, &(0x7f0000000100)={@dev, @local}, 0x8) 06:00:50 executing program 0: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x1, 0x0) r1 = dup2(r0, r0) ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r1, 0xc02064b9, &(0x7f00000000c0)={0x0, 0x0}) 06:00:50 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x22a, 0x0) 06:00:50 executing program 1: r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000340)='/dev/vhost-vsock\x00', 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) r1 = eventfd(0x10000) ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f00000000c0)={0x1, r1}) [ 3184.745649][T17429] memory: usage 307200kB, limit 307200kB, failcnt 714 06:00:50 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000c40)={0x0, 0x0, &(0x7f0000000c00)={&(0x7f0000000300)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a3c000000090ac9df00000000000000000000000008000540000000280900010073797a300000000008000a40000000000900020073796f3100000000140000001100220000000000000000000000000a"], 0x64}}, 0x0) [ 3184.900916][T17429] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3184.951513][T17429] Memory cgroup stats for /syz3: [ 3184.951666][T17429] anon 278351872 [ 3184.951666][T17429] file 24576 [ 3184.951666][T17429] kernel_stack 2949120 [ 3184.951666][T17429] slab 9445376 [ 3184.951666][T17429] sock 0 [ 3184.951666][T17429] shmem 106496 [ 3184.951666][T17429] file_mapped 0 [ 3184.951666][T17429] file_dirty 0 [ 3184.951666][T17429] file_writeback 0 [ 3184.951666][T17429] anon_thp 257949696 [ 3184.951666][T17429] inactive_anon 135168 [ 3184.951666][T17429] active_anon 278351872 [ 3184.951666][T17429] inactive_file 0 06:00:50 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x22b, 0x0) [ 3184.951666][T17429] active_file 0 [ 3184.951666][T17429] unevictable 0 [ 3184.951666][T17429] slab_reclaimable 1622016 [ 3184.951666][T17429] slab_unreclaimable 7823360 [ 3184.951666][T17429] pgfault 227568 [ 3184.951666][T17429] pgmajfault 0 [ 3184.951666][T17429] workingset_refault 132 [ 3184.951666][T17429] workingset_activate 66 [ 3184.951666][T17429] workingset_nodereclaim 0 [ 3184.951666][T17429] pgrefill 697 [ 3184.951666][T17429] pgscan 743 [ 3184.951666][T17429] pgsteal 312 06:00:50 executing program 0: 06:00:50 executing program 1: 06:00:50 executing program 5: 06:00:50 executing program 0: [ 3185.327167][ C1] print_req_error: 417 callbacks suppressed [ 3185.327188][ C1] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3185.344154][ C1] buffer_io_error: 417 callbacks suppressed [ 3185.344165][ C1] Buffer I/O error on dev loop0, logical block 0, async page read [ 3185.420161][T17429] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=10421,uid=0 [ 3185.443603][ C1] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3185.454628][ C1] Buffer I/O error on dev loop0, logical block 0, async page read [ 3185.502216][ C1] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3185.513408][ C1] Buffer I/O error on dev loop0, logical block 0, async page read [ 3185.573041][ C1] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3185.581019][T17429] Memory cgroup out of memory: Killed process 10421 (syz-executor.3) total-vm:74836kB, anon-rss:2220kB, file-rss:35868kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000 [ 3185.584086][ C1] Buffer I/O error on dev loop0, logical block 0, async page read [ 3185.629339][ C1] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3185.641114][ C1] Buffer I/O error on dev loop0, logical block 0, async page read [ 3185.650402][ C1] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3185.661528][ C1] Buffer I/O error on dev loop0, logical block 0, async page read [ 3185.723666][ C1] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3185.737062][ C1] Buffer I/O error on dev loop0, logical block 0, async page read [ 3185.749158][ C1] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3185.760096][ C1] Buffer I/O error on dev loop0, logical block 0, async page read [ 3185.765718][T17434] syz-executor.3 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 3185.781092][ C1] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3185.792606][ C1] Buffer I/O error on dev loop0, logical block 0, async page read [ 3185.800541][T17434] CPU: 0 PID: 17434 Comm: syz-executor.3 Not tainted 5.6.0-rc1-syzkaller #0 [ 3185.805133][ C1] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3185.809484][T17434] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3185.809491][T17434] Call Trace: [ 3185.809529][T17434] dump_stack+0x11d/0x181 [ 3185.820397][ C1] Buffer I/O error on dev loop0, logical block 0, async page read [ 3185.831863][T17434] dump_header+0xaa/0x39c [ 3185.831963][T17434] oom_kill_process.cold+0x10/0x15 [ 3185.857567][T17434] out_of_memory+0x231/0xa60 [ 3185.862180][T17434] mem_cgroup_out_of_memory+0x128/0x150 [ 3185.867753][T17434] try_charge+0x800/0xbf0 [ 3185.872139][T17434] __memcg_kmem_charge_memcg+0x4a/0xe0 [ 3185.877947][T17434] __memcg_kmem_charge+0xcf/0x1b0 [ 3185.882996][T17434] __alloc_pages_nodemask+0x26c/0x310 [ 3185.888643][T17434] alloc_pages_current+0xd1/0x170 [ 3185.893703][T17434] pte_alloc_one+0x18/0x50 [ 3185.898231][T17434] __handle_mm_fault+0x2be6/0x2e00 [ 3185.903621][T17434] handle_mm_fault+0x21b/0x530 [ 3185.908467][T17434] do_page_fault+0x496/0xa3d [ 3185.913112][T17434] page_fault+0x34/0x40 [ 3185.917392][T17434] RIP: 0033:0x45c449 [ 3185.921319][T17434] Code: Bad RIP value. [ 3185.925570][T17434] RSP: 002b:00007f331e30dc78 EFLAGS: 00010246 [ 3185.931642][T17434] RAX: 0000000000000000 RBX: 00007f331e30e6d4 RCX: 000000000045c449 [ 3185.939729][T17434] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 3185.947890][T17434] RBP: 000000000076bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 3185.955875][T17434] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 3185.963856][T17434] R13: 0000000000000074 R14: 00000000004c2ce6 R15: 000000000076bf2c [ 3186.150917][T17434] memory: usage 304876kB, limit 307200kB, failcnt 714 [ 3186.157760][T17434] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3186.173710][T17434] Memory cgroup stats for /syz3: [ 3186.173883][T17434] anon 276148224 [ 3186.173883][T17434] file 24576 [ 3186.173883][T17434] kernel_stack 2949120 [ 3186.173883][T17434] slab 9445376 [ 3186.173883][T17434] sock 0 [ 3186.173883][T17434] shmem 106496 [ 3186.173883][T17434] file_mapped 0 [ 3186.173883][T17434] file_dirty 0 [ 3186.173883][T17434] file_writeback 0 [ 3186.173883][T17434] anon_thp 255852544 [ 3186.173883][T17434] inactive_anon 135168 [ 3186.173883][T17434] active_anon 276148224 [ 3186.173883][T17434] inactive_file 0 [ 3186.173883][T17434] active_file 0 [ 3186.173883][T17434] unevictable 0 [ 3186.173883][T17434] slab_reclaimable 1622016 [ 3186.173883][T17434] slab_unreclaimable 7823360 [ 3186.173883][T17434] pgfault 227568 [ 3186.173883][T17434] pgmajfault 0 [ 3186.173883][T17434] workingset_refault 132 [ 3186.173883][T17434] workingset_activate 66 [ 3186.173883][T17434] workingset_nodereclaim 0 [ 3186.173883][T17434] pgrefill 697 [ 3186.173883][T17434] pgscan 743 [ 3186.173883][T17434] pgsteal 312 [ 3186.308104][T17434] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=28250,uid=0 [ 3186.342480][T17434] Memory cgroup out of memory: Killed process 28250 (syz-executor.3) total-vm:74836kB, anon-rss:2220kB, file-rss:35864kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000 [ 3186.395129][T17432] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3186.405955][T17432] CPU: 0 PID: 17432 Comm: syz-executor.3 Not tainted 5.6.0-rc1-syzkaller #0 [ 3186.415004][T17432] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3186.425069][T17432] Call Trace: [ 3186.428378][T17432] dump_stack+0x11d/0x181 [ 3186.432781][T17432] dump_header+0xaa/0x39c [ 3186.437147][T17432] oom_kill_process.cold+0x10/0x15 [ 3186.442290][T17432] out_of_memory+0x231/0xa60 [ 3186.446910][T17432] mem_cgroup_out_of_memory+0x128/0x150 [ 3186.452512][T17432] try_charge+0x800/0xbf0 [ 3186.456961][T17432] mem_cgroup_try_charge+0xd2/0x260 [ 3186.462210][T17432] mem_cgroup_try_charge_delay+0x3a/0x80 [ 3186.467873][T17432] wp_page_copy+0x322/0xf20 [ 3186.472628][T17432] ? __read_once_size+0x41/0xe0 [ 3186.477505][T17432] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 3186.483438][T17432] do_wp_page+0x192/0xd20 [ 3186.487937][T17432] __handle_mm_fault+0x1d16/0x2e00 [ 3186.493230][T17432] handle_mm_fault+0x21b/0x530 [ 3186.498023][T17432] do_page_fault+0x496/0xa3d [ 3186.502763][T17432] page_fault+0x34/0x40 [ 3186.506933][T17432] RIP: 0033:0x403f80 [ 3186.510842][T17432] Code: 80 3d fb e6 87 00 00 c6 85 84 00 00 00 00 74 0f 8b 05 e8 e6 87 00 39 45 24 0f 84 46 02 00 00 44 8b a5 80 00 00 00 48 8b 5d 78 fb e6 ff ff 48 2b 05 84 40 34 00 8b 75 00 4c 89 f1 45 89 e1 49 [ 3186.530457][T17432] RSP: 002b:00007f331e30dc90 EFLAGS: 00010246 [ 3186.536702][T17432] RAX: 00007f332030f000 RBX: 0000000000005d4e RCX: 0000000000000000 [ 3186.544714][T17432] RDX: 000000000003ffff RSI: 0000000000403ecc RDI: 0000000000000000 [ 3186.552777][T17432] RBP: 000000000076bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 3186.560865][T17432] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3186.568844][T17432] R13: 0000000000000074 R14: 00000000004c2ce6 R15: 000000000076bf2c [ 3186.591070][T17432] memory: usage 302680kB, limit 307200kB, failcnt 714 [ 3186.615008][T17432] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3186.629325][T17432] Memory cgroup stats for /syz3: [ 3186.629502][T17432] anon 273924096 [ 3186.629502][T17432] file 24576 [ 3186.629502][T17432] kernel_stack 2949120 [ 3186.629502][T17432] slab 9445376 [ 3186.629502][T17432] sock 0 [ 3186.629502][T17432] shmem 106496 [ 3186.629502][T17432] file_mapped 0 [ 3186.629502][T17432] file_dirty 0 [ 3186.629502][T17432] file_writeback 0 [ 3186.629502][T17432] anon_thp 253755392 [ 3186.629502][T17432] inactive_anon 135168 [ 3186.629502][T17432] active_anon 273924096 [ 3186.629502][T17432] inactive_file 0 [ 3186.629502][T17432] active_file 0 [ 3186.629502][T17432] unevictable 0 [ 3186.629502][T17432] slab_reclaimable 1622016 [ 3186.629502][T17432] slab_unreclaimable 7823360 [ 3186.629502][T17432] pgfault 227568 [ 3186.629502][T17432] pgmajfault 0 [ 3186.629502][T17432] workingset_refault 132 [ 3186.629502][T17432] workingset_activate 66 [ 3186.629502][T17432] workingset_nodereclaim 0 [ 3186.629502][T17432] pgrefill 697 [ 3186.629502][T17432] pgscan 743 [ 3186.629502][T17432] pgsteal 312 [ 3186.852797][T17432] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=10450,uid=0 [ 3186.890321][T17432] Memory cgroup out of memory: Killed process 10450 (syz-executor.3) total-vm:74836kB, anon-rss:2220kB, file-rss:35864kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000 [ 3186.936064][ T1078] oom_reaper: reaped process 10450 (syz-executor.3), now anon-rss:0kB, file-rss:34904kB, shmem-rss:0kB 06:00:52 executing program 3: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = accept$alg(0xffffffffffffffff, 0x0, 0x0) r1 = dup(r0) recvmsg$can_raw(r1, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r3 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000040), 0x0) r4 = accept$alg(r3, 0x0, 0x0) r5 = dup(r4) recvmsg$can_raw(r5, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r5, 0xae47, 0x0) r6 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60) ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r8, 0xae60) ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0) r9 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r9, 0x117, 0x1, &(0x7f0000000040), 0x0) 06:00:52 executing program 1: 06:00:52 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x22c, 0x0) 06:00:52 executing program 5: 06:00:52 executing program 0: 06:00:52 executing program 4: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_MRT6_ADD_MIF(r0, 0x29, 0xca, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x9}, 0xc) setsockopt$inet6_MRT6_DEL_MFC(r0, 0x29, 0xd4, &(0x7f0000000000)={{0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffa4]}}, {0xa, 0x0, 0x0, @mcast2}}, 0x4) 06:00:52 executing program 1: 06:00:52 executing program 5: 06:00:52 executing program 0: 06:00:52 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x22d, 0x0) 06:00:53 executing program 1: 06:00:53 executing program 0: 06:00:53 executing program 3: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = accept$alg(0xffffffffffffffff, 0x0, 0x0) r1 = dup(r0) recvmsg$can_raw(r1, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r3 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000040), 0x0) r4 = accept$alg(r3, 0x0, 0x0) r5 = dup(r4) recvmsg$can_raw(r5, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r5, 0xae47, 0x0) r6 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60) ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r8, 0xae60) ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0) r9 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r9, 0x117, 0x1, &(0x7f0000000040), 0x0) 06:00:53 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x22e, 0x0) 06:00:53 executing program 5: 06:00:53 executing program 0: 06:00:53 executing program 1: 06:00:53 executing program 4: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_MRT6_ADD_MIF(r0, 0x29, 0xca, &(0x7f0000000080)={0x8}, 0xc) setsockopt$inet6_MRT6_DEL_MFC(r0, 0x29, 0xd4, &(0x7f0000000000)={{0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffa4]}}, {0xa, 0x0, 0x0, @mcast2}}, 0x4) 06:00:53 executing program 0: 06:00:53 executing program 5: 06:00:53 executing program 1: 06:00:53 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x22f, 0x0) 06:00:53 executing program 0: 06:00:53 executing program 5: 06:00:54 executing program 3: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = accept$alg(0xffffffffffffffff, 0x0, 0x0) r1 = dup(r0) recvmsg$can_raw(r1, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r3 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000040), 0x0) r4 = accept$alg(r3, 0x0, 0x0) r5 = dup(r4) recvmsg$can_raw(r5, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r5, 0xae47, 0x0) r6 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60) ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r8, 0xae60) ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0) r9 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r9, 0x117, 0x1, &(0x7f0000000040), 0x0) 06:00:54 executing program 1: 06:00:54 executing program 4: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_MRT6_ADD_MIF(r0, 0x29, 0xca, &(0x7f0000000080)={0x8}, 0xc) setsockopt$inet6_MRT6_DEL_MFC(r0, 0x29, 0xd4, &(0x7f0000000000)={{0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffa4]}}, {0xa, 0x0, 0x0, @mcast2}}, 0x4) 06:00:54 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x230, 0x0) 06:00:54 executing program 0: 06:00:54 executing program 5: 06:00:54 executing program 1: 06:00:54 executing program 0: 06:00:54 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x231, 0x0) 06:00:54 executing program 5: 06:00:54 executing program 1: 06:00:54 executing program 0: [ 3189.522576][T17586] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3189.707008][T17586] CPU: 1 PID: 17586 Comm: syz-executor.3 Not tainted 5.6.0-rc1-syzkaller #0 [ 3189.715733][T17586] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3189.726092][T17586] Call Trace: [ 3189.729569][T17586] dump_stack+0x11d/0x181 [ 3189.734108][T17586] dump_header+0xaa/0x39c [ 3189.738492][T17586] oom_kill_process.cold+0x10/0x15 [ 3189.743630][T17586] out_of_memory+0x231/0xa60 [ 3189.748391][T17586] ? __rcu_read_unlock+0x66/0x2f0 [ 3189.753607][T17586] mem_cgroup_out_of_memory+0x128/0x150 [ 3189.759233][T17586] try_charge+0xb6c/0xbf0 [ 3189.763729][T17586] mem_cgroup_try_charge+0xd2/0x260 [ 3189.769047][T17586] mem_cgroup_try_charge_delay+0x3a/0x80 [ 3189.774722][T17586] wp_page_copy+0x322/0xf20 [ 3189.779261][T17586] ? __read_once_size+0x41/0xe0 [ 3189.784134][T17586] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 3189.790062][T17586] do_wp_page+0x192/0xd20 [ 3189.794476][T17586] __handle_mm_fault+0x1d16/0x2e00 [ 3189.799671][T17586] handle_mm_fault+0x21b/0x530 [ 3189.804486][T17586] do_page_fault+0x496/0xa3d [ 3189.809134][T17586] page_fault+0x34/0x40 [ 3189.813302][T17586] RIP: 0033:0x411498 [ 3189.817212][T17586] Code: 8b 34 c6 4a 8d 04 2e 48 3d ff ff ff 7e 0f 86 77 ff ff ff bf 58 1d 4c 00 31 c0 e8 13 0a ff ff 31 ff e8 5c 06 ff ff 0f 1f 40 00 <89> 3c b5 00 00 74 00 eb b6 31 ed 0f 1f 44 00 00 80 3d ae 11 87 00 [ 3189.837519][T17586] RSP: 002b:00007ffc79c5d880 EFLAGS: 00010246 [ 3189.843941][T17586] RAX: 000000002c60de5d RBX: 00000000ac369be7 RCX: 0000001b33e20000 [ 3189.851923][T17586] RDX: 0000000000000000 RSI: 0000000000001e5d RDI: ffffffff2c60de5d [ 3189.860021][T17586] RBP: 0000000000000009 R08: 000000002c60de5d R09: 000000002c60de61 [ 3189.868162][T17586] R10: 00007ffc79c5da20 R11: 0000000000000246 R12: 000000000076c048 [ 3189.876144][T17586] R13: 0000000080000000 R14: 00007f332010f008 R15: 000000000000000e [ 3189.939540][T17586] memory: usage 307200kB, limit 307200kB, failcnt 753 [ 3189.946542][T17586] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3189.953781][T17586] Memory cgroup stats for /syz3: [ 3189.953914][T17586] anon 278216704 [ 3189.953914][T17586] file 24576 [ 3189.953914][T17586] kernel_stack 2949120 [ 3189.953914][T17586] slab 9445376 [ 3189.953914][T17586] sock 0 [ 3189.953914][T17586] shmem 106496 [ 3189.953914][T17586] file_mapped 0 [ 3189.953914][T17586] file_dirty 0 [ 3189.953914][T17586] file_writeback 0 [ 3189.953914][T17586] anon_thp 257949696 [ 3189.953914][T17586] inactive_anon 135168 [ 3189.953914][T17586] active_anon 278216704 [ 3189.953914][T17586] inactive_file 0 [ 3189.953914][T17586] active_file 0 [ 3189.953914][T17586] unevictable 0 [ 3189.953914][T17586] slab_reclaimable 1622016 [ 3189.953914][T17586] slab_unreclaimable 7823360 [ 3189.953914][T17586] pgfault 227865 [ 3189.953914][T17586] pgmajfault 0 [ 3189.953914][T17586] workingset_refault 132 [ 3189.953914][T17586] workingset_activate 66 [ 3189.953914][T17586] workingset_nodereclaim 0 [ 3189.953914][T17586] pgrefill 697 [ 3189.953914][T17586] pgscan 743 [ 3189.953914][T17586] pgsteal 312 [ 3190.052248][T17586] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=7060,uid=0 [ 3190.068346][T17586] Memory cgroup out of memory: Killed process 7060 (syz-executor.3) total-vm:74704kB, anon-rss:2212kB, file-rss:35864kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000 06:00:55 executing program 3: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) r0 = accept$alg(0xffffffffffffffff, 0x0, 0x0) r1 = dup(r0) recvmsg$can_raw(r1, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r3 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000040), 0x0) r4 = accept$alg(r3, 0x0, 0x0) r5 = dup(r4) recvmsg$can_raw(r5, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r5, 0xae47, 0x0) r6 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60) ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r8, 0xae60) ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0) r9 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r9, 0x117, 0x1, &(0x7f0000000040), 0x0) 06:00:55 executing program 5: 06:00:55 executing program 1: 06:00:55 executing program 0: 06:00:55 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x232, 0x0) 06:00:55 executing program 4: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_MRT6_ADD_MIF(r0, 0x29, 0xca, &(0x7f0000000080)={0x8}, 0xc) setsockopt$inet6_MRT6_DEL_MFC(r0, 0x29, 0xd4, &(0x7f0000000000)={{0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffa4]}}, {0xa, 0x0, 0x0, @mcast2}}, 0x4) 06:00:55 executing program 5: 06:00:55 executing program 1: 06:00:55 executing program 0: 06:00:55 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x233, 0x0) 06:00:55 executing program 5: 06:00:55 executing program 1: [ 3190.815599][ C1] print_req_error: 539 callbacks suppressed [ 3190.815618][ C1] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3190.832575][ C1] buffer_io_error: 539 callbacks suppressed [ 3190.832588][ C1] Buffer I/O error on dev loop0, logical block 0, async page read [ 3190.984689][ C1] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3190.995638][ C1] Buffer I/O error on dev loop0, logical block 0, async page read [ 3191.101120][ C1] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3191.112151][ C1] Buffer I/O error on dev loop0, logical block 0, async page read [ 3191.132810][ C1] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3191.143740][ C1] Buffer I/O error on dev loop0, logical block 0, async page read 06:00:56 executing program 3: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) r0 = accept$alg(0xffffffffffffffff, 0x0, 0x0) r1 = dup(r0) recvmsg$can_raw(r1, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r3 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000040), 0x0) r4 = accept$alg(r3, 0x0, 0x0) r5 = dup(r4) recvmsg$can_raw(r5, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r5, 0xae47, 0x0) r6 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60) ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r8, 0xae60) ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0) r9 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r9, 0x117, 0x1, &(0x7f0000000040), 0x0) 06:00:56 executing program 0: ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000100)={0x0, 0x3}) ioctl$TIOCPKT(0xffffffffffffffff, 0x5420, &(0x7f00000002c0)=0x103) r0 = syz_open_pts(0xffffffffffffffff, 0x0) getsockopt$packet_int(0xffffffffffffffff, 0x107, 0x0, 0x0, 0x0) getsockopt$packet_int(0xffffffffffffffff, 0x107, 0xb, 0x0, &(0x7f00000041c0)) getsockopt$packet_int(0xffffffffffffffff, 0x107, 0x0, 0x0, 0x0) getsockopt$packet_int(0xffffffffffffffff, 0x107, 0x0, 0x0, &(0x7f00000041c0)) r1 = gettid() r2 = creat(&(0x7f0000000280)='./file0\x00', 0x1) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) write$binfmt_script(r2, &(0x7f00000000c0)=ANY=[@ANYBLOB='#! ./file0 S'], 0xc) prctl$PR_SET_PTRACER(0x59616d61, r1) perf_event_open(&(0x7f00000001c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r2) ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f0000000040)={0x4, 0x8}) write$RDMA_USER_CM_CMD_RESOLVE_ROUTE(0xffffffffffffffff, &(0x7f0000000000)={0x4, 0x8}, 0x10) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) execve(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) 06:00:56 executing program 5: mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000080)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) read$FUSE(r0, &(0x7f0000000580), 0xefee) write$FUSE_INIT(r0, &(0x7f0000000140)={0x50, 0x0, 0x2, {0x7, 0x1b, 0x0, 0x32050000}}, 0x50) 06:00:56 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f0000000040)="660f382b1a0f01df0f300f32d9e90f086665676426f7c5000000000f2245deef1e03e5", 0x23}], 0x1, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040)) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB, @ANYRES16=0x0, @ANYBLOB], 0x3}}, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_open_dev$vcsn(&(0x7f0000000080)='/dev/vcs#\x00', 0x0, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0xfffffffffffffffc, 0x100, 0x40000007, 0x0, 0x0, 0x0, 0x4cc], 0x10000}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 06:00:56 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x234, 0x0) 06:00:56 executing program 4: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_MRT6_ADD_MIF(r0, 0x29, 0xca, &(0x7f0000000080)={0x8, 0x0, 0x0, 0x9}, 0xc) setsockopt$inet6_MRT6_DEL_MFC(0xffffffffffffffff, 0x29, 0xd4, &(0x7f0000000000)={{0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffa4]}}, {0xa, 0x0, 0x0, @mcast2}}, 0x4) [ 3191.191055][ C1] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3191.201981][ C1] Buffer I/O error on dev loop0, logical block 0, async page read [ 3191.282969][ C1] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3191.293997][ C1] Buffer I/O error on dev loop0, logical block 0, async page read [ 3191.366725][ C1] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3191.377656][ C1] Buffer I/O error on dev loop0, logical block 0, async page read 06:00:56 executing program 1: r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) r1 = socket$inet6(0xa, 0x400000000001, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0x0) close(0xffffffffffffffff) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x80001d00c0d0) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(0xffffffffffffffff, 0x84, 0x66, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000080)={0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0}, &(0x7f00000000c0)=0x20) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(0xffffffffffffffff, 0x84, 0x66, &(0x7f0000000100)={r2, 0x7}, &(0x7f0000000200)=0x8) setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket(0x11, 0x80002, 0x0) setsockopt$packet_int(r3, 0x107, 0xa, &(0x7f0000788000)=0x2, 0x4) bind$packet(r3, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) setsockopt(r3, 0x107, 0x5, &(0x7f0000001000), 0xc5) connect$inet(r0, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r0, &(0x7f0000004e00)=[{{0x0, 0x0, &(0x7f0000001f80), 0x300, &(0x7f0000001fc0)}}], 0x400000000000047, 0x0) [ 3191.419202][ C1] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3191.430166][ C1] Buffer I/O error on dev loop0, logical block 0, async page read [ 3191.439081][ C1] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3191.450152][ C1] Buffer I/O error on dev loop0, logical block 0, async page read [ 3191.472060][ C1] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3191.482996][ C1] Buffer I/O error on dev loop0, logical block 0, async page read 06:00:56 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x235, 0x0) 06:00:56 executing program 5: mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000080)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) read$FUSE(r0, &(0x7f0000000580), 0xefee) write$FUSE_INIT(r0, &(0x7f0000000140)={0x50, 0x0, 0x2, {0x7, 0x1b, 0x0, 0x32050000}}, 0x50) 06:00:56 executing program 4: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_MRT6_ADD_MIF(r0, 0x29, 0xca, &(0x7f0000000080)={0x8, 0x0, 0x0, 0x9}, 0xc) setsockopt$inet6_MRT6_DEL_MFC(0xffffffffffffffff, 0x29, 0xd4, &(0x7f0000000000)={{0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffa4]}}, {0xa, 0x0, 0x0, @mcast2}}, 0x4) 06:00:57 executing program 4: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_MRT6_ADD_MIF(r0, 0x29, 0xca, &(0x7f0000000080)={0x8, 0x0, 0x0, 0x9}, 0xc) setsockopt$inet6_MRT6_DEL_MFC(0xffffffffffffffff, 0x29, 0xd4, &(0x7f0000000000)={{0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffa4]}}, {0xa, 0x0, 0x0, @mcast2}}, 0x4) 06:00:57 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x236, 0x0) 06:00:57 executing program 3: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) r0 = accept$alg(0xffffffffffffffff, 0x0, 0x0) r1 = dup(r0) recvmsg$can_raw(r1, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r3 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000040), 0x0) r4 = accept$alg(r3, 0x0, 0x0) r5 = dup(r4) recvmsg$can_raw(r5, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r5, 0xae47, 0x0) r6 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60) ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r8, 0xae60) ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0) r9 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r9, 0x117, 0x1, &(0x7f0000000040), 0x0) 06:00:59 executing program 0: ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000100)={0x0, 0x3}) ioctl$TIOCPKT(0xffffffffffffffff, 0x5420, &(0x7f00000002c0)=0x103) r0 = syz_open_pts(0xffffffffffffffff, 0x0) getsockopt$packet_int(0xffffffffffffffff, 0x107, 0x0, 0x0, 0x0) getsockopt$packet_int(0xffffffffffffffff, 0x107, 0xb, 0x0, &(0x7f00000041c0)) getsockopt$packet_int(0xffffffffffffffff, 0x107, 0x0, 0x0, 0x0) getsockopt$packet_int(0xffffffffffffffff, 0x107, 0x0, 0x0, &(0x7f00000041c0)) r1 = gettid() r2 = creat(&(0x7f0000000280)='./file0\x00', 0x1) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) write$binfmt_script(r2, &(0x7f00000000c0)=ANY=[@ANYBLOB='#! ./file0 S'], 0xc) prctl$PR_SET_PTRACER(0x59616d61, r1) perf_event_open(&(0x7f00000001c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r2) ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f0000000040)={0x4, 0x8}) write$RDMA_USER_CM_CMD_RESOLVE_ROUTE(0xffffffffffffffff, &(0x7f0000000000)={0x4, 0x8}, 0x10) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) execve(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) 06:00:59 executing program 5: 06:00:59 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x237, 0x0) 06:00:59 executing program 1: r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) r1 = socket$inet6(0xa, 0x400000000001, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0x0) close(0xffffffffffffffff) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x80001d00c0d0) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(0xffffffffffffffff, 0x84, 0x66, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000080)={0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0}, &(0x7f00000000c0)=0x20) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(0xffffffffffffffff, 0x84, 0x66, &(0x7f0000000100)={r2, 0x7}, &(0x7f0000000200)=0x8) setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket(0x11, 0x80002, 0x0) setsockopt$packet_int(r3, 0x107, 0xa, &(0x7f0000788000)=0x2, 0x4) bind$packet(r3, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) setsockopt(r3, 0x107, 0x5, &(0x7f0000001000), 0xc5) connect$inet(r0, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r0, &(0x7f0000004e00)=[{{0x0, 0x0, &(0x7f0000001f80), 0x300, &(0x7f0000001fc0)}}], 0x400000000000047, 0x0) 06:00:59 executing program 4: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_MRT6_ADD_MIF(r0, 0x29, 0xca, &(0x7f0000000080)={0x8, 0x0, 0x0, 0x9}, 0xc) setsockopt$inet6_MRT6_DEL_MFC(r0, 0x29, 0xd4, 0x0, 0x0) 06:00:59 executing program 3: clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = accept$alg(0xffffffffffffffff, 0x0, 0x0) r1 = dup(r0) recvmsg$can_raw(r1, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r3 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000040), 0x0) r4 = accept$alg(r3, 0x0, 0x0) r5 = dup(r4) recvmsg$can_raw(r5, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r5, 0xae47, 0x0) r6 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60) ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r8, 0xae60) ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0) r9 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r9, 0x117, 0x1, &(0x7f0000000040), 0x0) 06:01:00 executing program 5: 06:01:00 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x238, 0x0) 06:01:00 executing program 4: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_MRT6_ADD_MIF(r0, 0x29, 0xca, &(0x7f0000000080)={0x8, 0x0, 0x0, 0x9}, 0xc) setsockopt$inet6_MRT6_DEL_MFC(r0, 0x29, 0xd4, 0x0, 0x0) 06:01:00 executing program 5: openat$proc_capi20ncci(0xffffffffffffff9c, 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='memory.events\x00', 0x7a05, 0x1700) quotactl(0x40000080000100, 0x0, 0x0, 0x0) 06:01:00 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x239, 0x0) 06:01:00 executing program 1: r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) r1 = socket$inet6(0xa, 0x400000000001, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0x0) close(0xffffffffffffffff) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x80001d00c0d0) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(0xffffffffffffffff, 0x84, 0x66, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000080)={0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0}, &(0x7f00000000c0)=0x20) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(0xffffffffffffffff, 0x84, 0x66, &(0x7f0000000100)={r2, 0x7}, &(0x7f0000000200)=0x8) setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket(0x11, 0x80002, 0x0) setsockopt$packet_int(r3, 0x107, 0xa, &(0x7f0000788000)=0x2, 0x4) bind$packet(r3, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) setsockopt(r3, 0x107, 0x5, &(0x7f0000001000), 0xc5) connect$inet(r0, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r0, &(0x7f0000004e00)=[{{0x0, 0x0, &(0x7f0000001f80), 0x300, &(0x7f0000001fc0)}}], 0x400000000000047, 0x0) 06:01:02 executing program 0: write$P9_RSTATu(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000540)=ANY=[@ANYBLOB="b70000000200ffffbfa30000000000000703000028feffff620af0fff8ffffff61a4f0ff000000001f040000000000004d400300000000006504000001ed000067000000170000000c44000000000000630a00fe000000004e40000000000000c6000000000000009500000000000000023bc065b7a379d17cf9333379fc9e94af69912435f1b6a693002e7f3be361917adef6ee1c8a2b4f8ef1e50b91f32050e436fe275daf51811a07895f742df5f44198efefb202ee38788ebf01de00b1b5e4fef3bef70548aed0d600c095199fe3ff3128e599b0eacf6fbd7359a48f5b0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd8dff0c710e4cdbf4fc41fbba4f94329e646b8ee6de2109fbe4b61a615c6c57a2b649dc74a1a610643b08d9ec21ead2ed51b104d4d91af25b845d8a7925c3109b151b8b9f75dd08d123deda8a3658d42ecbf28bf7076c15b463bebc72f526d8e8afcb953466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d99edc3a6138d5f728d236619074d6ebdf098bc908f50ad228a40f9411fe7226a4040b96e3000046756d3572e674047e29faf75ddd1aa96960bca97af13382cb881cc1f62c0f8f8f0e8d76b86f9c45636614786f5a2cb77230a874640dcbe0b20bb77c022d4cabf0d378fce8c5c81b7037181fc2f18f781aaa6e2957d7e374c1baddcb7ec6667e699f24e41697ee7ea23c4b29a8b6cc9a1f5a7bb2b1ed81d2cf370ee4a2a00ebeb476ea3caae05f13832292cb949b3aab2ab1e042ff2164d88188c3117c4a87c756b97e5889685a96949e4cb4f8f67b8bb8dfff8f4b25243888e8b0020e733a63784ccc214d930cbb7e090d63fcd7071b53ac29df656f8ae6d6e18c1eacf5bf870768d5217e9bb7a05d9e22ce67f1231bd236486727d970acc546087acbf30f2f8165b47ba56dfadd14b306a98931485747292c6fe6e188750cf6f87cce229fd67c7133a9f05954cde298a35ea6d715ba80aee6335eb811a085ca14a7989f9777f600000000000000000000000000000000000000000000000000800000000000000000b854adb4f891ef64e8407c6bdb37f4b0acadc4b7af2d6ab45730e94a2483fa4a5bd8f4dcacca67bc0b8a7ab247b3c7f2efcee4f1e4f62749c4929e24240ea91bdae1e3c9437b47d15ec84ec1ab15b0130cb7ed7e87f79bb59d9ca5c1ca94114b3f48b7caf6521477811eeda119af711c6ec62b7af81048ad98c5280f3e14358d83d69193c4e466b2bf3b19344acf62d982fb84b73d040d68f15ded0a6066fe00759b7d21791d1f8aab0308abf0f2588803f59aff52d21d3c73053fc1a9cea130ac906c1001b694ec2db4a7f8cf138b5dee6362cbee74f932b1eda63ad3ad7e7511a3a96a5eaed1dd0cdb988b491797bcb12c209e826f1fd2ab9e3d241c508b2e71401e76f306ffd172d5af9a1fe9f90151451065a34e1b2fb2a9321de6ae82b69b424c375cfaa29ed0184e7c952b734638954908a2ac8ebd0a517e9ad12db0f7868ad82a2d96dc3f5f9805efcf62a9fa964dc61f203e5dcf3df32e55a9597d389b794ea2a6d972f4d56976057d7541873c220010001366b40fdb812da4f4a6ee86742aaa0dd939a78340686d71345f24a26124f591690c4b78514ce9a5235c00488597"], &(0x7f00000001c0)='GPL\x00'}, 0x48) 06:01:02 executing program 3: clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = accept$alg(0xffffffffffffffff, 0x0, 0x0) r1 = dup(r0) recvmsg$can_raw(r1, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r3 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000040), 0x0) r4 = accept$alg(r3, 0x0, 0x0) r5 = dup(r4) recvmsg$can_raw(r5, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r5, 0xae47, 0x0) r6 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60) ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r8, 0xae60) ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0) r9 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r9, 0x117, 0x1, &(0x7f0000000040), 0x0) 06:01:02 executing program 5: openat$proc_capi20ncci(0xffffffffffffff9c, 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='memory.events\x00', 0x7a05, 0x1700) quotactl(0x40000080000100, 0x0, 0x0, 0x0) 06:01:02 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x23a, 0x0) 06:01:02 executing program 4: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_MRT6_ADD_MIF(r0, 0x29, 0xca, &(0x7f0000000080)={0x8, 0x0, 0x0, 0x9}, 0xc) setsockopt$inet6_MRT6_DEL_MFC(r0, 0x29, 0xd4, 0x0, 0x0) 06:01:02 executing program 1: r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) r1 = socket$inet6(0xa, 0x400000000001, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0x0) close(0xffffffffffffffff) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x80001d00c0d0) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(0xffffffffffffffff, 0x84, 0x66, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000080)={0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0}, &(0x7f00000000c0)=0x20) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(0xffffffffffffffff, 0x84, 0x66, &(0x7f0000000100)={r2, 0x7}, &(0x7f0000000200)=0x8) setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket(0x11, 0x80002, 0x0) setsockopt$packet_int(r3, 0x107, 0xa, &(0x7f0000788000)=0x2, 0x4) bind$packet(r3, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) setsockopt(r3, 0x107, 0x5, &(0x7f0000001000), 0xc5) connect$inet(r0, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r0, &(0x7f0000004e00)=[{{0x0, 0x0, &(0x7f0000001f80), 0x300, &(0x7f0000001fc0)}}], 0x400000000000047, 0x0) [ 3197.798154][ C1] print_req_error: 112 callbacks suppressed [ 3197.798173][ C1] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3197.815026][ C1] buffer_io_error: 112 callbacks suppressed [ 3197.815041][ C1] Buffer I/O error on dev loop0, logical block 0, async page read [ 3197.829208][ C0] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3197.840239][ C0] Buffer I/O error on dev loop0, logical block 0, async page read 06:01:03 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x23b, 0x0) [ 3197.886010][ C0] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3197.896976][ C0] Buffer I/O error on dev loop0, logical block 0, async page read [ 3197.953540][ C0] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3197.964474][ C0] Buffer I/O error on dev loop0, logical block 0, async page read [ 3198.017357][ C0] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3198.030131][ C0] Buffer I/O error on dev loop0, logical block 0, async page read [ 3198.038787][ C0] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3198.049796][ C0] Buffer I/O error on dev loop0, logical block 0, async page read [ 3198.058233][ C0] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3198.069133][ C0] Buffer I/O error on dev loop0, logical block 0, async page read [ 3198.077754][ C0] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3198.088685][ C0] Buffer I/O error on dev loop0, logical block 0, async page read [ 3198.097064][ C0] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3198.109720][ C0] Buffer I/O error on dev loop0, logical block 0, async page read [ 3198.117985][ C0] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3198.128893][ C0] Buffer I/O error on dev loop0, logical block 0, async page read 06:01:03 executing program 5: r0 = socket$inet6(0xa, 0x20000000080002, 0x0) sendmmsg$inet6(r0, &(0x7f0000006100)=[{{&(0x7f0000000040)={0xa, 0x4e22, 0x0, @loopback}, 0x1c, 0x0}}, {{&(0x7f0000000240)={0xa, 0x4e23, 0x0, @local}, 0x1c, 0x0, 0x0, &(0x7f0000001480)=[@dstopts_2292={{0x18}}, @dstopts_2292={{0x18}}], 0x30}}], 0x2, 0x0) 06:01:03 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'rmd256\x00'}, 0x58) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000003e80)=[{0x0, 0x0, &(0x7f0000000140), 0x0, &(0x7f0000000100)=[@assoc], 0x17}], 0x4924924924924f9, 0x0) openat$zero(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, 0x0) 06:01:03 executing program 0: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_PCM_IOCTL_WRITEN_FRAMES(0xffffffffffffffff, 0x40184152, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000680)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="0000000000000000280012000c000100766574680000000018000200fd0001000000000023c0306554362dddcb892ef8051404bde5bf296e3c566a03d724f7ead1ef33adfdbe08b8c5236b93b9797b4409f6e370d1515d2e1fa63259e6d4bd05772981", @ANYRES32=0x0, @ANYBLOB="e371a01c7d83e16db1918b5328546fd0db633ad73f48121530e272e1e1c5c2d6513819000000624400000000000000"], 0x48}}, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = syz_open_procfs(0x0, 0x0) sendfile(0xffffffffffffffff, r4, 0x0, 0x0) write$input_event(r4, &(0x7f00000002c0)={{0x0, 0x7530}, 0x0, 0x5}, 0x18) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x825, 0x0, 0x0, {0x0, 0x0, 0x0, r3}, [@IFLA_PROTO_DOWN={0x8, 0xa, 0x14}]}, 0x28}}, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3ff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bind$can_raw(r2, &(0x7f0000000840), 0x10) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) 06:01:03 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x23c, 0x0) 06:01:04 executing program 5: r0 = socket$inet6(0xa, 0x20000000080002, 0x0) sendmmsg$inet6(r0, &(0x7f0000006100)=[{{&(0x7f0000000040)={0xa, 0x4e22, 0x0, @loopback}, 0x1c, 0x0}}, {{&(0x7f0000000240)={0xa, 0x4e23, 0x0, @local}, 0x1c, 0x0, 0x0, &(0x7f0000001480)=[@dstopts_2292={{0x18}}, @dstopts_2292={{0x18}}], 0x30}}], 0x2, 0x0) [ 3198.738915][T17906] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. 06:01:04 executing program 3: clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = accept$alg(0xffffffffffffffff, 0x0, 0x0) r1 = dup(r0) recvmsg$can_raw(r1, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r3 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000040), 0x0) r4 = accept$alg(r3, 0x0, 0x0) r5 = dup(r4) recvmsg$can_raw(r5, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r5, 0xae47, 0x0) r6 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60) ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r8, 0xae60) ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0) r9 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r9, 0x117, 0x1, &(0x7f0000000040), 0x0) 06:01:04 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f0000000040)="660f382b1a0f01df0f300f32d9e90f086665676426f7c5000000000f2245deef1e03e5", 0x23}], 0x1, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040)) sendmsg$L2TP_CMD_TUNNEL_CREATE(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xa000000}, 0xc, 0x0}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000007, 0x0, 0x0, 0x0, 0x4cc], 0x10000}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 3198.897593][T17906] batman_adv: batadv0: Adding interface: veth93 06:01:04 executing program 1: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) syz_open_dev$midi(&(0x7f0000000000)='/dev/midi#\x00', 0x200, 0x101881) r1 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) ftruncate(r1, 0x8004) sendfile(r0, r1, 0x0, 0x80001d00c0d0) 06:01:04 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x23d, 0x0) [ 3198.946220][T17906] batman_adv: batadv0: The MTU of interface veth93 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 3199.101001][T17906] batman_adv: batadv0: Not using interface veth93 (retrying later): interface not active 06:01:04 executing program 5: creat(&(0x7f0000000000)='./file0\x00', 0x0) mount$fuseblk(&(0x7f0000000100)='/dev/loop0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='fuseblk\x00', 0x0, 0x0) [ 3199.207263][T17909] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3199.329068][ T26] audit: type=1800 audit(1582696864.586:25135): pid=17922 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed comm="syz-executor.1" name="bus" dev="sda1" ino=17793 res=0 06:01:04 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x23e, 0x0) 06:01:04 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22}, 0x1c) listen(r0, 0x0) syz_emit_ethernet(0x4a, &(0x7f00000000c0)={@local, @remote, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "000400", 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x10}}}}}}}, 0x0) 06:01:04 executing program 1: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f0000001640)=[{&(0x7f0000000280)="440a61f251c1c4e23486312947adcce7af5edab79d00ebb855faa5a27275e95907d782f4e6f980b4ebe9c71ca91341e58485d9296be333e3", 0x38}], 0x1, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="0100008024003c64f40900"/20, @ANYRES32, @ANYBLOB="00000000ffffffff000000000a0001006e6574656d00"], 0x3}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=ANY=[@ANYBLOB='8\x00\x00\x00$\x00\a'], 0x1}}, 0x0) splice(r0, 0x0, r2, 0x0, 0xe47, 0x0) 06:01:04 executing program 3: set_mempolicy(0x0, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = accept$alg(0xffffffffffffffff, 0x0, 0x0) r1 = dup(r0) recvmsg$can_raw(r1, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r3 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000040), 0x0) r4 = accept$alg(r3, 0x0, 0x0) r5 = dup(r4) recvmsg$can_raw(r5, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r5, 0xae47, 0x0) r6 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60) ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r8, 0xae60) ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0) r9 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r9, 0x117, 0x1, &(0x7f0000000040), 0x0) 06:01:04 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000000600)=ANY=[@ANYBLOB="bf16000000000000b70700000100f0ff48700000003c0e0f870000000000000095000000000000002ba728e315f529a3fec394560b78bc325e693f5c2898d6fbd30cb599e8d36bb3019c1abd23212fb56fa54f26fb487960717142fa9eb42703a4318123741c0a0e168c1886d0d4d94f2f4e345c65d8d65296800c86ae3b3e05df3ceb9fc4fcc2a100c788b277beee1cbf9b343881dcc7b1b85f3c3d44aeaccd3641110bec4e90a6341965c39e4b3449a9e802f59cbeeb05bf02d2be22278d00db3aca88ee5c867ddd58211d6ececb0cd2b6d35fb85830b90a4efbfe440e6e1c893902eb8fd249822775985bf31b715f5888b20001000000000081f36c67d1b4411a00000000000000000000000000d7b482ae189575b3e9460b15c31fd8771006057c5e8a1ad6d67a1b0000000000000000000000000000001ccd0ebf626de14f71a04b4425eca8093acf7667eb929249ae8fb044b8b0283da42de67c0864c59adba3402c5a18d5bd1cb243674329aa02403fcdc0fa7178db209801c2e8a44966361f85bd4be0bf0d00b85da1eb0ecdf330f36a3e530fcbf6105c14c835a122f25b3d67b1e233c2e8b363e4f5c506777f3c"], &(0x7f0000000140)='GPL\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000400)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) 06:01:04 executing program 5: perf_event_open(&(0x7f0000000100)={0x2, 0x70, 0x800000000000012, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sync() 06:01:05 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x23f, 0x0) 06:01:05 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000c40)={0x0, 0x0, &(0x7f0000000c00)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a58000000090ac9df00000000000000000000000008000540000000280900010073797a300000000008000a40000000000900020073797a361cc3eb14278558400000000f08000640ffffff00080008400000004a46066ad20004000980140000001100010000000000000000000000000ac0c61cdd04578b9f409516fbde7cbab450041f6e6fe538f854e6cf74f18e3c0dbc9b654e68e8c2d7f2046e18487471da13ae4157f120c1ab2d3dc5b1c6c8d41d7e0cef74fa34176c87ad474d0441335d4cfd25337b735fbb528cd90f3a23f482d71318466fb37c8f12f648c784944dc21f47990a4d32bbad9d55c748d12337a71d0054d5238d1947596402e2bd8860567e72a65a2edbaa5e7946bf23f0bac24fb0ed1ef9e4aff81a7aa1c1bfd95f4aa8cd5e8a38af20"], 0x80}}, 0x0) [ 3200.071910][T17961] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.0'. 06:01:05 executing program 5: r0 = syz_open_dev$video(&(0x7f0000000080)='/dev/video#\x00', 0xd, 0x0) ioctl$VIDIOC_S_EXT_CTRLS(r0, 0xc0205648, &(0x7f0000000480)={0xa20000, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0}) 06:01:05 executing program 0: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r0 = epoll_create1(0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000780)) ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc0585611, 0x0) ioctl$BLKBSZSET(0xffffffffffffffff, 0x40081271, 0x0) sendmmsg$alg(0xffffffffffffffff, 0x0, 0x0, 0x0) socket(0x0, 0x0, 0x0) socket(0x0, 0x0, 0x0) 06:01:05 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x240, 0x0) [ 3200.449643][T17942] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. 06:01:05 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000c40)={0x0, 0x0, &(0x7f0000000c00)={&(0x7f0000000180)={{0x14}, [@NFT_MSG_NEWSET={0x50, 0x9, 0xa, 0x6234f84c1300dfc9, 0x0, 0x0, {}, [@NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x28}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_DESC={0x14, 0x9, 0x0, 0x1, [@NFTA_SET_DESC_SIZE={0x8, 0x2, 0x1, 0x0, 0x4000000}, @NFTA_SET_DESC_SIZE={0x8}]}]}], {0x14}}, 0x78}}, 0x0) 06:01:06 executing program 3: set_mempolicy(0x0, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = accept$alg(0xffffffffffffffff, 0x0, 0x0) r1 = dup(r0) recvmsg$can_raw(r1, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r3 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000040), 0x0) r4 = accept$alg(r3, 0x0, 0x0) r5 = dup(r4) recvmsg$can_raw(r5, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r5, 0xae47, 0x0) r6 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60) ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r8, 0xae60) ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0) r9 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r9, 0x117, 0x1, &(0x7f0000000040), 0x0) 06:01:06 executing program 5: r0 = syz_open_dev$video(&(0x7f0000000080)='/dev/video#\x00', 0xd, 0x0) ioctl$VIDIOC_S_AUDIO(r0, 0x40345622, &(0x7f0000000040)={0xff, "5663fd56569b69c85cfee8320588f4a19f9e0ec65a951a71f53daf35721da9b3"}) 06:01:06 executing program 0: r0 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x2ba) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x4, &(0x7f0000000200)={&(0x7f0000000240)=@newlink={0x4c, 0x10, 0xffffff1f, 0x0, 0x0, {0x0, 0x0, 0x0, r1}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @wireguard={{0xe, 0x1, 'wireguard\x00'}, {0x4}}}, @IFLA_IFNAME={0x14, 0x3, 'veth0_to_bond\x00'}]}, 0x4c}}, 0x0) 06:01:06 executing program 1: r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, &(0x7f0000000040), 0x8) connect$rose(r0, &(0x7f0000000700)=@short={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @bcast, 0x1, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}}, 0x1c) 06:01:06 executing program 4: r0 = syz_open_dev$video(&(0x7f0000000080)='/dev/video#\x00', 0xd, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000001c0)={0x1, @win={{}, 0x0, 0x0, 0x0, 0x0, 0x0}}) 06:01:06 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x241, 0x0) 06:01:06 executing program 0: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=@newlink={0x34, 0x12, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bond={{0x9, 0x1, 'bond\x00'}, {0x4}}}]}, 0x34}}, 0x0) 06:01:06 executing program 1: syz_read_part_table(0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000040)="020181ffffff0a000000ff45ac0000ffffff82000800000000000000000000ffffff82000000e1000000887700720030070063000fffff000000008000da55aa", 0x40, 0x1c0}]) 06:01:06 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f00000000c0)={0x26, 'hash\x00', 0x0, 0x0, 'crc32\x00'}, 0x58) r3 = accept4(r2, 0x0, 0x0, 0x0) sendmsg$xdp(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000280)="9e1e84d9be56c01358f63f8829c1fda4f2cdc93805c80207ac28356062d1d79a46d58f561211d09def2ed19fcaa56af36dce930ae58ec59b98ced7d14e3bb5bc97341b15c4983eaeb3bb3bb330b521d29e25a0df8ee0ebd74eaf5845310d69066f41c9f7d7ca8c20f540eb4958ebe5f5cbcaf7ea281c16c97dc1f828a73b9a7777e31fd865e0dbfa829ab6dbba015f9edd4e090dacd10464c4480496fc5af19de80c9c2d61ff087f826d69494b7d47151293b89bae3143569b40d65b285b4b349313956f662f83a36f68e375094b83", 0xcf}], 0x1}, 0x0) 06:01:06 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x242, 0x0) 06:01:06 executing program 3: set_mempolicy(0x0, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = accept$alg(0xffffffffffffffff, 0x0, 0x0) r1 = dup(r0) recvmsg$can_raw(r1, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r3 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000040), 0x0) r4 = accept$alg(r3, 0x0, 0x0) r5 = dup(r4) recvmsg$can_raw(r5, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r5, 0xae47, 0x0) r6 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60) ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r8, 0xae60) ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0) r9 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r9, 0x117, 0x1, &(0x7f0000000040), 0x0) 06:01:07 executing program 0: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=@newlink={0x34, 0x12, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bond={{0x9, 0x1, 'bond\x00'}, {0x4}}}]}, 0x34}}, 0x0) 06:01:07 executing program 1: syz_read_part_table(0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000040)="020181ffffff0a000000ff45ac0000ffffff82000800000000000000000000ffffffa6000000e1000000887700720030070063000fffff000000008000da55aa", 0x40, 0x1c0}]) 06:01:07 executing program 5: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000280)={0x0, 0x8, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB="14000000100000001e6c0000000000000000000a20000000000a01000000000000000000000000000900010073797a300000000038000000120a01050000000000000000000000000400048009000200dd387d00000000000900010073797a30000000000800034000000001140000001100df0000000000000000000000000a"], 0x80}}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f0000000c40)={0x0, 0x0, &(0x7f0000000c00)={&(0x7f0000000300)={{0x14}, [@NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x6234f84c1300dfc9, 0x0, 0x0, {}, [@NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x28}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}]}], {0x14}}, 0x64}}, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000002c80)={0x0, 0x0, &(0x7f0000002c40)={&(0x7f0000000000)={{0x14}, [@NFT_MSG_DELTABLE={0x14, 0x2, 0xa, 0x397159c7cfc62e5d}], {0x14}}, 0x3c}}, 0x0) 06:01:07 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x243, 0x0) 06:01:07 executing program 0: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=@newlink={0x34, 0x12, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bond={{0x9, 0x1, 'bond\x00'}, {0x4}}}]}, 0x34}}, 0x0) 06:01:07 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) syz_open_dev$amidi(0x0, 0x0, 0x0) kcmp(0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff) r0 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x60001) writev(r0, &(0x7f00000001c0)=[{&(0x7f0000001400)="9635ab0f9b", 0x5}, {0x0}], 0x2) ioctl$VIDIOC_G_CROP(0xffffffffffffffff, 0xc01456b8, &(0x7f0000000080)={0x0, {0x14, 0x14}}) ioctl$RTC_ALM_SET(0xffffffffffffffff, 0x40247007, &(0x7f0000000000)) syz_open_dev$loop(&(0x7f00000001c0)='/dev/loop#\x00', 0x0, 0x30d084) 06:01:07 executing program 1: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) creat(0x0, 0x0) write$FUSE_INIT(0xffffffffffffffff, 0x0, 0x0) r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0) lseek(r0, 0x800002, 0x0) ioctl$EXT4_IOC_SETFLAGS(r0, 0x40086602, &(0x7f00000001c0)) writev(r0, &(0x7f0000000380)=[{&(0x7f0000000200)="e5", 0x1}], 0x1) lseek(r0, 0x0, 0x3) 06:01:07 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x244, 0x0) 06:01:07 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000280)={0x0, 0x8, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB="14000000100000001e6c0000000000000000000a20000000000a01000000000000000000000000000900010073797a300000000038000000120a01050000000000000000000000000400048009000200dd387d00000000000900010073797a30000000000800034000000001140000001100df0000000000000000000000000a"], 0x80}}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f0000000c40)={0x0, 0x0, &(0x7f0000000c00)={&(0x7f0000000300)={{0x14}, [@NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x6234f84c1300dfc9, 0x0, 0x0, {}, [@NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x28}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}]}], {0x14}}, 0x64}}, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000002c80)={0x0, 0x0, &(0x7f0000002c40)={&(0x7f0000000000)={{0x14}, [@NFT_MSG_DELTABLE={0x14, 0x2, 0xa, 0x397159c7cfc62e5d}], {0x14}}, 0x3c}}, 0x0) 06:01:07 executing program 5: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000280)={0x0, 0x8, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB="14000000100000001e6c0000000000000000000a20000000000a01000000000000000000000000000900010073797a300000000038000000120a01050000000000000000000000000400048009000200dd387d00000000000900010073797a30000000000800034000000001140000001100df0000000000000000000000000a"], 0x80}}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f0000000c40)={0x0, 0x0, &(0x7f0000000c00)={&(0x7f0000000300)={{0x14}, [@NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x6234f84c1300dfc9, 0x0, 0x0, {}, [@NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x28}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}]}], {0x14}}, 0x64}}, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000002c80)={0x0, 0x0, &(0x7f0000002c40)={&(0x7f0000000000)={{0x14}, [@NFT_MSG_DELTABLE={0x14, 0x2, 0xa, 0x397159c7cfc62e5d}], {0x14}}, 0x3c}}, 0x0) 06:01:07 executing program 3: set_mempolicy(0x1, 0x0, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = accept$alg(0xffffffffffffffff, 0x0, 0x0) r1 = dup(r0) recvmsg$can_raw(r1, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r3 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000040), 0x0) r4 = accept$alg(r3, 0x0, 0x0) r5 = dup(r4) recvmsg$can_raw(r5, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r5, 0xae47, 0x0) r6 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60) ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r8, 0xae60) ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0) r9 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r9, 0x117, 0x1, &(0x7f0000000040), 0x0) 06:01:08 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x245, 0x0) 06:01:08 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000280)={0x0, 0x8, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB="14000000100000001e6c0000000000000000000a20000000000a01000000000000000000000000000900010073797a300000000038000000120a01050000000000000000000000000400048009000200dd387d00000000000900010073797a30000000000800034000000001140000001100df0000000000000000000000000a"], 0x80}}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f0000000c40)={0x0, 0x0, &(0x7f0000000c00)={&(0x7f0000000300)={{0x14}, [@NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x6234f84c1300dfc9, 0x0, 0x0, {}, [@NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x28}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}]}], {0x14}}, 0x64}}, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000002c80)={0x0, 0x0, &(0x7f0000002c40)={&(0x7f0000000000)={{0x14}, [@NFT_MSG_DELTABLE={0x14, 0x2, 0xa, 0x397159c7cfc62e5d}], {0x14}}, 0x3c}}, 0x0) 06:01:08 executing program 5: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000280)={0x0, 0x8, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB="14000000100000001e6c0000000000000000000a20000000000a01000000000000000000000000000900010073797a300000000038000000120a01050000000000000000000000000400048009000200dd387d00000000000900010073797a30000000000800034000000001140000001100df0000000000000000000000000a"], 0x80}}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f0000000c40)={0x0, 0x0, &(0x7f0000000c00)={&(0x7f0000000300)={{0x14}, [@NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x6234f84c1300dfc9, 0x0, 0x0, {}, [@NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x28}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}]}], {0x14}}, 0x64}}, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000002c80)={0x0, 0x0, &(0x7f0000002c40)={&(0x7f0000000000)={{0x14}, [@NFT_MSG_DELTABLE={0x14, 0x2, 0xa, 0x397159c7cfc62e5d}], {0x14}}, 0x3c}}, 0x0) [ 3203.077474][ C1] print_req_error: 539 callbacks suppressed [ 3203.077495][ C1] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3203.094574][ C1] buffer_io_error: 539 callbacks suppressed [ 3203.094585][ C1] Buffer I/O error on dev loop0, logical block 0, async page read 06:01:08 executing program 0: r0 = syz_open_dev$video(&(0x7f0000000080)='/dev/video#\x00', 0xd, 0x0) ioctl$VIDIOC_G_SELECTION(r0, 0xc040565e, &(0x7f0000000140)={0x1, 0x1}) 06:01:08 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x246, 0x0) [ 3203.168115][ C1] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3203.179047][ C1] Buffer I/O error on dev loop0, logical block 0, async page read [ 3203.215207][ C1] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3203.226242][ C1] Buffer I/O error on dev loop0, logical block 0, async page read [ 3203.246378][ C1] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3203.257325][ C1] Buffer I/O error on dev loop0, logical block 0, async page read [ 3203.337718][ C1] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3203.348776][ C1] Buffer I/O error on dev loop0, logical block 0, async page read [ 3203.394456][ C1] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3203.405514][ C1] Buffer I/O error on dev loop0, logical block 0, async page read [ 3203.429566][ C1] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 06:01:08 executing program 1: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) creat(0x0, 0x0) write$FUSE_INIT(0xffffffffffffffff, 0x0, 0x0) r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0) lseek(r0, 0x800002, 0x0) ioctl$EXT4_IOC_SETFLAGS(r0, 0x40086602, &(0x7f00000001c0)) writev(r0, &(0x7f0000000380)=[{&(0x7f0000000200)="e5", 0x1}], 0x1) lseek(r0, 0x0, 0x3) [ 3203.440609][ C1] Buffer I/O error on dev loop0, logical block 0, async page read [ 3203.498887][ C1] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3203.509957][ C1] Buffer I/O error on dev loop0, logical block 0, async page read [ 3203.597765][ C1] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3203.608703][ C1] Buffer I/O error on dev loop0, logical block 0, async page read [ 3203.646531][ C1] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3203.657610][ C1] Buffer I/O error on dev loop0, logical block 0, async page read 06:01:09 executing program 4: setresuid(0x0, 0x0, 0x0) r0 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_GET_CHARDEV(r0, &(0x7f0000000800)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000040)={0x10, 0x1412, 0x405}, 0x10}}, 0x0) 06:01:09 executing program 5: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000280)={0x0, 0x8, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB="14000000100000001e6c0000000000000000000a20000000000a01000000000000000000000000000900010073797a300000000038000000120a01050000000000000000000000000400048009000200dd387d00000000000900010073797a30000000000800034000000001140000001100df0000000000000000000000000a"], 0x80}}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f0000000c40)={0x0, 0x0, &(0x7f0000000c00)={&(0x7f0000000300)={{0x14}, [@NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x6234f84c1300dfc9, 0x0, 0x0, {}, [@NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x28}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}]}], {0x14}}, 0x64}}, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000002c80)={0x0, 0x0, &(0x7f0000002c40)={&(0x7f0000000000)={{0x14}, [@NFT_MSG_DELTABLE={0x14, 0x2, 0xa, 0x397159c7cfc62e5d}], {0x14}}, 0x3c}}, 0x0) 06:01:09 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x247, 0x0) 06:01:09 executing program 0: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) creat(0x0, 0x0) write$FUSE_INIT(0xffffffffffffffff, 0x0, 0x0) r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0) lseek(r0, 0x800002, 0x0) ioctl$EXT4_IOC_SETFLAGS(r0, 0x40086602, &(0x7f00000001c0)) writev(r0, &(0x7f0000000380)=[{&(0x7f0000000200)="e5", 0x1}], 0x1) lseek(r0, 0x0, 0x3) 06:01:09 executing program 3: set_mempolicy(0x1, 0x0, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = accept$alg(0xffffffffffffffff, 0x0, 0x0) r1 = dup(r0) recvmsg$can_raw(r1, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r3 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000040), 0x0) r4 = accept$alg(r3, 0x0, 0x0) r5 = dup(r4) recvmsg$can_raw(r5, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r5, 0xae47, 0x0) r6 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60) ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r8, 0xae60) ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0) r9 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r9, 0x117, 0x1, &(0x7f0000000040), 0x0) 06:01:09 executing program 1: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) creat(0x0, 0x0) write$FUSE_INIT(0xffffffffffffffff, 0x0, 0x0) r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0) lseek(r0, 0x800002, 0x0) ioctl$EXT4_IOC_SETFLAGS(r0, 0x40086602, &(0x7f00000001c0)) writev(r0, &(0x7f0000000380)=[{&(0x7f0000000200)="e5", 0x1}], 0x1) lseek(r0, 0x0, 0x3) 06:01:09 executing program 5: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000280)={0x0, 0x8, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB="14000000100000001e6c0000000000000000000a20000000000a01000000000000000000000000000900010073797a300000000038000000120a01050000000000000000000000000400048009000200dd387d00000000000900010073797a30000000000800034000000001140000001100df0000000000000000000000000a"], 0x80}}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f0000000c40)={0x0, 0x0, &(0x7f0000000c00)={&(0x7f0000000300)={{0x14}, [@NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x6234f84c1300dfc9, 0x0, 0x0, {}, [@NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x28}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}]}], {0x14}}, 0x64}}, 0x0) 06:01:09 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x248, 0x0) 06:01:09 executing program 0: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) creat(0x0, 0x0) write$FUSE_INIT(0xffffffffffffffff, 0x0, 0x0) r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0) lseek(r0, 0x800002, 0x0) ioctl$EXT4_IOC_SETFLAGS(r0, 0x40086602, &(0x7f00000001c0)) writev(r0, &(0x7f0000000380)=[{&(0x7f0000000200)="e5", 0x1}], 0x1) lseek(r0, 0x0, 0x3) 06:01:09 executing program 1: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) creat(0x0, 0x0) write$FUSE_INIT(0xffffffffffffffff, 0x0, 0x0) r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0) lseek(r0, 0x800002, 0x0) ioctl$EXT4_IOC_SETFLAGS(r0, 0x40086602, &(0x7f00000001c0)) writev(r0, &(0x7f0000000380)=[{&(0x7f0000000200)="e5", 0x1}], 0x1) lseek(r0, 0x0, 0x3) 06:01:10 executing program 3: set_mempolicy(0x1, 0x0, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = accept$alg(0xffffffffffffffff, 0x0, 0x0) r1 = dup(r0) recvmsg$can_raw(r1, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r3 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000040), 0x0) r4 = accept$alg(r3, 0x0, 0x0) r5 = dup(r4) recvmsg$can_raw(r5, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r5, 0xae47, 0x0) r6 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60) ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r8, 0xae60) ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0) r9 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r9, 0x117, 0x1, &(0x7f0000000040), 0x0) 06:01:10 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x249, 0x0) 06:01:10 executing program 4: mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2$9p(&(0x7f0000000d40)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000340)='9p\x00', 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_loose='cache=loose'}, {@uname={'uname', 0x3d, 'wfdno'}}, {@access_client='access=client'}, {@debug={'debug'}}, {@dfltuid={'dfltuid'}}]}}) 06:01:10 executing program 0: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) creat(0x0, 0x0) write$FUSE_INIT(0xffffffffffffffff, 0x0, 0x0) r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0) lseek(r0, 0x800002, 0x0) ioctl$EXT4_IOC_SETFLAGS(r0, 0x40086602, &(0x7f00000001c0)) writev(r0, &(0x7f0000000380)=[{&(0x7f0000000200)="e5", 0x1}], 0x1) lseek(r0, 0x0, 0x3) 06:01:10 executing program 5: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000280)={0x0, 0x8, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB="14000000100000001e6c0000000000000000000a20000000000a01000000000000000000000000000900010073797a300000000038000000120a01050000000000000000000000000400048009000200dd387d00000000000900010073797a30000000000800034000000001140000001100df0000000000000000000000000a"], 0x80}}, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000c40)={0x0, 0x0, &(0x7f0000000c00)={&(0x7f0000000300)={{0x14}, [@NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x6234f84c1300dfc9, 0x0, 0x0, {}, [@NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x28}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}]}], {0x14}}, 0x64}}, 0x0) 06:01:10 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000200)=@newlink={0x40, 0x10, 0xe3b, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @erspan={{0xb, 0x1, 'erspan\x00'}, {0x10, 0x2, 0x0, 0x1, [@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_ENCAP_TYPE={0x6}]}}}]}, 0x40}}, 0x0) 06:01:10 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x24a, 0x0) 06:01:10 executing program 5: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000280)={0x0, 0x8, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB="14000000100000001e6c0000000000000000000a20000000000a01000000000000000000000000000900010073797a300000000038000000120a01050000000000000000000000000400048009000200dd387d00000000000900010073797a30000000000800034000000001140000001100df0000000000000000000000000a"], 0x80}}, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000c40)={0x0, 0x0, &(0x7f0000000c00)={&(0x7f0000000300)={{0x14}, [@NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x6234f84c1300dfc9, 0x0, 0x0, {}, [@NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x28}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}]}], {0x14}}, 0x64}}, 0x0) 06:01:10 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000c40)={0x0, 0x0, &(0x7f0000000c00)={&(0x7f0000000180)={{0x14}, [@NFT_MSG_NEWSET={0x54, 0x9, 0xa, 0x6234f84c1300dfc9, 0x0, 0x0, {}, [@NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x28}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_KEY_TYPE={0x8, 0x3, 0x1, 0x0, 0xf}, @NFTA_SET_DATA_TYPE={0x8, 0x6, 0x1, 0x0, 0xffffff00}, @NFTA_SET_POLICY={0x8}]}], {0x14}}, 0x7c}}, 0x0) 06:01:10 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x24b, 0x0) 06:01:10 executing program 0: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) getpgrp(0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) syz_open_dev$amidi(0x0, 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(0xffffffffffffffff, 0xc08c5332, &(0x7f0000000140)={0x0, 0x0, 0x0, 'queue0\x00'}) kcmp(0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) r1 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x60001) writev(r1, &(0x7f00000001c0)=[{&(0x7f0000001400)="9635ab0f9b", 0x5}, {0x0}, {0x0}], 0x3) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$VIDIOC_G_CROP(r2, 0xc01456b8, &(0x7f0000000080)={0x0, {0x14, 0x14}}) ioctl$RTC_ALM_SET(0xffffffffffffffff, 0x40247007, &(0x7f0000000000)) syz_open_dev$loop(&(0x7f00000001c0)='/dev/loop#\x00', 0x0, 0x30d084) syz_open_dev$radio(&(0x7f0000000040)='/dev/radio#\x00', 0x2, 0x2) 06:01:11 executing program 5: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000280)={0x0, 0x8, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB="14000000100000001e6c0000000000000000000a20000000000a01000000000000000000000000000900010073797a300000000038000000120a01050000000000000000000000000400048009000200dd387d00000000000900010073797a30000000000800034000000001140000001100df0000000000000000000000000a"], 0x80}}, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000c40)={0x0, 0x0, &(0x7f0000000c00)={&(0x7f0000000300)={{0x14}, [@NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x6234f84c1300dfc9, 0x0, 0x0, {}, [@NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x28}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}]}], {0x14}}, 0x64}}, 0x0) 06:01:11 executing program 3: set_mempolicy(0x1, &(0x7f0000000300), 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = accept$alg(0xffffffffffffffff, 0x0, 0x0) r1 = dup(r0) recvmsg$can_raw(r1, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r3 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000040), 0x0) r4 = accept$alg(r3, 0x0, 0x0) r5 = dup(r4) recvmsg$can_raw(r5, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r5, 0xae47, 0x0) r6 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60) ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r8, 0xae60) ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0) r9 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r9, 0x117, 0x1, &(0x7f0000000040), 0x0) 06:01:11 executing program 1: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) writev(r0, &(0x7f00000002c0)=[{&(0x7f00000000c0)='7', 0x1}], 0x1) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r0, 0x0) move_pages(0x0, 0x1, &(0x7f0000000040)=[&(0x7f0000ffc000/0x3000)=nil], &(0x7f00000001c0), 0x0, 0x0) [ 3206.154183][T18236] syz-executor.3 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 3206.245720][T18236] CPU: 0 PID: 18236 Comm: syz-executor.3 Not tainted 5.6.0-rc1-syzkaller #0 [ 3206.254476][T18236] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3206.264656][T18236] Call Trace: [ 3206.267967][T18236] dump_stack+0x11d/0x181 [ 3206.272393][T18236] dump_header+0xaa/0x39c [ 3206.276764][T18236] oom_kill_process.cold+0x10/0x15 [ 3206.281923][T18236] out_of_memory+0x231/0xa60 [ 3206.286528][T18236] ? __rcu_read_unlock+0x66/0x2f0 [ 3206.291698][T18236] mem_cgroup_out_of_memory+0x128/0x150 [ 3206.297277][T18236] try_charge+0xb6c/0xbf0 [ 3206.301685][T18236] __memcg_kmem_charge_memcg+0x4a/0xe0 [ 3206.307169][T18236] __memcg_kmem_charge+0xcf/0x1b0 [ 3206.312214][T18236] __alloc_pages_nodemask+0x26c/0x310 [ 3206.317616][T18236] alloc_pages_current+0xd1/0x170 [ 3206.322680][T18236] pte_alloc_one+0x18/0x50 [ 3206.327121][T18236] __handle_mm_fault+0x2be6/0x2e00 [ 3206.332623][T18236] handle_mm_fault+0x21b/0x530 [ 3206.337557][T18236] do_page_fault+0x496/0xa3d [ 3206.342195][T18236] page_fault+0x34/0x40 [ 3206.346398][T18236] RIP: 0033:0x45c449 [ 3206.350352][T18236] Code: Bad RIP value. [ 3206.354435][T18236] RSP: 002b:00007f331e30dc78 EFLAGS: 00010246 [ 3206.360620][T18236] RAX: 0000000000000000 RBX: 00007f331e30e6d4 RCX: 000000000045c449 [ 3206.368767][T18236] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 3206.376754][T18236] RBP: 000000000076bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 3206.384847][T18236] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 3206.392837][T18236] R13: 0000000000000074 R14: 00000000004c2ce6 R15: 000000000076bf2c 06:01:12 executing program 4: perf_event_open(&(0x7f00000002c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003680)=[{{0x0, 0x0, &(0x7f0000003180)=[{&(0x7f0000001d40)=""/253, 0xfd}], 0x1}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000080)='net/ip_vs\x00') preadv(r0, &(0x7f00000017c0), 0x19e, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) 06:01:12 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x24c, 0x0) 06:01:12 executing program 5: socket$nl_netfilter(0x10, 0x3, 0xc) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000c40)={0x0, 0x0, &(0x7f0000000c00)={&(0x7f0000000300)={{0x14}, [@NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x6234f84c1300dfc9, 0x0, 0x0, {}, [@NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x28}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}]}], {0x14}}, 0x64}}, 0x0) 06:01:12 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000001580)='/dev/sg#\x00', 0x0, 0x5) writev(r0, &(0x7f0000000600)=[{&(0x7f0000000900)="ae88bff8240000005a90f57f07703aeff0f64ebbee06962cb44e69d90cf40000000000000000000000dd", 0x2a}], 0x1) memfd_create(&(0x7f0000000100)='\x00', 0x0) eventfd2(0x0, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, 0x0, 0x0) 06:01:12 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x2ba) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0xe, &(0x7f0000000200)={&(0x7f0000000240)=@newlink={0x4c, 0x10, 0xffffff1f, 0x0, 0x0, {0x0, 0x0, 0x0, r1}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @wireguard={{0xe, 0x1, 'wireguard\x00'}, {0x4}}}, @IFLA_IFNAME={0x14, 0x3, 'veth0_to_bond\x00'}]}, 0x4c}}, 0x0) [ 3206.813109][T18236] memory: usage 307200kB, limit 307200kB, failcnt 785 [ 3206.858304][T18236] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3206.920904][T18236] Memory cgroup stats for /syz3: [ 3206.921103][T18236] anon 277008384 [ 3206.921103][T18236] file 24576 [ 3206.921103][T18236] kernel_stack 3133440 [ 3206.921103][T18236] slab 9297920 [ 3206.921103][T18236] sock 0 [ 3206.921103][T18236] shmem 106496 [ 3206.921103][T18236] file_mapped 0 [ 3206.921103][T18236] file_dirty 0 [ 3206.921103][T18236] file_writeback 0 [ 3206.921103][T18236] anon_thp 255852544 [ 3206.921103][T18236] inactive_anon 135168 [ 3206.921103][T18236] active_anon 276930560 [ 3206.921103][T18236] inactive_file 0 [ 3206.921103][T18236] active_file 0 [ 3206.921103][T18236] unevictable 0 [ 3206.921103][T18236] slab_reclaimable 1622016 [ 3206.921103][T18236] slab_unreclaimable 7675904 [ 3206.921103][T18236] pgfault 229119 [ 3206.921103][T18236] pgmajfault 0 [ 3206.921103][T18236] workingset_refault 132 [ 3206.921103][T18236] workingset_activate 66 [ 3206.921103][T18236] workingset_nodereclaim 0 [ 3206.921103][T18236] pgrefill 730 [ 3206.921103][T18236] pgscan 776 [ 3206.921103][T18236] pgsteal 345 06:01:12 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$ntfs(&(0x7f0000000180)='ntfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 06:01:12 executing program 5: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000c40)={0x0, 0x0, &(0x7f0000000c00)={&(0x7f0000000300)={{0x14}, [@NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x6234f84c1300dfc9, 0x0, 0x0, {}, [@NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x28}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}]}], {0x14}}, 0x64}}, 0x0) 06:01:12 executing program 0: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000001400)=@ipx, 0x80, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000001340)='net/wireless\x00') perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x3da, 0x4000000) 06:01:12 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x24d, 0x0) [ 3207.166196][T18236] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=28306,uid=0 [ 3207.245199][T18236] Memory cgroup out of memory: Killed process 28306 (syz-executor.3) total-vm:74836kB, anon-rss:2220kB, file-rss:35848kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000 06:01:12 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$ntfs(&(0x7f0000000180)='ntfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 3207.736585][T18231] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3207.760893][T18231] CPU: 1 PID: 18231 Comm: syz-executor.3 Not tainted 5.6.0-rc1-syzkaller #0 [ 3207.769641][T18231] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3207.779825][T18231] Call Trace: [ 3207.783322][T18231] dump_stack+0x11d/0x181 [ 3207.787776][T18231] dump_header+0xaa/0x39c [ 3207.792209][T18231] oom_kill_process.cold+0x10/0x15 [ 3207.798045][T18231] out_of_memory+0x231/0xa60 [ 3207.802688][T18231] mem_cgroup_out_of_memory+0x128/0x150 [ 3207.808505][T18231] try_charge+0x800/0xbf0 [ 3207.812881][T18231] mem_cgroup_try_charge+0xd2/0x260 [ 3207.818244][T18231] mem_cgroup_try_charge_delay+0x3a/0x80 [ 3207.823920][T18231] wp_page_copy+0x322/0xf20 [ 3207.828473][T18231] ? __read_once_size+0x41/0xe0 [ 3207.833468][T18231] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 3207.839683][T18231] do_wp_page+0x192/0xd20 [ 3207.844038][T18231] __handle_mm_fault+0x1d16/0x2e00 [ 3207.849252][T18231] handle_mm_fault+0x21b/0x530 [ 3207.854118][T18231] do_page_fault+0x496/0xa3d [ 3207.858737][T18231] page_fault+0x34/0x40 [ 3207.862893][T18231] RIP: 0033:0x411498 [ 3207.867504][T18231] Code: 8b 34 c6 4a 8d 04 2e 48 3d ff ff ff 7e 0f 86 77 ff ff ff bf 58 1d 4c 00 31 c0 e8 13 0a ff ff 31 ff e8 5c 06 ff ff 0f 1f 40 00 <89> 3c b5 00 00 74 00 eb b6 31 ed 0f 1f 44 00 00 80 3d ae 11 87 00 [ 3207.887180][T18231] RSP: 002b:00007ffc79c5d880 EFLAGS: 00010246 [ 3207.893249][T18231] RAX: 00000000911e67ef RBX: 00000000419b8f37 RCX: 0000001b33e20000 [ 3207.901353][T18231] RDX: 0000000000000000 RSI: 00000000000007ef RDI: ffffffff911e67ef [ 3207.909432][T18231] RBP: 000000000000000f R08: 00000000911e67ef R09: 00000000911e67f3 [ 3207.917411][T18231] R10: 00007ffc79c5da20 R11: 0000000000000246 R12: 000000000076c048 [ 3207.925393][T18231] R13: 0000000080000000 R14: 00007f332010f008 R15: 0000000000000014 [ 3207.942172][T18231] memory: usage 304876kB, limit 307200kB, failcnt 785 [ 3207.949041][T18231] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3207.958117][T18231] Memory cgroup stats for /syz3: [ 3207.958303][T18231] anon 274837504 [ 3207.958303][T18231] file 24576 [ 3207.958303][T18231] kernel_stack 3133440 [ 3207.958303][T18231] slab 9297920 [ 3207.958303][T18231] sock 0 [ 3207.958303][T18231] shmem 106496 [ 3207.958303][T18231] file_mapped 0 [ 3207.958303][T18231] file_dirty 0 [ 3207.958303][T18231] file_writeback 0 [ 3207.958303][T18231] anon_thp 253755392 [ 3207.958303][T18231] inactive_anon 135168 [ 3207.958303][T18231] active_anon 274837504 [ 3207.958303][T18231] inactive_file 0 [ 3207.958303][T18231] active_file 0 [ 3207.958303][T18231] unevictable 0 [ 3207.958303][T18231] slab_reclaimable 1622016 [ 3207.958303][T18231] slab_unreclaimable 7675904 [ 3207.958303][T18231] pgfault 229119 [ 3207.958303][T18231] pgmajfault 0 [ 3207.958303][T18231] workingset_refault 132 [ 3207.958303][T18231] workingset_activate 66 [ 3207.958303][T18231] workingset_nodereclaim 0 [ 3207.958303][T18231] pgrefill 730 [ 3207.958303][T18231] pgscan 776 [ 3207.958303][T18231] pgsteal 345 [ 3208.054302][T18231] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=24818,uid=0 [ 3208.070601][T18231] Memory cgroup out of memory: Killed process 24818 (syz-executor.3) total-vm:74704kB, anon-rss:2212kB, file-rss:35856kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000 06:01:13 executing program 3: set_mempolicy(0x1, &(0x7f0000000300), 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = accept$alg(0xffffffffffffffff, 0x0, 0x0) r1 = dup(r0) recvmsg$can_raw(r1, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r3 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000040), 0x0) r4 = accept$alg(r3, 0x0, 0x0) r5 = dup(r4) recvmsg$can_raw(r5, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r5, 0xae47, 0x0) r6 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60) ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r8, 0xae60) ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0) r9 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r9, 0x117, 0x1, &(0x7f0000000040), 0x0) 06:01:13 executing program 5: socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000c40)={0x0, 0x0, &(0x7f0000000c00)={&(0x7f0000000300)={{0x14}, [@NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x6234f84c1300dfc9, 0x0, 0x0, {}, [@NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x28}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}]}], {0x14}}, 0x64}}, 0x0) 06:01:13 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x24e, 0x0) 06:01:13 executing program 0: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000001400)=@ipx, 0x80, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000001340)='net/wireless\x00') perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x3da, 0x4000000) 06:01:13 executing program 1: setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, 0x0, 0x0) syz_open_dev$sg(&(0x7f0000001580)='/dev/sg#\x00', 0x0, 0x5) writev(0xffffffffffffffff, &(0x7f0000000600)=[{0x0}], 0x1) ioctl$KVM_SET_NR_MMU_PAGES(0xffffffffffffffff, 0xae44, 0x0) eventfd2(0x0, 0x0) socket(0x1e, 0x4, 0x0) r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000100)=0xd) fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000280)='\x00', 0x0, 0xffffffffffffffff) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000300)) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xfffffffffffffffe}, 0x0, 0x1, 0x0, 0x0, 0x2, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) 06:01:13 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$usbfs(&(0x7f0000000840)='/dev/bus/usb/00#/00#\x00', 0x908, 0x1) ioctl$USBDEVFS_SUBMITURB(r0, 0x8038550a, &(0x7f0000000080)=@urb_type_control={0x2, {}, 0x0, 0x0, &(0x7f0000000000), 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$USBDEVFS_REAPURB(r0, 0x4004550d, &(0x7f0000000040)) 06:01:13 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000001580)='/dev/sg#\x00', 0x0, 0x5) writev(r0, 0x0, 0x0) memfd_create(&(0x7f0000000100)='\x00', 0x0) eventfd2(0x0, 0x0) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000100)=0xd) ioctl$int_in(r1, 0x800000c004500a, &(0x7f0000000300)) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xfffffffffffffffe}, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r3+30000000}, 0x0) 06:01:13 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x24f, 0x0) 06:01:13 executing program 5: socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000c40)={0x0, 0x0, &(0x7f0000000c00)={&(0x7f0000000300)={{0x14}, [@NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x6234f84c1300dfc9, 0x0, 0x0, {}, [@NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x28}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}]}], {0x14}}, 0x64}}, 0x0) 06:01:14 executing program 0: r0 = syz_open_dev$evdev(&(0x7f0000000080)='/dev/input/event#\x00', 0xc, 0x121041) sendmsg$TIPC_NL_BEARER_ADD(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)={0x5c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_PUBL={0x1c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_TYPE={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}]}, @TIPC_NLA_SOCK={0x2c, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_CON={0x24, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8}, @TIPC_NLA_CON_FLAG={0x8}, @TIPC_NLA_CON_FLAG={0x8}, @TIPC_NLA_CON_NODE={0x8}]}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}]}]}, 0x5c}}, 0x0) write$evdev(r0, &(0x7f0000000040), 0x373) 06:01:14 executing program 5: socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000c40)={0x0, 0x0, &(0x7f0000000c00)={&(0x7f0000000300)={{0x14}, [@NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x6234f84c1300dfc9, 0x0, 0x0, {}, [@NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x28}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}]}], {0x14}}, 0x64}}, 0x0) 06:01:14 executing program 1: sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='net/ip6_mr_vif\x00') clock_gettime(0x0, 0x0) r0 = socket(0x1e, 0x1, 0x0) getsockopt$TIPC_SOCK_RECVQ_DEPTH(r0, 0x6, 0x84, 0x0, 0x0) sendmsg$IPSET_CMD_TEST(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f00000000c0), 0xc, &(0x7f00000002c0)={0x0}, 0x1, 0x0, 0x0, 0x2400c000}, 0x44800) ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc0585611, &(0x7f0000000100)={0x0, 0x1, 0x4, 0x0, 0x6e, {}, {0x5, 0x0, 0x0, 0x7f, 0x1, 0x3, "c051e379"}, 0xfffff001, 0x1, @planes=&(0x7f0000000040)={0xc04c, 0x0, @mem_offset=0x7}, 0x7}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0xfc, &(0x7f0000000180)={&(0x7f0000000580)=ANY=[@ANYBLOB="5400000010003f0e000000000000004c00000000", @ANYRES32=0x0, @ANYBLOB="002200160002000008000a00", @ANYRES32, @ANYBLOB="2c0012000c000100697036746e6c00001c00020014000200ff02000000000000000000000000000104001300"], 0x54}, 0x1, 0x0, 0x0, 0x4084}, 0x0) [ 3209.100358][ C0] print_req_error: 417 callbacks suppressed [ 3209.100376][ C0] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3209.117232][ C0] buffer_io_error: 417 callbacks suppressed [ 3209.117244][ C0] Buffer I/O error on dev loop0, logical block 0, async page read [ 3209.197473][ C0] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3209.208423][ C0] Buffer I/O error on dev loop0, logical block 0, async page read [ 3209.234759][T18355] bond5: (slave ip6tnl2): The slave device specified does not support setting the MAC address [ 3209.303696][ C0] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3209.309134][T18355] bond5: (slave ip6tnl2): Error -95 calling set_mac_address [ 3209.314646][ C0] Buffer I/O error on dev loop0, logical block 0, async page read [ 3209.330962][ C0] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3209.342491][ C0] Buffer I/O error on dev loop0, logical block 0, async page read 06:01:14 executing program 3: set_mempolicy(0x1, &(0x7f0000000300), 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = accept$alg(0xffffffffffffffff, 0x0, 0x0) r1 = dup(r0) recvmsg$can_raw(r1, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r3 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000040), 0x0) r4 = accept$alg(r3, 0x0, 0x0) r5 = dup(r4) recvmsg$can_raw(r5, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r5, 0xae47, 0x0) r6 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60) ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r8, 0xae60) ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0) r9 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r9, 0x117, 0x1, &(0x7f0000000040), 0x0) 06:01:14 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x250, 0x0) 06:01:14 executing program 5: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, 0x0, 0x0) [ 3209.449530][ C0] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3209.460459][ C0] Buffer I/O error on dev loop0, logical block 0, async page read [ 3209.521787][ C0] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3209.533013][ C0] Buffer I/O error on dev loop0, logical block 0, async page read [ 3209.583654][ C0] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3209.594839][ C0] Buffer I/O error on dev loop0, logical block 0, async page read 06:01:14 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x251, 0x0) [ 3209.667701][ C0] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3209.678641][ C0] Buffer I/O error on dev loop0, logical block 0, async page read 06:01:15 executing program 5: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, 0x0, 0x0) 06:01:15 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x6c, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_flower={{0xb, 0x1, 'flower\x00'}, {0x3c, 0x2, [@TCA_FLOWER_KEY_ENC_OPTS={0x38, 0x54, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_VXLAN={0x4}, @TCA_FLOWER_KEY_ENC_OPTS_GENEVE={0x4}, @TCA_FLOWER_KEY_ENC_OPTS_ERSPAN={0x2c, 0x3, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_ERSPAN_INDEX={0x8}, @TCA_FLOWER_KEY_ENC_OPT_ERSPAN_INDEX={0x8}, @TCA_FLOWER_KEY_ENC_OPT_ERSPAN_HWID={0x5}, @TCA_FLOWER_KEY_ENC_OPT_ERSPAN_HWID={0x5}, @TCA_FLOWER_KEY_ENC_OPT_ERSPAN_INDEX={0x8}]}]}]}}]}, 0x6c}}, 0x0) [ 3209.742187][ C0] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3209.753146][ C0] Buffer I/O error on dev loop0, logical block 0, async page read [ 3209.841242][ C0] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3209.852190][ C0] Buffer I/O error on dev loop0, logical block 0, async page read 06:01:15 executing program 0: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x1, 0x0) r1 = dup2(r0, r0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000100)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10020, 0x10020}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd}]}) ioctl$UFFDIO_UNREGISTER(0xffffffffffffffff, 0x8010aa01, 0x0) [ 3209.997961][T18355] bond5: (slave ip6tnl2): The slave device specified does not support setting the MAC address 06:01:15 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x252, 0x0) [ 3210.073921][T18355] bond5: (slave ip6tnl2): Error -95 calling set_mac_address 06:01:15 executing program 5: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, 0x0, 0x0) [ 3210.146135][T18369] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3210.234252][T18369] CPU: 1 PID: 18369 Comm: syz-executor.3 Not tainted 5.6.0-rc1-syzkaller #0 [ 3210.243074][T18369] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3210.253234][T18369] Call Trace: [ 3210.256536][T18369] dump_stack+0x11d/0x181 [ 3210.261080][T18369] dump_header+0xaa/0x39c [ 3210.265569][T18369] oom_kill_process.cold+0x10/0x15 [ 3210.270792][T18369] out_of_memory+0x231/0xa60 [ 3210.275424][T18369] ? __rcu_read_unlock+0x66/0x2f0 [ 3210.280499][T18369] mem_cgroup_out_of_memory+0x128/0x150 [ 3210.286072][T18369] try_charge+0xb6c/0xbf0 [ 3210.290500][T18369] mem_cgroup_try_charge+0xd2/0x260 [ 3210.295771][T18369] mem_cgroup_try_charge_delay+0x3a/0x80 [ 3210.301467][T18369] wp_page_copy+0x322/0xf20 [ 3210.305995][T18369] ? __read_once_size+0x41/0xe0 [ 3210.310866][T18369] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 3210.316830][T18369] do_wp_page+0x192/0xd20 [ 3210.321742][T18369] __handle_mm_fault+0x1d16/0x2e00 [ 3210.327043][T18369] handle_mm_fault+0x21b/0x530 [ 3210.331889][T18369] do_page_fault+0x496/0xa3d [ 3210.336507][T18369] page_fault+0x34/0x40 [ 3210.340680][T18369] RIP: 0033:0x411498 [ 3210.344661][T18369] Code: 8b 34 c6 4a 8d 04 2e 48 3d ff ff ff 7e 0f 86 77 ff ff ff bf 58 1d 4c 00 31 c0 e8 13 0a ff ff 31 ff e8 5c 06 ff ff 0f 1f 40 00 <89> 3c b5 00 00 74 00 eb b6 31 ed 0f 1f 44 00 00 80 3d ae 11 87 00 [ 3210.364406][T18369] RSP: 002b:00007ffc79c5d880 EFLAGS: 00010246 [ 3210.370649][T18369] RAX: 000000002c60de5d RBX: 00000000ac369be7 RCX: 0000001b33e20000 06:01:15 executing program 1: sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='net/ip6_mr_vif\x00') clock_gettime(0x0, 0x0) r0 = socket(0x1e, 0x1, 0x0) getsockopt$TIPC_SOCK_RECVQ_DEPTH(r0, 0x6, 0x84, 0x0, 0x0) sendmsg$IPSET_CMD_TEST(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f00000000c0), 0xc, &(0x7f00000002c0)={0x0}, 0x1, 0x0, 0x0, 0x2400c000}, 0x44800) ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc0585611, &(0x7f0000000100)={0x0, 0x1, 0x4, 0x0, 0x6e, {}, {0x5, 0x0, 0x0, 0x7f, 0x1, 0x3, "c051e379"}, 0xfffff001, 0x1, @planes=&(0x7f0000000040)={0xc04c, 0x0, @mem_offset=0x7}, 0x7}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0xfc, &(0x7f0000000180)={&(0x7f0000000580)=ANY=[@ANYBLOB="5400000010003f0e000000000000004c00000000", @ANYRES32=0x0, @ANYBLOB="002200160002000008000a00", @ANYRES32, @ANYBLOB="2c0012000c000100697036746e6c00001c00020014000200ff02000000000000000000000000000104001300"], 0x54}, 0x1, 0x0, 0x0, 0x4084}, 0x0) 06:01:15 executing program 0: mkdir(0x0, 0x0) mkdir(&(0x7f0000000180)='./bus\x00', 0x0) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) r0 = socket$inet6(0xa, 0x800000000000002, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0']) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) [ 3210.378665][T18369] RDX: 0000000000000000 RSI: 0000000000001e5d RDI: ffffffff2c60de5d [ 3210.386655][T18369] RBP: 0000000000000009 R08: 000000002c60de5d R09: 000000002c60de61 [ 3210.394632][T18369] R10: 00007ffc79c5da20 R11: 0000000000000246 R12: 000000000076c048 [ 3210.402832][T18369] R13: 0000000080000000 R14: 00007f332010f008 R15: 000000000000000e 06:01:15 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x253, 0x0) [ 3210.539395][T18402] overlayfs: failed to resolve './file1': -2 [ 3210.565356][T18402] overlayfs: failed to resolve './file1': -2 [ 3210.610191][T18398] bond5: (slave ip6tnl2): The slave device specified does not support setting the MAC address [ 3210.623032][T18405] overlayfs: failed to resolve './file1': -2 [ 3210.638169][T18369] memory: usage 307200kB, limit 307200kB, failcnt 824 [ 3210.674157][T18369] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3210.696575][T18398] bond5: (slave ip6tnl2): Error -95 calling set_mac_address [ 3210.735353][T18369] Memory cgroup stats for /syz3: [ 3210.735616][T18369] anon 277118976 [ 3210.735616][T18369] file 24576 [ 3210.735616][T18369] kernel_stack 3170304 [ 3210.735616][T18369] slab 9437184 [ 3210.735616][T18369] sock 0 [ 3210.735616][T18369] shmem 106496 [ 3210.735616][T18369] file_mapped 0 [ 3210.735616][T18369] file_dirty 0 [ 3210.735616][T18369] file_writeback 0 [ 3210.735616][T18369] anon_thp 255852544 [ 3210.735616][T18369] inactive_anon 135168 [ 3210.735616][T18369] active_anon 277118976 [ 3210.735616][T18369] inactive_file 0 [ 3210.735616][T18369] active_file 0 [ 3210.735616][T18369] unevictable 0 [ 3210.735616][T18369] slab_reclaimable 1622016 [ 3210.735616][T18369] slab_unreclaimable 7815168 [ 3210.735616][T18369] pgfault 229350 [ 3210.735616][T18369] pgmajfault 0 [ 3210.735616][T18369] workingset_refault 132 [ 3210.735616][T18369] workingset_activate 66 [ 3210.735616][T18369] workingset_nodereclaim 0 [ 3210.735616][T18369] pgrefill 730 [ 3210.735616][T18369] pgscan 776 [ 3210.735616][T18369] pgsteal 345 [ 3211.214537][T18369] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=24755,uid=0 [ 3211.268150][T18369] Memory cgroup out of memory: Killed process 24755 (syz-executor.3) total-vm:74704kB, anon-rss:2212kB, file-rss:35856kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000 06:01:16 executing program 3: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = accept$alg(0xffffffffffffffff, 0x0, 0x0) r1 = dup(r0) recvmsg$can_raw(r1, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r3 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000040), 0x0) r4 = accept$alg(r3, 0x0, 0x0) r5 = dup(r4) recvmsg$can_raw(r5, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r5, 0xae47, 0x0) r6 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60) ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r8, 0xae60) ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0) r9 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r9, 0x117, 0x1, &(0x7f0000000040), 0x0) 06:01:16 executing program 5: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000c40)={0x0, 0x0, 0x0}, 0x0) 06:01:16 executing program 0: r0 = socket$inet(0x10, 0x2, 0x0) sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)="240000005e0007031dfffd946fa2830020200a00ff0003660e1d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0) 06:01:16 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x254, 0x0) 06:01:16 executing program 1: 06:01:16 executing program 4: 06:01:17 executing program 1: 06:01:17 executing program 0: 06:01:17 executing program 5: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000c40)={0x0, 0x0, 0x0}, 0x0) 06:01:17 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x255, 0x0) 06:01:17 executing program 1: perf_event_open(&(0x7f000025c000)={0x1000000002, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) mmap$xdp(&(0x7f0000738000/0x2000)=nil, 0x2000, 0x0, 0x852, r0, 0x0) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) writev(r1, &(0x7f00000004c0)=[{&(0x7f00000000c0)="8c", 0x1}], 0x1) r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x2, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = dup2(r4, r3) dup2(r5, r2) 06:01:17 executing program 5: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000c40)={0x0, 0x0, 0x0}, 0x0) [ 3212.245747][T18438] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3212.326333][T18438] CPU: 0 PID: 18438 Comm: syz-executor.3 Not tainted 5.6.0-rc1-syzkaller #0 [ 3212.335210][T18438] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3212.345286][T18438] Call Trace: [ 3212.348605][T18438] dump_stack+0x11d/0x181 [ 3212.353009][T18438] dump_header+0xaa/0x39c [ 3212.357346][T18438] oom_kill_process.cold+0x10/0x15 [ 3212.362489][T18438] out_of_memory+0x231/0xa60 [ 3212.367106][T18438] ? __rcu_read_unlock+0x66/0x2f0 [ 3212.372162][T18438] mem_cgroup_out_of_memory+0x128/0x150 [ 3212.377862][T18438] try_charge+0xb6c/0xbf0 [ 3212.382237][T18438] mem_cgroup_try_charge+0xd2/0x260 [ 3212.387470][T18438] mem_cgroup_try_charge_delay+0x3a/0x80 [ 3212.393139][T18438] wp_page_copy+0x322/0xf20 [ 3212.397714][T18438] ? __read_once_size+0x41/0xe0 [ 3212.402598][T18438] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 3212.408514][T18438] do_wp_page+0x192/0xd20 [ 3212.412876][T18438] __handle_mm_fault+0x1d16/0x2e00 [ 3212.418154][T18438] handle_mm_fault+0x21b/0x530 [ 3212.423074][T18438] do_page_fault+0x496/0xa3d [ 3212.427749][T18438] page_fault+0x34/0x40 [ 3212.431918][T18438] RIP: 0033:0x411498 [ 3212.435847][T18438] Code: 8b 34 c6 4a 8d 04 2e 48 3d ff ff ff 7e 0f 86 77 ff ff ff bf 58 1d 4c 00 31 c0 e8 13 0a ff ff 31 ff e8 5c 06 ff ff 0f 1f 40 00 <89> 3c b5 00 00 74 00 eb b6 31 ed 0f 1f 44 00 00 80 3d ae 11 87 00 [ 3212.455577][T18438] RSP: 002b:00007ffc79c5d880 EFLAGS: 00010246 [ 3212.461693][T18438] RAX: 00000000911e67ef RBX: 00000000419b8f37 RCX: 0000001b33e20000 [ 3212.469698][T18438] RDX: 0000000000000000 RSI: 00000000000007ef RDI: ffffffff911e67ef [ 3212.477779][T18438] RBP: 000000000000000f R08: 00000000911e67ef R09: 00000000911e67f3 [ 3212.486128][T18438] R10: 00007ffc79c5da20 R11: 0000000000000246 R12: 000000000076c048 [ 3212.494136][T18438] R13: 0000000080000000 R14: 00007f332010f008 R15: 0000000000000014 [ 3212.516090][T18438] memory: usage 307180kB, limit 307200kB, failcnt 861 [ 3212.568427][T18438] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3212.590966][T18438] Memory cgroup stats for /syz3: [ 3212.591138][T18438] anon 277106688 [ 3212.591138][T18438] file 24576 [ 3212.591138][T18438] kernel_stack 3133440 [ 3212.591138][T18438] slab 9437184 [ 3212.591138][T18438] sock 0 [ 3212.591138][T18438] shmem 106496 [ 3212.591138][T18438] file_mapped 0 [ 3212.591138][T18438] file_dirty 0 [ 3212.591138][T18438] file_writeback 0 [ 3212.591138][T18438] anon_thp 255852544 [ 3212.591138][T18438] inactive_anon 135168 [ 3212.591138][T18438] active_anon 277106688 [ 3212.591138][T18438] inactive_file 0 [ 3212.591138][T18438] active_file 0 [ 3212.591138][T18438] unevictable 0 [ 3212.591138][T18438] slab_reclaimable 1622016 [ 3212.591138][T18438] slab_unreclaimable 7815168 [ 3212.591138][T18438] pgfault 229416 [ 3212.591138][T18438] pgmajfault 0 [ 3212.591138][T18438] workingset_refault 132 [ 3212.591138][T18438] workingset_activate 66 [ 3212.591138][T18438] workingset_nodereclaim 0 [ 3212.591138][T18438] pgrefill 730 [ 3212.591138][T18438] pgscan 776 [ 3212.591138][T18438] pgsteal 345 [ 3212.731291][T18438] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=7791,uid=0 [ 3212.773296][T18438] Memory cgroup out of memory: Killed process 7791 (syz-executor.3) total-vm:74836kB, anon-rss:2220kB, file-rss:35844kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000 [ 3212.793570][ T1078] oom_reaper: reaped process 7791 (syz-executor.3), now anon-rss:0kB, file-rss:34884kB, shmem-rss:0kB 06:01:18 executing program 3: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = accept$alg(0xffffffffffffffff, 0x0, 0x0) r1 = dup(r0) recvmsg$can_raw(r1, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r3 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000040), 0x0) r4 = accept$alg(r3, 0x0, 0x0) r5 = dup(r4) recvmsg$can_raw(r5, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r5, 0xae47, 0x0) r6 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60) ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r8, 0xae60) ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0) r9 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r9, 0x117, 0x1, &(0x7f0000000040), 0x0) 06:01:18 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) io_submit(0x0, 0x1, &(0x7f00000003c0)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000400)="04", 0x36c, 0x0, 0x0, 0x1}]) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0xec}], 0x1000000000000409, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@remote, 0x15b}) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/57, 0x39}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) 06:01:18 executing program 5: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000c40)={0x0, 0x0, &(0x7f0000000c00)={0x0}}, 0x0) 06:01:18 executing program 4: 06:01:18 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x256, 0x0) 06:01:18 executing program 1: perf_event_open(&(0x7f000025c000)={0x1000000002, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) mmap$xdp(&(0x7f0000738000/0x2000)=nil, 0x2000, 0x0, 0x852, r0, 0x0) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) writev(r1, &(0x7f00000004c0)=[{&(0x7f00000000c0)="8c", 0x1}], 0x1) r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x2, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = dup2(r4, r3) dup2(r5, r2) 06:01:18 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) io_submit(0x0, 0x1, &(0x7f00000003c0)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000400)="04", 0x36c, 0x0, 0x0, 0x1}]) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0xec}], 0x1000000000000409, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@remote, 0x15b}) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/57, 0x39}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) 06:01:18 executing program 5: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000c40)={0x0, 0x0, &(0x7f0000000c00)={0x0}}, 0x0) 06:01:18 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x257, 0x0) 06:01:18 executing program 5: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000c40)={0x0, 0x0, &(0x7f0000000c00)={0x0}}, 0x0) [ 3213.570540][T18486] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3213.592237][T18486] CPU: 0 PID: 18486 Comm: syz-executor.3 Not tainted 5.6.0-rc1-syzkaller #0 [ 3213.601307][T18486] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3213.611631][T18486] Call Trace: [ 3213.614948][T18486] dump_stack+0x11d/0x181 [ 3213.619305][T18486] dump_header+0xaa/0x39c [ 3213.623658][T18486] oom_kill_process.cold+0x10/0x15 [ 3213.628833][T18486] out_of_memory+0x231/0xa60 [ 3213.633628][T18486] ? __rcu_read_unlock+0x66/0x2f0 [ 3213.638722][T18486] mem_cgroup_out_of_memory+0x128/0x150 [ 3213.644305][T18486] try_charge+0xb6c/0xbf0 [ 3213.648708][T18486] mem_cgroup_try_charge+0xd2/0x260 [ 3213.654080][T18486] mem_cgroup_try_charge_delay+0x3a/0x80 [ 3213.659844][T18486] wp_page_copy+0x322/0xf20 [ 3213.664391][T18486] ? __read_once_size+0x41/0xe0 06:01:18 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x258, 0x0) [ 3213.669270][T18486] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 3213.675242][T18486] do_wp_page+0x192/0xd20 [ 3213.680484][T18486] __handle_mm_fault+0x1d16/0x2e00 [ 3213.685743][T18486] ? delay_tsc+0x8f/0xc0 [ 3213.690090][T18486] handle_mm_fault+0x21b/0x530 [ 3213.694969][T18486] do_page_fault+0x496/0xa3d [ 3213.699854][T18486] page_fault+0x34/0x40 [ 3213.704071][T18486] RIP: 0033:0x411498 [ 3213.707997][T18486] Code: 8b 34 c6 4a 8d 04 2e 48 3d ff ff ff 7e 0f 86 77 ff ff ff bf 58 1d 4c 00 31 c0 e8 13 0a ff ff 31 ff e8 5c 06 ff ff 0f 1f 40 00 <89> 3c b5 00 00 74 00 eb b6 31 ed 0f 1f 44 00 00 80 3d ae 11 87 00 [ 3213.727731][T18486] RSP: 002b:00007ffc79c5d880 EFLAGS: 00010246 [ 3213.733805][T18486] RAX: 00000000eb88a0aa RBX: 000000007c10efe5 RCX: 0000001b33e20000 [ 3213.741926][T18486] RDX: 0000000000000000 RSI: 00000000000000aa RDI: ffffffffeb88a0aa [ 3213.749941][T18486] RBP: 0000000000000001 R08: 00000000eb88a0aa R09: 00000000eb88a0ae [ 3213.758106][T18486] R10: 00007ffc79c5da20 R11: 0000000000000246 R12: 000000000076c048 [ 3213.766083][T18486] R13: 0000000080000000 R14: 00007f332010f008 R15: 0000000000000006 06:01:19 executing program 1: perf_event_open(&(0x7f000025c000)={0x1000000002, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) mmap$xdp(&(0x7f0000738000/0x2000)=nil, 0x2000, 0x0, 0x852, r0, 0x0) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) writev(r1, &(0x7f00000004c0)=[{&(0x7f00000000c0)="8c", 0x1}], 0x1) r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x2, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = dup2(r4, r3) dup2(r5, r2) [ 3214.079342][T18486] memory: usage 307200kB, limit 307200kB, failcnt 899 [ 3214.123460][T18486] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3214.161971][T18486] Memory cgroup stats for /syz3: [ 3214.162242][T18486] anon 277078016 [ 3214.162242][T18486] file 24576 [ 3214.162242][T18486] kernel_stack 3170304 [ 3214.162242][T18486] slab 9437184 [ 3214.162242][T18486] sock 0 [ 3214.162242][T18486] shmem 106496 [ 3214.162242][T18486] file_mapped 0 [ 3214.162242][T18486] file_dirty 0 [ 3214.162242][T18486] file_writeback 0 [ 3214.162242][T18486] anon_thp 255852544 [ 3214.162242][T18486] inactive_anon 135168 [ 3214.162242][T18486] active_anon 277000192 [ 3214.162242][T18486] inactive_file 0 [ 3214.162242][T18486] active_file 0 [ 3214.162242][T18486] unevictable 0 [ 3214.162242][T18486] slab_reclaimable 1622016 [ 3214.162242][T18486] slab_unreclaimable 7815168 [ 3214.162242][T18486] pgfault 229548 [ 3214.162242][T18486] pgmajfault 0 [ 3214.162242][T18486] workingset_refault 165 [ 3214.162242][T18486] workingset_activate 66 [ 3214.162242][T18486] workingset_nodereclaim 0 [ 3214.162242][T18486] pgrefill 730 [ 3214.162242][T18486] pgscan 776 [ 3214.162242][T18486] pgsteal 378 [ 3214.296603][T18486] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=28172,uid=0 [ 3214.314886][T18486] Memory cgroup out of memory: Killed process 28172 (syz-executor.3) total-vm:75232kB, anon-rss:2244kB, file-rss:35816kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000 [ 3214.356333][ T1078] oom_reaper: reaped process 28172 (syz-executor.3), now anon-rss:0kB, file-rss:34856kB, shmem-rss:0kB 06:01:19 executing program 3: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = accept$alg(0xffffffffffffffff, 0x0, 0x0) r1 = dup(r0) recvmsg$can_raw(r1, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r3 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000040), 0x0) r4 = accept$alg(r3, 0x0, 0x0) r5 = dup(r4) recvmsg$can_raw(r5, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r5, 0xae47, 0x0) r6 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60) ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r8, 0xae60) ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0) r9 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r9, 0x117, 0x1, &(0x7f0000000040), 0x0) 06:01:19 executing program 5: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000c40)={0x0, 0x0, &(0x7f0000000c00)={&(0x7f0000000300)={{0x14}, [], {0x14}}, 0x28}}, 0x0) 06:01:19 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x259, 0x0) 06:01:19 executing program 4: perf_event_open(&(0x7f000025c000)={0x1000000002, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) mmap$xdp(&(0x7f0000738000/0x2000)=nil, 0x2000, 0x0, 0x852, r0, 0x0) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) writev(r1, &(0x7f00000004c0)=[{&(0x7f00000000c0)="8c", 0x1}], 0x1) r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x2, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = dup2(r4, r3) dup2(r5, r2) 06:01:19 executing program 1: 06:01:19 executing program 1: [ 3215.088667][T18538] syz-executor.3 invoked oom-killer: gfp_mask=0x402dc2(GFP_KERNEL_ACCOUNT|__GFP_HIGHMEM|__GFP_NOWARN|__GFP_ZERO), order=0, oom_score_adj=1000 [ 3215.132794][T18538] CPU: 0 PID: 18538 Comm: syz-executor.3 Not tainted 5.6.0-rc1-syzkaller #0 [ 3215.141529][T18538] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3215.151613][T18538] Call Trace: [ 3215.154934][T18538] dump_stack+0x11d/0x181 [ 3215.159302][T18538] dump_header+0xaa/0x39c [ 3215.163657][T18538] oom_kill_process.cold+0x10/0x15 [ 3215.168801][T18538] out_of_memory+0x231/0xa60 [ 3215.173487][T18538] ? __rcu_read_unlock+0x66/0x2f0 [ 3215.178943][T18538] mem_cgroup_out_of_memory+0x128/0x150 [ 3215.184547][T18538] try_charge+0xb6c/0xbf0 [ 3215.189755][T18538] ? _raw_spin_unlock+0x4b/0x60 [ 3215.194654][T18538] __memcg_kmem_charge_memcg+0x4a/0xe0 [ 3215.200144][T18538] __memcg_kmem_charge+0xcf/0x1b0 [ 3215.205303][T18538] __alloc_pages_nodemask+0x26c/0x310 [ 3215.210805][T18538] alloc_pages_current+0xd1/0x170 [ 3215.215932][T18538] __vmalloc_node_range+0x2c4/0x4a0 [ 3215.221353][T18538] __vmalloc+0x4d/0x70 [ 3215.225474][T18538] ? vmx_vm_alloc+0x40/0x50 [ 3215.230005][T18538] vmx_vm_alloc+0x40/0x50 [ 3215.234359][T18538] kvm_dev_ioctl+0x137/0xcb0 [ 3215.239036][T18538] ? tomoyo_file_ioctl+0x34/0x40 [ 3215.244024][T18538] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3215.250289][T18538] ? kvm_put_kvm+0x6a0/0x6a0 [ 3215.254988][T18538] ksys_ioctl+0x109/0x150 [ 3215.259437][T18538] __x64_sys_ioctl+0x4c/0x60 [ 3215.264154][T18538] do_syscall_64+0xcc/0x3a0 [ 3215.268778][T18538] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 3215.274720][T18538] RIP: 0033:0x45c449 [ 3215.278763][T18538] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3215.298395][T18538] RSP: 002b:00007f331e30dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3215.307024][T18538] RAX: ffffffffffffffda RBX: 00007f331e30e6d4 RCX: 000000000045c449 [ 3215.315203][T18538] RDX: 0000000000000000 RSI: 000000000000ae01 RDI: 0000000000000006 [ 3215.324284][T18538] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 3215.332404][T18538] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 3215.340389][T18538] R13: 0000000000000390 R14: 00000000004c5c51 R15: 000000000076bf2c [ 3215.679156][T18538] memory: usage 307200kB, limit 307200kB, failcnt 959 [ 3215.702901][T18538] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3215.709793][T18538] Memory cgroup stats for /syz3: [ 3215.709931][T18538] anon 276914176 [ 3215.709931][T18538] file 24576 [ 3215.709931][T18538] kernel_stack 3133440 [ 3215.709931][T18538] slab 9437184 [ 3215.709931][T18538] sock 0 [ 3215.709931][T18538] shmem 106496 [ 3215.709931][T18538] file_mapped 0 [ 3215.709931][T18538] file_dirty 0 [ 3215.709931][T18538] file_writeback 0 [ 3215.709931][T18538] anon_thp 255852544 [ 3215.709931][T18538] inactive_anon 135168 [ 3215.709931][T18538] active_anon 276914176 [ 3215.709931][T18538] inactive_file 0 [ 3215.709931][T18538] active_file 0 [ 3215.709931][T18538] unevictable 0 [ 3215.709931][T18538] slab_reclaimable 1622016 [ 3215.709931][T18538] slab_unreclaimable 7815168 [ 3215.709931][T18538] pgfault 229647 [ 3215.709931][T18538] pgmajfault 0 [ 3215.709931][T18538] workingset_refault 165 [ 3215.709931][T18538] workingset_activate 66 [ 3215.709931][T18538] workingset_nodereclaim 0 [ 3215.709931][T18538] pgrefill 730 [ 3215.709931][T18538] pgscan 776 [ 3215.709931][T18538] pgsteal 378 [ 3215.911921][T18538] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=22689,uid=0 [ 3215.950950][T18538] Memory cgroup out of memory: Killed process 22689 (syz-executor.3) total-vm:74968kB, anon-rss:2228kB, file-rss:35820kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000 [ 3215.985079][ T1078] oom_reaper: reaped process 22689 (syz-executor.3), now anon-rss:0kB, file-rss:34860kB, shmem-rss:0kB [ 3215.985121][T18540] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3216.033665][T18540] CPU: 0 PID: 18540 Comm: syz-executor.3 Not tainted 5.6.0-rc1-syzkaller #0 [ 3216.042504][T18540] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3216.052567][T18540] Call Trace: [ 3216.055911][T18540] dump_stack+0x11d/0x181 [ 3216.060257][T18540] dump_header+0xaa/0x39c [ 3216.064732][T18540] oom_kill_process.cold+0x10/0x15 [ 3216.069938][T18540] out_of_memory+0x231/0xa60 [ 3216.074581][T18540] mem_cgroup_out_of_memory+0x128/0x150 [ 3216.080289][T18540] try_charge+0x800/0xbf0 [ 3216.084807][T18540] mem_cgroup_try_charge+0xd2/0x260 [ 3216.090206][T18540] mem_cgroup_try_charge_delay+0x3a/0x80 [ 3216.095878][T18540] wp_page_copy+0x322/0xf20 [ 3216.100408][T18540] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 3216.106336][T18540] ? __read_once_size+0x41/0xe0 [ 3216.111459][T18540] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 3216.117969][T18540] do_wp_page+0x192/0xd20 [ 3216.122343][T18540] __handle_mm_fault+0x1d16/0x2e00 [ 3216.127560][T18540] handle_mm_fault+0x21b/0x530 [ 3216.132425][T18540] do_page_fault+0x496/0xa3d [ 3216.137074][T18540] page_fault+0x34/0x40 [ 3216.141243][T18540] RIP: 0033:0x403ecf [ 3216.145367][T18540] Code: e7 87 00 00 74 0f 8b 05 a3 e7 87 00 39 45 24 0f 84 d6 01 00 00 80 3d a8 e7 87 00 00 0f 85 51 03 00 00 e8 24 2d 01 00 48 89 c3 00 00 00 00 00 4b 8d 44 6d 00 48 8d 3c c5 60 83 4d 00 48 8b 47 [ 3216.166047][T18540] RSP: 002b:00007f331e2ecc90 EFLAGS: 00010207 [ 3216.172814][T18540] RAX: 00007f331e2ed6d4 RBX: 00007f331e2ed6d4 RCX: 00000000004c5c0c [ 3216.180822][T18540] RDX: 00000000002d756e RSI: 000000000000ae60 RDI: 000000000076c048 [ 3216.188903][T18540] RBP: 000000000076bfc0 R08: 0000000000000000 R09: 0000000000000000 [ 3216.197081][T18540] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 3216.205217][T18540] R13: 000000000000038d R14: 00000000004c5c0c R15: 000000000076bfcc [ 3216.227182][T18540] memory: usage 305012kB, limit 307200kB, failcnt 959 [ 3216.237219][T18540] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3216.245150][T18540] Memory cgroup stats for /syz3: [ 3216.245357][T18540] anon 274739200 [ 3216.245357][T18540] file 24576 [ 3216.245357][T18540] kernel_stack 3133440 [ 3216.245357][T18540] slab 9437184 [ 3216.245357][T18540] sock 0 [ 3216.245357][T18540] shmem 106496 [ 3216.245357][T18540] file_mapped 0 [ 3216.245357][T18540] file_dirty 0 [ 3216.245357][T18540] file_writeback 0 [ 3216.245357][T18540] anon_thp 253755392 [ 3216.245357][T18540] inactive_anon 135168 [ 3216.245357][T18540] active_anon 274739200 [ 3216.245357][T18540] inactive_file 0 [ 3216.245357][T18540] active_file 0 [ 3216.245357][T18540] unevictable 0 [ 3216.245357][T18540] slab_reclaimable 1622016 [ 3216.245357][T18540] slab_unreclaimable 7815168 [ 3216.245357][T18540] pgfault 229647 [ 3216.245357][T18540] pgmajfault 0 [ 3216.245357][T18540] workingset_refault 165 [ 3216.245357][T18540] workingset_activate 66 [ 3216.245357][T18540] workingset_nodereclaim 0 [ 3216.245357][T18540] pgrefill 730 06:01:21 executing program 5: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000c40)={0x0, 0x0, &(0x7f0000000c00)={&(0x7f0000000300)={{0x14}, [], {0x14}}, 0x28}}, 0x0) 06:01:21 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) io_submit(0x0, 0x1, &(0x7f00000003c0)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000400)="04", 0x36c, 0x0, 0x0, 0x1}]) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0xec}], 0x1000000000000409, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@remote, 0x15b}) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/57, 0x39}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) 06:01:21 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x25a, 0x0) 06:01:21 executing program 1: [ 3216.245357][T18540] pgscan 776 [ 3216.245357][T18540] pgsteal 378 [ 3216.355807][T18540] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=22473,uid=0 [ 3216.389828][T18540] Memory cgroup out of memory: Killed process 22473 (syz-executor.3) total-vm:74704kB, anon-rss:2212kB, file-rss:35832kB, shmem-rss:0kB, UID:0 pgtables:136kB oom_score_adj:1000 [ 3216.419942][T18554] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 3216.430163][T18554] CPU: 1 PID: 18554 Comm: syz-executor.4 Not tainted 5.6.0-rc1-syzkaller #0 [ 3216.438855][T18554] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3216.449045][T18554] Call Trace: [ 3216.452366][T18554] dump_stack+0x11d/0x181 [ 3216.456849][T18554] dump_header+0xaa/0x39c [ 3216.461220][T18554] oom_kill_process.cold+0x10/0x15 [ 3216.466427][T18554] out_of_memory+0x231/0xa60 [ 3216.471174][T18554] mem_cgroup_out_of_memory+0x128/0x150 [ 3216.476955][T18554] try_charge+0xb6c/0xbf0 [ 3216.481458][T18554] mem_cgroup_try_charge+0xd2/0x260 [ 3216.486722][T18554] __replace_page+0x1bc/0xa50 [ 3216.491500][T18554] uprobe_write_opcode+0x3e0/0xba0 [ 3216.496664][T18554] set_swbp+0x34/0x50 [ 3216.501185][T18554] install_breakpoint.isra.0+0xbe/0x480 [ 3216.506832][T18554] register_for_each_vma+0x6d8/0x7f0 [ 3216.512525][T18554] uprobe_apply+0xc7/0x110 [ 3216.517221][T18554] trace_uprobe_register+0x291/0x4b0 [ 3216.522585][T18554] perf_trace_event_init+0x109/0x630 [ 3216.529027][T18554] perf_uprobe_init+0x12b/0x1a0 [ 3216.533914][T18554] perf_uprobe_event_init+0xcf/0x130 [ 3216.539351][T18554] perf_try_init_event+0xc0/0x330 [ 3216.544831][T18554] perf_event_alloc.part.0+0xe8d/0x1bd0 [ 3216.550599][T18554] __do_sys_perf_event_open+0x68d/0x1e50 [ 3216.556418][T18554] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 3216.562478][T18554] __x64_sys_perf_event_open+0x70/0x90 [ 3216.568024][T18554] do_syscall_64+0xcc/0x3a0 [ 3216.573850][T18554] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 3216.579935][T18554] RIP: 0033:0x45c449 [ 3216.583917][T18554] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3216.603652][T18554] RSP: 002b:00007f7e67997c78 EFLAGS: 00000246 ORIG_RAX: 000000000000012a [ 3216.612197][T18554] RAX: ffffffffffffffda RBX: 00007f7e679986d4 RCX: 000000000045c449 [ 3216.620360][T18554] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000180 [ 3216.628611][T18554] RBP: 000000000076bfc0 R08: 0000000000000000 R09: 0000000000000000 [ 3216.636591][T18554] R10: ffffffffffffffff R11: 0000000000000246 R12: 00000000ffffffff [ 3216.648021][T18554] R13: 0000000000000813 R14: 00000000004ca89f R15: 000000000076bfcc [ 3216.674466][T18554] memory: usage 307200kB, limit 307200kB, failcnt 1769 [ 3216.683223][T18554] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3216.690722][T18554] Memory cgroup stats for /syz4: [ 3216.693280][T18554] anon 240181248 [ 3216.693280][T18554] file 38240256 [ 3216.693280][T18554] kernel_stack 2985984 [ 3216.693280][T18554] slab 8380416 [ 3216.693280][T18554] sock 94208 [ 3216.693280][T18554] shmem 35209216 [ 3216.693280][T18554] file_mapped 0 [ 3216.693280][T18554] file_dirty 0 [ 3216.693280][T18554] file_writeback 0 [ 3216.693280][T18554] anon_thp 218103808 [ 3216.693280][T18554] inactive_anon 32768 [ 3216.693280][T18554] active_anon 275464192 [ 3216.693280][T18554] inactive_file 2789376 [ 3216.693280][T18554] active_file 0 [ 3216.693280][T18554] unevictable 4096 [ 3216.693280][T18554] slab_reclaimable 1757184 [ 3216.693280][T18554] slab_unreclaimable 6623232 [ 3216.693280][T18554] pgfault 308352 [ 3216.693280][T18554] pgmajfault 0 [ 3216.693280][T18554] workingset_refault 264 [ 3216.693280][T18554] workingset_activate 132 [ 3216.693280][T18554] workingset_nodereclaim 0 [ 3216.693280][T18554] pgrefill 3125 [ 3216.693280][T18554] pgscan 6814755 [ 3216.693280][T18554] pgsteal 517 [ 3216.791185][T18554] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=9452,uid=0 [ 3216.843569][T18554] Memory cgroup out of memory: Killed process 9452 (syz-executor.4) total-vm:74836kB, anon-rss:4272kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 06:01:22 executing program 3: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) accept$alg(0xffffffffffffffff, 0x0, 0x0) r0 = dup(0xffffffffffffffff) recvmsg$can_raw(r0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r2 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000040), 0x0) r3 = accept$alg(r2, 0x0, 0x0) r4 = dup(r3) recvmsg$can_raw(r4, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r4, 0xae47, 0x0) r5 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r5, 0xae60) ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r7, 0xae60) ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0) r8 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r8, 0x117, 0x1, &(0x7f0000000040), 0x0) [ 3216.970973][ C0] print_req_error: 356 callbacks suppressed [ 3216.970991][ C0] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3216.987992][ C0] buffer_io_error: 356 callbacks suppressed [ 3216.988004][ C0] Buffer I/O error on dev loop0, logical block 0, async page read [ 3217.002527][ C1] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3217.013444][ C1] Buffer I/O error on dev loop0, logical block 0, async page read [ 3217.061423][ C1] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3217.072374][ C1] Buffer I/O error on dev loop0, logical block 0, async page read 06:01:22 executing program 1: 06:01:22 executing program 5: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000c40)={0x0, 0x0, &(0x7f0000000c00)={&(0x7f0000000300)={{0x14}, [], {0x14}}, 0x28}}, 0x0) 06:01:22 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x25b, 0x0) [ 3217.161110][ C1] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3217.172854][ C1] Buffer I/O error on dev loop0, logical block 0, async page read [ 3217.252189][ C1] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3217.263230][ C1] Buffer I/O error on dev loop0, logical block 0, async page read [ 3217.322442][ C1] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3217.333841][ C1] Buffer I/O error on dev loop0, logical block 0, async page read 06:01:22 executing program 1: [ 3217.376944][ C1] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3217.387975][ C1] Buffer I/O error on dev loop0, logical block 0, async page read [ 3217.410086][ C1] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3217.421364][ C1] Buffer I/O error on dev loop0, logical block 0, async page read [ 3217.445428][ C1] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3217.456729][ C1] Buffer I/O error on dev loop0, logical block 0, async page read [ 3217.481012][ C1] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3217.492204][ C1] Buffer I/O error on dev loop0, logical block 0, async page read 06:01:22 executing program 4: 06:01:22 executing program 5: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000c40)={0x0, 0x0, &(0x7f0000000c00)={&(0x7f0000000300)={{0x14}, [@NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x0, 0x0, 0x0, {}, [@NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x28}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}]}], {0x14}}, 0x64}}, 0x0) 06:01:22 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x25c, 0x0) 06:01:22 executing program 1: 06:01:25 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) io_submit(0x0, 0x1, &(0x7f00000003c0)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000400)="04", 0x36c, 0x0, 0x0, 0x1}]) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0xec}], 0x1000000000000409, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@remote, 0x15b}) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/57, 0x39}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) 06:01:25 executing program 5: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000c40)={0x0, 0x0, &(0x7f0000000c00)={&(0x7f0000000300)={{0x14}, [@NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x0, 0x0, 0x0, {}, [@NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x28}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}]}], {0x14}}, 0x64}}, 0x0) 06:01:25 executing program 1: 06:01:25 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x25d, 0x0) 06:01:25 executing program 4: 06:01:25 executing program 3: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) accept$alg(0xffffffffffffffff, 0x0, 0x0) r0 = dup(0xffffffffffffffff) recvmsg$can_raw(r0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r2 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000040), 0x0) r3 = accept$alg(r2, 0x0, 0x0) r4 = dup(r3) recvmsg$can_raw(r4, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r4, 0xae47, 0x0) r5 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r5, 0xae60) ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r7, 0xae60) ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0) r8 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r8, 0x117, 0x1, &(0x7f0000000040), 0x0) 06:01:25 executing program 1: 06:01:25 executing program 4: 06:01:25 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x25e, 0x0) 06:01:25 executing program 5: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000c40)={0x0, 0x0, &(0x7f0000000c00)={&(0x7f0000000300)={{0x14}, [@NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x0, 0x0, 0x0, {}, [@NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x28}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}]}], {0x14}}, 0x64}}, 0x0) 06:01:25 executing program 4: 06:01:25 executing program 1: 06:01:28 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) io_submit(0x0, 0x1, &(0x7f00000003c0)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000400)="04", 0x36c, 0x0, 0x0, 0x1}]) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0xec}], 0x1000000000000409, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@remote, 0x15b}) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/57, 0x39}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x9, r0, 0x0, 0x0) 06:01:28 executing program 5: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000c40)={0x0, 0x0, &(0x7f0000000c00)={&(0x7f0000000300)={{0x14}, [@NFT_MSG_NEWSET={0x30, 0x9, 0xa, 0x6234f84c1300dfc9, 0x0, 0x0, {}, [@NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x28}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ID={0x8}]}], {0x14}}, 0x58}}, 0x0) 06:01:28 executing program 4: 06:01:28 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x25f, 0x0) 06:01:28 executing program 1: 06:01:28 executing program 3: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) accept$alg(0xffffffffffffffff, 0x0, 0x0) r0 = dup(0xffffffffffffffff) recvmsg$can_raw(r0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r2 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000040), 0x0) r3 = accept$alg(r2, 0x0, 0x0) r4 = dup(r3) recvmsg$can_raw(r4, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r4, 0xae47, 0x0) r5 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r5, 0xae60) ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r7, 0xae60) ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0) r8 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r8, 0x117, 0x1, &(0x7f0000000040), 0x0) 06:01:28 executing program 1: 06:01:28 executing program 4: [ 3223.214243][ C0] print_req_error: 112 callbacks suppressed [ 3223.214271][ C0] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3223.231167][ C0] buffer_io_error: 112 callbacks suppressed [ 3223.231179][ C0] Buffer I/O error on dev loop0, logical block 0, async page read 06:01:28 executing program 5: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000c40)={0x0, 0x0, &(0x7f0000000c00)={&(0x7f0000000300)={{0x14}, [@NFT_MSG_NEWSET={0x30, 0x9, 0xa, 0x6234f84c1300dfc9, 0x0, 0x0, {}, [@NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x28}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ID={0x8}]}], {0x14}}, 0x58}}, 0x0) 06:01:28 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x260, 0x0) [ 3223.327774][ C0] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3223.338734][ C0] Buffer I/O error on dev loop0, logical block 0, async page read 06:01:28 executing program 1: 06:01:28 executing program 4: [ 3223.441782][ C0] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3223.453047][ C0] Buffer I/O error on dev loop0, logical block 0, async page read [ 3223.522682][ C0] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3223.533737][ C0] Buffer I/O error on dev loop0, logical block 0, async page read [ 3223.564271][T18759] syz-executor.3 invoked oom-killer: gfp_mask=0x402dc2(GFP_KERNEL_ACCOUNT|__GFP_HIGHMEM|__GFP_NOWARN|__GFP_ZERO), order=0, oom_score_adj=1000 [ 3223.591405][ C0] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3223.602343][ C0] Buffer I/O error on dev loop0, logical block 0, async page read [ 3223.651262][ C0] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3223.662269][ C0] Buffer I/O error on dev loop0, logical block 0, async page read [ 3223.696240][ C0] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3223.707175][ C0] Buffer I/O error on dev loop0, logical block 0, async page read [ 3223.717782][ C0] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3223.728710][ C0] Buffer I/O error on dev loop0, logical block 0, async page read [ 3223.737826][ C0] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3223.748931][ C0] Buffer I/O error on dev loop0, logical block 0, async page read [ 3223.760562][ C0] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3223.771543][ C0] Buffer I/O error on dev loop0, logical block 0, async page read [ 3223.841830][T18759] CPU: 1 PID: 18759 Comm: syz-executor.3 Not tainted 5.6.0-rc1-syzkaller #0 [ 3223.850643][T18759] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3223.860914][T18759] Call Trace: [ 3223.864295][T18759] dump_stack+0x11d/0x181 [ 3223.868694][T18759] dump_header+0xaa/0x39c [ 3223.873313][T18759] oom_kill_process.cold+0x10/0x15 [ 3223.878447][T18759] out_of_memory+0x231/0xa60 [ 3223.883141][T18759] ? __rcu_read_unlock+0x66/0x2f0 [ 3223.888197][T18759] mem_cgroup_out_of_memory+0x128/0x150 [ 3223.893945][T18759] try_charge+0xb6c/0xbf0 [ 3223.898429][T18759] __memcg_kmem_charge_memcg+0x4a/0xe0 [ 3223.904146][T18759] __memcg_kmem_charge+0xcf/0x1b0 [ 3223.909271][T18759] __alloc_pages_nodemask+0x26c/0x310 [ 3223.914698][T18759] alloc_pages_current+0xd1/0x170 [ 3223.919738][T18759] __vmalloc_node_range+0x2c4/0x4a0 [ 3223.924968][T18759] __vmalloc+0x4d/0x70 [ 3223.929138][T18759] ? vmx_vm_alloc+0x40/0x50 [ 3223.933663][T18759] vmx_vm_alloc+0x40/0x50 [ 3223.938106][T18759] kvm_dev_ioctl+0x137/0xcb0 [ 3223.942823][T18759] ? tomoyo_file_ioctl+0x34/0x40 [ 3223.947800][T18759] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3223.954075][T18759] ? kvm_put_kvm+0x6a0/0x6a0 [ 3223.959521][T18759] ksys_ioctl+0x109/0x150 [ 3223.963936][T18759] __x64_sys_ioctl+0x4c/0x60 [ 3223.968559][T18759] do_syscall_64+0xcc/0x3a0 [ 3223.973206][T18759] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 3223.979112][T18759] RIP: 0033:0x45c449 [ 3223.983213][T18759] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3224.002907][T18759] RSP: 002b:00007f331e30dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3224.011824][T18759] RAX: ffffffffffffffda RBX: 00007f331e30e6d4 RCX: 000000000045c449 [ 3224.019811][T18759] RDX: 0000000000000000 RSI: 000000000000ae01 RDI: 0000000000000003 [ 3224.027815][T18759] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 3224.035798][T18759] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 3224.043804][T18759] R13: 0000000000000390 R14: 00000000004c5c51 R15: 000000000076bf2c [ 3224.063128][T18759] memory: usage 307200kB, limit 307200kB, failcnt 1001 [ 3224.072571][T18759] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3224.079447][T18759] Memory cgroup stats for /syz3: [ 3224.079678][T18759] anon 277110784 [ 3224.079678][T18759] file 24576 [ 3224.079678][T18759] kernel_stack 3133440 [ 3224.079678][T18759] slab 9437184 [ 3224.079678][T18759] sock 0 [ 3224.079678][T18759] shmem 106496 [ 3224.079678][T18759] file_mapped 0 [ 3224.079678][T18759] file_dirty 0 [ 3224.079678][T18759] file_writeback 0 [ 3224.079678][T18759] anon_thp 255852544 [ 3224.079678][T18759] inactive_anon 135168 [ 3224.079678][T18759] active_anon 277168128 [ 3224.079678][T18759] inactive_file 0 [ 3224.079678][T18759] active_file 0 [ 3224.079678][T18759] unevictable 0 [ 3224.079678][T18759] slab_reclaimable 1622016 [ 3224.079678][T18759] slab_unreclaimable 7815168 [ 3224.079678][T18759] pgfault 229944 [ 3224.079678][T18759] pgmajfault 0 [ 3224.079678][T18759] workingset_refault 165 [ 3224.079678][T18759] workingset_activate 66 [ 3224.079678][T18759] workingset_nodereclaim 0 [ 3224.079678][T18759] pgrefill 730 [ 3224.079678][T18759] pgscan 776 [ 3224.079678][T18759] pgsteal 378 [ 3224.182382][T18759] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=22441,uid=0 [ 3224.198286][T18759] Memory cgroup out of memory: Killed process 22441 (syz-executor.3) total-vm:74704kB, anon-rss:2212kB, file-rss:35832kB, shmem-rss:0kB, UID:0 pgtables:136kB oom_score_adj:1000 [ 3224.218415][ T1078] oom_reaper: reaped process 22441 (syz-executor.3), now anon-rss:0kB, file-rss:34872kB, shmem-rss:0kB [ 3224.230471][T18763] syz-executor.3 invoked oom-killer: gfp_mask=0x402dc2(GFP_KERNEL_ACCOUNT|__GFP_HIGHMEM|__GFP_NOWARN|__GFP_ZERO), order=0, oom_score_adj=1000 [ 3224.262349][T18763] CPU: 1 PID: 18763 Comm: syz-executor.3 Not tainted 5.6.0-rc1-syzkaller #0 [ 3224.271095][T18763] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3224.281260][T18763] Call Trace: [ 3224.284594][T18763] dump_stack+0x11d/0x181 [ 3224.288988][T18763] dump_header+0xaa/0x39c [ 3224.293430][T18763] oom_kill_process.cold+0x10/0x15 [ 3224.298578][T18763] out_of_memory+0x231/0xa60 [ 3224.303209][T18763] mem_cgroup_out_of_memory+0x128/0x150 [ 3224.308925][T18763] try_charge+0x800/0xbf0 [ 3224.313540][T18763] __memcg_kmem_charge_memcg+0x4a/0xe0 [ 3224.319071][T18763] __memcg_kmem_charge+0xcf/0x1b0 [ 3224.324122][T18763] __alloc_pages_nodemask+0x26c/0x310 [ 3224.329742][T18763] alloc_pages_current+0xd1/0x170 [ 3224.334789][T18763] __vmalloc_node_range+0x2c4/0x4a0 [ 3224.340020][T18763] __vmalloc+0x4d/0x70 [ 3224.344190][T18763] ? vmx_vm_alloc+0x40/0x50 [ 3224.348791][T18763] vmx_vm_alloc+0x40/0x50 [ 3224.353179][T18763] kvm_dev_ioctl+0x137/0xcb0 [ 3224.357790][T18763] ? tomoyo_file_ioctl+0x34/0x40 [ 3224.362836][T18763] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3224.369192][T18763] ? kvm_put_kvm+0x6a0/0x6a0 [ 3224.373814][T18763] ksys_ioctl+0x109/0x150 [ 3224.378340][T18763] __x64_sys_ioctl+0x4c/0x60 [ 3224.382976][T18763] do_syscall_64+0xcc/0x3a0 [ 3224.387537][T18763] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 3224.393642][T18763] RIP: 0033:0x45c449 [ 3224.397617][T18763] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3224.418186][T18763] RSP: 002b:00007f331e2ecc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3224.426652][T18763] RAX: ffffffffffffffda RBX: 00007f331e2ed6d4 RCX: 000000000045c449 [ 3224.434823][T18763] RDX: 0000000000000000 RSI: 000000000000ae01 RDI: 0000000000000005 [ 3224.442832][T18763] RBP: 000000000076bfc0 R08: 0000000000000000 R09: 0000000000000000 [ 3224.450956][T18763] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 3224.458931][T18763] R13: 0000000000000390 R14: 00000000004c5c51 R15: 000000000076bfcc [ 3224.471388][T18763] memory: usage 305032kB, limit 307200kB, failcnt 1001 [ 3224.480990][T18763] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3224.487951][T18763] Memory cgroup stats for /syz3: [ 3224.488121][T18763] anon 274903040 [ 3224.488121][T18763] file 24576 [ 3224.488121][T18763] kernel_stack 3133440 [ 3224.488121][T18763] slab 9437184 [ 3224.488121][T18763] sock 0 [ 3224.488121][T18763] shmem 106496 [ 3224.488121][T18763] file_mapped 0 [ 3224.488121][T18763] file_dirty 0 [ 3224.488121][T18763] file_writeback 0 [ 3224.488121][T18763] anon_thp 253755392 [ 3224.488121][T18763] inactive_anon 135168 [ 3224.488121][T18763] active_anon 274960384 [ 3224.488121][T18763] inactive_file 0 [ 3224.488121][T18763] active_file 0 [ 3224.488121][T18763] unevictable 0 [ 3224.488121][T18763] slab_reclaimable 1622016 [ 3224.488121][T18763] slab_unreclaimable 7815168 [ 3224.488121][T18763] pgfault 229944 [ 3224.488121][T18763] pgmajfault 0 [ 3224.488121][T18763] workingset_refault 165 [ 3224.488121][T18763] workingset_activate 66 [ 3224.488121][T18763] workingset_nodereclaim 0 [ 3224.488121][T18763] pgrefill 730 [ 3224.488121][T18763] pgscan 776 [ 3224.488121][T18763] pgsteal 378 [ 3224.599663][T18763] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=22414,uid=0 [ 3224.618157][T18763] Memory cgroup out of memory: Killed process 22414 (syz-executor.3) total-vm:74704kB, anon-rss:2212kB, file-rss:35832kB, shmem-rss:0kB, UID:0 pgtables:136kB oom_score_adj:1000 [ 3224.669290][T18756] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3224.679892][T18756] CPU: 1 PID: 18756 Comm: syz-executor.3 Not tainted 5.6.0-rc1-syzkaller #0 [ 3224.688591][T18756] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3224.698764][T18756] Call Trace: [ 3224.702073][T18756] dump_stack+0x11d/0x181 [ 3224.706478][T18756] dump_header+0xaa/0x39c [ 3224.710836][T18756] oom_kill_process.cold+0x10/0x15 [ 3224.716007][T18756] out_of_memory+0x231/0xa60 [ 3224.720687][T18756] mem_cgroup_out_of_memory+0x128/0x150 [ 3224.726260][T18756] try_charge+0x800/0xbf0 [ 3224.730641][T18756] mem_cgroup_try_charge+0xd2/0x260 [ 3224.736062][T18756] mem_cgroup_try_charge_delay+0x3a/0x80 [ 3224.742063][T18756] __handle_mm_fault+0x197f/0x2e00 [ 3224.747348][T18756] handle_mm_fault+0x21b/0x530 [ 3224.752219][T18756] do_page_fault+0x496/0xa3d [ 3224.756840][T18756] page_fault+0x34/0x40 [ 3224.761076][T18756] RIP: 0033:0x413c3f [ 3224.765097][T18756] Code: 0f 84 c8 02 00 00 48 83 bd 78 ff ff ff 00 0f 84 f9 04 00 00 48 8b 95 68 ff ff ff 44 89 95 38 ff ff ff 4c 8d ac 10 00 f7 ff ff <49> 89 85 90 06 00 00 49 8d 85 10 03 00 00 49 89 95 98 06 00 00 41 [ 3224.786277][T18756] RSP: 002b:00007ffc79c5d860 EFLAGS: 00010206 [ 3224.792560][T18756] RAX: 00007f331e2ac000 RBX: 0000000000020000 RCX: 000000000045c49a [ 3224.800541][T18756] RDX: 0000000000021000 RSI: 0000000000021000 RDI: 0000000000000000 [ 3224.808799][T18756] RBP: 00007ffc79c5d940 R08: ffffffffffffffff R09: 0000000000000000 [ 3224.816888][T18756] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffc79c5da30 [ 3224.824996][T18756] R13: 00007f331e2cc700 R14: 0000000000000002 R15: 000000000076c06c [ 3224.841292][T18756] memory: usage 302712kB, limit 307200kB, failcnt 1001 [ 3224.848655][T18756] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3224.855607][T18756] Memory cgroup stats for /syz3: [ 3224.855735][T18756] anon 272683008 [ 3224.855735][T18756] file 24576 [ 3224.855735][T18756] kernel_stack 3133440 [ 3224.855735][T18756] slab 9437184 [ 3224.855735][T18756] sock 0 [ 3224.855735][T18756] shmem 106496 [ 3224.855735][T18756] file_mapped 0 [ 3224.855735][T18756] file_dirty 0 [ 3224.855735][T18756] file_writeback 0 [ 3224.855735][T18756] anon_thp 251658240 [ 3224.855735][T18756] inactive_anon 135168 [ 3224.855735][T18756] active_anon 272740352 [ 3224.855735][T18756] inactive_file 0 [ 3224.855735][T18756] active_file 0 [ 3224.855735][T18756] unevictable 0 [ 3224.855735][T18756] slab_reclaimable 1622016 [ 3224.855735][T18756] slab_unreclaimable 7815168 [ 3224.855735][T18756] pgfault 229944 [ 3224.855735][T18756] pgmajfault 0 [ 3224.855735][T18756] workingset_refault 165 [ 3224.855735][T18756] workingset_activate 66 [ 3224.855735][T18756] workingset_nodereclaim 0 [ 3224.855735][T18756] pgrefill 730 [ 3224.855735][T18756] pgscan 776 [ 3224.855735][T18756] pgsteal 378 [ 3224.961441][T18756] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=7404,uid=0 [ 3224.977373][T18756] Memory cgroup out of memory: Killed process 7404 (syz-executor.3) total-vm:74836kB, anon-rss:2220kB, file-rss:35824kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000 [ 3224.997035][ T1078] oom_reaper: reaped process 7404 (syz-executor.3), now anon-rss:0kB, file-rss:34864kB, shmem-rss:0kB 06:01:31 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) io_submit(0x0, 0x1, &(0x7f00000003c0)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000400)="04", 0x36c, 0x0, 0x0, 0x1}]) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0xec}], 0x1000000000000409, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@remote, 0x15b}) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/57, 0x39}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x9, r0, 0x0, 0x0) 06:01:31 executing program 4: 06:01:31 executing program 1: 06:01:31 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x261, 0x0) 06:01:31 executing program 5: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000c40)={0x0, 0x0, &(0x7f0000000c00)={&(0x7f0000000300)={{0x14}, [@NFT_MSG_NEWSET={0x30, 0x9, 0xa, 0x6234f84c1300dfc9, 0x0, 0x0, {}, [@NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x28}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ID={0x8}]}], {0x14}}, 0x58}}, 0x0) 06:01:31 executing program 3: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = accept$alg(0xffffffffffffffff, 0x0, 0x0) dup(r0) recvmsg$can_raw(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r2 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000040), 0x0) r3 = accept$alg(r2, 0x0, 0x0) r4 = dup(r3) recvmsg$can_raw(r4, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r4, 0xae47, 0x0) r5 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r5, 0xae60) ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r7, 0xae60) ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0) r8 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r8, 0x117, 0x1, &(0x7f0000000040), 0x0) 06:01:31 executing program 1: 06:01:31 executing program 4: 06:01:31 executing program 5: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000c40)={0x0, 0x0, &(0x7f0000000c00)={&(0x7f0000000300)={{0x14}, [@NFT_MSG_NEWSET={0x34, 0x9, 0xa, 0x6234f84c1300dfc9, 0x0, 0x0, {}, [@NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x28}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}]}], {0x14}}, 0x5c}}, 0x0) 06:01:31 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x262, 0x0) 06:01:31 executing program 1: 06:01:32 executing program 4: 06:01:34 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) io_submit(0x0, 0x1, &(0x7f00000003c0)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000400)="04", 0x36c, 0x0, 0x0, 0x1}]) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0xec}], 0x1000000000000409, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@remote, 0x15b}) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/57, 0x39}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x9, r0, 0x0, 0x0) 06:01:34 executing program 5: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000c40)={0x0, 0x0, &(0x7f0000000c00)={&(0x7f0000000300)={{0x14}, [@NFT_MSG_NEWSET={0x34, 0x9, 0xa, 0x6234f84c1300dfc9, 0x0, 0x0, {}, [@NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x28}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}]}], {0x14}}, 0x5c}}, 0x0) 06:01:34 executing program 1: 06:01:34 executing program 4: 06:01:34 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x263, 0x0) 06:01:34 executing program 3: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = accept$alg(0xffffffffffffffff, 0x0, 0x0) dup(r0) recvmsg$can_raw(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r2 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000040), 0x0) r3 = accept$alg(r2, 0x0, 0x0) r4 = dup(r3) recvmsg$can_raw(r4, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r4, 0xae47, 0x0) r5 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r5, 0xae60) ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r7, 0xae60) ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0) r8 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r8, 0x117, 0x1, &(0x7f0000000040), 0x0) 06:01:34 executing program 1: 06:01:34 executing program 4: [ 3229.639879][ C0] print_req_error: 112 callbacks suppressed [ 3229.639897][ C0] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3229.656776][ C0] buffer_io_error: 112 callbacks suppressed [ 3229.656787][ C0] Buffer I/O error on dev loop0, logical block 0, async page read 06:01:34 executing program 1: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='mountinfo\x00') read(r0, &(0x7f0000000380)=""/233, 0xffbe) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='debugfs\x00', 0x0, &(0x7f0000000380)) 06:01:35 executing program 5: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000c40)={0x0, 0x0, &(0x7f0000000c00)={&(0x7f0000000300)={{0x14}, [@NFT_MSG_NEWSET={0x34, 0x9, 0xa, 0x6234f84c1300dfc9, 0x0, 0x0, {}, [@NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x28}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}]}], {0x14}}, 0x5c}}, 0x0) [ 3229.732909][ C0] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3229.744215][ C0] Buffer I/O error on dev loop0, logical block 0, async page read [ 3229.808071][ C0] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3229.819021][ C0] Buffer I/O error on dev loop0, logical block 0, async page read [ 3229.828637][ C0] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3229.839752][ C0] Buffer I/O error on dev loop0, logical block 0, async page read 06:01:35 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x264, 0x0) [ 3229.859128][ C0] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3229.870112][ C0] Buffer I/O error on dev loop0, logical block 0, async page read [ 3229.879802][ C0] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3229.890807][ C0] Buffer I/O error on dev loop0, logical block 0, async page read [ 3229.899971][ C0] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3229.911138][ C0] Buffer I/O error on dev loop0, logical block 0, async page read [ 3229.955391][ C0] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3229.966475][ C0] Buffer I/O error on dev loop0, logical block 0, async page read 06:01:35 executing program 4: r0 = socket(0x10, 0x2, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) write(r0, &(0x7f0000000280)="1c0000001a009b8a14e5f407fc08042400000000ff00000000000000", 0x1c) recvmmsg(r0, &(0x7f0000002ec0), 0x4000000000000bc, 0x12, &(0x7f00000001c0)={0x77359400}) [ 3230.042047][ C0] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3230.053043][ C0] Buffer I/O error on dev loop0, logical block 0, async page read [ 3230.094965][ C0] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3230.105927][ C0] Buffer I/O error on dev loop0, logical block 0, async page read 06:01:37 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) io_submit(0x0, 0x1, &(0x7f00000003c0)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000400)="04", 0x36c, 0x0, 0x0, 0x1}]) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0xec}], 0x1000000000000409, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@remote, 0x15b}) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/57, 0x39}], 0x3, 0x0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) 06:01:37 executing program 5: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000c40)={0x0, 0x0, &(0x7f0000000c00)={&(0x7f0000000300)={{0x14}, [@NFT_MSG_NEWSET={0x30, 0x9, 0xa, 0x6234f84c1300dfc9, 0x0, 0x0, {}, [@NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x28}, @NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}]}], {0x14}}, 0x58}}, 0x0) 06:01:37 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x265, 0x0) 06:01:37 executing program 1: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='mountinfo\x00') read(r0, &(0x7f0000000380)=""/233, 0xffbe) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='debugfs\x00', 0x0, &(0x7f0000000380)) 06:01:37 executing program 3: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = accept$alg(0xffffffffffffffff, 0x0, 0x0) dup(r0) recvmsg$can_raw(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r2 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000040), 0x0) r3 = accept$alg(r2, 0x0, 0x0) r4 = dup(r3) recvmsg$can_raw(r4, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r4, 0xae47, 0x0) r5 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r5, 0xae60) ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r7, 0xae60) ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0) r8 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r8, 0x117, 0x1, &(0x7f0000000040), 0x0) 06:01:37 executing program 4: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='mountinfo\x00') read(r0, &(0x7f0000000380)=""/233, 0xffbe) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='debugfs\x00', 0x0, &(0x7f0000000380)) 06:01:38 executing program 5: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000c40)={0x0, 0x0, &(0x7f0000000c00)={&(0x7f0000000300)={{0x14}, [@NFT_MSG_NEWSET={0x30, 0x9, 0xa, 0x6234f84c1300dfc9, 0x0, 0x0, {}, [@NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x28}, @NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}]}], {0x14}}, 0x58}}, 0x0) 06:01:38 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) writev(r1, &(0x7f0000000300)=[{&(0x7f0000000080)='?', 0x1}], 0x1) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r1, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f0000000000)) 06:01:38 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x266, 0x0) 06:01:38 executing program 1: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='mountinfo\x00') read(r0, &(0x7f0000000380)=""/233, 0xffbe) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='debugfs\x00', 0x0, &(0x7f0000000380)) 06:01:38 executing program 5: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000c40)={0x0, 0x0, &(0x7f0000000c00)={&(0x7f0000000300)={{0x14}, [@NFT_MSG_NEWSET={0x30, 0x9, 0xa, 0x6234f84c1300dfc9, 0x0, 0x0, {}, [@NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x28}, @NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}]}], {0x14}}, 0x58}}, 0x0) 06:01:38 executing program 4: openat$bsg(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$VIDIOC_G_TUNER(0xffffffffffffffff, 0xc054561d, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) getsockopt$sock_timeval(r0, 0x1, 0x15, &(0x7f0000000380), &(0x7f00000003c0)=0x19) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) sendmsg$NFQNL_MSG_CONFIG(0xffffffffffffffff, 0x0, 0x0) 06:01:41 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) io_submit(0x0, 0x1, &(0x7f00000003c0)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000400)="04", 0x36c, 0x0, 0x0, 0x1}]) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0xec}], 0x1000000000000409, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@remote, 0x15b}) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/57, 0x39}], 0x3, 0x0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) 06:01:41 executing program 1: syz_open_procfs(0xffffffffffffffff, &(0x7f0000000340)='maps\x00') socket$inet6_udplite(0xa, 0x2, 0x88) socket$inet6(0xa, 0x2, 0x0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_GET_NODE_INFO_FOR_REF(r1, 0xc018620c, &(0x7f0000000080)) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000001c0)=""/57, 0x39}], 0x3, 0x0, 0x0, 0x0) 06:01:41 executing program 3: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = accept$alg(0xffffffffffffffff, 0x0, 0x0) r1 = dup(r0) recvmsg$can_raw(r1, 0x0, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r3 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000040), 0x0) r4 = accept$alg(r3, 0x0, 0x0) r5 = dup(r4) recvmsg$can_raw(r5, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r5, 0xae47, 0x0) r6 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60) ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r8, 0xae60) ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0) r9 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r9, 0x117, 0x1, &(0x7f0000000040), 0x0) 06:01:41 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x267, 0x0) 06:01:41 executing program 5: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000c40)={0x0, 0x0, &(0x7f0000000c00)={&(0x7f0000000300)={{0x14}, [@NFT_MSG_NEWSET={0x34, 0x9, 0xa, 0x6234f84c1300dfc9, 0x0, 0x0, {}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}]}], {0x14}}, 0x5c}}, 0x0) 06:01:41 executing program 4: r0 = socket(0x1, 0x803, 0x0) poll(&(0x7f00000000c0)=[{r0, 0x228}], 0x1, 0x0) [ 3235.989474][ C0] print_req_error: 112 callbacks suppressed [ 3235.989492][ C0] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3236.006490][ C0] buffer_io_error: 112 callbacks suppressed [ 3236.006501][ C0] Buffer I/O error on dev loop0, logical block 0, async page read 06:01:41 executing program 5: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000c40)={0x0, 0x0, &(0x7f0000000c00)={&(0x7f0000000300)={{0x14}, [@NFT_MSG_NEWSET={0x34, 0x9, 0xa, 0x6234f84c1300dfc9, 0x0, 0x0, {}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}]}], {0x14}}, 0x5c}}, 0x0) 06:01:41 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x268, 0x0) 06:01:41 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) writev(r1, &(0x7f0000000140)=[{&(0x7f0000000100)="019c", 0x2}], 0x1) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r1, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f0000000000)) [ 3236.132308][ C0] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3236.143243][ C0] Buffer I/O error on dev loop0, logical block 0, async page read [ 3236.170929][ C0] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 06:01:41 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000c40)={0x0, 0x0, &(0x7f0000000c00)={&(0x7f0000000180)={{0x14}, [@NFT_MSG_NEWSET={0x58, 0x9, 0xa, 0x6234f84c1300dfc9, 0x0, 0x0, {}, [@NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x28}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_KEY_TYPE={0x8, 0x3, 0x1, 0x0, 0xf}, @NFTA_SET_DATA_TYPE={0x8, 0x6, 0x1, 0x0, 0xffffff00}, @NFTA_SET_POLICY={0x8}, @NFTA_SET_DESC={0x4}]}], {0x14}}, 0x80}}, 0x0) [ 3236.182205][ C0] Buffer I/O error on dev loop0, logical block 0, async page read [ 3236.211131][ C0] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3236.222142][ C0] Buffer I/O error on dev loop0, logical block 0, async page read [ 3236.234123][ C0] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3236.245393][ C0] Buffer I/O error on dev loop0, logical block 0, async page read [ 3236.262229][ C0] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3236.273375][ C0] Buffer I/O error on dev loop0, logical block 0, async page read [ 3236.312756][T19133] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3236.353774][ C0] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3236.364787][ C0] Buffer I/O error on dev loop0, logical block 0, async page read [ 3236.388804][T19133] CPU: 0 PID: 19133 Comm: syz-executor.3 Not tainted 5.6.0-rc1-syzkaller #0 [ 3236.397560][T19133] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3236.407620][T19133] Call Trace: [ 3236.410937][T19133] dump_stack+0x11d/0x181 [ 3236.415295][T19133] dump_header+0xaa/0x39c [ 3236.419657][T19133] oom_kill_process.cold+0x10/0x15 [ 3236.424811][T19133] out_of_memory+0x231/0xa60 [ 3236.429477][T19133] ? __rcu_read_unlock+0x66/0x2f0 [ 3236.434570][T19133] mem_cgroup_out_of_memory+0x128/0x150 [ 3236.440256][T19133] try_charge+0xb6c/0xbf0 [ 3236.444676][T19133] mem_cgroup_try_charge+0xd2/0x260 [ 3236.449916][T19133] mem_cgroup_try_charge_delay+0x3a/0x80 [ 3236.455732][T19133] wp_page_copy+0x322/0xf20 [ 3236.460435][T19133] ? __read_once_size+0x41/0xe0 [ 3236.465387][T19133] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 3236.471667][T19133] do_wp_page+0x192/0xd20 [ 3236.476083][T19133] __handle_mm_fault+0x1d16/0x2e00 [ 3236.481551][T19133] handle_mm_fault+0x21b/0x530 [ 3236.486471][T19133] do_page_fault+0x496/0xa3d [ 3236.491123][T19133] page_fault+0x34/0x40 [ 3236.495282][T19133] RIP: 0033:0x40ec18 [ 3236.499193][T19133] Code: 00 00 49 8d be 88 00 00 00 48 89 ea 48 89 de 0f 85 dd 00 00 00 e8 c8 2c 00 00 8b 05 f2 93 33 00 48 8b 15 63 3a 87 00 83 c0 01 <89> 05 e2 93 33 00 89 02 48 83 c4 08 5b 5d 41 5c 41 5d 41 5e 41 5f [ 3236.518808][T19133] RSP: 002b:00007ffc79c5d8e0 EFLAGS: 00010202 [ 3236.524884][T19133] RAX: 0000000000000002 RBX: 0000001b32e201c8 RCX: 0000001b33e20000 [ 3236.532863][T19133] RDX: 0000001b32e20000 RSI: 0000000000001ab3 RDI: fffffffffd0b1ab3 [ 3236.540977][T19133] RBP: 0000001b32e201cc R08: 00000000fd0b1ab3 R09: 00000000fd0b1ab7 06:01:41 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x269, 0x0) [ 3236.548955][T19133] R10: 00007ffc79c5da20 R11: 0000000000000246 R12: 0000001b32e201d0 [ 3236.556934][T19133] R13: 000000000031614e R14: 000000000076bfc0 R15: 000000000076bfcc [ 3236.567723][ C0] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3236.578867][ C0] Buffer I/O error on dev loop0, logical block 0, async page read 06:01:41 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) writev(r2, &(0x7f0000000300)=[{&(0x7f0000000080)="3fbe", 0x2}], 0x1) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r1, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f0000000000)=ANY=[]) [ 3236.605984][ C0] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3236.617502][ C0] Buffer I/O error on dev loop0, logical block 0, async page read [ 3236.628421][ C0] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3236.639556][ C0] Buffer I/O error on dev loop0, logical block 0, async page read [ 3236.949069][T19133] memory: usage 307200kB, limit 307200kB, failcnt 1037 [ 3236.970722][T19133] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3236.981253][T19133] Memory cgroup stats for /syz3: [ 3236.981460][T19133] anon 277209088 [ 3236.981460][T19133] file 24576 [ 3236.981460][T19133] kernel_stack 3170304 [ 3236.981460][T19133] slab 9154560 [ 3236.981460][T19133] sock 0 [ 3236.981460][T19133] shmem 106496 [ 3236.981460][T19133] file_mapped 0 [ 3236.981460][T19133] file_dirty 0 [ 3236.981460][T19133] file_writeback 0 [ 3236.981460][T19133] anon_thp 255852544 [ 3236.981460][T19133] inactive_anon 135168 [ 3236.981460][T19133] active_anon 277131264 [ 3236.981460][T19133] inactive_file 0 [ 3236.981460][T19133] active_file 0 [ 3236.981460][T19133] unevictable 0 [ 3236.981460][T19133] slab_reclaimable 1486848 [ 3236.981460][T19133] slab_unreclaimable 7667712 [ 3236.981460][T19133] pgfault 230340 [ 3236.981460][T19133] pgmajfault 0 [ 3236.981460][T19133] workingset_refault 165 [ 3236.981460][T19133] workingset_activate 66 [ 3236.981460][T19133] workingset_nodereclaim 0 [ 3236.981460][T19133] pgrefill 730 [ 3236.981460][T19133] pgscan 776 [ 3236.981460][T19133] pgsteal 378 [ 3237.210896][T19133] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=13761,uid=0 [ 3237.251016][T19133] Memory cgroup out of memory: Killed process 13761 (syz-executor.3) total-vm:74704kB, anon-rss:2212kB, file-rss:35832kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000 06:01:44 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) io_submit(0x0, 0x1, &(0x7f00000003c0)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000400)="04", 0x36c, 0x0, 0x0, 0x1}]) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0xec}], 0x1000000000000409, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@remote, 0x15b}) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/57, 0x39}], 0x3, 0x0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) 06:01:44 executing program 1: r0 = socket$inet(0xa, 0x801, 0x84) connect$inet(r0, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) listen(r0, 0x83) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmsg$key(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x36}}, 0x0) 06:01:44 executing program 5: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000c40)={0x0, 0x0, &(0x7f0000000c00)={&(0x7f0000000300)={{0x14}, [@NFT_MSG_NEWSET={0x34, 0x9, 0xa, 0x6234f84c1300dfc9, 0x0, 0x0, {}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}]}], {0x14}}, 0x5c}}, 0x0) 06:01:44 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x26a, 0x0) 06:01:44 executing program 4: r0 = syz_open_dev$usbfs(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x4000000000000071, 0x28081) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$USBDEVFS_CONTROL(r0, 0xc0185500, &(0x7f0000000000)={0x23, 0x3, 0x2, 0x0, 0x0, 0x0, 0x0}) 06:01:44 executing program 3: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = accept$alg(0xffffffffffffffff, 0x0, 0x0) r1 = dup(r0) recvmsg$can_raw(r1, 0x0, 0x0) r2 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r3 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000040), 0x0) r4 = accept$alg(r3, 0x0, 0x0) r5 = dup(r4) recvmsg$can_raw(r5, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r5, 0xae47, 0x0) r6 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60) ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r8, 0xae60) ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0) r9 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r9, 0x117, 0x1, &(0x7f0000000040), 0x0) 06:01:44 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) io_submit(0x0, 0x1, &(0x7f00000003c0)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000400)="04", 0x36c, 0x0, 0x0, 0x1}]) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0xec}], 0x1000000000000409, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@remote, 0x15b}) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) 06:01:44 executing program 4: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000340)={0x400000100002f}) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000140)={{}, 'syz1\x00', 0x4b}) ioctl$UI_DEV_CREATE(r0, 0x5501) 06:01:44 executing program 5: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000c40)={0x0, 0x0, &(0x7f0000000c00)={&(0x7f0000000300)={{0x14}, [@NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x6234f84c1300dfc9, 0x0, 0x0, {}, [@NFTA_SET_KEY_LEN={0x8}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}]}], {0x14}}, 0x64}}, 0x0) 06:01:44 executing program 1: r0 = socket$inet(0xa, 0x801, 0x84) connect$inet(r0, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) listen(r0, 0x83) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmsg$key(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x36}}, 0x0) 06:01:44 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x26b, 0x0) 06:01:44 executing program 4: syz_genetlink_get_family_id$tipc2(0x0) io_setup(0x9fd, &(0x7f0000000300)) io_getevents(0x0, 0x0, 0x0, 0x0, 0x0) 06:01:44 executing program 5: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000c40)={0x0, 0x0, &(0x7f0000000c00)={&(0x7f0000000300)={{0x14}, [@NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x6234f84c1300dfc9, 0x0, 0x0, {}, [@NFTA_SET_KEY_LEN={0x8}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}]}], {0x14}}, 0x64}}, 0x0) [ 3239.592593][T19216] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3239.667832][T19216] CPU: 1 PID: 19216 Comm: syz-executor.3 Not tainted 5.6.0-rc1-syzkaller #0 [ 3239.676678][T19216] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3239.686889][T19216] Call Trace: [ 3239.690195][T19216] dump_stack+0x11d/0x181 [ 3239.694549][T19216] dump_header+0xaa/0x39c [ 3239.699211][T19216] oom_kill_process.cold+0x10/0x15 [ 3239.704350][T19216] out_of_memory+0x231/0xa60 [ 3239.708992][T19216] ? __rcu_read_unlock+0x66/0x2f0 06:01:45 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x26c, 0x0) [ 3239.714166][T19216] mem_cgroup_out_of_memory+0x128/0x150 [ 3239.719854][T19216] try_charge+0xb6c/0xbf0 [ 3239.724228][T19216] mem_cgroup_try_charge+0xd2/0x260 [ 3239.729532][T19216] mem_cgroup_try_charge_delay+0x3a/0x80 [ 3239.735356][T19216] wp_page_copy+0x322/0xf20 [ 3239.739916][T19216] ? __read_once_size+0x41/0xe0 [ 3239.744861][T19216] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 3239.750798][T19216] do_wp_page+0x192/0xd20 [ 3239.755168][T19216] __handle_mm_fault+0x1d16/0x2e00 [ 3239.760526][T19216] handle_mm_fault+0x21b/0x530 [ 3239.765606][T19216] do_page_fault+0x496/0xa3d [ 3239.770230][T19216] page_fault+0x34/0x40 [ 3239.774392][T19216] RIP: 0033:0x4006c4 [ 3239.778385][T19216] Code: 01 e9 c9 00 00 00 48 8b 44 24 10 48 0b 44 24 28 be 08 00 00 00 48 8b 14 24 75 17 48 8b 7c 24 20 e8 51 55 00 00 48 8b 4c 24 08 <48> 89 01 e9 9d 00 00 00 48 8b 44 24 08 48 8b 38 e8 37 55 00 00 8a [ 3239.798000][T19216] RSP: 002b:00007ffc79c5d910 EFLAGS: 00010202 [ 3239.804247][T19216] RAX: 0000000000000000 RBX: 000000000076c920 RCX: 0000000020000200 06:01:45 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$dsp1(0xffffffffffffff9c, 0x0, 0x0, 0x0) write$rfkill(0xffffffffffffffff, 0x0, 0x0) sendmsg$NFT_MSG_GETRULE(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB="050000001e00ab7bf2ff14000010291101"], 0x1}}, 0x0) r0 = socket$inet6(0x10, 0x3, 0x10) sendto$inet6(r0, &(0x7f0000000000)='E', 0x10a73, 0x800, 0x0, 0x4b6ae4f95a5de35b) gettid() [ 3239.812413][T19216] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000000 [ 3239.820390][T19216] RBP: 00000000007704f0 R08: 0000000000000000 R09: 0000000000000000 [ 3239.828474][T19216] R10: 00007ffc79c5da20 R11: 0000000000000246 R12: 000000000076bfc0 [ 3239.836455][T19216] R13: 00000000007704f8 R14: 0000000000316e98 R15: 000000000076bfcc 06:01:45 executing program 5: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000c40)={0x0, 0x0, &(0x7f0000000c00)={&(0x7f0000000300)={{0x14}, [@NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x6234f84c1300dfc9, 0x0, 0x0, {}, [@NFTA_SET_KEY_LEN={0x8}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}]}], {0x14}}, 0x64}}, 0x0) 06:01:45 executing program 4: syz_genetlink_get_family_id$tipc2(0x0) io_setup(0x9fd, &(0x7f0000000300)) io_getevents(0x0, 0x0, 0x0, 0x0, 0x0) [ 3240.032256][T19270] netlink: 49 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3240.103397][T19273] netlink: 49 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3240.123957][T19216] memory: usage 307200kB, limit 307200kB, failcnt 1108 [ 3240.155683][T19216] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3240.219690][T19216] Memory cgroup stats for /syz3: [ 3240.219936][T19216] anon 277131264 [ 3240.219936][T19216] file 24576 [ 3240.219936][T19216] kernel_stack 3170304 [ 3240.219936][T19216] slab 9154560 [ 3240.219936][T19216] sock 0 [ 3240.219936][T19216] shmem 106496 [ 3240.219936][T19216] file_mapped 0 [ 3240.219936][T19216] file_dirty 0 [ 3240.219936][T19216] file_writeback 0 [ 3240.219936][T19216] anon_thp 255852544 [ 3240.219936][T19216] inactive_anon 135168 [ 3240.219936][T19216] active_anon 277188608 [ 3240.219936][T19216] inactive_file 0 [ 3240.219936][T19216] active_file 0 [ 3240.219936][T19216] unevictable 0 [ 3240.219936][T19216] slab_reclaimable 1486848 [ 3240.219936][T19216] slab_unreclaimable 7667712 [ 3240.219936][T19216] pgfault 230472 [ 3240.219936][T19216] pgmajfault 0 [ 3240.219936][T19216] workingset_refault 165 [ 3240.219936][T19216] workingset_activate 66 [ 3240.219936][T19216] workingset_nodereclaim 0 [ 3240.219936][T19216] pgrefill 730 [ 3240.219936][T19216] pgscan 776 [ 3240.219936][T19216] pgsteal 378 [ 3240.470903][T19216] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=10393,uid=0 [ 3240.500965][T19216] Memory cgroup out of memory: Killed process 10393 (syz-executor.3) total-vm:74968kB, anon-rss:2228kB, file-rss:35816kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000 [ 3240.563654][T19232] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3240.580915][T19232] CPU: 0 PID: 19232 Comm: syz-executor.3 Not tainted 5.6.0-rc1-syzkaller #0 [ 3240.589642][T19232] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3240.602101][T19232] Call Trace: [ 3240.605430][T19232] dump_stack+0x11d/0x181 [ 3240.609859][T19232] dump_header+0xaa/0x39c [ 3240.614235][T19232] oom_kill_process.cold+0x10/0x15 [ 3240.619369][T19232] out_of_memory+0x231/0xa60 [ 3240.624061][T19232] mem_cgroup_out_of_memory+0x128/0x150 [ 3240.629647][T19232] try_charge+0x800/0xbf0 [ 3240.634068][T19232] mem_cgroup_try_charge+0xd2/0x260 [ 3240.639304][T19232] mem_cgroup_try_charge_delay+0x3a/0x80 [ 3240.645088][T19232] wp_page_copy+0x322/0xf20 [ 3240.649671][T19232] ? __read_once_size+0x41/0xe0 [ 3240.654550][T19232] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 3240.660492][T19232] do_wp_page+0x192/0xd20 [ 3240.664948][T19232] __handle_mm_fault+0x1d16/0x2e00 [ 3240.670138][T19232] handle_mm_fault+0x21b/0x530 [ 3240.674944][T19232] do_page_fault+0x496/0xa3d [ 3240.679685][T19232] page_fault+0x34/0x40 [ 3240.683851][T19232] RIP: 0033:0x403f80 [ 3240.687820][T19232] Code: 80 3d fb e6 87 00 00 c6 85 84 00 00 00 00 74 0f 8b 05 e8 e6 87 00 39 45 24 0f 84 46 02 00 00 44 8b a5 80 00 00 00 48 8b 5d 78 fb e6 ff ff 48 2b 05 84 40 34 00 8b 75 00 4c 89 f1 45 89 e1 49 [ 3240.707590][T19232] RSP: 002b:00007f331e30dc90 EFLAGS: 00010246 [ 3240.713722][T19232] RAX: 00007f332030f000 RBX: 0000000000005dc9 RCX: 0000000000000000 [ 3240.721833][T19232] RDX: 000000000003ffff RSI: 0000000000403ecc RDI: 0000000000000000 [ 3240.729914][T19232] RBP: 000000000076bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 3240.737913][T19232] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3240.745897][T19232] R13: 0000000000000074 R14: 00000000004c2ce6 R15: 000000000076bf2c [ 3240.984814][T19232] memory: usage 304992kB, limit 307200kB, failcnt 1108 [ 3241.010905][T19232] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3241.017882][T19232] Memory cgroup stats for /syz3: [ 3241.018083][T19232] anon 274935808 [ 3241.018083][T19232] file 24576 [ 3241.018083][T19232] kernel_stack 3170304 [ 3241.018083][T19232] slab 9154560 [ 3241.018083][T19232] sock 0 [ 3241.018083][T19232] shmem 106496 [ 3241.018083][T19232] file_mapped 0 [ 3241.018083][T19232] file_dirty 0 [ 3241.018083][T19232] file_writeback 0 [ 3241.018083][T19232] anon_thp 253755392 [ 3241.018083][T19232] inactive_anon 135168 [ 3241.018083][T19232] active_anon 274993152 [ 3241.018083][T19232] inactive_file 0 [ 3241.018083][T19232] active_file 0 [ 3241.018083][T19232] unevictable 0 [ 3241.018083][T19232] slab_reclaimable 1486848 [ 3241.018083][T19232] slab_unreclaimable 7667712 [ 3241.018083][T19232] pgfault 230472 [ 3241.018083][T19232] pgmajfault 0 [ 3241.018083][T19232] workingset_refault 165 [ 3241.018083][T19232] workingset_activate 66 [ 3241.018083][T19232] workingset_nodereclaim 0 [ 3241.018083][T19232] pgrefill 730 [ 3241.018083][T19232] pgscan 776 [ 3241.018083][T19232] pgsteal 378 [ 3241.243087][T19232] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=30381,uid=0 [ 3241.289287][T19232] Memory cgroup out of memory: Killed process 30381 (syz-executor.3) total-vm:74836kB, anon-rss:2220kB, file-rss:35820kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000 [ 3241.356801][T19258] syz-executor.3 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 3241.377951][T19258] CPU: 0 PID: 19258 Comm: syz-executor.3 Not tainted 5.6.0-rc1-syzkaller #0 [ 3241.386658][T19258] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3241.396716][T19258] Call Trace: [ 3241.400032][T19258] dump_stack+0x11d/0x181 [ 3241.404513][T19258] dump_header+0xaa/0x39c [ 3241.408880][T19258] oom_kill_process.cold+0x10/0x15 [ 3241.414090][T19258] out_of_memory+0x231/0xa60 [ 3241.418715][T19258] mem_cgroup_out_of_memory+0x128/0x150 [ 3241.424474][T19258] try_charge+0x800/0xbf0 [ 3241.429047][T19258] __memcg_kmem_charge_memcg+0x4a/0xe0 [ 3241.434529][T19258] __memcg_kmem_charge+0xcf/0x1b0 [ 3241.439588][T19258] __alloc_pages_nodemask+0x26c/0x310 [ 3241.445028][T19258] alloc_pages_current+0xd1/0x170 [ 3241.450083][T19258] pte_alloc_one+0x18/0x50 [ 3241.454611][T19258] __handle_mm_fault+0x2be6/0x2e00 [ 3241.459780][T19258] handle_mm_fault+0x21b/0x530 [ 3241.464745][T19258] do_page_fault+0x496/0xa3d [ 3241.469391][T19258] page_fault+0x34/0x40 [ 3241.473582][T19258] RIP: 0033:0x45c449 [ 3241.478796][T19258] Code: Bad RIP value. [ 3241.482933][T19258] RSP: 002b:00007f331e30dc78 EFLAGS: 00010246 [ 3241.489012][T19258] RAX: 0000000000000000 RBX: 00007f331e30e6d4 RCX: 000000000045c449 [ 3241.497076][T19258] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 3241.505140][T19258] RBP: 000000000076bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 3241.513125][T19258] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 3241.521190][T19258] R13: 0000000000000074 R14: 00000000004c2ce6 R15: 000000000076bf2c [ 3241.570929][T19258] memory: usage 302656kB, limit 307200kB, failcnt 1108 [ 3241.605881][T19258] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3241.641305][T19258] Memory cgroup stats for /syz3: [ 3241.641446][T19258] anon 272699392 [ 3241.641446][T19258] file 24576 [ 3241.641446][T19258] kernel_stack 3170304 [ 3241.641446][T19258] slab 9154560 [ 3241.641446][T19258] sock 0 [ 3241.641446][T19258] shmem 106496 [ 3241.641446][T19258] file_mapped 0 [ 3241.641446][T19258] file_dirty 0 [ 3241.641446][T19258] file_writeback 0 [ 3241.641446][T19258] anon_thp 251658240 [ 3241.641446][T19258] inactive_anon 135168 [ 3241.641446][T19258] active_anon 272756736 [ 3241.641446][T19258] inactive_file 0 [ 3241.641446][T19258] active_file 0 [ 3241.641446][T19258] unevictable 0 [ 3241.641446][T19258] slab_reclaimable 1486848 [ 3241.641446][T19258] slab_unreclaimable 7667712 [ 3241.641446][T19258] pgfault 230472 [ 3241.641446][T19258] pgmajfault 0 [ 3241.641446][T19258] workingset_refault 165 [ 3241.641446][T19258] workingset_activate 66 [ 3241.641446][T19258] workingset_nodereclaim 0 [ 3241.641446][T19258] pgrefill 730 [ 3241.641446][T19258] pgscan 776 [ 3241.641446][T19258] pgsteal 378 06:01:47 executing program 3: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = accept$alg(0xffffffffffffffff, 0x0, 0x0) r1 = dup(r0) recvmsg$can_raw(r1, 0x0, 0x0) r2 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r3 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000040), 0x0) r4 = accept$alg(r3, 0x0, 0x0) r5 = dup(r4) recvmsg$can_raw(r5, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r5, 0xae47, 0x0) r6 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60) ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r8, 0xae60) ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0) r9 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r9, 0x117, 0x1, &(0x7f0000000040), 0x0) [ 3241.870182][T19258] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=16300,uid=0 [ 3241.898404][T19258] Memory cgroup out of memory: Killed process 16300 (syz-executor.3) total-vm:74704kB, anon-rss:2212kB, file-rss:35828kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000 [ 3241.923402][ T1078] oom_reaper: reaped process 16300 (syz-executor.3), now anon-rss:0kB, file-rss:34868kB, shmem-rss:0kB 06:01:47 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) io_submit(0x0, 0x1, &(0x7f00000003c0)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000400)="04", 0x36c, 0x0, 0x0, 0x1}]) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0xec}], 0x1000000000000409, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@remote, 0x15b}) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) 06:01:47 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x26d, 0x0) 06:01:47 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$dsp1(0xffffffffffffff9c, 0x0, 0x0, 0x0) write$rfkill(0xffffffffffffffff, 0x0, 0x0) sendmsg$NFT_MSG_GETRULE(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB="050000001e00ab7bf2ff14000010291101"], 0x1}}, 0x0) r0 = socket$inet6(0x10, 0x3, 0x10) sendto$inet6(r0, &(0x7f0000000000)='E', 0x10a73, 0x800, 0x0, 0x4b6ae4f95a5de35b) gettid() 06:01:47 executing program 5: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xe6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) memfd_create(0x0, 0x0) socket$inet6(0xa, 0x2, 0x0) io_setup(0x200, &(0x7f00000000c0)=0x0) io_pgetevents(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 06:01:47 executing program 4: syz_open_dev$sg(&(0x7f00000002c0)='/dev/sg#\x00', 0x0, 0x0) syz_open_dev$sg(0x0, 0x0, 0x81) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) r0 = getpid() r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) tkill(r0, 0x1004000000016) 06:01:47 executing program 3: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = accept$alg(0xffffffffffffffff, 0x0, 0x0) r1 = dup(r0) recvmsg$can_raw(r1, 0x0, 0x0) r2 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r3 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000040), 0x0) r4 = accept$alg(r3, 0x0, 0x0) r5 = dup(r4) recvmsg$can_raw(r5, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r5, 0xae47, 0x0) r6 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60) ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r8, 0xae60) ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0) r9 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r9, 0x117, 0x1, &(0x7f0000000040), 0x0) [ 3242.533688][T19333] netlink: 49 bytes leftover after parsing attributes in process `syz-executor.1'. 06:01:47 executing program 4: r0 = syz_open_dev$loop(&(0x7f0000000500)='/dev/loop#\x00', 0x0, 0x100082) memfd_create(0x0, 0x0) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, 0xffffffffffffffff) ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x4c09, 0x1000) [ 3242.619183][ C1] print_req_error: 173 callbacks suppressed [ 3242.619201][ C1] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3242.636042][ C1] buffer_io_error: 173 callbacks suppressed [ 3242.636054][ C1] Buffer I/O error on dev loop0, logical block 0, async page read 06:01:47 executing program 1: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000340)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000040)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1}) ioctl$UFFDIO_REGISTER(r0, 0xc028aa03, &(0x7f00000a0fe0)={{&(0x7f00005e3000/0x800000)=nil, 0x730000}, 0x200000}) ioctl$VIDIOC_SUBDEV_DV_TIMINGS_CAP(0xffffffffffffffff, 0xc0905664, 0x0) getsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) 06:01:48 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x26e, 0x0) [ 3242.728400][ C1] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3242.739433][ C1] Buffer I/O error on dev loop0, logical block 0, async page read [ 3242.780927][ C1] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3242.792180][ C1] Buffer I/O error on dev loop0, logical block 0, async page read [ 3242.820934][ C1] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3242.831978][ C1] Buffer I/O error on dev loop0, logical block 0, async page read [ 3242.870948][ C1] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3242.882108][ C1] Buffer I/O error on dev loop0, logical block 0, async page read [ 3242.900921][ C1] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3242.911846][ C1] Buffer I/O error on dev loop0, logical block 0, async page read [ 3242.920070][ C0] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3242.930998][ C0] Buffer I/O error on dev loop0, logical block 0, async page read [ 3242.979552][T19353] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 3243.023098][ C0] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3243.033763][T19353] CPU: 1 PID: 19353 Comm: syz-executor.1 Not tainted 5.6.0-rc1-syzkaller #0 [ 3243.034058][ C0] Buffer I/O error on dev loop0, logical block 0, async page read [ 3243.042692][T19353] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3243.042698][T19353] Call Trace: [ 3243.042734][T19353] dump_stack+0x11d/0x181 [ 3243.042789][T19353] dump_header+0xaa/0x39c [ 3243.042817][T19353] oom_kill_process.cold+0x10/0x15 [ 3243.077861][T19353] out_of_memory+0x231/0xa60 [ 3243.082477][T19353] ? __rcu_read_unlock+0x66/0x2f0 [ 3243.087581][T19353] mem_cgroup_out_of_memory+0x128/0x150 [ 3243.093283][T19353] try_charge+0xb6c/0xbf0 [ 3243.097642][T19353] ? stack_segment+0x20/0x30 [ 3243.102342][T19353] mem_cgroup_try_charge+0xd2/0x260 [ 3243.108433][T19353] mcopy_atomic+0x558/0x1a10 [ 3243.113082][T19353] userfaultfd_ioctl+0x7ce/0x2560 [ 3243.118169][T19353] ? do_vfs_ioctl+0x3c0/0xd00 [ 3243.121939][ C0] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3243.122974][T19353] ? userfaultfd_read+0x1c0/0x1c0 [ 3243.123001][T19353] ksys_ioctl+0x109/0x150 [ 3243.133909][ C0] Buffer I/O error on dev loop0, logical block 0, async page read [ 3243.138909][T19353] ? ksys_ioctl+0x109/0x150 [ 3243.154928][ C0] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3243.155640][T19353] __x64_sys_ioctl+0x4c/0x60 06:01:48 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x26f, 0x0) [ 3243.155745][T19353] do_syscall_64+0xcc/0x3a0 [ 3243.166578][ C0] Buffer I/O error on dev loop0, logical block 0, async page read [ 3243.171135][T19353] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 3243.171157][T19353] RIP: 0033:0x45c449 [ 3243.193416][T19353] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3243.213134][T19353] RSP: 002b:00007f86ddabac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 06:01:48 executing program 4: r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000000)='/dev/rfkill\x00', 0x0, 0x0) ioctl$RFKILL_IOCTL_NOINPUT(r0, 0x5201) [ 3243.221676][T19353] RAX: ffffffffffffffda RBX: 00007f86ddabb6d4 RCX: 000000000045c449 [ 3243.229672][T19353] RDX: 00000000200a0fe0 RSI: 00000000c028aa03 RDI: 0000000000000003 [ 3243.237651][T19353] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 3243.245807][T19353] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 3243.253788][T19353] R13: 00000000000005b4 R14: 00000000004c8106 R15: 000000000076bf2c 06:01:48 executing program 3: set_mempolicy(0x1, &(0x7f0000000300)=0x762, 0x9) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = accept$alg(0xffffffffffffffff, 0x0, 0x0) r1 = dup(r0) recvmsg$can_raw(r1, 0x0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r2 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000040), 0x0) r3 = accept$alg(r2, 0x0, 0x0) r4 = dup(r3) recvmsg$can_raw(r4, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_TSS_ADDR(r4, 0xae47, 0x0) r5 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r5, 0xae60) ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r7, 0xae60) ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0) r8 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r8, 0x117, 0x1, &(0x7f0000000040), 0x0) [ 3243.496651][T14386] ================================================================== [ 3243.504915][T14386] BUG: KCSAN: data-race in __fsnotify_recalc_mask / fsnotify [ 3243.512292][T14386] [ 3243.514633][T14386] write to 0xffff88812b3e318c of 4 bytes by task 12507 on cpu 0: [ 3243.522371][T14386] __fsnotify_recalc_mask+0x152/0x1b0 [ 3243.527872][T14386] fsnotify_recalc_mask.part.0+0x28/0x90 [ 3243.533607][T14386] fsnotify_add_mark_locked+0x791/0xa20 [ 3243.539697][T14386] inotify_update_watch+0x343/0x3c0 [ 3243.544912][T14386] __x64_sys_inotify_add_watch+0x1f8/0x250 [ 3243.550753][T14386] do_syscall_64+0xcc/0x3a0 [ 3243.555271][T14386] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 3243.561164][T14386] [ 3243.563499][T14386] read to 0xffff88812b3e318c of 4 bytes by task 14386 on cpu 1: [ 3243.571712][T14386] fsnotify+0x17f/0x7d0 [ 3243.575880][T14386] security_file_open+0x188/0x210 [ 3243.580930][T14386] do_dentry_open+0x211/0x970 [ 3243.585612][T14386] vfs_open+0x62/0x80 [ 3243.589611][T14386] path_openat+0xe32/0x3150 [ 3243.594121][T14386] do_filp_open+0x11e/0x1b0 [ 3243.598651][T14386] do_sys_openat2+0x4f5/0x620 [ 3243.603334][T14386] do_sys_open+0xa3/0x110 [ 3243.607791][T14386] __x64_sys_open+0x55/0x70 [ 3243.612339][T14386] do_syscall_64+0xcc/0x3a0 [ 3243.616875][T14386] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 3243.622850][T14386] [ 3243.625172][T14386] Reported by Kernel Concurrency Sanitizer on: [ 3243.631334][T14386] CPU: 1 PID: 14386 Comm: syz-executor.3 Not tainted 5.6.0-rc1-syzkaller #0 [ 3243.640032][T14386] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3243.650086][T14386] ================================================================== [ 3243.658167][T14386] Kernel panic - not syncing: panic_on_warn set ... [ 3243.664762][T14386] CPU: 1 PID: 14386 Comm: syz-executor.3 Not tainted 5.6.0-rc1-syzkaller #0 [ 3243.675515][T14386] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3243.685584][T14386] Call Trace: [ 3243.688890][T14386] dump_stack+0x11d/0x181 [ 3243.693253][T14386] panic+0x210/0x640 [ 3243.697256][T14386] ? vprintk_func+0x8d/0x140 [ 3243.701871][T14386] kcsan_report.cold+0xc/0x1a [ 3243.706578][T14386] kcsan_setup_watchpoint+0x307/0x400 [ 3243.711975][T14386] __tsan_read4+0xc6/0x100 [ 3243.716413][T14386] fsnotify+0x17f/0x7d0 [ 3243.720700][T14386] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3243.726968][T14386] ? apparmor_file_open+0xfa/0x780 [ 3243.732116][T14386] security_file_open+0x188/0x210 [ 3243.737167][T14386] do_dentry_open+0x211/0x970 [ 3243.741867][T14386] ? security_inode_permission+0xa5/0xc0 [ 3243.747530][T14386] vfs_open+0x62/0x80 [ 3243.751533][T14386] path_openat+0xe32/0x3150 [ 3243.756146][T14386] ? kick_process+0x48/0x70 [ 3243.760691][T14386] do_filp_open+0x11e/0x1b0 [ 3243.765226][T14386] ? _raw_spin_unlock+0x4b/0x60 [ 3243.770211][T14386] ? __alloc_fd+0x2ef/0x3b0 [ 3243.774877][T14386] ? get_unused_fd_flags+0x93/0xc0 [ 3243.780124][T14386] do_sys_openat2+0x4f5/0x620 [ 3243.784829][T14386] do_sys_open+0xa3/0x110 [ 3243.789184][T14386] __x64_sys_open+0x55/0x70 [ 3243.794164][T14386] do_syscall_64+0xcc/0x3a0 [ 3243.798693][T14386] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 3243.804723][T14386] RIP: 0033:0x4161e1 [ 3243.809254][T14386] Code: 75 14 b8 02 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 19 00 00 c3 48 83 ec 08 e8 0a fa ff ff 48 89 04 24 b8 02 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 3243.830576][T14386] RSP: 002b:00007f331e30da60 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 3243.842231][T14386] RAX: ffffffffffffffda RBX: 00007f331e30e6d4 RCX: 00000000004161e1 [ 3243.850267][T14386] RDX: 00007f331e30db0a RSI: 0000000000000002 RDI: 00007f331e30db00 [ 3243.858271][T14386] RBP: 000000000076bf20 R08: 0000000000000000 R09: 000000000000000a [ 3243.866353][T14386] R10: 0000000000000075 R11: 0000000000000246 R12: 00000000ffffffff [ 3243.875948][T14386] R13: 0000000000000be8 R14: 00000000004cdca6 R15: 000000000076bf2c [ 3243.885619][T14386] Kernel Offset: disabled [ 3243.889962][T14386] Rebooting in 86400 seconds..