emory+0x1d2/0x240 [ 2004.514282] ? memcg_event_wake+0x230/0x230 [ 2004.518617] ? do_raw_spin_unlock+0x181/0x270 [ 2004.523121] ? _raw_spin_unlock+0x2d/0x50 [ 2004.527285] try_charge+0xec5/0x1490 [ 2004.531007] ? lock_downgrade+0x880/0x880 [ 2004.535171] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2004.540023] ? rcu_read_unlock+0x33/0x60 [ 2004.544089] ? get_mem_cgroup_from_mm+0x185/0x510 [ 2004.548941] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 2004.555094] ? mark_held_locks+0x100/0x100 [ 2004.559358] mem_cgroup_try_charge+0x259/0x6b0 [ 2004.563968] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2004.568914] __handle_mm_fault+0x1e50/0x3f80 [ 2004.573480] ? copy_page_range+0x2030/0x2030 [ 2004.577930] ? count_memcg_event_mm+0x2b1/0x4d0 [ 2004.582621] handle_mm_fault+0x1b5/0x690 [ 2004.586708] __get_user_pages+0x609/0x1860 [ 2004.591076] ? follow_page_mask+0x1ac0/0x1ac0 [ 2004.595599] ? lock_acquire+0x16f/0x3f0 [ 2004.599588] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2004.605154] populate_vma_page_range+0x20d/0x2a0 [ 2004.609943] __mm_populate+0x204/0x380 [ 2004.613980] ? populate_vma_page_range+0x2a0/0x2a0 [ 2004.618943] __x64_sys_mlockall+0x35c/0x520 [ 2004.623301] do_syscall_64+0xfd/0x620 [ 2004.627132] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2004.632339] RIP: 0033:0x45b349 [ 2004.635554] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2004.654481] RSP: 002b:00007f86ac35dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 2004.662226] RAX: ffffffffffffffda RBX: 00007f86ac35e6d4 RCX: 000000000045b349 [ 2004.669621] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 2004.676905] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2004.684362] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2004.691652] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bf2c [ 2004.703011] Task in /syz4 killed as a result of limit of /syz4 [ 2004.730072] memory: usage 307200kB, limit 307200kB, failcnt 2029 [ 2004.740131] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2004.791529] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2004.824070] Memory cgroup stats for /syz4: cache:124KB rss:293692KB rss_huge:233472KB shmem:24KB mapped_file:132KB dirty:0KB writeback:132KB swap:0KB inactive_anon:141352KB active_anon:13160KB inactive_file:4KB active_file:8KB unevictable:139380KB 03:23:46 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) 03:23:46 executing program 5: r0 = memfd_create(&(0x7f0000000040)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x00\x01j2\xa6\xcb\xe33\xc31\x9e\xc4\x85?\xe6\xc2\x8bg\x00\x00\xe6\xff\x1a\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x05\xfe\xb3$\xb2\x1e\x00', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x201) r2 = dup2(r1, r0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32, @ANYBLOB="0002000000000000280012000900010076e287c9c97881b97675001800020014"], 0x3}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x1}, 0xc, 0x0}, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000140)={0x0, 0x0, 0x0, 'queue0\x00'}) write$sndseq(0xffffffffffffffff, &(0x7f0000000000)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @connect}], 0xfcc8) [ 2004.970507] Memory cgroup out of memory: Kill process 28420 (syz-executor.4) score 1163 or sacrifice child [ 2004.980652] Killed process 28420 (syz-executor.4) total-vm:72852kB, anon-rss:18456kB, file-rss:34816kB, shmem-rss:0kB 03:23:47 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x68, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x38, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{}, {}, 0x0, 0x0, 0x35}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}]}}]}, 0x68}}, 0x0) 03:23:47 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x70, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x40, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{0x8000000}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}, @TCA_RSVP_CLASSID={0x8, 0x1, {0x0, 0x8}}]}}]}, 0x70}}, 0x0) 03:23:47 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:23:47 executing program 5: r0 = memfd_create(&(0x7f0000000040)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x00\x01j2\xa6\xcb\xe33\xc31\x9e\xc4\x85?\xe6\xc2\x8bg\x00\x00\xe6\xff\x1a\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x05\xfe\xb3$\xb2\x1e\x00', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x201) r2 = dup2(r1, r0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32, @ANYBLOB="0002000000000000280012000900010076e287c9c97881b97675001800020014"], 0x3}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x1}, 0xc, 0x0}, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000140)={0x0, 0x0, 0x0, 'queue0\x00'}) write$sndseq(r2, 0x0, 0x0) 03:23:47 executing program 5: r0 = memfd_create(&(0x7f0000000040)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x00\x01j2\xa6\xcb\xe33\xc31\x9e\xc4\x85?\xe6\xc2\x8bg\x00\x00\xe6\xff\x1a\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x05\xfe\xb3$\xb2\x1e\x00', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x201) r2 = dup2(r1, r0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32, @ANYBLOB="0002000000000000280012000900010076e287c9c97881b97675001800020014"], 0x3}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x1}, 0xc, 0x0}, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000140)={0x0, 0x0, 0x0, 'queue0\x00'}) write$sndseq(r2, 0x0, 0x0) 03:23:48 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x68, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x38, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}]}}]}, 0x68}}, 0x0) 03:23:48 executing program 4: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, &(0x7f0000000180)={'tunl0\x00', @ifru_flags}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:23:48 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) 03:23:48 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x70, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x40, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{0x9000000}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}, @TCA_RSVP_CLASSID={0x8, 0x1, {0x0, 0x8}}]}}]}, 0x70}}, 0x0) 03:23:48 executing program 5: r0 = memfd_create(&(0x7f0000000040)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x00\x01j2\xa6\xcb\xe33\xc31\x9e\xc4\x85?\xe6\xc2\x8bg\x00\x00\xe6\xff\x1a\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x05\xfe\xb3$\xb2\x1e\x00', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x201) r2 = dup2(r1, r0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32, @ANYBLOB="0002000000000000280012000900010076e287c9c97881b97675001800020014"], 0x3}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x1}, 0xc, 0x0}, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000140)={0x0, 0x0, 0x0, 'queue0\x00'}) write$sndseq(r2, 0x0, 0x0) 03:23:48 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:23:49 executing program 5: r0 = memfd_create(&(0x7f0000000040)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x00\x01j2\xa6\xcb\xe33\xc31\x9e\xc4\x85?\xe6\xc2\x8bg\x00\x00\xe6\xff\x1a\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x05\xfe\xb3$\xb2\x1e\x00', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x201) r2 = dup2(r1, r0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32, @ANYBLOB="0002000000000000280012000900010076e287c9c97881b97675001800020014"], 0x3}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x1}, 0xc, 0x0}, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000140)={0x0, 0x0, 0x0, 'queue0\x00'}) write$sndseq(r2, &(0x7f0000000000), 0x0) [ 2008.311408] syz-executor.4 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=3, oom_score_adj=1000 [ 2008.327586] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 2008.334506] CPU: 1 PID: 28818 Comm: syz-executor.4 Not tainted 4.19.99-syzkaller #0 [ 2008.342335] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2008.351712] Call Trace: [ 2008.354323] dump_stack+0x197/0x210 [ 2008.357980] dump_header+0x15e/0xa55 [ 2008.361714] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2008.366830] ? ___ratelimit+0x60/0x595 [ 2008.370732] ? do_raw_spin_unlock+0x181/0x270 [ 2008.375249] oom_kill_process.cold+0x10/0x6ef [ 2008.379941] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2008.385490] ? task_will_free_mem+0x139/0x6e0 [ 2008.390005] out_of_memory+0x362/0x1330 [ 2008.393997] ? lock_downgrade+0x880/0x880 [ 2008.398164] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2008.403715] ? oom_killer_disable+0x280/0x280 [ 2008.408225] ? find_held_lock+0x35/0x130 [ 2008.412316] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2008.418830] ? memcg_event_wake+0x230/0x230 [ 2008.423172] ? do_raw_spin_unlock+0x181/0x270 [ 2008.427685] ? _raw_spin_unlock+0x2d/0x50 [ 2008.431851] try_charge+0xec5/0x1490 [ 2008.435591] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2008.440457] ? lock_downgrade+0x880/0x880 [ 2008.444624] ? kasan_check_read+0x11/0x20 [ 2008.448792] memcg_kmem_charge_memcg+0x83/0x170 [ 2008.453475] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2008.457986] ? __isolate_free_page+0x4c0/0x4c0 [ 2008.462582] memcg_kmem_charge+0x13b/0x370 [ 2008.466835] __alloc_pages_nodemask+0x3c3/0x750 [ 2008.471532] ? __alloc_pages_slowpath+0x2870/0x2870 [ 2008.476565] ? lockdep_hardirqs_on+0x415/0x5d0 [ 2008.481171] ? trace_hardirqs_on+0x67/0x220 [ 2008.485519] copy_process.part.0+0x3d6/0x7a60 [ 2008.490034] ? mark_held_locks+0x100/0x100 [ 2008.494289] ? __might_fault+0x12b/0x1e0 [ 2008.498382] ? __cleanup_sighand+0x70/0x70 [ 2008.502634] ? lock_downgrade+0x880/0x880 [ 2008.506817] _do_fork+0x257/0xfd0 [ 2008.510290] ? fork_idle+0x1d0/0x1d0 [ 2008.514030] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2008.518793] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2008.523556] ? do_syscall_64+0x26/0x620 [ 2008.527544] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2008.533029] ? do_syscall_64+0x26/0x620 [ 2008.537023] __x64_sys_clone+0xbf/0x150 [ 2008.541797] do_syscall_64+0xfd/0x620 [ 2008.545616] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2008.550818] RIP: 0033:0x45b349 [ 2008.554023] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2008.572945] RSP: 002b:00007f86ac35dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2008.580676] RAX: ffffffffffffffda RBX: 00007f86ac35e6d4 RCX: 000000000045b349 [ 2008.587980] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 2008.595365] RBP: 000000000075bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 2008.602679] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff 03:23:50 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:23:50 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) [ 2008.609963] R13: 0000000000000070 R14: 00000000004c1bc4 R15: 000000000075bf2c [ 2008.700827] Task in /syz4 killed as a result of limit of /syz4 [ 2008.727515] memory: usage 307200kB, limit 307200kB, failcnt 2076 [ 2008.733790] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2008.740697] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2008.746868] Memory cgroup stats for /syz4: cache:124KB rss:293776KB rss_huge:235520KB shmem:24KB mapped_file:132KB dirty:0KB writeback:132KB swap:0KB inactive_anon:143272KB active_anon:13176KB inactive_file:4KB active_file:8KB unevictable:137388KB [ 2008.769381] Memory cgroup out of memory: Kill process 28799 (syz-executor.4) score 1163 or sacrifice child [ 2008.780303] Killed process 28799 (syz-executor.4) total-vm:72852kB, anon-rss:18328kB, file-rss:34816kB, shmem-rss:0kB [ 2009.512298] oom_reaper: reaped process 28799 (syz-executor.4), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 03:23:51 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:23:51 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) 03:23:51 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x68, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x38, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{}, {}, 0x0, 0x0, 0x3, 0x2}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}]}}]}, 0x68}}, 0x0) 03:23:51 executing program 5: r0 = memfd_create(&(0x7f0000000040)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x00\x01j2\xa6\xcb\xe33\xc31\x9e\xc4\x85?\xe6\xc2\x8bg\x00\x00\xe6\xff\x1a\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x05\xfe\xb3$\xb2\x1e\x00', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x201) r2 = dup2(r1, r0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32, @ANYBLOB="0002000000000000280012000900010076e287c9c97881b97675001800020014"], 0x3}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x1}, 0xc, 0x0}, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000140)={0x0, 0x0, 0x0, 'queue0\x00'}) write$sndseq(r2, &(0x7f0000000000), 0x0) 03:23:52 executing program 4: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, &(0x7f0000000180)={'tunl0\x00', @ifru_flags}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:23:52 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) 03:23:52 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x70, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x40, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{0xa000000}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}, @TCA_RSVP_CLASSID={0x8, 0x1, {0x0, 0x8}}]}}]}, 0x70}}, 0x0) 03:23:52 executing program 5: r0 = memfd_create(&(0x7f0000000040)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x00\x01j2\xa6\xcb\xe33\xc31\x9e\xc4\x85?\xe6\xc2\x8bg\x00\x00\xe6\xff\x1a\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x05\xfe\xb3$\xb2\x1e\x00', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x201) r2 = dup2(r1, r0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32, @ANYBLOB="0002000000000000280012000900010076e287c9c97881b97675001800020014"], 0x3}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x1}, 0xc, 0x0}, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000140)={0x0, 0x0, 0x0, 'queue0\x00'}) write$sndseq(r2, &(0x7f0000000000), 0x0) 03:23:52 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x68, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x38, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{}, {}, 0x0, 0x0, 0x3, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}]}}]}, 0x68}}, 0x0) 03:23:52 executing program 5: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:23:52 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) [ 2011.136405] syz-executor.4 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 2011.153225] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 2011.158695] CPU: 0 PID: 28960 Comm: syz-executor.4 Not tainted 4.19.99-syzkaller #0 [ 2011.166519] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2011.176238] Call Trace: [ 2011.178876] dump_stack+0x197/0x210 [ 2011.182538] dump_header+0x15e/0xa55 [ 2011.186270] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2011.191399] ? ___ratelimit+0x60/0x595 [ 2011.195326] ? do_raw_spin_unlock+0x181/0x270 [ 2011.199863] oom_kill_process.cold+0x10/0x6ef [ 2011.204414] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2011.209967] ? task_will_free_mem+0x139/0x6e0 [ 2011.214471] ? find_held_lock+0x35/0x130 [ 2011.218555] out_of_memory+0x362/0x1330 [ 2011.231845] ? lock_downgrade+0x880/0x880 [ 2011.236018] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2011.241168] ? oom_killer_disable+0x280/0x280 [ 2011.245680] ? find_held_lock+0x35/0x130 [ 2011.249819] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2011.254694] ? memcg_event_wake+0x230/0x230 [ 2011.259049] ? do_raw_spin_unlock+0x181/0x270 [ 2011.263563] ? _raw_spin_unlock+0x2d/0x50 [ 2011.267828] try_charge+0xec5/0x1490 [ 2011.271558] ? lock_downgrade+0x880/0x880 [ 2011.275725] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2011.280588] ? rcu_read_unlock+0x33/0x60 [ 2011.285070] ? get_mem_cgroup_from_mm+0x185/0x510 [ 2011.289934] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 2011.296140] ? mark_held_locks+0x100/0x100 [ 2011.300416] mem_cgroup_try_charge+0x259/0x6b0 [ 2011.305029] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2011.309987] __handle_mm_fault+0x1e50/0x3f80 [ 2011.314426] ? copy_page_range+0x2030/0x2030 [ 2011.318872] ? count_memcg_event_mm+0x2b1/0x4d0 [ 2011.323819] handle_mm_fault+0x1b5/0x690 [ 2011.327919] __get_user_pages+0x609/0x1860 [ 2011.332210] ? follow_page_mask+0x1ac0/0x1ac0 [ 2011.336758] ? lock_acquire+0x16f/0x3f0 [ 2011.340839] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2011.346415] populate_vma_page_range+0x20d/0x2a0 [ 2011.351213] __mm_populate+0x204/0x380 [ 2011.355130] ? populate_vma_page_range+0x2a0/0x2a0 [ 2011.360227] __x64_sys_mlockall+0x35c/0x520 [ 2011.364569] do_syscall_64+0xfd/0x620 [ 2011.368528] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2011.373833] RIP: 0033:0x45b349 [ 2011.377047] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2011.396058] RSP: 002b:00007f86ac35dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 2011.403794] RAX: ffffffffffffffda RBX: 00007f86ac35e6d4 RCX: 000000000045b349 [ 2011.411090] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 2011.418377] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2011.425669] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff 03:23:52 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) [ 2011.432970] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bf2c 03:23:53 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:23:53 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x70, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x40, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{0xb000000}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}, @TCA_RSVP_CLASSID={0x8, 0x1, {0x0, 0x8}}]}}]}, 0x70}}, 0x0) 03:23:53 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x68, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x38, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{}, {}, 0x0, 0x0, 0x3, 0x4}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}]}}]}, 0x68}}, 0x0) 03:23:54 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) [ 2012.699961] Task in /syz4 killed as a result of limit of /syz4 [ 2012.706005] memory: usage 307192kB, limit 307200kB, failcnt 2292 [ 2012.712628] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2012.719415] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2012.725704] Memory cgroup stats for /syz4: cache:124KB rss:293856KB rss_huge:229376KB shmem:24KB mapped_file:132KB dirty:0KB writeback:132KB swap:0KB inactive_anon:143396KB active_anon:13160KB inactive_file:4KB active_file:8KB unevictable:137344KB [ 2012.748263] Memory cgroup out of memory: Kill process 28842 (syz-executor.4) score 1163 or sacrifice child [ 2012.758411] Killed process 28842 (syz-executor.4) total-vm:72984kB, anon-rss:18452kB, file-rss:34816kB, shmem-rss:0kB [ 2013.684410] syz-executor.4 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 2013.696265] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 2013.703127] CPU: 1 PID: 28960 Comm: syz-executor.4 Not tainted 4.19.99-syzkaller #0 [ 2013.710959] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2013.720327] Call Trace: [ 2013.722962] dump_stack+0x197/0x210 [ 2013.726629] dump_header+0x15e/0xa55 [ 2013.730368] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2013.735503] ? ___ratelimit+0x60/0x595 [ 2013.739406] ? do_raw_spin_unlock+0x181/0x270 [ 2013.743921] oom_kill_process.cold+0x10/0x6ef [ 2013.748451] ? mem_cgroup_get_max+0x9a/0x240 [ 2013.752884] out_of_memory+0x362/0x1330 [ 2013.757010] ? lock_downgrade+0x880/0x880 [ 2013.761178] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2013.766309] ? oom_killer_disable+0x280/0x280 [ 2013.770818] ? find_held_lock+0x35/0x130 [ 2013.775262] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2013.780120] ? memcg_event_wake+0x230/0x230 [ 2013.784590] ? do_raw_spin_unlock+0x181/0x270 [ 2013.789116] ? _raw_spin_unlock+0x2d/0x50 [ 2013.793298] try_charge+0xec5/0x1490 [ 2013.797028] ? lock_downgrade+0x880/0x880 [ 2013.801201] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2013.806059] ? rcu_read_unlock+0x33/0x60 [ 2013.810264] ? get_mem_cgroup_from_mm+0x185/0x510 [ 2013.815127] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 2013.821226] mem_cgroup_try_charge+0x259/0x6b0 [ 2013.825853] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2013.830814] wp_page_copy+0x430/0x16a0 [ 2013.834753] ? retint_kernel+0x2d/0x2d [ 2013.838726] ? follow_pfn+0x2a0/0x2a0 [ 2013.842565] ? do_raw_spin_unlock+0x181/0x270 [ 2013.847096] do_wp_page+0x57d/0x10b0 [ 2013.850834] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2013.855533] ? kasan_check_write+0x14/0x20 [ 2013.859784] ? do_raw_spin_lock+0xd7/0x250 [ 2013.864137] __handle_mm_fault+0x2305/0x3f80 [ 2013.868682] ? copy_page_range+0x2030/0x2030 [ 2013.873157] ? count_memcg_event_mm+0x2b1/0x4d0 [ 2013.877848] handle_mm_fault+0x1b5/0x690 [ 2013.882191] __get_user_pages+0x609/0x1860 [ 2013.886466] ? follow_page_mask+0x1ac0/0x1ac0 [ 2013.890993] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2013.897170] ? retint_kernel+0x2d/0x2d [ 2013.901080] populate_vma_page_range+0x20d/0x2a0 [ 2013.905858] __mm_populate+0x204/0x380 [ 2013.909785] ? populate_vma_page_range+0x2a0/0x2a0 [ 2013.914743] __x64_sys_mlockall+0x35c/0x520 [ 2013.919099] do_syscall_64+0xfd/0x620 [ 2013.922927] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2013.928148] RIP: 0033:0x45b349 [ 2013.931357] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2013.950274] RSP: 002b:00007f86ac35dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 2013.957994] RAX: ffffffffffffffda RBX: 00007f86ac35e6d4 RCX: 000000000045b349 [ 2013.965286] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 2013.972575] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2013.979857] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2013.987319] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bf2c [ 2013.998160] Task in /syz4 killed as a result of limit of /syz4 [ 2014.004978] memory: usage 307200kB, limit 307200kB, failcnt 2350 [ 2014.012537] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2014.019813] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2014.027318] Memory cgroup stats for /syz4: cache:124KB rss:293776KB rss_huge:233472KB shmem:24KB mapped_file:132KB dirty:0KB writeback:132KB swap:0KB inactive_anon:129248KB active_anon:13144KB inactive_file:4KB active_file:8KB unevictable:151440KB [ 2014.054546] Memory cgroup out of memory: Kill process 28959 (syz-executor.4) score 1226 or sacrifice child [ 2014.065766] Killed process 29093 (syz-executor.4) total-vm:72720kB, anon-rss:18328kB, file-rss:34816kB, shmem-rss:0kB [ 2014.082303] oom_reaper: reaped process 29093 (syz-executor.4), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 03:23:56 executing program 4: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, &(0x7f0000000180)={'tunl0\x00', @ifru_flags}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:23:56 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x70, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x40, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{0xc000000}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}, @TCA_RSVP_CLASSID={0x8, 0x1, {0x0, 0x8}}]}}]}, 0x70}}, 0x0) 03:23:56 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:23:56 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x68, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x38, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{}, {}, 0x0, 0x0, 0x3, 0x5}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}]}}]}, 0x68}}, 0x0) 03:23:56 executing program 5: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:23:56 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) 03:23:59 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:23:59 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x70, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x40, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{0xe000000}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}, @TCA_RSVP_CLASSID={0x8, 0x1, {0x0, 0x8}}]}}]}, 0x70}}, 0x0) 03:23:59 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x68, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x38, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{}, {}, 0x0, 0x0, 0x3, 0x6}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}]}}]}, 0x68}}, 0x0) 03:23:59 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) 03:23:59 executing program 5: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:23:59 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x70, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x40, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{0xf000000}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}, @TCA_RSVP_CLASSID={0x8, 0x1, {0x0, 0x8}}]}}]}, 0x70}}, 0x0) 03:23:59 executing program 4: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, &(0x7f0000000180)={'tunl0\x00', @ifru_flags}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:23:59 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:23:59 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x68, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x38, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{}, {}, 0x0, 0x0, 0x3, 0x8}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}]}}]}, 0x68}}, 0x0) 03:24:02 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x70, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x40, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{0x10000000}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}, @TCA_RSVP_CLASSID={0x8, 0x1, {0x0, 0x8}}]}}]}, 0x70}}, 0x0) 03:24:02 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) 03:24:03 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x68, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x38, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{}, {}, 0x0, 0x0, 0x3, 0x9}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}]}}]}, 0x68}}, 0x0) 03:24:03 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x70, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x40, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{0x34c39fbc}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}, @TCA_RSVP_CLASSID={0x8, 0x1, {0x0, 0x8}}]}}]}, 0x70}}, 0x0) 03:24:03 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:24:03 executing program 4: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, &(0x7f0000000180)={'tunl0\x00', @ifru_flags}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:24:03 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x68, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x38, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{}, {}, 0x0, 0x0, 0x3, 0xa}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}]}}]}, 0x68}}, 0x0) 03:24:03 executing program 5: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:24:03 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x70, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x40, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{0x3c000000}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}, @TCA_RSVP_CLASSID={0x8, 0x1, {0x0, 0x8}}]}}]}, 0x70}}, 0x0) 03:24:03 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) 03:24:04 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x68, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x38, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{}, {}, 0x0, 0x0, 0x3, 0xb}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}]}}]}, 0x68}}, 0x0) 03:24:05 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:24:05 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x70, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x40, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{0x3f000000}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}, @TCA_RSVP_CLASSID={0x8, 0x1, {0x0, 0x8}}]}}]}, 0x70}}, 0x0) 03:24:07 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) 03:24:07 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x68, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x38, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{}, {}, 0x0, 0x0, 0x3, 0xc}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}]}}]}, 0x68}}, 0x0) 03:24:07 executing program 5: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:24:07 executing program 4: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, &(0x7f0000000180)={'tunl0\x00', @ifru_flags}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) chown(0x0, 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:24:07 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x70, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x40, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{0x60000000}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}, @TCA_RSVP_CLASSID={0x8, 0x1, {0x0, 0x8}}]}}]}, 0x70}}, 0x0) 03:24:08 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:24:08 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mlockall(0x3) [ 2027.392980] syz-executor.4 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 2027.404720] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 2027.410583] CPU: 1 PID: 29518 Comm: syz-executor.4 Not tainted 4.19.99-syzkaller #0 [ 2027.418388] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2027.427751] Call Trace: [ 2027.430372] dump_stack+0x197/0x210 [ 2027.434045] dump_header+0x15e/0xa55 [ 2027.437947] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2027.443080] ? ___ratelimit+0x60/0x595 [ 2027.446989] ? do_raw_spin_unlock+0x181/0x270 [ 2027.451516] oom_kill_process.cold+0x10/0x6ef [ 2027.456040] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2027.461604] ? task_will_free_mem+0x139/0x6e0 [ 2027.466133] out_of_memory+0x362/0x1330 [ 2027.470137] ? lock_downgrade+0x880/0x880 [ 2027.474306] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2027.479444] ? oom_killer_disable+0x280/0x280 [ 2027.483965] ? find_held_lock+0x35/0x130 [ 2027.488066] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2027.492926] ? memcg_event_wake+0x230/0x230 [ 2027.497380] ? do_raw_spin_unlock+0x181/0x270 [ 2027.502041] ? _raw_spin_unlock+0x2d/0x50 [ 2027.506303] try_charge+0xec5/0x1490 [ 2027.510045] ? lock_downgrade+0x880/0x880 [ 2027.514224] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2027.519092] ? rcu_read_unlock+0x33/0x60 [ 2027.523170] ? get_mem_cgroup_from_mm+0x185/0x510 [ 2027.528034] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 2027.534131] mem_cgroup_try_charge+0x259/0x6b0 [ 2027.538741] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2027.543699] wp_page_copy+0x430/0x16a0 [ 2027.547608] ? follow_pfn+0x2a0/0x2a0 [ 2027.551433] ? do_raw_spin_unlock+0x181/0x270 [ 2027.556065] do_wp_page+0x57d/0x10b0 [ 2027.559817] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2027.565291] ? kasan_check_write+0x14/0x20 [ 2027.569548] ? do_raw_spin_lock+0xd7/0x250 [ 2027.573823] __handle_mm_fault+0x2305/0x3f80 [ 2027.578256] ? copy_page_range+0x2030/0x2030 [ 2027.582703] ? count_memcg_event_mm+0x2b1/0x4d0 [ 2027.587535] handle_mm_fault+0x1b5/0x690 [ 2027.591638] __get_user_pages+0x609/0x1860 [ 2027.595916] ? follow_page_mask+0x1ac0/0x1ac0 [ 2027.600427] ? retint_kernel+0x2d/0x2d [ 2027.604361] populate_vma_page_range+0x20d/0x2a0 [ 2027.609155] __mm_populate+0x204/0x380 [ 2027.613093] ? populate_vma_page_range+0x2a0/0x2a0 [ 2027.618065] __x64_sys_mlockall+0x35c/0x520 [ 2027.622415] do_syscall_64+0xfd/0x620 [ 2027.626360] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2027.631572] RIP: 0033:0x45b349 [ 2027.634786] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2027.654030] RSP: 002b:00007f86ac33cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 2027.661764] RAX: ffffffffffffffda RBX: 00007f86ac33d6d4 RCX: 000000000045b349 [ 2027.669059] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 2027.676359] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 2027.683656] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2027.691060] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bfd4 [ 2027.700239] Task in /syz4 killed as a result of limit of /syz4 [ 2027.706646] memory: usage 307200kB, limit 307200kB, failcnt 2385 [ 2027.712916] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2027.719807] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2027.726252] Memory cgroup stats for /syz4: cache:124KB rss:293304KB rss_huge:217088KB shmem:24KB mapped_file:132KB dirty:0KB writeback:132KB swap:0KB inactive_anon:132620KB active_anon:13396KB inactive_file:8KB active_file:12KB unevictable:147480KB [ 2027.749866] Memory cgroup out of memory: Kill process 29513 (syz-executor.4) score 1227 or sacrifice child [ 2027.760236] Killed process 29523 (syz-executor.4) total-vm:72852kB, anon-rss:18456kB, file-rss:34816kB, shmem-rss:0kB [ 2028.127408] syz-executor.4 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 2028.138795] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 2028.144338] CPU: 1 PID: 29518 Comm: syz-executor.4 Not tainted 4.19.99-syzkaller #0 [ 2028.152673] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2028.162129] Call Trace: [ 2028.164735] dump_stack+0x197/0x210 [ 2028.168390] dump_header+0x15e/0xa55 [ 2028.172117] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2028.177242] ? ___ratelimit+0x60/0x595 [ 2028.181144] ? do_raw_spin_unlock+0x181/0x270 [ 2028.185682] oom_kill_process.cold+0x10/0x6ef [ 2028.190195] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2028.195753] ? task_will_free_mem+0x139/0x6e0 [ 2028.200301] out_of_memory+0x362/0x1330 [ 2028.204287] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2028.209413] ? oom_killer_disable+0x280/0x280 [ 2028.213942] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2028.218815] ? memcg_event_wake+0x230/0x230 [ 2028.223154] ? do_raw_spin_unlock+0x181/0x270 [ 2028.227755] ? _raw_spin_unlock+0x2d/0x50 [ 2028.231926] try_charge+0xec5/0x1490 [ 2028.235654] ? lock_downgrade+0x880/0x880 [ 2028.239847] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2028.244722] ? rcu_read_unlock+0x33/0x60 [ 2028.248809] ? get_mem_cgroup_from_mm+0x185/0x510 [ 2028.253672] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 2028.259766] mem_cgroup_try_charge+0x259/0x6b0 [ 2028.264383] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2028.269336] wp_page_copy+0x430/0x16a0 [ 2028.273268] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2028.278042] ? follow_pfn+0x2a0/0x2a0 [ 2028.281989] ? do_raw_spin_unlock+0x181/0x270 [ 2028.286496] do_wp_page+0x57d/0x10b0 [ 2028.290224] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2028.294913] ? __handle_mm_fault+0x186e/0x3f80 [ 2028.299514] ? __handle_mm_fault+0x1878/0x3f80 [ 2028.304124] __handle_mm_fault+0x2305/0x3f80 [ 2028.308646] ? copy_page_range+0x2030/0x2030 [ 2028.313093] ? count_memcg_event_mm+0x2b1/0x4d0 [ 2028.317790] handle_mm_fault+0x1b5/0x690 [ 2028.321876] __get_user_pages+0x609/0x1860 [ 2028.326138] ? follow_page_mask+0x1ac0/0x1ac0 [ 2028.330653] ? retint_kernel+0x2d/0x2d [ 2028.334577] populate_vma_page_range+0x20d/0x2a0 [ 2028.339358] __mm_populate+0x204/0x380 [ 2028.343265] ? populate_vma_page_range+0x2a0/0x2a0 [ 2028.348228] __x64_sys_mlockall+0x35c/0x520 [ 2028.352575] do_syscall_64+0xfd/0x620 [ 2028.356401] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2028.361601] RIP: 0033:0x45b349 [ 2028.364936] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2028.383851] RSP: 002b:00007f86ac33cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 2028.391580] RAX: ffffffffffffffda RBX: 00007f86ac33d6d4 RCX: 000000000045b349 [ 2028.398876] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 2028.406513] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 2028.413807] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2028.421094] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bfd4 [ 2028.428549] Task in /syz4 killed as a result of limit of /syz4 [ 2028.434999] memory: usage 307200kB, limit 307200kB, failcnt 2450 [ 2028.441358] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2028.448397] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2028.454790] Memory cgroup stats for /syz4: cache:124KB rss:293424KB rss_huge:217088KB shmem:24KB mapped_file:132KB dirty:0KB writeback:132KB swap:0KB inactive_anon:132636KB active_anon:13396KB inactive_file:12KB active_file:8KB unevictable:147480KB [ 2028.478551] Memory cgroup out of memory: Kill process 29513 (syz-executor.4) score 1227 or sacrifice child [ 2028.489043] Killed process 29513 (syz-executor.4) total-vm:72852kB, anon-rss:18372kB, file-rss:54376kB, shmem-rss:0kB [ 2028.505506] oom_reaper: reaped process 29513 (syz-executor.4), now anon-rss:18372kB, file-rss:54368kB, shmem-rss:0kB 03:24:10 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x68, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x38, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{}, {}, 0x0, 0x0, 0x3, 0xe}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}]}}]}, 0x68}}, 0x0) 03:24:10 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x70, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x40, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{0x65580000}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}, @TCA_RSVP_CLASSID={0x8, 0x1, {0x0, 0x8}}]}}]}, 0x70}}, 0x0) 03:24:10 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x68, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x38, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{}, {}, 0x0, 0x0, 0x3, 0xf}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}]}}]}, 0x68}}, 0x0) 03:24:10 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x70, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x40, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{0x81000000}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}, @TCA_RSVP_CLASSID={0x8, 0x1, {0x0, 0x8}}]}}]}, 0x70}}, 0x0) 03:24:11 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mlockall(0x0) 03:24:11 executing program 4: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, &(0x7f0000000180)={'tunl0\x00', @ifru_flags}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) chown(0x0, 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:24:11 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) [ 2031.050708] syz-executor.4 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 2031.062541] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 2031.068164] CPU: 1 PID: 29653 Comm: syz-executor.4 Not tainted 4.19.99-syzkaller #0 [ 2031.075972] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2031.085438] Call Trace: [ 2031.088044] dump_stack+0x197/0x210 [ 2031.091703] dump_header+0x15e/0xa55 [ 2031.095452] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2031.100609] ? ___ratelimit+0x60/0x595 [ 2031.104540] ? do_raw_spin_unlock+0x181/0x270 [ 2031.109063] oom_kill_process.cold+0x10/0x6ef [ 2031.113578] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2031.119136] ? task_will_free_mem+0x139/0x6e0 [ 2031.123661] ? find_held_lock+0x35/0x130 [ 2031.127746] out_of_memory+0x362/0x1330 [ 2031.131757] ? lock_downgrade+0x880/0x880 [ 2031.135927] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2031.141048] ? oom_killer_disable+0x280/0x280 [ 2031.145562] ? find_held_lock+0x35/0x130 [ 2031.149659] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2031.154523] ? memcg_event_wake+0x230/0x230 [ 2031.158968] ? do_raw_spin_unlock+0x181/0x270 [ 2031.163512] ? _raw_spin_unlock+0x2d/0x50 [ 2031.167713] try_charge+0xec5/0x1490 [ 2031.171448] ? lock_downgrade+0x880/0x880 [ 2031.175642] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2031.180510] ? rcu_read_unlock+0x33/0x60 [ 2031.184688] ? get_mem_cgroup_from_mm+0x185/0x510 [ 2031.189560] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 2031.195738] mem_cgroup_try_charge+0x259/0x6b0 [ 2031.200532] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2031.205491] wp_page_copy+0x430/0x16a0 [ 2031.209437] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2031.214227] ? follow_pfn+0x2a0/0x2a0 [ 2031.218054] ? do_raw_spin_unlock+0x181/0x270 [ 2031.222704] do_wp_page+0x57d/0x10b0 [ 2031.226456] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2031.231155] ? kasan_check_write+0x14/0x20 [ 2031.235435] ? do_raw_spin_lock+0xd7/0x250 [ 2031.239722] __handle_mm_fault+0x2305/0x3f80 [ 2031.244164] ? copy_page_range+0x2030/0x2030 [ 2031.248605] ? count_memcg_event_mm+0x2b1/0x4d0 [ 2031.253302] handle_mm_fault+0x1b5/0x690 [ 2031.257391] __get_user_pages+0x609/0x1860 [ 2031.261677] ? follow_page_mask+0x1ac0/0x1ac0 [ 2031.266203] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2031.270992] ? retint_kernel+0x2d/0x2d [ 2031.274914] populate_vma_page_range+0x20d/0x2a0 [ 2031.279710] __mm_populate+0x204/0x380 [ 2031.283630] ? populate_vma_page_range+0x2a0/0x2a0 [ 2031.288682] __x64_sys_mlockall+0x35c/0x520 [ 2031.293206] do_syscall_64+0xfd/0x620 [ 2031.297137] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2031.302344] RIP: 0033:0x45b349 [ 2031.305653] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2031.324712] RSP: 002b:00007f86ac35dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 2031.332437] RAX: ffffffffffffffda RBX: 00007f86ac35e6d4 RCX: 000000000045b349 [ 2031.339728] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 2031.347024] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2031.354317] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2031.361630] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bf2c [ 2031.370169] Task in /syz4 killed as a result of limit of /syz4 [ 2031.376551] memory: usage 307200kB, limit 307200kB, failcnt 2492 [ 2031.382827] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2031.390107] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 03:24:12 executing program 5: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) socket(0x0, 0x400000000080803, 0x0) 03:24:12 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x68, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x38, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{}, {}, 0x0, 0x0, 0x3, 0x10}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}]}}]}, 0x68}}, 0x0) 03:24:12 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mlockall(0x0) 03:24:12 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x70, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x40, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{0x88a8ffff}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}, @TCA_RSVP_CLASSID={0x8, 0x1, {0x0, 0x8}}]}}]}, 0x70}}, 0x0) [ 2031.396569] Memory cgroup stats for /syz4: cache:124KB rss:293568KB rss_huge:217088KB shmem:24KB mapped_file:132KB dirty:0KB writeback:132KB swap:0KB inactive_anon:132876KB active_anon:13396KB inactive_file:8KB active_file:0KB unevictable:147352KB [ 2031.419803] Memory cgroup out of memory: Kill process 29652 (syz-executor.4) score 1226 or sacrifice child [ 2031.430142] Killed process 29657 (syz-executor.4) total-vm:72720kB, anon-rss:18328kB, file-rss:34816kB, shmem-rss:0kB [ 2031.501660] oom_reaper: reaped process 29657 (syz-executor.4), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 2031.730443] syz-executor.4 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 2032.041530] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 2032.165542] CPU: 1 PID: 29652 Comm: syz-executor.4 Not tainted 4.19.99-syzkaller #0 [ 2032.173385] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2032.182753] Call Trace: [ 2032.185387] dump_stack+0x197/0x210 [ 2032.189067] dump_header+0x15e/0xa55 [ 2032.192806] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2032.197937] ? ___ratelimit+0x60/0x595 [ 2032.201843] ? do_raw_spin_unlock+0x181/0x270 [ 2032.206364] oom_kill_process.cold+0x10/0x6ef [ 2032.210884] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2032.216438] ? task_will_free_mem+0x139/0x6e0 [ 2032.220952] out_of_memory+0x362/0x1330 [ 2032.224964] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2032.230609] ? oom_killer_disable+0x280/0x280 [ 2032.235223] ? find_held_lock+0x35/0x130 [ 2032.239310] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2032.244172] ? memcg_event_wake+0x230/0x230 [ 2032.248516] ? do_raw_spin_unlock+0x181/0x270 [ 2032.253027] ? _raw_spin_unlock+0x2d/0x50 [ 2032.257187] try_charge+0xc6e/0x1490 [ 2032.260960] ? lock_downgrade+0x880/0x880 [ 2032.265137] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2032.270440] ? rcu_read_unlock+0x33/0x60 [ 2032.274522] ? get_mem_cgroup_from_mm+0x185/0x510 [ 2032.279387] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 2032.285485] ? __free_object+0xe2/0x1f0 [ 2032.289481] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2032.294619] mem_cgroup_try_charge+0x259/0x6b0 [ 2032.299233] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2032.304184] wp_page_copy+0x430/0x16a0 [ 2032.308105] ? follow_pfn+0x2a0/0x2a0 [ 2032.312034] ? do_raw_spin_unlock+0x181/0x270 [ 2032.316545] do_wp_page+0x57d/0x10b0 [ 2032.320274] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2032.324959] ? kasan_check_write+0x14/0x20 [ 2032.329218] ? do_raw_spin_lock+0xd7/0x250 [ 2032.333473] __handle_mm_fault+0x2305/0x3f80 [ 2032.337898] ? copy_page_range+0x2030/0x2030 [ 2032.342350] ? count_memcg_event_mm+0x2b1/0x4d0 [ 2032.347317] handle_mm_fault+0x1b5/0x690 [ 2032.351405] __do_page_fault+0x62a/0xe90 [ 2032.355501] ? vmalloc_fault+0x740/0x740 [ 2032.359583] ? trace_hardirqs_off_caller+0x65/0x220 [ 2032.364635] ? trace_hardirqs_on_caller+0x6a/0x220 [ 2032.369595] ? page_fault+0x8/0x30 [ 2032.373158] do_page_fault+0x71/0x57d [ 2032.376980] ? page_fault+0x8/0x30 [ 2032.380543] page_fault+0x1e/0x30 [ 2032.384007] RIP: 0033:0x400644 [ 2032.387217] Code: 06 e9 49 01 00 00 48 8b 44 24 10 48 0b 44 24 28 75 1f 48 8b 14 24 48 8b 7c 24 20 be 04 00 00 00 e8 d1 55 00 00 48 8b 74 24 08 <89> 06 e9 1e 01 00 00 48 8b 44 24 08 48 8b 14 24 be 04 00 00 00 8b [ 2032.406130] RSP: 002b:00007ffe33ec92d0 EFLAGS: 00010202 [ 2032.411510] RAX: 0000000000000000 RBX: 000000000075c9a0 RCX: 0000000000000000 [ 2032.418793] RDX: 0000000000000000 RSI: 0000000020d06000 RDI: 0000000000000000 [ 2032.426082] RBP: 0000000000760fa8 R08: 0000000000000000 R09: 0000000000000000 [ 2032.433369] R10: 00007ffe33ec93e0 R11: 0000000000000246 R12: 000000000075bf20 [ 2032.440654] R13: 00000000001efb1a R14: 0000000000760fb0 R15: 000000000075bf2c [ 2032.477164] Task in /syz4 killed as a result of limit of /syz4 [ 2032.506669] memory: usage 301136kB, limit 307200kB, failcnt 2493 [ 2032.546336] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2032.585449] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2032.621688] Memory cgroup stats for /syz4: cache:124KB rss:287704KB rss_huge:217088KB shmem:24KB mapped_file:132KB dirty:0KB writeback:132KB swap:0KB inactive_anon:126992KB active_anon:13396KB inactive_file:0KB active_file:8KB unevictable:147352KB [ 2032.744555] Memory cgroup out of memory: Kill process 29652 (syz-executor.4) score 1226 or sacrifice child [ 2032.802955] Killed process 29652 (syz-executor.4) total-vm:72720kB, anon-rss:18256kB, file-rss:54376kB, shmem-rss:0kB 03:24:14 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mlockall(0x0) 03:24:14 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:24:15 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x70, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x40, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{0x9effffff}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}, @TCA_RSVP_CLASSID={0x8, 0x1, {0x0, 0x8}}]}}]}, 0x70}}, 0x0) 03:24:15 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x68, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x38, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{}, {}, 0x0, 0x0, 0x3, 0x34}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}]}}]}, 0x68}}, 0x0) 03:24:16 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:24:16 executing program 4: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, &(0x7f0000000180)={'tunl0\x00', @ifru_flags}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) chown(0x0, 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:24:16 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x68, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x38, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{}, {}, 0x0, 0x0, 0x3, 0x60}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}]}}]}, 0x68}}, 0x0) 03:24:16 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x70, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x40, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{0xbc9fc334}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}, @TCA_RSVP_CLASSID={0x8, 0x1, {0x0, 0x8}}]}}]}, 0x70}}, 0x0) 03:24:16 executing program 5: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) socket(0x0, 0x400000000080803, 0x0) [ 2035.873385] syz-executor.4 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 2035.885241] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 2035.891004] CPU: 0 PID: 29897 Comm: syz-executor.4 Not tainted 4.19.99-syzkaller #0 [ 2035.898814] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2035.908180] Call Trace: [ 2035.910788] dump_stack+0x197/0x210 [ 2035.914431] dump_header+0x15e/0xa55 [ 2035.918263] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2035.923384] ? ___ratelimit+0x60/0x595 [ 2035.927285] oom_kill_process.cold+0x10/0x6ef [ 2035.931814] ? mem_cgroup_get_max+0x94/0x240 [ 2035.936242] out_of_memory+0x362/0x1330 [ 2035.940233] ? lock_downgrade+0x880/0x880 [ 2035.944410] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2035.949542] ? oom_killer_disable+0x280/0x280 [ 2035.955453] ? find_held_lock+0x35/0x130 [ 2035.959549] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2035.964410] ? memcg_event_wake+0x230/0x230 [ 2035.968876] ? do_raw_spin_unlock+0x181/0x270 [ 2035.973398] ? _raw_spin_unlock+0x2d/0x50 [ 2035.977576] try_charge+0xec5/0x1490 [ 2035.981316] ? lock_downgrade+0x880/0x880 [ 2035.985600] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2035.990470] ? rcu_read_unlock+0x33/0x60 [ 2035.994767] ? get_mem_cgroup_from_mm+0x185/0x510 [ 2035.999633] ? trace_hardirqs_on_caller+0x6a/0x220 [ 2036.004611] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 2036.010704] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2036.015492] mem_cgroup_try_charge+0x259/0x6b0 [ 2036.020106] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2036.025064] wp_page_copy+0x430/0x16a0 [ 2036.029165] ? follow_pfn+0x2a0/0x2a0 [ 2036.032983] ? do_raw_spin_unlock+0x181/0x270 [ 2036.037504] do_wp_page+0x57d/0x10b0 [ 2036.041356] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2036.046046] ? kasan_check_write+0x14/0x20 [ 2036.050303] ? do_raw_spin_lock+0xd7/0x250 [ 2036.054553] __handle_mm_fault+0x2305/0x3f80 [ 2036.059097] ? copy_page_range+0x2030/0x2030 [ 2036.063541] ? count_memcg_event_mm+0x2b1/0x4d0 [ 2036.068223] handle_mm_fault+0x1b5/0x690 [ 2036.072307] __get_user_pages+0x609/0x1860 [ 2036.076566] ? follow_page_mask+0x1ac0/0x1ac0 [ 2036.081258] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2036.086048] ? retint_kernel+0x2d/0x2d [ 2036.089968] populate_vma_page_range+0x20d/0x2a0 [ 2036.094768] __mm_populate+0x204/0x380 [ 2036.098672] ? populate_vma_page_range+0x2a0/0x2a0 [ 2036.103629] __x64_sys_mlockall+0x35c/0x520 [ 2036.107965] do_syscall_64+0xfd/0x620 [ 2036.111785] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2036.116980] RIP: 0033:0x45b349 [ 2036.120181] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2036.139093] RSP: 002b:00007f86ac35dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 2036.146987] RAX: ffffffffffffffda RBX: 00007f86ac35e6d4 RCX: 000000000045b349 [ 2036.154620] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 2036.161910] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2036.169198] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2036.176483] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bf2c [ 2036.185237] Task in /syz4 killed as a result of limit of /syz4 [ 2036.191458] memory: usage 307200kB, limit 307200kB, failcnt 2504 [ 2036.198143] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2036.205149] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2036.211738] Memory cgroup stats for /syz4: cache:124KB rss:293384KB rss_huge:217088KB shmem:24KB mapped_file:132KB dirty:0KB writeback:132KB swap:0KB inactive_anon:132876KB active_anon:13396KB inactive_file:8KB active_file:0KB unevictable:147352KB [ 2036.235398] Memory cgroup out of memory: Kill process 29895 (syz-executor.4) score 1226 or sacrifice child [ 2036.246142] Killed process 29903 (syz-executor.4) total-vm:72720kB, anon-rss:18328kB, file-rss:34816kB, shmem-rss:0kB 03:24:19 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) [ 2037.498929] oom_reaper: reaped process 29903 (syz-executor.4), now anon-rss:0kB, file-rss:34688kB, shmem-rss:0kB 03:24:21 executing program 4: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, &(0x7f0000000180)={'tunl0\x00', @ifru_flags}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:24:21 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x68, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x38, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x3, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}]}}]}, 0x68}}, 0x0) 03:24:21 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x70, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x40, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{0xf0ffffff}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}, @TCA_RSVP_CLASSID={0x8, 0x1, {0x0, 0x8}}]}}]}, 0x70}}, 0x0) 03:24:22 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) [ 2041.236579] syz-executor.4 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 2041.248543] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 2041.254950] CPU: 0 PID: 30105 Comm: syz-executor.4 Not tainted 4.19.99-syzkaller #0 [ 2041.262774] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2041.272230] Call Trace: [ 2041.274859] dump_stack+0x197/0x210 [ 2041.278518] dump_header+0x15e/0xa55 [ 2041.282347] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2041.287818] ? ___ratelimit+0x60/0x595 [ 2041.291722] ? do_raw_spin_unlock+0x181/0x270 [ 2041.296243] oom_kill_process.cold+0x10/0x6ef [ 2041.300763] ? out_of_memory+0xe3/0x1330 [ 2041.304840] ? out_of_memory+0xf0/0x1330 [ 2041.308925] out_of_memory+0x362/0x1330 [ 2041.312923] ? lock_downgrade+0x880/0x880 [ 2041.317088] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2041.322212] ? oom_killer_disable+0x280/0x280 [ 2041.326735] ? find_held_lock+0x35/0x130 [ 2041.330831] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2041.335694] ? memcg_event_wake+0x230/0x230 [ 2041.340039] ? do_raw_spin_unlock+0x181/0x270 [ 2041.344595] ? _raw_spin_unlock+0x2d/0x50 [ 2041.348779] try_charge+0xec5/0x1490 [ 2041.352555] ? lock_downgrade+0x880/0x880 [ 2041.356745] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2041.361606] ? rcu_read_unlock+0x33/0x60 [ 2041.365679] ? get_mem_cgroup_from_mm+0x185/0x510 [ 2041.370538] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 2041.376627] mem_cgroup_try_charge+0x259/0x6b0 [ 2041.381237] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2041.386189] wp_page_copy+0x430/0x16a0 [ 2041.390108] ? follow_pfn+0x2a0/0x2a0 [ 2041.393943] ? do_raw_spin_unlock+0x181/0x270 [ 2041.398486] do_wp_page+0x57d/0x10b0 [ 2041.402221] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2041.406903] ? kasan_check_write+0x14/0x20 [ 2041.411156] ? do_raw_spin_lock+0xd7/0x250 [ 2041.415413] __handle_mm_fault+0x2305/0x3f80 [ 2041.419847] ? copy_page_range+0x2030/0x2030 [ 2041.424278] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2041.429064] handle_mm_fault+0x1b5/0x690 [ 2041.433149] __get_user_pages+0x609/0x1860 [ 2041.437414] ? follow_page_mask+0x1ac0/0x1ac0 [ 2041.441929] ? retint_kernel+0x2d/0x2d [ 2041.445872] populate_vma_page_range+0x20d/0x2a0 [ 2041.450673] __mm_populate+0x204/0x380 [ 2041.454588] ? populate_vma_page_range+0x2a0/0x2a0 [ 2041.459544] __x64_sys_mlockall+0x35c/0x520 [ 2041.463886] do_syscall_64+0xfd/0x620 [ 2041.467709] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2041.472910] RIP: 0033:0x45b349 [ 2041.476126] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2041.495040] RSP: 002b:00007f86ac35dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 2041.502771] RAX: ffffffffffffffda RBX: 00007f86ac35e6d4 RCX: 000000000045b349 [ 2041.510057] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 2041.517340] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2041.524733] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2041.532015] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bf2c [ 2041.541231] Task in /syz4 killed as a result of limit of /syz4 [ 2041.547440] memory: usage 307200kB, limit 307200kB, failcnt 2892 [ 2041.553789] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2041.560781] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2041.567053] Memory cgroup stats for /syz4: cache:124KB rss:293580KB rss_huge:219136KB shmem:24KB mapped_file:132KB dirty:0KB writeback:132KB swap:0KB inactive_anon:130856KB active_anon:13396KB inactive_file:8KB active_file:0KB unevictable:149400KB [ 2041.590614] Memory cgroup out of memory: Kill process 30084 (syz-executor.4) score 1226 or sacrifice child [ 2041.600728] Killed process 30115 (syz-executor.4) total-vm:72720kB, anon-rss:18328kB, file-rss:34816kB, shmem-rss:0kB [ 2043.658854] oom_reaper: reaped process 30115 (syz-executor.4), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 2043.747467] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.3'. 03:24:25 executing program 5: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) socket(0x0, 0x400000000080803, 0x0) 03:24:25 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x68, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x38, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x2c, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}]}}]}, 0x68}}, 0x0) [ 2044.501563] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.3'. 03:24:26 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x70, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x40, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{0xffffa888}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}, @TCA_RSVP_CLASSID={0x8, 0x1, {0x0, 0x8}}]}}]}, 0x70}}, 0x0) 03:24:26 executing program 4: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, &(0x7f0000000180)={'tunl0\x00', @ifru_flags}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) [ 2044.583988] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.3'. 03:24:26 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x68, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x38, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x35, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}]}}]}, 0x68}}, 0x0) [ 2045.574735] syz-executor.4 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 2045.587558] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 2045.594979] CPU: 0 PID: 30238 Comm: syz-executor.4 Not tainted 4.19.99-syzkaller #0 [ 2045.602784] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2045.612141] Call Trace: [ 2045.614753] dump_stack+0x197/0x210 [ 2045.618400] dump_header+0x15e/0xa55 [ 2045.622125] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2045.627239] ? ___ratelimit+0x60/0x595 [ 2045.631131] ? do_raw_spin_unlock+0x181/0x270 [ 2045.635638] oom_kill_process.cold+0x10/0x6ef [ 2045.640144] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2045.645688] ? task_will_free_mem+0x139/0x6e0 [ 2045.650188] ? trace_hardirqs_on_caller+0x6a/0x220 [ 2045.655134] out_of_memory+0x362/0x1330 [ 2045.659119] ? retint_kernel+0x2d/0x2d [ 2045.663020] ? oom_killer_disable+0x280/0x280 [ 2045.667539] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2045.672415] ? memcg_event_wake+0x230/0x230 [ 2045.676750] ? do_raw_spin_unlock+0x181/0x270 [ 2045.681252] ? _raw_spin_unlock+0x2d/0x50 [ 2045.685409] try_charge+0xec5/0x1490 [ 2045.689131] ? lock_downgrade+0x880/0x880 [ 2045.693296] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2045.698238] ? rcu_read_unlock+0x33/0x60 [ 2045.702303] ? get_mem_cgroup_from_mm+0x185/0x510 [ 2045.707168] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 2045.713267] mem_cgroup_try_charge+0x259/0x6b0 [ 2045.717872] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2045.722822] wp_page_copy+0x430/0x16a0 [ 2045.726857] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2045.731641] ? follow_pfn+0x2a0/0x2a0 [ 2045.735467] ? do_raw_spin_unlock+0x181/0x270 [ 2045.739987] do_wp_page+0x57d/0x10b0 [ 2045.743717] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2045.748545] ? __handle_mm_fault+0x1890/0x3f80 [ 2045.753419] ? __handle_mm_fault+0x189a/0x3f80 [ 2045.758136] __handle_mm_fault+0x2305/0x3f80 [ 2045.762653] ? copy_page_range+0x2030/0x2030 [ 2045.767096] ? count_memcg_event_mm+0x2b1/0x4d0 [ 2045.771777] handle_mm_fault+0x1b5/0x690 [ 2045.775865] __get_user_pages+0x609/0x1860 [ 2045.780133] ? follow_page_mask+0x1ac0/0x1ac0 [ 2045.784657] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2045.789446] ? retint_kernel+0x2d/0x2d [ 2045.793365] populate_vma_page_range+0x20d/0x2a0 [ 2045.798139] __mm_populate+0x204/0x380 [ 2045.802055] ? populate_vma_page_range+0x2a0/0x2a0 [ 2045.807030] __x64_sys_mlockall+0x35c/0x520 [ 2045.811369] do_syscall_64+0xfd/0x620 [ 2045.815222] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2045.820423] RIP: 0033:0x45b349 [ 2045.823623] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2045.842756] RSP: 002b:00007f86ac33cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 2045.850484] RAX: ffffffffffffffda RBX: 00007f86ac33d6d4 RCX: 000000000045b349 [ 2045.857767] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 2045.865056] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 2045.872431] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2045.879718] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bfd4 [ 2045.890866] Task in /syz4 killed as a result of limit of /syz4 [ 2045.897254] memory: usage 307200kB, limit 307200kB, failcnt 3531 [ 2045.903672] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2045.910612] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2045.917027] Memory cgroup stats for /syz4: cache:124KB rss:293572KB rss_huge:217088KB shmem:24KB mapped_file:132KB dirty:0KB writeback:132KB swap:0KB inactive_anon:132944KB active_anon:13396KB inactive_file:8KB active_file:0KB unevictable:147348KB [ 2045.940607] Memory cgroup out of memory: Kill process 30235 (syz-executor.4) score 1226 or sacrifice child [ 2045.950815] Killed process 30239 (syz-executor.4) total-vm:72720kB, anon-rss:18324kB, file-rss:34944kB, shmem-rss:0kB 03:24:27 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:24:28 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:24:28 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x70, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x40, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{0xfffff000}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}, @TCA_RSVP_CLASSID={0x8, 0x1, {0x0, 0x8}}]}}]}, 0x70}}, 0x0) 03:24:28 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x68, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x38, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0xe84, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}]}}]}, 0x68}}, 0x0) 03:24:28 executing program 5: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) write(0xffffffffffffffff, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:24:31 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x70, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x40, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{0xffffff7f}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}, @TCA_RSVP_CLASSID={0x8, 0x1, {0x0, 0x8}}]}}]}, 0x70}}, 0x0) 03:24:31 executing program 4: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, &(0x7f0000000180)={'tunl0\x00', @ifru_flags}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) [ 2049.933079] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.3'. 03:24:31 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x68, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x38, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x6, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}]}}]}, 0x68}}, 0x0) 03:24:31 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:24:31 executing program 5: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) write(0xffffffffffffffff, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) [ 2051.712918] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2051.901311] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.3'. 03:24:33 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x70, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x40, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{0xffffff9e}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}, @TCA_RSVP_CLASSID={0x8, 0x1, {0x0, 0x8}}]}}]}, 0x70}}, 0x0) 03:24:33 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x68, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x38, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0xe, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}]}}]}, 0x68}}, 0x0) 03:24:33 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:24:34 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x70, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x40, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{0xfffffff0}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}, @TCA_RSVP_CLASSID={0x8, 0x1, {0x0, 0x8}}]}}]}, 0x70}}, 0x0) 03:24:34 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x68, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x38, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x35, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}]}}]}, 0x68}}, 0x0) 03:24:34 executing program 4: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, &(0x7f0000000180)={'tunl0\x00', @ifru_flags}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000), 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:24:35 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:24:36 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x70, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x40, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{0xffffffff}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}, @TCA_RSVP_CLASSID={0x8, 0x1, {0x0, 0x8}}]}}]}, 0x70}}, 0x0) 03:24:36 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x68, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x38, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0398d71b1bc1612d58"}]}}]}, 0x68}}, 0x0) 03:24:36 executing program 5: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) write(0xffffffffffffffff, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:24:37 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x68, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x38, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0598d71b1bc1612d58"}]}}]}, 0x68}}, 0x0) 03:24:37 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x70, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x40, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}, @TCA_RSVP_CLASSID={0x8, 0x1, {0x0, 0x8}}]}}]}, 0x70}}, 0x0) 03:24:37 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:24:37 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:24:37 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x70, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x40, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{0x0, 0x2}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}, @TCA_RSVP_CLASSID={0x8, 0x1, {0x0, 0x8}}]}}]}, 0x70}}, 0x0) 03:24:37 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x68, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x38, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0698d71b1bc1612d58"}]}}]}, 0x68}}, 0x0) 03:24:37 executing program 5: syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r0 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r0, 0x89f0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) r1 = socket(0x0, 0x400000000080803, 0x0) write(r1, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:24:42 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x70, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x40, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{0x0, 0x3}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}, @TCA_RSVP_CLASSID={0x8, 0x1, {0x0, 0x8}}]}}]}, 0x70}}, 0x0) 03:24:42 executing program 4: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, &(0x7f0000000180)={'tunl0\x00', @ifru_flags}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000), 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:24:42 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:24:42 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x68, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x38, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0898d71b1bc1612d58"}]}}]}, 0x68}}, 0x0) 03:24:42 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:24:42 executing program 5: syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r0 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r0, 0x89f0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) r1 = socket(0x0, 0x400000000080803, 0x0) write(r1, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) [ 2062.405806] syz-executor.4 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 2062.417461] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 2062.424296] CPU: 0 PID: 30792 Comm: syz-executor.4 Not tainted 4.19.99-syzkaller #0 [ 2062.432118] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2062.442185] Call Trace: [ 2062.444804] dump_stack+0x197/0x210 [ 2062.448466] dump_header+0x15e/0xa55 [ 2062.452208] ? oom_kill_process+0x136/0x150 [ 2062.456688] oom_kill_process.cold+0x10/0x6ef [ 2062.461215] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2062.466773] ? task_will_free_mem+0x139/0x6e0 [ 2062.471300] out_of_memory+0x362/0x1330 [ 2062.475307] ? retint_kernel+0x2d/0x2d [ 2062.479221] ? oom_killer_disable+0x280/0x280 [ 2062.483751] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2062.488625] ? memcg_event_wake+0x230/0x230 [ 2062.492969] ? do_raw_spin_unlock+0x181/0x270 [ 2062.497491] ? _raw_spin_unlock+0x2d/0x50 [ 2062.501665] try_charge+0xec5/0x1490 [ 2062.505417] ? lock_downgrade+0x880/0x880 [ 2062.509693] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2062.514559] ? rcu_read_unlock+0x33/0x60 [ 2062.518641] ? get_mem_cgroup_from_mm+0x185/0x510 [ 2062.523514] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 2062.529608] mem_cgroup_try_charge+0x259/0x6b0 [ 2062.534257] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2062.539252] wp_page_copy+0x430/0x16a0 [ 2062.543194] ? follow_pfn+0x2a0/0x2a0 [ 2062.547037] ? do_raw_spin_unlock+0x181/0x270 [ 2062.551552] do_wp_page+0x57d/0x10b0 [ 2062.555305] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2062.560083] ? kasan_check_write+0x14/0x20 [ 2062.564336] ? do_raw_spin_lock+0xd7/0x250 [ 2062.568592] __handle_mm_fault+0x2305/0x3f80 [ 2062.573026] ? copy_page_range+0x2030/0x2030 [ 2062.577479] ? count_memcg_event_mm+0x2b1/0x4d0 [ 2062.582177] handle_mm_fault+0x1b5/0x690 [ 2062.586254] __get_user_pages+0x609/0x1860 [ 2062.590515] ? follow_page_mask+0x1ac0/0x1ac0 [ 2062.595074] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2062.599857] ? retint_kernel+0x2d/0x2d [ 2062.603876] populate_vma_page_range+0x20d/0x2a0 [ 2062.608673] __mm_populate+0x204/0x380 [ 2062.612598] ? populate_vma_page_range+0x2a0/0x2a0 [ 2062.617655] ? __x64_sys_mlockall+0x386/0x520 [ 2062.622203] __x64_sys_mlockall+0x35c/0x520 [ 2062.626542] do_syscall_64+0xfd/0x620 [ 2062.630439] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2062.635643] RIP: 0033:0x45b349 [ 2062.638851] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2062.657939] RSP: 002b:00007f86ac33cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 2062.665663] RAX: ffffffffffffffda RBX: 00007f86ac33d6d4 RCX: 000000000045b349 [ 2062.673648] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 2062.680936] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 2062.688220] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2062.695503] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bfd4 [ 2062.707029] Task in /syz4 killed as a result of limit of /syz4 [ 2062.713418] memory: usage 307200kB, limit 307200kB, failcnt 3560 [ 2062.719748] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2062.726837] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2062.733550] Memory cgroup stats for /syz4: cache:124KB rss:293700KB rss_huge:217088KB shmem:24KB mapped_file:132KB dirty:0KB writeback:132KB swap:0KB inactive_anon:133036KB active_anon:13396KB inactive_file:8KB active_file:4KB unevictable:147348KB [ 2062.757070] Memory cgroup out of memory: Kill process 30783 (syz-executor.4) score 1226 or sacrifice child [ 2062.775427] Killed process 30794 (syz-executor.4) total-vm:72720kB, anon-rss:18324kB, file-rss:34816kB, shmem-rss:0kB [ 2062.874660] syz-executor.4 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 2062.886276] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 2062.891929] CPU: 0 PID: 30792 Comm: syz-executor.4 Not tainted 4.19.99-syzkaller #0 [ 2062.899749] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2062.909195] Call Trace: [ 2062.911809] dump_stack+0x197/0x210 [ 2062.915573] dump_header+0x15e/0xa55 [ 2062.919319] ? oom_kill_process+0x136/0x150 [ 2062.923665] oom_kill_process.cold+0x10/0x6ef [ 2062.928183] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2062.933760] ? task_will_free_mem+0x139/0x6e0 [ 2062.938273] ? trace_hardirqs_on_caller+0x6a/0x220 [ 2062.943232] out_of_memory+0x362/0x1330 [ 2062.947219] ? retint_kernel+0x2d/0x2d [ 2062.951120] ? oom_killer_disable+0x280/0x280 [ 2062.955748] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2062.960609] ? memcg_event_wake+0x230/0x230 [ 2062.965076] try_charge+0xec5/0x1490 [ 2062.968813] ? lock_downgrade+0x880/0x880 [ 2062.972993] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2062.977875] ? rcu_read_unlock+0x33/0x60 [ 2062.981945] ? get_mem_cgroup_from_mm+0x185/0x510 [ 2062.986841] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 2062.993039] mem_cgroup_try_charge+0x259/0x6b0 [ 2062.997685] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2063.002657] wp_page_copy+0x430/0x16a0 [ 2063.006562] ? follow_pfn+0x2a0/0x2a0 [ 2063.010386] ? do_raw_spin_unlock+0x181/0x270 [ 2063.014903] do_wp_page+0x57d/0x10b0 [ 2063.018640] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2063.023332] ? kasan_check_write+0x14/0x20 [ 2063.027588] ? do_raw_spin_lock+0xd7/0x250 [ 2063.031858] __handle_mm_fault+0x2305/0x3f80 [ 2063.036293] ? copy_page_range+0x2030/0x2030 [ 2063.040739] ? count_memcg_event_mm+0x2b1/0x4d0 [ 2063.045423] handle_mm_fault+0x1b5/0x690 [ 2063.049519] __get_user_pages+0x609/0x1860 [ 2063.053879] ? follow_page_mask+0x1ac0/0x1ac0 [ 2063.058398] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2063.063180] ? retint_kernel+0x2d/0x2d [ 2063.067112] populate_vma_page_range+0x20d/0x2a0 [ 2063.071910] __mm_populate+0x204/0x380 [ 2063.075829] ? populate_vma_page_range+0x2a0/0x2a0 [ 2063.080788] ? __x64_sys_mlockall+0x386/0x520 [ 2063.085314] __x64_sys_mlockall+0x35c/0x520 [ 2063.089666] do_syscall_64+0xfd/0x620 [ 2063.093496] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2063.098699] RIP: 0033:0x45b349 [ 2063.101905] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2063.120822] RSP: 002b:00007f86ac33cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 2063.128573] RAX: ffffffffffffffda RBX: 00007f86ac33d6d4 RCX: 000000000045b349 [ 2063.135864] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 2063.143156] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 2063.150457] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2063.157747] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bfd4 [ 2063.166052] Task in /syz4 killed as a result of limit of /syz4 [ 2063.172615] memory: usage 300976kB, limit 307200kB, failcnt 3578 [ 2063.178971] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2063.185957] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2063.192414] Memory cgroup stats for /syz4: cache:124KB rss:287700KB rss_huge:217088KB shmem:24KB mapped_file:132KB dirty:0KB writeback:132KB swap:0KB inactive_anon:126992KB active_anon:13396KB inactive_file:12KB active_file:0KB unevictable:147348KB [ 2063.215400] Memory cgroup out of memory: Kill process 30783 (syz-executor.4) score 1226 or sacrifice child 03:24:44 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x70, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x40, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{0x0, 0x4}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}, @TCA_RSVP_CLASSID={0x8, 0x1, {0x0, 0x8}}]}}]}, 0x70}}, 0x0) [ 2063.226251] Killed process 30783 (syz-executor.4) total-vm:72720kB, anon-rss:18324kB, file-rss:54376kB, shmem-rss:0kB [ 2063.238645] oom_reaper: reaped process 30783 (syz-executor.4), now anon-rss:18324kB, file-rss:54368kB, shmem-rss:0kB 03:24:44 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x68, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x38, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0998d71b1bc1612d58"}]}}]}, 0x68}}, 0x0) 03:24:45 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x70, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x40, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{0x0, 0x5}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}, @TCA_RSVP_CLASSID={0x8, 0x1, {0x0, 0x8}}]}}]}, 0x70}}, 0x0) 03:24:45 executing program 4: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, &(0x7f0000000180)={'tunl0\x00', @ifru_flags}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000), 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) [ 2064.982026] syz-executor.4 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 2064.994032] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 2064.999602] CPU: 0 PID: 30913 Comm: syz-executor.4 Not tainted 4.19.99-syzkaller #0 [ 2065.007417] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2065.016871] Call Trace: [ 2065.019492] dump_stack+0x197/0x210 [ 2065.023149] dump_header+0x15e/0xa55 [ 2065.026892] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2065.032020] ? ___ratelimit+0x60/0x595 [ 2065.035931] ? do_raw_spin_unlock+0x181/0x270 [ 2065.040453] oom_kill_process.cold+0x10/0x6ef [ 2065.044974] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2065.050533] ? task_will_free_mem+0x139/0x6e0 [ 2065.055054] ? trace_hardirqs_on_caller+0x6a/0x220 [ 2065.060016] out_of_memory+0x362/0x1330 [ 2065.064019] ? retint_kernel+0x2d/0x2d [ 2065.067983] ? oom_killer_disable+0x280/0x280 [ 2065.072505] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2065.077370] ? memcg_event_wake+0x230/0x230 [ 2065.081729] ? do_raw_spin_unlock+0x181/0x270 [ 2065.086252] ? _raw_spin_unlock+0x2d/0x50 [ 2065.090427] try_charge+0xec5/0x1490 [ 2065.094176] ? lock_downgrade+0x880/0x880 [ 2065.098345] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2065.103669] ? rcu_read_unlock+0x33/0x60 [ 2065.107744] ? get_mem_cgroup_from_mm+0x185/0x510 [ 2065.112608] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 2065.118696] mem_cgroup_try_charge+0x259/0x6b0 [ 2065.123306] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2065.128274] wp_page_copy+0x430/0x16a0 [ 2065.132185] ? retint_kernel+0x2d/0x2d [ 2065.136094] ? follow_pfn+0x2a0/0x2a0 [ 2065.139904] ? get_page+0x66/0x100 [ 2065.143487] ? do_raw_spin_unlock+0x181/0x270 [ 2065.148354] do_wp_page+0x57d/0x10b0 [ 2065.152085] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2065.156774] ? kasan_check_write+0x14/0x20 [ 2065.161295] ? do_raw_spin_lock+0xd7/0x250 [ 2065.165559] __handle_mm_fault+0x2305/0x3f80 [ 2065.169989] ? copy_page_range+0x2030/0x2030 [ 2065.174558] ? count_memcg_event_mm+0x2b1/0x4d0 [ 2065.179257] handle_mm_fault+0x1b5/0x690 [ 2065.183342] __get_user_pages+0x609/0x1860 [ 2065.187711] ? follow_page_mask+0x1ac0/0x1ac0 [ 2065.192356] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2065.197153] ? retint_kernel+0x2d/0x2d [ 2065.201266] populate_vma_page_range+0x20d/0x2a0 [ 2065.206660] __mm_populate+0x204/0x380 [ 2065.210669] ? populate_vma_page_range+0x2a0/0x2a0 [ 2065.215630] ? __x64_sys_mlockall+0x2e5/0x520 [ 2065.220174] ? __x64_sys_mlockall+0x34a/0x520 [ 2065.224788] __x64_sys_mlockall+0x35c/0x520 [ 2065.229143] do_syscall_64+0xfd/0x620 [ 2065.232973] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2065.238180] RIP: 0033:0x45b349 [ 2065.241392] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2065.260315] RSP: 002b:00007f86ac35dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 2065.268058] RAX: ffffffffffffffda RBX: 00007f86ac35e6d4 RCX: 000000000045b349 [ 2065.275340] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 2065.282630] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2065.289909] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2065.297389] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bf2c [ 2065.305800] Task in /syz4 killed as a result of limit of /syz4 [ 2065.312478] memory: usage 307200kB, limit 307200kB, failcnt 3611 [ 2065.318987] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2065.326156] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2065.332588] Memory cgroup stats for /syz4: cache:124KB rss:293652KB rss_huge:217088KB shmem:24KB mapped_file:132KB dirty:0KB writeback:132KB swap:0KB inactive_anon:133196KB active_anon:13396KB inactive_file:0KB active_file:4KB unevictable:147220KB [ 2065.355952] Memory cgroup out of memory: Kill process 30912 (syz-executor.4) score 1226 or sacrifice child [ 2065.366693] Killed process 30915 (syz-executor.4) total-vm:72588kB, anon-rss:18196kB, file-rss:34816kB, shmem-rss:0kB 03:24:46 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x68, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x38, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0b98d71b1bc1612d58"}]}}]}, 0x68}}, 0x0) 03:24:47 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x70, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x40, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{0x0, 0x6}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}, @TCA_RSVP_CLASSID={0x8, 0x1, {0x0, 0x8}}]}}]}, 0x70}}, 0x0) 03:24:47 executing program 5: syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r0 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r0, 0x89f0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) r1 = socket(0x0, 0x400000000080803, 0x0) write(r1, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:24:47 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:24:50 executing program 4: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, &(0x7f0000000180)={'tunl0\x00', @ifru_flags}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:24:50 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x68, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x38, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a1098d71b1bc1612d58"}]}}]}, 0x68}}, 0x0) 03:24:50 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) socket(0x0, 0x400000000080803, 0x0) 03:24:50 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x70, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x40, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{0x0, 0x8}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}, @TCA_RSVP_CLASSID={0x8, 0x1, {0x0, 0x8}}]}}]}, 0x70}}, 0x0) [ 2069.151810] syz-executor.4 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 2069.163098] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 2069.168624] CPU: 0 PID: 31046 Comm: syz-executor.4 Not tainted 4.19.99-syzkaller #0 [ 2069.176433] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2069.185835] Call Trace: [ 2069.188448] dump_stack+0x197/0x210 [ 2069.192107] dump_header+0x15e/0xa55 [ 2069.195865] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2069.201002] ? ___ratelimit+0x60/0x595 [ 2069.204917] ? do_raw_spin_unlock+0x181/0x270 [ 2069.209431] oom_kill_process.cold+0x10/0x6ef [ 2069.214050] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2069.219615] ? task_will_free_mem+0x139/0x6e0 [ 2069.224134] ? find_held_lock+0x35/0x130 [ 2069.228225] out_of_memory+0x362/0x1330 [ 2069.232327] ? lock_downgrade+0x880/0x880 [ 2069.236495] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2069.241637] ? oom_killer_disable+0x280/0x280 [ 2069.246151] ? find_held_lock+0x35/0x130 [ 2069.250258] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2069.255131] ? memcg_event_wake+0x230/0x230 [ 2069.259482] ? do_raw_spin_unlock+0x181/0x270 [ 2069.263996] ? _raw_spin_unlock+0x2d/0x50 [ 2069.268182] try_charge+0xec5/0x1490 [ 2069.271919] ? lock_downgrade+0x880/0x880 [ 2069.276089] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2069.280961] ? rcu_read_unlock+0x33/0x60 [ 2069.285035] ? get_mem_cgroup_from_mm+0x185/0x510 [ 2069.289933] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 2069.296027] mem_cgroup_try_charge+0x259/0x6b0 [ 2069.300651] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2069.305703] wp_page_copy+0x430/0x16a0 [ 2069.309609] ? follow_pfn+0x2a0/0x2a0 [ 2069.313422] ? do_raw_spin_unlock+0x181/0x270 [ 2069.318110] do_wp_page+0x57d/0x10b0 [ 2069.321846] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2069.326521] ? kasan_check_write+0x14/0x20 [ 2069.330767] ? do_raw_spin_lock+0xd7/0x250 [ 2069.335018] __handle_mm_fault+0x2305/0x3f80 [ 2069.339439] ? copy_page_range+0x2030/0x2030 [ 2069.343890] ? count_memcg_event_mm+0x2b1/0x4d0 [ 2069.348573] handle_mm_fault+0x1b5/0x690 [ 2069.352648] __get_user_pages+0x609/0x1860 [ 2069.357334] ? follow_page_mask+0x1ac0/0x1ac0 [ 2069.361845] ? lock_acquire+0x16f/0x3f0 [ 2069.365829] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2069.371552] populate_vma_page_range+0x20d/0x2a0 [ 2069.376320] __mm_populate+0x204/0x380 [ 2069.380218] ? populate_vma_page_range+0x2a0/0x2a0 [ 2069.385169] __x64_sys_mlockall+0x35c/0x520 [ 2069.389500] do_syscall_64+0xfd/0x620 [ 2069.393399] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2069.398603] RIP: 0033:0x45b349 [ 2069.401808] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2069.420980] RSP: 002b:00007f86ac33cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 2069.428696] RAX: ffffffffffffffda RBX: 00007f86ac33d6d4 RCX: 000000000045b349 [ 2069.435986] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 2069.443388] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 2069.450679] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2069.457956] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bfd4 [ 2069.465594] Task in /syz4 killed as a result of limit of /syz4 [ 2069.471655] memory: usage 307200kB, limit 307200kB, failcnt 3645 [ 2069.477809] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2069.484972] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2069.491340] Memory cgroup stats for /syz4: cache:124KB rss:293700KB rss_huge:217088KB shmem:24KB mapped_file:132KB dirty:0KB writeback:132KB swap:0KB inactive_anon:133040KB active_anon:13396KB inactive_file:4KB active_file:0KB unevictable:147348KB [ 2069.514147] Memory cgroup out of memory: Kill process 31018 (syz-executor.4) score 1226 or sacrifice child [ 2069.524709] Killed process 31048 (syz-executor.4) total-vm:72720kB, anon-rss:18324kB, file-rss:34816kB, shmem-rss:0kB 03:24:51 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:24:53 executing program 5: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:24:53 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x70, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x40, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{0x0, 0x9}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}, @TCA_RSVP_CLASSID={0x8, 0x1, {0x0, 0x8}}]}}]}, 0x70}}, 0x0) 03:24:53 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x68, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x38, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a3598d71b1bc1612d58"}]}}]}, 0x68}}, 0x0) 03:24:54 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:24:56 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x68, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x38, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a4498d71b1bc1612d58"}]}}]}, 0x68}}, 0x0) 03:24:56 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) socket(0x0, 0x400000000080803, 0x0) 03:24:56 executing program 4: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, &(0x7f0000000180)={'tunl0\x00', @ifru_flags}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:24:56 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x70, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x40, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{0x0, 0xa}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}, @TCA_RSVP_CLASSID={0x8, 0x1, {0x0, 0x8}}]}}]}, 0x70}}, 0x0) [ 2076.002428] syz-executor.4 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 2076.014482] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 2076.020152] CPU: 0 PID: 31355 Comm: syz-executor.4 Not tainted 4.19.99-syzkaller #0 [ 2076.029763] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2076.039570] Call Trace: [ 2076.042186] dump_stack+0x197/0x210 [ 2076.045850] dump_header+0x15e/0xa55 [ 2076.050377] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2076.056510] ? ___ratelimit+0x60/0x595 [ 2076.060449] ? do_raw_spin_unlock+0x181/0x270 [ 2076.065319] oom_kill_process.cold+0x10/0x6ef [ 2076.070022] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2076.075679] ? task_will_free_mem+0x139/0x6e0 [ 2076.080528] ? find_held_lock+0x35/0x130 [ 2076.084617] out_of_memory+0x362/0x1330 [ 2076.088878] ? lock_downgrade+0x880/0x880 [ 2076.093050] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2076.098483] ? oom_killer_disable+0x280/0x280 [ 2076.103022] ? find_held_lock+0x35/0x130 [ 2076.107225] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2076.112207] ? memcg_event_wake+0x230/0x230 [ 2076.117098] ? do_raw_spin_unlock+0x181/0x270 [ 2076.121710] ? _raw_spin_unlock+0x2d/0x50 [ 2076.126045] try_charge+0xec5/0x1490 [ 2076.129824] ? lock_downgrade+0x880/0x880 [ 2076.134280] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2076.139148] ? rcu_read_unlock+0x33/0x60 [ 2076.143312] ? get_mem_cgroup_from_mm+0x185/0x510 [ 2076.148171] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 2076.154358] mem_cgroup_try_charge+0x259/0x6b0 [ 2076.158961] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2076.163903] wp_page_copy+0x430/0x16a0 [ 2076.167905] ? follow_pfn+0x2a0/0x2a0 [ 2076.171729] ? do_raw_spin_unlock+0x181/0x270 [ 2076.176242] do_wp_page+0x57d/0x10b0 [ 2076.180119] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2076.184887] ? kasan_check_write+0x14/0x20 [ 2076.189185] ? do_raw_spin_lock+0xd7/0x250 [ 2076.193446] __handle_mm_fault+0x2305/0x3f80 [ 2076.197885] ? copy_page_range+0x2030/0x2030 [ 2076.202515] ? count_memcg_event_mm+0x2b1/0x4d0 [ 2076.207208] handle_mm_fault+0x1b5/0x690 [ 2076.211288] __get_user_pages+0x609/0x1860 [ 2076.215545] ? follow_page_mask+0x1ac0/0x1ac0 [ 2076.220089] ? lock_acquire+0x16f/0x3f0 [ 2076.224172] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2076.229863] populate_vma_page_range+0x20d/0x2a0 [ 2076.234761] __mm_populate+0x204/0x380 [ 2076.238675] ? populate_vma_page_range+0x2a0/0x2a0 [ 2076.243645] __x64_sys_mlockall+0x35c/0x520 [ 2076.248013] do_syscall_64+0xfd/0x620 [ 2076.251839] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2076.257066] RIP: 0033:0x45b349 [ 2076.260271] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2076.279634] RSP: 002b:00007f86ac33cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 2076.287456] RAX: ffffffffffffffda RBX: 00007f86ac33d6d4 RCX: 000000000045b349 [ 2076.294888] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 2076.302179] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 2076.309554] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2076.316853] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bfd4 [ 2076.324605] Task in /syz4 killed as a result of limit of /syz4 [ 2076.331054] memory: usage 307200kB, limit 307200kB, failcnt 3949 [ 2076.337207] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2076.344053] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2076.350411] Memory cgroup stats for /syz4: cache:124KB rss:293700KB rss_huge:217088KB shmem:24KB mapped_file:132KB dirty:0KB writeback:132KB swap:0KB inactive_anon:132856KB active_anon:13408KB inactive_file:4KB active_file:0KB unevictable:147480KB [ 2076.373273] Memory cgroup out of memory: Kill process 31309 (syz-executor.4) score 1226 or sacrifice child [ 2076.383281] Killed process 31356 (syz-executor.4) total-vm:72720kB, anon-rss:18324kB, file-rss:34816kB, shmem-rss:0kB 03:24:58 executing program 5: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:24:58 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x68, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x38, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}]}}]}, 0xf}}, 0x0) 03:24:58 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x70, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x40, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{0x0, 0xb}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}, @TCA_RSVP_CLASSID={0x8, 0x1, {0x0, 0x8}}]}}]}, 0x70}}, 0x0) 03:24:59 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x68, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x38, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}]}}]}, 0x10}}, 0x0) 03:24:59 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:24:59 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x70, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x40, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{0x0, 0xc}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}, @TCA_RSVP_CLASSID={0x8, 0x1, {0x0, 0x8}}]}}]}, 0x70}}, 0x0) 03:24:59 executing program 4: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, &(0x7f0000000180)={'tunl0\x00', @ifru_flags}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) [ 2078.507610] syz-executor.4 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 2078.518917] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 2078.524476] CPU: 1 PID: 31488 Comm: syz-executor.4 Not tainted 4.19.99-syzkaller #0 [ 2078.532284] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2078.541652] Call Trace: [ 2078.544265] dump_stack+0x197/0x210 [ 2078.548095] dump_header+0x15e/0xa55 [ 2078.551836] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2078.556965] ? ___ratelimit+0x60/0x595 [ 2078.560868] ? do_raw_spin_unlock+0x181/0x270 [ 2078.565513] oom_kill_process.cold+0x10/0x6ef [ 2078.570038] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2078.575592] ? task_will_free_mem+0x139/0x6e0 [ 2078.580107] ? find_held_lock+0x35/0x130 [ 2078.584262] out_of_memory+0x362/0x1330 [ 2078.588261] ? lock_downgrade+0x880/0x880 [ 2078.592688] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2078.597811] ? oom_killer_disable+0x280/0x280 [ 2078.602348] ? find_held_lock+0x35/0x130 [ 2078.606439] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2078.611305] ? memcg_event_wake+0x230/0x230 [ 2078.615735] ? do_raw_spin_unlock+0x181/0x270 [ 2078.620256] ? _raw_spin_unlock+0x2d/0x50 [ 2078.624426] try_charge+0xec5/0x1490 [ 2078.628187] ? lock_downgrade+0x880/0x880 [ 2078.632363] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2078.637230] ? rcu_read_unlock+0x33/0x60 [ 2078.641326] ? get_mem_cgroup_from_mm+0x185/0x510 [ 2078.646291] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 2078.652412] mem_cgroup_try_charge+0x259/0x6b0 [ 2078.657024] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2078.661970] wp_page_copy+0x430/0x16a0 [ 2078.665884] ? follow_pfn+0x2a0/0x2a0 [ 2078.669717] ? do_raw_spin_unlock+0x181/0x270 [ 2078.674243] do_wp_page+0x57d/0x10b0 [ 2078.677978] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2078.682663] ? kasan_check_write+0x14/0x20 [ 2078.686942] ? do_raw_spin_lock+0xd7/0x250 [ 2078.691204] __handle_mm_fault+0x2305/0x3f80 [ 2078.695631] ? copy_page_range+0x2030/0x2030 [ 2078.700070] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2078.705637] ? sync_mm_rss+0xa4/0x1c0 [ 2078.709462] handle_mm_fault+0x1b5/0x690 [ 2078.713544] __get_user_pages+0x609/0x1860 [ 2078.717809] ? follow_page_mask+0x1ac0/0x1ac0 [ 2078.722340] ? lock_acquire+0x16f/0x3f0 [ 2078.726354] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2078.731916] populate_vma_page_range+0x20d/0x2a0 [ 2078.736697] __mm_populate+0x204/0x380 [ 2078.740599] ? populate_vma_page_range+0x2a0/0x2a0 [ 2078.745544] __x64_sys_mlockall+0x35c/0x520 [ 2078.749886] do_syscall_64+0xfd/0x620 [ 2078.753708] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2078.758934] RIP: 0033:0x45b349 [ 2078.762141] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2078.781056] RSP: 002b:00007f86ac33cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 2078.788788] RAX: ffffffffffffffda RBX: 00007f86ac33d6d4 RCX: 000000000045b349 [ 2078.796076] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 2078.803359] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 2078.810645] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2078.818023] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bfd4 [ 2078.825610] Task in /syz4 killed as a result of limit of /syz4 [ 2078.831956] memory: usage 307200kB, limit 307200kB, failcnt 4306 [ 2078.838115] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2078.845003] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2078.851211] Memory cgroup stats for /syz4: cache:124KB rss:293712KB rss_huge:217088KB shmem:24KB mapped_file:132KB dirty:0KB writeback:132KB swap:0KB inactive_anon:133000KB active_anon:13396KB inactive_file:4KB active_file:0KB unevictable:147348KB [ 2078.873579] Memory cgroup out of memory: Kill process 31485 (syz-executor.4) score 1226 or sacrifice child [ 2078.883499] Killed process 31489 (syz-executor.4) total-vm:72720kB, anon-rss:18324kB, file-rss:34816kB, shmem-rss:0kB 03:25:00 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) socket(0x0, 0x400000000080803, 0x0) 03:25:00 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x68, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x38, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}]}}]}, 0x23}}, 0x0) 03:25:00 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x70, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x40, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{0x0, 0xe}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}, @TCA_RSVP_CLASSID={0x8, 0x1, {0x0, 0x8}}]}}]}, 0x70}}, 0x0) 03:25:01 executing program 5: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:25:01 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x68, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x38, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}]}}]}, 0xc0}}, 0x0) 03:25:01 executing program 4: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, &(0x7f0000000180)={'tunl0\x00', @ifru_flags}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:25:01 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x70, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x40, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{0x0, 0xf}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}, @TCA_RSVP_CLASSID={0x8, 0x1, {0x0, 0x8}}]}}]}, 0x70}}, 0x0) [ 2080.571239] syz-executor.4 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 2080.582546] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 2080.588154] CPU: 0 PID: 31522 Comm: syz-executor.4 Not tainted 4.19.99-syzkaller #0 [ 2080.595956] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2080.605322] Call Trace: [ 2080.607935] dump_stack+0x197/0x210 [ 2080.611588] dump_header+0x15e/0xa55 [ 2080.615336] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2080.620453] ? ___ratelimit+0x60/0x595 [ 2080.624519] ? do_raw_spin_unlock+0x181/0x270 [ 2080.629041] oom_kill_process.cold+0x10/0x6ef [ 2080.633569] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2080.639145] ? task_will_free_mem+0x139/0x6e0 [ 2080.643667] ? find_held_lock+0x35/0x130 [ 2080.647765] out_of_memory+0x362/0x1330 [ 2080.651761] ? lock_downgrade+0x880/0x880 [ 2080.655929] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2080.661052] ? oom_killer_disable+0x280/0x280 [ 2080.665578] ? find_held_lock+0x35/0x130 [ 2080.669669] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2080.674533] ? memcg_event_wake+0x230/0x230 [ 2080.678980] ? do_raw_spin_unlock+0x181/0x270 [ 2080.683497] ? _raw_spin_unlock+0x2d/0x50 [ 2080.687763] try_charge+0xec5/0x1490 [ 2080.691504] ? lock_downgrade+0x880/0x880 [ 2080.695689] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2080.700553] ? rcu_read_unlock+0x33/0x60 [ 2080.704657] ? get_mem_cgroup_from_mm+0x185/0x510 [ 2080.709531] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 2080.715626] mem_cgroup_try_charge+0x259/0x6b0 [ 2080.720248] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2080.725208] wp_page_copy+0x430/0x16a0 [ 2080.729134] ? follow_pfn+0x2a0/0x2a0 [ 2080.732960] ? do_raw_spin_unlock+0x181/0x270 [ 2080.737479] do_wp_page+0x57d/0x10b0 [ 2080.741211] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2080.745901] ? kasan_check_write+0x14/0x20 [ 2080.750155] ? do_raw_spin_lock+0xd7/0x250 [ 2080.754424] __handle_mm_fault+0x2305/0x3f80 [ 2080.758859] ? copy_page_range+0x2030/0x2030 [ 2080.763390] ? count_memcg_event_mm+0x2b1/0x4d0 [ 2080.768214] handle_mm_fault+0x1b5/0x690 [ 2080.772466] __get_user_pages+0x609/0x1860 [ 2080.776730] ? follow_page_mask+0x1ac0/0x1ac0 [ 2080.781251] ? lock_acquire+0x16f/0x3f0 [ 2080.785240] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2080.790805] populate_vma_page_range+0x20d/0x2a0 [ 2080.795606] __mm_populate+0x204/0x380 [ 2080.799517] ? populate_vma_page_range+0x2a0/0x2a0 [ 2080.804484] __x64_sys_mlockall+0x35c/0x520 [ 2080.808831] do_syscall_64+0xfd/0x620 [ 2080.812658] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2080.817858] RIP: 0033:0x45b349 [ 2080.821062] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2080.839977] RSP: 002b:00007f86ac33cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 2080.847819] RAX: ffffffffffffffda RBX: 00007f86ac33d6d4 RCX: 000000000045b349 [ 2080.855227] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 2080.862514] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 2080.869798] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2080.877179] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bfd4 [ 2080.884789] Task in /syz4 killed as a result of limit of /syz4 [ 2080.890851] memory: usage 307200kB, limit 307200kB, failcnt 4648 [ 2080.897003] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2080.903849] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2080.910067] Memory cgroup stats for /syz4: cache:124KB rss:293712KB rss_huge:217088KB shmem:24KB mapped_file:132KB dirty:0KB writeback:132KB swap:0KB inactive_anon:132972KB active_anon:13396KB inactive_file:4KB active_file:0KB unevictable:147348KB [ 2080.932351] Memory cgroup out of memory: Kill process 31517 (syz-executor.4) score 1226 or sacrifice child [ 2080.942371] Killed process 31523 (syz-executor.4) total-vm:72720kB, anon-rss:18324kB, file-rss:34816kB, shmem-rss:0kB 03:25:02 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x68, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x38, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}]}}]}, 0xec0}}, 0x0) 03:25:02 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x70, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x40, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{0x0, 0x10}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}, @TCA_RSVP_CLASSID={0x8, 0x1, {0x0, 0x8}}]}}]}, 0x70}}, 0x0) 03:25:03 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:25:03 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) write(0xffffffffffffffff, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:25:03 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x68, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x38, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}]}}]}, 0x33fe0}}, 0x0) 03:25:03 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x70, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x40, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{0x0, 0x3c}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}, @TCA_RSVP_CLASSID={0x8, 0x1, {0x0, 0x8}}]}}]}, 0x70}}, 0x0) 03:25:03 executing program 4: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, &(0x7f0000000180)={'tunl0\x00', @ifru_flags}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) [ 2082.548328] syz-executor.4 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 2082.559636] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 2082.565126] CPU: 0 PID: 31548 Comm: syz-executor.4 Not tainted 4.19.99-syzkaller #0 [ 2082.572949] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2082.582312] Call Trace: [ 2082.584916] dump_stack+0x197/0x210 [ 2082.588567] dump_header+0x15e/0xa55 [ 2082.592295] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2082.597423] ? ___ratelimit+0x60/0x595 [ 2082.601343] ? do_raw_spin_unlock+0x181/0x270 [ 2082.605861] oom_kill_process.cold+0x10/0x6ef [ 2082.610379] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2082.615935] ? task_will_free_mem+0x139/0x6e0 [ 2082.620452] ? find_held_lock+0x35/0x130 [ 2082.624532] out_of_memory+0x362/0x1330 [ 2082.628522] ? lock_downgrade+0x880/0x880 [ 2082.632692] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2082.637916] ? oom_killer_disable+0x280/0x280 [ 2082.642431] ? find_held_lock+0x35/0x130 [ 2082.646515] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2082.651500] ? memcg_event_wake+0x230/0x230 [ 2082.655843] ? do_raw_spin_unlock+0x181/0x270 [ 2082.660456] ? _raw_spin_unlock+0x2d/0x50 [ 2082.664625] try_charge+0xec5/0x1490 [ 2082.668358] ? lock_downgrade+0x880/0x880 [ 2082.673222] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2082.678082] ? rcu_read_unlock+0x33/0x60 [ 2082.682164] ? get_mem_cgroup_from_mm+0x185/0x510 [ 2082.687020] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 2082.693108] mem_cgroup_try_charge+0x259/0x6b0 [ 2082.697722] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2082.702789] wp_page_copy+0x430/0x16a0 [ 2082.706717] ? follow_pfn+0x2a0/0x2a0 [ 2082.710640] ? do_raw_spin_unlock+0x181/0x270 [ 2082.715256] do_wp_page+0x57d/0x10b0 [ 2082.718992] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2082.723680] ? kasan_check_write+0x14/0x20 [ 2082.728085] ? do_raw_spin_lock+0xd7/0x250 [ 2082.732344] __handle_mm_fault+0x2305/0x3f80 [ 2082.736775] ? copy_page_range+0x2030/0x2030 [ 2082.741479] ? count_memcg_event_mm+0x2b1/0x4d0 [ 2082.746189] handle_mm_fault+0x1b5/0x690 [ 2082.750270] __get_user_pages+0x609/0x1860 [ 2082.754644] ? follow_page_mask+0x1ac0/0x1ac0 [ 2082.759171] ? lock_acquire+0x16f/0x3f0 [ 2082.763166] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2082.769080] populate_vma_page_range+0x20d/0x2a0 [ 2082.773873] __mm_populate+0x204/0x380 [ 2082.777784] ? populate_vma_page_range+0x2a0/0x2a0 [ 2082.782743] __x64_sys_mlockall+0x35c/0x520 [ 2082.787090] do_syscall_64+0xfd/0x620 [ 2082.790918] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2082.796116] RIP: 0033:0x45b349 [ 2082.799318] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2082.818335] RSP: 002b:00007f86ac33cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 2082.826062] RAX: ffffffffffffffda RBX: 00007f86ac33d6d4 RCX: 000000000045b349 [ 2082.833548] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 2082.840836] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 2082.848226] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2082.855509] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bfd4 [ 2082.863096] Task in /syz4 killed as a result of limit of /syz4 [ 2082.869207] memory: usage 307200kB, limit 307200kB, failcnt 5046 [ 2082.875423] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2082.882272] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2082.888446] Memory cgroup stats for /syz4: cache:124KB rss:293568KB rss_huge:217088KB shmem:24KB mapped_file:132KB dirty:0KB writeback:132KB swap:0KB inactive_anon:132948KB active_anon:13396KB inactive_file:4KB active_file:0KB unevictable:147348KB [ 2082.911089] Memory cgroup out of memory: Kill process 31540 (syz-executor.4) score 1226 or sacrifice child [ 2082.920990] Killed process 31552 (syz-executor.4) total-vm:72720kB, anon-rss:18324kB, file-rss:34816kB, shmem-rss:0kB 03:25:04 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x68, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x38, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}]}}]}, 0x20000868}}, 0x0) 03:25:04 executing program 5: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:25:04 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x70, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x40, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{0x0, 0x60}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}, @TCA_RSVP_CLASSID={0x8, 0x1, {0x0, 0x8}}]}}]}, 0x70}}, 0x0) 03:25:05 executing program 4: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, &(0x7f0000000180)={'tunl0\x00', @ifru_flags}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:25:05 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x68, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x38, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}]}}]}, 0x7ffff000}}, 0x0) 03:25:05 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x70, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x40, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{0x0, 0xf0}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}, @TCA_RSVP_CLASSID={0x8, 0x1, {0x0, 0x8}}]}}]}, 0x70}}, 0x0) 03:25:05 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) write(0xffffffffffffffff, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) [ 2084.486849] syz-executor.4 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 2084.498382] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 2084.506056] CPU: 0 PID: 31574 Comm: syz-executor.4 Not tainted 4.19.99-syzkaller #0 [ 2084.513882] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2084.523254] Call Trace: [ 2084.525868] dump_stack+0x197/0x210 [ 2084.529526] dump_header+0x15e/0xa55 [ 2084.533255] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2084.538377] ? ___ratelimit+0x60/0x595 [ 2084.542287] ? do_raw_spin_unlock+0x181/0x270 [ 2084.546827] oom_kill_process.cold+0x10/0x6ef [ 2084.551446] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2084.557014] ? task_will_free_mem+0x139/0x6e0 [ 2084.561541] ? find_held_lock+0x35/0x130 [ 2084.565638] out_of_memory+0x362/0x1330 [ 2084.569647] ? lock_downgrade+0x880/0x880 [ 2084.573826] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2084.578952] ? oom_killer_disable+0x280/0x280 [ 2084.583466] ? find_held_lock+0x35/0x130 [ 2084.587583] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2084.592446] ? memcg_event_wake+0x230/0x230 [ 2084.596890] ? do_raw_spin_unlock+0x181/0x270 [ 2084.601428] ? _raw_spin_unlock+0x2d/0x50 [ 2084.605596] try_charge+0xec5/0x1490 [ 2084.609332] ? lock_downgrade+0x880/0x880 [ 2084.613510] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2084.618383] ? rcu_read_unlock+0x33/0x60 [ 2084.622488] ? get_mem_cgroup_from_mm+0x185/0x510 [ 2084.627360] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 2084.633468] mem_cgroup_try_charge+0x259/0x6b0 [ 2084.638084] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2084.643039] wp_page_copy+0x430/0x16a0 [ 2084.647075] ? follow_pfn+0x2a0/0x2a0 [ 2084.650905] ? do_raw_spin_unlock+0x181/0x270 [ 2084.655423] do_wp_page+0x57d/0x10b0 [ 2084.659193] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2084.663882] ? kasan_check_write+0x14/0x20 [ 2084.668253] ? do_raw_spin_lock+0xd7/0x250 [ 2084.672521] __handle_mm_fault+0x2305/0x3f80 [ 2084.676964] ? copy_page_range+0x2030/0x2030 [ 2084.681420] ? count_memcg_event_mm+0x2b1/0x4d0 [ 2084.686231] handle_mm_fault+0x1b5/0x690 [ 2084.690330] __get_user_pages+0x609/0x1860 [ 2084.694599] ? follow_page_mask+0x1ac0/0x1ac0 [ 2084.699127] ? lock_acquire+0x16f/0x3f0 [ 2084.703245] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2084.708816] populate_vma_page_range+0x20d/0x2a0 [ 2084.713691] __mm_populate+0x204/0x380 [ 2084.717615] ? populate_vma_page_range+0x2a0/0x2a0 [ 2084.722852] __x64_sys_mlockall+0x35c/0x520 [ 2084.727202] do_syscall_64+0xfd/0x620 [ 2084.731119] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2084.736323] RIP: 0033:0x45b349 [ 2084.739539] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2084.758831] RSP: 002b:00007f86ac35dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 2084.766564] RAX: ffffffffffffffda RBX: 00007f86ac35e6d4 RCX: 000000000045b349 [ 2084.773852] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 2084.781320] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2084.788625] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2084.795916] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bf2c [ 2084.804375] Task in /syz4 killed as a result of limit of /syz4 [ 2084.815895] memory: usage 307104kB, limit 307200kB, failcnt 5474 [ 2084.842416] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2084.857297] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2084.875007] Memory cgroup stats for /syz4: cache:124KB rss:293568KB rss_huge:217088KB shmem:24KB mapped_file:132KB dirty:0KB writeback:132KB swap:0KB inactive_anon:132776KB active_anon:13396KB inactive_file:4KB active_file:0KB unevictable:147480KB [ 2084.957457] Memory cgroup out of memory: Kill process 31573 (syz-executor.4) score 1226 or sacrifice child 03:25:06 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:25:06 executing program 5: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:25:06 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x68, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x38, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}]}}]}, 0xfffffdef}}, 0x0) 03:25:06 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x70, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x40, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{0x0, 0x300}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}, @TCA_RSVP_CLASSID={0x8, 0x1, {0x0, 0x8}}]}}]}, 0x70}}, 0x0) [ 2085.009453] Killed process 31578 (syz-executor.4) total-vm:72852kB, anon-rss:18456kB, file-rss:34816kB, shmem-rss:0kB 03:25:07 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x70, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x40, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{0x0, 0x500}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}, @TCA_RSVP_CLASSID={0x8, 0x1, {0x0, 0x8}}]}}]}, 0x70}}, 0x0) 03:25:07 executing program 4: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, &(0x7f0000000180)={'tunl0\x00', @ifru_flags}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:25:07 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x68, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x38, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}]}}]}, 0x68}, 0x2}, 0x0) [ 2086.139423] syz-executor.4 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 2086.150908] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 2086.156322] CPU: 1 PID: 31714 Comm: syz-executor.4 Not tainted 4.19.99-syzkaller #0 [ 2086.164228] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2086.173594] Call Trace: [ 2086.176224] dump_stack+0x197/0x210 [ 2086.179870] dump_header+0x15e/0xa55 [ 2086.183616] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 03:25:07 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x70, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x40, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{0x0, 0x600}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}, @TCA_RSVP_CLASSID={0x8, 0x1, {0x0, 0x8}}]}}]}, 0x70}}, 0x0) [ 2086.188739] ? ___ratelimit+0x60/0x595 [ 2086.192643] ? do_raw_spin_unlock+0x181/0x270 [ 2086.197177] oom_kill_process.cold+0x10/0x6ef [ 2086.201709] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2086.207268] ? task_will_free_mem+0x139/0x6e0 [ 2086.211787] ? find_held_lock+0x35/0x130 [ 2086.215872] out_of_memory+0x362/0x1330 [ 2086.219870] ? lock_downgrade+0x880/0x880 [ 2086.224044] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2086.229263] ? oom_killer_disable+0x280/0x280 [ 2086.233777] ? find_held_lock+0x35/0x130 03:25:07 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x68, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x38, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}]}}]}, 0x68}, 0x8}, 0x0) [ 2086.237868] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2086.242727] ? memcg_event_wake+0x230/0x230 [ 2086.247085] ? do_raw_spin_unlock+0x181/0x270 [ 2086.251601] ? _raw_spin_unlock+0x2d/0x50 [ 2086.255769] try_charge+0xec5/0x1490 [ 2086.259498] ? lock_downgrade+0x880/0x880 [ 2086.263681] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2086.268540] ? rcu_read_unlock+0x33/0x60 [ 2086.272664] ? get_mem_cgroup_from_mm+0x185/0x510 [ 2086.277579] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 2086.283670] mem_cgroup_try_charge+0x259/0x6b0 [ 2086.288290] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2086.293243] wp_page_copy+0x430/0x16a0 [ 2086.297161] ? follow_pfn+0x2a0/0x2a0 [ 2086.300985] ? do_raw_spin_unlock+0x181/0x270 [ 2086.305612] do_wp_page+0x57d/0x10b0 [ 2086.309351] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2086.314042] ? kasan_check_write+0x14/0x20 [ 2086.318975] ? do_raw_spin_lock+0xd7/0x250 [ 2086.323494] __handle_mm_fault+0x2305/0x3f80 [ 2086.328157] ? copy_page_range+0x2030/0x2030 [ 2086.332648] ? count_memcg_event_mm+0x2b1/0x4d0 [ 2086.337693] handle_mm_fault+0x1b5/0x690 [ 2086.341783] __get_user_pages+0x609/0x1860 [ 2086.346050] ? follow_page_mask+0x1ac0/0x1ac0 [ 2086.350586] ? lock_acquire+0x16f/0x3f0 [ 2086.354581] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2086.360243] populate_vma_page_range+0x20d/0x2a0 [ 2086.365033] __mm_populate+0x204/0x380 [ 2086.368955] ? populate_vma_page_range+0x2a0/0x2a0 [ 2086.373926] __x64_sys_mlockall+0x35c/0x520 [ 2086.378479] do_syscall_64+0xfd/0x620 [ 2086.382311] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2086.387519] RIP: 0033:0x45b349 03:25:07 executing program 5: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) [ 2086.390746] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2086.409662] RSP: 002b:00007f86ac35dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 2086.417396] RAX: ffffffffffffffda RBX: 00007f86ac35e6d4 RCX: 000000000045b349 [ 2086.424684] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 2086.431974] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2086.439266] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2086.446558] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bf2c [ 2086.454144] Task in /syz4 killed as a result of limit of /syz4 [ 2086.460213] memory: usage 307200kB, limit 307200kB, failcnt 5515 [ 2086.466380] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2086.473356] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2086.479515] Memory cgroup stats for /syz4: cache:124KB rss:293556KB rss_huge:217088KB shmem:24KB mapped_file:132KB dirty:0KB writeback:132KB swap:0KB inactive_anon:132912KB active_anon:13396KB inactive_file:0KB active_file:4KB unevictable:147352KB [ 2086.502083] Memory cgroup out of memory: Kill process 31711 (syz-executor.4) score 1226 or sacrifice child [ 2086.512679] Killed process 31718 (syz-executor.4) total-vm:72720kB, anon-rss:18328kB, file-rss:34816kB, shmem-rss:0kB [ 2086.577379] oom_reaper: reaped process 31718 (syz-executor.4), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 03:25:08 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:25:09 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) write(0xffffffffffffffff, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:25:09 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x70, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x40, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{0x0, 0x900}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}, @TCA_RSVP_CLASSID={0x8, 0x1, {0x0, 0x8}}]}}]}, 0x70}}, 0x0) 03:25:09 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x68, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x38, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}]}}]}, 0x68}, 0xe}, 0x0) 03:25:09 executing program 4: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, &(0x7f0000000180)={'tunl0\x00', @ifru_flags}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:25:09 executing program 5: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) [ 2088.805978] syz-executor.4 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 2088.817296] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 2088.822795] CPU: 0 PID: 31950 Comm: syz-executor.4 Not tainted 4.19.99-syzkaller #0 [ 2088.830707] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2088.840077] Call Trace: [ 2088.842693] dump_stack+0x197/0x210 [ 2088.846351] dump_header+0x15e/0xa55 [ 2088.850117] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2088.855390] ? ___ratelimit+0x60/0x595 [ 2088.859298] ? do_raw_spin_unlock+0x181/0x270 [ 2088.863815] oom_kill_process.cold+0x10/0x6ef [ 2088.868340] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2088.874461] ? task_will_free_mem+0x139/0x6e0 [ 2088.878983] ? find_held_lock+0x35/0x130 [ 2088.883084] out_of_memory+0x362/0x1330 [ 2088.887092] ? lock_downgrade+0x880/0x880 [ 2088.891283] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2088.896421] ? oom_killer_disable+0x280/0x280 [ 2088.900930] ? find_held_lock+0x35/0x130 [ 2088.905028] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2088.910026] ? memcg_event_wake+0x230/0x230 [ 2088.914398] ? do_raw_spin_unlock+0x181/0x270 [ 2088.918904] ? _raw_spin_unlock+0x2d/0x50 [ 2088.923061] try_charge+0xec5/0x1490 [ 2088.926792] ? lock_downgrade+0x880/0x880 [ 2088.930964] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2088.935829] ? rcu_read_unlock+0x33/0x60 [ 2088.939906] ? get_mem_cgroup_from_mm+0x185/0x510 [ 2088.944793] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 2088.950879] mem_cgroup_try_charge+0x259/0x6b0 [ 2088.955555] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2088.960656] wp_page_copy+0x430/0x16a0 [ 2088.964574] ? follow_pfn+0x2a0/0x2a0 [ 2088.968403] ? do_raw_spin_unlock+0x181/0x270 [ 2088.972916] do_wp_page+0x57d/0x10b0 [ 2088.976664] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2088.981351] ? kasan_check_write+0x14/0x20 [ 2088.985694] ? do_raw_spin_lock+0xd7/0x250 [ 2088.989969] __handle_mm_fault+0x2305/0x3f80 [ 2088.994415] ? copy_page_range+0x2030/0x2030 [ 2088.998962] ? count_memcg_event_mm+0x2b1/0x4d0 [ 2089.003674] handle_mm_fault+0x1b5/0x690 [ 2089.007886] __get_user_pages+0x609/0x1860 [ 2089.012155] ? follow_page_mask+0x1ac0/0x1ac0 [ 2089.016680] ? lock_acquire+0x16f/0x3f0 [ 2089.020672] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2089.026235] populate_vma_page_range+0x20d/0x2a0 [ 2089.031028] __mm_populate+0x204/0x380 [ 2089.035982] ? populate_vma_page_range+0x2a0/0x2a0 [ 2089.040942] __x64_sys_mlockall+0x35c/0x520 [ 2089.045283] do_syscall_64+0xfd/0x620 [ 2089.049108] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2089.054415] RIP: 0033:0x45b349 [ 2089.057636] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2089.076641] RSP: 002b:00007f86ac33cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 2089.084470] RAX: ffffffffffffffda RBX: 00007f86ac33d6d4 RCX: 000000000045b349 [ 2089.091872] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 2089.099158] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 2089.106549] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2089.114776] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bfd4 [ 2089.122346] Task in /syz4 killed as a result of limit of /syz4 [ 2089.128457] memory: usage 307200kB, limit 307200kB, failcnt 5547 [ 2089.134661] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2089.141511] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2089.147664] Memory cgroup stats for /syz4: cache:124KB rss:293476KB rss_huge:217088KB shmem:24KB mapped_file:132KB dirty:0KB writeback:132KB swap:0KB inactive_anon:132884KB active_anon:13396KB inactive_file:4KB active_file:0KB unevictable:147348KB [ 2089.170505] Memory cgroup out of memory: Kill process 31942 (syz-executor.4) score 1226 or sacrifice child [ 2089.180431] Killed process 31955 (syz-executor.4) total-vm:72720kB, anon-rss:18324kB, file-rss:34816kB, shmem-rss:0kB 03:25:12 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:25:12 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x68, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x38, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}]}}]}, 0x68}, 0x35}, 0x0) 03:25:12 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x70, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x40, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{0x0, 0xa00}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}, @TCA_RSVP_CLASSID={0x8, 0x1, {0x0, 0x8}}]}}]}, 0x70}}, 0x0) 03:25:13 executing program 5: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:25:13 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x68, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x38, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}]}}]}, 0x68}, 0x300}, 0x0) 03:25:13 executing program 4: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, &(0x7f0000000180)={'tunl0\x00', @ifru_flags}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:25:13 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x70, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x40, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{0x0, 0xb00}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}, @TCA_RSVP_CLASSID={0x8, 0x1, {0x0, 0x8}}]}}]}, 0x70}}, 0x0) [ 2092.472936] syz-executor.4 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 2092.484358] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 2092.489767] CPU: 0 PID: 31988 Comm: syz-executor.4 Not tainted 4.19.99-syzkaller #0 [ 2092.497581] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2092.507055] Call Trace: [ 2092.509661] dump_stack+0x197/0x210 [ 2092.513326] dump_header+0x15e/0xa55 [ 2092.517059] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2092.522484] ? ___ratelimit+0x60/0x595 [ 2092.526386] ? do_raw_spin_unlock+0x181/0x270 [ 2092.531606] oom_kill_process.cold+0x10/0x6ef [ 2092.536138] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2092.541727] ? task_will_free_mem+0x139/0x6e0 [ 2092.546374] ? find_held_lock+0x35/0x130 [ 2092.550467] out_of_memory+0x362/0x1330 [ 2092.554464] ? lock_downgrade+0x880/0x880 [ 2092.558640] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2092.563809] ? oom_killer_disable+0x280/0x280 [ 2092.568324] ? find_held_lock+0x35/0x130 [ 2092.572419] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2092.577398] ? memcg_event_wake+0x230/0x230 [ 2092.581743] ? do_raw_spin_unlock+0x181/0x270 [ 2092.586265] ? _raw_spin_unlock+0x2d/0x50 [ 2092.590441] try_charge+0xec5/0x1490 [ 2092.594182] ? lock_downgrade+0x880/0x880 [ 2092.598354] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2092.603218] ? rcu_read_unlock+0x33/0x60 [ 2092.607301] ? get_mem_cgroup_from_mm+0x185/0x510 [ 2092.612168] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 2092.618285] mem_cgroup_try_charge+0x259/0x6b0 [ 2092.622895] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2092.627852] wp_page_copy+0x430/0x16a0 [ 2092.631778] ? follow_pfn+0x2a0/0x2a0 [ 2092.635599] ? do_raw_spin_unlock+0x181/0x270 [ 2092.640119] do_wp_page+0x57d/0x10b0 [ 2092.643847] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2092.648575] ? kasan_check_write+0x14/0x20 [ 2092.652833] ? do_raw_spin_lock+0xd7/0x250 [ 2092.657096] __handle_mm_fault+0x2305/0x3f80 [ 2092.661534] ? copy_page_range+0x2030/0x2030 [ 2092.665974] ? count_memcg_event_mm+0x2b1/0x4d0 [ 2092.670695] handle_mm_fault+0x1b5/0x690 [ 2092.674818] __get_user_pages+0x609/0x1860 [ 2092.679095] ? follow_page_mask+0x1ac0/0x1ac0 [ 2092.683622] ? lock_acquire+0x16f/0x3f0 [ 2092.687725] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2092.693292] populate_vma_page_range+0x20d/0x2a0 [ 2092.698090] __mm_populate+0x204/0x380 [ 2092.702002] ? populate_vma_page_range+0x2a0/0x2a0 [ 2092.706964] __x64_sys_mlockall+0x35c/0x520 [ 2092.711310] do_syscall_64+0xfd/0x620 [ 2092.715128] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2092.720344] RIP: 0033:0x45b349 [ 2092.723552] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2092.742669] RSP: 002b:00007f86ac33cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 2092.750632] RAX: ffffffffffffffda RBX: 00007f86ac33d6d4 RCX: 000000000045b349 [ 2092.757920] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 2092.765204] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 2092.772842] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2092.780132] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bfd4 [ 2092.787710] Task in /syz4 killed as a result of limit of /syz4 [ 2092.793798] memory: usage 307200kB, limit 307200kB, failcnt 5965 [ 2092.800010] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2092.806778] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2092.812979] Memory cgroup stats for /syz4: cache:124KB rss:293568KB rss_huge:217088KB shmem:24KB mapped_file:132KB dirty:0KB writeback:132KB swap:0KB inactive_anon:132872KB active_anon:13396KB inactive_file:4KB active_file:0KB unevictable:147348KB [ 2092.835828] Memory cgroup out of memory: Kill process 31983 (syz-executor.4) score 1226 or sacrifice child [ 2092.845737] Killed process 31989 (syz-executor.4) total-vm:72720kB, anon-rss:18324kB, file-rss:34816kB, shmem-rss:0kB 03:25:14 executing program 2: syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r0 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r0, 0x89f0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) r1 = socket(0x0, 0x400000000080803, 0x0) write(r1, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:25:14 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x68, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x38, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}]}}]}, 0x68}, 0xffffff1f}, 0x0) 03:25:15 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x70, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x40, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{0x0, 0xc00}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}, @TCA_RSVP_CLASSID={0x8, 0x1, {0x0, 0x8}}]}}]}, 0x70}}, 0x0) 03:25:16 executing program 4: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, &(0x7f0000000180)={'tunl0\x00', @ifru_flags}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:25:16 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x68, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x38, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}]}}]}, 0x68}, 0x1, 0x2}, 0x0) [ 2095.262485] syz-executor.4 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 2095.273942] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 2095.279420] CPU: 1 PID: 32101 Comm: syz-executor.4 Not tainted 4.19.99-syzkaller #0 [ 2095.287232] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2095.296597] Call Trace: [ 2095.299215] dump_stack+0x197/0x210 [ 2095.302861] dump_header+0x15e/0xa55 [ 2095.306598] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2095.311722] ? ___ratelimit+0x60/0x595 [ 2095.315620] ? do_raw_spin_unlock+0x181/0x270 [ 2095.320131] oom_kill_process.cold+0x10/0x6ef [ 2095.324650] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2095.330202] ? task_will_free_mem+0x139/0x6e0 [ 2095.334823] ? find_held_lock+0x35/0x130 [ 2095.339112] out_of_memory+0x362/0x1330 [ 2095.343125] ? lock_downgrade+0x880/0x880 [ 2095.347289] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2095.352413] ? oom_killer_disable+0x280/0x280 [ 2095.358061] ? find_held_lock+0x35/0x130 [ 2095.362230] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2095.367093] ? memcg_event_wake+0x230/0x230 [ 2095.371444] ? do_raw_spin_unlock+0x181/0x270 [ 2095.375959] ? _raw_spin_unlock+0x2d/0x50 [ 2095.380128] try_charge+0xec5/0x1490 [ 2095.383864] ? lock_downgrade+0x880/0x880 [ 2095.388044] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2095.392926] ? rcu_read_unlock+0x33/0x60 [ 2095.397004] ? get_mem_cgroup_from_mm+0x185/0x510 [ 2095.401867] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 2095.408044] mem_cgroup_try_charge+0x259/0x6b0 [ 2095.412664] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2095.417617] wp_page_copy+0x430/0x16a0 [ 2095.421533] ? follow_pfn+0x2a0/0x2a0 [ 2095.425356] ? do_raw_spin_unlock+0x181/0x270 [ 2095.429873] do_wp_page+0x57d/0x10b0 [ 2095.433602] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2095.438288] ? kasan_check_write+0x14/0x20 [ 2095.442547] ? do_raw_spin_lock+0xd7/0x250 [ 2095.446831] __handle_mm_fault+0x2305/0x3f80 [ 2095.452047] ? copy_page_range+0x2030/0x2030 [ 2095.456496] ? count_memcg_event_mm+0x2b1/0x4d0 [ 2095.461190] handle_mm_fault+0x1b5/0x690 [ 2095.465280] __get_user_pages+0x609/0x1860 [ 2095.469547] ? follow_page_mask+0x1ac0/0x1ac0 [ 2095.474084] ? lock_acquire+0x16f/0x3f0 [ 2095.478071] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2095.483750] populate_vma_page_range+0x20d/0x2a0 [ 2095.488545] __mm_populate+0x204/0x380 [ 2095.492461] ? populate_vma_page_range+0x2a0/0x2a0 [ 2095.497430] __x64_sys_mlockall+0x35c/0x520 [ 2095.501775] do_syscall_64+0xfd/0x620 [ 2095.505607] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2095.510810] RIP: 0033:0x45b349 [ 2095.514016] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2095.533625] RSP: 002b:00007f86ac35dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 2095.541370] RAX: ffffffffffffffda RBX: 00007f86ac35e6d4 RCX: 000000000045b349 [ 2095.548831] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 2095.556225] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2095.563573] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2095.570869] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bf2c [ 2095.578813] Task in /syz4 killed as a result of limit of /syz4 [ 2095.584893] memory: usage 307200kB, limit 307200kB, failcnt 6361 [ 2095.591096] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2095.598127] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2095.604422] Memory cgroup stats for /syz4: cache:124KB rss:293448KB rss_huge:217088KB shmem:24KB mapped_file:132KB dirty:0KB writeback:132KB swap:0KB inactive_anon:132988KB active_anon:13396KB inactive_file:4KB active_file:0KB unevictable:147220KB [ 2095.626819] Memory cgroup out of memory: Kill process 32099 (syz-executor.4) score 1226 or sacrifice child [ 2095.636740] Killed process 32102 (syz-executor.4) total-vm:72588kB, anon-rss:18196kB, file-rss:34816kB, shmem-rss:0kB 03:25:17 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:25:17 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x70, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x40, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{0x0, 0xe00}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}, @TCA_RSVP_CLASSID={0x8, 0x1, {0x0, 0x8}}]}}]}, 0x70}}, 0x0) 03:25:17 executing program 5: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:25:17 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x68, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x38, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}]}}]}, 0x68}, 0x1, 0x3}, 0x0) 03:25:17 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x70, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x40, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{0x0, 0xf00}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}, @TCA_RSVP_CLASSID={0x8, 0x1, {0x0, 0x8}}]}}]}, 0x70}}, 0x0) 03:25:17 executing program 2: syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r0 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r0, 0x89f0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) r1 = socket(0x0, 0x400000000080803, 0x0) write(r1, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:25:17 executing program 4: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, &(0x7f0000000180)={'tunl0\x00', @ifru_flags}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:25:18 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x68, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x38, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}]}}]}, 0x68}, 0x1, 0x4}, 0x0) 03:25:20 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x70, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x40, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{0x0, 0x3c00}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}, @TCA_RSVP_CLASSID={0x8, 0x1, {0x0, 0x8}}]}}]}, 0x70}}, 0x0) [ 2099.624756] syz-executor.4 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 2099.636590] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 2099.643655] CPU: 0 PID: 32135 Comm: syz-executor.4 Not tainted 4.19.99-syzkaller #0 [ 2099.651573] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2099.661033] Call Trace: [ 2099.663656] dump_stack+0x197/0x210 [ 2099.667351] dump_header+0x15e/0xa55 [ 2099.671090] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2099.676219] ? ___ratelimit+0x60/0x595 [ 2099.680135] ? do_raw_spin_unlock+0x181/0x270 [ 2099.684774] oom_kill_process.cold+0x10/0x6ef [ 2099.689306] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2099.694873] ? task_will_free_mem+0x139/0x6e0 [ 2099.699392] ? find_held_lock+0x35/0x130 [ 2099.703562] out_of_memory+0x362/0x1330 [ 2099.707615] ? lock_downgrade+0x880/0x880 [ 2099.711830] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2099.716961] ? oom_killer_disable+0x280/0x280 [ 2099.721481] ? find_held_lock+0x35/0x130 [ 2099.725587] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2099.730680] ? memcg_event_wake+0x230/0x230 [ 2099.735035] ? do_raw_spin_unlock+0x181/0x270 [ 2099.739560] ? _raw_spin_unlock+0x2d/0x50 [ 2099.743734] try_charge+0xec5/0x1490 [ 2099.747473] ? lock_downgrade+0x880/0x880 [ 2099.751650] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2099.756522] ? rcu_read_unlock+0x33/0x60 [ 2099.760607] ? get_mem_cgroup_from_mm+0x185/0x510 [ 2099.765474] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 03:25:21 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x68, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x38, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}]}}]}, 0x68}, 0x1, 0x5}, 0x0) 03:25:21 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x70, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x40, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{0x0, 0x3f00}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}, @TCA_RSVP_CLASSID={0x8, 0x1, {0x0, 0x8}}]}}]}, 0x70}}, 0x0) [ 2099.771563] mem_cgroup_try_charge+0x259/0x6b0 [ 2099.776171] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2099.781120] wp_page_copy+0x430/0x16a0 [ 2099.785036] ? follow_pfn+0x2a0/0x2a0 [ 2099.788862] ? do_raw_spin_unlock+0x181/0x270 [ 2099.793392] do_wp_page+0x57d/0x10b0 [ 2099.797145] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2099.801836] ? kasan_check_write+0x14/0x20 [ 2099.806080] ? do_raw_spin_lock+0xd7/0x250 [ 2099.810336] __handle_mm_fault+0x2305/0x3f80 [ 2099.814775] ? copy_page_range+0x2030/0x2030 [ 2099.819225] ? count_memcg_event_mm+0x2b1/0x4d0 [ 2099.823920] handle_mm_fault+0x1b5/0x690 [ 2099.828034] ? __get_user_pages+0x57c/0x1860 [ 2099.832477] __get_user_pages+0x609/0x1860 [ 2099.836748] ? follow_page_mask+0x1ac0/0x1ac0 [ 2099.841265] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2099.846053] ? retint_kernel+0x2d/0x2d [ 2099.849966] populate_vma_page_range+0x20d/0x2a0 [ 2099.854755] __mm_populate+0x204/0x380 [ 2099.858762] ? populate_vma_page_range+0x2a0/0x2a0 [ 2099.863736] __x64_sys_mlockall+0x35c/0x520 [ 2099.868111] do_syscall_64+0xfd/0x620 03:25:21 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket$inet(0x10, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r1 = socket(0x0, 0x400000000080803, 0x0) write(r1, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) [ 2099.871949] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2099.877156] RIP: 0033:0x45b349 [ 2099.880474] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2099.899523] RSP: 002b:00007f86ac35dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 2099.907356] RAX: ffffffffffffffda RBX: 00007f86ac35e6d4 RCX: 000000000045b349 [ 2099.914653] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 2099.922072] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2099.930147] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2099.937440] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bf2c [ 2099.946058] Task in /syz4 killed as a result of limit of /syz4 [ 2099.953515] memory: usage 307200kB, limit 307200kB, failcnt 6428 [ 2099.960288] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2099.967596] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2099.974348] Memory cgroup stats for /syz4: cache:124KB rss:293448KB rss_huge:217088KB shmem:24KB mapped_file:132KB dirty:0KB writeback:132KB swap:0KB inactive_anon:132796KB active_anon:13404KB inactive_file:4KB active_file:0KB unevictable:147352KB [ 2099.998298] Memory cgroup out of memory: Kill process 32134 (syz-executor.4) score 1226 or sacrifice child [ 2100.008959] Killed process 32136 (syz-executor.4) total-vm:72588kB, anon-rss:18196kB, file-rss:34816kB, shmem-rss:0kB 03:25:22 executing program 2: syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r0 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r0, 0x89f0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) r1 = socket(0x0, 0x400000000080803, 0x0) write(r1, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:25:23 executing program 5: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:25:25 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x68, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x38, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}]}}]}, 0x68}, 0x1, 0x6}, 0x0) 03:25:25 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x70, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x40, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{0x0, 0x5865}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}, @TCA_RSVP_CLASSID={0x8, 0x1, {0x0, 0x8}}]}}]}, 0x70}}, 0x0) 03:25:25 executing program 4: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, &(0x7f0000000180)={'tunl0\x00', @ifru_flags}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:25:26 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x70, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x40, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{0x0, 0x6000}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}, @TCA_RSVP_CLASSID={0x8, 0x1, {0x0, 0x8}}]}}]}, 0x70}}, 0x0) 03:25:26 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket$inet(0x10, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r1 = socket(0x0, 0x400000000080803, 0x0) write(r1, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:25:26 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x68, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x38, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}]}}]}, 0x68}, 0x1, 0x8}, 0x0) [ 2105.238474] syz-executor.4 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 2105.250658] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 2105.256329] CPU: 0 PID: 32286 Comm: syz-executor.4 Not tainted 4.19.99-syzkaller #0 [ 2105.264124] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2105.273477] Call Trace: [ 2105.276077] dump_stack+0x197/0x210 [ 2105.279722] dump_header+0x15e/0xa55 [ 2105.283450] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2105.288644] ? ___ratelimit+0x60/0x595 [ 2105.292631] ? do_raw_spin_unlock+0x181/0x270 [ 2105.297158] oom_kill_process.cold+0x10/0x6ef [ 2105.302370] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2105.308011] ? task_will_free_mem+0x139/0x6e0 [ 2105.312526] out_of_memory+0x362/0x1330 [ 2105.316639] ? oom_killer_disable+0x280/0x280 [ 2105.321176] ? mem_cgroup_out_of_memory+0xab/0x240 [ 2105.326149] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2105.331035] ? memcg_event_wake+0x230/0x230 [ 2105.335373] ? do_raw_spin_unlock+0x181/0x270 [ 2105.339891] ? _raw_spin_unlock+0x2d/0x50 [ 2105.344052] try_charge+0xec5/0x1490 [ 2105.347773] ? lock_downgrade+0x880/0x880 [ 2105.352196] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2105.357046] ? rcu_read_unlock+0x33/0x60 [ 2105.361216] ? get_mem_cgroup_from_mm+0x185/0x510 [ 2105.366081] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 2105.372157] mem_cgroup_try_charge+0x259/0x6b0 [ 2105.376760] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2105.381697] wp_page_copy+0x430/0x16a0 [ 2105.385589] ? retint_kernel+0x2d/0x2d [ 2105.389485] ? follow_pfn+0x2a0/0x2a0 [ 2105.393292] ? wp_page_copy+0x22/0x16a0 [ 2105.397279] do_wp_page+0x57d/0x10b0 [ 2105.401005] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2105.405680] ? kasan_check_write+0x14/0x20 [ 2105.409925] ? do_raw_spin_lock+0xd7/0x250 [ 2105.414172] __handle_mm_fault+0x2305/0x3f80 [ 2105.418595] ? copy_page_range+0x2030/0x2030 [ 2105.423032] ? count_memcg_event_mm+0x2b1/0x4d0 [ 2105.427797] handle_mm_fault+0x1b5/0x690 [ 2105.431871] __get_user_pages+0x609/0x1860 [ 2105.436127] ? follow_page_mask+0x1ac0/0x1ac0 [ 2105.440630] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2105.445395] ? retint_kernel+0x2d/0x2d [ 2105.449295] populate_vma_page_range+0x20d/0x2a0 [ 2105.454071] __mm_populate+0x204/0x380 [ 2105.457970] ? populate_vma_page_range+0x2a0/0x2a0 [ 2105.462918] __x64_sys_mlockall+0x35c/0x520 [ 2105.467340] do_syscall_64+0xfd/0x620 [ 2105.471151] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2105.476342] RIP: 0033:0x45b349 [ 2105.479541] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2105.498445] RSP: 002b:00007f86ac35dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 2105.506160] RAX: ffffffffffffffda RBX: 00007f86ac35e6d4 RCX: 000000000045b349 [ 2105.513447] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 2105.520841] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2105.528146] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2105.535430] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bf2c [ 2105.544454] Task in /syz4 killed as a result of limit of /syz4 [ 2105.550910] memory: usage 307200kB, limit 307200kB, failcnt 6453 [ 2105.559220] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2105.566342] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2105.572575] Memory cgroup stats for /syz4: cache:124KB rss:293452KB rss_huge:217088KB shmem:24KB mapped_file:132KB dirty:0KB writeback:132KB swap:0KB inactive_anon:132804KB active_anon:13396KB inactive_file:4KB active_file:0KB unevictable:147352KB [ 2105.595678] Memory cgroup out of memory: Kill process 32283 (syz-executor.4) score 1226 or sacrifice child [ 2105.606287] Killed process 32288 (syz-executor.4) total-vm:72720kB, anon-rss:18328kB, file-rss:34816kB, shmem-rss:0kB [ 2105.630382] oom_reaper: reaped process 32288 (syz-executor.4), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 03:25:27 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:25:27 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x68, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x38, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}]}}]}, 0x68}, 0x1, 0x9}, 0x0) 03:25:27 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x70, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x40, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{0x0, 0x6558}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}, @TCA_RSVP_CLASSID={0x8, 0x1, {0x0, 0x8}}]}}]}, 0x70}}, 0x0) 03:25:27 executing program 5: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:25:30 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x68, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x38, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}]}}]}, 0x68}, 0x1, 0xa}, 0x0) 03:25:30 executing program 4: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, &(0x7f0000000180)={'tunl0\x00', @ifru_flags}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:25:30 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x70, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x40, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{0x0, 0x8100}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}, @TCA_RSVP_CLASSID={0x8, 0x1, {0x0, 0x8}}]}}]}, 0x70}}, 0x0) 03:25:30 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket$inet(0x10, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r1 = socket(0x0, 0x400000000080803, 0x0) write(r1, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:25:30 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:25:30 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x68, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x38, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}]}}]}, 0x68}, 0x1, 0xb}, 0x0) 03:25:31 executing program 5: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:25:33 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x68, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x38, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}]}}]}, 0x68}, 0x1, 0xc}, 0x0) 03:25:33 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x70, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x40, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{0x0, 0xf000}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}, @TCA_RSVP_CLASSID={0x8, 0x1, {0x0, 0x8}}]}}]}, 0x70}}, 0x0) 03:25:34 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x68, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x38, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}]}}]}, 0x68}, 0x1, 0xe}, 0x0) 03:25:34 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x70, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x40, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{0x0, 0x34000}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}, @TCA_RSVP_CLASSID={0x8, 0x1, {0x0, 0x8}}]}}]}, 0x70}}, 0x0) 03:25:34 executing program 4: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, &(0x7f0000000180)={'tunl0\x00', @ifru_flags}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:25:34 executing program 5: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:25:34 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) ioctl$sock_ifreq(0xffffffffffffffff, 0x89f0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r1 = socket(0x0, 0x400000000080803, 0x0) write(r1, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:25:34 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:25:34 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x68, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x38, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}]}}]}, 0x68}, 0x1, 0xf}, 0x0) 03:25:35 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x70, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x40, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{0x0, 0x400300}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}, @TCA_RSVP_CLASSID={0x8, 0x1, {0x0, 0x8}}]}}]}, 0x70}}, 0x0) [ 2116.429109] syz-executor.5 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 2116.441273] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 2116.446903] CPU: 0 PID: 32484 Comm: syz-executor.5 Not tainted 4.19.99-syzkaller #0 [ 2116.454698] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2116.464063] Call Trace: [ 2116.466684] dump_stack+0x197/0x210 [ 2116.470346] dump_header+0x15e/0xa55 [ 2116.474078] ? oom_kill_process+0x136/0x150 [ 2116.478421] oom_kill_process.cold+0x10/0x6ef [ 2116.482933] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2116.488492] ? task_will_free_mem+0x139/0x6e0 [ 2116.493025] ? trace_hardirqs_on_caller+0x6a/0x220 [ 2116.498096] out_of_memory+0x362/0x1330 [ 2116.502099] ? retint_kernel+0x2d/0x2d [ 2116.506001] ? oom_killer_disable+0x280/0x280 [ 2116.510866] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2116.515721] ? memcg_event_wake+0x230/0x230 [ 2116.520057] ? do_raw_spin_unlock+0x181/0x270 [ 2116.524550] ? _raw_spin_unlock+0x2d/0x50 [ 2116.528729] try_charge+0xec5/0x1490 [ 2116.532563] ? lock_downgrade+0x880/0x880 [ 2116.536732] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2116.541599] ? rcu_read_unlock+0x33/0x60 [ 2116.545694] ? get_mem_cgroup_from_mm+0x185/0x510 [ 2116.550564] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 2116.556641] ? retint_kernel+0x2d/0x2d [ 2116.560671] mem_cgroup_try_charge+0x259/0x6b0 [ 2116.565276] ? __sanitizer_cov_trace_pc+0x20/0x50 [ 2116.570153] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2116.575106] wp_page_copy+0x430/0x16a0 [ 2116.579035] ? follow_pfn+0x2a0/0x2a0 [ 2116.582848] ? retint_kernel+0x2d/0x2d [ 2116.586754] ? do_raw_spin_unlock+0x181/0x270 [ 2116.591279] do_wp_page+0x57d/0x10b0 [ 2116.595026] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2116.599706] ? kasan_check_write+0x14/0x20 [ 2116.603957] ? do_raw_spin_lock+0xd7/0x250 [ 2116.608210] __handle_mm_fault+0x2305/0x3f80 [ 2116.612628] ? copy_page_range+0x2030/0x2030 [ 2116.617069] ? count_memcg_event_mm+0x2b1/0x4d0 [ 2116.621742] handle_mm_fault+0x1b5/0x690 [ 2116.625824] __get_user_pages+0x609/0x1860 [ 2116.630077] ? follow_page_mask+0x1ac0/0x1ac0 [ 2116.634574] ? retint_kernel+0x2d/0x2d [ 2116.638465] populate_vma_page_range+0x20d/0x2a0 [ 2116.643259] __mm_populate+0x204/0x380 [ 2116.647168] ? populate_vma_page_range+0x2a0/0x2a0 [ 2116.652118] __x64_sys_mlockall+0x35c/0x520 [ 2116.656460] do_syscall_64+0xfd/0x620 [ 2116.660276] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2116.665478] RIP: 0033:0x45b349 [ 2116.668670] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2116.687583] RSP: 002b:00007f4b94dddc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 2116.695299] RAX: ffffffffffffffda RBX: 00007f4b94dde6d4 RCX: 000000000045b349 [ 2116.702574] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 2116.709867] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2116.717170] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2116.724446] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bf2c [ 2116.733029] Task in /syz5 killed as a result of limit of /syz5 [ 2116.739606] memory: usage 307136kB, limit 307200kB, failcnt 55 [ 2116.746155] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2116.753718] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2116.760943] Memory cgroup stats for /syz5: cache:188KB rss:292488KB rss_huge:38912KB shmem:80KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:235180KB active_anon:6344KB inactive_file:32KB active_file:4KB unevictable:51096KB [ 2116.783526] Memory cgroup out of memory: Kill process 32482 (syz-executor.5) score 1226 or sacrifice child [ 2116.800103] Killed process 32495 (syz-executor.5) total-vm:72720kB, anon-rss:18328kB, file-rss:34816kB, shmem-rss:0kB [ 2116.923074] oom_reaper: reaped process 32495 (syz-executor.5), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 03:25:38 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:25:38 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x68, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x38, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}]}}]}, 0x68}, 0x1, 0x10}, 0x0) 03:25:38 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x70, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x40, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{0x0, 0xf0ffff}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}, @TCA_RSVP_CLASSID={0x8, 0x1, {0x0, 0x8}}]}}]}, 0x70}}, 0x0) 03:25:39 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) ioctl$sock_ifreq(0xffffffffffffffff, 0x89f0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r1 = socket(0x0, 0x400000000080803, 0x0) write(r1, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:25:39 executing program 4: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, &(0x7f0000000180)={'tunl0\x00', @ifru_flags}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:25:40 executing program 5: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:25:41 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x68, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x38, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}]}}]}, 0x68}, 0x1, 0x34}, 0x0) 03:25:41 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x70, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x40, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{0x0, 0x1000000}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}, @TCA_RSVP_CLASSID={0x8, 0x1, {0x0, 0x8}}]}}]}, 0x70}}, 0x0) 03:25:42 executing program 4: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, &(0x7f0000000180)={'tunl0\x00', @ifru_flags}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000d06000), 0x4) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:25:42 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) [ 2120.755258] syz-executor.4 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 2120.766691] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 2120.772234] CPU: 1 PID: 395 Comm: syz-executor.4 Not tainted 4.19.99-syzkaller #0 [ 2120.779871] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2120.789234] Call Trace: [ 2120.791844] dump_stack+0x197/0x210 [ 2120.795501] dump_header+0x15e/0xa55 [ 2120.799244] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2120.804366] ? ___ratelimit+0x60/0x595 [ 2120.808272] ? do_raw_spin_unlock+0x181/0x270 [ 2120.812794] oom_kill_process.cold+0x10/0x6ef [ 2120.817314] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2120.822875] ? task_will_free_mem+0x139/0x6e0 [ 2120.827396] ? find_held_lock+0x35/0x130 [ 2120.831477] out_of_memory+0x362/0x1330 [ 2120.835580] ? lock_downgrade+0x880/0x880 [ 2120.839861] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2120.844989] ? oom_killer_disable+0x280/0x280 [ 2120.849501] ? find_held_lock+0x35/0x130 [ 2120.853587] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2120.858449] ? memcg_event_wake+0x230/0x230 [ 2120.862891] ? do_raw_spin_unlock+0x181/0x270 [ 2120.867406] ? _raw_spin_unlock+0x2d/0x50 [ 2120.871576] try_charge+0xec5/0x1490 [ 2120.876316] ? lock_downgrade+0x880/0x880 [ 2120.880482] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2120.885344] ? rcu_read_unlock+0x33/0x60 [ 2120.889528] ? get_mem_cgroup_from_mm+0x185/0x510 [ 2120.894394] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 2120.900464] ? mark_held_locks+0x100/0x100 [ 2120.904714] mem_cgroup_try_charge+0x259/0x6b0 [ 2120.909316] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2120.914271] __handle_mm_fault+0x1e50/0x3f80 [ 2120.918802] ? copy_page_range+0x2030/0x2030 [ 2120.925608] ? count_memcg_event_mm+0x2b1/0x4d0 [ 2120.930388] handle_mm_fault+0x1b5/0x690 [ 2120.934467] __get_user_pages+0x609/0x1860 [ 2120.938832] ? follow_page_mask+0x1ac0/0x1ac0 [ 2120.943359] ? lock_acquire+0x16f/0x3f0 [ 2120.947355] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2120.953109] populate_vma_page_range+0x20d/0x2a0 [ 2120.957898] __mm_populate+0x204/0x380 [ 2120.961897] ? populate_vma_page_range+0x2a0/0x2a0 [ 2120.966865] __x64_sys_mlockall+0x35c/0x520 [ 2120.971206] do_syscall_64+0xfd/0x620 [ 2120.975160] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2120.980371] RIP: 0033:0x45b349 [ 2120.983580] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2121.002679] RSP: 002b:00007f86ac35dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 2121.010461] RAX: ffffffffffffffda RBX: 00007f86ac35e6d4 RCX: 000000000045b349 [ 2121.017961] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 2121.025338] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2121.032630] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2121.039999] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bf2c [ 2121.048192] Task in /syz4 killed as a result of limit of /syz4 [ 2121.054264] memory: usage 307200kB, limit 307200kB, failcnt 6485 [ 2121.060566] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2121.067330] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2121.073550] Memory cgroup stats for /syz4: cache:124KB rss:293412KB rss_huge:217088KB shmem:24KB mapped_file:132KB dirty:0KB writeback:132KB swap:0KB inactive_anon:145316KB active_anon:13412KB inactive_file:4KB active_file:4KB unevictable:134900KB [ 2121.095904] Memory cgroup out of memory: Kill process 24284 (syz-executor.4) score 1163 or sacrifice child [ 2121.105843] Killed process 24284 (syz-executor.4) total-vm:72720kB, anon-rss:18324kB, file-rss:34816kB, shmem-rss:0kB [ 2123.150569] oom_reaper: reaped process 24284 (syz-executor.4), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 2123.181213] syz-executor.4 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 2123.193059] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 2123.198463] CPU: 1 PID: 395 Comm: syz-executor.4 Not tainted 4.19.99-syzkaller #0 [ 2123.206092] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2123.215464] Call Trace: [ 2123.218070] dump_stack+0x197/0x210 [ 2123.221720] dump_header+0x15e/0xa55 [ 2123.225449] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2123.230570] ? ___ratelimit+0x60/0x595 [ 2123.234472] ? do_raw_spin_unlock+0x181/0x270 [ 2123.239002] oom_kill_process.cold+0x10/0x6ef [ 2123.243521] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2123.249070] ? task_will_free_mem+0x139/0x6e0 [ 2123.253585] ? find_held_lock+0x35/0x130 [ 2123.257751] out_of_memory+0x362/0x1330 [ 2123.261744] ? lock_downgrade+0x880/0x880 [ 2123.265913] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2123.271035] ? oom_killer_disable+0x280/0x280 [ 2123.275545] ? find_held_lock+0x35/0x130 [ 2123.279636] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2123.284495] ? memcg_event_wake+0x230/0x230 [ 2123.289013] ? do_raw_spin_unlock+0x181/0x270 [ 2123.294474] ? _raw_spin_unlock+0x2d/0x50 [ 2123.298632] try_charge+0xec5/0x1490 [ 2123.302361] ? lock_downgrade+0x880/0x880 [ 2123.306527] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2123.311375] ? rcu_read_unlock+0x33/0x60 [ 2123.316489] ? get_mem_cgroup_from_mm+0x185/0x510 [ 2123.321353] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 2123.327689] ? mark_held_locks+0x100/0x100 [ 2123.331948] mem_cgroup_try_charge+0x259/0x6b0 [ 2123.336561] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2123.341504] __handle_mm_fault+0x1e50/0x3f80 [ 2123.346014] ? copy_page_range+0x2030/0x2030 [ 2123.350544] ? count_memcg_event_mm+0x2b1/0x4d0 [ 2123.355323] handle_mm_fault+0x1b5/0x690 [ 2123.359412] __get_user_pages+0x609/0x1860 [ 2123.363677] ? follow_page_mask+0x1ac0/0x1ac0 [ 2123.368212] ? lock_acquire+0x16f/0x3f0 [ 2123.372200] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2123.378368] populate_vma_page_range+0x20d/0x2a0 [ 2123.383153] __mm_populate+0x204/0x380 [ 2123.387062] ? populate_vma_page_range+0x2a0/0x2a0 [ 2123.392017] __x64_sys_mlockall+0x35c/0x520 [ 2123.396358] do_syscall_64+0xfd/0x620 [ 2123.400190] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2123.405393] RIP: 0033:0x45b349 [ 2123.408595] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2123.427520] RSP: 002b:00007f86ac35dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 2123.435254] RAX: ffffffffffffffda RBX: 00007f86ac35e6d4 RCX: 000000000045b349 [ 2123.442538] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 2123.449824] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2123.457104] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2123.464381] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bf2c [ 2123.471993] Task in /syz4 killed as a result of limit of /syz4 [ 2123.478024] memory: usage 298860kB, limit 307200kB, failcnt 17289 [ 2123.484383] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2123.491225] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 03:25:44 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) ioctl$sock_ifreq(0xffffffffffffffff, 0x89f0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r1 = socket(0x0, 0x400000000080803, 0x0) write(r1, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:25:44 executing program 5: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:25:44 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x68, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x38, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}]}}]}, 0x68}, 0x1, 0x60}, 0x0) [ 2123.497377] Memory cgroup stats for /syz4: cache:124KB rss:285448KB rss_huge:204800KB shmem:24KB mapped_file:132KB dirty:0KB writeback:132KB swap:0KB inactive_anon:143376KB active_anon:13412KB inactive_file:4KB active_file:4KB unevictable:128664KB [ 2123.519805] Memory cgroup out of memory: Kill process 24489 (syz-executor.4) score 1163 or sacrifice child [ 2123.529930] Killed process 24489 (syz-executor.4) total-vm:72720kB, anon-rss:18324kB, file-rss:34816kB, shmem-rss:0kB [ 2123.579112] oom_reaper: reaped process 24489 (syz-executor.4), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 03:25:45 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x70, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x40, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{0x0, 0x2000000}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}, @TCA_RSVP_CLASSID={0x8, 0x1, {0x0, 0x8}}]}}]}, 0x70}}, 0x0) 03:25:45 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) mlockall(0x3) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:25:46 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x68, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x38, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}]}}]}, 0x68}, 0x1, 0xf0}, 0x0) 03:25:46 executing program 4: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, &(0x7f0000000180)={'tunl0\x00', @ifru_flags}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000d06000), 0x4) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:25:46 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x70, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x40, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{0x0, 0x3000000}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}, @TCA_RSVP_CLASSID={0x8, 0x1, {0x0, 0x8}}]}}]}, 0x70}}, 0x0) 03:25:46 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:25:46 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x68, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x38, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}]}}]}, 0x68}, 0x1, 0x300}, 0x0) 03:25:46 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x70, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x40, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{0x0, 0x4000000}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}, @TCA_RSVP_CLASSID={0x8, 0x1, {0x0, 0x8}}]}}]}, 0x70}}, 0x0) 03:25:47 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) mlockall(0x3) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:25:47 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x68, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x38, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}]}}]}, 0x68}, 0x1, 0x500}, 0x0) 03:25:48 executing program 5: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:25:48 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x70, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x40, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{0x0, 0x5000000}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}, @TCA_RSVP_CLASSID={0x8, 0x1, {0x0, 0x8}}]}}]}, 0x70}}, 0x0) 03:25:48 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x68, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x38, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}]}}]}, 0x68}, 0x1, 0x600}, 0x0) 03:25:48 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) [ 2127.126542] syz-executor.4 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 2127.145496] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 2127.166900] CPU: 1 PID: 534 Comm: syz-executor.4 Not tainted 4.19.99-syzkaller #0 [ 2127.174573] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2127.183948] Call Trace: [ 2127.186547] dump_stack+0x197/0x210 [ 2127.190791] dump_header+0x15e/0xa55 [ 2127.194512] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2127.199638] ? ___ratelimit+0x60/0x595 [ 2127.203536] ? do_raw_spin_unlock+0x181/0x270 [ 2127.208041] oom_kill_process.cold+0x10/0x6ef 03:25:48 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) mlockall(0x3) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) [ 2127.212544] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2127.218093] ? task_will_free_mem+0x139/0x6e0 [ 2127.222606] ? trace_hardirqs_on_caller+0x6a/0x220 [ 2127.227559] out_of_memory+0x362/0x1330 [ 2127.231553] ? retint_kernel+0x2d/0x2d [ 2127.235459] ? oom_killer_disable+0x280/0x280 [ 2127.239983] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2127.244845] ? memcg_event_wake+0x230/0x230 [ 2127.249191] ? do_raw_spin_unlock+0x181/0x270 [ 2127.253709] ? _raw_spin_unlock+0x2d/0x50 [ 2127.257876] try_charge+0xec5/0x1490 [ 2127.261598] ? lock_downgrade+0x880/0x880 [ 2127.265769] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2127.270624] ? rcu_read_unlock+0x33/0x60 [ 2127.274699] ? get_mem_cgroup_from_mm+0x185/0x510 [ 2127.279558] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 2127.285641] mem_cgroup_try_charge+0x259/0x6b0 [ 2127.290250] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2127.295196] wp_page_copy+0x430/0x16a0 [ 2127.299133] ? follow_pfn+0x2a0/0x2a0 [ 2127.302952] ? do_raw_spin_unlock+0x181/0x270 [ 2127.307462] do_wp_page+0x57d/0x10b0 [ 2127.311217] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2127.315905] ? kasan_check_write+0x14/0x20 [ 2127.320159] ? do_raw_spin_lock+0xd7/0x250 [ 2127.324410] __handle_mm_fault+0x2305/0x3f80 [ 2127.328831] ? copy_page_range+0x2030/0x2030 [ 2127.333268] ? count_memcg_event_mm+0x2b1/0x4d0 [ 2127.337950] handle_mm_fault+0x1b5/0x690 [ 2127.342037] __get_user_pages+0x609/0x1860 [ 2127.346297] ? follow_page_mask+0x1ac0/0x1ac0 [ 2127.350803] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2127.355571] ? retint_kernel+0x2d/0x2d [ 2127.359475] populate_vma_page_range+0x20d/0x2a0 [ 2127.364252] __mm_populate+0x204/0x380 [ 2127.368161] ? populate_vma_page_range+0x2a0/0x2a0 [ 2127.373122] __x64_sys_mlockall+0x35c/0x520 [ 2127.377466] do_syscall_64+0xfd/0x620 [ 2127.381809] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2127.387006] RIP: 0033:0x45b349 [ 2127.390228] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2127.409145] RSP: 002b:00007f86ac35dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 2127.416867] RAX: ffffffffffffffda RBX: 00007f86ac35e6d4 RCX: 000000000045b349 [ 2127.424154] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 2127.431518] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2127.438794] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2127.446068] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bf2c [ 2128.006707] Task in /syz4 killed as a result of limit of /syz4 [ 2128.076741] memory: usage 305172kB, limit 307200kB, failcnt 17317 [ 2128.084167] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2128.091965] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2128.107708] Memory cgroup stats for /syz4: cache:124KB rss:291520KB rss_huge:188416KB shmem:24KB mapped_file:132KB dirty:0KB writeback:132KB swap:0KB inactive_anon:163588KB active_anon:13408KB inactive_file:8KB active_file:4KB unevictable:114580KB [ 2128.334760] Memory cgroup out of memory: Kill process 533 (syz-executor.4) score 1226 or sacrifice child [ 2128.390529] Killed process 534 (syz-executor.4) total-vm:72720kB, anon-rss:18324kB, file-rss:54376kB, shmem-rss:0kB [ 2128.452587] oom_reaper: reaped process 534 (syz-executor.4), now anon-rss:18324kB, file-rss:54368kB, shmem-rss:0kB 03:25:51 executing program 4: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, &(0x7f0000000180)={'tunl0\x00', @ifru_flags}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000d06000), 0x4) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:25:51 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x68, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x38, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}]}}]}, 0x68}, 0x1, 0x900}, 0x0) 03:25:51 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x70, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x40, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{0x0, 0x6000000}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}, @TCA_RSVP_CLASSID={0x8, 0x1, {0x0, 0x8}}]}}]}, 0x70}}, 0x0) 03:25:51 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:25:51 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:25:51 executing program 5: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) [ 2132.564480] syz-executor.4 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 2132.576087] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 2132.581871] CPU: 0 PID: 826 Comm: syz-executor.4 Not tainted 4.19.99-syzkaller #0 [ 2132.589502] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2132.598880] Call Trace: [ 2132.601489] dump_stack+0x197/0x210 [ 2132.605141] dump_header+0x15e/0xa55 [ 2132.608868] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2132.613992] ? ___ratelimit+0x60/0x595 [ 2132.617896] ? do_raw_spin_unlock+0x181/0x270 [ 2132.622414] oom_kill_process.cold+0x10/0x6ef [ 2132.626933] ? mem_cgroup_get_max+0xd1/0x240 [ 2132.631365] out_of_memory+0x362/0x1330 [ 2132.635361] ? retint_kernel+0x2d/0x2d [ 2132.639267] ? oom_killer_disable+0x280/0x280 [ 2132.643786] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2132.648658] ? memcg_event_wake+0x230/0x230 [ 2132.653005] ? do_raw_spin_unlock+0x181/0x270 [ 2132.657521] ? _raw_spin_unlock+0x2d/0x50 [ 2132.661695] try_charge+0xec5/0x1490 [ 2132.665419] ? lock_downgrade+0x880/0x880 [ 2132.669591] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2132.674448] ? rcu_read_unlock+0x33/0x60 [ 2132.678528] ? get_mem_cgroup_from_mm+0x185/0x510 [ 2132.683393] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 2132.689489] mem_cgroup_try_charge+0x259/0x6b0 [ 2132.694092] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2132.699160] wp_page_copy+0x430/0x16a0 [ 2132.703072] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2132.707851] ? follow_pfn+0x2a0/0x2a0 [ 2132.711673] ? do_raw_spin_unlock+0x181/0x270 [ 2132.716191] do_wp_page+0x57d/0x10b0 [ 2132.720031] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2132.724733] ? __handle_mm_fault+0x18ab/0x3f80 [ 2132.729448] ? __handle_mm_fault+0x22f9/0x3f80 [ 2132.734097] __handle_mm_fault+0x2305/0x3f80 [ 2132.738564] ? copy_page_range+0x2030/0x2030 [ 2132.743006] ? retint_kernel+0x2d/0x2d [ 2132.746928] ? count_memcg_event_mm+0x2b1/0x4d0 [ 2132.751619] handle_mm_fault+0x1b5/0x690 [ 2132.755698] __get_user_pages+0x609/0x1860 [ 2132.759964] ? follow_page_mask+0x1ac0/0x1ac0 [ 2132.764486] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2132.769283] ? retint_kernel+0x2d/0x2d [ 2132.773200] populate_vma_page_range+0x20d/0x2a0 [ 2132.777982] __mm_populate+0x204/0x380 [ 2132.781904] ? populate_vma_page_range+0x2a0/0x2a0 [ 2132.786867] __x64_sys_mlockall+0x35c/0x520 [ 2132.791216] do_syscall_64+0xfd/0x620 [ 2132.795072] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2132.800272] RIP: 0033:0x45b349 [ 2132.803480] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2132.822401] RSP: 002b:00007f86ac33cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 2132.830126] RAX: ffffffffffffffda RBX: 00007f86ac33d6d4 RCX: 000000000045b349 [ 2132.837504] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 2132.844878] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 2132.852160] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2132.859541] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bfd4 [ 2132.868273] Task in /syz4 killed as a result of limit of /syz4 [ 2132.875023] memory: usage 307148kB, limit 307200kB, failcnt 17348 [ 2132.881774] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2132.888941] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2132.895735] Memory cgroup stats for /syz4: cache:124KB rss:293440KB rss_huge:188416KB shmem:24KB mapped_file:132KB dirty:0KB writeback:132KB swap:0KB inactive_anon:165544KB active_anon:13408KB inactive_file:4KB active_file:8KB unevictable:114584KB [ 2132.919086] Memory cgroup out of memory: Kill process 797 (syz-executor.4) score 1226 or sacrifice child [ 2132.929680] Killed process 829 (syz-executor.4) total-vm:72720kB, anon-rss:18324kB, file-rss:34816kB, shmem-rss:0kB 03:25:55 executing program 5: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:25:55 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x68, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x38, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}]}}]}, 0x68}, 0x1, 0xa00}, 0x0) 03:25:55 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x70, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x40, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{0x0, 0x8000000}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}, @TCA_RSVP_CLASSID={0x8, 0x1, {0x0, 0x8}}]}}]}, 0x70}}, 0x0) 03:25:55 executing program 1: sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r0 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r0, 0x89f0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x7ffff000) r1 = socket(0x0, 0x400000000080803, 0x0) write(r1, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:25:57 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x68, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x38, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}]}}]}, 0x68}, 0x1, 0xb00}, 0x0) 03:25:57 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x70, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x40, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{0x0, 0x9000000}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}, @TCA_RSVP_CLASSID={0x8, 0x1, {0x0, 0x8}}]}}]}, 0x70}}, 0x0) 03:25:57 executing program 4: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, &(0x7f0000000180)={'tunl0\x00', @ifru_flags}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, 0x0, 0x0) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:25:57 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:25:58 executing program 1: sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r0 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r0, 0x89f0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x7ffff000) r1 = socket(0x0, 0x400000000080803, 0x0) write(r1, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) [ 2136.783689] syz-executor.4 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 2136.795703] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 2136.801427] CPU: 1 PID: 987 Comm: syz-executor.4 Not tainted 4.19.99-syzkaller #0 [ 2136.809066] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2136.818574] Call Trace: [ 2136.821179] dump_stack+0x197/0x210 [ 2136.824835] dump_header+0x15e/0xa55 [ 2136.828568] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2136.833697] ? ___ratelimit+0x60/0x595 [ 2136.837596] ? do_raw_spin_unlock+0x181/0x270 [ 2136.842117] oom_kill_process.cold+0x10/0x6ef [ 2136.846628] ? task_will_free_mem+0x139/0x6e0 [ 2136.851153] out_of_memory+0x362/0x1330 [ 2136.855152] ? retint_kernel+0x2d/0x2d [ 2136.859065] ? oom_killer_disable+0x280/0x280 [ 2136.863587] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2136.868453] ? memcg_event_wake+0x230/0x230 [ 2136.872831] ? do_raw_spin_unlock+0x181/0x270 [ 2136.877354] ? _raw_spin_unlock+0x2d/0x50 [ 2136.881527] try_charge+0xec5/0x1490 [ 2136.885257] ? lock_downgrade+0x880/0x880 [ 2136.889439] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2136.894302] ? rcu_read_unlock+0x33/0x60 [ 2136.898393] ? get_mem_cgroup_from_mm+0x185/0x510 [ 2136.903252] ? trace_hardirqs_on_caller+0x6a/0x220 [ 2136.908204] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 2136.914294] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2136.919086] mem_cgroup_try_charge+0x259/0x6b0 [ 2136.923702] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2136.928658] wp_page_copy+0x430/0x16a0 [ 2136.932574] ? follow_pfn+0x2a0/0x2a0 [ 2136.936386] ? do_raw_spin_unlock+0x181/0x270 [ 2136.940901] do_wp_page+0x57d/0x10b0 [ 2136.944632] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2136.949323] ? kasan_check_write+0x14/0x20 [ 2136.953572] ? do_raw_spin_lock+0xd7/0x250 [ 2136.957821] __handle_mm_fault+0x2305/0x3f80 [ 2136.962475] ? copy_page_range+0x2030/0x2030 [ 2136.966919] ? count_memcg_event_mm+0x2b1/0x4d0 [ 2136.971724] handle_mm_fault+0x1b5/0x690 [ 2136.975810] __get_user_pages+0x609/0x1860 [ 2136.980081] ? follow_page_mask+0x1ac0/0x1ac0 [ 2136.984589] ? retint_kernel+0x2d/0x2d [ 2136.988501] populate_vma_page_range+0x20d/0x2a0 [ 2136.993284] __mm_populate+0x204/0x380 [ 2136.997191] ? populate_vma_page_range+0x2a0/0x2a0 [ 2137.002161] __x64_sys_mlockall+0x35c/0x520 [ 2137.006508] do_syscall_64+0xfd/0x620 [ 2137.010329] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2137.015530] RIP: 0033:0x45b349 [ 2137.018743] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2137.038022] RSP: 002b:00007f86ac33cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 2137.045743] RAX: ffffffffffffffda RBX: 00007f86ac33d6d4 RCX: 000000000045b349 [ 2137.053028] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 2137.060313] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 2137.067600] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2137.075163] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bfd4 [ 2137.084230] Task in /syz4 killed as a result of limit of /syz4 [ 2137.090560] memory: usage 307200kB, limit 307200kB, failcnt 17371 [ 2137.096938] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2137.104468] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2137.110756] Memory cgroup stats for /syz4: cache:124KB rss:293588KB rss_huge:188416KB shmem:24KB mapped_file:132KB dirty:0KB writeback:132KB swap:0KB inactive_anon:165620KB active_anon:13408KB inactive_file:4KB active_file:8KB unevictable:114580KB [ 2137.133752] Memory cgroup out of memory: Kill process 983 (syz-executor.4) score 1226 or sacrifice child [ 2137.144096] Killed process 988 (syz-executor.4) total-vm:72720kB, anon-rss:18324kB, file-rss:34816kB, shmem-rss:0kB 03:26:00 executing program 5: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:26:01 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x68, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x38, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}]}}]}, 0x68}, 0x1, 0xc00}, 0x0) 03:26:01 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x70, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x40, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{0x0, 0xa000000}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}, @TCA_RSVP_CLASSID={0x8, 0x1, {0x0, 0x8}}]}}]}, 0x70}}, 0x0) 03:26:01 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:26:01 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x68, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x38, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}]}}]}, 0x68}, 0x1, 0xe00}, 0x0) 03:26:01 executing program 4: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, &(0x7f0000000180)={'tunl0\x00', @ifru_flags}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, 0x0, 0x0) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:26:01 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x70, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x40, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{0x0, 0xb000000}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}, @TCA_RSVP_CLASSID={0x8, 0x1, {0x0, 0x8}}]}}]}, 0x70}}, 0x0) [ 2141.465321] syz-executor.4 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 2141.476970] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 2141.483375] CPU: 1 PID: 1128 Comm: syz-executor.4 Not tainted 4.19.99-syzkaller #0 [ 2141.491110] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2141.500476] Call Trace: [ 2141.503084] dump_stack+0x197/0x210 [ 2141.506733] dump_header+0x15e/0xa55 [ 2141.510591] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2141.515716] ? ___ratelimit+0x60/0x595 [ 2141.519620] ? do_raw_spin_unlock+0x181/0x270 [ 2141.524145] oom_kill_process.cold+0x10/0x6ef [ 2141.528662] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2141.534218] ? task_will_free_mem+0x139/0x6e0 [ 2141.538758] ? find_held_lock+0x35/0x130 [ 2141.542856] out_of_memory+0x362/0x1330 [ 2141.546856] ? lock_downgrade+0x880/0x880 [ 2141.551035] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2141.556157] ? oom_killer_disable+0x280/0x280 [ 2141.560672] ? find_held_lock+0x35/0x130 [ 2141.564778] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2141.569640] ? memcg_event_wake+0x230/0x230 [ 2141.573981] ? do_raw_spin_unlock+0x181/0x270 [ 2141.578514] ? _raw_spin_unlock+0x2d/0x50 [ 2141.582681] try_charge+0xec5/0x1490 [ 2141.586466] ? lock_downgrade+0x880/0x880 [ 2141.590656] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2141.595524] ? rcu_read_unlock+0x33/0x60 [ 2141.599601] ? get_mem_cgroup_from_mm+0x185/0x510 [ 2141.604464] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 2141.610546] mem_cgroup_try_charge+0x259/0x6b0 [ 2141.615278] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2141.620231] wp_page_copy+0x430/0x16a0 [ 2141.624405] ? follow_pfn+0x2a0/0x2a0 [ 2141.628231] ? do_raw_spin_unlock+0x181/0x270 [ 2141.632741] do_wp_page+0x57d/0x10b0 [ 2141.636565] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2141.641249] ? kasan_check_write+0x14/0x20 [ 2141.645503] ? do_raw_spin_lock+0xd7/0x250 [ 2141.649754] __handle_mm_fault+0x2305/0x3f80 [ 2141.654193] ? copy_page_range+0x2030/0x2030 [ 2141.658636] ? count_memcg_event_mm+0x2b1/0x4d0 [ 2141.663334] handle_mm_fault+0x1b5/0x690 [ 2141.667411] ? __get_user_pages+0x5a7/0x1860 [ 2141.671842] __get_user_pages+0x609/0x1860 [ 2141.676099] ? follow_page_mask+0x1ac0/0x1ac0 [ 2141.680614] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2141.685648] ? retint_kernel+0x2d/0x2d [ 2141.689566] populate_vma_page_range+0x20d/0x2a0 [ 2141.694346] __mm_populate+0x204/0x380 [ 2141.698379] ? populate_vma_page_range+0x2a0/0x2a0 [ 2141.703341] __x64_sys_mlockall+0x35c/0x520 [ 2141.707689] do_syscall_64+0xfd/0x620 [ 2141.711513] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2141.716816] RIP: 0033:0x45b349 [ 2141.720141] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2141.739943] RSP: 002b:00007f86ac35dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 2141.747803] RAX: ffffffffffffffda RBX: 00007f86ac35e6d4 RCX: 000000000045b349 [ 2141.755087] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 2141.762369] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2141.769649] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2141.776935] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bf2c [ 2141.786828] Task in /syz4 killed as a result of limit of /syz4 [ 2141.793334] memory: usage 307200kB, limit 307200kB, failcnt 17435 [ 2141.799696] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2141.807035] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2141.813660] Memory cgroup stats for /syz4: cache:124KB rss:293588KB rss_huge:188416KB shmem:24KB mapped_file:132KB dirty:0KB writeback:132KB swap:0KB inactive_anon:165808KB active_anon:13408KB inactive_file:8KB active_file:4KB unevictable:114452KB [ 2141.837081] Memory cgroup out of memory: Kill process 1127 (syz-executor.4) score 1226 or sacrifice child [ 2141.847031] Killed process 1129 (syz-executor.4) total-vm:72588kB, anon-rss:18196kB, file-rss:34816kB, shmem-rss:0kB 03:26:04 executing program 1: sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r0 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r0, 0x89f0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x7ffff000) r1 = socket(0x0, 0x400000000080803, 0x0) write(r1, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:26:04 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x68, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x38, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}]}}]}, 0x68}, 0x1, 0xf00}, 0x0) 03:26:04 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x70, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x40, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{0x0, 0xc000000}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}, @TCA_RSVP_CLASSID={0x8, 0x1, {0x0, 0x8}}]}}]}, 0x70}}, 0x0) 03:26:05 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x68, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x38, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}]}}]}, 0x68}, 0x1, 0x3400}, 0x0) 03:26:05 executing program 4: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, &(0x7f0000000180)={'tunl0\x00', @ifru_flags}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, 0x0, 0x0) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:26:05 executing program 5: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:26:05 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x70, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x40, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{0x0, 0xe000000}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}, @TCA_RSVP_CLASSID={0x8, 0x1, {0x0, 0x8}}]}}]}, 0x70}}, 0x0) 03:26:06 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) [ 2146.088810] syz-executor.4 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 2146.100702] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 2146.106554] CPU: 1 PID: 1276 Comm: syz-executor.4 Not tainted 4.19.99-syzkaller #0 [ 2146.114271] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2146.123642] Call Trace: [ 2146.126354] dump_stack+0x197/0x210 [ 2146.130003] dump_header+0x15e/0xa55 [ 2146.133748] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2146.138876] ? ___ratelimit+0x60/0x595 [ 2146.142783] ? do_raw_spin_unlock+0x181/0x270 [ 2146.147303] oom_kill_process.cold+0x10/0x6ef [ 2146.151833] out_of_memory+0x362/0x1330 [ 2146.155820] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2146.160946] ? oom_killer_disable+0x280/0x280 [ 2146.165475] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2146.170332] ? memcg_event_wake+0x230/0x230 [ 2146.174690] ? do_raw_spin_unlock+0x181/0x270 [ 2146.179208] ? _raw_spin_unlock+0x2d/0x50 [ 2146.183382] try_charge+0xec5/0x1490 [ 2146.187114] ? lock_downgrade+0x880/0x880 [ 2146.191292] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2146.196154] ? rcu_read_unlock+0x33/0x60 [ 2146.200234] ? get_mem_cgroup_from_mm+0x185/0x510 [ 2146.205194] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 2146.211287] ? mark_held_locks+0xb1/0x100 [ 2146.215492] mem_cgroup_try_charge+0x259/0x6b0 [ 2146.220119] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2146.225074] wp_page_copy+0x430/0x16a0 [ 2146.228977] ? follow_pfn+0x2a0/0x2a0 [ 2146.232800] ? do_raw_spin_unlock+0x181/0x270 [ 2146.237311] do_wp_page+0x57d/0x10b0 [ 2146.241046] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2146.245729] ? kasan_check_write+0x14/0x20 [ 2146.249982] ? do_raw_spin_lock+0xd7/0x250 [ 2146.254247] __handle_mm_fault+0x2305/0x3f80 [ 2146.258687] ? copy_page_range+0x2030/0x2030 [ 2146.263130] ? count_memcg_event_mm+0x2b1/0x4d0 [ 2146.267819] handle_mm_fault+0x1b5/0x690 [ 2146.271907] __get_user_pages+0x609/0x1860 [ 2146.276175] ? follow_page_mask+0x1ac0/0x1ac0 [ 2146.280826] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2146.285597] ? retint_kernel+0x2d/0x2d [ 2146.289518] populate_vma_page_range+0x20d/0x2a0 [ 2146.294293] __mm_populate+0x204/0x380 [ 2146.298202] ? populate_vma_page_range+0x2a0/0x2a0 [ 2146.303139] ? __sanitizer_cov_trace_pc+0x48/0x50 [ 2146.308009] __x64_sys_mlockall+0x35c/0x520 [ 2146.312930] do_syscall_64+0xfd/0x620 [ 2146.316745] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2146.321942] RIP: 0033:0x45b349 [ 2146.325245] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2146.344246] RSP: 002b:00007f86ac33cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 2146.351978] RAX: ffffffffffffffda RBX: 00007f86ac33d6d4 RCX: 000000000045b349 [ 2146.359263] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 2146.366557] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 2146.373838] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2146.381119] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bfd4 [ 2146.395984] Task in /syz4 killed as a result of limit of /syz4 [ 2146.402096] memory: usage 307200kB, limit 307200kB, failcnt 17475 [ 2146.408457] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2146.415447] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2146.422008] Memory cgroup stats for /syz4: cache:124KB rss:293440KB rss_huge:188416KB shmem:24KB mapped_file:132KB dirty:0KB writeback:132KB swap:0KB inactive_anon:165672KB active_anon:13408KB inactive_file:8KB active_file:4KB unevictable:114580KB [ 2146.445490] Memory cgroup out of memory: Kill process 1273 (syz-executor.4) score 1226 or sacrifice child [ 2146.455914] Killed process 1280 (syz-executor.4) total-vm:72720kB, anon-rss:18324kB, file-rss:34816kB, shmem-rss:0kB 03:26:08 executing program 1: r0 = syz_open_procfs(0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:26:09 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x68, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x38, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}]}}]}, 0x68}, 0x1, 0x3f00}, 0x0) 03:26:09 executing program 5: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:26:09 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x70, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x40, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{0x0, 0xf000000}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}, @TCA_RSVP_CLASSID={0x8, 0x1, {0x0, 0x8}}]}}]}, 0x70}}, 0x0) 03:26:09 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:26:09 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x68, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x38, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}]}}]}, 0x68}, 0x1, 0x5865}, 0x0) 03:26:09 executing program 4: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, &(0x7f0000000180)={'tunl0\x00', @ifru_flags}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) connect$inet(0xffffffffffffffff, 0x0, 0x0) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:26:09 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x70, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x40, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{0x0, 0x10000000}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}, @TCA_RSVP_CLASSID={0x8, 0x1, {0x0, 0x8}}]}}]}, 0x70}}, 0x0) [ 2149.359521] syz-executor.4 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 2149.371108] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 2149.376740] CPU: 0 PID: 1531 Comm: syz-executor.4 Not tainted 4.19.99-syzkaller #0 [ 2149.384554] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2149.394040] Call Trace: [ 2149.396670] dump_stack+0x197/0x210 [ 2149.400328] dump_header+0x15e/0xa55 [ 2149.404067] ? oom_kill_process+0x136/0x150 [ 2149.408412] oom_kill_process.cold+0x10/0x6ef [ 2149.412933] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2149.418492] ? task_will_free_mem+0x139/0x6e0 [ 2149.423205] out_of_memory+0x362/0x1330 [ 2149.427212] ? lock_downgrade+0x880/0x880 [ 2149.431385] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2149.436509] ? oom_killer_disable+0x280/0x280 [ 2149.441023] ? find_held_lock+0x35/0x130 [ 2149.445120] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2149.450001] ? memcg_event_wake+0x230/0x230 [ 2149.454351] ? do_raw_spin_unlock+0x181/0x270 [ 2149.458871] ? _raw_spin_unlock+0x2d/0x50 [ 2149.463047] try_charge+0xec5/0x1490 [ 2149.466875] ? lock_downgrade+0x880/0x880 [ 2149.471159] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2149.476059] ? rcu_read_unlock+0x33/0x60 [ 2149.480135] ? get_mem_cgroup_from_mm+0x185/0x510 [ 2149.485008] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 2149.491108] mem_cgroup_try_charge+0x259/0x6b0 [ 2149.495980] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2149.500940] wp_page_copy+0x430/0x16a0 [ 2149.504857] ? follow_pfn+0x2a0/0x2a0 [ 2149.508678] ? do_raw_spin_unlock+0x181/0x270 [ 2149.513283] do_wp_page+0x57d/0x10b0 [ 2149.517019] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2149.521724] ? kasan_check_write+0x14/0x20 [ 2149.526099] ? do_raw_spin_lock+0xd7/0x250 [ 2149.530388] __handle_mm_fault+0x2305/0x3f80 [ 2149.534822] ? copy_page_range+0x2030/0x2030 [ 2149.539265] ? handle_mm_fault+0x10e/0x690 [ 2149.543521] ? write_comp_data+0x1e/0x70 [ 2149.547612] handle_mm_fault+0x1b5/0x690 [ 2149.551751] __get_user_pages+0x609/0x1860 [ 2149.556016] ? follow_page_mask+0x1ac0/0x1ac0 [ 2149.560880] ? retint_kernel+0x2d/0x2d [ 2149.564806] populate_vma_page_range+0x20d/0x2a0 [ 2149.569588] __mm_populate+0x204/0x380 [ 2149.573511] ? populate_vma_page_range+0x2a0/0x2a0 [ 2149.578495] __x64_sys_mlockall+0x35c/0x520 [ 2149.582947] do_syscall_64+0xfd/0x620 [ 2149.586775] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2149.591978] RIP: 0033:0x45b349 [ 2149.595183] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2149.614274] RSP: 002b:00007f86ac35dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 2149.622000] RAX: ffffffffffffffda RBX: 00007f86ac35e6d4 RCX: 000000000045b349 [ 2149.629285] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 2149.636570] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2149.643851] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2149.651147] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bf2c [ 2149.660995] Task in /syz4 killed as a result of limit of /syz4 [ 2149.670752] memory: usage 307200kB, limit 307200kB, failcnt 17526 [ 2149.677210] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2149.684152] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2149.690544] Memory cgroup stats for /syz4: cache:124KB rss:293452KB rss_huge:188416KB shmem:24KB mapped_file:132KB dirty:0KB writeback:132KB swap:0KB inactive_anon:165824KB active_anon:13408KB inactive_file:4KB active_file:8KB unevictable:114452KB [ 2149.713719] Memory cgroup out of memory: Kill process 1530 (syz-executor.4) score 1226 or sacrifice child [ 2149.723571] Killed process 1532 (syz-executor.4) total-vm:72588kB, anon-rss:18196kB, file-rss:34816kB, shmem-rss:0kB 03:26:11 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x68, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x38, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}]}}]}, 0x68}, 0x1, 0x6000}, 0x0) 03:26:11 executing program 1: r0 = syz_open_procfs(0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:26:12 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x70, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x40, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{0x0, 0x34c39fbc}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}, @TCA_RSVP_CLASSID={0x8, 0x1, {0x0, 0x8}}]}}]}, 0x70}}, 0x0) 03:26:12 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x68, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x38, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}]}}]}, 0x68}, 0x1, 0x6558}, 0x0) 03:26:12 executing program 4: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, &(0x7f0000000180)={'tunl0\x00', @ifru_flags}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) connect$inet(0xffffffffffffffff, 0x0, 0x0) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:26:12 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) [ 2152.224410] syz-executor.4 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 2152.236275] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 2152.242509] CPU: 0 PID: 1625 Comm: syz-executor.4 Not tainted 4.19.99-syzkaller #0 [ 2152.250242] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2152.259604] Call Trace: [ 2152.262210] dump_stack+0x197/0x210 [ 2152.265953] dump_header+0x15e/0xa55 [ 2152.269684] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2152.274883] ? ___ratelimit+0x60/0x595 [ 2152.278788] oom_kill_process.cold+0x10/0x6ef [ 2152.283313] ? out_of_memory+0x138/0x1330 [ 2152.287598] out_of_memory+0x362/0x1330 [ 2152.291597] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2152.296371] ? oom_killer_disable+0x280/0x280 [ 2152.300888] ? find_held_lock+0x35/0x130 [ 2152.304973] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2152.309841] ? memcg_event_wake+0x230/0x230 [ 2152.314188] try_charge+0xec5/0x1490 [ 2152.317919] ? lock_downgrade+0x880/0x880 [ 2152.322087] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2152.326965] ? rcu_read_unlock+0x33/0x60 [ 2152.331044] ? get_mem_cgroup_from_mm+0x185/0x510 [ 2152.335906] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 2152.342103] mem_cgroup_try_charge+0x259/0x6b0 [ 2152.346712] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2152.351661] wp_page_copy+0x430/0x16a0 [ 2152.355567] ? follow_pfn+0x2a0/0x2a0 [ 2152.359389] ? do_raw_spin_unlock+0x181/0x270 [ 2152.363903] do_wp_page+0x57d/0x10b0 [ 2152.367639] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2152.372333] ? kasan_check_write+0x14/0x20 [ 2152.376585] ? do_raw_spin_lock+0xd7/0x250 [ 2152.380844] __handle_mm_fault+0x2305/0x3f80 [ 2152.385267] ? copy_page_range+0x2030/0x2030 [ 2152.389762] ? count_memcg_event_mm+0x2b1/0x4d0 [ 2152.394449] handle_mm_fault+0x1b5/0x690 [ 2152.398535] __get_user_pages+0x609/0x1860 [ 2152.402805] ? follow_page_mask+0x1ac0/0x1ac0 [ 2152.407313] ? retint_kernel+0x2d/0x2d [ 2152.411232] populate_vma_page_range+0x20d/0x2a0 [ 2152.416021] __mm_populate+0x204/0x380 [ 2152.419927] ? populate_vma_page_range+0x2a0/0x2a0 [ 2152.424881] __x64_sys_mlockall+0x35c/0x520 [ 2152.429223] do_syscall_64+0xfd/0x620 [ 2152.433043] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2152.438245] RIP: 0033:0x45b349 [ 2152.441459] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2152.460485] RSP: 002b:00007f86ac35dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 2152.468224] RAX: ffffffffffffffda RBX: 00007f86ac35e6d4 RCX: 000000000045b349 [ 2152.476305] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 2152.483590] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2152.490869] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2152.498251] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bf2c [ 2152.506872] Task in /syz4 killed as a result of limit of /syz4 [ 2152.513270] memory: usage 307200kB, limit 307200kB, failcnt 17553 [ 2152.519698] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2152.527150] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2152.533533] Memory cgroup stats for /syz4: cache:124KB rss:293584KB rss_huge:188416KB shmem:24KB mapped_file:132KB dirty:0KB writeback:132KB swap:0KB inactive_anon:165668KB active_anon:13408KB inactive_file:0KB active_file:4KB unevictable:114584KB [ 2152.556853] Memory cgroup out of memory: Kill process 1609 (syz-executor.4) score 1226 or sacrifice child [ 2152.566853] Killed process 1662 (syz-executor.4) total-vm:72720kB, anon-rss:18328kB, file-rss:34816kB, shmem-rss:0kB [ 2154.212389] syz-executor.4 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 2154.220521] oom_reaper: reaped process 1662 (syz-executor.4), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 2154.224154] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 2154.239883] CPU: 0 PID: 1625 Comm: syz-executor.4 Not tainted 4.19.99-syzkaller #0 [ 2154.247632] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2154.257133] Call Trace: [ 2154.259753] dump_stack+0x197/0x210 [ 2154.263434] dump_header+0x15e/0xa55 [ 2154.267174] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2154.272297] ? ___ratelimit+0x60/0x595 [ 2154.276218] ? do_raw_spin_unlock+0x181/0x270 [ 2154.281001] oom_kill_process.cold+0x10/0x6ef [ 2154.285524] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2154.291082] ? task_will_free_mem+0x139/0x6e0 [ 2154.295623] ? trace_hardirqs_on_caller+0x6a/0x220 [ 2154.300587] out_of_memory+0x362/0x1330 [ 2154.304597] ? retint_kernel+0x2d/0x2d [ 2154.308512] ? oom_killer_disable+0x280/0x280 [ 2154.313044] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2154.317912] ? memcg_event_wake+0x230/0x230 [ 2154.322267] try_charge+0xec5/0x1490 [ 2154.326007] ? lock_downgrade+0x880/0x880 [ 2154.330294] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2154.335160] ? rcu_read_unlock+0x33/0x60 [ 2154.339252] ? get_mem_cgroup_from_mm+0x185/0x510 [ 2154.344120] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 2154.350209] mem_cgroup_try_charge+0x259/0x6b0 [ 2154.354830] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2154.359784] wp_page_copy+0x430/0x16a0 [ 2154.363698] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2154.368477] ? follow_pfn+0x2a0/0x2a0 [ 2154.372304] ? do_raw_spin_unlock+0x181/0x270 [ 2154.376829] do_wp_page+0x57d/0x10b0 [ 2154.380574] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2154.385285] ? kasan_check_write+0x14/0x20 [ 2154.389535] ? do_raw_spin_lock+0xd7/0x250 [ 2154.393813] __handle_mm_fault+0x2305/0x3f80 [ 2154.398358] ? copy_page_range+0x2030/0x2030 [ 2154.402814] ? count_memcg_event_mm+0x2b1/0x4d0 [ 2154.407512] handle_mm_fault+0x1b5/0x690 [ 2154.411607] __get_user_pages+0x609/0x1860 [ 2154.415978] ? follow_page_mask+0x1ac0/0x1ac0 [ 2154.420497] ? retint_kernel+0x2d/0x2d [ 2154.424428] populate_vma_page_range+0x20d/0x2a0 [ 2154.429215] __mm_populate+0x204/0x380 [ 2154.433128] ? populate_vma_page_range+0x2a0/0x2a0 [ 2154.438093] __x64_sys_mlockall+0x35c/0x520 [ 2154.442436] do_syscall_64+0xfd/0x620 [ 2154.446370] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2154.451576] RIP: 0033:0x45b349 [ 2154.454789] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2154.473708] RSP: 002b:00007f86ac35dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 2154.481442] RAX: ffffffffffffffda RBX: 00007f86ac35e6d4 RCX: 000000000045b349 [ 2154.488735] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 2154.496034] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2154.503326] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2154.510745] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bf2c [ 2154.519474] Task in /syz4 killed as a result of limit of /syz4 [ 2154.526267] memory: usage 301064kB, limit 307200kB, failcnt 18199 [ 2154.533348] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2154.541333] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2154.547913] Memory cgroup stats for /syz4: cache:124KB rss:287748KB rss_huge:188416KB shmem:24KB mapped_file:132KB dirty:0KB writeback:132KB swap:0KB inactive_anon:159752KB active_anon:13408KB inactive_file:0KB active_file:4KB unevictable:114584KB [ 2154.571312] Memory cgroup out of memory: Kill process 1609 (syz-executor.4) score 1226 or sacrifice child [ 2154.581804] Killed process 1625 (syz-executor.4) total-vm:72720kB, anon-rss:18328kB, file-rss:54376kB, shmem-rss:0kB [ 2154.595181] oom_reaper: reaped process 1625 (syz-executor.4), now anon-rss:18328kB, file-rss:54368kB, shmem-rss:0kB 03:26:16 executing program 5: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:26:16 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x68, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x38, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}]}}]}, 0x68}, 0x1, 0x8100}, 0x0) 03:26:16 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x70, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x40, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{0x0, 0x3c000000}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}, @TCA_RSVP_CLASSID={0x8, 0x1, {0x0, 0x8}}]}}]}, 0x70}}, 0x0) 03:26:16 executing program 1: r0 = syz_open_procfs(0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:26:17 executing program 4: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, &(0x7f0000000180)={'tunl0\x00', @ifru_flags}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) connect$inet(0xffffffffffffffff, 0x0, 0x0) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:26:17 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x70, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x40, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{0x0, 0x3f000000}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}, @TCA_RSVP_CLASSID={0x8, 0x1, {0x0, 0x8}}]}}]}, 0x70}}, 0x0) 03:26:17 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:26:17 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x68, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x38, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}]}}]}, 0x68}, 0x1, 0xf000}, 0x0) 03:26:17 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x0, 0x0) ioctl$sock_ifreq(r1, 0x89f0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) [ 2156.588888] syz-executor.4 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 2156.600827] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 2156.606506] CPU: 1 PID: 1727 Comm: syz-executor.4 Not tainted 4.19.99-syzkaller #0 [ 2156.614231] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2156.623599] Call Trace: [ 2156.626214] dump_stack+0x197/0x210 [ 2156.630120] dump_header+0x15e/0xa55 [ 2156.633877] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2156.638999] ? ___ratelimit+0x60/0x595 [ 2156.642908] ? do_raw_spin_unlock+0x181/0x270 [ 2156.647445] oom_kill_process.cold+0x10/0x6ef [ 2156.651978] out_of_memory+0x362/0x1330 [ 2156.655972] ? lock_downgrade+0x880/0x880 [ 2156.660795] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2156.665918] ? oom_killer_disable+0x280/0x280 [ 2156.670444] ? find_held_lock+0x35/0x130 [ 2156.674544] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2156.680204] ? memcg_event_wake+0x230/0x230 [ 2156.684549] ? do_raw_spin_unlock+0x181/0x270 [ 2156.690287] ? _raw_spin_unlock+0x2d/0x50 [ 2156.694459] try_charge+0xec5/0x1490 [ 2156.698370] ? lock_downgrade+0x880/0x880 [ 2156.702540] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2156.707403] ? rcu_read_unlock+0x33/0x60 [ 2156.711490] ? get_mem_cgroup_from_mm+0x185/0x510 [ 2156.716456] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 2156.722565] mem_cgroup_try_charge+0x259/0x6b0 [ 2156.727177] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2156.732127] wp_page_copy+0x430/0x16a0 [ 2156.736035] ? follow_pfn+0x2a0/0x2a0 [ 2156.739867] ? do_raw_spin_unlock+0x181/0x270 [ 2156.744382] do_wp_page+0x57d/0x10b0 [ 2156.748117] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2156.752893] ? kasan_check_write+0x14/0x20 [ 2156.757138] ? do_raw_spin_lock+0xd7/0x250 [ 2156.761395] __handle_mm_fault+0x2305/0x3f80 [ 2156.765823] ? copy_page_range+0x2030/0x2030 [ 2156.770259] ? retint_kernel+0x2d/0x2d [ 2156.774173] ? count_memcg_event_mm+0x2b1/0x4d0 [ 2156.778862] handle_mm_fault+0x1b5/0x690 [ 2156.782969] __get_user_pages+0x609/0x1860 [ 2156.787235] ? follow_page_mask+0x1ac0/0x1ac0 [ 2156.791748] ? retint_kernel+0x2d/0x2d [ 2156.795667] populate_vma_page_range+0x20d/0x2a0 [ 2156.800446] __mm_populate+0x204/0x380 [ 2156.804398] ? populate_vma_page_range+0x2a0/0x2a0 [ 2156.809356] __x64_sys_mlockall+0x35c/0x520 [ 2156.813821] do_syscall_64+0xfd/0x620 [ 2156.817656] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2156.822946] RIP: 0033:0x45b349 [ 2156.826208] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2156.845356] RSP: 002b:00007f86ac35dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 2156.854245] RAX: ffffffffffffffda RBX: 00007f86ac35e6d4 RCX: 000000000045b349 [ 2156.861646] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 2156.868928] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2156.876207] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2156.883505] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bf2c [ 2156.900321] Task in /syz4 killed as a result of limit of /syz4 [ 2156.906716] memory: usage 307200kB, limit 307200kB, failcnt 18217 [ 2156.913268] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2156.920627] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2156.926999] Memory cgroup stats for /syz4: cache:124KB rss:293640KB rss_huge:190464KB shmem:24KB mapped_file:132KB dirty:0KB writeback:132KB swap:0KB inactive_anon:163792KB active_anon:13408KB inactive_file:0KB active_file:4KB unevictable:116500KB [ 2156.949665] Memory cgroup out of memory: Kill process 1683 (syz-executor.4) score 1226 or sacrifice child [ 2156.959641] Killed process 1793 (syz-executor.4) total-vm:72588kB, anon-rss:18196kB, file-rss:34816kB, shmem-rss:0kB [ 2157.680322] syz-executor.4 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 2157.720785] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 2157.726336] CPU: 1 PID: 1683 Comm: syz-executor.4 Not tainted 4.19.99-syzkaller #0 [ 2157.734061] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2157.743427] Call Trace: [ 2157.746040] dump_stack+0x197/0x210 [ 2157.749697] dump_header+0x15e/0xa55 [ 2157.754969] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2157.760203] ? ___ratelimit+0x60/0x595 [ 2157.764111] ? do_raw_spin_unlock+0x181/0x270 [ 2157.768637] oom_kill_process.cold+0x10/0x6ef [ 2157.773159] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2157.778720] ? task_will_free_mem+0x139/0x6e0 [ 2157.783249] out_of_memory+0x362/0x1330 [ 2157.787257] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2157.792497] ? oom_killer_disable+0x280/0x280 [ 2157.797011] ? find_held_lock+0x35/0x130 [ 2157.801104] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2157.805970] ? memcg_event_wake+0x230/0x230 [ 2157.810314] ? do_raw_spin_unlock+0x181/0x270 [ 2157.814843] ? _raw_spin_unlock+0x2d/0x50 [ 2157.819131] try_charge+0xc6e/0x1490 [ 2157.822864] ? lock_downgrade+0x880/0x880 [ 2157.827053] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2157.831917] ? rcu_read_unlock+0x33/0x60 [ 2157.836015] ? get_mem_cgroup_from_mm+0x185/0x510 [ 2157.840879] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 2157.846965] ? __free_object+0xe2/0x1f0 [ 2157.850991] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2157.856123] mem_cgroup_try_charge+0x259/0x6b0 [ 2157.860851] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2157.865810] wp_page_copy+0x430/0x16a0 [ 2157.869727] ? follow_pfn+0x2a0/0x2a0 [ 2157.873557] ? do_raw_spin_unlock+0x181/0x270 [ 2157.878096] do_wp_page+0x57d/0x10b0 [ 2157.881832] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2157.886517] ? kasan_check_write+0x14/0x20 [ 2157.890900] ? do_raw_spin_lock+0xd7/0x250 [ 2157.895156] __handle_mm_fault+0x2305/0x3f80 [ 2157.899585] ? copy_page_range+0x2030/0x2030 [ 2157.904028] ? count_memcg_event_mm+0x2b1/0x4d0 [ 2157.908711] handle_mm_fault+0x1b5/0x690 [ 2157.912791] __do_page_fault+0x62a/0xe90 [ 2157.916878] ? vmalloc_fault+0x740/0x740 [ 2157.920955] ? trace_hardirqs_off_caller+0x65/0x220 [ 2157.925983] ? trace_hardirqs_on_caller+0x6a/0x220 [ 2157.930920] ? page_fault+0x8/0x30 [ 2157.934478] do_page_fault+0x71/0x57d [ 2157.938297] ? page_fault+0x8/0x30 [ 2157.941858] page_fault+0x1e/0x30 [ 2157.945319] RIP: 0033:0x400644 [ 2157.948529] Code: 06 e9 49 01 00 00 48 8b 44 24 10 48 0b 44 24 28 75 1f 48 8b 14 24 48 8b 7c 24 20 be 04 00 00 00 e8 d1 55 00 00 48 8b 74 24 08 <89> 06 e9 1e 01 00 00 48 8b 44 24 08 48 8b 14 24 be 04 00 00 00 8b 03:26:19 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) [ 2157.967730] RSP: 002b:00007ffe33ec92d0 EFLAGS: 00010202 [ 2157.973225] RAX: 0000000000000000 RBX: 000000000075c9a0 RCX: 0000000000000000 [ 2157.980598] RDX: 0000000000000000 RSI: 0000000020d06000 RDI: 0000000000000000 [ 2157.987977] RBP: 0000000000760fd0 R08: 0000000000000000 R09: 0000000000000000 [ 2157.995268] R10: 00007ffe33ec93e0 R11: 0000000000000246 R12: 000000000075bf20 [ 2158.002562] R13: 000000000020e7f4 R14: 0000000000760fd8 R15: 000000000075bf2c 03:26:19 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x70, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x40, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{0x0, 0x60000000}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}, @TCA_RSVP_CLASSID={0x8, 0x1, {0x0, 0x8}}]}}]}, 0x70}}, 0x0) 03:26:19 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x68, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x38, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}]}}]}, 0x68}, 0x1, 0xff00}, 0x0) [ 2158.114402] Task in /syz4 killed as a result of limit of /syz4 [ 2158.126752] memory: usage 300932kB, limit 307200kB, failcnt 18225 [ 2158.136307] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2158.144691] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2158.220698] Memory cgroup stats for /syz4: cache:124KB rss:287580KB rss_huge:188416KB shmem:24KB mapped_file:132KB dirty:0KB writeback:132KB swap:0KB inactive_anon:159752KB active_anon:13408KB inactive_file:0KB active_file:4KB unevictable:114452KB [ 2158.350505] Memory cgroup out of memory: Kill process 1683 (syz-executor.4) score 1226 or sacrifice child [ 2158.410024] Killed process 1683 (syz-executor.4) total-vm:72588kB, anon-rss:18196kB, file-rss:54376kB, shmem-rss:0kB 03:26:20 executing program 5: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:26:20 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x0, 0x0) ioctl$sock_ifreq(r1, 0x89f0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:26:20 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:26:20 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x70, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x40, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{0x0, 0x65580000}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}, @TCA_RSVP_CLASSID={0x8, 0x1, {0x0, 0x8}}]}}]}, 0x70}}, 0x0) 03:26:21 executing program 4: syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r0 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r0, 0x89f0, &(0x7f0000000180)={'tunl0\x00', @ifru_flags}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x7ffff000) r1 = socket(0x0, 0x400000000080803, 0x0) write(r1, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:26:21 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x70, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x40, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{0x0, 0x81000000}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}, @TCA_RSVP_CLASSID={0x8, 0x1, {0x0, 0x8}}]}}]}, 0x70}}, 0x0) 03:26:21 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x68, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x38, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}]}}]}, 0x68}, 0x1, 0x34000}, 0x0) 03:26:21 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x0, 0x0) ioctl$sock_ifreq(r1, 0x89f0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:26:21 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:26:21 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x68, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x38, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}]}}]}, 0x68}, 0x1, 0x400300}, 0x0) 03:26:21 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x70, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x40, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{0x0, 0x88a8ffff}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}, @TCA_RSVP_CLASSID={0x8, 0x1, {0x0, 0x8}}]}}]}, 0x70}}, 0x0) 03:26:22 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x70, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x40, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{0x0, 0x9effffff}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}, @TCA_RSVP_CLASSID={0x8, 0x1, {0x0, 0x8}}]}}]}, 0x70}}, 0x0) [ 2161.906511] syz-executor.4 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 2161.967534] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 2162.000252] CPU: 0 PID: 2042 Comm: syz-executor.4 Not tainted 4.19.99-syzkaller #0 [ 2162.008118] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2162.017491] Call Trace: [ 2162.020099] dump_stack+0x197/0x210 [ 2162.023752] dump_header+0x15e/0xa55 [ 2162.027626] oom_kill_process.cold+0x10/0x6ef [ 2162.032139] ? out_of_memory+0x1ae/0x1330 [ 2162.036311] ? mem_cgroup_get_max+0x30/0x240 [ 2162.040741] out_of_memory+0x362/0x1330 [ 2162.044749] ? lock_downgrade+0x880/0x880 [ 2162.049525] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2162.054652] ? oom_killer_disable+0x280/0x280 [ 2162.059166] ? find_held_lock+0x35/0x130 [ 2162.063250] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2162.068224] ? memcg_event_wake+0x230/0x230 [ 2162.072574] ? do_raw_spin_unlock+0x181/0x270 [ 2162.077086] ? _raw_spin_unlock+0x2d/0x50 [ 2162.081620] try_charge+0xec5/0x1490 [ 2162.085349] ? lock_downgrade+0x880/0x880 [ 2162.089529] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2162.094384] ? rcu_read_unlock+0x33/0x60 [ 2162.098470] ? get_mem_cgroup_from_mm+0x185/0x510 [ 2162.103418] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 2162.109514] ? lock_downgrade+0x880/0x880 [ 2162.113702] mem_cgroup_try_charge+0x259/0x6b0 [ 2162.118321] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2162.123475] do_huge_pmd_wp_page+0x97e/0x3580 [ 2162.128118] ? __split_huge_pmd+0x2b10/0x2b10 [ 2162.132647] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2162.137452] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2162.142238] ? pmd_val+0x85/0x100 [ 2162.145732] ? mark_held_locks+0xb1/0x100 [ 2162.149910] __handle_mm_fault+0x167b/0x3f80 [ 2162.154366] ? copy_page_range+0x2030/0x2030 [ 2162.158796] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2162.163596] ? handle_mm_fault+0x156/0x690 [ 2162.167862] handle_mm_fault+0x1b5/0x690 [ 2162.171954] __get_user_pages+0x609/0x1860 [ 2162.176242] ? follow_page_mask+0x1ac0/0x1ac0 [ 2162.180919] ? retint_kernel+0x2d/0x2d [ 2162.184840] populate_vma_page_range+0x20d/0x2a0 [ 2162.189753] __mm_populate+0x204/0x380 [ 2162.193668] ? populate_vma_page_range+0x2a0/0x2a0 [ 2162.199766] __x64_sys_mlockall+0x35c/0x520 [ 2162.204234] do_syscall_64+0xfd/0x620 [ 2162.208053] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2162.213260] RIP: 0033:0x45b349 [ 2162.216470] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2162.235504] RSP: 002b:00007f86ac35dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 2162.243260] RAX: ffffffffffffffda RBX: 00007f86ac35e6d4 RCX: 000000000045b349 [ 2162.250637] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 2162.257929] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2162.265217] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2162.272509] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bf2c [ 2162.297431] Task in /syz4 killed as a result of limit of /syz4 [ 2162.309605] memory: usage 307192kB, limit 307200kB, failcnt 18260 [ 2162.316845] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2162.330133] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2162.336641] Memory cgroup stats for /syz4: cache:124KB rss:293236KB rss_huge:196608KB shmem:24KB mapped_file:132KB dirty:0KB writeback:132KB swap:0KB inactive_anon:161328KB active_anon:13408KB inactive_file:4KB active_file:0KB unevictable:118676KB [ 2162.361216] Memory cgroup out of memory: Kill process 2039 (syz-executor.4) score 1226 or sacrifice child [ 2162.372597] Killed process 2047 (syz-executor.4) total-vm:72720kB, anon-rss:18324kB, file-rss:34816kB, shmem-rss:0kB 03:26:24 executing program 5: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:26:24 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x68, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x38, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}]}}]}, 0x68}, 0x1, 0xf0ffff}, 0x0) 03:26:24 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x70, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x40, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{0x0, 0xbc9fc334}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}, @TCA_RSVP_CLASSID={0x8, 0x1, {0x0, 0x8}}]}}]}, 0x70}}, 0x0) 03:26:24 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(0xffffffffffffffff, 0x89f0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r1 = socket(0x0, 0x400000000080803, 0x0) write(r1, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:26:26 executing program 4: syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r0 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r0, 0x89f0, &(0x7f0000000180)={'tunl0\x00', @ifru_flags}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x7ffff000) r1 = socket(0x0, 0x400000000080803, 0x0) write(r1, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:26:26 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:26:26 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x70, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x40, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{0x0, 0xf0ffffff}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}, @TCA_RSVP_CLASSID={0x8, 0x1, {0x0, 0x8}}]}}]}, 0x70}}, 0x0) 03:26:26 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x68, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x38, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}]}}]}, 0x68}, 0x1, 0x1000000}, 0x0) 03:26:26 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(0xffffffffffffffff, 0x89f0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r1 = socket(0x0, 0x400000000080803, 0x0) write(r1, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) [ 2165.555833] syz-executor.4 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 2165.568049] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 2165.573799] CPU: 0 PID: 2298 Comm: syz-executor.4 Not tainted 4.19.99-syzkaller #0 [ 2165.581513] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2165.590890] Call Trace: [ 2165.593490] dump_stack+0x197/0x210 [ 2165.597132] dump_header+0x15e/0xa55 [ 2165.600854] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2165.606048] ? ___ratelimit+0x60/0x595 [ 2165.610031] ? do_raw_spin_unlock+0x181/0x270 [ 2165.614552] oom_kill_process.cold+0x10/0x6ef [ 2165.619061] ? out_of_memory+0x14a/0x1330 [ 2165.623226] out_of_memory+0x362/0x1330 [ 2165.627211] ? lock_downgrade+0x880/0x880 [ 2165.631364] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2165.636474] ? oom_killer_disable+0x280/0x280 [ 2165.640973] ? find_held_lock+0x35/0x130 [ 2165.645052] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2165.649902] ? memcg_event_wake+0x230/0x230 [ 2165.654233] ? do_raw_spin_unlock+0x181/0x270 [ 2165.658732] ? _raw_spin_unlock+0x2d/0x50 [ 2165.662893] try_charge+0xec5/0x1490 [ 2165.666615] ? lock_downgrade+0x880/0x880 [ 2165.670774] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2165.675636] ? rcu_read_unlock+0x33/0x60 [ 2165.679712] ? get_mem_cgroup_from_mm+0x185/0x510 [ 2165.684583] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 2165.690670] mem_cgroup_try_charge+0x259/0x6b0 [ 2165.695272] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2165.701291] wp_page_copy+0x430/0x16a0 [ 2165.705235] ? follow_pfn+0x2a0/0x2a0 [ 2165.709061] ? do_raw_spin_unlock+0x57/0x270 [ 2165.713491] ? finish_task_switch+0x7c0/0x7c0 [ 2165.718010] do_wp_page+0x57d/0x10b0 [ 2165.721749] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2165.726432] ? kasan_check_write+0x14/0x20 [ 2165.730702] ? do_raw_spin_lock+0xd7/0x250 [ 2165.734957] __handle_mm_fault+0x2305/0x3f80 [ 2165.739517] ? copy_page_range+0x2030/0x2030 [ 2165.743964] ? count_memcg_event_mm+0x2b1/0x4d0 [ 2165.748656] handle_mm_fault+0x1b5/0x690 [ 2165.753193] __get_user_pages+0x609/0x1860 [ 2165.757460] ? follow_page_mask+0x1ac0/0x1ac0 [ 2165.761977] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2165.766762] ? retint_kernel+0x2d/0x2d [ 2165.770678] populate_vma_page_range+0x20d/0x2a0 [ 2165.775454] __mm_populate+0x204/0x380 [ 2165.779507] ? populate_vma_page_range+0x2a0/0x2a0 [ 2165.784574] ? lock_release+0x18/0xa30 [ 2165.788489] __x64_sys_mlockall+0x35c/0x520 [ 2165.792845] do_syscall_64+0xfd/0x620 [ 2165.796673] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2165.801878] RIP: 0033:0x45b349 [ 2165.805107] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2165.824047] RSP: 002b:00007f86ac33cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 2165.831785] RAX: ffffffffffffffda RBX: 00007f86ac33d6d4 RCX: 000000000045b349 [ 2165.839084] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 2165.846496] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 2165.853797] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2165.861098] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bfd4 [ 2165.869905] Task in /syz4 killed as a result of limit of /syz4 [ 2165.876424] memory: usage 307200kB, limit 307200kB, failcnt 18277 [ 2165.883074] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2165.890022] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2165.896397] Memory cgroup stats for /syz4: cache:124KB rss:293664KB rss_huge:192512KB shmem:24KB mapped_file:132KB dirty:0KB writeback:132KB swap:0KB inactive_anon:161640KB active_anon:13408KB inactive_file:4KB active_file:4KB unevictable:118676KB [ 2165.919454] Memory cgroup out of memory: Kill process 2290 (syz-executor.4) score 1226 or sacrifice child [ 2165.929858] Killed process 2299 (syz-executor.4) total-vm:72720kB, anon-rss:18324kB, file-rss:34816kB, shmem-rss:0kB [ 2165.980659] syz-executor.4 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 2165.992434] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 2165.997914] CPU: 0 PID: 2298 Comm: syz-executor.4 Not tainted 4.19.99-syzkaller #0 [ 2166.005713] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2166.015085] Call Trace: [ 2166.017691] dump_stack+0x197/0x210 [ 2166.021345] dump_header+0x15e/0xa55 [ 2166.025073] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2166.030218] ? ___ratelimit+0x60/0x595 [ 2166.034154] ? do_raw_spin_unlock+0x181/0x270 [ 2166.038871] oom_kill_process.cold+0x10/0x6ef [ 2166.043517] out_of_memory+0x362/0x1330 [ 2166.047516] ? retint_kernel+0x2d/0x2d [ 2166.051687] ? oom_killer_disable+0x280/0x280 [ 2166.056318] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2166.061185] ? memcg_event_wake+0x230/0x230 [ 2166.065535] ? do_raw_spin_unlock+0x181/0x270 [ 2166.070118] ? _raw_spin_unlock+0x2d/0x50 [ 2166.074295] try_charge+0xec5/0x1490 [ 2166.078020] ? lock_downgrade+0x880/0x880 [ 2166.082192] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2166.087043] ? rcu_read_unlock+0x33/0x60 [ 2166.091115] ? get_mem_cgroup_from_mm+0x185/0x510 [ 2166.095969] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 2166.102041] mem_cgroup_try_charge+0x259/0x6b0 [ 2166.106638] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2166.111573] wp_page_copy+0x430/0x16a0 [ 2166.115473] ? follow_pfn+0x2a0/0x2a0 [ 2166.119278] ? do_raw_spin_unlock+0x57/0x270 [ 2166.123695] ? finish_task_switch+0x7c0/0x7c0 [ 2166.128199] do_wp_page+0x57d/0x10b0 [ 2166.131922] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2166.136594] ? kasan_check_write+0x14/0x20 [ 2166.141528] ? do_raw_spin_lock+0xd7/0x250 [ 2166.145776] __handle_mm_fault+0x2305/0x3f80 [ 2166.150285] ? copy_page_range+0x2030/0x2030 [ 2166.154727] ? count_memcg_event_mm+0x2b1/0x4d0 [ 2166.159402] handle_mm_fault+0x1b5/0x690 [ 2166.163475] __get_user_pages+0x609/0x1860 [ 2166.167724] ? follow_page_mask+0x1ac0/0x1ac0 [ 2166.172227] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2166.176997] ? retint_kernel+0x2d/0x2d [ 2166.180902] populate_vma_page_range+0x20d/0x2a0 [ 2166.185673] __mm_populate+0x204/0x380 [ 2166.189572] ? populate_vma_page_range+0x2a0/0x2a0 [ 2166.194508] ? lock_release+0x18/0xa30 [ 2166.198413] __x64_sys_mlockall+0x35c/0x520 [ 2166.202746] do_syscall_64+0xfd/0x620 [ 2166.206559] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2166.211752] RIP: 0033:0x45b349 [ 2166.214951] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2166.233856] RSP: 002b:00007f86ac33cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 2166.241588] RAX: ffffffffffffffda RBX: 00007f86ac33d6d4 RCX: 000000000045b349 [ 2166.248868] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 2166.256139] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 2166.263408] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2166.270679] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bfd4 [ 2166.279269] Task in /syz4 killed as a result of limit of /syz4 [ 2166.285705] memory: usage 301068kB, limit 307200kB, failcnt 18283 [ 2166.292165] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2166.299024] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2166.305411] Memory cgroup stats for /syz4: cache:124KB rss:287716KB rss_huge:188416KB shmem:24KB mapped_file:132KB dirty:0KB writeback:132KB swap:0KB inactive_anon:159752KB active_anon:13408KB inactive_file:4KB active_file:4KB unevictable:114580KB [ 2166.329949] Memory cgroup out of memory: Kill process 2290 (syz-executor.4) score 1226 or sacrifice child [ 2166.340430] Killed process 2290 (syz-executor.4) total-vm:72720kB, anon-rss:18324kB, file-rss:54376kB, shmem-rss:0kB [ 2166.357220] oom_reaper: reaped process 2290 (syz-executor.4), now anon-rss:18324kB, file-rss:54368kB, shmem-rss:0kB 03:26:28 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x68, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x38, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}]}}]}, 0x68}, 0x1, 0x2000000}, 0x0) 03:26:28 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x70, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x40, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{0x0, 0xffffa888}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}, @TCA_RSVP_CLASSID={0x8, 0x1, {0x0, 0x8}}]}}]}, 0x70}}, 0x0) 03:26:28 executing program 4: syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r0 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r0, 0x89f0, &(0x7f0000000180)={'tunl0\x00', @ifru_flags}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x7ffff000) r1 = socket(0x0, 0x400000000080803, 0x0) write(r1, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) [ 2167.458610] syz-executor.4 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 2167.470233] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 2167.475984] CPU: 0 PID: 2426 Comm: syz-executor.4 Not tainted 4.19.99-syzkaller #0 [ 2167.483705] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2167.493172] Call Trace: [ 2167.495798] dump_stack+0x197/0x210 [ 2167.499446] dump_header+0x15e/0xa55 [ 2167.503196] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2167.508310] ? ___ratelimit+0x60/0x595 [ 2167.512241] ? do_raw_spin_unlock+0x181/0x270 [ 2167.516763] oom_kill_process.cold+0x10/0x6ef [ 2167.521288] ? out_of_memory+0x313/0x1330 [ 2167.525453] ? out_of_memory+0x31e/0x1330 [ 2167.529639] out_of_memory+0x362/0x1330 [ 2167.533727] ? lock_downgrade+0x880/0x880 [ 2167.537906] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2167.543034] ? oom_killer_disable+0x280/0x280 [ 2167.547548] ? find_held_lock+0x35/0x130 [ 2167.551639] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2167.556506] ? memcg_event_wake+0x230/0x230 [ 2167.560851] ? do_raw_spin_unlock+0x181/0x270 [ 2167.565366] ? _raw_spin_unlock+0x2d/0x50 [ 2167.569545] try_charge+0xec5/0x1490 [ 2167.573285] ? lock_downgrade+0x880/0x880 [ 2167.577555] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2167.582424] ? rcu_read_unlock+0x33/0x60 [ 2167.586509] ? get_mem_cgroup_from_mm+0x185/0x510 [ 2167.591374] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 2167.597449] ? lock_downgrade+0x880/0x880 [ 2167.601627] mem_cgroup_try_charge+0x259/0x6b0 [ 2167.606237] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2167.611192] do_huge_pmd_wp_page+0x97e/0x3580 [ 2167.615718] ? retint_kernel+0x2d/0x2d [ 2167.619618] ? trace_hardirqs_on_caller+0x6a/0x220 [ 2167.624576] ? __split_huge_pmd+0x2b10/0x2b10 [ 2167.629082] ? retint_kernel+0x2d/0x2d [ 2167.632998] __handle_mm_fault+0x167b/0x3f80 [ 2167.637425] ? copy_page_range+0x2030/0x2030 [ 2167.641868] ? count_memcg_event_mm+0x2b1/0x4d0 [ 2167.646897] handle_mm_fault+0x1b5/0x690 [ 2167.650977] __get_user_pages+0x609/0x1860 [ 2167.655232] ? follow_page_mask+0x1ac0/0x1ac0 [ 2167.659737] ? retint_kernel+0x2d/0x2d [ 2167.663652] populate_vma_page_range+0x20d/0x2a0 [ 2167.668425] __mm_populate+0x204/0x380 [ 2167.672331] ? populate_vma_page_range+0x2a0/0x2a0 [ 2167.677273] ? __sanitizer_cov_trace_pc+0x48/0x50 [ 2167.682144] __x64_sys_mlockall+0x35c/0x520 [ 2167.686496] do_syscall_64+0xfd/0x620 [ 2167.690326] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2167.695526] RIP: 0033:0x45b349 03:26:29 executing program 5: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:26:29 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:26:29 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x68, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x38, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}]}}]}, 0x68}, 0x1, 0x3000000}, 0x0) 03:26:29 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x70, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x40, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{0x0, 0xfffff000}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}, @TCA_RSVP_CLASSID={0x8, 0x1, {0x0, 0x8}}]}}]}, 0x70}}, 0x0) 03:26:29 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(0xffffffffffffffff, 0x89f0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r1 = socket(0x0, 0x400000000080803, 0x0) write(r1, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) [ 2167.698734] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2167.717732] RSP: 002b:00007f86ac35dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 2167.725457] RAX: ffffffffffffffda RBX: 00007f86ac35e6d4 RCX: 000000000045b349 [ 2167.732743] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 2167.740036] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2167.747317] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2167.754605] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bf2c [ 2167.764602] Task in /syz4 killed as a result of limit of /syz4 [ 2167.771339] memory: usage 307200kB, limit 307200kB, failcnt 18326 [ 2167.777988] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2167.785136] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2167.791622] Memory cgroup stats for /syz4: cache:124KB rss:293308KB rss_huge:206848KB shmem:24KB mapped_file:132KB dirty:0KB writeback:132KB swap:0KB inactive_anon:161324KB active_anon:13408KB inactive_file:4KB active_file:4KB unevictable:118680KB [ 2167.814805] Memory cgroup out of memory: Kill process 2425 (syz-executor.4) score 1226 or sacrifice child [ 2167.825185] Killed process 2428 (syz-executor.4) total-vm:72720kB, anon-rss:18328kB, file-rss:34816kB, shmem-rss:0kB [ 2167.947731] oom_reaper: reaped process 2428 (syz-executor.4), now anon-rss:0kB, file-rss:34688kB, shmem-rss:0kB 03:26:31 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x70, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x40, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{0x0, 0xffffff7f}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}, @TCA_RSVP_CLASSID={0x8, 0x1, {0x0, 0x8}}]}}]}, 0x70}}, 0x0) 03:26:31 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x68, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x38, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}]}}]}, 0x68}, 0x1, 0x4000000}, 0x0) 03:26:31 executing program 4: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, &(0x7f0000000180)={'tunl0\x00', @ifru_flags}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x0) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:26:31 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) [ 2170.589464] syz-executor.4 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 2170.601649] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 2170.607256] CPU: 0 PID: 2574 Comm: syz-executor.4 Not tainted 4.19.99-syzkaller #0 [ 2170.614968] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2170.624342] Call Trace: [ 2170.626949] dump_stack+0x197/0x210 [ 2170.630604] dump_header+0x15e/0xa55 [ 2170.634335] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2170.639462] ? ___ratelimit+0x60/0x595 [ 2170.643362] ? do_raw_spin_unlock+0x181/0x270 [ 2170.647969] oom_kill_process.cold+0x10/0x6ef [ 2170.652520] ? out_of_memory+0x1ae/0x1330 [ 2170.656832] out_of_memory+0x362/0x1330 [ 2170.660836] ? oom_killer_disable+0x280/0x280 [ 2170.665367] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2170.670241] ? memcg_event_wake+0x230/0x230 [ 2170.674629] ? do_raw_spin_unlock+0x181/0x270 [ 2170.679150] ? _raw_spin_unlock+0x2d/0x50 [ 2170.683463] try_charge+0xec5/0x1490 [ 2170.687300] ? lock_downgrade+0x880/0x880 [ 2170.691577] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2170.696442] ? rcu_read_unlock+0x33/0x60 [ 2170.700621] ? get_mem_cgroup_from_mm+0x185/0x510 [ 2170.705492] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 2170.711696] mem_cgroup_try_charge+0x259/0x6b0 [ 2170.716307] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2170.721261] do_huge_pmd_wp_page+0x97e/0x3580 [ 2170.725785] ? mark_held_locks+0xb1/0x100 [ 2170.729960] ? __split_huge_pmd+0x2b10/0x2b10 [ 2170.734475] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2170.739245] ? pmd_val+0x85/0x100 [ 2170.742723] ? retint_kernel+0x2d/0x2d [ 2170.746631] __handle_mm_fault+0x167b/0x3f80 [ 2170.751069] ? copy_page_range+0x2030/0x2030 [ 2170.755517] ? count_memcg_event_mm+0x2b1/0x4d0 [ 2170.760303] handle_mm_fault+0x1b5/0x690 [ 2170.764395] __get_user_pages+0x609/0x1860 [ 2170.768666] ? follow_page_mask+0x1ac0/0x1ac0 [ 2170.773580] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2170.778361] ? retint_kernel+0x2d/0x2d [ 2170.782275] populate_vma_page_range+0x20d/0x2a0 [ 2170.787057] __mm_populate+0x204/0x380 [ 2170.791065] ? populate_vma_page_range+0x2a0/0x2a0 [ 2170.796025] __x64_sys_mlockall+0x35c/0x520 [ 2170.800376] do_syscall_64+0xfd/0x620 [ 2170.804204] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2170.809407] RIP: 0033:0x45b349 [ 2170.812704] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2170.831639] RSP: 002b:00007f86ac33cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 2170.839477] RAX: ffffffffffffffda RBX: 00007f86ac33d6d4 RCX: 000000000045b349 [ 2170.846761] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 2170.854044] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 2170.861331] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2170.868620] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bfd4 [ 2170.876787] Task in /syz4 killed as a result of limit of /syz4 [ 2170.883544] memory: usage 307200kB, limit 307200kB, failcnt 18387 [ 2170.890242] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2170.897284] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2170.903643] Memory cgroup stats for /syz4: cache:124KB rss:293440KB rss_huge:202752KB shmem:24KB mapped_file:132KB dirty:0KB writeback:132KB swap:0KB inactive_anon:161328KB active_anon:13408KB inactive_file:4KB active_file:0KB unevictable:118808KB [ 2170.927528] Memory cgroup out of memory: Kill process 2572 (syz-executor.4) score 1227 or sacrifice child [ 2170.938161] Killed process 2576 (syz-executor.4) total-vm:72852kB, anon-rss:18456kB, file-rss:34816kB, shmem-rss:0kB 03:26:32 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) [ 2171.237308] oom_reaper: reaped process 2576 (syz-executor.4), now anon-rss:0kB, file-rss:34688kB, shmem-rss:0kB 03:26:32 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x68, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x38, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}]}}]}, 0x68}, 0x1, 0x5000000}, 0x0) 03:26:32 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x70, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x40, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{0x0, 0xffffff9e}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}, @TCA_RSVP_CLASSID={0x8, 0x1, {0x0, 0x8}}]}}]}, 0x70}}, 0x0) 03:26:35 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:26:35 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x68, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x38, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}]}}]}, 0x68}, 0x1, 0x6000000}, 0x0) 03:26:35 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x70, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x40, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{0x0, 0xfffffff0}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}, @TCA_RSVP_CLASSID={0x8, 0x1, {0x0, 0x8}}]}}]}, 0x70}}, 0x0) 03:26:35 executing program 5: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket$inet(0x10, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r1 = socket(0x0, 0x400000000080803, 0x0) write(r1, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:26:35 executing program 4: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, &(0x7f0000000180)={'tunl0\x00', @ifru_flags}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x0) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) [ 2174.453350] syz-executor.4 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 2174.464902] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 2174.470533] CPU: 1 PID: 2606 Comm: syz-executor.4 Not tainted 4.19.99-syzkaller #0 [ 2174.478613] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2174.487979] Call Trace: [ 2174.490588] dump_stack+0x197/0x210 [ 2174.494239] dump_header+0x15e/0xa55 [ 2174.497978] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2174.503106] ? ___ratelimit+0x60/0x595 [ 2174.507024] ? do_raw_spin_unlock+0x181/0x270 [ 2174.511546] oom_kill_process.cold+0x10/0x6ef [ 2174.516071] ? oom_badness+0x6c0/0x6c0 [ 2174.519974] ? mem_cgroup_scan_tasks+0x19/0x180 [ 2174.524664] out_of_memory+0x362/0x1330 [ 2174.528670] ? lock_downgrade+0x880/0x880 [ 2174.532833] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2174.538053] ? oom_killer_disable+0x280/0x280 [ 2174.542647] ? find_held_lock+0x35/0x130 [ 2174.546744] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2174.551604] ? memcg_event_wake+0x230/0x230 [ 2174.555961] ? do_raw_spin_unlock+0x181/0x270 [ 2174.560476] ? _raw_spin_unlock+0x2d/0x50 [ 2174.564652] try_charge+0xec5/0x1490 [ 2174.568388] ? lock_downgrade+0x880/0x880 [ 2174.572569] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2174.577519] ? rcu_read_unlock+0x33/0x60 [ 2174.581598] ? get_mem_cgroup_from_mm+0x185/0x510 [ 2174.586467] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 2174.592557] mem_cgroup_try_charge+0x259/0x6b0 [ 2174.597330] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2174.602282] wp_page_copy+0x430/0x16a0 [ 2174.606208] ? follow_pfn+0x2a0/0x2a0 [ 2174.610038] ? do_raw_spin_unlock+0x181/0x270 [ 2174.614554] do_wp_page+0x57d/0x10b0 [ 2174.618290] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2174.622980] ? kasan_check_write+0x14/0x20 [ 2174.627222] ? do_raw_spin_lock+0xd7/0x250 [ 2174.633393] __handle_mm_fault+0x2305/0x3f80 [ 2174.637824] ? copy_page_range+0x2030/0x2030 [ 2174.642274] ? count_memcg_event_mm+0x2b1/0x4d0 [ 2174.646960] handle_mm_fault+0x1b5/0x690 [ 2174.651219] __get_user_pages+0x609/0x1860 [ 2174.655517] ? follow_page_mask+0x1ac0/0x1ac0 [ 2174.660037] ? retint_kernel+0x2d/0x2d [ 2174.663959] populate_vma_page_range+0x20d/0x2a0 [ 2174.668746] __mm_populate+0x204/0x380 [ 2174.672661] ? populate_vma_page_range+0x2a0/0x2a0 [ 2174.677633] __x64_sys_mlockall+0x35c/0x520 [ 2174.682095] do_syscall_64+0xfd/0x620 [ 2174.685917] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2174.691116] RIP: 0033:0x45b349 [ 2174.694328] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2174.713247] RSP: 002b:00007f86ac33cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 2174.720993] RAX: ffffffffffffffda RBX: 00007f86ac33d6d4 RCX: 000000000045b349 [ 2174.728287] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 2174.735580] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 2174.742865] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2174.750148] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bfd4 [ 2174.764909] Task in /syz4 killed as a result of limit of /syz4 [ 2174.771440] memory: usage 307200kB, limit 307200kB, failcnt 18523 [ 2174.778039] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2174.785151] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2174.791571] Memory cgroup stats for /syz4: cache:124KB rss:293532KB rss_huge:190464KB shmem:24KB mapped_file:132KB dirty:0KB writeback:132KB swap:0KB inactive_anon:163628KB active_anon:13408KB inactive_file:0KB active_file:4KB unevictable:116628KB [ 2174.814863] Memory cgroup out of memory: Kill process 2599 (syz-executor.4) score 1226 or sacrifice child [ 2174.824827] Killed process 2611 (syz-executor.4) total-vm:72720kB, anon-rss:18324kB, file-rss:34816kB, shmem-rss:0kB [ 2174.890621] syz-executor.4 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 2174.902106] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 2174.907890] CPU: 1 PID: 2606 Comm: syz-executor.4 Not tainted 4.19.99-syzkaller #0 [ 2174.915935] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2174.925527] Call Trace: [ 2174.928147] dump_stack+0x197/0x210 [ 2174.931804] dump_header+0x15e/0xa55 [ 2174.935544] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2174.940670] ? ___ratelimit+0x60/0x595 [ 2174.944576] ? do_raw_spin_unlock+0x181/0x270 [ 2174.949089] oom_kill_process.cold+0x10/0x6ef [ 2174.953615] out_of_memory+0x362/0x1330 [ 2174.957620] ? retint_kernel+0x2d/0x2d [ 2174.961638] ? oom_killer_disable+0x280/0x280 [ 2174.966167] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2174.971030] ? memcg_event_wake+0x230/0x230 [ 2174.975372] ? do_raw_spin_unlock+0x181/0x270 [ 2174.980079] ? _raw_spin_unlock+0x2d/0x50 [ 2174.984242] try_charge+0xec5/0x1490 [ 2174.987976] ? lock_downgrade+0x880/0x880 [ 2174.992139] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2174.997099] ? rcu_read_unlock+0x33/0x60 [ 2175.001174] ? get_mem_cgroup_from_mm+0x185/0x510 [ 2175.006125] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 2175.012211] mem_cgroup_try_charge+0x259/0x6b0 [ 2175.016810] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2175.021757] wp_page_copy+0x430/0x16a0 [ 2175.025665] ? follow_pfn+0x2a0/0x2a0 [ 2175.029488] ? do_raw_spin_unlock+0x181/0x270 [ 2175.033998] do_wp_page+0x57d/0x10b0 [ 2175.037853] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2175.042646] ? kasan_check_write+0x14/0x20 [ 2175.046894] ? do_raw_spin_lock+0xd7/0x250 [ 2175.051153] __handle_mm_fault+0x2305/0x3f80 [ 2175.055591] ? copy_page_range+0x2030/0x2030 [ 2175.060041] ? count_memcg_event_mm+0x2b1/0x4d0 [ 2175.064723] handle_mm_fault+0x1b5/0x690 [ 2175.068836] __get_user_pages+0x609/0x1860 [ 2175.073102] ? follow_page_mask+0x1ac0/0x1ac0 [ 2175.077616] ? retint_kernel+0x2d/0x2d [ 2175.081601] populate_vma_page_range+0x20d/0x2a0 [ 2175.086395] __mm_populate+0x204/0x380 [ 2175.090310] ? populate_vma_page_range+0x2a0/0x2a0 [ 2175.095275] __x64_sys_mlockall+0x35c/0x520 [ 2175.099613] do_syscall_64+0xfd/0x620 [ 2175.103558] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2175.109458] RIP: 0033:0x45b349 [ 2175.112765] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2175.132062] RSP: 002b:00007f86ac33cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 2175.139788] RAX: ffffffffffffffda RBX: 00007f86ac33d6d4 RCX: 000000000045b349 [ 2175.147076] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 2175.154364] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 2175.161648] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2175.169038] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bfd4 [ 2175.176556] Task in /syz4 killed as a result of limit of /syz4 [ 2175.182729] memory: usage 301128kB, limit 307200kB, failcnt 18541 [ 2175.189080] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2175.195938] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2175.202331] Memory cgroup stats for /syz4: cache:124KB rss:287680KB rss_huge:188416KB shmem:24KB mapped_file:132KB dirty:0KB writeback:132KB swap:0KB inactive_anon:159752KB active_anon:13408KB inactive_file:0KB active_file:4KB unevictable:114580KB [ 2175.225813] Memory cgroup out of memory: Kill process 2599 (syz-executor.4) score 1226 or sacrifice child [ 2175.236305] Killed process 2599 (syz-executor.4) total-vm:72720kB, anon-rss:18324kB, file-rss:54376kB, shmem-rss:0kB [ 2175.251520] oom_reaper: reaped process 2599 (syz-executor.4), now anon-rss:18324kB, file-rss:54368kB, shmem-rss:0kB [ 2175.963731] syz-executor.5 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 2175.975506] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 2175.982667] CPU: 0 PID: 2613 Comm: syz-executor.5 Not tainted 4.19.99-syzkaller #0 [ 2175.990400] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2175.999774] Call Trace: [ 2176.002384] dump_stack+0x197/0x210 [ 2176.006045] dump_header+0x15e/0xa55 [ 2176.009776] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2176.014905] ? ___ratelimit+0x60/0x595 [ 2176.018805] ? do_raw_spin_unlock+0x181/0x270 [ 2176.023321] oom_kill_process.cold+0x10/0x6ef [ 2176.027854] ? mem_cgroup_get_max+0xa8/0x240 [ 2176.032291] out_of_memory+0x362/0x1330 [ 2176.036283] ? lock_downgrade+0x880/0x880 [ 2176.040468] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2176.045590] ? oom_killer_disable+0x280/0x280 [ 2176.050111] ? find_held_lock+0x35/0x130 [ 2176.054212] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2176.059079] ? memcg_event_wake+0x230/0x230 [ 2176.063430] ? do_raw_spin_unlock+0x181/0x270 [ 2176.067941] ? _raw_spin_unlock+0x2d/0x50 [ 2176.072106] try_charge+0xec5/0x1490 [ 2176.075838] ? lock_downgrade+0x880/0x880 [ 2176.080010] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2176.084872] ? rcu_read_unlock+0x33/0x60 [ 2176.088946] ? get_mem_cgroup_from_mm+0x185/0x510 [ 2176.093808] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 2176.099898] mem_cgroup_try_charge+0x259/0x6b0 [ 2176.104518] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2176.109472] wp_page_copy+0x430/0x16a0 [ 2176.113403] ? follow_pfn+0x2a0/0x2a0 [ 2176.117226] ? do_raw_spin_unlock+0x181/0x270 [ 2176.121737] do_wp_page+0x57d/0x10b0 [ 2176.125482] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2176.130165] ? kasan_check_write+0x14/0x20 [ 2176.134412] ? do_raw_spin_lock+0xd7/0x250 [ 2176.138882] __handle_mm_fault+0x2305/0x3f80 [ 2176.143316] ? copy_page_range+0x2030/0x2030 [ 2176.147763] ? count_memcg_event_mm+0x2b1/0x4d0 [ 2176.152456] handle_mm_fault+0x1b5/0x690 [ 2176.156539] __get_user_pages+0x609/0x1860 [ 2176.160805] ? follow_page_mask+0x1ac0/0x1ac0 [ 2176.165314] ? retint_kernel+0x2d/0x2d [ 2176.169244] populate_vma_page_range+0x20d/0x2a0 [ 2176.174029] __mm_populate+0x204/0x380 [ 2176.177946] ? populate_vma_page_range+0x2a0/0x2a0 [ 2176.182945] __x64_sys_mlockall+0x35c/0x520 [ 2176.187289] do_syscall_64+0xfd/0x620 [ 2176.191111] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2176.196314] RIP: 0033:0x45b349 [ 2176.199518] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2176.218430] RSP: 002b:00007f4b94dddc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 2176.226164] RAX: ffffffffffffffda RBX: 00007f4b94dde6d4 RCX: 000000000045b349 [ 2176.234702] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 2176.242004] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2176.249294] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2176.256589] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bf2c [ 2176.264692] Task in /syz5 killed as a result of limit of /syz5 [ 2176.271321] memory: usage 307200kB, limit 307200kB, failcnt 77 [ 2176.278501] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2176.285638] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2176.292131] Memory cgroup stats for /syz5: cache:188KB rss:294220KB rss_huge:38912KB shmem:80KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:237092KB active_anon:6344KB inactive_file:12KB active_file:16KB unevictable:50964KB [ 2176.315194] Memory cgroup out of memory: Kill process 2612 (syz-executor.5) score 1226 or sacrifice child [ 2176.325560] Killed process 2616 (syz-executor.5) total-vm:72588kB, anon-rss:18196kB, file-rss:34816kB, shmem-rss:0kB 03:26:37 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:26:38 executing program 4: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, &(0x7f0000000180)={'tunl0\x00', @ifru_flags}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x0) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:26:38 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x70, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x40, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{0x0, 0xffffffff}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}, @TCA_RSVP_CLASSID={0x8, 0x1, {0x0, 0x8}}]}}]}, 0x70}}, 0x0) 03:26:38 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x68, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x38, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}]}}]}, 0x68}, 0x1, 0x8000000}, 0x0) [ 2177.659182] syz-executor.4 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 2177.670867] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 2177.676559] CPU: 0 PID: 2828 Comm: syz-executor.4 Not tainted 4.19.99-syzkaller #0 [ 2177.684951] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2177.694460] Call Trace: [ 2177.697087] dump_stack+0x197/0x210 [ 2177.700880] dump_header+0x15e/0xa55 [ 2177.704644] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2177.709888] ? ___ratelimit+0x60/0x595 [ 2177.713810] ? do_raw_spin_unlock+0x181/0x270 [ 2177.718331] oom_kill_process.cold+0x10/0x6ef [ 2177.722873] out_of_memory+0x362/0x1330 [ 2177.726886] ? lock_downgrade+0x880/0x880 [ 2177.731220] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2177.736612] ? oom_killer_disable+0x280/0x280 [ 2177.741248] ? find_held_lock+0x35/0x130 [ 2177.745352] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2177.750470] ? memcg_event_wake+0x230/0x230 [ 2177.754833] ? do_raw_spin_unlock+0x181/0x270 [ 2177.759368] ? _raw_spin_unlock+0x2d/0x50 [ 2177.763669] try_charge+0xec5/0x1490 [ 2177.767580] ? lock_downgrade+0x880/0x880 [ 2177.771768] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2177.776767] ? rcu_read_unlock+0x33/0x60 [ 2177.781026] ? get_mem_cgroup_from_mm+0x185/0x510 [ 2177.785989] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 2177.792225] mem_cgroup_try_charge+0x259/0x6b0 [ 2177.796851] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2177.802056] wp_page_copy+0x430/0x16a0 [ 2177.806210] ? follow_pfn+0x2a0/0x2a0 [ 2177.810061] ? do_raw_spin_unlock+0x181/0x270 [ 2177.815128] do_wp_page+0x57d/0x10b0 [ 2177.819067] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2177.824323] ? kasan_check_write+0x14/0x20 [ 2177.828676] ? do_raw_spin_lock+0xd7/0x250 [ 2177.832952] __handle_mm_fault+0x2305/0x3f80 [ 2177.837602] ? copy_page_range+0x2030/0x2030 [ 2177.842753] ? count_memcg_event_mm+0x2b1/0x4d0 [ 2177.847478] handle_mm_fault+0x1b5/0x690 [ 2177.851680] __get_user_pages+0x609/0x1860 [ 2177.855958] ? follow_page_mask+0x1ac0/0x1ac0 [ 2177.860925] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2177.865891] ? retint_kernel+0x2d/0x2d [ 2177.869822] populate_vma_page_range+0x20d/0x2a0 [ 2177.874617] __mm_populate+0x204/0x380 [ 2177.878537] ? populate_vma_page_range+0x2a0/0x2a0 [ 2177.883661] ? audit_add_tree_rule.cold+0x3d/0x3d [ 2177.888765] __x64_sys_mlockall+0x35c/0x520 [ 2177.893222] do_syscall_64+0xfd/0x620 [ 2177.897210] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2177.902566] RIP: 0033:0x45b349 [ 2177.905789] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2177.925194] RSP: 002b:00007f86ac35dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 2177.933072] RAX: ffffffffffffffda RBX: 00007f86ac35e6d4 RCX: 000000000045b349 [ 2177.940552] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 2177.948247] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2177.956160] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2177.963868] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bf2c [ 2177.973335] Task in /syz4 killed as a result of limit of /syz4 [ 2177.980081] memory: usage 307200kB, limit 307200kB, failcnt 18560 [ 2177.986541] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2177.994129] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2178.000844] Memory cgroup stats for /syz4: cache:124KB rss:293544KB rss_huge:190464KB shmem:24KB mapped_file:132KB dirty:0KB writeback:132KB swap:0KB inactive_anon:163760KB active_anon:13408KB inactive_file:4KB active_file:0KB unevictable:116500KB [ 2178.025212] Memory cgroup out of memory: Kill process 2826 (syz-executor.4) score 1226 or sacrifice child [ 2178.036503] Killed process 2829 (syz-executor.4) total-vm:72588kB, anon-rss:18196kB, file-rss:34944kB, shmem-rss:0kB 03:26:40 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:26:40 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x70, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x40, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}, @TCA_RSVP_CLASSID={0x8, 0x1, {0x0, 0x8}}]}}]}, 0x70}}, 0x0) 03:26:40 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x68, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x38, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}]}}]}, 0x68}, 0x1, 0x9000000}, 0x0) 03:26:40 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, 0x0) prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:26:40 executing program 5: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket$inet(0x10, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r1 = socket(0x0, 0x400000000080803, 0x0) write(r1, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) [ 2179.234642] syz-executor.5 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 2179.246178] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 2179.252218] CPU: 1 PID: 2947 Comm: syz-executor.5 Not tainted 4.19.99-syzkaller #0 [ 2179.260264] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2179.269820] Call Trace: [ 2179.272699] dump_stack+0x197/0x210 [ 2179.276363] dump_header+0x15e/0xa55 [ 2179.280302] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2179.285525] ? ___ratelimit+0x60/0x595 [ 2179.289702] ? do_raw_spin_unlock+0x181/0x270 [ 2179.294483] oom_kill_process.cold+0x10/0x6ef [ 2179.299014] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2179.304884] ? task_will_free_mem+0x139/0x6e0 [ 2179.309659] out_of_memory+0x362/0x1330 [ 2179.313677] ? lock_downgrade+0x880/0x880 [ 2179.318028] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2179.323164] ? oom_killer_disable+0x280/0x280 [ 2179.327693] ? find_held_lock+0x35/0x130 [ 2179.331888] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2179.336874] ? memcg_event_wake+0x230/0x230 [ 2179.341231] ? do_raw_spin_unlock+0x181/0x270 [ 2179.346130] ? _raw_spin_unlock+0x2d/0x50 [ 2179.350453] try_charge+0xec5/0x1490 [ 2179.354225] ? lock_downgrade+0x880/0x880 [ 2179.358603] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2179.363484] ? rcu_read_unlock+0x33/0x60 [ 2179.367588] ? get_mem_cgroup_from_mm+0x185/0x510 [ 2179.372494] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 2179.379843] ? lock_downgrade+0x880/0x880 [ 2179.384185] mem_cgroup_try_charge+0x259/0x6b0 [ 2179.388812] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2179.393872] do_huge_pmd_wp_page+0x97e/0x3580 [ 2179.398403] ? retint_kernel+0x2d/0x2d [ 2179.402876] ? trace_hardirqs_on_caller+0x6a/0x220 [ 2179.407943] ? __split_huge_pmd+0x2b10/0x2b10 [ 2179.412472] ? retint_kernel+0x2d/0x2d [ 2179.416554] __handle_mm_fault+0x167b/0x3f80 [ 2179.421001] ? copy_page_range+0x2030/0x2030 [ 2179.425767] ? count_memcg_event_mm+0x2b1/0x4d0 [ 2179.430472] handle_mm_fault+0x1b5/0x690 [ 2179.434900] __get_user_pages+0x609/0x1860 [ 2179.439303] ? follow_page_mask+0x1ac0/0x1ac0 [ 2179.443832] ? retint_kernel+0x2d/0x2d [ 2179.447765] populate_vma_page_range+0x20d/0x2a0 [ 2179.452699] __mm_populate+0x204/0x380 [ 2179.456626] ? populate_vma_page_range+0x2a0/0x2a0 [ 2179.461847] ? __x64_sys_mlockall+0x34a/0x520 [ 2179.466472] __x64_sys_mlockall+0x35c/0x520 [ 2179.471018] do_syscall_64+0xfd/0x620 [ 2179.475132] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2179.480549] RIP: 0033:0x45b349 [ 2179.483771] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2179.503194] RSP: 002b:00007f4b94dddc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 2179.511223] RAX: ffffffffffffffda RBX: 00007f4b94dde6d4 RCX: 000000000045b349 [ 2179.520845] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 2179.528276] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2179.535728] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2179.543025] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bf2c [ 2179.550774] Task in /syz5 killed as a result of limit of /syz5 [ 2179.557171] memory: usage 307168kB, limit 307200kB, failcnt 105 [ 2179.563824] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2179.571328] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2179.577799] Memory cgroup stats for /syz5: cache:188KB rss:293728KB rss_huge:59392KB shmem:80KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:224200KB active_anon:6344KB inactive_file:0KB active_file:12KB unevictable:63252KB [ 2179.601332] Memory cgroup out of memory: Kill process 2943 (syz-executor.5) score 1226 or sacrifice child [ 2179.612584] Killed process 2950 (syz-executor.5) total-vm:72588kB, anon-rss:18196kB, file-rss:34816kB, shmem-rss:0kB 03:26:41 executing program 4: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, &(0x7f0000000180)={'tunl0\x00', @ifru_flags}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x0, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:26:41 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x70, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x40, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{0x0, 0x0, 0x2}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}, @TCA_RSVP_CLASSID={0x8, 0x1, {0x0, 0x8}}]}}]}, 0x70}}, 0x0) 03:26:41 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x68, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x38, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}]}}]}, 0x68}, 0x1, 0xa000000}, 0x0) [ 2180.539954] syz-executor.4 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 2180.551953] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 2180.557934] CPU: 0 PID: 2959 Comm: syz-executor.4 Not tainted 4.19.99-syzkaller #0 [ 2180.565663] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2180.575242] Call Trace: [ 2180.577955] dump_stack+0x197/0x210 [ 2180.581623] dump_header+0x15e/0xa55 [ 2180.585409] oom_kill_process.cold+0x10/0x6ef [ 2180.590114] ? out_of_memory+0x313/0x1330 [ 2180.594300] ? out_of_memory+0x31e/0x1330 [ 2180.598488] out_of_memory+0x362/0x1330 [ 2180.602497] ? lock_downgrade+0x880/0x880 [ 2180.607081] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2180.612373] ? oom_killer_disable+0x280/0x280 [ 2180.616903] ? find_held_lock+0x35/0x130 [ 2180.621280] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2180.626609] ? memcg_event_wake+0x230/0x230 [ 2180.631224] ? do_raw_spin_unlock+0x181/0x270 [ 2180.635770] ? _raw_spin_unlock+0x2d/0x50 [ 2180.639958] try_charge+0xec5/0x1490 [ 2180.644469] ? lock_downgrade+0x880/0x880 [ 2180.648803] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2180.653960] ? rcu_read_unlock+0x33/0x60 [ 2180.659487] ? get_mem_cgroup_from_mm+0x185/0x510 [ 2180.664907] ? trace_hardirqs_on_caller+0x6a/0x220 [ 2180.670051] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 2180.676672] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2180.682293] mem_cgroup_try_charge+0x259/0x6b0 [ 2180.687292] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2180.692506] wp_page_copy+0x430/0x16a0 [ 2180.697095] ? follow_pfn+0x2a0/0x2a0 [ 2180.701038] ? do_raw_spin_unlock+0x181/0x270 [ 2180.705727] do_wp_page+0x57d/0x10b0 [ 2180.709493] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2180.715676] ? kasan_check_write+0x14/0x20 [ 2180.720191] ? do_raw_spin_lock+0xd7/0x250 [ 2180.727202] __handle_mm_fault+0x2305/0x3f80 [ 2180.731649] ? copy_page_range+0x2030/0x2030 [ 2180.736279] ? count_memcg_event_mm+0x2b1/0x4d0 [ 2180.741142] handle_mm_fault+0x1b5/0x690 [ 2180.745249] __get_user_pages+0x609/0x1860 [ 2180.749608] ? follow_page_mask+0x1ac0/0x1ac0 [ 2180.754545] ? retint_kernel+0x2d/0x2d [ 2180.758635] populate_vma_page_range+0x20d/0x2a0 [ 2180.763429] __mm_populate+0x204/0x380 [ 2180.767699] ? populate_vma_page_range+0x2a0/0x2a0 [ 2180.772922] ? up_write+0xb2/0x150 [ 2180.776517] __x64_sys_mlockall+0x35c/0x520 [ 2180.780874] do_syscall_64+0xfd/0x620 [ 2180.784858] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2180.790070] RIP: 0033:0x45b349 [ 2180.793288] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2180.812870] RSP: 002b:00007f86ac35dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 2180.820696] RAX: ffffffffffffffda RBX: 00007f86ac35e6d4 RCX: 000000000045b349 [ 2180.828155] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 03:26:42 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x68, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x38, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}]}}]}, 0x68}, 0x1, 0xb000000}, 0x0) [ 2180.835543] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2180.843519] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2180.850822] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bf2c [ 2180.858588] Task in /syz4 killed as a result of limit of /syz4 [ 2180.865143] memory: usage 307200kB, limit 307200kB, failcnt 18586 [ 2180.871715] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2180.878767] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2180.887637] Memory cgroup stats for /syz4: cache:124KB rss:293456KB rss_huge:192512KB shmem:24KB mapped_file:132KB dirty:0KB writeback:132KB swap:0KB inactive_anon:167820KB active_anon:13408KB inactive_file:8KB active_file:8KB unevictable:112408KB [ 2180.912187] Memory cgroup out of memory: Kill process 2958 (syz-executor.4) score 1226 or sacrifice child [ 2180.922961] Killed process 2960 (syz-executor.4) total-vm:72588kB, anon-rss:18196kB, file-rss:34816kB, shmem-rss:0kB 03:26:42 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x70, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x40, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{0x0, 0x0, 0x3}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}, @TCA_RSVP_CLASSID={0x8, 0x1, {0x0, 0x8}}]}}]}, 0x70}}, 0x0) 03:26:42 executing program 5: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket$inet(0x10, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r1 = socket(0x0, 0x400000000080803, 0x0) write(r1, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:26:43 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, 0x0) prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) [ 2181.951963] syz-executor.5 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 2181.964000] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 2181.970143] CPU: 1 PID: 3113 Comm: syz-executor.5 Not tainted 4.19.99-syzkaller #0 [ 2181.978730] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2181.989168] Call Trace: [ 2181.992174] dump_stack+0x197/0x210 [ 2181.995939] dump_header+0x15e/0xa55 [ 2182.000020] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2182.005446] ? ___ratelimit+0x60/0x595 [ 2182.009708] ? do_raw_spin_unlock+0x181/0x270 [ 2182.014353] oom_kill_process.cold+0x10/0x6ef [ 2182.019316] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2182.026052] ? task_will_free_mem+0x139/0x6e0 [ 2182.030585] out_of_memory+0x362/0x1330 [ 2182.034719] ? lock_downgrade+0x880/0x880 [ 2182.038906] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2182.044432] ? oom_killer_disable+0x280/0x280 [ 2182.049093] ? find_held_lock+0x35/0x130 [ 2182.053244] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2182.058149] ? memcg_event_wake+0x230/0x230 [ 2182.062668] ? do_raw_spin_unlock+0x181/0x270 [ 2182.067536] ? _raw_spin_unlock+0x2d/0x50 [ 2182.071725] try_charge+0xec5/0x1490 [ 2182.075632] ? lock_downgrade+0x880/0x880 [ 2182.079826] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2182.084851] ? rcu_read_unlock+0x33/0x60 [ 2182.088943] ? get_mem_cgroup_from_mm+0x185/0x510 [ 2182.093822] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 2182.100168] mem_cgroup_try_charge+0x259/0x6b0 [ 2182.104797] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2182.109981] do_huge_pmd_wp_page+0x97e/0x3580 [ 2182.114691] ? __split_huge_pmd+0x2b10/0x2b10 [ 2182.119364] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2182.124160] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2182.128958] ? pmd_val+0x85/0x100 [ 2182.132678] __handle_mm_fault+0x167b/0x3f80 [ 2182.137122] ? copy_page_range+0x2030/0x2030 [ 2182.141779] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2182.146591] handle_mm_fault+0x1b5/0x690 [ 2182.150960] __get_user_pages+0x609/0x1860 [ 2182.155234] ? follow_page_mask+0x1ac0/0x1ac0 [ 2182.159938] ? retint_kernel+0x2d/0x2d [ 2182.163867] ? populate_vma_page_range+0xcf/0x2a0 [ 2182.169089] populate_vma_page_range+0x20d/0x2a0 [ 2182.174056] __mm_populate+0x204/0x380 [ 2182.177980] ? populate_vma_page_range+0x2a0/0x2a0 [ 2182.182951] __x64_sys_mlockall+0x35c/0x520 [ 2182.187504] do_syscall_64+0xfd/0x620 [ 2182.191341] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2182.196706] RIP: 0033:0x45b349 [ 2182.199924] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2182.219528] RSP: 002b:00007f4b94dddc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 2182.227421] RAX: ffffffffffffffda RBX: 00007f4b94dde6d4 RCX: 000000000045b349 [ 2182.234869] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 2182.242312] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2182.249857] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2182.257320] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bf2c [ 2182.264948] Task in /syz5 killed as a result of limit of /syz5 [ 2182.271555] memory: usage 307200kB, limit 307200kB, failcnt 162 [ 2182.277915] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2182.285025] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2182.291616] Memory cgroup stats for /syz5: cache:188KB rss:293788KB rss_huge:57344KB shmem:80KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:224200KB active_anon:6344KB inactive_file:4KB active_file:4KB unevictable:63252KB [ 2182.314458] Memory cgroup out of memory: Kill process 3111 (syz-executor.5) score 1226 or sacrifice child [ 2182.324806] Killed process 3115 (syz-executor.5) total-vm:72588kB, anon-rss:18196kB, file-rss:34944kB, shmem-rss:0kB 03:26:45 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:26:45 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x68, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x38, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}]}}]}, 0x68}, 0x1, 0xc000000}, 0x0) 03:26:45 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x70, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x40, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{0x0, 0x0, 0x4}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}, @TCA_RSVP_CLASSID={0x8, 0x1, {0x0, 0x8}}]}}]}, 0x70}}, 0x0) 03:26:45 executing program 4: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, &(0x7f0000000180)={'tunl0\x00', @ifru_flags}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x0, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:26:45 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, 0x0) prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:26:45 executing program 5: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) ioctl$sock_ifreq(0xffffffffffffffff, 0x89f0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r1 = socket(0x0, 0x400000000080803, 0x0) write(r1, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) [ 2183.874186] syz-executor.4 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 2183.995866] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 2184.034253] CPU: 0 PID: 3255 Comm: syz-executor.4 Not tainted 4.19.99-syzkaller #0 [ 2184.042023] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2184.051416] Call Trace: [ 2184.054276] dump_stack+0x197/0x210 [ 2184.057932] dump_header+0x15e/0xa55 [ 2184.061678] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2184.067420] ? ___ratelimit+0x60/0x595 [ 2184.071322] ? do_raw_spin_unlock+0x181/0x270 [ 2184.075847] oom_kill_process.cold+0x10/0x6ef [ 2184.080373] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2184.086023] ? task_will_free_mem+0x139/0x6e0 [ 2184.090543] ? find_held_lock+0x35/0x130 [ 2184.094641] out_of_memory+0x362/0x1330 [ 2184.098658] ? lock_downgrade+0x880/0x880 [ 2184.102838] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2184.107966] ? oom_killer_disable+0x280/0x280 [ 2184.112485] ? find_held_lock+0x35/0x130 [ 2184.116582] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2184.121443] ? memcg_event_wake+0x230/0x230 [ 2184.125793] ? do_raw_spin_unlock+0x181/0x270 [ 2184.130319] ? _raw_spin_unlock+0x2d/0x50 [ 2184.134490] try_charge+0xec5/0x1490 [ 2184.138224] ? lock_downgrade+0x880/0x880 [ 2184.142408] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2184.147269] ? rcu_read_unlock+0x33/0x60 [ 2184.151462] ? get_mem_cgroup_from_mm+0x185/0x510 [ 2184.156443] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 2184.162800] ? lock_downgrade+0x880/0x880 [ 2184.167075] mem_cgroup_try_charge+0x259/0x6b0 [ 2184.171854] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2184.176815] do_huge_pmd_wp_page+0x97e/0x3580 [ 2184.181345] ? __split_huge_pmd+0x2b10/0x2b10 [ 2184.185861] ? pmd_val+0x85/0x100 [ 2184.189335] __handle_mm_fault+0x167b/0x3f80 [ 2184.193844] ? copy_page_range+0x2030/0x2030 [ 2184.198282] ? count_memcg_event_mm+0x2b1/0x4d0 [ 2184.202973] handle_mm_fault+0x1b5/0x690 [ 2184.207057] __do_page_fault+0x62a/0xe90 [ 2184.211148] ? vmalloc_fault+0x740/0x740 [ 2184.215243] ? trace_hardirqs_off_caller+0x65/0x220 [ 2184.220387] ? trace_hardirqs_on_caller+0x6a/0x220 [ 2184.225337] ? page_fault+0x8/0x30 [ 2184.228897] do_page_fault+0x71/0x57d [ 2184.232712] ? page_fault+0x8/0x30 [ 2184.236266] page_fault+0x1e/0x30 [ 2184.239736] RIP: 0033:0x400644 [ 2184.242936] Code: 06 e9 49 01 00 00 48 8b 44 24 10 48 0b 44 24 28 75 1f 48 8b 14 24 48 8b 7c 24 20 be 04 00 00 00 e8 d1 55 00 00 48 8b 74 24 08 <89> 06 e9 1e 01 00 00 48 8b 44 24 08 48 8b 14 24 be 04 00 00 00 8b [ 2184.261846] RSP: 002b:00007ffe33ec92d0 EFLAGS: 00010202 [ 2184.267218] RAX: 0000000000000000 RBX: 000000000075c9a0 RCX: 0000000000000000 [ 2184.274498] RDX: 0000000000000000 RSI: 0000000020d06000 RDI: 0000000000000000 [ 2184.281778] RBP: 0000000000760fd0 R08: 0000000000000000 R09: 0000000000000000 [ 2184.289057] R10: 00007ffe33ec93e0 R11: 0000000000000246 R12: 000000000075bf20 [ 2184.296335] R13: 0000000000215279 R14: 0000000000760fd8 R15: 000000000075bf2c [ 2184.380087] Task in /syz4 killed as a result of limit of /syz4 [ 2184.388567] memory: usage 307200kB, limit 307200kB, failcnt 18623 [ 2184.407332] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2184.430007] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2184.455830] Memory cgroup stats for /syz4: cache:124KB rss:291184KB rss_huge:204800KB shmem:24KB mapped_file:132KB dirty:0KB writeback:132KB swap:0KB inactive_anon:161316KB active_anon:13408KB inactive_file:12KB active_file:0KB unevictable:116500KB 03:26:46 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x70, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x40, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{0x0, 0x0, 0x5}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}, @TCA_RSVP_CLASSID={0x8, 0x1, {0x0, 0x8}}]}}]}, 0x70}}, 0x0) 03:26:46 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x68, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x38, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}]}}]}, 0x68}, 0x1, 0xe000000}, 0x0) [ 2184.546802] Memory cgroup out of memory: Kill process 3255 (syz-executor.4) score 1226 or sacrifice child [ 2184.588281] Killed process 3267 (syz-executor.4) total-vm:72588kB, anon-rss:18196kB, file-rss:34816kB, shmem-rss:0kB [ 2184.663081] syz-executor.4 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 2184.674676] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 2184.680542] CPU: 1 PID: 3259 Comm: syz-executor.4 Not tainted 4.19.99-syzkaller #0 [ 2184.688285] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2184.697656] Call Trace: [ 2184.700283] dump_stack+0x197/0x210 [ 2184.704635] dump_header+0x15e/0xa55 [ 2184.708379] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2184.713529] ? ___ratelimit+0x60/0x595 [ 2184.717463] ? do_raw_spin_unlock+0x181/0x270 [ 2184.722107] oom_kill_process.cold+0x10/0x6ef [ 2184.726634] ? out_of_memory+0x1ae/0x1330 [ 2184.730808] out_of_memory+0x362/0x1330 [ 2184.735237] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2184.740364] ? oom_killer_disable+0x280/0x280 [ 2184.744872] ? find_held_lock+0x35/0x130 [ 2184.748970] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2184.753829] ? memcg_event_wake+0x230/0x230 [ 2184.758183] ? do_raw_spin_unlock+0x181/0x270 [ 2184.762692] ? _raw_spin_unlock+0x2d/0x50 [ 2184.766863] try_charge+0xc6e/0x1490 [ 2184.770625] ? lock_downgrade+0x880/0x880 [ 2184.774797] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2184.779754] ? rcu_read_unlock+0x33/0x60 [ 2184.783842] ? get_mem_cgroup_from_mm+0x185/0x510 [ 2184.789065] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 2184.795263] ? lock_downgrade+0x880/0x880 [ 2184.799637] mem_cgroup_try_charge+0x259/0x6b0 [ 2184.804818] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2184.809787] do_huge_pmd_wp_page+0x97e/0x3580 [ 2184.814325] ? __split_huge_pmd+0x2b10/0x2b10 [ 2184.819045] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2184.823844] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2184.828631] ? pmd_val+0x85/0x100 [ 2184.832109] ? mark_held_locks+0xb1/0x100 [ 2184.836386] __handle_mm_fault+0x167b/0x3f80 [ 2184.840816] ? copy_page_range+0x2030/0x2030 [ 2184.845258] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2184.850059] handle_mm_fault+0x1b5/0x690 [ 2184.854140] __get_user_pages+0x609/0x1860 [ 2184.858400] ? follow_page_mask+0x1ac0/0x1ac0 [ 2184.862922] ? retint_kernel+0x2d/0x2d [ 2184.866838] populate_vma_page_range+0x20d/0x2a0 [ 2184.871627] __mm_populate+0x204/0x380 [ 2184.875548] ? populate_vma_page_range+0x2a0/0x2a0 [ 2184.880602] __x64_sys_mlockall+0x35c/0x520 [ 2184.885041] do_syscall_64+0xfd/0x620 [ 2184.888895] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2184.894101] RIP: 0033:0x45b349 [ 2184.897546] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2184.916467] RSP: 002b:00007f86ac35dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 2184.924244] RAX: ffffffffffffffda RBX: 00007f86ac35e6d4 RCX: 000000000045b349 [ 2184.931533] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 2184.938820] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2184.946224] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2184.953510] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bf2c [ 2184.968388] Task in /syz4 killed as a result of limit of /syz4 [ 2184.974782] memory: usage 303408kB, limit 307200kB, failcnt 18623 [ 2184.981748] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2184.988819] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2184.995598] Memory cgroup stats for /syz4: cache:124KB rss:287612KB rss_huge:202752KB shmem:24KB mapped_file:132KB dirty:0KB writeback:132KB swap:0KB inactive_anon:159752KB active_anon:13408KB inactive_file:4KB active_file:8KB unevictable:114452KB [ 2185.019258] Memory cgroup out of memory: Kill process 3255 (syz-executor.4) score 1226 or sacrifice child [ 2185.029572] Killed process 3255 (syz-executor.4) total-vm:72588kB, anon-rss:18196kB, file-rss:54376kB, shmem-rss:0kB [ 2185.042671] oom_reaper: reaped process 3255 (syz-executor.4), now anon-rss:18196kB, file-rss:54368kB, shmem-rss:0kB 03:26:46 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x68, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x38, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}]}}]}, 0x68}, 0x1, 0xf000000}, 0x0) 03:26:46 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x70, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x40, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{0x0, 0x0, 0x6}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}, @TCA_RSVP_CLASSID={0x8, 0x1, {0x0, 0x8}}]}}]}, 0x70}}, 0x0) 03:26:47 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) [ 2185.774519] syz-executor.5 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 2185.795165] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 2185.802488] CPU: 0 PID: 3258 Comm: syz-executor.5 Not tainted 4.19.99-syzkaller #0 [ 2185.810235] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2185.819708] Call Trace: [ 2185.824501] dump_stack+0x197/0x210 [ 2185.828157] dump_header+0x15e/0xa55 [ 2185.831903] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2185.837045] ? ___ratelimit+0x60/0x595 [ 2185.840953] ? do_raw_spin_unlock+0x181/0x270 [ 2185.845475] oom_kill_process.cold+0x10/0x6ef [ 2185.850003] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2185.855569] ? task_will_free_mem+0x139/0x6e0 [ 2185.860090] ? find_held_lock+0x35/0x130 [ 2185.864179] out_of_memory+0x362/0x1330 [ 2185.868311] ? lock_downgrade+0x880/0x880 [ 2185.872485] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2185.877622] ? oom_killer_disable+0x280/0x280 [ 2185.882139] ? find_held_lock+0x35/0x130 [ 2185.886255] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2185.891130] ? memcg_event_wake+0x230/0x230 [ 2185.895473] ? do_raw_spin_unlock+0x181/0x270 [ 2185.899993] ? _raw_spin_unlock+0x2d/0x50 [ 2185.904160] try_charge+0xec5/0x1490 [ 2185.907901] ? lock_downgrade+0x880/0x880 [ 2185.912079] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2185.916949] ? rcu_read_unlock+0x33/0x60 [ 2185.921025] ? get_mem_cgroup_from_mm+0x185/0x510 [ 2185.925887] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 2185.932012] mem_cgroup_try_charge+0x259/0x6b0 [ 2185.936616] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2185.941590] wp_page_copy+0x430/0x16a0 [ 2185.945504] ? follow_pfn+0x2a0/0x2a0 [ 2185.949323] ? do_raw_spin_unlock+0x181/0x270 [ 2185.953832] do_wp_page+0x57d/0x10b0 [ 2185.957575] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2185.962266] ? kasan_check_write+0x14/0x20 [ 2185.966524] ? do_raw_spin_lock+0xd7/0x250 [ 2185.970888] __handle_mm_fault+0x2305/0x3f80 [ 2185.975330] ? copy_page_range+0x2030/0x2030 [ 2185.979801] ? count_memcg_event_mm+0x2b1/0x4d0 [ 2185.984492] handle_mm_fault+0x1b5/0x690 [ 2185.988575] __get_user_pages+0x609/0x1860 [ 2185.992842] ? follow_page_mask+0x1ac0/0x1ac0 [ 2185.998155] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2186.003552] ? retint_kernel+0x2d/0x2d [ 2186.007506] populate_vma_page_range+0x20d/0x2a0 [ 2186.012315] __mm_populate+0x204/0x380 [ 2186.016229] ? populate_vma_page_range+0x2a0/0x2a0 [ 2186.021193] __x64_sys_mlockall+0x35c/0x520 [ 2186.025544] do_syscall_64+0xfd/0x620 [ 2186.029367] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2186.034571] RIP: 0033:0x45b349 [ 2186.037791] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2186.056710] RSP: 002b:00007f4b94dddc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 2186.064615] RAX: ffffffffffffffda RBX: 00007f4b94dde6d4 RCX: 000000000045b349 03:26:47 executing program 4: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, &(0x7f0000000180)={'tunl0\x00', @ifru_flags}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x0, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:26:47 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:26:47 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x68, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x38, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}]}}]}, 0x68}, 0x1, 0x10000000}, 0x0) [ 2186.071906] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 2186.079199] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2186.087646] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2186.094971] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bf2c 03:26:47 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x70, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x40, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{0x0, 0x0, 0x8}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}, @TCA_RSVP_CLASSID={0x8, 0x1, {0x0, 0x8}}]}}]}, 0x70}}, 0x0) [ 2186.126502] Task in /syz5 killed as a result of limit of /syz5 [ 2186.180107] memory: usage 307200kB, limit 307200kB, failcnt 177 [ 2186.208616] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2186.245883] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2186.380097] Memory cgroup stats for /syz5: cache:188KB rss:294572KB rss_huge:40960KB shmem:80KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:235308KB active_anon:6344KB inactive_file:0KB active_file:4KB unevictable:53140KB [ 2186.467044] Memory cgroup out of memory: Kill process 3256 (syz-executor.5) score 1226 or sacrifice child [ 2186.477560] Killed process 3270 (syz-executor.5) total-vm:72720kB, anon-rss:18324kB, file-rss:34816kB, shmem-rss:0kB [ 2186.528157] oom_reaper: reaped process 3270 (syz-executor.5), now anon-rss:0kB, file-rss:34688kB, shmem-rss:0kB 03:26:48 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x68, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x38, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}]}}]}, 0x68}, 0x1, 0x34000000}, 0x0) 03:26:48 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x70, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x40, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{0x0, 0x0, 0x9}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}, @TCA_RSVP_CLASSID={0x8, 0x1, {0x0, 0x8}}]}}]}, 0x70}}, 0x0) 03:26:49 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x68, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x38, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}]}}]}, 0x68}, 0x1, 0x3f000000}, 0x0) 03:26:49 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:26:49 executing program 5: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) ioctl$sock_ifreq(0xffffffffffffffff, 0x89f0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r1 = socket(0x0, 0x400000000080803, 0x0) write(r1, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:26:49 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x70, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x40, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{0x0, 0x0, 0xa}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}, @TCA_RSVP_CLASSID={0x8, 0x1, {0x0, 0x8}}]}}]}, 0x70}}, 0x0) 03:26:49 executing program 4: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, &(0x7f0000000180)={'tunl0\x00', @ifru_flags}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) socket(0x0, 0x400000000080803, 0x0) write(0xffffffffffffffff, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) [ 2187.884743] syz-executor.4 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 2187.896048] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 2187.901603] CPU: 1 PID: 3539 Comm: syz-executor.4 Not tainted 4.19.99-syzkaller #0 [ 2187.909448] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2187.918822] Call Trace: [ 2187.921413] dump_stack+0x197/0x210 [ 2187.925041] dump_header+0x15e/0xa55 [ 2187.928747] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2187.933841] ? ___ratelimit+0x60/0x595 [ 2187.937723] ? do_raw_spin_unlock+0x181/0x270 [ 2187.942229] oom_kill_process.cold+0x10/0x6ef [ 2187.946720] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2187.952249] ? task_will_free_mem+0x139/0x6e0 [ 2187.956744] ? find_held_lock+0x35/0x130 [ 2187.960809] out_of_memory+0x362/0x1330 [ 2187.964774] ? lock_downgrade+0x880/0x880 [ 2187.968917] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2187.974013] ? oom_killer_disable+0x280/0x280 [ 2187.978504] ? find_held_lock+0x35/0x130 [ 2187.982576] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2187.988801] ? memcg_event_wake+0x230/0x230 [ 2187.993129] ? do_raw_spin_unlock+0x181/0x270 [ 2187.997619] ? _raw_spin_unlock+0x2d/0x50 [ 2188.001762] try_charge+0xec5/0x1490 [ 2188.005470] ? lock_downgrade+0x880/0x880 [ 2188.009786] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2188.014646] ? rcu_read_unlock+0x33/0x60 [ 2188.018727] ? get_mem_cgroup_from_mm+0x185/0x510 [ 2188.023879] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 2188.030022] ? mark_held_locks+0x100/0x100 [ 2188.034257] mem_cgroup_try_charge+0x259/0x6b0 [ 2188.038845] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2188.043771] __handle_mm_fault+0x1e50/0x3f80 [ 2188.048184] ? copy_page_range+0x2030/0x2030 [ 2188.053380] ? count_memcg_event_mm+0x2b1/0x4d0 [ 2188.058213] handle_mm_fault+0x1b5/0x690 [ 2188.062268] __get_user_pages+0x609/0x1860 [ 2188.066499] ? follow_page_mask+0x1ac0/0x1ac0 [ 2188.071341] ? lock_acquire+0x16f/0x3f0 [ 2188.075318] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2188.080861] populate_vma_page_range+0x20d/0x2a0 [ 2188.085621] __mm_populate+0x204/0x380 [ 2188.089512] ? populate_vma_page_range+0x2a0/0x2a0 [ 2188.094613] __x64_sys_mlockall+0x35c/0x520 [ 2188.098929] do_syscall_64+0xfd/0x620 [ 2188.102739] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2188.107916] RIP: 0033:0x45b349 [ 2188.111098] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2188.129994] RSP: 002b:00007f86ac35dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 2188.137696] RAX: ffffffffffffffda RBX: 00007f86ac35e6d4 RCX: 000000000045b349 [ 2188.144959] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 2188.152221] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2188.159497] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2188.166755] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bf2c [ 2188.174394] Task in /syz4 killed as a result of limit of /syz4 [ 2188.180473] memory: usage 307200kB, limit 307200kB, failcnt 18659 [ 2188.186732] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2188.193642] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2188.199937] Memory cgroup stats for /syz4: cache:124KB rss:293660KB rss_huge:192512KB shmem:24KB mapped_file:132KB dirty:0KB writeback:132KB swap:0KB inactive_anon:178076KB active_anon:13424KB inactive_file:20KB active_file:0KB unevictable:102188KB [ 2188.222246] Memory cgroup out of memory: Kill process 416 (syz-executor.4) score 1163 or sacrifice child [ 2188.231998] Killed process 416 (syz-executor.4) total-vm:72720kB, anon-rss:18328kB, file-rss:34816kB, shmem-rss:0kB [ 2188.298443] syz-executor.4 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 2188.309898] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 2188.315316] CPU: 1 PID: 3539 Comm: syz-executor.4 Not tainted 4.19.99-syzkaller #0 [ 2188.323032] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2188.332402] Call Trace: [ 2188.335012] dump_stack+0x197/0x210 [ 2188.338653] dump_header+0x15e/0xa55 [ 2188.342390] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2188.347503] ? ___ratelimit+0x60/0x595 [ 2188.351577] ? do_raw_spin_unlock+0x181/0x270 [ 2188.356082] oom_kill_process.cold+0x10/0x6ef [ 2188.360595] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2188.366145] ? task_will_free_mem+0x139/0x6e0 [ 2188.370679] ? find_held_lock+0x35/0x130 [ 2188.374753] out_of_memory+0x362/0x1330 [ 2188.378738] ? lock_downgrade+0x880/0x880 [ 2188.382892] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2188.388004] ? oom_killer_disable+0x280/0x280 [ 2188.392511] ? find_held_lock+0x35/0x130 [ 2188.396591] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2188.401446] ? memcg_event_wake+0x230/0x230 [ 2188.405778] ? do_raw_spin_unlock+0x181/0x270 [ 2188.410279] ? _raw_spin_unlock+0x2d/0x50 [ 2188.414431] try_charge+0xec5/0x1490 [ 2188.418154] ? lock_downgrade+0x880/0x880 [ 2188.422465] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2188.427323] ? rcu_read_unlock+0x33/0x60 [ 2188.431511] ? get_mem_cgroup_from_mm+0x185/0x510 [ 2188.436388] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 2188.442651] ? mark_held_locks+0x100/0x100 [ 2188.446910] mem_cgroup_try_charge+0x259/0x6b0 [ 2188.451526] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2188.456482] __handle_mm_fault+0x1e50/0x3f80 [ 2188.460922] ? copy_page_range+0x2030/0x2030 [ 2188.465372] ? count_memcg_event_mm+0x2b1/0x4d0 [ 2188.470226] handle_mm_fault+0x1b5/0x690 [ 2188.474335] __get_user_pages+0x609/0x1860 [ 2188.478604] ? follow_page_mask+0x1ac0/0x1ac0 [ 2188.483130] ? lock_acquire+0x16f/0x3f0 [ 2188.487118] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2188.492680] populate_vma_page_range+0x20d/0x2a0 [ 2188.497718] __mm_populate+0x204/0x380 [ 2188.501627] ? populate_vma_page_range+0x2a0/0x2a0 [ 2188.506579] __x64_sys_mlockall+0x35c/0x520 [ 2188.510929] do_syscall_64+0xfd/0x620 [ 2188.514748] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2188.519953] RIP: 0033:0x45b349 [ 2188.523151] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2188.542067] RSP: 002b:00007f86ac35dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 2188.549786] RAX: ffffffffffffffda RBX: 00007f86ac35e6d4 RCX: 000000000045b349 [ 2188.557087] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 2188.564456] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2188.572515] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2188.580310] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bf2c [ 2188.587670] Task in /syz4 killed as a result of limit of /syz4 [ 2188.593713] memory: usage 305160kB, limit 307200kB, failcnt 18710 [ 2188.599984] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2188.606739] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2188.612925] Memory cgroup stats for /syz4: cache:124KB rss:291592KB rss_huge:192512KB shmem:24KB mapped_file:132KB dirty:0KB writeback:132KB swap:0KB inactive_anon:164060KB active_anon:13412KB inactive_file:4KB active_file:8KB unevictable:112324KB [ 2188.635110] Memory cgroup out of memory: Kill process 25435 (syz-executor.4) score 1163 or sacrifice child [ 2188.645869] Killed process 25435 (syz-executor.4) total-vm:72720kB, anon-rss:18324kB, file-rss:34816kB, shmem-rss:0kB [ 2189.762435] syz-executor.5 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 2189.773818] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 2189.779345] CPU: 0 PID: 3543 Comm: syz-executor.5 Not tainted 4.19.99-syzkaller #0 [ 2189.787147] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2189.796488] Call Trace: [ 2189.799072] dump_stack+0x197/0x210 [ 2189.802698] dump_header+0x15e/0xa55 [ 2189.806406] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2189.811499] ? ___ratelimit+0x60/0x595 [ 2189.815377] ? do_raw_spin_unlock+0x181/0x270 [ 2189.819867] oom_kill_process.cold+0x10/0x6ef [ 2189.824367] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2189.830071] ? task_will_free_mem+0x139/0x6e0 [ 2189.834559] ? find_held_lock+0x35/0x130 [ 2189.838616] out_of_memory+0x362/0x1330 [ 2189.842587] ? lock_downgrade+0x880/0x880 [ 2189.846738] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2189.851833] ? oom_killer_disable+0x280/0x280 [ 2189.856327] ? find_held_lock+0x35/0x130 [ 2189.860399] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2189.865234] ? memcg_event_wake+0x230/0x230 [ 2189.869549] ? do_raw_spin_unlock+0x181/0x270 [ 2189.874039] ? _raw_spin_unlock+0x2d/0x50 [ 2189.878182] try_charge+0xec5/0x1490 [ 2189.881889] ? lock_downgrade+0x880/0x880 [ 2189.886032] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2189.890869] ? rcu_read_unlock+0x33/0x60 [ 2189.894927] ? get_mem_cgroup_from_mm+0x185/0x510 [ 2189.899772] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2189.904522] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 2189.910583] ? retint_kernel+0x2d/0x2d [ 2189.914467] mem_cgroup_try_charge+0x259/0x6b0 [ 2189.919046] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2189.923992] wp_page_copy+0x430/0x16a0 [ 2189.927905] ? follow_pfn+0x2a0/0x2a0 [ 2189.931710] ? do_raw_spin_unlock+0x181/0x270 [ 2189.936201] do_wp_page+0x57d/0x10b0 [ 2189.939912] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2189.944595] ? kasan_check_write+0x14/0x20 [ 2189.949043] ? do_raw_spin_lock+0xd7/0x250 [ 2189.953305] __handle_mm_fault+0x2305/0x3f80 [ 2189.957726] ? copy_page_range+0x2030/0x2030 [ 2189.962147] ? count_memcg_event_mm+0x2b1/0x4d0 [ 2189.966815] handle_mm_fault+0x1b5/0x690 [ 2189.970876] __get_user_pages+0x609/0x1860 [ 2189.975131] ? follow_page_mask+0x1ac0/0x1ac0 [ 2189.979628] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2189.984379] ? retint_kernel+0x2d/0x2d [ 2189.988275] populate_vma_page_range+0x20d/0x2a0 [ 2189.993132] __mm_populate+0x204/0x380 [ 2189.997023] ? populate_vma_page_range+0x2a0/0x2a0 [ 2190.002212] __x64_sys_mlockall+0x35c/0x520 [ 2190.006714] do_syscall_64+0xfd/0x620 [ 2190.010510] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2190.015703] RIP: 0033:0x45b349 [ 2190.018890] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2190.037782] RSP: 002b:00007f4b94dddc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 2190.045493] RAX: ffffffffffffffda RBX: 00007f4b94dde6d4 RCX: 000000000045b349 [ 2190.052784] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 2190.060052] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2190.067320] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2190.074582] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bf2c [ 2190.084602] Task in /syz5 killed as a result of limit of /syz5 [ 2190.090919] memory: usage 307200kB, limit 307200kB, failcnt 188 [ 2190.097062] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2190.103978] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2190.110293] Memory cgroup stats for /syz5: cache:188KB rss:294876KB rss_huge:38912KB shmem:80KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:237692KB active_anon:6344KB inactive_file:4KB active_file:4KB unevictable:50964KB [ 2190.132466] Memory cgroup out of memory: Kill process 3540 (syz-executor.5) score 1226 or sacrifice child [ 2190.143197] Killed process 3547 (syz-executor.5) total-vm:72588kB, anon-rss:18196kB, file-rss:34816kB, shmem-rss:0kB [ 2190.733243] oom_reaper: reaped process 416 (syz-executor.4), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 03:26:52 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x70, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x40, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{0x0, 0x0, 0xb}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}, @TCA_RSVP_CLASSID={0x8, 0x1, {0x0, 0x8}}]}}]}, 0x70}}, 0x0) 03:26:52 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x68, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x38, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}]}}]}, 0x68}, 0x1, 0x60000000}, 0x0) 03:26:53 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:26:53 executing program 5: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) ioctl$sock_ifreq(0xffffffffffffffff, 0x89f0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r1 = socket(0x0, 0x400000000080803, 0x0) write(r1, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:26:53 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:26:53 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x70, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x40, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{0x0, 0x0, 0xc}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}, @TCA_RSVP_CLASSID={0x8, 0x1, {0x0, 0x8}}]}}]}, 0x70}}, 0x0) 03:26:53 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x68, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x38, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}]}}]}, 0x68}, 0x1, 0x65580000}, 0x0) 03:26:53 executing program 4: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, &(0x7f0000000180)={'tunl0\x00', @ifru_flags}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) socket(0x0, 0x400000000080803, 0x0) write(0xffffffffffffffff, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) [ 2192.464805] syz-executor.5 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 2192.476178] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 2192.482284] CPU: 1 PID: 3682 Comm: syz-executor.5 Not tainted 4.19.99-syzkaller #0 [ 2192.490005] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2192.499478] Call Trace: [ 2192.502097] dump_stack+0x197/0x210 [ 2192.505760] dump_header+0x15e/0xa55 [ 2192.509512] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2192.514635] ? ___ratelimit+0x60/0x595 [ 2192.518537] ? do_raw_spin_unlock+0x181/0x270 [ 2192.523057] oom_kill_process.cold+0x10/0x6ef [ 2192.527567] ? retint_kernel+0x2d/0x2d [ 2192.531498] out_of_memory+0x362/0x1330 [ 2192.535508] ? lock_downgrade+0x880/0x880 [ 2192.539669] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2192.544906] ? oom_killer_disable+0x280/0x280 [ 2192.549436] ? find_held_lock+0x35/0x130 [ 2192.553527] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2192.558396] ? memcg_event_wake+0x230/0x230 [ 2192.562950] ? do_raw_spin_unlock+0x181/0x270 [ 2192.567474] ? _raw_spin_unlock+0x2d/0x50 [ 2192.571646] try_charge+0xec5/0x1490 [ 2192.575388] ? lock_downgrade+0x880/0x880 [ 2192.579571] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2192.584435] ? rcu_read_unlock+0x33/0x60 [ 2192.588508] ? get_mem_cgroup_from_mm+0x185/0x510 [ 2192.593455] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 2192.599547] ? lock_downgrade+0x880/0x880 [ 2192.603737] mem_cgroup_try_charge+0x259/0x6b0 [ 2192.608340] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2192.613299] do_huge_pmd_wp_page+0x97e/0x3580 [ 2192.617805] ? lockdep_hardirqs_on+0x415/0x5d0 [ 2192.622415] ? retint_kernel+0x2d/0x2d [ 2192.626314] ? trace_hardirqs_on_caller+0x6a/0x220 [ 2192.631269] ? __split_huge_pmd+0x2b10/0x2b10 [ 2192.635800] ? retint_kernel+0x2d/0x2d [ 2192.639719] ? __handle_mm_fault+0x165f/0x3f80 [ 2192.644327] __handle_mm_fault+0x167b/0x3f80 [ 2192.648798] ? copy_page_range+0x2030/0x2030 [ 2192.653255] ? count_memcg_event_mm+0x2b1/0x4d0 [ 2192.657961] handle_mm_fault+0x1b5/0x690 [ 2192.662572] __get_user_pages+0x609/0x1860 [ 2192.666841] ? follow_page_mask+0x1ac0/0x1ac0 [ 2192.671354] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2192.676309] ? retint_kernel+0x2d/0x2d [ 2192.680239] populate_vma_page_range+0x20d/0x2a0 [ 2192.685019] __mm_populate+0x204/0x380 [ 2192.688929] ? populate_vma_page_range+0x2a0/0x2a0 [ 2192.693901] __x64_sys_mlockall+0x35c/0x520 [ 2192.698255] do_syscall_64+0xfd/0x620 [ 2192.702070] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2192.707372] RIP: 0033:0x45b349 [ 2192.710587] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2192.729527] RSP: 002b:00007f4b94dddc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 2192.737693] RAX: ffffffffffffffda RBX: 00007f4b94dde6d4 RCX: 000000000045b349 [ 2192.744981] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 2192.752273] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2192.759997] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2192.767294] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bf2c [ 2192.781769] Task in /syz5 killed as a result of limit of /syz5 [ 2192.788035] memory: usage 307140kB, limit 307200kB, failcnt 233 [ 2192.794480] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2192.801574] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2192.807938] Memory cgroup stats for /syz5: cache:188KB rss:293668KB rss_huge:57344KB shmem:80KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:224200KB active_anon:6344KB inactive_file:4KB active_file:4KB unevictable:63252KB [ 2192.830417] Memory cgroup out of memory: Kill process 3676 (syz-executor.5) score 1226 or sacrifice child [ 2192.840342] Killed process 3685 (syz-executor.5) total-vm:72588kB, anon-rss:18196kB, file-rss:34816kB, shmem-rss:0kB [ 2192.880085] syz-executor.5 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 2192.970016] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 2193.010100] CPU: 0 PID: 3676 Comm: syz-executor.5 Not tainted 4.19.99-syzkaller #0 [ 2193.017860] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2193.027538] Call Trace: [ 2193.030148] dump_stack+0x197/0x210 [ 2193.033793] dump_header+0x15e/0xa55 [ 2193.037513] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2193.042647] ? ___ratelimit+0x60/0x595 [ 2193.046550] ? do_raw_spin_unlock+0x181/0x270 [ 2193.051093] oom_kill_process.cold+0x10/0x6ef [ 2193.055627] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2193.061193] ? task_will_free_mem+0x139/0x6e0 [ 2193.065746] out_of_memory+0x362/0x1330 [ 2193.069856] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2193.074992] ? oom_killer_disable+0x280/0x280 [ 2193.079515] ? find_held_lock+0x35/0x130 [ 2193.083613] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2193.088483] ? memcg_event_wake+0x230/0x230 [ 2193.092845] ? do_raw_spin_unlock+0x181/0x270 [ 2193.097349] ? _raw_spin_unlock+0x2d/0x50 [ 2193.101630] try_charge+0xc6e/0x1490 [ 2193.105373] ? lock_downgrade+0x880/0x880 [ 2193.109538] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2193.114399] ? rcu_read_unlock+0x33/0x60 [ 2193.118729] ? get_mem_cgroup_from_mm+0x185/0x510 [ 2193.123599] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 2193.129685] ? lock_downgrade+0x880/0x880 [ 2193.133866] mem_cgroup_try_charge+0x259/0x6b0 [ 2193.138480] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2193.143434] do_huge_pmd_wp_page+0x97e/0x3580 [ 2193.147960] ? __split_huge_pmd+0x2b10/0x2b10 [ 2193.152483] ? pmd_val+0x85/0x100 [ 2193.155971] __handle_mm_fault+0x167b/0x3f80 [ 2193.160398] ? copy_page_range+0x2030/0x2030 [ 2193.164849] ? count_memcg_event_mm+0x2b1/0x4d0 [ 2193.169544] handle_mm_fault+0x1b5/0x690 [ 2193.173641] __do_page_fault+0x62a/0xe90 [ 2193.177724] ? vmalloc_fault+0x740/0x740 [ 2193.181826] ? trace_hardirqs_off_caller+0x65/0x220 [ 2193.186857] ? trace_hardirqs_on_caller+0x6a/0x220 [ 2193.191813] ? page_fault+0x8/0x30 [ 2193.195371] do_page_fault+0x71/0x57d [ 2193.199188] ? page_fault+0x8/0x30 [ 2193.202753] page_fault+0x1e/0x30 [ 2193.206222] RIP: 0033:0x400644 [ 2193.209437] Code: 06 e9 49 01 00 00 48 8b 44 24 10 48 0b 44 24 28 75 1f 48 8b 14 24 48 8b 7c 24 20 be 04 00 00 00 e8 d1 55 00 00 48 8b 74 24 08 <89> 06 e9 1e 01 00 00 48 8b 44 24 08 48 8b 14 24 be 04 00 00 00 8b [ 2193.228355] RSP: 002b:00007ffda4243c40 EFLAGS: 00010202 [ 2193.233739] RAX: 0000000000000000 RBX: 000000000075c9a0 RCX: 0000000000000000 [ 2193.241024] RDX: 0000000000000000 RSI: 0000000020d06000 RDI: 0000000000000000 [ 2193.248309] RBP: 0000000000760ea0 R08: 0000000000000000 R09: 0000000000000000 [ 2193.255741] R10: 00007ffda4243d50 R11: 0000000000000246 R12: 000000000075bf20 [ 2193.263025] R13: 000000000021757e R14: 0000000000760ea8 R15: 000000000075bf2c 03:26:54 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x70, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x40, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{0x0, 0x0, 0xe}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}, @TCA_RSVP_CLASSID={0x8, 0x1, {0x0, 0x8}}]}}]}, 0x70}}, 0x0) 03:26:54 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x68, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x38, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}]}}]}, 0x68}, 0x1, 0x81000000}, 0x0) [ 2193.320273] Task in /syz5 killed as a result of limit of /syz5 [ 2193.340411] memory: usage 293968kB, limit 307200kB, failcnt 256 [ 2193.387779] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2193.439901] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2193.446098] Memory cgroup stats for /syz5: cache:188KB rss:281940KB rss_huge:45056KB shmem:80KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:224684KB active_anon:6344KB inactive_file:0KB active_file:8KB unevictable:50964KB 03:26:55 executing program 4: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, &(0x7f0000000180)={'tunl0\x00', @ifru_flags}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) socket(0x0, 0x400000000080803, 0x0) write(0xffffffffffffffff, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) [ 2193.674103] Memory cgroup out of memory: Kill process 3676 (syz-executor.5) score 1226 or sacrifice child [ 2193.722103] Killed process 3676 (syz-executor.5) total-vm:72588kB, anon-rss:18196kB, file-rss:54376kB, shmem-rss:0kB 03:26:55 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x68, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x38, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}]}}]}, 0x68}, 0x1, 0x88a8ffff}, 0x0) 03:26:55 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x70, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x40, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{0x0, 0x0, 0xf}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}, @TCA_RSVP_CLASSID={0x8, 0x1, {0x0, 0x8}}]}}]}, 0x70}}, 0x0) [ 2193.795959] oom_reaper: reaped process 3676 (syz-executor.5), now anon-rss:18196kB, file-rss:54368kB, shmem-rss:0kB 03:26:55 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x0, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) [ 2194.488067] syz-executor.4 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 2194.500226] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 2194.505932] CPU: 1 PID: 3705 Comm: syz-executor.4 Not tainted 4.19.99-syzkaller #0 [ 2194.513652] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2194.523146] Call Trace: [ 2194.525763] dump_stack+0x197/0x210 [ 2194.529415] dump_header+0x15e/0xa55 [ 2194.533166] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2194.538288] ? ___ratelimit+0x60/0x595 [ 2194.542198] ? do_raw_spin_unlock+0x181/0x270 [ 2194.546724] oom_kill_process.cold+0x10/0x6ef [ 2194.551275] ? mem_cgroup_get_max+0xa8/0x240 [ 2194.555702] out_of_memory+0x362/0x1330 [ 2194.559707] ? lock_downgrade+0x880/0x880 [ 2194.563883] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2194.569005] ? oom_killer_disable+0x280/0x280 [ 2194.573519] ? find_held_lock+0x35/0x130 [ 2194.577612] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2194.582606] ? memcg_event_wake+0x230/0x230 [ 2194.586960] ? do_raw_spin_unlock+0x181/0x270 [ 2194.591475] ? _raw_spin_unlock+0x2d/0x50 [ 2194.595754] try_charge+0xec5/0x1490 [ 2194.599501] ? lock_downgrade+0x880/0x880 [ 2194.603705] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2194.608576] ? rcu_read_unlock+0x33/0x60 [ 2194.613191] ? get_mem_cgroup_from_mm+0x185/0x510 [ 2194.618052] ? lockdep_hardirqs_on+0x415/0x5d0 [ 2194.622663] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 2194.628755] mem_cgroup_try_charge+0x259/0x6b0 [ 2194.633375] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2194.638327] wp_page_copy+0x430/0x16a0 [ 2194.642355] ? follow_pfn+0x2a0/0x2a0 [ 2194.646180] ? do_raw_spin_unlock+0x181/0x270 [ 2194.650714] do_wp_page+0x57d/0x10b0 [ 2194.654476] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2194.659181] ? kasan_check_write+0x14/0x20 [ 2194.663435] ? do_raw_spin_lock+0xd7/0x250 [ 2194.669964] __handle_mm_fault+0x2305/0x3f80 [ 2194.674406] ? copy_page_range+0x2030/0x2030 [ 2194.678862] ? count_memcg_event_mm+0x2b1/0x4d0 [ 2194.683562] handle_mm_fault+0x1b5/0x690 [ 2194.687762] __get_user_pages+0x609/0x1860 [ 2194.692145] ? follow_page_mask+0x1ac0/0x1ac0 [ 2194.696718] ? retint_kernel+0x2d/0x2d [ 2194.700824] populate_vma_page_range+0x20d/0x2a0 [ 2194.705644] __mm_populate+0x204/0x380 [ 2194.709698] ? populate_vma_page_range+0x2a0/0x2a0 [ 2194.714827] __x64_sys_mlockall+0x35c/0x520 [ 2194.719174] do_syscall_64+0xfd/0x620 [ 2194.723010] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2194.728240] RIP: 0033:0x45b349 [ 2194.731456] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2194.750371] RSP: 002b:00007f86ac35dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 2194.758101] RAX: ffffffffffffffda RBX: 00007f86ac35e6d4 RCX: 000000000045b349 [ 2194.765532] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 2194.772836] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2194.780160] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2194.787535] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bf2c [ 2194.794944] Task in /syz4 killed as a result of limit of /syz4 [ 2194.801186] memory: usage 307200kB, limit 307200kB, failcnt 26281 [ 2194.807660] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2194.814842] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2194.821247] Memory cgroup stats for /syz4: cache:124KB rss:293460KB rss_huge:184320KB shmem:24KB mapped_file:132KB dirty:0KB writeback:132KB swap:0KB inactive_anon:153360KB active_anon:13396KB inactive_file:0KB active_file:8KB unevictable:126872KB [ 2194.844395] Memory cgroup out of memory: Kill process 3704 (syz-executor.4) score 1226 or sacrifice child [ 2194.854569] Killed process 3814 (syz-executor.4) total-vm:72720kB, anon-rss:18328kB, file-rss:34816kB, shmem-rss:0kB [ 2194.919968] oom_reaper: reaped process 3814 (syz-executor.4), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 03:26:57 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:26:57 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x68, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x38, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}]}}]}, 0x68}, 0x1, 0x9c379feb}, 0x0) 03:26:57 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x70, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x40, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{0x0, 0x0, 0x10}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}, @TCA_RSVP_CLASSID={0x8, 0x1, {0x0, 0x8}}]}}]}, 0x70}}, 0x0) 03:26:57 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x0, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:26:57 executing program 4: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, &(0x7f0000000180)={'tunl0\x00', @ifru_flags}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, 0x0, 0x0) 03:26:57 executing program 5: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) [ 2197.173961] syz-executor.5 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 2197.185679] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 2197.192051] CPU: 0 PID: 3931 Comm: syz-executor.5 Not tainted 4.19.99-syzkaller #0 [ 2197.199843] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2197.209210] Call Trace: [ 2197.211816] dump_stack+0x197/0x210 [ 2197.215734] dump_header+0x15e/0xa55 [ 2197.219470] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2197.224589] ? ___ratelimit+0x60/0x595 [ 2197.228487] ? do_raw_spin_unlock+0x181/0x270 [ 2197.233012] oom_kill_process.cold+0x10/0x6ef [ 2197.237547] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2197.243101] ? task_will_free_mem+0x139/0x6e0 [ 2197.247630] out_of_memory+0x362/0x1330 [ 2197.251636] ? lock_downgrade+0x880/0x880 [ 2197.255894] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2197.261140] ? oom_killer_disable+0x280/0x280 [ 2197.265650] ? find_held_lock+0x35/0x130 [ 2197.269754] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2197.274622] ? memcg_event_wake+0x230/0x230 [ 2197.278993] ? do_raw_spin_unlock+0x181/0x270 [ 2197.283631] ? _raw_spin_unlock+0x2d/0x50 [ 2197.287797] try_charge+0xec5/0x1490 [ 2197.291526] ? lock_downgrade+0x880/0x880 [ 2197.295712] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2197.301176] ? rcu_read_unlock+0x33/0x60 [ 2197.305379] ? get_mem_cgroup_from_mm+0x185/0x510 [ 2197.310256] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 2197.316319] ? lock_downgrade+0x880/0x880 [ 2197.320497] mem_cgroup_try_charge+0x259/0x6b0 [ 2197.325106] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2197.330064] do_huge_pmd_wp_page+0x97e/0x3580 [ 2197.334570] ? trace_hardirqs_on_caller+0x6a/0x220 [ 2197.339556] ? __split_huge_pmd+0x2b10/0x2b10 [ 2197.344084] ? __handle_mm_fault+0x165f/0x3f80 [ 2197.348685] ? write_comp_data+0x17/0x70 [ 2197.352838] __handle_mm_fault+0x167b/0x3f80 [ 2197.357396] ? copy_page_range+0x2030/0x2030 [ 2197.361835] ? write_comp_data+0x17/0x70 [ 2197.365934] ? count_memcg_event_mm+0x2b1/0x4d0 [ 2197.370641] handle_mm_fault+0x1b5/0x690 [ 2197.378729] __get_user_pages+0x609/0x1860 [ 2197.383005] ? follow_page_mask+0x1ac0/0x1ac0 [ 2197.387537] ? retint_kernel+0x2d/0x2d [ 2197.391465] populate_vma_page_range+0x20d/0x2a0 [ 2197.396254] __mm_populate+0x204/0x380 [ 2197.400172] ? populate_vma_page_range+0x2a0/0x2a0 [ 2197.405225] __x64_sys_mlockall+0x35c/0x520 [ 2197.409575] do_syscall_64+0xfd/0x620 [ 2197.413406] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2197.418614] RIP: 0033:0x45b349 [ 2197.421827] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2197.441240] RSP: 002b:00007f4b94dddc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 2197.448969] RAX: ffffffffffffffda RBX: 00007f4b94dde6d4 RCX: 000000000045b349 [ 2197.456264] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 2197.463552] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2197.470876] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2197.478172] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bf2c [ 2197.487356] Task in /syz5 killed as a result of limit of /syz5 [ 2197.493774] memory: usage 307200kB, limit 307200kB, failcnt 286 [ 2197.502196] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2197.509264] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2197.515774] Memory cgroup stats for /syz5: cache:188KB rss:293808KB rss_huge:55296KB shmem:80KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:224208KB active_anon:6344KB inactive_file:4KB active_file:4KB unevictable:63384KB [ 2197.538886] Memory cgroup out of memory: Kill process 3929 (syz-executor.5) score 1226 or sacrifice child [ 2197.548812] Killed process 3943 (syz-executor.5) total-vm:72720kB, anon-rss:18328kB, file-rss:34816kB, shmem-rss:0kB [ 2197.563757] syz-executor.4 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 2197.575284] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 2197.580781] CPU: 1 PID: 3935 Comm: syz-executor.4 Not tainted 4.19.99-syzkaller #0 [ 2197.588536] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2197.597910] Call Trace: [ 2197.600515] dump_stack+0x197/0x210 [ 2197.604172] dump_header+0x15e/0xa55 [ 2197.607912] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2197.613044] ? ___ratelimit+0x60/0x595 [ 2197.617035] ? do_raw_spin_unlock+0x181/0x270 [ 2197.621558] oom_kill_process.cold+0x10/0x6ef [ 2197.626114] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2197.631673] ? task_will_free_mem+0x139/0x6e0 [ 2197.636196] out_of_memory+0x362/0x1330 [ 2197.640203] ? lock_downgrade+0x880/0x880 [ 2197.644559] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2197.649904] ? oom_killer_disable+0x280/0x280 [ 2197.654409] ? find_held_lock+0x35/0x130 [ 2197.658506] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2197.663383] ? memcg_event_wake+0x230/0x230 [ 2197.667737] ? do_raw_spin_unlock+0x181/0x270 [ 2197.672244] ? _raw_spin_unlock+0x2d/0x50 [ 2197.676443] try_charge+0xec5/0x1490 [ 2197.680357] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2197.685329] ? retint_kernel+0x2d/0x2d [ 2197.689257] ? try_charge+0xf/0x1490 [ 2197.693090] mem_cgroup_try_charge+0x259/0x6b0 [ 2197.697727] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2197.702771] wp_page_copy+0x430/0x16a0 [ 2197.706695] ? follow_pfn+0x2a0/0x2a0 [ 2197.710523] ? do_raw_spin_unlock+0x181/0x270 [ 2197.715045] do_wp_page+0x57d/0x10b0 [ 2197.718791] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2197.723581] ? kasan_check_write+0x14/0x20 [ 2197.727935] ? do_raw_spin_lock+0xd7/0x250 [ 2197.732196] __handle_mm_fault+0x2305/0x3f80 [ 2197.736640] ? copy_page_range+0x2030/0x2030 [ 2197.741091] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2197.746136] ? handle_mm_fault+0x10e/0x690 [ 2197.750413] handle_mm_fault+0x1b5/0x690 [ 2197.754513] __get_user_pages+0x609/0x1860 [ 2197.758792] ? follow_page_mask+0x1ac0/0x1ac0 [ 2197.763326] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2197.768109] ? retint_kernel+0x2d/0x2d [ 2197.772037] populate_vma_page_range+0x20d/0x2a0 [ 2197.776915] __mm_populate+0x204/0x380 [ 2197.780838] ? populate_vma_page_range+0x2a0/0x2a0 [ 2197.785814] __x64_sys_mlockall+0x35c/0x520 [ 2197.790173] do_syscall_64+0xfd/0x620 [ 2197.793999] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2197.799293] RIP: 0033:0x45b349 [ 2197.802592] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2197.821510] RSP: 002b:00007f86ac35dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 2197.829345] RAX: ffffffffffffffda RBX: 00007f86ac35e6d4 RCX: 000000000045b349 [ 2197.836975] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 2197.844262] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2197.851549] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2197.858865] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bf2c [ 2197.874113] Task in /syz4 killed as a result of limit of /syz4 [ 2197.880641] memory: usage 307200kB, limit 307200kB, failcnt 26306 [ 2197.887172] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2197.894379] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2197.900840] Memory cgroup stats for /syz4: cache:124KB rss:293532KB rss_huge:186368KB shmem:24KB mapped_file:132KB dirty:0KB writeback:132KB swap:0KB inactive_anon:151436KB active_anon:13396KB inactive_file:8KB active_file:4KB unevictable:128788KB [ 2197.924172] Memory cgroup out of memory: Kill process 3928 (syz-executor.4) score 1226 or sacrifice child [ 2197.934401] Killed process 3942 (syz-executor.4) total-vm:72588kB, anon-rss:18196kB, file-rss:34816kB, shmem-rss:0kB [ 2198.913394] oom_reaper: reaped process 3943 (syz-executor.5), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 03:27:00 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x70, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x40, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{0x0, 0x0, 0x3c}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}, @TCA_RSVP_CLASSID={0x8, 0x1, {0x0, 0x8}}]}}]}, 0x70}}, 0x0) 03:27:00 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x68, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x38, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}]}}]}, 0x68}, 0x1, 0x9effffff}, 0x0) 03:27:01 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x0, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:27:01 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket$inet(0x10, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r1 = socket(0x0, 0x400000000080803, 0x0) write(r1, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:27:01 executing program 4: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, &(0x7f0000000180)={'tunl0\x00', @ifru_flags}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, 0x0, 0x0) 03:27:01 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x70, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x40, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{0x0, 0x0, 0x60}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}, @TCA_RSVP_CLASSID={0x8, 0x1, {0x0, 0x8}}]}}]}, 0x70}}, 0x0) 03:27:01 executing program 5: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:27:01 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x68, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x38, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}]}}]}, 0x68}, 0x1, 0xeb9f379c}, 0x0) [ 2200.833378] syz-executor.4 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 2200.845679] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 2200.851819] CPU: 1 PID: 4069 Comm: syz-executor.4 Not tainted 4.19.99-syzkaller #0 [ 2200.859549] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2200.868917] Call Trace: [ 2200.871532] dump_stack+0x197/0x210 [ 2200.875232] dump_header+0x15e/0xa55 [ 2200.878972] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2200.884137] ? ___ratelimit+0x60/0x595 [ 2200.888320] ? do_raw_spin_unlock+0x181/0x270 [ 2200.893012] oom_kill_process.cold+0x10/0x6ef [ 2200.898286] out_of_memory+0x362/0x1330 [ 2200.902383] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2200.910386] ? oom_killer_disable+0x280/0x280 [ 2200.914929] ? find_held_lock+0x35/0x130 [ 2200.919014] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2200.923968] ? memcg_event_wake+0x230/0x230 [ 2200.928329] try_charge+0xec5/0x1490 [ 2200.932080] ? lock_downgrade+0x880/0x880 [ 2200.936498] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2200.941491] ? rcu_read_unlock+0x33/0x60 [ 2200.945676] ? get_mem_cgroup_from_mm+0x185/0x510 [ 2200.950793] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 2200.957004] mem_cgroup_try_charge+0x259/0x6b0 [ 2200.961620] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2200.967175] wp_page_copy+0x430/0x16a0 [ 2200.971084] ? follow_pfn+0x2a0/0x2a0 [ 2200.975207] ? do_raw_spin_unlock+0x181/0x270 [ 2200.979833] do_wp_page+0x57d/0x10b0 [ 2200.983569] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2200.988240] ? kasan_check_write+0x14/0x20 [ 2200.992486] ? do_raw_spin_lock+0xd7/0x250 [ 2200.996723] __handle_mm_fault+0x2305/0x3f80 [ 2201.001236] ? copy_page_range+0x2030/0x2030 [ 2201.005767] ? count_memcg_event_mm+0x2b1/0x4d0 [ 2201.010625] handle_mm_fault+0x1b5/0x690 [ 2201.014710] __get_user_pages+0x609/0x1860 [ 2201.018987] ? follow_page_mask+0x1ac0/0x1ac0 [ 2201.023562] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2201.028862] ? retint_kernel+0x2d/0x2d [ 2201.032793] populate_vma_page_range+0x20d/0x2a0 [ 2201.037573] __mm_populate+0x204/0x380 [ 2201.041477] ? populate_vma_page_range+0x2a0/0x2a0 [ 2201.046470] __x64_sys_mlockall+0x35c/0x520 [ 2201.050829] do_syscall_64+0xfd/0x620 [ 2201.054667] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2201.059875] RIP: 0033:0x45b349 [ 2201.063201] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2201.082382] RSP: 002b:00007f86ac33cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 2201.090367] RAX: ffffffffffffffda RBX: 00007f86ac33d6d4 RCX: 000000000045b349 [ 2201.097653] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 2201.104933] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 2201.112214] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2201.119497] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bfd4 [ 2201.129606] Task in /syz4 killed as a result of limit of /syz4 [ 2201.136135] memory: usage 307196kB, limit 307200kB, failcnt 26342 [ 2201.142963] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2201.150013] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2201.156377] Memory cgroup stats for /syz4: cache:124KB rss:293532KB rss_huge:186368KB shmem:24KB mapped_file:132KB dirty:0KB writeback:132KB swap:0KB inactive_anon:151256KB active_anon:13396KB inactive_file:8KB active_file:4KB unevictable:128916KB [ 2201.180038] Memory cgroup out of memory: Kill process 4066 (syz-executor.4) score 1226 or sacrifice child [ 2201.190311] Killed process 4072 (syz-executor.4) total-vm:72720kB, anon-rss:18324kB, file-rss:34816kB, shmem-rss:0kB [ 2201.290715] syz-executor.4 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 2201.302229] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 2201.307850] CPU: 1 PID: 4069 Comm: syz-executor.4 Not tainted 4.19.99-syzkaller #0 [ 2201.315596] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2201.324964] Call Trace: [ 2201.327596] dump_stack+0x197/0x210 [ 2201.331267] dump_header+0x15e/0xa55 [ 2201.334999] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2201.340125] ? ___ratelimit+0x60/0x595 [ 2201.344045] ? do_raw_spin_unlock+0x181/0x270 [ 2201.348578] oom_kill_process.cold+0x10/0x6ef [ 2201.353093] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2201.358657] ? task_will_free_mem+0x139/0x6e0 [ 2201.363192] out_of_memory+0x362/0x1330 [ 2201.367195] ? retint_kernel+0x2d/0x2d [ 2201.371109] ? oom_killer_disable+0x280/0x280 [ 2201.375638] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2201.380615] ? memcg_event_wake+0x230/0x230 [ 2201.384962] ? do_raw_spin_unlock+0x181/0x270 [ 2201.389481] ? _raw_spin_unlock+0x2d/0x50 [ 2201.393658] try_charge+0xec5/0x1490 [ 2201.397388] ? lock_downgrade+0x880/0x880 [ 2201.401744] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2201.406617] ? rcu_read_unlock+0x33/0x60 [ 2201.410734] ? get_mem_cgroup_from_mm+0x185/0x510 [ 2201.415642] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 2201.421731] mem_cgroup_try_charge+0x259/0x6b0 [ 2201.426363] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2201.431430] wp_page_copy+0x430/0x16a0 [ 2201.435442] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2201.440228] ? follow_pfn+0x2a0/0x2a0 [ 2201.444050] ? do_raw_spin_unlock+0x181/0x270 [ 2201.448579] do_wp_page+0x57d/0x10b0 [ 2201.452317] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2201.457005] ? kasan_check_write+0x14/0x20 [ 2201.461263] ? do_raw_spin_lock+0xd7/0x250 [ 2201.465523] __handle_mm_fault+0x2305/0x3f80 [ 2201.469962] ? copy_page_range+0x2030/0x2030 [ 2201.474410] ? count_memcg_event_mm+0x2b1/0x4d0 [ 2201.479109] handle_mm_fault+0x1b5/0x690 [ 2201.483202] __get_user_pages+0x609/0x1860 [ 2201.487484] ? follow_page_mask+0x1ac0/0x1ac0 [ 2201.492006] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2201.496808] ? retint_kernel+0x2d/0x2d [ 2201.500723] populate_vma_page_range+0x20d/0x2a0 [ 2201.506378] __mm_populate+0x204/0x380 [ 2201.510402] ? populate_vma_page_range+0x2a0/0x2a0 [ 2201.515369] __x64_sys_mlockall+0x35c/0x520 [ 2201.519805] do_syscall_64+0xfd/0x620 [ 2201.523633] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2201.528836] RIP: 0033:0x45b349 [ 2201.532046] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2201.550970] RSP: 002b:00007f86ac33cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 2201.558700] RAX: ffffffffffffffda RBX: 00007f86ac33d6d4 RCX: 000000000045b349 [ 2201.566024] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 2201.573314] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 2201.580711] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2201.588080] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bfd4 [ 2201.595508] Task in /syz4 killed as a result of limit of /syz4 [ 2201.601745] memory: usage 301232kB, limit 307200kB, failcnt 26362 [ 2201.608215] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2201.616116] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2201.622537] Memory cgroup stats for /syz4: cache:124KB rss:287608KB rss_huge:184320KB shmem:24KB mapped_file:132KB dirty:0KB writeback:132KB swap:0KB inactive_anon:147344KB active_anon:13396KB inactive_file:8KB active_file:4KB unevictable:126868KB [ 2201.645760] Memory cgroup out of memory: Kill process 4066 (syz-executor.4) score 1226 or sacrifice child [ 2201.661012] Killed process 4066 (syz-executor.4) total-vm:72720kB, anon-rss:18324kB, file-rss:54376kB, shmem-rss:0kB [ 2201.676561] oom_reaper: reaped process 4066 (syz-executor.4), now anon-rss:18324kB, file-rss:54368kB, shmem-rss:0kB 03:27:03 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x70, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x40, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{0x0, 0x0, 0xf0}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}, @TCA_RSVP_CLASSID={0x8, 0x1, {0x0, 0x8}}]}}]}, 0x70}}, 0x0) 03:27:03 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x68, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x38, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}]}}]}, 0x68}, 0x1, 0xf0ffffff}, 0x0) 03:27:03 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket$inet(0x10, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r1 = socket(0x0, 0x400000000080803, 0x0) write(r1, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) [ 2202.372667] syz-executor.5 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 2202.384448] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 2202.391214] CPU: 0 PID: 4071 Comm: syz-executor.5 Not tainted 4.19.99-syzkaller #0 [ 2202.399051] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2202.408425] Call Trace: [ 2202.411042] dump_stack+0x197/0x210 [ 2202.415306] dump_header+0x15e/0xa55 [ 2202.419044] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2202.424168] ? ___ratelimit+0x60/0x595 [ 2202.428074] ? do_raw_spin_unlock+0x181/0x270 [ 2202.432594] oom_kill_process.cold+0x10/0x6ef [ 2202.437132] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2202.442866] ? task_will_free_mem+0x139/0x6e0 [ 2202.447436] out_of_memory+0x362/0x1330 [ 2202.451451] ? oom_killer_disable+0x280/0x280 [ 2202.456066] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2202.460935] ? memcg_event_wake+0x230/0x230 [ 2202.465371] ? do_raw_spin_unlock+0x181/0x270 [ 2202.469900] ? _raw_spin_unlock+0x2d/0x50 [ 2202.474073] try_charge+0xec5/0x1490 [ 2202.477926] ? lock_downgrade+0x880/0x880 [ 2202.482104] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2202.486972] ? rcu_read_unlock+0x33/0x60 [ 2202.491052] ? get_mem_cgroup_from_mm+0x185/0x510 [ 2202.495943] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 2202.502042] mem_cgroup_try_charge+0x259/0x6b0 [ 2202.506657] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2202.511606] wp_page_copy+0x430/0x16a0 [ 2202.515520] ? follow_pfn+0x2a0/0x2a0 03:27:04 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x70, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x40, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{0x0, 0x0, 0x300}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}, @TCA_RSVP_CLASSID={0x8, 0x1, {0x0, 0x8}}]}}]}, 0x70}}, 0x0) [ 2202.519361] ? do_raw_spin_unlock+0x181/0x270 [ 2202.524033] do_wp_page+0x57d/0x10b0 [ 2202.527780] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2202.532475] ? kasan_check_write+0x14/0x20 [ 2202.536726] ? do_raw_spin_lock+0xd7/0x250 [ 2202.540989] __handle_mm_fault+0x2305/0x3f80 [ 2202.545425] ? copy_page_range+0x2030/0x2030 [ 2202.549872] ? count_memcg_event_mm+0x2b1/0x4d0 [ 2202.554571] handle_mm_fault+0x1b5/0x690 [ 2202.558661] __get_user_pages+0x609/0x1860 [ 2202.562931] ? follow_page_mask+0x1ac0/0x1ac0 [ 2202.567440] ? trace_hardirqs_on_thunk+0x1a/0x1c 03:27:04 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x68, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x38, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}]}}]}, 0x68}, 0x1, 0xfcffffff}, 0x0) [ 2202.572226] ? retint_kernel+0x2d/0x2d [ 2202.576151] populate_vma_page_range+0x20d/0x2a0 [ 2202.580944] __mm_populate+0x204/0x380 [ 2202.584894] ? populate_vma_page_range+0x2a0/0x2a0 [ 2202.589845] ? up_write+0xb2/0x150 [ 2202.593410] __x64_sys_mlockall+0x35c/0x520 [ 2202.597751] do_syscall_64+0xfd/0x620 [ 2202.601580] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2202.606784] RIP: 0033:0x45b349 [ 2202.610388] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2202.629516] RSP: 002b:00007f4b94dddc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 2202.637336] RAX: ffffffffffffffda RBX: 00007f4b94dde6d4 RCX: 000000000045b349 [ 2202.644625] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 2202.651916] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2202.659205] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2202.666517] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bf2c [ 2202.675047] Task in /syz5 killed as a result of limit of /syz5 [ 2202.681786] memory: usage 307200kB, limit 307200kB, failcnt 665 [ 2202.688268] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2202.695444] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2202.702068] Memory cgroup stats for /syz5: cache:188KB rss:295012KB rss_huge:38912KB shmem:80KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:237864KB active_anon:6344KB inactive_file:4KB active_file:4KB unevictable:50964KB [ 2202.724808] Memory cgroup out of memory: Kill process 4070 (syz-executor.5) score 1226 or sacrifice child [ 2202.735189] Killed process 4074 (syz-executor.5) total-vm:72588kB, anon-rss:18196kB, file-rss:34944kB, shmem-rss:0kB 03:27:05 executing program 5: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) [ 2204.358463] syz-executor.2 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=0 [ 2204.369561] syz-executor.2 cpuset=syz2 mems_allowed=0-1 [ 2204.375166] CPU: 1 PID: 4094 Comm: syz-executor.2 Not tainted 4.19.99-syzkaller #0 [ 2204.382889] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2204.392259] Call Trace: [ 2204.394875] dump_stack+0x197/0x210 [ 2204.398530] dump_header+0x15e/0xa55 [ 2204.402269] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2204.407394] ? ___ratelimit+0x60/0x595 [ 2204.411296] ? do_raw_spin_unlock+0x181/0x270 [ 2204.415834] oom_kill_process.cold+0x10/0x6ef [ 2204.420362] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2204.425917] ? task_will_free_mem+0x139/0x6e0 [ 2204.430465] out_of_memory+0x362/0x1330 [ 2204.434460] ? lock_downgrade+0x880/0x880 [ 2204.438623] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2204.443868] ? oom_killer_disable+0x280/0x280 [ 2204.448386] ? find_held_lock+0x35/0x130 [ 2204.452476] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2204.457341] ? memcg_event_wake+0x230/0x230 [ 2204.461682] ? do_raw_spin_unlock+0x181/0x270 [ 2204.466199] ? _raw_spin_unlock+0x2d/0x50 [ 2204.470372] try_charge+0xec5/0x1490 [ 2204.474205] ? lock_downgrade+0x880/0x880 [ 2204.478372] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2204.483225] ? rcu_read_unlock+0x33/0x60 [ 2204.487448] ? get_mem_cgroup_from_mm+0x185/0x510 [ 2204.492307] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 2204.498400] mem_cgroup_try_charge+0x259/0x6b0 [ 2204.503036] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2204.508105] wp_page_copy+0x430/0x16a0 [ 2204.512039] ? follow_pfn+0x2a0/0x2a0 [ 2204.515864] ? do_raw_spin_unlock+0x181/0x270 [ 2204.520381] do_wp_page+0x57d/0x10b0 [ 2204.524114] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2204.528928] ? kasan_check_write+0x14/0x20 [ 2204.533187] ? do_raw_spin_lock+0xd7/0x250 [ 2204.537452] __handle_mm_fault+0x2305/0x3f80 [ 2204.541886] ? copy_page_range+0x2030/0x2030 [ 2204.546405] ? count_memcg_event_mm+0x2b1/0x4d0 [ 2204.551110] handle_mm_fault+0x1b5/0x690 [ 2204.555203] __get_user_pages+0x609/0x1860 [ 2204.559542] ? follow_page_mask+0x1ac0/0x1ac0 [ 2204.564061] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2204.568856] ? retint_kernel+0x2d/0x2d [ 2204.572768] populate_vma_page_range+0x20d/0x2a0 [ 2204.577548] __mm_populate+0x204/0x380 [ 2204.581464] ? populate_vma_page_range+0x2a0/0x2a0 [ 2204.586409] ? __x64_sys_mlockall+0x286/0x520 [ 2204.590931] __x64_sys_mlockall+0x35c/0x520 [ 2204.595279] do_syscall_64+0xfd/0x620 [ 2204.599132] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2204.604422] RIP: 0033:0x45b349 [ 2204.607625] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2204.626643] RSP: 002b:00007fbf16a2fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 2204.634415] RAX: ffffffffffffffda RBX: 00007fbf16a306d4 RCX: 000000000045b349 [ 2204.641714] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 2204.649816] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2204.657212] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2204.664618] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bf2c [ 2204.672319] Task in /syz2 killed as a result of limit of /syz2 [ 2204.678804] memory: usage 307200kB, limit 307200kB, failcnt 68 [ 2204.684987] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2204.692005] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2204.698679] Memory cgroup stats for /syz2: cache:24KB rss:295884KB rss_huge:34816KB shmem:60KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:244556KB active_anon:8728KB inactive_file:8KB active_file:4KB unevictable:42772KB [ 2204.721150] Memory cgroup out of memory: Kill process 4091 (syz-executor.2) score 233 or sacrifice child [ 2204.731562] Killed process 4097 (syz-executor.2) total-vm:72588kB, anon-rss:18196kB, file-rss:34816kB, shmem-rss:0kB 03:27:07 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:27:07 executing program 4: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, &(0x7f0000000180)={'tunl0\x00', @ifru_flags}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, 0x0, 0x0) [ 2205.866214] syz-executor.5 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 2205.878041] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 2205.883615] CPU: 0 PID: 4103 Comm: syz-executor.5 Not tainted 4.19.99-syzkaller #0 [ 2205.891343] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2205.900714] Call Trace: [ 2205.903408] dump_stack+0x197/0x210 [ 2205.907052] dump_header+0x15e/0xa55 [ 2205.910777] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2205.915975] ? ___ratelimit+0x60/0x595 [ 2205.919872] ? do_raw_spin_unlock+0x181/0x270 [ 2205.924377] oom_kill_process.cold+0x10/0x6ef [ 2205.928886] ? out_of_memory+0x12a/0x1330 [ 2205.933048] out_of_memory+0x362/0x1330 [ 2205.937036] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2205.941810] ? oom_killer_disable+0x280/0x280 [ 2205.946420] ? find_held_lock+0x35/0x130 [ 2205.950510] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2205.955373] ? memcg_event_wake+0x230/0x230 [ 2205.959731] try_charge+0xec5/0x1490 [ 2205.963480] ? lock_downgrade+0x880/0x880 [ 2205.967653] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2205.972512] ? rcu_read_unlock+0x33/0x60 [ 2205.976586] ? get_mem_cgroup_from_mm+0x185/0x510 [ 2205.981447] ? trace_hardirqs_on_caller+0x6a/0x220 [ 2205.986402] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 2205.992479] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2205.997261] mem_cgroup_try_charge+0x259/0x6b0 [ 2206.002014] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2206.006965] wp_page_copy+0x430/0x16a0 [ 2206.011009] ? follow_pfn+0x2a0/0x2a0 [ 2206.014824] ? do_raw_spin_unlock+0x181/0x270 [ 2206.019348] do_wp_page+0x57d/0x10b0 [ 2206.023220] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2206.027912] ? kasan_check_write+0x14/0x20 [ 2206.032167] ? do_raw_spin_lock+0xd7/0x250 [ 2206.036428] __handle_mm_fault+0x2305/0x3f80 [ 2206.040857] ? copy_page_range+0x2030/0x2030 [ 2206.045304] ? count_memcg_event_mm+0x2b1/0x4d0 [ 2206.049988] handle_mm_fault+0x1b5/0x690 [ 2206.054077] ? __get_user_pages+0x573/0x1860 [ 2206.058506] __get_user_pages+0x609/0x1860 [ 2206.062775] ? follow_page_mask+0x1ac0/0x1ac0 [ 2206.067299] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2206.072085] ? retint_kernel+0x2d/0x2d [ 2206.076003] populate_vma_page_range+0x20d/0x2a0 [ 2206.080783] __mm_populate+0x204/0x380 [ 2206.084703] ? populate_vma_page_range+0x2a0/0x2a0 [ 2206.089659] __x64_sys_mlockall+0x35c/0x520 [ 2206.094011] do_syscall_64+0xfd/0x620 [ 2206.097836] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2206.103039] RIP: 0033:0x45b349 [ 2206.106250] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2206.125270] RSP: 002b:00007f4b94dddc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 2206.133000] RAX: ffffffffffffffda RBX: 00007f4b94dde6d4 RCX: 000000000045b349 [ 2206.140281] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 2206.147574] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2206.154859] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2206.162146] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bf2c [ 2206.172289] Task in /syz5 killed as a result of limit of /syz5 [ 2206.178685] memory: usage 307200kB, limit 307200kB, failcnt 678 [ 2206.184914] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2206.191805] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2206.198078] Memory cgroup stats for /syz5: cache:188KB rss:295156KB rss_huge:38912KB shmem:80KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:237960KB active_anon:6344KB inactive_file:4KB active_file:4KB unevictable:50964KB [ 2206.221688] Memory cgroup out of memory: Kill process 4102 (syz-executor.5) score 1226 or sacrifice child [ 2206.232411] Killed process 4105 (syz-executor.5) total-vm:72588kB, anon-rss:18196kB, file-rss:34816kB, shmem-rss:0kB [ 2206.246940] syz-executor.4 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 2206.258685] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 2206.264578] CPU: 1 PID: 4220 Comm: syz-executor.4 Not tainted 4.19.99-syzkaller #0 [ 2206.272391] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2206.281753] Call Trace: [ 2206.284365] dump_stack+0x197/0x210 [ 2206.288012] dump_header+0x15e/0xa55 [ 2206.291754] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2206.296869] ? ___ratelimit+0x60/0x595 [ 2206.300775] ? do_raw_spin_unlock+0x181/0x270 [ 2206.307127] oom_kill_process.cold+0x10/0x6ef [ 2206.311656] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2206.317359] ? task_will_free_mem+0x139/0x6e0 [ 2206.321992] out_of_memory+0x362/0x1330 [ 2206.325991] ? lock_downgrade+0x880/0x880 [ 2206.330165] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2206.335296] ? oom_killer_disable+0x280/0x280 [ 2206.339816] ? find_held_lock+0x35/0x130 [ 2206.343924] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2206.348771] ? memcg_event_wake+0x230/0x230 [ 2206.353214] ? do_raw_spin_unlock+0x181/0x270 [ 2206.357725] ? _raw_spin_unlock+0x2d/0x50 [ 2206.361890] try_charge+0xec5/0x1490 [ 2206.365611] ? lock_downgrade+0x880/0x880 [ 2206.369773] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2206.374632] ? rcu_read_unlock+0x33/0x60 [ 2206.378706] ? get_mem_cgroup_from_mm+0x185/0x510 [ 2206.383616] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 2206.389702] ? lock_downgrade+0x880/0x880 [ 2206.393874] mem_cgroup_try_charge+0x259/0x6b0 [ 2206.398484] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2206.403438] do_huge_pmd_wp_page+0x97e/0x3580 [ 2206.407936] ? lockdep_hardirqs_on+0x415/0x5d0 [ 2206.412530] ? retint_kernel+0x2d/0x2d [ 2206.416441] ? trace_hardirqs_on_caller+0x6a/0x220 [ 2206.421386] ? __split_huge_pmd+0x2b10/0x2b10 [ 2206.425897] ? retint_kernel+0x2d/0x2d [ 2206.429811] ? pmd_val+0x85/0x100 [ 2206.433300] __handle_mm_fault+0x167b/0x3f80 [ 2206.437719] ? copy_page_range+0x2030/0x2030 [ 2206.442171] ? count_memcg_event_mm+0x2b1/0x4d0 [ 2206.446855] handle_mm_fault+0x1b5/0x690 [ 2206.450970] __get_user_pages+0x609/0x1860 [ 2206.455257] ? follow_page_mask+0x1ac0/0x1ac0 [ 2206.459771] ? retint_kernel+0x2d/0x2d [ 2206.463671] populate_vma_page_range+0x20d/0x2a0 [ 2206.468449] __mm_populate+0x204/0x380 [ 2206.472368] ? populate_vma_page_range+0x2a0/0x2a0 [ 2206.477305] __x64_sys_mlockall+0x35c/0x520 [ 2206.481643] do_syscall_64+0xfd/0x620 [ 2206.485474] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2206.490663] RIP: 0033:0x45b349 [ 2206.493883] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2206.512909] RSP: 002b:00007f86ac33cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 2206.520626] RAX: ffffffffffffffda RBX: 00007f86ac33d6d4 RCX: 000000000045b349 [ 2206.527928] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 2206.535213] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 2206.542578] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2206.549962] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bfd4 [ 2206.559236] Task in /syz4 killed as a result of limit of /syz4 [ 2206.565522] memory: usage 307200kB, limit 307200kB, failcnt 26373 [ 2206.572379] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2206.579343] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2206.585920] Memory cgroup stats for /syz4: cache:124KB rss:293244KB rss_huge:192512KB shmem:24KB mapped_file:132KB dirty:0KB writeback:0KB swap:0KB inactive_anon:150956KB active_anon:13396KB inactive_file:4KB active_file:4KB unevictable:128916KB [ 2206.609505] Memory cgroup out of memory: Kill process 4217 (syz-executor.4) score 1226 or sacrifice child [ 2206.621194] Killed process 4221 (syz-executor.4) total-vm:72720kB, anon-rss:18324kB, file-rss:34816kB, shmem-rss:0kB [ 2206.651596] syz-executor.5 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 2206.663210] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 2206.668984] CPU: 0 PID: 4103 Comm: syz-executor.5 Not tainted 4.19.99-syzkaller #0 [ 2206.676709] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2206.686084] Call Trace: [ 2206.688689] dump_stack+0x197/0x210 [ 2206.692333] dump_header+0x15e/0xa55 [ 2206.696075] ? oom_kill_process+0x136/0x150 [ 2206.700426] oom_kill_process.cold+0x10/0x6ef [ 2206.705037] out_of_memory+0x362/0x1330 [ 2206.709025] ? retint_kernel+0x2d/0x2d [ 2206.713175] ? oom_killer_disable+0x280/0x280 [ 2206.717707] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2206.722568] ? memcg_event_wake+0x230/0x230 [ 2206.726921] ? do_raw_spin_unlock+0x181/0x270 [ 2206.731428] ? _raw_spin_unlock+0x2d/0x50 [ 2206.735688] try_charge+0xec5/0x1490 [ 2206.739432] ? lock_downgrade+0x880/0x880 [ 2206.743606] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2206.748463] ? rcu_read_unlock+0x33/0x60 [ 2206.752545] ? get_mem_cgroup_from_mm+0x185/0x510 [ 2206.757406] ? trace_hardirqs_on_caller+0x6a/0x220 [ 2206.762361] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 2206.768440] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2206.773218] mem_cgroup_try_charge+0x259/0x6b0 [ 2206.777829] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2206.782871] wp_page_copy+0x430/0x16a0 [ 2206.786827] ? follow_pfn+0x2a0/0x2a0 [ 2206.790685] ? do_raw_spin_unlock+0x181/0x270 [ 2206.795203] do_wp_page+0x57d/0x10b0 [ 2206.798937] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2206.803716] ? kasan_check_write+0x14/0x20 [ 2206.807970] ? do_raw_spin_lock+0xd7/0x250 [ 2206.812233] __handle_mm_fault+0x2305/0x3f80 [ 2206.816667] ? copy_page_range+0x2030/0x2030 [ 2206.821106] ? count_memcg_event_mm+0x2b1/0x4d0 [ 2206.825792] handle_mm_fault+0x1b5/0x690 [ 2206.829880] ? __get_user_pages+0x573/0x1860 [ 2206.834321] __get_user_pages+0x609/0x1860 [ 2206.838599] ? follow_page_mask+0x1ac0/0x1ac0 [ 2206.843134] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2206.847916] ? retint_kernel+0x2d/0x2d [ 2206.851834] populate_vma_page_range+0x20d/0x2a0 [ 2206.856694] __mm_populate+0x204/0x380 [ 2206.860612] ? populate_vma_page_range+0x2a0/0x2a0 [ 2206.865578] __x64_sys_mlockall+0x35c/0x520 [ 2206.869918] do_syscall_64+0xfd/0x620 [ 2206.873737] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2206.879986] RIP: 0033:0x45b349 [ 2206.883800] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2206.903502] RSP: 002b:00007f4b94dddc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 2206.911315] RAX: ffffffffffffffda RBX: 00007f4b94dde6d4 RCX: 000000000045b349 [ 2206.918598] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 2206.925970] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2206.933418] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2206.940805] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bf2c [ 2206.949925] Task in /syz5 killed as a result of limit of /syz5 [ 2206.956056] memory: usage 291688kB, limit 307200kB, failcnt 684 [ 2206.962585] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2206.969563] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2206.976039] Memory cgroup stats for /syz5: cache:188KB rss:279964KB rss_huge:38912KB shmem:80KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:222636KB active_anon:6344KB inactive_file:4KB active_file:4KB unevictable:50964KB [ 2206.999290] Memory cgroup out of memory: Kill process 4102 (syz-executor.5) score 1226 or sacrifice child [ 2207.009671] Killed process 4102 (syz-executor.5) total-vm:72588kB, anon-rss:18196kB, file-rss:54376kB, shmem-rss:0kB 03:27:08 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket$inet(0x10, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r1 = socket(0x0, 0x400000000080803, 0x0) write(r1, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:27:09 executing program 5: sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r0 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r0, 0x89f0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x7ffff000) r1 = socket(0x0, 0x400000000080803, 0x0) write(r1, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) [ 2209.372881] syz-executor.2 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=0 [ 2209.384416] syz-executor.2 cpuset=syz2 mems_allowed=0-1 [ 2209.390176] CPU: 1 PID: 4226 Comm: syz-executor.2 Not tainted 4.19.99-syzkaller #0 [ 2209.397911] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2209.407285] Call Trace: [ 2209.409895] dump_stack+0x197/0x210 [ 2209.413553] dump_header+0x15e/0xa55 [ 2209.417306] ? oom_kill_process+0x136/0x150 [ 2209.421772] oom_kill_process.cold+0x10/0x6ef [ 2209.426293] ? out_of_memory+0xe3/0x1330 [ 2209.430456] out_of_memory+0x362/0x1330 [ 2209.434475] ? lock_downgrade+0x880/0x880 [ 2209.438650] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2209.443796] ? oom_killer_disable+0x280/0x280 [ 2209.448319] ? find_held_lock+0x35/0x130 [ 2209.452418] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2209.457282] ? memcg_event_wake+0x230/0x230 [ 2209.461634] ? do_raw_spin_unlock+0x181/0x270 [ 2209.467304] ? _raw_spin_unlock+0x2d/0x50 [ 2209.471478] try_charge+0xec5/0x1490 [ 2209.475327] ? lock_downgrade+0x880/0x880 [ 2209.479500] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2209.484408] ? rcu_read_unlock+0x33/0x60 [ 2209.488668] ? get_mem_cgroup_from_mm+0x185/0x510 [ 2209.493533] ? trace_hardirqs_on_caller+0x6a/0x220 [ 2209.498501] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 2209.504591] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2209.509385] mem_cgroup_try_charge+0x259/0x6b0 [ 2209.513999] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2209.519058] wp_page_copy+0x430/0x16a0 [ 2209.523234] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2209.528020] ? follow_pfn+0x2a0/0x2a0 [ 2209.531843] ? do_raw_spin_unlock+0x181/0x270 [ 2209.536359] do_wp_page+0x57d/0x10b0 [ 2209.540190] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2209.544890] ? kasan_check_write+0x14/0x20 [ 2209.549145] ? do_raw_spin_lock+0xd7/0x250 [ 2209.553418] __handle_mm_fault+0x2305/0x3f80 [ 2209.557859] ? copy_page_range+0x2030/0x2030 [ 2209.562293] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2209.567098] handle_mm_fault+0x1b5/0x690 [ 2209.571194] __get_user_pages+0x609/0x1860 [ 2209.575458] ? follow_page_mask+0x1ac0/0x1ac0 [ 2209.579969] ? retint_kernel+0x2d/0x2d [ 2209.583956] populate_vma_page_range+0x20d/0x2a0 [ 2209.588748] __mm_populate+0x204/0x380 [ 2209.592665] ? populate_vma_page_range+0x2a0/0x2a0 [ 2209.597644] __x64_sys_mlockall+0x35c/0x520 [ 2209.601996] do_syscall_64+0xfd/0x620 [ 2209.605828] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2209.611051] RIP: 0033:0x45b349 [ 2209.614258] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2209.633262] RSP: 002b:00007fbf16a2fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 2209.640996] RAX: ffffffffffffffda RBX: 00007fbf16a306d4 RCX: 000000000045b349 [ 2209.648290] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 2209.655739] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2209.663032] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2209.670442] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bf2c [ 2209.688265] Task in /syz2 killed as a result of limit of /syz2 [ 2209.694853] memory: usage 307200kB, limit 307200kB, failcnt 118 [ 2209.701383] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2209.708364] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2209.714824] Memory cgroup stats for /syz2: cache:24KB rss:295828KB rss_huge:28672KB shmem:60KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:250704KB active_anon:8728KB inactive_file:8KB active_file:8KB unevictable:36628KB [ 2209.737135] Memory cgroup out of memory: Kill process 4225 (syz-executor.2) score 233 or sacrifice child [ 2209.747177] Killed process 4227 (syz-executor.2) total-vm:72588kB, anon-rss:18196kB, file-rss:34816kB, shmem-rss:0kB [ 2209.761508] syz-executor.5 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 2209.772871] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 2209.778355] CPU: 0 PID: 4229 Comm: syz-executor.5 Not tainted 4.19.99-syzkaller #0 [ 2209.786101] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2209.795568] Call Trace: [ 2209.798181] dump_stack+0x197/0x210 [ 2209.801844] dump_header+0x15e/0xa55 [ 2209.805581] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2209.810714] ? ___ratelimit+0x60/0x595 [ 2209.814626] ? do_raw_spin_unlock+0x181/0x270 [ 2209.819151] oom_kill_process.cold+0x10/0x6ef [ 2209.823665] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2209.829207] ? task_will_free_mem+0x139/0x6e0 [ 2209.833817] out_of_memory+0x362/0x1330 [ 2209.837807] ? lock_downgrade+0x880/0x880 [ 2209.841964] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2209.847093] ? oom_killer_disable+0x280/0x280 [ 2209.851599] ? find_held_lock+0x35/0x130 [ 2209.855678] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2209.860547] ? memcg_event_wake+0x230/0x230 [ 2209.864889] ? do_raw_spin_unlock+0x181/0x270 [ 2209.869449] ? _raw_spin_unlock+0x2d/0x50 [ 2209.873631] try_charge+0xec5/0x1490 [ 2209.877422] ? lock_downgrade+0x880/0x880 [ 2209.881599] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2209.886560] ? rcu_read_unlock+0x33/0x60 [ 2209.890629] ? get_mem_cgroup_from_mm+0x185/0x510 [ 2209.895498] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 2209.901576] mem_cgroup_try_charge+0x259/0x6b0 [ 2209.906181] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2209.911121] wp_page_copy+0x430/0x16a0 [ 2209.915044] ? follow_pfn+0x2a0/0x2a0 [ 2209.918859] ? do_raw_spin_unlock+0x181/0x270 [ 2209.923356] do_wp_page+0x57d/0x10b0 [ 2209.927091] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2209.931768] ? kasan_check_write+0x14/0x20 [ 2209.936000] ? do_raw_spin_lock+0xd7/0x250 [ 2209.940248] __handle_mm_fault+0x2305/0x3f80 [ 2209.944673] ? copy_page_range+0x2030/0x2030 [ 2209.949088] ? retint_kernel+0x2d/0x2d [ 2209.953016] ? count_memcg_event_mm+0x2b1/0x4d0 [ 2209.957790] handle_mm_fault+0x1b5/0x690 [ 2209.961860] ? __get_user_pages+0x54c/0x1860 [ 2209.966288] __get_user_pages+0x609/0x1860 [ 2209.970664] ? follow_page_mask+0x1ac0/0x1ac0 [ 2209.975178] ? retint_kernel+0x2d/0x2d [ 2209.979104] populate_vma_page_range+0x20d/0x2a0 [ 2209.984002] __mm_populate+0x204/0x380 [ 2209.987905] ? populate_vma_page_range+0x2a0/0x2a0 [ 2209.992856] __x64_sys_mlockall+0x35c/0x520 [ 2209.997298] do_syscall_64+0xfd/0x620 [ 2210.001104] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2210.006296] RIP: 0033:0x45b349 [ 2210.009487] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2210.028871] RSP: 002b:00007f4b94dddc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 2210.036624] RAX: ffffffffffffffda RBX: 00007f4b94dde6d4 RCX: 000000000045b349 [ 2210.043925] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 2210.051216] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2210.058502] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2210.065806] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bf2c [ 2210.074179] Task in /syz5 killed as a result of limit of /syz5 [ 2210.080511] memory: usage 307196kB, limit 307200kB, failcnt 699 [ 2210.087067] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2210.094246] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2210.100698] Memory cgroup stats for /syz5: cache:188KB rss:295152KB rss_huge:38912KB shmem:80KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:237964KB active_anon:6344KB inactive_file:8KB active_file:0KB unevictable:50964KB [ 2210.123927] Memory cgroup out of memory: Kill process 4228 (syz-executor.5) score 1223 or sacrifice child [ 2210.134828] Killed process 4230 (syz-executor.5) total-vm:72588kB, anon-rss:18196kB, file-rss:34944kB, shmem-rss:0kB [ 2210.177819] syz-executor.2 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=0 [ 2210.189403] syz-executor.2 cpuset=syz2 mems_allowed=0-1 [ 2210.195466] CPU: 1 PID: 4226 Comm: syz-executor.2 Not tainted 4.19.99-syzkaller #0 [ 2210.203297] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2210.212767] Call Trace: [ 2210.215370] dump_stack+0x197/0x210 [ 2210.219028] dump_header+0x15e/0xa55 [ 2210.222761] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2210.227872] ? ___ratelimit+0x60/0x595 [ 2210.232329] ? do_raw_spin_unlock+0x181/0x270 [ 2210.236848] oom_kill_process.cold+0x10/0x6ef [ 2210.241368] out_of_memory+0x362/0x1330 [ 2210.245366] ? retint_kernel+0x2d/0x2d [ 2210.249280] ? oom_killer_disable+0x280/0x280 [ 2210.253819] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2210.258682] ? memcg_event_wake+0x230/0x230 [ 2210.263027] ? do_raw_spin_unlock+0x181/0x270 [ 2210.267543] ? _raw_spin_unlock+0x2d/0x50 [ 2210.271709] try_charge+0xec5/0x1490 [ 2210.275444] ? lock_downgrade+0x880/0x880 [ 2210.279617] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2210.284482] ? rcu_read_unlock+0x33/0x60 [ 2210.288562] ? get_mem_cgroup_from_mm+0x185/0x510 [ 2210.293436] ? trace_hardirqs_on_caller+0x6a/0x220 [ 2210.298392] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 2210.304471] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2210.309263] mem_cgroup_try_charge+0x259/0x6b0 [ 2210.313871] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2210.318880] wp_page_copy+0x430/0x16a0 [ 2210.322832] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2210.327620] ? follow_pfn+0x2a0/0x2a0 [ 2210.331448] ? do_raw_spin_unlock+0x181/0x270 [ 2210.336226] do_wp_page+0x57d/0x10b0 [ 2210.339970] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2210.344662] ? kasan_check_write+0x14/0x20 [ 2210.348919] ? do_raw_spin_lock+0xd7/0x250 [ 2210.353172] __handle_mm_fault+0x2305/0x3f80 [ 2210.357613] ? copy_page_range+0x2030/0x2030 [ 2210.362049] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2210.366851] handle_mm_fault+0x1b5/0x690 [ 2210.371057] __get_user_pages+0x609/0x1860 [ 2210.375338] ? follow_page_mask+0x1ac0/0x1ac0 [ 2210.379965] ? retint_kernel+0x2d/0x2d [ 2210.383890] populate_vma_page_range+0x20d/0x2a0 [ 2210.388771] __mm_populate+0x204/0x380 [ 2210.392705] ? populate_vma_page_range+0x2a0/0x2a0 [ 2210.397666] __x64_sys_mlockall+0x35c/0x520 [ 2210.402013] do_syscall_64+0xfd/0x620 [ 2210.405837] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2210.411044] RIP: 0033:0x45b349 [ 2210.414275] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2210.433284] RSP: 002b:00007fbf16a2fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 2210.441013] RAX: ffffffffffffffda RBX: 00007fbf16a306d4 RCX: 000000000045b349 [ 2210.448300] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 2210.455583] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2210.463647] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2210.470993] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bf2c [ 2210.480494] Task in /syz2 killed as a result of limit of /syz2 [ 2210.486826] memory: usage 292940kB, limit 307200kB, failcnt 124 [ 2210.493255] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2210.500175] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2210.506613] Memory cgroup stats for /syz2: cache:24KB rss:281960KB rss_huge:28672KB shmem:60KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:236708KB active_anon:8728KB inactive_file:12KB active_file:4KB unevictable:36628KB [ 2210.528906] Memory cgroup out of memory: Kill process 4225 (syz-executor.2) score 233 or sacrifice child [ 2210.539693] Killed process 4225 (syz-executor.2) total-vm:72588kB, anon-rss:18148kB, file-rss:53472kB, shmem-rss:0kB 03:27:12 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x70, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x40, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{0x0, 0x0, 0x500}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}, @TCA_RSVP_CLASSID={0x8, 0x1, {0x0, 0x8}}]}}]}, 0x70}}, 0x0) 03:27:12 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x68, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x38, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}]}}]}, 0x68}, 0x1, 0xff000000}, 0x0) 03:27:12 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:27:12 executing program 4: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, &(0x7f0000000180)={'tunl0\x00', @ifru_flags}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240), 0x0) 03:27:12 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) ioctl$sock_ifreq(0xffffffffffffffff, 0x89f0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r1 = socket(0x0, 0x400000000080803, 0x0) write(r1, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:27:12 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x68, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x38, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}]}}]}, 0x68}, 0x1, 0xffffa888}, 0x0) 03:27:12 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x70, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x40, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{0x0, 0x0, 0x600}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}, @TCA_RSVP_CLASSID={0x8, 0x1, {0x0, 0x8}}]}}]}, 0x70}}, 0x0) [ 2212.160926] syz-executor.4 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 2212.173011] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 2212.178519] CPU: 0 PID: 4253 Comm: syz-executor.4 Not tainted 4.19.99-syzkaller #0 [ 2212.186240] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2212.195602] Call Trace: [ 2212.198208] dump_stack+0x197/0x210 [ 2212.201868] dump_header+0x15e/0xa55 [ 2212.205605] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2212.210722] ? ___ratelimit+0x60/0x595 [ 2212.214627] ? do_raw_spin_unlock+0x181/0x270 [ 2212.219154] oom_kill_process.cold+0x10/0x6ef [ 2212.223766] out_of_memory+0x362/0x1330 [ 2212.227765] ? lock_downgrade+0x880/0x880 [ 2212.231931] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2212.237055] ? oom_killer_disable+0x280/0x280 [ 2212.241574] ? find_held_lock+0x35/0x130 [ 2212.245667] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2212.250527] ? memcg_event_wake+0x230/0x230 [ 2212.254881] ? do_raw_spin_unlock+0x181/0x270 [ 2212.259401] ? _raw_spin_unlock+0x2d/0x50 [ 2212.263660] try_charge+0xec5/0x1490 [ 2212.267498] ? lock_downgrade+0x880/0x880 [ 2212.271688] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2212.276656] ? rcu_read_unlock+0x33/0x60 [ 2212.280736] ? get_mem_cgroup_from_mm+0x185/0x510 [ 2212.285595] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 2212.291714] mem_cgroup_try_charge+0x259/0x6b0 [ 2212.296325] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2212.301301] wp_page_copy+0x430/0x16a0 [ 2212.305221] ? follow_pfn+0x2a0/0x2a0 [ 2212.309064] ? do_raw_spin_unlock+0x181/0x270 [ 2212.313584] do_wp_page+0x57d/0x10b0 [ 2212.317322] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2212.322099] ? kasan_check_write+0x14/0x20 [ 2212.326353] ? do_raw_spin_lock+0xd7/0x250 [ 2212.330616] __handle_mm_fault+0x2305/0x3f80 [ 2212.335135] ? copy_page_range+0x2030/0x2030 [ 2212.339582] ? count_memcg_event_mm+0x2b1/0x4d0 [ 2212.344269] handle_mm_fault+0x1b5/0x690 [ 2212.348353] __get_user_pages+0x609/0x1860 [ 2212.352627] ? follow_page_mask+0x1ac0/0x1ac0 [ 2212.357154] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2212.361941] ? retint_kernel+0x2d/0x2d [ 2212.365849] populate_vma_page_range+0x20d/0x2a0 [ 2212.370640] __mm_populate+0x204/0x380 [ 2212.374547] ? populate_vma_page_range+0x2a0/0x2a0 [ 2212.379507] __x64_sys_mlockall+0x35c/0x520 [ 2212.383855] do_syscall_64+0xfd/0x620 [ 2212.387690] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2212.392899] RIP: 0033:0x45b349 [ 2212.396192] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2212.415104] RSP: 002b:00007f86ac33cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 2212.423307] RAX: ffffffffffffffda RBX: 00007f86ac33d6d4 RCX: 000000000045b349 [ 2212.430603] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 2212.437888] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 2212.445180] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2212.452464] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bfd4 [ 2212.461318] Task in /syz4 killed as a result of limit of /syz4 [ 2212.467657] memory: usage 307200kB, limit 307200kB, failcnt 26393 [ 2212.474081] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2212.481216] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2212.487488] Memory cgroup stats for /syz4: cache:124KB rss:293456KB rss_huge:184320KB shmem:24KB mapped_file:132KB dirty:0KB writeback:0KB swap:0KB inactive_anon:153344KB active_anon:13396KB inactive_file:4KB active_file:4KB unevictable:126868KB [ 2212.510850] Memory cgroup out of memory: Kill process 4244 (syz-executor.4) score 1226 or sacrifice child [ 2212.522712] Killed process 4254 (syz-executor.4) total-vm:72720kB, anon-rss:18324kB, file-rss:34816kB, shmem-rss:0kB [ 2212.537285] syz-executor.2 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=0 [ 2212.548416] syz-executor.2 cpuset=syz2 mems_allowed=0-1 [ 2212.554315] CPU: 1 PID: 4247 Comm: syz-executor.2 Not tainted 4.19.99-syzkaller #0 [ 2212.562162] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2212.571529] Call Trace: [ 2212.574144] dump_stack+0x197/0x210 [ 2212.577799] dump_header+0x15e/0xa55 [ 2212.581532] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2212.586660] ? ___ratelimit+0x60/0x595 [ 2212.590662] ? do_raw_spin_unlock+0x181/0x270 [ 2212.595297] oom_kill_process.cold+0x10/0x6ef [ 2212.599983] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2212.605591] ? task_will_free_mem+0x139/0x6e0 [ 2212.610190] out_of_memory+0x362/0x1330 [ 2212.614205] ? lock_downgrade+0x880/0x880 [ 2212.618383] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2212.623507] ? oom_killer_disable+0x280/0x280 [ 2212.628026] ? find_held_lock+0x35/0x130 [ 2212.632508] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2212.637406] ? memcg_event_wake+0x230/0x230 [ 2212.641763] ? do_raw_spin_unlock+0x181/0x270 [ 2212.646291] ? _raw_spin_unlock+0x2d/0x50 [ 2212.650461] try_charge+0xec5/0x1490 [ 2212.654221] ? lock_downgrade+0x880/0x880 [ 2212.658400] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2212.663262] ? rcu_read_unlock+0x33/0x60 [ 2212.667348] ? get_mem_cgroup_from_mm+0x185/0x510 [ 2212.672314] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 2212.678410] mem_cgroup_try_charge+0x259/0x6b0 [ 2212.683024] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2212.688078] wp_page_copy+0x430/0x16a0 [ 2212.692089] ? follow_pfn+0x2a0/0x2a0 [ 2212.695923] ? do_raw_spin_unlock+0x181/0x270 [ 2212.700446] do_wp_page+0x57d/0x10b0 [ 2212.704189] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2212.708890] ? kasan_check_write+0x14/0x20 [ 2212.713149] ? do_raw_spin_lock+0xd7/0x250 [ 2212.717415] __handle_mm_fault+0x2305/0x3f80 [ 2212.721857] ? copy_page_range+0x2030/0x2030 [ 2212.726308] ? count_memcg_event_mm+0x2b1/0x4d0 [ 2212.731006] handle_mm_fault+0x1b5/0x690 [ 2212.735092] __get_user_pages+0x609/0x1860 [ 2212.739357] ? follow_page_mask+0x1ac0/0x1ac0 [ 2212.744152] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2212.748945] ? retint_kernel+0x2d/0x2d [ 2212.752859] populate_vma_page_range+0x20d/0x2a0 [ 2212.757648] __mm_populate+0x204/0x380 [ 2212.761671] ? populate_vma_page_range+0x2a0/0x2a0 [ 2212.766624] __x64_sys_mlockall+0x35c/0x520 [ 2212.770971] do_syscall_64+0xfd/0x620 [ 2212.774799] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2212.780004] RIP: 0033:0x45b349 [ 2212.783216] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2212.802129] RSP: 002b:00007fbf16a2fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 2212.809852] RAX: ffffffffffffffda RBX: 00007fbf16a306d4 RCX: 000000000045b349 [ 2212.817137] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 2212.824426] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2212.831719] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2212.839007] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bf2c [ 2212.852928] Task in /syz2 killed as a result of limit of /syz2 [ 2212.859357] memory: usage 307200kB, limit 307200kB, failcnt 149 [ 2212.865685] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2212.872702] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2212.879099] Memory cgroup stats for /syz2: cache:24KB rss:296092KB rss_huge:28672KB shmem:60KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:250792KB active_anon:8728KB inactive_file:8KB active_file:0KB unevictable:36628KB [ 2212.901648] Memory cgroup out of memory: Kill process 4245 (syz-executor.2) score 233 or sacrifice child [ 2212.911820] Killed process 4251 (syz-executor.2) total-vm:72588kB, anon-rss:18196kB, file-rss:34816kB, shmem-rss:0kB [ 2212.957912] syz-executor.4 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 2212.969538] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 2212.975087] CPU: 0 PID: 4253 Comm: syz-executor.4 Not tainted 4.19.99-syzkaller #0 [ 2212.982814] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2212.992188] Call Trace: [ 2212.994795] dump_stack+0x197/0x210 [ 2212.998456] dump_header+0x15e/0xa55 [ 2213.002215] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2213.007343] ? ___ratelimit+0x60/0x595 [ 2213.011289] ? do_raw_spin_unlock+0x181/0x270 [ 2213.015818] oom_kill_process.cold+0x10/0x6ef [ 2213.020336] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2213.026020] ? task_will_free_mem+0x139/0x6e0 [ 2213.030671] out_of_memory+0x362/0x1330 [ 2213.034679] ? retint_kernel+0x2d/0x2d [ 2213.038595] ? oom_killer_disable+0x280/0x280 [ 2213.043152] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2213.048012] ? memcg_event_wake+0x230/0x230 [ 2213.052363] ? do_raw_spin_unlock+0x181/0x270 [ 2213.056877] ? _raw_spin_unlock+0x2d/0x50 [ 2213.061052] try_charge+0xec5/0x1490 [ 2213.064788] ? lock_downgrade+0x880/0x880 [ 2213.068967] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2213.073851] ? rcu_read_unlock+0x33/0x60 [ 2213.077929] ? get_mem_cgroup_from_mm+0x185/0x510 [ 2213.082918] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 2213.089015] mem_cgroup_try_charge+0x259/0x6b0 [ 2213.093632] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2213.098601] wp_page_copy+0x430/0x16a0 [ 2213.102522] ? follow_pfn+0x2a0/0x2a0 [ 2213.106346] ? do_raw_spin_unlock+0x181/0x270 [ 2213.110863] do_wp_page+0x57d/0x10b0 [ 2213.114622] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2213.119324] ? kasan_check_write+0x14/0x20 [ 2213.123662] ? do_raw_spin_lock+0xd7/0x250 [ 2213.127922] __handle_mm_fault+0x2305/0x3f80 [ 2213.132356] ? copy_page_range+0x2030/0x2030 [ 2213.136802] ? count_memcg_event_mm+0x2b1/0x4d0 [ 2213.141591] handle_mm_fault+0x1b5/0x690 [ 2213.145699] __get_user_pages+0x609/0x1860 [ 2213.149974] ? follow_page_mask+0x1ac0/0x1ac0 [ 2213.154498] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2213.159286] ? retint_kernel+0x2d/0x2d [ 2213.163204] populate_vma_page_range+0x20d/0x2a0 [ 2213.167991] __mm_populate+0x204/0x380 [ 2213.172090] ? populate_vma_page_range+0x2a0/0x2a0 [ 2213.177053] __x64_sys_mlockall+0x35c/0x520 [ 2213.181399] do_syscall_64+0xfd/0x620 [ 2213.185667] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2213.190871] RIP: 0033:0x45b349 [ 2213.194072] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2213.213490] RSP: 002b:00007f86ac33cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 2213.221222] RAX: ffffffffffffffda RBX: 00007f86ac33d6d4 RCX: 000000000045b349 [ 2213.228508] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 2213.235885] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 2213.244564] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2213.251984] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bfd4 [ 2213.260434] Task in /syz4 killed as a result of limit of /syz4 [ 2213.266792] memory: usage 301020kB, limit 307200kB, failcnt 26399 [ 2213.273294] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2213.280231] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2213.286624] Memory cgroup stats for /syz4: cache:124KB rss:287532KB rss_huge:184320KB shmem:24KB mapped_file:132KB dirty:0KB writeback:0KB swap:0KB inactive_anon:147344KB active_anon:13396KB inactive_file:8KB active_file:0KB unevictable:126868KB 03:27:14 executing program 5: sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r0 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r0, 0x89f0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x7ffff000) r1 = socket(0x0, 0x400000000080803, 0x0) write(r1, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) [ 2213.309340] Memory cgroup out of memory: Kill process 4244 (syz-executor.4) score 1226 or sacrifice child [ 2213.319613] Killed process 4244 (syz-executor.4) total-vm:72720kB, anon-rss:18324kB, file-rss:54376kB, shmem-rss:0kB 03:27:15 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x68, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x38, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}]}}]}, 0x68}, 0x1, 0xfffff000}, 0x0) 03:27:15 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x70, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x40, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{0x0, 0x0, 0x900}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}, @TCA_RSVP_CLASSID={0x8, 0x1, {0x0, 0x8}}]}}]}, 0x70}}, 0x0) 03:27:15 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) ioctl$sock_ifreq(0xffffffffffffffff, 0x89f0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r1 = socket(0x0, 0x400000000080803, 0x0) write(r1, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:27:16 executing program 4: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, &(0x7f0000000180)={'tunl0\x00', @ifru_flags}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240), 0x0) 03:27:16 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x68, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x38, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}]}}]}, 0x68}, 0x1, 0xffffff7f}, 0x0) [ 2215.212677] syz-executor.5 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 2215.224743] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 2215.230466] CPU: 1 PID: 4265 Comm: syz-executor.5 Not tainted 4.19.99-syzkaller #0 [ 2215.238285] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2215.247664] Call Trace: [ 2215.250272] dump_stack+0x197/0x210 [ 2215.253938] dump_header+0x15e/0xa55 [ 2215.257682] ? oom_kill_process+0x136/0x150 [ 2215.262041] oom_kill_process.cold+0x10/0x6ef [ 2215.266565] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2215.272148] ? task_will_free_mem+0x139/0x6e0 [ 2215.276673] ? find_held_lock+0x35/0x130 [ 2215.280756] out_of_memory+0x362/0x1330 [ 2215.284922] ? lock_downgrade+0x880/0x880 [ 2215.289083] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2215.294212] ? oom_killer_disable+0x280/0x280 [ 2215.298725] ? find_held_lock+0x35/0x130 [ 2215.302907] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2215.307776] ? memcg_event_wake+0x230/0x230 [ 2215.312223] ? do_raw_spin_unlock+0x181/0x270 [ 2215.316735] ? _raw_spin_unlock+0x2d/0x50 [ 2215.320909] try_charge+0xec5/0x1490 [ 2215.324655] ? lock_downgrade+0x880/0x880 [ 2215.328844] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2215.333708] ? rcu_read_unlock+0x33/0x60 [ 2215.339284] ? get_mem_cgroup_from_mm+0x185/0x510 [ 2215.344260] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 2215.350342] ? retint_kernel+0x2d/0x2d [ 2215.354263] mem_cgroup_try_charge+0x259/0x6b0 [ 2215.358879] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2215.363830] wp_page_copy+0x430/0x16a0 [ 2215.367766] ? follow_pfn+0x2a0/0x2a0 [ 2215.371590] ? do_raw_spin_unlock+0x181/0x270 [ 2215.376098] do_wp_page+0x57d/0x10b0 [ 2215.379839] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2215.384537] ? kasan_check_write+0x14/0x20 [ 2215.388791] ? do_raw_spin_lock+0xd7/0x250 [ 2215.393098] __handle_mm_fault+0x2305/0x3f80 [ 2215.397541] ? copy_page_range+0x2030/0x2030 [ 2215.402089] ? count_memcg_event_mm+0x2b1/0x4d0 [ 2215.406801] handle_mm_fault+0x1b5/0x690 [ 2215.411199] __get_user_pages+0x609/0x1860 [ 2215.415561] ? follow_page_mask+0x1ac0/0x1ac0 [ 2215.420099] ? retint_kernel+0x2d/0x2d [ 2215.424042] populate_vma_page_range+0x20d/0x2a0 [ 2215.428824] __mm_populate+0x204/0x380 [ 2215.432766] ? populate_vma_page_range+0x2a0/0x2a0 [ 2215.437741] __x64_sys_mlockall+0x35c/0x520 [ 2215.442090] do_syscall_64+0xfd/0x620 [ 2215.445915] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2215.451394] RIP: 0033:0x45b349 [ 2215.455381] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2215.474296] RSP: 002b:00007f4b94dddc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 2215.482147] RAX: ffffffffffffffda RBX: 00007f4b94dde6d4 RCX: 000000000045b349 [ 2215.489431] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 2215.497238] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2215.504638] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2215.511926] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bf2c [ 2215.521790] Task in /syz5 killed as a result of limit of /syz5 [ 2215.528448] memory: usage 307200kB, limit 307200kB, failcnt 720 [ 2215.534720] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2215.541838] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2215.548350] Memory cgroup stats for /syz5: cache:188KB rss:295144KB rss_huge:38912KB shmem:80KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:237820KB active_anon:6344KB inactive_file:4KB active_file:4KB unevictable:51096KB [ 2215.572042] Memory cgroup out of memory: Kill process 4264 (syz-executor.5) score 1226 or sacrifice child [ 2215.582663] Killed process 4268 (syz-executor.5) total-vm:72720kB, anon-rss:18328kB, file-rss:34816kB, shmem-rss:0kB [ 2216.211634] syz-executor.2 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=0 [ 2216.223037] syz-executor.2 cpuset=syz2 mems_allowed=0-1 [ 2216.228753] CPU: 0 PID: 4364 Comm: syz-executor.2 Not tainted 4.19.99-syzkaller #0 [ 2216.236479] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2216.245847] Call Trace: [ 2216.248577] dump_stack+0x197/0x210 [ 2216.252239] dump_header+0x15e/0xa55 [ 2216.256664] ? oom_kill_process+0x136/0x150 [ 2216.261009] oom_kill_process.cold+0x10/0x6ef [ 2216.265528] ? out_of_memory+0xe3/0x1330 [ 2216.269620] out_of_memory+0x362/0x1330 [ 2216.273615] ? retint_kernel+0x2d/0x2d [ 2216.277524] ? oom_killer_disable+0x280/0x280 [ 2216.282045] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2216.286913] ? memcg_event_wake+0x230/0x230 [ 2216.291254] ? do_raw_spin_unlock+0x181/0x270 [ 2216.295783] ? _raw_spin_unlock+0x2d/0x50 [ 2216.299944] try_charge+0xec5/0x1490 [ 2216.303703] ? lock_downgrade+0x880/0x880 [ 2216.307870] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2216.312733] ? rcu_read_unlock+0x33/0x60 [ 2216.316819] ? get_mem_cgroup_from_mm+0x185/0x510 [ 2216.321695] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 2216.327784] mem_cgroup_try_charge+0x259/0x6b0 [ 2216.332400] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2216.337357] wp_page_copy+0x430/0x16a0 [ 2216.341275] ? follow_pfn+0x2a0/0x2a0 [ 2216.345087] ? do_raw_spin_unlock+0x181/0x270 [ 2216.349601] do_wp_page+0x57d/0x10b0 [ 2216.353340] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2216.358031] ? kasan_check_write+0x14/0x20 [ 2216.362278] ? do_raw_spin_lock+0xd7/0x250 [ 2216.366538] __handle_mm_fault+0x2305/0x3f80 [ 2216.370971] ? copy_page_range+0x2030/0x2030 [ 2216.375422] ? count_memcg_event_mm+0x2b1/0x4d0 [ 2216.380101] handle_mm_fault+0x1b5/0x690 [ 2216.384185] __get_user_pages+0x609/0x1860 [ 2216.388460] ? follow_page_mask+0x1ac0/0x1ac0 [ 2216.392973] ? retint_kernel+0x2d/0x2d [ 2216.396897] populate_vma_page_range+0x20d/0x2a0 [ 2216.401670] __mm_populate+0x204/0x380 [ 2216.405585] ? populate_vma_page_range+0x2a0/0x2a0 [ 2216.410546] __x64_sys_mlockall+0x35c/0x520 [ 2216.414878] do_syscall_64+0xfd/0x620 [ 2216.418774] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2216.423976] RIP: 0033:0x45b349 [ 2216.427187] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2216.446623] RSP: 002b:00007fbf16a2fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 2216.454466] RAX: ffffffffffffffda RBX: 00007fbf16a306d4 RCX: 000000000045b349 [ 2216.461754] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 2216.469128] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2216.476414] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2216.483723] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bf2c [ 2216.492664] Task in /syz2 killed as a result of limit of /syz2 [ 2216.498952] memory: usage 307200kB, limit 307200kB, failcnt 176 [ 2216.505285] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2216.512140] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2216.518415] Memory cgroup stats for /syz2: cache:24KB rss:296044KB rss_huge:28672KB shmem:60KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:250784KB active_anon:8728KB inactive_file:4KB active_file:4KB unevictable:36628KB [ 2216.541248] Memory cgroup out of memory: Kill process 4363 (syz-executor.2) score 233 or sacrifice child [ 2216.551550] Killed process 4365 (syz-executor.2) total-vm:72588kB, anon-rss:18196kB, file-rss:34816kB, shmem-rss:0kB [ 2218.356330] syz-executor.4 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 2218.368896] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 2218.375213] CPU: 0 PID: 4369 Comm: syz-executor.4 Not tainted 4.19.99-syzkaller #0 [ 2218.380475] oom_reaper: reaped process 4268 (syz-executor.5), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 2218.383023] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2218.383030] Call Trace: 03:27:19 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x70, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x40, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{0x0, 0x0, 0xa00}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}, @TCA_RSVP_CLASSID={0x8, 0x1, {0x0, 0x8}}]}}]}, 0x70}}, 0x0) [ 2218.383055] dump_stack+0x197/0x210 [ 2218.383075] dump_header+0x15e/0xa55 [ 2218.413322] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2218.418455] ? ___ratelimit+0x60/0x595 [ 2218.422384] ? do_raw_spin_unlock+0x181/0x270 [ 2218.426910] oom_kill_process.cold+0x10/0x6ef [ 2218.431438] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2218.437040] ? task_will_free_mem+0x139/0x6e0 [ 2218.441558] ? find_held_lock+0x35/0x130 [ 2218.445674] out_of_memory+0x362/0x1330 [ 2218.449783] ? lock_downgrade+0x880/0x880 [ 2218.453962] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2218.459188] ? oom_killer_disable+0x280/0x280 [ 2218.463707] ? find_held_lock+0x35/0x130 [ 2218.467814] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2218.472787] ? memcg_event_wake+0x230/0x230 [ 2218.477231] ? do_raw_spin_unlock+0x181/0x270 [ 2218.481767] ? _raw_spin_unlock+0x2d/0x50 [ 2218.485949] try_charge+0xec5/0x1490 [ 2218.489691] ? lock_downgrade+0x880/0x880 [ 2218.493964] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2218.498829] ? rcu_read_unlock+0x33/0x60 [ 2218.503010] ? get_mem_cgroup_from_mm+0x185/0x510 [ 2218.507878] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 2218.514060] mem_cgroup_try_charge+0x259/0x6b0 [ 2218.519367] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2218.524328] wp_page_copy+0x430/0x16a0 [ 2218.528260] ? follow_pfn+0x2a0/0x2a0 [ 2218.532090] ? do_raw_spin_unlock+0x181/0x270 [ 2218.536787] do_wp_page+0x57d/0x10b0 [ 2218.540675] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2218.545369] ? kasan_check_write+0x14/0x20 [ 2218.549623] ? do_raw_spin_lock+0xd7/0x250 [ 2218.553889] __handle_mm_fault+0x2305/0x3f80 [ 2218.558784] ? copy_page_range+0x2030/0x2030 [ 2218.563253] ? count_memcg_event_mm+0x2b1/0x4d0 [ 2218.567953] handle_mm_fault+0x1b5/0x690 [ 2218.572844] __get_user_pages+0x609/0x1860 [ 2218.577121] ? follow_page_mask+0x1ac0/0x1ac0 [ 2218.581663] ? retint_kernel+0x2d/0x2d [ 2218.585600] populate_vma_page_range+0x20d/0x2a0 [ 2218.590382] __mm_populate+0x204/0x380 [ 2218.594293] ? populate_vma_page_range+0x2a0/0x2a0 [ 2218.599261] ? __x64_sys_mlockall+0x386/0x520 [ 2218.603795] __x64_sys_mlockall+0x35c/0x520 [ 2218.608146] do_syscall_64+0xfd/0x620 [ 2218.612095] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2218.617740] RIP: 0033:0x45b349 [ 2218.620949] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2218.639946] RSP: 002b:00007f86ac35dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 2218.647675] RAX: ffffffffffffffda RBX: 00007f86ac35e6d4 RCX: 000000000045b349 [ 2218.654966] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 2218.662263] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2218.669556] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2218.676868] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bf2c [ 2218.685803] Task in /syz4 killed as a result of limit of /syz4 [ 2218.692459] memory: usage 307200kB, limit 307200kB, failcnt 26428 [ 2218.699009] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2218.706421] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2218.713994] Memory cgroup stats for /syz4: cache:124KB rss:293484KB rss_huge:184320KB shmem:24KB mapped_file:132KB dirty:0KB writeback:0KB swap:0KB inactive_anon:153512KB active_anon:13396KB inactive_file:0KB active_file:8KB unevictable:126740KB [ 2218.737333] Memory cgroup out of memory: Kill process 4366 (syz-executor.4) score 1226 or sacrifice child [ 2218.747721] Killed process 4371 (syz-executor.4) total-vm:72588kB, anon-rss:18196kB, file-rss:34944kB, shmem-rss:0kB 03:27:20 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:27:20 executing program 5: sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r0 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r0, 0x89f0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x7ffff000) r1 = socket(0x0, 0x400000000080803, 0x0) write(r1, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:27:20 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x68, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x38, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}]}}]}, 0x68}, 0x1, 0xffffff9e}, 0x0) 03:27:21 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) ioctl$sock_ifreq(0xffffffffffffffff, 0x89f0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r1 = socket(0x0, 0x400000000080803, 0x0) write(r1, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) [ 2220.396326] syz-executor.5 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 2220.408105] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 2220.413958] CPU: 1 PID: 4381 Comm: syz-executor.5 Not tainted 4.19.99-syzkaller #0 [ 2220.422044] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2220.431501] Call Trace: [ 2220.434107] dump_stack+0x197/0x210 [ 2220.437766] dump_header+0x15e/0xa55 [ 2220.441626] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2220.446942] ? ___ratelimit+0x60/0x595 [ 2220.451128] ? do_raw_spin_unlock+0x181/0x270 [ 2220.455648] oom_kill_process.cold+0x10/0x6ef [ 2220.460168] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2220.465734] ? task_will_free_mem+0x139/0x6e0 [ 2220.471297] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2220.476257] out_of_memory+0x362/0x1330 [ 2220.480363] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2220.485689] ? oom_killer_disable+0x280/0x280 [ 2220.490216] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2220.495078] ? memcg_event_wake+0x230/0x230 [ 2220.499425] ? do_raw_spin_unlock+0x181/0x270 [ 2220.504026] ? _raw_spin_unlock+0x2d/0x50 [ 2220.508536] try_charge+0xec5/0x1490 [ 2220.512272] ? lock_downgrade+0x880/0x880 [ 2220.516700] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2220.521576] ? rcu_read_unlock+0x33/0x60 [ 2220.525651] ? get_mem_cgroup_from_mm+0x185/0x510 [ 2220.530542] ? retint_kernel+0x2d/0x2d [ 2220.534454] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 2220.540544] mem_cgroup_try_charge+0x259/0x6b0 [ 2220.545156] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2220.550134] wp_page_copy+0x430/0x16a0 [ 2220.554054] ? follow_pfn+0x2a0/0x2a0 [ 2220.557877] ? do_raw_spin_unlock+0x181/0x270 [ 2220.562400] do_wp_page+0x57d/0x10b0 [ 2220.566136] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2220.570815] ? kasan_check_write+0x14/0x20 [ 2220.575071] ? do_raw_spin_lock+0xd7/0x250 [ 2220.579363] __handle_mm_fault+0x2305/0x3f80 [ 2220.583789] ? copy_page_range+0x2030/0x2030 [ 2220.588232] ? count_memcg_event_mm+0x2b1/0x4d0 [ 2220.593051] handle_mm_fault+0x1b5/0x690 [ 2220.597139] __get_user_pages+0x609/0x1860 [ 2220.601405] ? follow_page_mask+0x1ac0/0x1ac0 [ 2220.605922] ? retint_kernel+0x2d/0x2d [ 2220.609956] ? __get_user_pages+0x405/0x1860 [ 2220.614406] populate_vma_page_range+0x20d/0x2a0 [ 2220.619623] __mm_populate+0x204/0x380 [ 2220.623881] ? populate_vma_page_range+0x2a0/0x2a0 [ 2220.628868] ? up_write+0x6d/0x150 [ 2220.632446] __x64_sys_mlockall+0x35c/0x520 [ 2220.636880] do_syscall_64+0xfd/0x620 [ 2220.641023] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2220.646230] RIP: 0033:0x45b349 [ 2220.649440] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2220.669500] RSP: 002b:00007f4b94dddc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 2220.677962] RAX: ffffffffffffffda RBX: 00007f4b94dde6d4 RCX: 000000000045b349 [ 2220.685249] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 2220.692536] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2220.699823] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2220.707208] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bf2c [ 2220.717893] Task in /syz5 killed as a result of limit of /syz5 [ 2220.724682] memory: usage 307200kB, limit 307200kB, failcnt 1211 [ 2220.731611] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2220.738579] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2220.745041] Memory cgroup stats for /syz5: cache:188KB rss:295196KB rss_huge:45056KB shmem:80KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:231872KB active_anon:6344KB inactive_file:4KB active_file:4KB unevictable:57108KB [ 2220.767963] Memory cgroup out of memory: Kill process 4380 (syz-executor.5) score 1226 or sacrifice child [ 2220.778507] Killed process 4383 (syz-executor.5) total-vm:72588kB, anon-rss:18196kB, file-rss:34816kB, shmem-rss:0kB [ 2221.336468] syz-executor.2 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=0 [ 2221.348052] syz-executor.2 cpuset=syz2 mems_allowed=0-1 [ 2221.354477] CPU: 0 PID: 4392 Comm: syz-executor.2 Not tainted 4.19.99-syzkaller #0 [ 2221.362320] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2221.371694] Call Trace: [ 2221.374341] dump_stack+0x197/0x210 [ 2221.378014] dump_header+0x15e/0xa55 [ 2221.381760] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2221.386892] ? ___ratelimit+0x60/0x595 [ 2221.390815] oom_kill_process.cold+0x10/0x6ef [ 2221.395416] ? out_of_memory+0x14a/0x1330 [ 2221.399685] out_of_memory+0x362/0x1330 [ 2221.403702] ? lock_downgrade+0x880/0x880 [ 2221.407876] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2221.412998] ? oom_killer_disable+0x280/0x280 [ 2221.417567] ? find_held_lock+0x35/0x130 [ 2221.422365] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2221.427232] ? memcg_event_wake+0x230/0x230 [ 2221.431604] ? do_raw_spin_unlock+0x181/0x270 [ 2221.436236] ? _raw_spin_unlock+0x2d/0x50 [ 2221.440408] try_charge+0xec5/0x1490 [ 2221.444145] ? lock_downgrade+0x880/0x880 [ 2221.448323] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2221.453226] ? rcu_read_unlock+0x33/0x60 [ 2221.457387] ? get_mem_cgroup_from_mm+0x185/0x510 [ 2221.462288] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 2221.468388] mem_cgroup_try_charge+0x259/0x6b0 [ 2221.473006] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2221.477971] wp_page_copy+0x430/0x16a0 [ 2221.481901] ? follow_pfn+0x2a0/0x2a0 [ 2221.485834] do_wp_page+0x57d/0x10b0 [ 2221.489571] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2221.494267] ? kasan_check_write+0x14/0x20 [ 2221.498520] ? do_raw_spin_lock+0xd7/0x250 [ 2221.502783] __handle_mm_fault+0x2305/0x3f80 [ 2221.507923] ? copy_page_range+0x2030/0x2030 [ 2221.512370] ? count_memcg_event_mm+0x2b1/0x4d0 [ 2221.517067] handle_mm_fault+0x1b5/0x690 [ 2221.521173] __get_user_pages+0x609/0x1860 [ 2221.525442] ? follow_page_mask+0x1ac0/0x1ac0 [ 2221.530086] ? retint_kernel+0x2d/0x2d [ 2221.534120] populate_vma_page_range+0x20d/0x2a0 [ 2221.538911] __mm_populate+0x204/0x380 [ 2221.542845] ? populate_vma_page_range+0x2a0/0x2a0 [ 2221.547810] __x64_sys_mlockall+0x35c/0x520 [ 2221.552161] do_syscall_64+0xfd/0x620 [ 2221.556000] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2221.561210] RIP: 0033:0x45b349 [ 2221.564426] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2221.583356] RSP: 002b:00007fbf16a2fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 2221.591091] RAX: ffffffffffffffda RBX: 00007fbf16a306d4 RCX: 000000000045b349 [ 2221.598379] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 2221.605667] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2221.613031] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2221.620319] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bf2c [ 2221.646278] Task in /syz2 killed as a result of limit of /syz2 [ 2221.653148] memory: usage 307200kB, limit 307200kB, failcnt 229 [ 2221.659676] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2221.666694] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2221.673283] Memory cgroup stats for /syz2: cache:24KB rss:296076KB rss_huge:28672KB shmem:60KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:250772KB active_anon:8728KB inactive_file:4KB active_file:4KB unevictable:36628KB 03:27:23 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x70, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x40, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{0x0, 0x0, 0xb00}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}, @TCA_RSVP_CLASSID={0x8, 0x1, {0x0, 0x8}}]}}]}, 0x70}}, 0x0) 03:27:23 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x68, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x38, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}]}}]}, 0x68}, 0x1, 0xfffffff0}, 0x0) [ 2221.695599] Memory cgroup out of memory: Kill process 4391 (syz-executor.2) score 233 or sacrifice child [ 2221.706039] Killed process 4393 (syz-executor.2) total-vm:72588kB, anon-rss:18196kB, file-rss:34944kB, shmem-rss:0kB 03:27:23 executing program 4: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, &(0x7f0000000180)={'tunl0\x00', @ifru_flags}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240), 0x0) 03:27:23 executing program 5: sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r0 = socket$inet(0x10, 0x0, 0x0) ioctl$sock_ifreq(r0, 0x89f0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x7ffff000) r1 = socket(0x0, 0x400000000080803, 0x0) write(r1, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:27:23 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:27:23 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x70, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x40, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{0x0, 0x0, 0xc00}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}, @TCA_RSVP_CLASSID={0x8, 0x1, {0x0, 0x8}}]}}]}, 0x70}}, 0x0) 03:27:24 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x68, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x38, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}]}}]}, 0x68}, 0x1, 0xfffffffc}, 0x0) 03:27:24 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, 0x0, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) [ 2224.290408] syz-executor.5 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 2224.302393] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 2224.308115] CPU: 1 PID: 4411 Comm: syz-executor.5 Not tainted 4.19.99-syzkaller #0 [ 2224.315837] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2224.325215] Call Trace: [ 2224.327820] dump_stack+0x197/0x210 [ 2224.331464] dump_header+0x15e/0xa55 [ 2224.335205] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2224.340427] ? ___ratelimit+0x60/0x595 [ 2224.344329] ? do_raw_spin_unlock+0x181/0x270 [ 2224.348869] oom_kill_process.cold+0x10/0x6ef [ 2224.353399] ? mem_cgroup_get_max+0x70/0x240 [ 2224.357843] out_of_memory+0x362/0x1330 [ 2224.361848] ? lock_downgrade+0x880/0x880 [ 2224.366017] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2224.371150] ? oom_killer_disable+0x280/0x280 [ 2224.375747] ? find_held_lock+0x35/0x130 [ 2224.379842] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2224.384886] ? memcg_event_wake+0x230/0x230 [ 2224.389231] ? do_raw_spin_unlock+0x181/0x270 [ 2224.393794] ? _raw_spin_unlock+0x2d/0x50 [ 2224.397964] try_charge+0xec5/0x1490 [ 2224.401697] ? lock_downgrade+0x880/0x880 [ 2224.405872] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2224.410732] ? rcu_read_unlock+0x33/0x60 [ 2224.414799] ? get_mem_cgroup_from_mm+0x185/0x510 [ 2224.419792] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 2224.425869] mem_cgroup_try_charge+0x259/0x6b0 [ 2224.430483] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2224.435431] wp_page_copy+0x430/0x16a0 [ 2224.439344] ? follow_pfn+0x2a0/0x2a0 [ 2224.443168] ? do_raw_spin_unlock+0x181/0x270 [ 2224.447817] do_wp_page+0x57d/0x10b0 [ 2224.451556] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2224.456239] ? kasan_check_write+0x14/0x20 [ 2224.460491] ? do_raw_spin_lock+0xd7/0x250 [ 2224.464774] __handle_mm_fault+0x2305/0x3f80 [ 2224.469350] ? copy_page_range+0x2030/0x2030 [ 2224.473800] ? count_memcg_event_mm+0x2b1/0x4d0 [ 2224.478493] handle_mm_fault+0x1b5/0x690 [ 2224.482593] __get_user_pages+0x609/0x1860 [ 2224.486854] ? follow_page_mask+0x1ac0/0x1ac0 [ 2224.491367] ? retint_kernel+0x2d/0x2d [ 2224.495289] populate_vma_page_range+0x20d/0x2a0 [ 2224.500098] __mm_populate+0x204/0x380 [ 2224.504716] ? populate_vma_page_range+0x2a0/0x2a0 [ 2224.509675] __x64_sys_mlockall+0x35c/0x520 [ 2224.514005] do_syscall_64+0xfd/0x620 [ 2224.518793] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2224.524000] RIP: 0033:0x45b349 [ 2224.527223] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2224.546149] RSP: 002b:00007f4b94dddc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 2224.553880] RAX: ffffffffffffffda RBX: 00007f4b94dde6d4 RCX: 000000000045b349 [ 2224.561332] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 2224.568619] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2224.575906] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2224.583184] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bf2c [ 2224.592471] Task in /syz5 killed as a result of limit of /syz5 [ 2224.598962] memory: usage 307200kB, limit 307200kB, failcnt 1243 [ 2224.605557] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2224.612446] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2224.618743] Memory cgroup stats for /syz5: cache:188KB rss:295144KB rss_huge:38912KB shmem:80KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:238016KB active_anon:6344KB inactive_file:4KB active_file:4KB unevictable:50964KB [ 2224.641986] Memory cgroup out of memory: Kill process 4410 (syz-executor.5) score 1223 or sacrifice child [ 2224.652285] Killed process 4412 (syz-executor.5) total-vm:72588kB, anon-rss:18196kB, file-rss:34816kB, shmem-rss:0kB [ 2224.668663] syz-executor.2 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=0 [ 2224.680456] syz-executor.2 cpuset=syz2 mems_allowed=0-1 [ 2224.686240] CPU: 0 PID: 4416 Comm: syz-executor.2 Not tainted 4.19.99-syzkaller #0 [ 2224.694063] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2224.703447] Call Trace: [ 2224.706056] dump_stack+0x197/0x210 [ 2224.709693] dump_header+0x15e/0xa55 [ 2224.713448] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2224.718599] ? ___ratelimit+0x60/0x595 [ 2224.722516] ? do_raw_spin_unlock+0x181/0x270 [ 2224.727473] oom_kill_process.cold+0x10/0x6ef [ 2224.731993] out_of_memory+0x362/0x1330 [ 2224.735980] ? retint_kernel+0x2d/0x2d [ 2224.739878] ? oom_killer_disable+0x280/0x280 [ 2224.744404] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2224.750313] ? memcg_event_wake+0x230/0x230 [ 2224.754662] ? do_raw_spin_unlock+0x181/0x270 [ 2224.759186] ? _raw_spin_unlock+0x2d/0x50 [ 2224.763543] try_charge+0xec5/0x1490 [ 2224.767288] ? lock_downgrade+0x880/0x880 [ 2224.771452] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2224.776323] ? rcu_read_unlock+0x33/0x60 [ 2224.780400] ? get_mem_cgroup_from_mm+0x185/0x510 [ 2224.785407] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 2224.791486] mem_cgroup_try_charge+0x259/0x6b0 [ 2224.796095] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2224.801048] wp_page_copy+0x430/0x16a0 [ 2224.804958] ? follow_pfn+0x2a0/0x2a0 [ 2224.808792] ? do_raw_spin_unlock+0x181/0x270 [ 2224.813334] do_wp_page+0x57d/0x10b0 [ 2224.817071] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2224.821767] ? kasan_check_write+0x14/0x20 [ 2224.826019] ? do_raw_spin_lock+0xd7/0x250 [ 2224.830285] __handle_mm_fault+0x2305/0x3f80 [ 2224.834729] ? copy_page_range+0x2030/0x2030 [ 2224.839200] ? count_memcg_event_mm+0x2b1/0x4d0 [ 2224.843897] handle_mm_fault+0x1b5/0x690 [ 2224.848060] __get_user_pages+0x609/0x1860 [ 2224.852314] ? follow_page_mask+0x1ac0/0x1ac0 [ 2224.856842] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2224.861629] ? retint_kernel+0x2d/0x2d [ 2224.865544] populate_vma_page_range+0x20d/0x2a0 [ 2224.870318] __mm_populate+0x204/0x380 [ 2224.874218] ? populate_vma_page_range+0x2a0/0x2a0 [ 2224.879174] __x64_sys_mlockall+0x35c/0x520 [ 2224.883515] do_syscall_64+0xfd/0x620 [ 2224.887341] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2224.892535] RIP: 0033:0x45b349 [ 2224.895733] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2224.914722] RSP: 002b:00007fbf16a2fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 2224.922467] RAX: ffffffffffffffda RBX: 00007fbf16a306d4 RCX: 000000000045b349 [ 2224.929759] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 2224.937028] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2224.944301] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2224.951573] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bf2c [ 2224.961216] Task in /syz2 killed as a result of limit of /syz2 [ 2224.967532] memory: usage 307200kB, limit 307200kB, failcnt 240 [ 2224.973912] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2224.981141] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2224.987393] Memory cgroup stats for /syz2: cache:24KB rss:295944KB rss_huge:30720KB shmem:60KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:248688KB active_anon:8728KB inactive_file:0KB active_file:4KB unevictable:38676KB [ 2225.009566] Memory cgroup out of memory: Kill process 4414 (syz-executor.2) score 236 or sacrifice child [ 2225.020136] Killed process 4421 (syz-executor.2) total-vm:72588kB, anon-rss:18196kB, file-rss:34816kB, shmem-rss:0kB [ 2225.059713] syz-executor.5 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 2225.071286] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 2225.077015] CPU: 0 PID: 4411 Comm: syz-executor.5 Not tainted 4.19.99-syzkaller #0 [ 2225.084724] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2225.094088] Call Trace: [ 2225.096691] dump_stack+0x197/0x210 [ 2225.100329] dump_header+0x15e/0xa55 [ 2225.104049] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2225.109159] ? ___ratelimit+0x60/0x595 [ 2225.113052] ? do_raw_spin_unlock+0x181/0x270 [ 2225.117559] oom_kill_process.cold+0x10/0x6ef [ 2225.122071] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2225.127628] ? task_will_free_mem+0x139/0x6e0 [ 2225.132139] out_of_memory+0x362/0x1330 [ 2225.136126] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2225.141256] ? oom_killer_disable+0x280/0x280 [ 2225.145761] ? find_held_lock+0x35/0x130 [ 2225.149839] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2225.154694] ? memcg_event_wake+0x230/0x230 [ 2225.159043] ? do_raw_spin_unlock+0x181/0x270 [ 2225.163544] ? _raw_spin_unlock+0x2d/0x50 [ 2225.167701] try_charge+0xec5/0x1490 [ 2225.171423] ? lock_downgrade+0x880/0x880 [ 2225.175581] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2225.180435] ? rcu_read_unlock+0x33/0x60 [ 2225.184507] ? get_mem_cgroup_from_mm+0x185/0x510 [ 2225.189364] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 2225.195541] mem_cgroup_try_charge+0x259/0x6b0 [ 2225.200175] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2225.205113] wp_page_copy+0x430/0x16a0 [ 2225.209016] ? follow_pfn+0x2a0/0x2a0 [ 2225.212834] ? do_raw_spin_unlock+0x181/0x270 [ 2225.217352] do_wp_page+0x57d/0x10b0 [ 2225.221086] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2225.225766] ? kasan_check_write+0x14/0x20 [ 2225.230004] ? do_raw_spin_lock+0xd7/0x250 [ 2225.234264] __handle_mm_fault+0x2305/0x3f80 [ 2225.238694] ? copy_page_range+0x2030/0x2030 [ 2225.243123] ? count_memcg_event_mm+0x2b1/0x4d0 [ 2225.247806] handle_mm_fault+0x1b5/0x690 [ 2225.252009] __get_user_pages+0x609/0x1860 [ 2225.256373] ? follow_page_mask+0x1ac0/0x1ac0 [ 2225.260883] ? retint_kernel+0x2d/0x2d [ 2225.264805] populate_vma_page_range+0x20d/0x2a0 [ 2225.269583] __mm_populate+0x204/0x380 [ 2225.273490] ? populate_vma_page_range+0x2a0/0x2a0 [ 2225.278442] __x64_sys_mlockall+0x35c/0x520 [ 2225.282777] do_syscall_64+0xfd/0x620 [ 2225.286605] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2225.291806] RIP: 0033:0x45b349 [ 2225.295011] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2225.314143] RSP: 002b:00007f4b94dddc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 2225.321873] RAX: ffffffffffffffda RBX: 00007f4b94dde6d4 RCX: 000000000045b349 [ 2225.329155] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 2225.336436] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2225.343720] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2225.351103] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bf2c [ 2225.358762] Task in /syz5 killed as a result of limit of /syz5 [ 2225.367072] memory: usage 291632kB, limit 307200kB, failcnt 1249 [ 2225.374029] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2225.381201] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2225.387633] Memory cgroup stats for /syz5: cache:188KB rss:279836KB rss_huge:38912KB shmem:80KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:222636KB active_anon:6344KB inactive_file:4KB active_file:4KB unevictable:50964KB [ 2225.410173] Memory cgroup out of memory: Kill process 4410 (syz-executor.5) score 1223 or sacrifice child [ 2225.420555] Killed process 4411 (syz-executor.5) total-vm:72588kB, anon-rss:18196kB, file-rss:54376kB, shmem-rss:0kB [ 2225.432947] oom_reaper: reaped process 4411 (syz-executor.5), now anon-rss:18196kB, file-rss:54368kB, shmem-rss:0kB 03:27:27 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x70, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x40, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{0x0, 0x0, 0xe00}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}, @TCA_RSVP_CLASSID={0x8, 0x1, {0x0, 0x8}}]}}]}, 0x70}}, 0x0) 03:27:27 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x68, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x38, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}]}}]}, 0x68}, 0x1, 0x40030000000000}, 0x0) 03:27:27 executing program 4: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, &(0x7f0000000180)={'tunl0\x00', @ifru_flags}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7", 0xe) 03:27:27 executing program 5: sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r0 = socket$inet(0x10, 0x0, 0x0) ioctl$sock_ifreq(r0, 0x89f0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x7ffff000) r1 = socket(0x0, 0x400000000080803, 0x0) write(r1, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) [ 2226.303226] syz-executor.4 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 2226.314540] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 2226.320035] CPU: 1 PID: 4442 Comm: syz-executor.4 Not tainted 4.19.99-syzkaller #0 [ 2226.327763] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2226.337134] Call Trace: [ 2226.339759] dump_stack+0x197/0x210 [ 2226.343425] dump_header+0x15e/0xa55 [ 2226.347166] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2226.352301] ? ___ratelimit+0x60/0x595 [ 2226.356210] ? do_raw_spin_unlock+0x181/0x270 [ 2226.360737] oom_kill_process.cold+0x10/0x6ef [ 2226.365344] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2226.370907] ? task_will_free_mem+0x139/0x6e0 [ 2226.375439] ? find_held_lock+0x35/0x130 [ 2226.379543] out_of_memory+0x362/0x1330 [ 2226.383548] ? lock_downgrade+0x880/0x880 [ 2226.387729] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2226.392865] ? oom_killer_disable+0x280/0x280 [ 2226.397371] ? find_held_lock+0x35/0x130 [ 2226.401458] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2226.406314] ? memcg_event_wake+0x230/0x230 [ 2226.410648] ? do_raw_spin_unlock+0x181/0x270 [ 2226.415672] ? _raw_spin_unlock+0x2d/0x50 [ 2226.419834] try_charge+0xec5/0x1490 [ 2226.423558] ? lock_downgrade+0x880/0x880 [ 2226.427721] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2226.432572] ? rcu_read_unlock+0x33/0x60 [ 2226.436640] ? get_mem_cgroup_from_mm+0x185/0x510 [ 2226.441494] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 2226.447649] ? mark_held_locks+0x100/0x100 [ 2226.451986] mem_cgroup_try_charge+0x259/0x6b0 [ 2226.456585] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2226.461523] __handle_mm_fault+0x1e50/0x3f80 [ 2226.466031] ? copy_page_range+0x2030/0x2030 [ 2226.470468] ? count_memcg_event_mm+0x2b1/0x4d0 [ 2226.475146] handle_mm_fault+0x1b5/0x690 [ 2226.479655] __get_user_pages+0x609/0x1860 [ 2226.483910] ? follow_page_mask+0x1ac0/0x1ac0 [ 2226.488425] ? lock_acquire+0x16f/0x3f0 [ 2226.492406] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2226.497956] populate_vma_page_range+0x20d/0x2a0 [ 2226.505853] __mm_populate+0x204/0x380 [ 2226.509785] ? populate_vma_page_range+0x2a0/0x2a0 [ 2226.514734] __x64_sys_mlockall+0x35c/0x520 [ 2226.519071] do_syscall_64+0xfd/0x620 [ 2226.522884] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2226.528094] RIP: 0033:0x45b349 [ 2226.531480] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2226.550634] RSP: 002b:00007f86ac35dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 2226.560881] RAX: ffffffffffffffda RBX: 00007f86ac35e6d4 RCX: 000000000045b349 [ 2226.568221] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 2226.575506] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2226.582798] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2226.590085] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bf2c [ 2226.597798] Task in /syz4 killed as a result of limit of /syz4 [ 2226.606495] memory: usage 307200kB, limit 307200kB, failcnt 26461 [ 2226.612832] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2226.619920] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2226.626083] Memory cgroup stats for /syz4: cache:124KB rss:293484KB rss_huge:190464KB shmem:24KB mapped_file:132KB dirty:0KB writeback:0KB swap:0KB inactive_anon:163620KB active_anon:13412KB inactive_file:0KB active_file:16KB unevictable:116656KB [ 2226.648235] Memory cgroup out of memory: Kill process 25503 (syz-executor.4) score 1163 or sacrifice child [ 2226.658145] Killed process 25503 (syz-executor.4) total-vm:72720kB, anon-rss:18324kB, file-rss:34816kB, shmem-rss:0kB [ 2227.968415] syz-executor.2 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=0 [ 2227.979841] syz-executor.2 cpuset=syz2 mems_allowed=0-1 [ 2227.985319] CPU: 0 PID: 4447 Comm: syz-executor.2 Not tainted 4.19.99-syzkaller #0 [ 2227.994950] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2228.004767] Call Trace: [ 2228.007416] dump_stack+0x197/0x210 [ 2228.011298] dump_header+0x15e/0xa55 [ 2228.015034] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2228.020141] ? ___ratelimit+0x60/0x595 [ 2228.024021] ? do_raw_spin_unlock+0x181/0x270 [ 2228.028602] oom_kill_process.cold+0x10/0x6ef [ 2228.033097] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2228.038629] ? task_will_free_mem+0x139/0x6e0 [ 2228.043224] out_of_memory+0x362/0x1330 [ 2228.047280] ? retint_kernel+0x2d/0x2d [ 2228.051269] ? oom_killer_disable+0x280/0x280 [ 2228.055782] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2228.060640] ? memcg_event_wake+0x230/0x230 [ 2228.064970] ? do_raw_spin_unlock+0x181/0x270 [ 2228.069458] ? _raw_spin_unlock+0x2d/0x50 [ 2228.073604] try_charge+0xec5/0x1490 [ 2228.077312] ? lock_downgrade+0x880/0x880 [ 2228.081474] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2228.086337] ? rcu_read_unlock+0x33/0x60 [ 2228.090405] ? get_mem_cgroup_from_mm+0x185/0x510 [ 2228.095245] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 2228.101314] mem_cgroup_try_charge+0x259/0x6b0 [ 2228.105912] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2228.110973] wp_page_copy+0x430/0x16a0 [ 2228.114888] ? follow_pfn+0x2a0/0x2a0 [ 2228.118709] ? do_raw_spin_unlock+0x181/0x270 [ 2228.123226] do_wp_page+0x57d/0x10b0 [ 2228.127037] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2228.131708] ? kasan_check_write+0x14/0x20 [ 2228.135943] ? do_raw_spin_lock+0xd7/0x250 [ 2228.144803] __handle_mm_fault+0x2305/0x3f80 [ 2228.149212] ? copy_page_range+0x2030/0x2030 [ 2228.153628] ? count_memcg_event_mm+0x2b1/0x4d0 [ 2228.158310] handle_mm_fault+0x1b5/0x690 [ 2228.162395] __get_user_pages+0x609/0x1860 [ 2228.171494] ? follow_page_mask+0x1ac0/0x1ac0 [ 2228.175985] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2228.180777] ? retint_kernel+0x2d/0x2d [ 2228.184669] populate_vma_page_range+0x20d/0x2a0 [ 2228.189423] __mm_populate+0x204/0x380 [ 2228.193309] ? populate_vma_page_range+0x2a0/0x2a0 [ 2228.198242] __x64_sys_mlockall+0x35c/0x520 [ 2228.202907] do_syscall_64+0xfd/0x620 [ 2228.206705] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2228.211889] RIP: 0033:0x45b349 [ 2228.215077] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2228.233990] RSP: 002b:00007fbf16a2fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 2228.241718] RAX: ffffffffffffffda RBX: 00007fbf16a306d4 RCX: 000000000045b349 [ 2228.248987] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 2228.257818] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2228.265117] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2228.272391] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bf2c [ 2228.279743] Task in /syz2 killed as a result of limit of /syz2 [ 2228.285953] memory: usage 307200kB, limit 307200kB, failcnt 277 [ 2228.292123] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2228.298941] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2228.305144] Memory cgroup stats for /syz2: cache:24KB rss:295956KB rss_huge:28672KB shmem:60KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:250696KB active_anon:8728KB inactive_file:0KB active_file:4KB unevictable:36628KB [ 2228.326897] Memory cgroup out of memory: Kill process 4445 (syz-executor.2) score 236 or sacrifice child [ 2228.337559] Killed process 4449 (syz-executor.2) total-vm:72588kB, anon-rss:18196kB, file-rss:34816kB, shmem-rss:0kB 03:27:27 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x70, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x40, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{0x0, 0x0, 0xf00}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}, @TCA_RSVP_CLASSID={0x8, 0x1, {0x0, 0x8}}]}}]}, 0x70}}, 0x0) 03:27:27 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x68, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x38, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}]}}]}, 0x68}, 0x1, 0xf0ffffffffffff}, 0x0) 03:27:27 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) [ 2228.945723] oom_reaper: reaped process 25503 (syz-executor.4), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 2229.910262] syz-executor.4 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 2229.922197] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 2229.928002] CPU: 1 PID: 4442 Comm: syz-executor.4 Not tainted 4.19.99-syzkaller #0 [ 2229.935718] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2229.945082] Call Trace: [ 2229.947798] dump_stack+0x197/0x210 [ 2229.951451] dump_header+0x15e/0xa55 [ 2229.955191] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2229.960309] ? ___ratelimit+0x60/0x595 [ 2229.964208] ? do_raw_spin_unlock+0x181/0x270 [ 2229.968726] oom_kill_process.cold+0x10/0x6ef [ 2229.973262] out_of_memory+0x362/0x1330 [ 2229.977363] ? retint_kernel+0x2d/0x2d [ 2229.981304] ? oom_killer_disable+0x280/0x280 [ 2229.985922] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2229.990900] ? memcg_event_wake+0x230/0x230 [ 2229.995242] ? do_raw_spin_unlock+0x181/0x270 [ 2229.999766] ? _raw_spin_unlock+0x2d/0x50 [ 2230.003941] try_charge+0xec5/0x1490 [ 2230.007680] ? lock_downgrade+0x880/0x880 [ 2230.011847] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2230.016712] ? rcu_read_unlock+0x33/0x60 [ 2230.020801] ? get_mem_cgroup_from_mm+0x185/0x510 [ 2230.025676] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 2230.031763] mem_cgroup_try_charge+0x259/0x6b0 [ 2230.036375] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2230.041322] wp_page_copy+0x430/0x16a0 [ 2230.045232] ? follow_pfn+0x2a0/0x2a0 [ 2230.049060] ? do_raw_spin_unlock+0x181/0x270 [ 2230.053570] do_wp_page+0x57d/0x10b0 [ 2230.057302] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2230.061986] ? kasan_check_write+0x14/0x20 [ 2230.066240] ? do_raw_spin_lock+0xd7/0x250 [ 2230.070506] __handle_mm_fault+0x2305/0x3f80 [ 2230.074941] ? copy_page_range+0x2030/0x2030 [ 2230.079500] ? count_memcg_event_mm+0x2b1/0x4d0 [ 2230.084188] handle_mm_fault+0x1b5/0x690 [ 2230.088270] ? __get_user_pages+0x573/0x1860 [ 2230.092829] __get_user_pages+0x609/0x1860 [ 2230.097094] ? follow_page_mask+0x1ac0/0x1ac0 [ 2230.101652] ? retint_kernel+0x2d/0x2d [ 2230.105600] populate_vma_page_range+0x20d/0x2a0 [ 2230.110397] __mm_populate+0x204/0x380 [ 2230.114305] ? populate_vma_page_range+0x2a0/0x2a0 [ 2230.119394] __x64_sys_mlockall+0x35c/0x520 [ 2230.123744] do_syscall_64+0xfd/0x620 [ 2230.127564] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2230.132780] RIP: 0033:0x45b349 [ 2230.136079] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2230.155097] RSP: 002b:00007f86ac35dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 2230.162835] RAX: ffffffffffffffda RBX: 00007f86ac35e6d4 RCX: 000000000045b349 [ 2230.170224] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 2230.177510] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2230.184792] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2230.192084] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bf2c [ 2230.200895] Task in /syz4 killed as a result of limit of /syz4 [ 2230.207476] memory: usage 307200kB, limit 307200kB, failcnt 34957 [ 2230.213952] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2230.220901] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2230.227384] Memory cgroup stats for /syz4: cache:124KB rss:293440KB rss_huge:186368KB shmem:24KB mapped_file:132KB dirty:0KB writeback:0KB swap:0KB inactive_anon:155244KB active_anon:13396KB inactive_file:4KB active_file:4KB unevictable:124824KB [ 2230.250750] Memory cgroup out of memory: Kill process 4440 (syz-executor.4) score 1226 or sacrifice child [ 2230.260969] Killed process 4440 (syz-executor.4) total-vm:72720kB, anon-rss:18256kB, file-rss:54376kB, shmem-rss:0kB [ 2230.290228] oom_reaper: reaped process 4440 (syz-executor.4), now anon-rss:18256kB, file-rss:54368kB, shmem-rss:0kB 03:27:32 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x70, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x40, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{0x0, 0x0, 0x3c00}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}, @TCA_RSVP_CLASSID={0x8, 0x1, {0x0, 0x8}}]}}]}, 0x70}}, 0x0) 03:27:32 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x68, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x38, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}]}}]}, 0x68}, 0x1, 0x100000000000000}, 0x0) 03:27:32 executing program 5: sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r0 = socket$inet(0x10, 0x0, 0x0) ioctl$sock_ifreq(r0, 0x89f0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x7ffff000) r1 = socket(0x0, 0x400000000080803, 0x0) write(r1, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:27:32 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x70, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x40, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{0x0, 0x0, 0x3f00}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}, @TCA_RSVP_CLASSID={0x8, 0x1, {0x0, 0x8}}]}}]}, 0x70}}, 0x0) 03:27:32 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, 0x0, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:27:32 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:27:32 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x68, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x38, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}]}}]}, 0x68}, 0x1, 0x200000000000000}, 0x0) [ 2232.249742] syz-executor.2 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=0 [ 2232.262058] syz-executor.2 cpuset=syz2 mems_allowed=0-1 [ 2232.267679] CPU: 1 PID: 4491 Comm: syz-executor.2 Not tainted 4.19.99-syzkaller #0 [ 2232.275769] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2232.285141] Call Trace: [ 2232.287857] dump_stack+0x197/0x210 [ 2232.291500] dump_header+0x15e/0xa55 [ 2232.295238] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2232.300465] ? ___ratelimit+0x60/0x595 [ 2232.304368] ? do_raw_spin_unlock+0x181/0x270 [ 2232.308897] oom_kill_process.cold+0x10/0x6ef [ 2232.313421] out_of_memory+0x362/0x1330 [ 2232.317424] ? retint_kernel+0x2d/0x2d [ 2232.321344] ? oom_killer_disable+0x280/0x280 [ 2232.325864] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2232.330970] ? memcg_event_wake+0x230/0x230 [ 2232.335414] try_charge+0xec5/0x1490 [ 2232.339153] ? lock_downgrade+0x880/0x880 [ 2232.343451] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2232.348338] ? rcu_read_unlock+0x33/0x60 [ 2232.352419] ? get_mem_cgroup_from_mm+0x185/0x510 [ 2232.357277] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 2232.363355] ? retint_kernel+0x2d/0x2d [ 2232.367267] mem_cgroup_try_charge+0x259/0x6b0 [ 2232.371866] ? __sanitizer_cov_trace_pc+0x1/0x50 [ 2232.376639] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2232.381586] wp_page_copy+0x430/0x16a0 [ 2232.385503] ? follow_pfn+0x2a0/0x2a0 [ 2232.389326] ? do_raw_spin_unlock+0x181/0x270 [ 2232.393846] do_wp_page+0x57d/0x10b0 [ 2232.397585] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2232.402273] ? kasan_check_write+0x14/0x20 [ 2232.406520] ? do_raw_spin_lock+0xd7/0x250 [ 2232.410780] __handle_mm_fault+0x2305/0x3f80 [ 2232.415203] ? copy_page_range+0x2030/0x2030 [ 2232.419654] ? count_memcg_event_mm+0x2b1/0x4d0 [ 2232.424338] handle_mm_fault+0x1b5/0x690 [ 2232.428425] __get_user_pages+0x609/0x1860 [ 2232.432693] ? follow_page_mask+0x1ac0/0x1ac0 [ 2232.437213] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2232.441992] ? retint_kernel+0x2d/0x2d [ 2232.445905] populate_vma_page_range+0x20d/0x2a0 [ 2232.450800] __mm_populate+0x204/0x380 [ 2232.454710] ? populate_vma_page_range+0x2a0/0x2a0 [ 2232.459662] __x64_sys_mlockall+0x35c/0x520 [ 2232.463997] do_syscall_64+0xfd/0x620 [ 2232.467818] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2232.473177] RIP: 0033:0x45b349 [ 2232.476381] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2232.495381] RSP: 002b:00007fbf16a2fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 2232.503133] RAX: ffffffffffffffda RBX: 00007fbf16a306d4 RCX: 000000000045b349 [ 2232.510418] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 2232.517888] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2232.525180] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2232.532469] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bf2c [ 2232.548264] Task in /syz2 killed as a result of limit of /syz2 [ 2232.554724] memory: usage 307200kB, limit 307200kB, failcnt 305 [ 2232.561132] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2232.568051] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2232.574511] Memory cgroup stats for /syz2: cache:24KB rss:296000KB rss_huge:34816KB shmem:60KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:244536KB active_anon:8728KB inactive_file:4KB active_file:4KB unevictable:42772KB [ 2232.597565] Memory cgroup out of memory: Kill process 4487 (syz-executor.2) score 236 or sacrifice child [ 2232.607857] Killed process 4493 (syz-executor.2) total-vm:72588kB, anon-rss:18196kB, file-rss:34816kB, shmem-rss:0kB [ 2232.623132] syz-executor.5 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 2232.634836] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 2232.640624] CPU: 0 PID: 4478 Comm: syz-executor.5 Not tainted 4.19.99-syzkaller #0 [ 2232.648345] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2232.657713] Call Trace: [ 2232.660334] dump_stack+0x197/0x210 [ 2232.663992] dump_header+0x15e/0xa55 [ 2232.667807] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2232.672931] ? ___ratelimit+0x60/0x595 [ 2232.676828] ? do_raw_spin_unlock+0x181/0x270 [ 2232.681372] oom_kill_process.cold+0x10/0x6ef [ 2232.685893] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2232.691458] ? task_will_free_mem+0x139/0x6e0 [ 2232.695988] out_of_memory+0x362/0x1330 [ 2232.699993] ? lock_downgrade+0x880/0x880 [ 2232.704165] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2232.709300] ? oom_killer_disable+0x280/0x280 [ 2232.714026] ? find_held_lock+0x35/0x130 [ 2232.718117] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2232.723029] ? memcg_event_wake+0x230/0x230 [ 2232.727378] ? do_raw_spin_unlock+0x181/0x270 [ 2232.731897] ? _raw_spin_unlock+0x2d/0x50 [ 2232.736050] try_charge+0xec5/0x1490 [ 2232.739784] ? lock_downgrade+0x880/0x880 [ 2232.743958] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2232.748863] ? rcu_read_unlock+0x33/0x60 [ 2232.752935] ? get_mem_cgroup_from_mm+0x185/0x510 [ 2232.757781] ? retint_kernel+0x2d/0x2d [ 2232.761678] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 2232.767756] mem_cgroup_try_charge+0x259/0x6b0 [ 2232.772352] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2232.777733] wp_page_copy+0x430/0x16a0 [ 2232.781635] ? follow_pfn+0x2a0/0x2a0 [ 2232.785455] ? do_raw_spin_unlock+0x181/0x270 [ 2232.789978] do_wp_page+0x57d/0x10b0 [ 2232.793702] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2232.798376] ? kasan_check_write+0x14/0x20 [ 2232.802616] ? do_raw_spin_lock+0xd7/0x250 [ 2232.806879] __handle_mm_fault+0x2305/0x3f80 [ 2232.811410] ? copy_page_range+0x2030/0x2030 [ 2232.815837] ? count_memcg_event_mm+0x2b1/0x4d0 [ 2232.820509] handle_mm_fault+0x1b5/0x690 [ 2232.824585] __get_user_pages+0x609/0x1860 [ 2232.828839] ? follow_page_mask+0x1ac0/0x1ac0 [ 2232.833423] ? retint_kernel+0x2d/0x2d [ 2232.837355] populate_vma_page_range+0x20d/0x2a0 [ 2232.842230] __mm_populate+0x204/0x380 [ 2232.846147] ? populate_vma_page_range+0x2a0/0x2a0 [ 2232.851091] __x64_sys_mlockall+0x35c/0x520 [ 2232.856556] do_syscall_64+0xfd/0x620 [ 2232.860374] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2232.865561] RIP: 0033:0x45b349 [ 2232.868767] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2232.887672] RSP: 002b:00007f4b94dddc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 2232.895397] RAX: ffffffffffffffda RBX: 00007f4b94dde6d4 RCX: 000000000045b349 [ 2232.902659] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 2232.910004] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2232.917263] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2232.924535] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bf2c [ 2232.932804] Task in /syz5 killed as a result of limit of /syz5 [ 2232.939260] memory: usage 307200kB, limit 307200kB, failcnt 1277 [ 2232.946067] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2232.953377] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2232.959751] Memory cgroup stats for /syz5: cache:188KB rss:295208KB rss_huge:45056KB shmem:80KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:233756KB active_anon:6348KB inactive_file:8KB active_file:4KB unevictable:55192KB [ 2232.984141] Memory cgroup out of memory: Kill process 4477 (syz-executor.5) score 1226 or sacrifice child [ 2232.994970] Killed process 4485 (syz-executor.5) total-vm:72720kB, anon-rss:18328kB, file-rss:34944kB, shmem-rss:0kB [ 2233.008807] syz-executor.2 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=0 [ 2233.019994] syz-executor.2 cpuset=syz2 mems_allowed=0-1 [ 2233.025515] CPU: 1 PID: 4491 Comm: syz-executor.2 Not tainted 4.19.99-syzkaller #0 [ 2233.033308] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2233.042692] Call Trace: [ 2233.045422] dump_stack+0x197/0x210 [ 2233.049071] dump_header+0x15e/0xa55 [ 2233.052821] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2233.057944] ? ___ratelimit+0x60/0x595 [ 2233.061850] ? do_raw_spin_unlock+0x181/0x270 [ 2233.066370] oom_kill_process.cold+0x10/0x6ef [ 2233.070885] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2233.076447] ? task_will_free_mem+0x139/0x6e0 [ 2233.080976] out_of_memory+0x362/0x1330 [ 2233.085103] ? oom_killer_disable+0x280/0x280 [ 2233.089634] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2233.094496] ? memcg_event_wake+0x230/0x230 [ 2233.098874] ? do_raw_spin_unlock+0x181/0x270 [ 2233.103390] ? _raw_spin_unlock+0x2d/0x50 [ 2233.107556] try_charge+0xec5/0x1490 [ 2233.111290] ? lock_downgrade+0x880/0x880 [ 2233.115466] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2233.120375] ? rcu_read_unlock+0x33/0x60 [ 2233.124459] ? get_mem_cgroup_from_mm+0x185/0x510 [ 2233.129331] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 2233.135401] ? retint_kernel+0x2d/0x2d [ 2233.139336] mem_cgroup_try_charge+0x259/0x6b0 [ 2233.143941] ? __sanitizer_cov_trace_pc+0x1/0x50 [ 2233.148760] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2233.153732] wp_page_copy+0x430/0x16a0 [ 2233.157645] ? follow_pfn+0x2a0/0x2a0 [ 2233.161461] ? do_raw_spin_unlock+0x181/0x270 [ 2233.165994] do_wp_page+0x57d/0x10b0 [ 2233.169737] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2233.174438] ? kasan_check_write+0x14/0x20 [ 2233.178784] ? do_raw_spin_lock+0xd7/0x250 [ 2233.183075] __handle_mm_fault+0x2305/0x3f80 [ 2233.187506] ? copy_page_range+0x2030/0x2030 [ 2233.192124] ? count_memcg_event_mm+0x2b1/0x4d0 [ 2233.196927] handle_mm_fault+0x1b5/0x690 [ 2233.201010] __get_user_pages+0x609/0x1860 [ 2233.205283] ? follow_page_mask+0x1ac0/0x1ac0 [ 2233.209793] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2233.214576] ? retint_kernel+0x2d/0x2d [ 2233.218496] populate_vma_page_range+0x20d/0x2a0 [ 2233.223282] __mm_populate+0x204/0x380 [ 2233.227192] ? populate_vma_page_range+0x2a0/0x2a0 [ 2233.232149] __x64_sys_mlockall+0x35c/0x520 [ 2233.236519] do_syscall_64+0xfd/0x620 [ 2233.241135] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2233.246347] RIP: 0033:0x45b349 [ 2233.249561] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2233.269282] RSP: 002b:00007fbf16a2fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 2233.277011] RAX: ffffffffffffffda RBX: 00007fbf16a306d4 RCX: 000000000045b349 [ 2233.284383] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 2233.291679] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2233.298969] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2233.306273] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bf2c [ 2233.314281] Task in /syz2 killed as a result of limit of /syz2 [ 2233.320560] memory: usage 293048kB, limit 307200kB, failcnt 311 [ 2233.326661] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2233.333760] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2233.340209] Memory cgroup stats for /syz2: cache:24KB rss:282068KB rss_huge:28672KB shmem:60KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:236708KB active_anon:8728KB inactive_file:8KB active_file:0KB unevictable:36628KB [ 2233.362852] Memory cgroup out of memory: Kill process 4487 (syz-executor.2) score 236 or sacrifice child [ 2233.373165] Killed process 4487 (syz-executor.2) total-vm:72588kB, anon-rss:18196kB, file-rss:54376kB, shmem-rss:0kB [ 2233.387658] syz-executor.5 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 2233.387702] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 2233.404559] CPU: 0 PID: 4478 Comm: syz-executor.5 Not tainted 4.19.99-syzkaller #0 [ 2233.412404] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2233.421789] Call Trace: [ 2233.424429] dump_stack+0x197/0x210 [ 2233.428253] dump_header+0x15e/0xa55 [ 2233.431986] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2233.437226] ? ___ratelimit+0x60/0x595 [ 2233.441138] ? do_raw_spin_unlock+0x181/0x270 [ 2233.445664] oom_kill_process.cold+0x10/0x6ef [ 2233.450189] ? out_of_memory+0x14a/0x1330 [ 2233.454363] out_of_memory+0x362/0x1330 [ 2233.458377] ? lock_downgrade+0x880/0x880 [ 2233.462555] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2233.467690] ? oom_killer_disable+0x280/0x280 [ 2233.472206] ? find_held_lock+0x35/0x130 [ 2233.476311] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2233.481247] ? memcg_event_wake+0x230/0x230 [ 2233.485614] ? do_raw_spin_unlock+0x181/0x270 [ 2233.490127] ? _raw_spin_unlock+0x2d/0x50 [ 2233.490369] oom_reaper: reaped process 4485 (syz-executor.5), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 2233.494299] try_charge+0xec5/0x1490 [ 2233.494320] ? lock_downgrade+0x880/0x880 [ 2233.494343] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2233.494365] ? rcu_read_unlock+0x33/0x60 [ 2233.521513] ? get_mem_cgroup_from_mm+0x185/0x510 [ 2233.526391] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 2233.532481] mem_cgroup_try_charge+0x259/0x6b0 [ 2233.537203] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2233.542259] wp_page_copy+0x430/0x16a0 [ 2233.546187] ? follow_pfn+0x2a0/0x2a0 [ 2233.550020] ? do_raw_spin_unlock+0x181/0x270 [ 2233.554544] do_wp_page+0x57d/0x10b0 [ 2233.558404] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2233.563104] ? kasan_check_write+0x14/0x20 [ 2233.567488] ? do_raw_spin_lock+0xd7/0x250 [ 2233.571747] __handle_mm_fault+0x2305/0x3f80 [ 2233.576187] ? copy_page_range+0x2030/0x2030 [ 2233.580637] ? count_memcg_event_mm+0x2b1/0x4d0 [ 2233.585332] handle_mm_fault+0x1b5/0x690 [ 2233.589427] __get_user_pages+0x609/0x1860 [ 2233.593693] ? follow_page_mask+0x1ac0/0x1ac0 [ 2233.598207] ? retint_kernel+0x2d/0x2d [ 2233.602146] populate_vma_page_range+0x20d/0x2a0 [ 2233.606946] __mm_populate+0x204/0x380 [ 2233.610856] ? populate_vma_page_range+0x2a0/0x2a0 [ 2233.615819] __x64_sys_mlockall+0x35c/0x520 [ 2233.620447] do_syscall_64+0xfd/0x620 [ 2233.624321] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2233.629622] RIP: 0033:0x45b349 [ 2233.632832] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2233.652620] RSP: 002b:00007f4b94dddc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 2233.660394] RAX: ffffffffffffffda RBX: 00007f4b94dde6d4 RCX: 000000000045b349 [ 2233.667724] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 2233.675104] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2233.682449] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2233.689880] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bf2c [ 2233.697602] Task in /syz5 killed as a result of limit of /syz5 [ 2233.704029] memory: usage 291968kB, limit 307200kB, failcnt 1286 [ 2233.710618] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2233.717670] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2233.724270] Memory cgroup stats for /syz5: cache:188KB rss:280056KB rss_huge:40960KB shmem:80KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:222636KB active_anon:6348KB inactive_file:8KB active_file:4KB unevictable:51096KB [ 2233.746929] Memory cgroup out of memory: Kill process 4477 (syz-executor.5) score 1226 or sacrifice child [ 2233.757533] Killed process 4478 (syz-executor.5) total-vm:72720kB, anon-rss:18328kB, file-rss:54376kB, shmem-rss:0kB [ 2233.769824] oom_reaper: reaped process 4478 (syz-executor.5), now anon-rss:18328kB, file-rss:54368kB, shmem-rss:0kB 03:27:35 executing program 4: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, &(0x7f0000000180)={'tunl0\x00', @ifru_flags}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7", 0xe) 03:27:35 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x70, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x40, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{0x0, 0x0, 0x5865}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}, @TCA_RSVP_CLASSID={0x8, 0x1, {0x0, 0x8}}]}}]}, 0x70}}, 0x0) 03:27:35 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x68, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x38, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}]}}]}, 0x68}, 0x1, 0x300000000000000}, 0x0) 03:27:35 executing program 2: sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r0 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r0, 0x89f0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x7ffff000) r1 = socket(0x0, 0x400000000080803, 0x0) write(r1, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:27:36 executing program 5: sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(0xffffffffffffffff, 0x89f0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x7ffff000) r0 = socket(0x0, 0x400000000080803, 0x0) write(r0, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) [ 2235.342517] syz-executor.2 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=0 [ 2235.354152] syz-executor.2 cpuset=syz2 mems_allowed=0-1 [ 2235.360004] CPU: 1 PID: 4507 Comm: syz-executor.2 Not tainted 4.19.99-syzkaller #0 [ 2235.367732] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2235.377098] Call Trace: [ 2235.380329] dump_stack+0x197/0x210 [ 2235.383990] dump_header+0x15e/0xa55 [ 2235.387740] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2235.393314] ? ___ratelimit+0x60/0x595 [ 2235.397220] ? do_raw_spin_unlock+0x181/0x270 [ 2235.402181] oom_kill_process.cold+0x10/0x6ef [ 2235.406749] ? mem_cgroup_get_max+0xa8/0x240 [ 2235.411541] out_of_memory+0x362/0x1330 [ 2235.415554] ? retint_kernel+0x2d/0x2d [ 2235.419468] ? oom_killer_disable+0x280/0x280 [ 2235.423997] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2235.428866] ? memcg_event_wake+0x230/0x230 [ 2235.433208] ? do_raw_spin_unlock+0x181/0x270 [ 2235.437725] ? _raw_spin_unlock+0x2d/0x50 [ 2235.441897] try_charge+0xec5/0x1490 [ 2235.445640] ? lock_downgrade+0x880/0x880 [ 2235.449934] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2235.454844] ? rcu_read_unlock+0x33/0x60 [ 2235.458927] ? get_mem_cgroup_from_mm+0x185/0x510 [ 2235.464145] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 2235.470246] mem_cgroup_try_charge+0x259/0x6b0 [ 2235.474880] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2235.479900] wp_page_copy+0x430/0x16a0 [ 2235.483823] ? follow_pfn+0x2a0/0x2a0 [ 2235.487650] ? do_raw_spin_unlock+0x181/0x270 [ 2235.492170] do_wp_page+0x57d/0x10b0 [ 2235.495907] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2235.500593] ? kasan_check_write+0x14/0x20 [ 2235.504836] ? do_raw_spin_lock+0xd7/0x250 [ 2235.509206] __handle_mm_fault+0x2305/0x3f80 [ 2235.513660] ? copy_page_range+0x2030/0x2030 [ 2235.518210] ? count_memcg_event_mm+0x2b1/0x4d0 [ 2235.522893] handle_mm_fault+0x1b5/0x690 [ 2235.526967] __get_user_pages+0x609/0x1860 [ 2235.531308] ? follow_page_mask+0x1ac0/0x1ac0 [ 2235.535829] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2235.540623] ? retint_kernel+0x2d/0x2d [ 2235.544819] populate_vma_page_range+0x20d/0x2a0 [ 2235.549623] __mm_populate+0x204/0x380 [ 2235.553534] ? populate_vma_page_range+0x2a0/0x2a0 [ 2235.558614] ? __mm_populate+0x28/0x380 [ 2235.562619] __x64_sys_mlockall+0x35c/0x520 [ 2235.566955] do_syscall_64+0xfd/0x620 [ 2235.570796] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2235.575996] RIP: 0033:0x45b349 [ 2235.579208] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2235.598350] RSP: 002b:00007fbf16a2fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 2235.606074] RAX: ffffffffffffffda RBX: 00007fbf16a306d4 RCX: 000000000045b349 [ 2235.613362] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 2235.620646] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2235.627932] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2235.635228] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bf2c [ 2235.645168] Task in /syz2 killed as a result of limit of /syz2 [ 2235.651626] memory: usage 307200kB, limit 307200kB, failcnt 333 [ 2235.657936] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2235.665127] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2235.671688] Memory cgroup stats for /syz2: cache:24KB rss:296036KB rss_huge:36864KB shmem:60KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:244496KB active_anon:8728KB inactive_file:4KB active_file:4KB unevictable:42772KB [ 2235.694281] Memory cgroup out of memory: Kill process 4505 (syz-executor.2) score 236 or sacrifice child [ 2235.704813] Killed process 4510 (syz-executor.2) total-vm:72588kB, anon-rss:18196kB, file-rss:34816kB, shmem-rss:0kB [ 2235.720601] syz-executor.4 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 2235.732063] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 2235.737682] CPU: 0 PID: 4512 Comm: syz-executor.4 Not tainted 4.19.99-syzkaller #0 [ 2235.746440] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2235.755819] Call Trace: [ 2235.758534] dump_stack+0x197/0x210 [ 2235.762201] dump_header+0x15e/0xa55 [ 2235.765937] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2235.771062] ? ___ratelimit+0x60/0x595 [ 2235.774969] ? do_raw_spin_unlock+0x181/0x270 [ 2235.779484] oom_kill_process.cold+0x10/0x6ef [ 2235.784000] ? out_of_memory+0x1ae/0x1330 [ 2235.788182] ? mem_cgroup_get_max+0x2a/0x240 [ 2235.792712] out_of_memory+0x362/0x1330 [ 2235.796706] ? lock_downgrade+0x880/0x880 [ 2235.800883] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2235.813222] ? oom_killer_disable+0x280/0x280 [ 2235.817750] ? find_held_lock+0x35/0x130 [ 2235.821849] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2235.826726] ? memcg_event_wake+0x230/0x230 [ 2235.831075] ? do_raw_spin_unlock+0x181/0x270 [ 2235.835625] ? _raw_spin_unlock+0x2d/0x50 [ 2235.839806] try_charge+0xec5/0x1490 [ 2235.843537] ? lock_downgrade+0x880/0x880 [ 2235.847719] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2235.852690] ? rcu_read_unlock+0x33/0x60 [ 2235.856750] ? get_mem_cgroup_from_mm+0x185/0x510 [ 2235.861690] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 2235.867818] ? retint_kernel+0x2d/0x2d [ 2235.871743] mem_cgroup_try_charge+0x259/0x6b0 [ 2235.877042] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2235.881990] wp_page_copy+0x430/0x16a0 [ 2235.885891] ? follow_pfn+0x2a0/0x2a0 [ 2235.889705] ? do_raw_spin_unlock+0x181/0x270 [ 2235.894215] do_wp_page+0x57d/0x10b0 [ 2235.897927] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2235.902629] ? kasan_check_write+0x14/0x20 [ 2235.906979] ? do_raw_spin_lock+0xd7/0x250 [ 2235.911221] __handle_mm_fault+0x2305/0x3f80 [ 2235.915646] ? copy_page_range+0x2030/0x2030 [ 2235.920081] ? count_memcg_event_mm+0x2b1/0x4d0 [ 2235.924762] handle_mm_fault+0x1b5/0x690 [ 2235.928842] __get_user_pages+0x609/0x1860 [ 2235.933114] ? follow_page_mask+0x1ac0/0x1ac0 [ 2235.937638] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2235.942428] ? retint_kernel+0x2d/0x2d [ 2235.946326] populate_vma_page_range+0x20d/0x2a0 [ 2235.951100] __mm_populate+0x204/0x380 [ 2235.955025] ? populate_vma_page_range+0x2a0/0x2a0 [ 2235.959962] __x64_sys_mlockall+0x35c/0x520 [ 2235.964315] do_syscall_64+0xfd/0x620 [ 2235.968117] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2235.973302] RIP: 0033:0x45b349 [ 2235.976489] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2235.995410] RSP: 002b:00007f86ac35dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 2236.003143] RAX: ffffffffffffffda RBX: 00007f86ac35e6d4 RCX: 000000000045b349 [ 2236.010404] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 2236.017703] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2236.025156] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2236.032435] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bf2c [ 2236.040171] Task in /syz4 killed as a result of limit of /syz4 [ 2236.046538] memory: usage 307200kB, limit 307200kB, failcnt 34995 [ 2236.053146] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2236.060233] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2236.066668] Memory cgroup stats for /syz4: cache:124KB rss:293440KB rss_huge:176128KB shmem:24KB mapped_file:132KB dirty:0KB writeback:0KB swap:0KB inactive_anon:155448KB active_anon:13396KB inactive_file:0KB active_file:4KB unevictable:124820KB [ 2236.089637] Memory cgroup out of memory: Kill process 4511 (syz-executor.4) score 1226 or sacrifice child [ 2236.099856] Killed process 4516 (syz-executor.4) total-vm:72720kB, anon-rss:18324kB, file-rss:34816kB, shmem-rss:0kB [ 2236.134002] syz-executor.2 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=0 [ 2236.145417] syz-executor.2 cpuset=syz2 mems_allowed=0-1 [ 2236.151647] CPU: 1 PID: 4507 Comm: syz-executor.2 Not tainted 4.19.99-syzkaller #0 [ 2236.159704] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2236.169056] Call Trace: [ 2236.171655] dump_stack+0x197/0x210 [ 2236.175292] dump_header+0x15e/0xa55 [ 2236.179048] oom_kill_process.cold+0x10/0x6ef [ 2236.183613] out_of_memory+0x362/0x1330 [ 2236.188213] ? retint_kernel+0x2d/0x2d [ 2236.192116] ? oom_killer_disable+0x280/0x280 [ 2236.196632] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2236.201485] ? memcg_event_wake+0x230/0x230 [ 2236.205816] ? do_raw_spin_unlock+0x181/0x270 [ 2236.210339] ? _raw_spin_unlock+0x2d/0x50 [ 2236.214525] try_charge+0xec5/0x1490 [ 2236.218243] ? lock_downgrade+0x880/0x880 [ 2236.222408] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2236.227257] ? rcu_read_unlock+0x33/0x60 [ 2236.231320] ? get_mem_cgroup_from_mm+0x185/0x510 [ 2236.236536] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 2236.242611] mem_cgroup_try_charge+0x259/0x6b0 [ 2236.247208] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2236.252142] wp_page_copy+0x430/0x16a0 [ 2236.256044] ? follow_pfn+0x2a0/0x2a0 [ 2236.259854] ? do_raw_spin_unlock+0x181/0x270 [ 2236.264357] do_wp_page+0x57d/0x10b0 [ 2236.268081] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2236.272752] ? kasan_check_write+0x14/0x20 [ 2236.276991] ? do_raw_spin_lock+0xd7/0x250 [ 2236.281235] __handle_mm_fault+0x2305/0x3f80 [ 2236.285665] ? copy_page_range+0x2030/0x2030 [ 2236.290443] ? count_memcg_event_mm+0x2b1/0x4d0 [ 2236.295118] handle_mm_fault+0x1b5/0x690 [ 2236.299191] __get_user_pages+0x609/0x1860 [ 2236.303471] ? follow_page_mask+0x1ac0/0x1ac0 [ 2236.307986] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2236.312758] ? retint_kernel+0x2d/0x2d [ 2236.316656] populate_vma_page_range+0x20d/0x2a0 [ 2236.321422] __mm_populate+0x204/0x380 [ 2236.325327] ? populate_vma_page_range+0x2a0/0x2a0 [ 2236.330263] ? __mm_populate+0x28/0x380 [ 2236.334268] __x64_sys_mlockall+0x35c/0x520 [ 2236.338603] do_syscall_64+0xfd/0x620 [ 2236.342415] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2236.347604] RIP: 0033:0x45b349 [ 2236.350803] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2236.369705] RSP: 002b:00007fbf16a2fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 2236.377419] RAX: ffffffffffffffda RBX: 00007fbf16a306d4 RCX: 000000000045b349 [ 2236.384690] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 2236.391977] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2236.399270] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2236.406556] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bf2c [ 2236.414845] Task in /syz2 killed as a result of limit of /syz2 [ 2236.421340] memory: usage 293088kB, limit 307200kB, failcnt 339 [ 2236.427457] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2236.434289] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2236.440704] Memory cgroup stats for /syz2: cache:24KB rss:282288KB rss_huge:30720KB shmem:60KB mapped_file:0KB dirty:0KB writeback:132KB swap:0KB inactive_anon:236708KB active_anon:8728KB inactive_file:4KB active_file:4KB unevictable:36628KB [ 2236.463866] Memory cgroup out of memory: Kill process 4505 (syz-executor.2) score 236 or sacrifice child [ 2236.474359] Killed process 4505 (syz-executor.2) total-vm:72588kB, anon-rss:18196kB, file-rss:54376kB, shmem-rss:0kB [ 2236.493728] syz-executor.4 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 2236.526298] syz-executor.4 cpuset=syz4 mems_allowed=0-1 03:27:37 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x68, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x38, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}]}}]}, 0x68}, 0x1, 0x400000000000000}, 0x0) 03:27:38 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x70, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x40, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{0x0, 0x0, 0x6000}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}, @TCA_RSVP_CLASSID={0x8, 0x1, {0x0, 0x8}}]}}]}, 0x70}}, 0x0) [ 2236.564792] CPU: 1 PID: 4514 Comm: syz-executor.4 Not tainted 4.19.99-syzkaller #0 [ 2236.572551] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2236.581924] Call Trace: [ 2236.584532] dump_stack+0x197/0x210 [ 2236.588202] dump_header+0x15e/0xa55 [ 2236.591930] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2236.597055] ? ___ratelimit+0x60/0x595 [ 2236.600964] ? do_raw_spin_unlock+0x181/0x270 [ 2236.605489] oom_kill_process.cold+0x10/0x6ef [ 2236.610038] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2236.615595] ? task_will_free_mem+0x139/0x6e0 [ 2236.620140] out_of_memory+0x362/0x1330 [ 2236.624142] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2236.629265] ? oom_killer_disable+0x280/0x280 [ 2236.633786] ? find_held_lock+0x35/0x130 [ 2236.637899] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2236.643028] ? memcg_event_wake+0x230/0x230 [ 2236.647469] ? do_raw_spin_unlock+0x181/0x270 [ 2236.652111] ? _raw_spin_unlock+0x2d/0x50 [ 2236.656279] try_charge+0xc6e/0x1490 [ 2236.660016] ? lock_downgrade+0x880/0x880 [ 2236.664193] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2236.669138] ? rcu_read_unlock+0x33/0x60 [ 2236.673221] ? get_mem_cgroup_from_mm+0x185/0x510 [ 2236.678086] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 2236.684168] ? futex_wait_queue_me+0x414/0x600 [ 2236.688768] ? handle_futex_death.part.0+0x2a0/0x2a0 [ 2236.694163] mem_cgroup_try_charge+0x259/0x6b0 [ 2236.698771] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2236.703809] wp_page_copy+0x430/0x16a0 [ 2236.707720] ? follow_pfn+0x2a0/0x2a0 [ 2236.711547] ? do_raw_spin_unlock+0x181/0x270 [ 2236.716111] do_wp_page+0x57d/0x10b0 [ 2236.719849] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2236.724635] ? kasan_check_write+0x14/0x20 [ 2236.728889] ? do_raw_spin_lock+0xd7/0x250 [ 2236.733156] __handle_mm_fault+0x2305/0x3f80 [ 2236.737583] ? copy_page_range+0x2030/0x2030 [ 2236.742029] ? count_memcg_event_mm+0x2b1/0x4d0 [ 2236.746713] handle_mm_fault+0x1b5/0x690 [ 2236.750906] __do_page_fault+0x62a/0xe90 [ 2236.754996] ? vmalloc_fault+0x740/0x740 [ 2236.759072] ? trace_hardirqs_off_caller+0x65/0x220 [ 2236.764214] ? trace_hardirqs_on_caller+0x6a/0x220 [ 2236.769162] ? page_fault+0x8/0x30 [ 2236.772729] do_page_fault+0x71/0x57d [ 2236.776547] ? page_fault+0x8/0x30 [ 2236.780373] page_fault+0x1e/0x30 [ 2236.783839] RIP: 0033:0x40d027 [ 2236.787047] Code: eb 18 90 45 31 c0 31 c9 ba 80 00 00 00 48 89 de bf ca 00 00 00 e8 19 e3 04 00 8b 03 85 c0 74 e3 48 89 ef c7 45 08 00 00 00 00 c4 6d ff ff 4c 89 e7 e8 5c 62 ff ff eb e1 66 2e 0f 1f 84 00 00 [ 2236.806186] RSP: 002b:00007f86ac33cd00 EFLAGS: 00010202 [ 2236.811572] RAX: 0000000000000001 RBX: 000000000075bfd0 RCX: 000000000045b349 [ 2236.818858] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 000000000075bfc8 [ 2236.826249] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 2236.833567] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000075bfd4 [ 2236.840847] R13: 00007ffe33ec928f R14: 00007f86ac33d9c0 R15: 000000000075bfd4 03:27:39 executing program 2: sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r0 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r0, 0x89f0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x7ffff000) r1 = socket(0x0, 0x400000000080803, 0x0) write(r1, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:27:39 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, 0x0, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) [ 2237.711318] Task in /syz4 killed as a result of limit of /syz4 [ 2237.721876] memory: usage 300956kB, limit 307200kB, failcnt 35003 [ 2237.747998] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2237.759616] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2237.774068] Memory cgroup stats for /syz4: cache:124KB rss:287612KB rss_huge:176128KB shmem:24KB mapped_file:132KB dirty:0KB writeback:0KB swap:0KB inactive_anon:149392KB active_anon:13396KB inactive_file:0KB active_file:4KB unevictable:124820KB [ 2237.811116] Memory cgroup out of memory: Kill process 4511 (syz-executor.4) score 1226 or sacrifice child [ 2237.999651] Killed process 4514 (syz-executor.4) total-vm:72720kB, anon-rss:18324kB, file-rss:54376kB, shmem-rss:0kB [ 2238.030519] syz-executor.5 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 2238.042175] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 2238.047948] CPU: 0 PID: 4520 Comm: syz-executor.5 Not tainted 4.19.99-syzkaller #0 [ 2238.055763] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2238.065244] Call Trace: [ 2238.067873] dump_stack+0x197/0x210 [ 2238.071523] dump_header+0x15e/0xa55 [ 2238.075282] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2238.080420] ? ___ratelimit+0x60/0x595 [ 2238.084608] ? do_raw_spin_unlock+0x181/0x270 [ 2238.089149] oom_kill_process.cold+0x10/0x6ef [ 2238.093684] out_of_memory+0x362/0x1330 [ 2238.097678] ? retint_kernel+0x2d/0x2d [ 2238.101588] ? oom_killer_disable+0x280/0x280 [ 2238.106116] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2238.110984] ? memcg_event_wake+0x230/0x230 [ 2238.115333] ? do_raw_spin_unlock+0x181/0x270 [ 2238.119874] ? _raw_spin_unlock+0x2d/0x50 [ 2238.124048] try_charge+0xec5/0x1490 [ 2238.127895] ? lock_downgrade+0x880/0x880 [ 2238.132169] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2238.137034] ? rcu_read_unlock+0x33/0x60 [ 2238.141469] ? get_mem_cgroup_from_mm+0x185/0x510 [ 2238.146389] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 2238.152484] mem_cgroup_try_charge+0x259/0x6b0 [ 2238.157336] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2238.162293] wp_page_copy+0x430/0x16a0 [ 2238.166392] ? follow_pfn+0x2a0/0x2a0 [ 2238.170229] ? do_raw_spin_unlock+0x181/0x270 [ 2238.174747] do_wp_page+0x57d/0x10b0 [ 2238.178491] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2238.183177] ? kasan_check_write+0x14/0x20 [ 2238.187426] ? do_raw_spin_lock+0xd7/0x250 [ 2238.191693] __handle_mm_fault+0x2305/0x3f80 [ 2238.196124] ? copy_page_range+0x2030/0x2030 [ 2238.200568] ? count_memcg_event_mm+0x2b1/0x4d0 [ 2238.205251] handle_mm_fault+0x1b5/0x690 [ 2238.209408] __get_user_pages+0x609/0x1860 [ 2238.213796] ? follow_page_mask+0x1ac0/0x1ac0 [ 2238.218739] ? retint_kernel+0x2d/0x2d [ 2238.222666] ? populate_vma_page_range+0x189/0x2a0 [ 2238.227628] populate_vma_page_range+0x20d/0x2a0 [ 2238.232764] __mm_populate+0x204/0x380 [ 2238.236670] ? populate_vma_page_range+0x2a0/0x2a0 [ 2238.241620] ? __x64_sys_mlockall+0x2e5/0x520 [ 2238.246144] __x64_sys_mlockall+0x35c/0x520 [ 2238.250488] do_syscall_64+0xfd/0x620 [ 2238.254315] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2238.259538] RIP: 0033:0x45b349 [ 2238.262749] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2238.281671] RSP: 002b:00007f4b94dddc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 2238.289588] RAX: ffffffffffffffda RBX: 00007f4b94dde6d4 RCX: 000000000045b349 [ 2238.296882] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 2238.304205] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2238.311611] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2238.318985] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bf2c [ 2238.327601] Task in /syz5 killed as a result of limit of /syz5 [ 2238.334440] memory: usage 307200kB, limit 307200kB, failcnt 1313 [ 2238.341140] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2238.348109] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2238.354571] Memory cgroup stats for /syz5: cache:188KB rss:295232KB rss_huge:47104KB shmem:80KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:231864KB active_anon:6348KB inactive_file:4KB active_file:8KB unevictable:57108KB [ 2238.377289] Memory cgroup out of memory: Kill process 4519 (syz-executor.5) score 1223 or sacrifice child [ 2238.387982] Killed process 4523 (syz-executor.5) total-vm:72588kB, anon-rss:18196kB, file-rss:34816kB, shmem-rss:0kB [ 2238.777145] syz-executor.2 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=0 [ 2238.789141] syz-executor.2 cpuset=syz2 mems_allowed=0-1 [ 2238.795234] CPU: 1 PID: 4534 Comm: syz-executor.2 Not tainted 4.19.99-syzkaller #0 [ 2238.802967] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2238.812335] Call Trace: [ 2238.815460] dump_stack+0x197/0x210 [ 2238.819119] dump_header+0x15e/0xa55 [ 2238.822875] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2238.828005] ? ___ratelimit+0x60/0x595 [ 2238.831938] ? do_raw_spin_unlock+0x181/0x270 [ 2238.836468] oom_kill_process.cold+0x10/0x6ef [ 2238.841004] out_of_memory+0x362/0x1330 [ 2238.845012] ? lock_downgrade+0x880/0x880 [ 2238.849182] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2238.854312] ? oom_killer_disable+0x280/0x280 [ 2238.858844] ? find_held_lock+0x35/0x130 [ 2238.862941] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2238.867922] ? memcg_event_wake+0x230/0x230 [ 2238.872278] ? do_raw_spin_unlock+0x181/0x270 [ 2238.876798] ? _raw_spin_unlock+0x2d/0x50 [ 2238.880972] try_charge+0xec5/0x1490 [ 2238.884715] ? lock_downgrade+0x880/0x880 [ 2238.888900] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2238.893766] ? rcu_read_unlock+0x33/0x60 [ 2238.897849] ? get_mem_cgroup_from_mm+0x185/0x510 [ 2238.902700] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 2238.908765] mem_cgroup_try_charge+0x259/0x6b0 [ 2238.913352] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2238.918304] wp_page_copy+0x430/0x16a0 [ 2238.922203] ? follow_pfn+0x2a0/0x2a0 [ 2238.926018] ? do_raw_spin_unlock+0x181/0x270 [ 2238.930648] do_wp_page+0x57d/0x10b0 [ 2238.934383] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2238.939068] ? kasan_check_write+0x14/0x20 [ 2238.943297] ? do_raw_spin_lock+0xd7/0x250 [ 2238.947558] __handle_mm_fault+0x2305/0x3f80 [ 2238.951997] ? copy_page_range+0x2030/0x2030 [ 2238.956425] ? count_memcg_event_mm+0x2b1/0x4d0 [ 2238.961107] handle_mm_fault+0x1b5/0x690 [ 2238.965187] __get_user_pages+0x609/0x1860 [ 2238.970233] ? follow_page_mask+0x1ac0/0x1ac0 [ 2238.974942] ? populate_vma_page_range+0x116/0x2a0 [ 2238.979885] ? check_memory_region+0x112/0x190 [ 2238.984503] populate_vma_page_range+0x20d/0x2a0 [ 2238.989281] __mm_populate+0x204/0x380 [ 2238.993197] ? populate_vma_page_range+0x2a0/0x2a0 [ 2238.998151] __x64_sys_mlockall+0x35c/0x520 [ 2239.002500] do_syscall_64+0xfd/0x620 [ 2239.006330] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2239.011527] RIP: 0033:0x45b349 [ 2239.014849] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2239.033939] RSP: 002b:00007fbf16a2fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 2239.041671] RAX: ffffffffffffffda RBX: 00007fbf16a306d4 RCX: 000000000045b349 [ 2239.049075] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 2239.056447] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2239.063737] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2239.071014] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bf2c [ 2239.085384] Task in /syz2 killed as a result of limit of /syz2 [ 2239.091703] memory: usage 307200kB, limit 307200kB, failcnt 378 [ 2239.097839] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2239.104883] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2239.111267] Memory cgroup stats for /syz2: cache:24KB rss:296024KB rss_huge:36864KB shmem:60KB mapped_file:0KB dirty:0KB writeback:132KB swap:0KB inactive_anon:244448KB active_anon:8728KB inactive_file:4KB active_file:4KB unevictable:42772KB [ 2239.133731] Memory cgroup out of memory: Kill process 4531 (syz-executor.2) score 236 or sacrifice child [ 2239.143803] Killed process 4537 (syz-executor.2) total-vm:72588kB, anon-rss:18196kB, file-rss:34816kB, shmem-rss:0kB 03:27:40 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x68, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x38, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}]}}]}, 0x68}, 0x1, 0x500000000000000}, 0x0) 03:27:40 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x70, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x40, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{0x0, 0x0, 0x6558}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}, @TCA_RSVP_CLASSID={0x8, 0x1, {0x0, 0x8}}]}}]}, 0x70}}, 0x0) 03:27:41 executing program 4: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, &(0x7f0000000180)={'tunl0\x00', @ifru_flags}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7", 0xe) 03:27:41 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x68, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x38, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}]}}]}, 0x68}, 0x1, 0x600000000000000}, 0x0) 03:27:41 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x70, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x40, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{0x0, 0x0, 0x8100}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}, @TCA_RSVP_CLASSID={0x8, 0x1, {0x0, 0x8}}]}}]}, 0x70}}, 0x0) 03:27:41 executing program 5: sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(0xffffffffffffffff, 0x89f0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x7ffff000) r0 = socket(0x0, 0x400000000080803, 0x0) write(r0, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:27:41 executing program 2: sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r0 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r0, 0x89f0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x7ffff000) r1 = socket(0x0, 0x400000000080803, 0x0) write(r1, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) [ 2240.644380] syz-executor.4 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 2240.656344] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 2240.662115] CPU: 0 PID: 4553 Comm: syz-executor.4 Not tainted 4.19.99-syzkaller #0 [ 2240.669847] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2240.679390] Call Trace: [ 2240.682001] dump_stack+0x197/0x210 [ 2240.685659] dump_header+0x15e/0xa55 [ 2240.689395] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2240.694517] ? ___ratelimit+0x60/0x595 [ 2240.698420] ? do_raw_spin_unlock+0x181/0x270 [ 2240.702934] oom_kill_process.cold+0x10/0x6ef [ 2240.707447] ? out_of_memory+0x1ae/0x1330 [ 2240.711617] out_of_memory+0x362/0x1330 [ 2240.715609] ? lock_downgrade+0x880/0x880 [ 2240.719793] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2240.724916] ? oom_killer_disable+0x280/0x280 [ 2240.730035] ? find_held_lock+0x35/0x130 [ 2240.734123] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2240.738986] ? memcg_event_wake+0x230/0x230 [ 2240.743328] ? do_raw_spin_unlock+0x181/0x270 [ 2240.747845] ? _raw_spin_unlock+0x2d/0x50 [ 2240.752021] try_charge+0xec5/0x1490 [ 2240.755865] ? lock_downgrade+0x880/0x880 [ 2240.760034] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2240.764900] ? rcu_read_unlock+0x33/0x60 [ 2240.768972] ? get_mem_cgroup_from_mm+0x185/0x510 [ 2240.773963] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 2240.780042] ? lock_downgrade+0x880/0x880 [ 2240.784318] mem_cgroup_try_charge+0x259/0x6b0 [ 2240.788923] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2240.793879] do_huge_pmd_wp_page+0x97e/0x3580 [ 2240.798384] ? trace_hardirqs_on_caller+0x6a/0x220 [ 2240.803348] ? __split_huge_pmd+0x2b10/0x2b10 [ 2240.807873] ? pmd_val+0x85/0x100 [ 2240.811345] ? pmd_val+0xd1/0x100 [ 2240.814816] __handle_mm_fault+0x167b/0x3f80 [ 2240.819248] ? copy_page_range+0x2030/0x2030 [ 2240.823682] ? retint_kernel+0x2d/0x2d [ 2240.827599] ? count_memcg_event_mm+0x2b1/0x4d0 [ 2240.832289] handle_mm_fault+0x1b5/0x690 [ 2240.836381] __get_user_pages+0x609/0x1860 [ 2240.842038] ? follow_page_mask+0x1ac0/0x1ac0 [ 2240.846559] ? retint_kernel+0x2d/0x2d [ 2240.850596] populate_vma_page_range+0x20d/0x2a0 [ 2240.855372] __mm_populate+0x204/0x380 [ 2240.859279] ? populate_vma_page_range+0x2a0/0x2a0 [ 2240.864244] __x64_sys_mlockall+0x35c/0x520 [ 2240.868595] do_syscall_64+0xfd/0x620 [ 2240.872417] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2240.877612] RIP: 0033:0x45b349 [ 2240.880820] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2240.900166] RSP: 002b:00007f86ac35dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 2240.908020] RAX: ffffffffffffffda RBX: 00007f86ac35e6d4 RCX: 000000000045b349 [ 2240.915652] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 2240.922952] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2240.930234] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2240.937602] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bf2c [ 2240.946519] Task in /syz4 killed as a result of limit of /syz4 [ 2240.952972] memory: usage 307200kB, limit 307200kB, failcnt 35045 [ 2240.959392] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2240.966655] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2240.972910] Memory cgroup stats for /syz4: cache:124KB rss:293220KB rss_huge:190464KB shmem:24KB mapped_file:132KB dirty:0KB writeback:0KB swap:0KB inactive_anon:153012KB active_anon:13396KB inactive_file:4KB active_file:4KB unevictable:126872KB [ 2240.995945] Memory cgroup out of memory: Kill process 4552 (syz-executor.4) score 1226 or sacrifice child [ 2241.006539] Killed process 4572 (syz-executor.4) total-vm:72720kB, anon-rss:18328kB, file-rss:34816kB, shmem-rss:0kB [ 2241.994949] syz-executor.5 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 2242.006496] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 2242.012414] CPU: 1 PID: 4561 Comm: syz-executor.5 Not tainted 4.19.99-syzkaller #0 [ 2242.020139] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2242.029512] Call Trace: [ 2242.032129] dump_stack+0x197/0x210 [ 2242.035786] dump_header+0x15e/0xa55 [ 2242.039519] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2242.044644] ? ___ratelimit+0x60/0x595 [ 2242.048549] ? do_raw_spin_unlock+0x181/0x270 [ 2242.053111] oom_kill_process.cold+0x10/0x6ef [ 2242.057638] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2242.063297] ? task_will_free_mem+0x139/0x6e0 [ 2242.067825] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2242.072608] out_of_memory+0x362/0x1330 [ 2242.076604] ? oom_killer_disable+0x280/0x280 [ 2242.081126] ? __mutex_lock+0x429/0x1300 [ 2242.085217] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2242.090119] ? memcg_event_wake+0x230/0x230 [ 2242.094456] ? do_raw_spin_unlock+0x181/0x270 [ 2242.099072] ? _raw_spin_unlock+0x2d/0x50 [ 2242.103245] try_charge+0xec5/0x1490 [ 2242.107091] ? lock_downgrade+0x880/0x880 [ 2242.111260] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2242.116249] ? rcu_read_unlock+0x33/0x60 [ 2242.120337] ? get_mem_cgroup_from_mm+0x185/0x510 [ 2242.125192] ? trace_hardirqs_on_caller+0x6a/0x220 [ 2242.130143] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 2242.136231] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2242.141122] mem_cgroup_try_charge+0x259/0x6b0 [ 2242.145850] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2242.150905] wp_page_copy+0x430/0x16a0 [ 2242.154833] ? follow_pfn+0x2a0/0x2a0 [ 2242.158649] ? do_raw_spin_unlock+0x181/0x270 [ 2242.163397] do_wp_page+0x57d/0x10b0 [ 2242.167232] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2242.171930] ? kasan_check_write+0x14/0x20 [ 2242.176185] ? do_raw_spin_lock+0xd7/0x250 [ 2242.180439] __handle_mm_fault+0x2305/0x3f80 [ 2242.184862] ? copy_page_range+0x2030/0x2030 [ 2242.189306] ? count_memcg_event_mm+0x2b1/0x4d0 [ 2242.194059] handle_mm_fault+0x1b5/0x690 [ 2242.198166] __get_user_pages+0x609/0x1860 [ 2242.202430] ? follow_page_mask+0x1ac0/0x1ac0 [ 2242.206935] ? retint_kernel+0x2d/0x2d [ 2242.210850] ? populate_vma_page_range+0xcf/0x2a0 [ 2242.215894] populate_vma_page_range+0x20d/0x2a0 [ 2242.220694] __mm_populate+0x204/0x380 [ 2242.224686] ? populate_vma_page_range+0x2a0/0x2a0 [ 2242.229664] __x64_sys_mlockall+0x35c/0x520 [ 2242.235232] do_syscall_64+0xfd/0x620 [ 2242.239086] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2242.244287] RIP: 0033:0x45b349 [ 2242.247492] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2242.266526] RSP: 002b:00007f4b94dddc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 2242.274347] RAX: ffffffffffffffda RBX: 00007f4b94dde6d4 RCX: 000000000045b349 [ 2242.281719] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 2242.289005] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2242.296439] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2242.303862] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bf2c [ 2242.311872] Task in /syz5 killed as a result of limit of /syz5 [ 2242.318190] memory: usage 307200kB, limit 307200kB, failcnt 1344 [ 2242.324611] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2242.331679] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2242.337934] Memory cgroup stats for /syz5: cache:188KB rss:295252KB rss_huge:40960KB shmem:80KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:235944KB active_anon:6348KB inactive_file:8KB active_file:4KB unevictable:53012KB [ 2242.360867] Memory cgroup out of memory: Kill process 4559 (syz-executor.5) score 1223 or sacrifice child [ 2242.370773] Killed process 4668 (syz-executor.5) total-vm:72588kB, anon-rss:18196kB, file-rss:34816kB, shmem-rss:0kB [ 2242.979804] oom_reaper: reaped process 4572 (syz-executor.4), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 03:27:44 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x70, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x40, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{0x0, 0x0, 0xf000}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}, @TCA_RSVP_CLASSID={0x8, 0x1, {0x0, 0x8}}]}}]}, 0x70}}, 0x0) 03:27:44 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x68, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x38, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}]}}]}, 0x68}, 0x1, 0x800000000000000}, 0x0) 03:27:45 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x70, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x40, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{0x0, 0x0, 0x34000}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}, @TCA_RSVP_CLASSID={0x8, 0x1, {0x0, 0x8}}]}}]}, 0x70}}, 0x0) 03:27:45 executing program 4: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, &(0x7f0000000180)={'tunl0\x00', @ifru_flags}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70", 0x15) 03:27:45 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x0, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:27:45 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x68, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x38, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}]}}]}, 0x68}, 0x1, 0x900000000000000}, 0x0) 03:27:45 executing program 5: sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(0xffffffffffffffff, 0x89f0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x7ffff000) r0 = socket(0x0, 0x400000000080803, 0x0) write(r0, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) 03:27:45 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800e20000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtfilter={0x70, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x40, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{0x0, 0x0, 0x400300}, {}, 0x0, 0x0, 0x3}}, @TCA_RSVP_DST={0x14, 0x2, @rand_addr="ff79e8d9d9da6a0a98d71b1bc1612d58"}, @TCA_RSVP_CLASSID={0x8, 0x1, {0x0, 0x8}}]}}]}, 0x70}}, 0x0) 03:27:45 executing program 2: r0 = syz_open_procfs(0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) sendfile(0xffffffffffffffff, r0, 0x0, 0x7ffff000) r2 = socket(0x0, 0x400000000080803, 0x0) write(r2, &(0x7f0000000240)="1b0000001a0025f00485bc04fef7001d020b49ff70880000800328", 0x1b) [ 2244.318921] syz-executor.2 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=0 [ 2244.330694] syz-executor.2 cpuset=syz2 mems_allowed=0-1 [ 2244.336118] CPU: 1 PID: 4702 Comm: syz-executor.2 Not tainted 4.19.99-syzkaller #0 [ 2244.344005] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2244.353655] Call Trace: [ 2244.356260] dump_stack+0x197/0x210 [ 2244.360258] dump_header+0x15e/0xa55 [ 2244.364274] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2244.369712] ? ___ratelimit+0x60/0x595 [ 2244.373694] ? do_raw_spin_unlock+0x181/0x270 [ 2244.378202] oom_kill_process.cold+0x10/0x6ef [ 2244.382801] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2244.388350] ? task_will_free_mem+0x139/0x6e0 [ 2244.392979] ? find_held_lock+0x35/0x130 [ 2244.397143] out_of_memory+0x362/0x1330 [ 2244.401129] ? lock_downgrade+0x880/0x880 [ 2244.405287] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2244.410577] ? oom_killer_disable+0x280/0x280 [ 2244.415265] ? find_held_lock+0x35/0x130 [ 2244.419346] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2244.424199] ? memcg_event_wake+0x230/0x230 [ 2244.428624] ? do_raw_spin_unlock+0x181/0x270 [ 2244.433221] ? _raw_spin_unlock+0x2d/0x50 [ 2244.437456] try_charge+0xec5/0x1490 [ 2244.441268] ? lock_downgrade+0x880/0x880 [ 2244.445528] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2244.450395] ? rcu_read_unlock+0x33/0x60 [ 2244.454493] ? get_mem_cgroup_from_mm+0x185/0x510 [ 2244.459355] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 2244.465513] ? mark_held_locks+0x100/0x100 [ 2244.469781] mem_cgroup_try_charge+0x259/0x6b0 [ 2244.474396] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2244.479452] __handle_mm_fault+0x1e50/0x3f80 [ 2244.483889] ? copy_page_range+0x2030/0x2030 [ 2244.488326] ? count_memcg_event_mm+0x2b1/0x4d0 [ 2244.493096] handle_mm_fault+0x1b5/0x690 [ 2244.497175] __get_user_pages+0x609/0x1860 [ 2244.501427] ? follow_page_mask+0x1ac0/0x1ac0 [ 2244.505954] ? lock_acquire+0x16f/0x3f0 [ 2244.509951] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2244.515509] populate_vma_page_range+0x20d/0x2a0 [ 2244.520282] __mm_populate+0x204/0x380 [ 2244.524186] ? populate_vma_page_range+0x2a0/0x2a0 [ 2244.529132] __x64_sys_mlockall+0x35c/0x520 [ 2244.533476] do_syscall_64+0xfd/0x620 [ 2244.537302] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2244.542508] RIP: 0033:0x45b349 [ 2244.545803] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2244.564744] RSP: 002b:00007fbf16a2fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 2244.572478] RAX: ffffffffffffffda RBX: 00007fbf16a306d4 RCX: 000000000045b349 [ 2244.580377] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 2244.587871] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2244.595246] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2244.602628] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bf2c [ 2244.610301] Task in /syz2 killed as a result of limit of /syz2 [ 2244.616365] memory: usage 307200kB, limit 307200kB, failcnt 409 [ 2244.622586] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2244.629472] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2244.635693] Memory cgroup stats for /syz2: cache:24KB rss:295828KB rss_huge:28672KB shmem:60KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:255160KB active_anon:8744KB inactive_file:4KB active_file:4KB unevictable:32024KB [ 2244.657755] Memory cgroup out of memory: Kill process 4671 (syz-executor.2) score 173 or sacrifice child [ 2244.667856] Killed process 4671 (syz-executor.2) total-vm:72852kB, anon-rss:18452kB, file-rss:34816kB, shmem-rss:0kB [ 2245.409806] syz-executor.5 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 2245.421703] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 2245.427381] CPU: 0 PID: 4694 Comm: syz-executor.5 Not tainted 4.19.99-syzkaller #0 [ 2245.435102] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2245.444489] Call Trace: [ 2245.447095] dump_stack+0x197/0x210 [ 2245.450737] dump_header+0x15e/0xa55 [ 2245.454468] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2245.459586] ? ___ratelimit+0x60/0x595 [ 2245.463490] ? do_raw_spin_unlock+0x181/0x270 [ 2245.468016] oom_kill_process.cold+0x10/0x6ef [ 2245.472535] out_of_memory+0x362/0x1330 [ 2245.476512] ? lock_downgrade+0x880/0x880 [ 2245.480766] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2245.485904] ? oom_killer_disable+0x280/0x280 [ 2245.490406] ? find_held_lock+0x35/0x130 [ 2245.494487] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2245.499443] ? memcg_event_wake+0x230/0x230 [ 2245.503785] ? do_raw_spin_unlock+0x181/0x270 [ 2245.508306] ? _raw_spin_unlock+0x2d/0x50 [ 2245.512451] try_charge+0xec5/0x1490 [ 2245.516175] ? lock_downgrade+0x880/0x880 [ 2245.520325] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2245.525182] ? rcu_read_unlock+0x33/0x60 [ 2245.529267] ? get_mem_cgroup_from_mm+0x185/0x510 [ 2245.534117] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 2245.540189] mem_cgroup_try_charge+0x259/0x6b0 [ 2245.544796] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2245.549740] wp_page_copy+0x430/0x16a0 [ 2245.553640] ? follow_pfn+0x2a0/0x2a0 [ 2245.557454] ? do_raw_spin_unlock+0x181/0x270 [ 2245.561978] do_wp_page+0x57d/0x10b0 [ 2245.565707] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2245.570383] ? kasan_check_write+0x14/0x20 [ 2245.574732] ? do_raw_spin_lock+0xd7/0x250 [ 2245.578973] __handle_mm_fault+0x2305/0x3f80 [ 2245.583406] ? copy_page_range+0x2030/0x2030 [ 2245.587824] ? count_memcg_event_mm+0x2b1/0x4d0 [ 2245.592695] handle_mm_fault+0x1b5/0x690 [ 2245.596770] __get_user_pages+0x609/0x1860 [ 2245.601023] ? follow_page_mask+0x1ac0/0x1ac0 [ 2245.605532] ? retint_kernel+0x2d/0x2d [ 2245.609437] ? populate_vma_page_range+0x91/0x2a0 [ 2245.614394] populate_vma_page_range+0x20d/0x2a0 [ 2245.619166] __mm_populate+0x204/0x380 [ 2245.623060] ? populate_vma_page_range+0x2a0/0x2a0 [ 2245.628016] __x64_sys_mlockall+0x35c/0x520 [ 2245.632434] do_syscall_64+0xfd/0x620 [ 2245.636248] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2245.641438] RIP: 0033:0x45b349 [ 2245.644659] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2245.664631] RSP: 002b:00007f4b94dddc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 2245.672467] RAX: ffffffffffffffda RBX: 00007f4b94dde6d4 RCX: 000000000045b349 [ 2245.679769] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 2245.689064] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2245.696349] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2245.703618] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bf2c [ 2245.711864] Task in /syz5 killed as a result of limit of /syz5 [ 2245.718064] memory: usage 307200kB, limit 307200kB, failcnt 1355 [ 2245.724345] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2245.731260] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2245.737641] Memory cgroup stats for /syz5: cache:188KB rss:295128KB rss_huge:40960KB shmem:80KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:235768KB active_anon:6348KB inactive_file:8KB active_file:4KB unevictable:53144KB [ 2245.760150] Memory cgroup out of memory: Kill process 4690 (syz-executor.5) score 1226 or sacrifice child [ 2245.770221] Killed process 4699 (syz-executor.5) total-vm:72720kB, anon-rss:18328kB, file-rss:34816kB, shmem-rss:0kB [ 2349.239844] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: [ 2349.246157] rcu: (detected by 0, t=10502 jiffies, g=257753, q=98) [ 2349.252501] rcu: All QSes seen, last rcu_preempt kthread activity 10503 (4295172073-4295161570), jiffies_till_next_fqs=1, root ->qsmask 0x0 [ 2349.265292] syz-executor.5 R running task 25792 4694 8199 0x80000002 [ 2349.272521] Call Trace: [ 2349.275118] [ 2349.277290] sched_show_task.cold+0x2ee/0x35d [ 2349.281801] ? set_rq_offline.part.0+0x140/0x140 [ 2349.286573] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 2349.291701] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2349.297261] rcu_check_callbacks.cold+0xaa1/0xd90 [ 2349.302140] update_process_times+0x32/0x80 [ 2349.306585] tick_sched_handle+0xa2/0x190 [ 2349.310749] tick_sched_timer+0x47/0x130 [ 2349.314828] __hrtimer_run_queues+0x33b/0xdc0 [ 2349.319426] ? tick_sched_do_timer+0x1b0/0x1b0 [ 2349.324028] ? hrtimer_fixup_activate+0x30/0x30 [ 2349.328710] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 2349.333840] ? ktime_get_update_offsets_now+0x2d3/0x440 [ 2349.339225] hrtimer_interrupt+0x314/0x770 [ 2349.343499] smp_apic_timer_interrupt+0x111/0x550 [ 2349.348362] apic_timer_interrupt+0xf/0x20 [ 2349.352598] [ 2349.354845] RIP: 0010:preempt_count_add+0x7b/0x1b0 [ 2349.359833] Code: 00 00 fc ff df 48 89 da 83 e3 07 48 c1 ea 03 83 c3 03 65 44 01 25 05 f7 b8 7e 0f b6 04 02 38 c3 7c 08 84 c0 0f 85 fe 00 00 00 <8b> 15 bf 43 81 09 85 d2 75 15 65 8b 05 e4 f6 b8 7e 0f b6 c0 3d f4 [ 2349.378748] RSP: 0018:ffff88820aabf210 EFLAGS: 00000297 ORIG_RAX: ffffffffffffff13 [ 2349.386464] RAX: 0000000000000004 RBX: 0000000000000003 RCX: 0000000000000000 [ 2349.393748] RDX: 1ffffffff1594754 RSI: 0000000000000004 RDI: 0000000000000001 [ 2349.401031] RBP: ffff88820aabf220 R08: 1ffff11015d04732 R09: ffffed1015d04733 [ 2349.408305] R10: ffffed1015d04732 R11: ffff8880ae823993 R12: 0000000000000001 [ 2349.415576] R13: ffff888054e4cac0 R14: 0000000000000000 R15: 0000000000000000 [ 2349.422880] rcu_lockdep_current_cpu_online+0x37/0x1c0 [ 2349.428177] rcu_read_lock_held+0x8a/0xd0 [ 2349.432331] css_next_descendant_pre+0x102/0x190 [ 2349.437097] mem_cgroup_iter+0x39e/0xac0 [ 2349.441167] ? queue_work_on+0x114/0x200 [ 2349.445238] ? mem_cgroup_nr_lru_pages+0x80/0x80 [ 2349.450021] shrink_node+0x20d/0x1450 [ 2349.453857] ? shrink_node_memcg+0x13f0/0x13f0 [ 2349.458474] do_try_to_free_pages+0x3cb/0x11c0 [ 2349.463085] ? shrink_node+0x1450/0x1450 [ 2349.467167] try_to_free_mem_cgroup_pages+0x32b/0x920 [ 2349.472361] ? mark_held_locks+0xb1/0x100 [ 2349.476516] ? try_to_free_pages+0x7f0/0x7f0 [ 2349.480934] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 2349.486067] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2349.491181] ? cgroup_file_notify+0x140/0x1b0 [ 2349.495688] try_charge+0x51d/0x1490 [ 2349.499409] ? lock_downgrade+0x880/0x880 [ 2349.503568] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2349.508433] ? rcu_read_unlock+0x33/0x60 [ 2349.512509] ? get_mem_cgroup_from_mm+0x185/0x510 [ 2349.517374] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 2349.523452] mem_cgroup_try_charge+0x259/0x6b0 [ 2349.528048] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2349.532988] wp_page_copy+0x430/0x16a0 [ 2349.536905] ? follow_pfn+0x2a0/0x2a0 [ 2349.540717] ? do_raw_spin_unlock+0x181/0x270 [ 2349.545232] do_wp_page+0x57d/0x10b0 [ 2349.548960] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2349.553754] ? kasan_check_write+0x14/0x20 [ 2349.558003] ? do_raw_spin_lock+0xd7/0x250 [ 2349.562257] __handle_mm_fault+0x2305/0x3f80 [ 2349.566688] ? copy_page_range+0x2030/0x2030 [ 2349.571136] ? count_memcg_event_mm+0x2b1/0x4d0 [ 2349.575823] handle_mm_fault+0x1b5/0x690 [ 2349.579899] __get_user_pages+0x609/0x1860 [ 2349.584157] ? follow_page_mask+0x1ac0/0x1ac0 [ 2349.588669] ? retint_kernel+0x2d/0x2d [ 2349.592577] ? populate_vma_page_range+0x91/0x2a0 [ 2349.597442] populate_vma_page_range+0x20d/0x2a0 [ 2349.602251] __mm_populate+0x204/0x380 [ 2349.606170] ? populate_vma_page_range+0x2a0/0x2a0 [ 2349.611148] __x64_sys_mlockall+0x35c/0x520 [ 2349.615493] do_syscall_64+0xfd/0x620 [ 2349.619312] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2349.624531] RIP: 0033:0x45b349 [ 2349.627752] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2349.646673] RSP: 002b:00007f4b94dddc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 2349.654589] RAX: ffffffffffffffda RBX: 00007f4b94dde6d4 RCX: 000000000045b349 [ 2349.661886] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 2349.669347] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2349.676644] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2349.683932] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bf2c [ 2349.691247] rcu: rcu_preempt kthread starved for 10547 jiffies! g257753 f0x2 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1 [ 2349.701826] rcu: RCU grace-period kthread stack dump: [ 2349.707029] rcu_preempt R running task 29104 10 2 0x80000000 [ 2349.714356] Call Trace: [ 2349.716966] __schedule+0x866/0x1dc0 [ 2349.720706] ? firmware_map_remove+0x1a7/0x1a7 [ 2349.725305] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 2349.730435] ? lockdep_hardirqs_on+0x415/0x5d0 [ 2349.735038] ? trace_hardirqs_on+0x67/0x220 [ 2349.739382] schedule+0x92/0x1c0 [ 2349.742765] schedule_timeout+0x4db/0xfc0 [ 2349.746930] ? usleep_range+0x170/0x170 [ 2349.750926] ? trace_hardirqs_on+0x67/0x220 [ 2349.755265] ? __next_timer_interrupt+0x1a0/0x1a0 [ 2349.760126] ? prepare_to_swait_exclusive+0x120/0x120 [ 2349.765336] rcu_gp_kthread+0xd5c/0x2190 [ 2349.769436] ? rcu_blocking_is_gp+0x90/0x90 [ 2349.773775] ? trace_hardirqs_on+0x67/0x220 [ 2349.778117] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2349.783236] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2349.788787] ? __kthread_parkme+0xfb/0x1b0 [ 2349.793055] kthread+0x354/0x420 [ 2349.796429] ? rcu_blocking_is_gp+0x90/0x90 [ 2349.800764] ? kthread_cancel_delayed_work_sync+0x20/0x20 [ 2349.806324] ret_from_fork+0x24/0x30