[ 1208.150792][ T7660] mem_cgroup_try_charge+0x24d/0x5e0 [ 1208.156099][ T7660] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1208.161747][ T7660] __handle_mm_fault+0x1e1f/0x3ec0 [ 1208.166875][ T7660] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1208.172438][ T7660] ? find_held_lock+0x35/0x130 [ 1208.177216][ T7660] ? handle_mm_fault+0x322/0xb30 [ 1208.182174][ T7660] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1208.188435][ T7660] ? kasan_check_read+0x11/0x20 [ 1208.193303][ T7660] handle_mm_fault+0x43f/0xb30 [ 1208.198086][ T7660] __get_user_pages+0x7b6/0x1a40 [ 1208.203046][ T7660] ? follow_page_mask+0x19a0/0x19a0 [ 1208.208253][ T7660] ? perf_trace_lock+0xeb/0x510 [ 1208.213112][ T7660] ? __vma_adjust+0x1840/0x1840 [ 1208.217988][ T7660] ? lock_acquire+0x16f/0x3f0 [ 1208.222670][ T7660] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1208.228935][ T7660] populate_vma_page_range+0x20d/0x2a0 [ 1208.234414][ T7660] __mm_populate+0x204/0x380 [ 1208.239011][ T7660] ? populate_vma_page_range+0x2a0/0x2a0 [ 1208.244636][ T7660] __x64_sys_mlockall+0x35c/0x520 [ 1208.249735][ T7660] do_syscall_64+0x103/0x610 [ 1208.254348][ T7660] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1208.260234][ T7660] RIP: 0033:0x458079 [ 1208.264119][ T7660] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1208.283740][ T7660] RSP: 002b:00007fa3c5772c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 1208.292175][ T7660] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000458079 [ 1208.300139][ T7660] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 03:41:54 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000140)=0x74, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000b86000)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000000)='bbr\x00', 0x4) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendto$inet(r0, &(0x7f00000012c0)="bb0224d1b5449778f5fde2561e416a17a41a0de3f6650937e2f9a79ecdbdab2a65e3a5bbef53ad8a8c120310e18b158121936492c3fec0bdaa2a2cf8508d1c66e2ef567f848b3a4f13e12d90b27ee4ab6626a81a53d113e884f4a6cfd97a68a1fabb85d6ce78b415e91a957905a7a558db6f6d87f8993c5a77e686f7b0ada3650fbc5732e18d34de5fdb14dc81ac4efeff01ddfd62afcfbac4762c03d1f3abe353b4b772f8be5cf8acd1b2f8bd7ae5f379ea97db0314f92750f61b4360cc620c3baf8e47e8186dcb8b9f68dfe648274c1a5ba5a0fa17f60551ca7b51825b865e57bc9b04d7cebe922d69dec2062ddbcf6911d423aa6b5b8cdac74abc97f394a80ecca7ecd31399f3fc9df3e1d3bb7bc5ee342e7b21d60e0e04397d297e9f6880e9f82fddfa0f043702f83ba4813017a00d2e308b171fc9d055f53b8600935131568ee24f8009db57e4cab294378f08e935c9b709f499edff76048d7efefb887d15eb08603abe2e02b9a965c64612825e70169748e6be94c4c9d46c52915f2e052fb9bbc939b15df1cb337e52298f12a44fe0ad6cbda10bdbce7828101b4b23c842fdcb4c6882ca2e74d2dc0faaee99bfee3b659d13181b91ac247abfc7b3494be909b71f2ccdc7411a045eafca28cd3bd029b7ad8c92e8746c6d3f7e6ae8f13f601486ed18e9eb947723a3266c663e68c9a0211986b25b4f487ec594d52fd7189f7af779ef52bac93f82b9ee6f4e7a25fcf5f6ebbdcd43e22e2bc81b48e6c396770177af305727c287e5c95ab9dc13903cc7107b9732ccebb6e511e7dc70060106bd27215970bc971a3a404daf836baa070d559ffbae65d1bf41e05ce9dfaec3ec5a9b6c4e8c11e2fc595aabbf68132d9823cfffc643f611fc61483283f13ce84116d2879b934920d7cde54ddda6e05098944c7fc8fa6f071cf82bcee045f5f494a56031f7f7f11ebcfc09db8e00f78aeeea181f1d7b6b4e231aa2b689138f937a73113315c82d04ab429d7f676c0b24bb5790afb969283e27a0fb0e5c6e8ddcf8275b993bc170484f8049c02ab8e6f0413d12e89ce8a3af0ba32675191749921d80131ad8e3aa0821fa76820fbb2250033756fb8de9790abf5bc619bad25ab6d48a3dde032b98ce82960baf647033ddf11ca172c6275c788d03364cb5403a6a4dd8cbe74955c5fa5494a71814b73f6f12dbe1d28cb5fc975e65f6d841432c7a76aefa29b294a2616fb223b41765a59cf81ad5bc435c9a151b7982d84b27e9fc25c700c90fcb7af90a3706c9639a924a1772a1e9a764649f161353e6e12fd836de7be3cd88a45153d1ce8c635ee82f2bbe4bae55cbe4f66723497a07d6177d0d76f74b52dd4c7d24f889e0e8c90c7100aa12bbf7f2aa8cf6d818942fde95713add7621c961165af471a5f3249d6f12ddbda594193a469c3ec17891650c4e8029ee0c897a6b66171782e7b2d163b2d637cd831d2732f374562c9cba3d3558060c5aba5782c9542a940f1e0a9142870e2be08c38c970eca0043bc114759855b093f2780aba5cb1bbd49c3029a2b2f4a8030b6ff2529aa5a50d7819297d47ebd0dfea0a54d024477e3b1a18536626bb68286f6c9ab7f6f677d08d37cd6c9bdafb1c9d70c905146a1e22fae5d43bb55fb825c3364298fcdbb631df1b1fe23a6a9c98073e93fa5963fc7fd9576002694cd9df44341ade7bee751095b22a76430cac1b855ab8fce1dcc7f3c17ef53970ea44153045f61195d45e798540bb64da05f4b3167d99578b3bcb63c3be6572d5bfe50ace29f6e9c3d01e76ec9c74d46a9363a6821dd78c102b65593aca53206503d86f13062ba7f6d6b53a32249e3ce5f24651aadeb633ef5ff72099ca1b21aa407dc163ea6910ebf29252350a2c66ffd06306533c25738be134ef8585823f2e7f46f1d10561a6a30061c677c3a643bafb86c6841f89ca3544adc708ee9c39386a3cd3174006e2b99e523e96e1310d3880723db2ac4a9ee38fc4f96698e632ddcfb8ed393fe3902c70e3ab253131897bf0ca05fe8f1d8beec1d50bc58634349979d9af73e81020b056fb5ae4d02fa14696c64f8e3f5ecd731d50e5c2b96742dce8a9a5365a17fc587bf2e36d4356416159e66adc310f05dc10ce68b18b0a1ffe6c4f0b26b76640bcefdbe17717a447a1aef6c485b2f77e8e1424f0457900d3bd99be22f23072a271079388a2b4d22a37e3104e665e5909f474fbaec3120c674956f3f16366d6a8dd7c56d0392df9fab61b7b5b3884b3cb2746e704f8282fcad511ad21ace75560b92820f66817eb8e8dafa834fe5b80cc0dba18e3ae2a9409f691335349a246bbbeaa9bda63c22cd1913e77968d6ec2d037e432615da072739447ab52c9ea76bb8a8394ffba7b0e7f878d63aa6643fa3f41e8447fdc4ed3e47d24f3d675f1e2b73193cf4d25ef047c1f6959c4bac8b935672f9216723737555daebe36bb28f754c3ebeedd1c9025031cd705471500602b67779dedc8417f0ca0197faaa01fca0be19241ad84d16d44899b05574abab2c0a4b86eb438d71a0e937a8d3af89f91726d0325b9a370f043df69b5447caa2c537e38fb540698ee42147cf841935c70eede52ee80ef7f76e76d3d0a096efdbd61e4a8e01a8e9e9fcfba9b254a852e6e779b46bdd3a06cfd995d39b82f3f8373668c1f815ac0bc375092661fbc3b2a0276a3c3f44a074d6779fc3ce2de32ffd5351bb5cb34a57fe3d6120f00da81f77eaec3ca36676b89077144f84dfe8eef5d029cbf721a853dbb3cfecd7e34b0c7ea9d3fa2afbc4282928de004eb78f5febb18fcdf5ad83cc1283ce75c3c7104c0ab73d3b96d28f7a44570d5cfec70e306c7dae488e5557503c202d2d5c53e86f8908d9b4a22c21efacafbfc6b1f7d3abeaab8cdb69d0734b80507be634a793f5ada6216a0135385677960a45ac91c7a566d0590bde8e8720bb2cc2b890eeb9f93a685cf701b69985dda4f9bfbe7d573a2624cffacba9f0cf99e7554bd4931c0d53d7a51bf8a573133e6417db05fabfc7cadfc8cc036024da140ba331c5baa60b225e46e1fa7240f93e76f34a2b4851a9434f6ea9e71b85c14b5b0d0ef2e464409a8b3b2718604629e7999f28d6a395f34c2a6f4aace2e909b54dd83f119f9e6e34f172abcb6db3170cb49eca6017c8f3094f75757865ee7d78b881e1358341a3bba79c397b9be9a6892ba7b5ef3cadfc791e257051acac96918d9b78122b55b5ac1525d7888a0d183824a9035802b828037d275e0caff11f1de4820ef41946e1d76dc4b9d04c2f63835257017270442f98f4191a9b6868abcbdd70f6290854571ab31f07f9b0579980ecfa430d024ebffbe0efd6d5ee4aa18697b691ba688f43dae43df405a3e717a3d2810591493eb7395e232bf74c32e4b4179bb0beb584b8eee1b00b179da723ee41f23e860d8558d05a41d6974aebdfed6fcec2de347e28a821249d81f6038d3fc23eedbf89c43026a8d5c928b15a3026e343518d7ef68ceac5eecb27e6f9b8d34b2163b20597d5a49db36ac17779868c15daf0b623da792a638bb4ca18dac4e5188c501f18a34ef71d52f8fcc5e3d7e3fa4c97b3974c15e7554ac8e6c8654d1db5cd20480b0a4b85c5e12d0920ddd8cc081170e6a30f26d1d7775259c0d81a37fbf4c0b6836932a3572bba67541831e751c81ad892bc5ed6c62fbffd2ad2acf2c93a7fbd3738b0c4b8fb9d5d411093c9be1a4696f561c7c8c5a581f2f7cde751365e68998e1469ff57bfa7d478ef77681fb8b5bd254edc5d6ac824512f92ba8abe6d3852765afb8937fd8e99aece5250a10a832d4ff6bfb12d5", 0xa94, 0x0, 0x0, 0x0) [ 1208.308091][ T7660] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1208.316044][ T7660] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa3c57736d4 [ 1208.324004][ T7660] R13: 00000000004c3d3a R14: 00000000004d6f20 R15: 00000000ffffffff [ 1208.349303][ T7660] memory: usage 307200kB, limit 307200kB, failcnt 439 [ 1208.364292][ T7660] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1208.372183][ T7660] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1208.379369][ T7660] Memory cgroup stats for /syz4: cache:0KB rss:278848KB rss_huge:18432KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:235456KB active_anon:27412KB inactive_file:4KB active_file:0KB unevictable:16068KB [ 1208.405005][ T7660] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=7659,uid=0 [ 1208.420880][ T7660] Memory cgroup out of memory: Killed process 7659 (syz-executor.4) total-vm:72448kB, anon-rss:16016kB, file-rss:37164kB, shmem-rss:0kB [ 1208.435532][ T1043] oom_reaper: reaped process 7659 (syz-executor.4), now anon-rss:16064kB, file-rss:37944kB, shmem-rss:0kB 03:41:54 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f000080e000)={0x2, 0xe, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0xffffff80, 0x0, @in6}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0x60}, 0x1, 0x0, 0x0, 0x1000000}, 0x0) [ 1210.480679][ C1] net_ratelimit: 14 callbacks suppressed [ 1210.480699][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1210.492153][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1210.497926][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1210.503705][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1210.509468][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1210.515266][ C1] protocol 88fb is buggy, dev hsr_slave_1 03:41:57 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, 0x0, 0x0) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() setsockopt$IPT_SO_SET_REPLACE(r1, 0x0, 0x40, &(0x7f00000000c0)=ANY=[@ANYBLOB="6e61853167377400000100000000000000000000e4dbb77487e90104000000000040800000000000001b2300000503000018030000cc0000ac010000000000001004d1e090e1fe916dd282e0f34f8dfac0dc1695c4d700001004000010030002d3a379b87c5ade6e27a603551ae6543351c2f2d3c00f3f72e011777424c981c41f852110e5d4a50bc78b2aa66b63012812d04b94d660aab341cfe8364422b866cd445d5d0f4d6715baea5900323e00000000000071cf4f040095006f"], 0x1) ptrace$setopts(0x4206, r2, 0x0, 0x0) wait4(0x0, 0x0, 0x0, 0x0) tkill(r2, 0x3c) 03:41:57 executing program 0: socket$inet6(0xa, 0x1000000000002, 0x0) r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = socket$inet(0x2, 0x1, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) connect$inet(r1, &(0x7f0000000080)={0x2, 0x0, @loopback}, 0x10) dup2(0xffffffffffffffff, r1) tkill(r0, 0x1000000000016) 03:41:57 executing program 5: socket$inet_sctp(0x2, 0x5, 0x84) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f00000003c0)=ANY=[@ANYBLOB="7cdaf117ad949c33f5436f8e61287af40e63e6559df00e1c92e3892c4c1cde1e61dc755864675bb0084e5e8ed007ed531d2e2cbd9c775f9e6d807d11e9e6c7c13e9b9937"], 0x0) r1 = socket(0xa, 0x3, 0x5) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'bridge0\x00\x00\x01\x00'}) setsockopt$ARPT_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x0, 0x61, &(0x7f0000000080)={'filter\x00', 0x4}, 0x68) setsockopt$inet6_mtu(r1, 0x29, 0x17, &(0x7f00000001c0)=0x2, 0x4) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8923, &(0x7f0000000040)={'bridge0\x00', 0xfffffffffffffffd}) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) socket$inet(0x2, 0x4000000000000001, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCBRADDBR(r4, 0x89a0, &(0x7f00000000c0)='bcsf0\x00') setsockopt$inet6_mtu(r3, 0x29, 0x17, &(0x7f00000002c0)=0x7, 0x4) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(tnepres)\x00'}, 0x58) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r2, 0x84, 0x7c, &(0x7f0000000680)={0x0, 0x4}, &(0x7f00000006c0)=0x8) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f0000000700)={0x0, 0x0, 0x2, 0x1, r6}, 0x10) r7 = accept4(r5, 0x0, &(0x7f0000000000), 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000100), 0x0) sendmsg$NBD_CMD_STATUS(r4, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)={0x20, 0x0, 0x20, 0x70bd27, 0x25dfdbfd, {}, [@NBD_ATTR_TIMEOUT={0xc, 0x4, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x4000) sendto$unix(r7, &(0x7f0000000400), 0xfffffffffffffef8, 0x0, 0x0, 0x22) bind$bt_l2cap(r2, &(0x7f0000000280)={0x1f, 0x1000, {0x2, 0x8, 0x9, 0xff, 0x40, 0x65f}, 0x5, 0xa1}, 0xe) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000200)={r3, &(0x7f0000000140)="b127e17bb4729bdbe9df3309c28cfe1b0b69a52b7f9659d9f5e15f2d086700eb94d66d46780f09e48850970774d57053aa6f75", 0x0, 0x1}, 0x20) socket$alg(0x26, 0x5, 0x0) recvmmsg(r7, &(0x7f0000009140)=[{{&(0x7f0000001580)=@in={0x2, 0x0, @dev}, 0x80, &(0x7f0000004840)=[{&(0x7f0000003840)=""/4096, 0x6}, {&(0x7f0000001600)=""/129, 0x7fffeffa}], 0x2, &(0x7f00000048c0)=""/58, 0x3a}}], 0x1, 0x0, &(0x7f0000009340)={0x0, 0x989680}) ioctl$sock_SIOCBRDELBR(r4, 0x89a1, &(0x7f0000000180)='bcsf0\x00\x00\x00\x00\x00\x00\x00\x11\x00') getsockopt$bt_rfcomm_RFCOMM_LM(r3, 0x12, 0x3, &(0x7f0000000380), &(0x7f0000000240)=0x293) sendmsg$nl_xfrm(r0, &(0x7f0000000100)={&(0x7f0000f4dff4), 0xc, &(0x7f0000000040)={&(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000c011100"], 0x1}}, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000600)={'bridge0\x00'}) 03:41:57 executing program 1: r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000a40)='xugetl\x04\x00\x00\x00\x00\x00\x00\x00age_ir_Z\xa2\xf4es\x00', 0x275a, 0x0) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000980)={r1, &(0x7f0000000800)="ab39524c6533fce2ec7386e3871297701c01494a930fce54aa6150d3acdf7460b855374e19b68de3d1ca660d8d6d631ecf1fd735d5dc6efdf9e56b1b55a0783abf6310", 0x0, 0x2}, 0x20) write$cgroup_int(r1, &(0x7f0000000000), 0xffffff6a) ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, 0x0) r2 = gettid() getsockopt$inet6_IPV6_IPSEC_POLICY(r1, 0x29, 0x22, &(0x7f0000000700)={{{@in6=@initdev, @in6=@ipv4={[], [], @initdev}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@remote}, 0x0, @in6=@mcast2}}, &(0x7f0000000040)=0xe8) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000180)={0x0, 0x0, 0x0}, &(0x7f0000000440)=0xc) setsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000500)={r2, r3, r4}, 0xc) r5 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r5, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r6 = socket$inet_udplite(0x2, 0x2, 0x88) r7 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r7, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x4}, 0x1c) getsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000340)={0x0, 0x40, &(0x7f0000000300)=[@in={0x2, 0x4e21, @multicast2}, @in={0x2, 0x4e23, @rand_addr=0x6}, @in={0x2, 0x4e22, @rand_addr=0x7}, @in={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f0000000380)=0x10) getsockopt$IP_VS_SO_GET_DESTS(r6, 0x0, 0x484, &(0x7f0000000600)=""/133, &(0x7f0000000400)=0x85) getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000540)={r8, @in6={{0xa, 0x4e24, 0x8, @dev={0xfe, 0x80, [], 0x23}, 0xfffffffffffeffff}}, 0x9, 0x6, 0x80000000, 0x3, 0x8}, &(0x7f00000003c0)=0x98) connect$llc(r0, &(0x7f0000000000)={0x1a, 0x1, 0x0, 0x0, 0x0, 0x0, @dev}, 0x10) recvmmsg(r0, &(0x7f0000001140)=[{{&(0x7f0000000100)=@alg, 0x80, &(0x7f0000000180), 0x0, &(0x7f00000001c0)=""/234, 0xea}, 0xfffffffffffffff9}], 0x1, 0x3, &(0x7f0000001240)) sendmmsg(r0, &(0x7f000000eac0)=[{{&(0x7f000000c440)=@sco={0x1f, {0x6, 0x3f, 0xffffffffffff0001, 0x7f, 0x80000000, 0xe87}}, 0x80, &(0x7f000000c6c0)=[{&(0x7f000000c680)}], 0x1}, 0x6}], 0x1, 0x20004000) 03:41:57 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f000080e000)={0x2, 0xe, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0xffffff80, 0x0, @in6}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0x60}, 0x1, 0x0, 0x0, 0x2000000}, 0x0) 03:41:57 executing program 4: socketpair$unix(0x1, 0x0, 0x0, 0x0) r0 = creat(0x0, 0x0) r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_STATUS(r0, 0xc05c5340, &(0x7f0000000200)={0xff, 0x9, 0xff, {}, 0x2, 0x1}) mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x0, 0x6031, 0xffffffffffffffff, 0x0) fcntl$dupfd(r2, 0x406, r1) [ 1210.835367][ T7715] IPVS: length: 133 != 24 03:41:57 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f000080e000)={0x2, 0xe, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0xffffff80, 0x0, @in6}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0x60}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) 03:41:57 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f000080e000)={0x2, 0xe, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0xffffff80, 0x0, @in6}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0x60}, 0x1, 0x0, 0x0, 0x8000000}, 0x0) [ 1211.160026][ T7702] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 1211.183494][ T7702] CPU: 0 PID: 7702 Comm: syz-executor.4 Not tainted 5.1.0-rc1-next-20190319 #6 [ 1211.192439][ T7702] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1211.202500][ T7702] Call Trace: [ 1211.205807][ T7702] dump_stack+0x172/0x1f0 [ 1211.210160][ T7702] dump_header+0x10f/0xb6c [ 1211.214601][ T7702] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1211.220420][ T7702] ? ___ratelimit+0x60/0x595 [ 1211.225024][ T7702] ? do_raw_spin_unlock+0x57/0x270 [ 1211.230153][ T7702] oom_kill_process.cold+0x10/0x15 [ 1211.235286][ T7702] out_of_memory+0x79a/0x1280 [ 1211.239977][ T7702] ? lock_downgrade+0x880/0x880 [ 1211.244838][ T7702] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1211.251094][ T7702] ? oom_killer_disable+0x280/0x280 [ 1211.256301][ T7702] ? find_held_lock+0x35/0x130 [ 1211.261088][ T7702] mem_cgroup_out_of_memory+0x1ca/0x230 [ 1211.266643][ T7702] ? memcg_event_wake+0x230/0x230 [ 1211.271687][ T7702] ? do_raw_spin_unlock+0x57/0x270 [ 1211.276815][ T7702] ? _raw_spin_unlock+0x2d/0x50 [ 1211.281683][ T7702] try_charge+0x118d/0x1790 [ 1211.286215][ T7702] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1211.291780][ T7702] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1211.298039][ T7702] ? kasan_check_read+0x11/0x20 [ 1211.302906][ T7702] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1211.308472][ T7702] mem_cgroup_try_charge+0x24d/0x5e0 [ 1211.313776][ T7702] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1211.319427][ T7702] __handle_mm_fault+0x1e1f/0x3ec0 [ 1211.324558][ T7702] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1211.330119][ T7702] ? find_held_lock+0x35/0x130 [ 1211.334895][ T7702] ? handle_mm_fault+0x322/0xb30 [ 1211.339854][ T7702] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1211.346115][ T7702] ? kasan_check_read+0x11/0x20 [ 1211.350990][ T7702] handle_mm_fault+0x43f/0xb30 [ 1211.355772][ T7702] __get_user_pages+0x7b6/0x1a40 [ 1211.360739][ T7702] ? follow_page_mask+0x19a0/0x19a0 [ 1211.365945][ T7702] ? perf_trace_lock+0xeb/0x510 [ 1211.370809][ T7702] ? __vma_adjust+0x1840/0x1840 [ 1211.375685][ T7702] ? lock_acquire+0x16f/0x3f0 [ 1211.380377][ T7702] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1211.386639][ T7702] populate_vma_page_range+0x20d/0x2a0 [ 1211.392119][ T7702] __mm_populate+0x204/0x380 [ 1211.396733][ T7702] ? populate_vma_page_range+0x2a0/0x2a0 [ 1211.398749][ T7723] IPVS: length: 133 != 24 [ 1211.402385][ T7702] __x64_sys_mlockall+0x35c/0x520 [ 1211.402408][ T7702] do_syscall_64+0x103/0x610 [ 1211.402435][ T7702] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1211.402448][ T7702] RIP: 0033:0x458079 [ 1211.402465][ T7702] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1211.402481][ T7702] RSP: 002b:00007fa3c5772c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 1211.454190][ T7702] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000458079 [ 1211.462165][ T7702] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 1211.470148][ T7702] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1211.478136][ T7702] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa3c57736d4 [ 1211.486112][ T7702] R13: 00000000004c3d3a R14: 00000000004d6f20 R15: 00000000ffffffff [ 1211.506057][ T7702] memory: usage 307196kB, limit 307200kB, failcnt 471 [ 1211.513075][ T7702] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1211.520752][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1211.520817][ C0] protocol 88fb is buggy, dev hsr_slave_1 03:41:58 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f000080e000)={0x2, 0xe, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0xffffff80, 0x0, @in6}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0x60}, 0x1, 0x0, 0x0, 0x10000000}, 0x0) 03:41:58 executing program 0: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r2 = socket$inet(0x2, 0x1, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) connect$inet(r2, &(0x7f0000000080)={0x2, 0x0, @loopback}, 0x10) dup2(r0, 0xffffffffffffffff) tkill(r1, 0x1000000000016) [ 1211.583004][ T7702] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 03:41:58 executing program 5: socket$inet_sctp(0x2, 0x5, 0x84) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f00000003c0)=ANY=[@ANYBLOB="7cdaf117ad949c33f5436f8e61287af40e63e6559df00e1c92e3892c4c1cde1e61dc755864675bb0084e5e8ed007ed531d2e2cbd9c775f9e6d807d11e9e6c7c13e9b9937"], 0x0) r1 = socket(0xa, 0x3, 0x5) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'bridge0\x00\x00\x01\x00'}) setsockopt$ARPT_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x0, 0x61, &(0x7f0000000080)={'filter\x00', 0x4}, 0x68) setsockopt$inet6_mtu(r1, 0x29, 0x17, &(0x7f00000001c0)=0x2, 0x4) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8923, &(0x7f0000000040)={'bridge0\x00', 0xfffffffffffffffd}) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) socket$inet(0x2, 0x4000000000000001, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCBRADDBR(r4, 0x89a0, &(0x7f00000000c0)='bcsf0\x00') setsockopt$inet6_mtu(r3, 0x29, 0x17, &(0x7f00000002c0)=0x7, 0x4) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(tnepres)\x00'}, 0x58) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r2, 0x84, 0x7c, &(0x7f0000000680)={0x0, 0x4}, &(0x7f00000006c0)=0x8) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f0000000700)={0x0, 0x0, 0x2, 0x1, r6}, 0x10) r7 = accept4(r5, 0x0, &(0x7f0000000000), 0x0) r8 = syz_genetlink_get_family_id$nbd(&(0x7f0000000740)='nbd\x00') sendmsg$NBD_CMD_STATUS(r4, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)={0x20, r8, 0x20, 0x70bd27, 0x25dfdbfd, {}, [@NBD_ATTR_TIMEOUT={0xc, 0x4, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x4000) sendto$unix(r7, &(0x7f0000000400), 0xfffffffffffffef8, 0x0, 0x0, 0x22) bind$bt_l2cap(r2, &(0x7f0000000280)={0x1f, 0x1000, {0x2, 0x8, 0x9, 0xff, 0x40, 0x65f}, 0x5, 0xa1}, 0xe) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000200)={r3, &(0x7f0000000140)="b127e17bb4729bdbe9df3309c28cfe1b0b69a52b7f9659d9f5e15f2d086700eb94d66d46780f09e48850970774d57053aa6f75", 0x0, 0x1}, 0x20) socket$alg(0x26, 0x5, 0x0) recvmmsg(r7, &(0x7f0000009140)=[{{&(0x7f0000001580)=@in={0x2, 0x0, @dev}, 0x80, &(0x7f0000004840)=[{&(0x7f0000003840)=""/4096, 0x6}, {&(0x7f0000001600)=""/129, 0x7fffeffa}], 0x2, &(0x7f00000048c0)=""/58, 0x3a}}], 0x1, 0x0, &(0x7f0000009340)={0x0, 0x989680}) ioctl$sock_SIOCBRDELBR(r4, 0x89a1, &(0x7f0000000180)='bcsf0\x00\x00\x00\x00\x00\x00\x00\x11\x00') getsockopt$bt_rfcomm_RFCOMM_LM(r3, 0x12, 0x3, &(0x7f0000000380), &(0x7f0000000240)=0x293) sendmsg$nl_xfrm(r0, &(0x7f0000000100)={&(0x7f0000f4dff4), 0xc, &(0x7f0000000040)={&(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000c011100"], 0x1}}, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000600)={'bridge0\x00'}) [ 1211.611675][ T7702] Memory cgroup stats for /syz4: cache:0KB rss:278820KB rss_huge:18432KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:235456KB active_anon:27412KB inactive_file:4KB active_file:0KB unevictable:16080KB 03:41:58 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f000080e000)={0x2, 0xe, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0xffffff80, 0x0, @in6}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0x60}, 0x1, 0x0, 0x0, 0x3f000000}, 0x0) [ 1211.686491][ T7702] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=7700,uid=0 [ 1211.716124][ T7702] Memory cgroup out of memory: Killed process 7700 (syz-executor.4) total-vm:72448kB, anon-rss:16016kB, file-rss:37164kB, shmem-rss:0kB [ 1211.753750][ T1043] oom_reaper: reaped process 7700 (syz-executor.4), now anon-rss:16064kB, file-rss:37944kB, shmem-rss:0kB [ 1211.765265][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1211.771082][ C1] protocol 88fb is buggy, dev hsr_slave_1 03:42:00 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, 0x0, 0x0) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() setsockopt$IPT_SO_SET_REPLACE(r1, 0x0, 0x40, &(0x7f00000000c0)=ANY=[@ANYBLOB="6e61853167377400000100000000000000000000e4dbb77487e90104000000000040800000000000001b2300000503000018030000cc0000ac010000000000001004d1e090e1fe916dd282e0f34f8dfac0dc1695c4d700001004000010030002d3a379b87c5ade6e27a603551ae6543351c2f2d3c00f3f72e011777424c981c41f852110e5d4a50bc78b2aa66b63012812d04b94d660aab341cfe8364422b866cd445d5d0f4d6715baea5900323e00000000000071cf4f040095006f"], 0x1) ptrace$setopts(0x4206, r2, 0x0, 0x0) wait4(0x0, 0x0, 0x0, 0x0) tkill(r2, 0x3c) 03:42:00 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f000080e000)={0x2, 0xe, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0xffffff80, 0x0, @in6}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0x60}, 0x1, 0x0, 0x0, 0x80ffffff}, 0x0) 03:42:00 executing program 5: socket$inet_sctp(0x2, 0x5, 0x84) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f00000003c0)=ANY=[@ANYBLOB="7cdaf117ad949c33f5436f8e61287af40e63e6559df00e1c92e3892c4c1cde1e61dc755864675bb0084e5e8ed007ed531d2e2cbd9c775f9e6d807d11e9e6c7c13e9b9937"], 0x0) r1 = socket(0xa, 0x3, 0x5) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'bridge0\x00\x00\x01\x00'}) setsockopt$ARPT_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x0, 0x61, &(0x7f0000000080)={'filter\x00', 0x4}, 0x68) setsockopt$inet6_mtu(r1, 0x29, 0x17, &(0x7f00000001c0)=0x2, 0x4) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8923, &(0x7f0000000040)={'bridge0\x00', 0xfffffffffffffffd}) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) socket$inet(0x2, 0x4000000000000001, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCBRADDBR(r4, 0x89a0, &(0x7f00000000c0)='bcsf0\x00') setsockopt$inet6_mtu(r3, 0x29, 0x17, &(0x7f00000002c0)=0x7, 0x4) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(tnepres)\x00'}, 0x58) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r2, 0x84, 0x7c, &(0x7f0000000680)={0x0, 0x4}, &(0x7f00000006c0)=0x8) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f0000000700)={0x0, 0x0, 0x2, 0x1, r6}, 0x10) r7 = accept4(r5, 0x0, &(0x7f0000000000), 0x0) r8 = syz_genetlink_get_family_id$nbd(&(0x7f0000000740)='nbd\x00') sendmsg$NBD_CMD_STATUS(r4, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)={0x20, r8, 0x20, 0x70bd27, 0x25dfdbfd, {}, [@NBD_ATTR_TIMEOUT={0xc, 0x4, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x4000) sendto$unix(r7, &(0x7f0000000400), 0xfffffffffffffef8, 0x0, 0x0, 0x22) bind$bt_l2cap(r2, &(0x7f0000000280)={0x1f, 0x1000, {0x2, 0x8, 0x9, 0xff, 0x40, 0x65f}, 0x5, 0xa1}, 0xe) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000200)={r3, &(0x7f0000000140)="b127e17bb4729bdbe9df3309c28cfe1b0b69a52b7f9659d9f5e15f2d086700eb94d66d46780f09e48850970774d57053aa6f75", 0x0, 0x1}, 0x20) socket$alg(0x26, 0x5, 0x0) recvmmsg(r7, &(0x7f0000009140)=[{{&(0x7f0000001580)=@in={0x2, 0x0, @dev}, 0x80, &(0x7f0000004840)=[{&(0x7f0000003840)=""/4096, 0x6}, {&(0x7f0000001600)=""/129, 0x7fffeffa}], 0x2, &(0x7f00000048c0)=""/58, 0x3a}}], 0x1, 0x0, &(0x7f0000009340)={0x0, 0x989680}) ioctl$sock_SIOCBRDELBR(r4, 0x89a1, &(0x7f0000000180)='bcsf0\x00\x00\x00\x00\x00\x00\x00\x11\x00') getsockopt$bt_rfcomm_RFCOMM_LM(r3, 0x12, 0x3, &(0x7f0000000380), &(0x7f0000000240)=0x293) sendmsg$nl_xfrm(r0, &(0x7f0000000100)={&(0x7f0000f4dff4), 0xc, &(0x7f0000000040)={&(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000c011100"], 0x1}}, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000600)={'bridge0\x00'}) 03:42:00 executing program 4: socketpair$unix(0x1, 0x0, 0x0, 0x0) r0 = creat(0x0, 0x0) r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_STATUS(r0, 0xc05c5340, &(0x7f0000000200)={0xff, 0x9, 0xff, {}, 0x2, 0x1}) mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x0, 0x6031, 0xffffffffffffffff, 0x0) fcntl$dupfd(r2, 0x406, r1) 03:42:00 executing program 1: r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000a40)='xugetl\x04\x00\x00\x00\x00\x00\x00\x00age_ir_Z\xa2\xf4es\x00', 0x275a, 0x0) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000980)={r1, &(0x7f0000000800)="ab39524c6533fce2ec7386e3871297701c01494a930fce54aa6150d3acdf7460b855374e19b68de3d1ca660d8d6d631ecf1fd735d5dc6efdf9e56b1b55a0783abf6310", 0x0, 0x2}, 0x20) write$cgroup_int(r1, &(0x7f0000000000), 0xffffff6a) ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, 0x0) r2 = gettid() getsockopt$inet6_IPV6_IPSEC_POLICY(r1, 0x29, 0x22, &(0x7f0000000700)={{{@in6=@initdev, @in6=@ipv4={[], [], @initdev}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@remote}, 0x0, @in6=@mcast2}}, &(0x7f0000000040)=0xe8) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000180)={0x0, 0x0, 0x0}, &(0x7f0000000440)=0xc) setsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000500)={r2, r3, r4}, 0xc) r5 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r5, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r6 = socket$inet_udplite(0x2, 0x2, 0x88) r7 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r7, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x4}, 0x1c) getsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000340)={0x0, 0x40, &(0x7f0000000300)=[@in={0x2, 0x4e21, @multicast2}, @in={0x2, 0x4e23, @rand_addr=0x6}, @in={0x2, 0x4e22, @rand_addr=0x7}, @in={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f0000000380)=0x10) getsockopt$IP_VS_SO_GET_DESTS(r6, 0x0, 0x484, &(0x7f0000000600)=""/133, &(0x7f0000000400)=0x85) getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000540)={r8, @in6={{0xa, 0x4e24, 0x8, @dev={0xfe, 0x80, [], 0x23}, 0xfffffffffffeffff}}, 0x9, 0x6, 0x80000000, 0x3, 0x8}, &(0x7f00000003c0)=0x98) connect$llc(r0, &(0x7f0000000000)={0x1a, 0x1, 0x0, 0x0, 0x0, 0x0, @dev}, 0x10) recvmmsg(r0, &(0x7f0000001140)=[{{&(0x7f0000000100)=@alg, 0x80, &(0x7f0000000180), 0x0, &(0x7f00000001c0)=""/234, 0xea}, 0xfffffffffffffff9}], 0x1, 0x3, &(0x7f0000001240)) sendmmsg(r0, &(0x7f000000eac0)=[{{&(0x7f000000c440)=@sco={0x1f, {0x6, 0x3f, 0xffffffffffff0001, 0x7f, 0x80000000, 0xe87}}, 0x80, &(0x7f000000c6c0)=[{&(0x7f000000c680)}], 0x1}, 0x6}], 0x1, 0x20004000) 03:42:00 executing program 0: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r2 = socket$inet(0x2, 0x1, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) connect$inet(r2, &(0x7f0000000080)={0x2, 0x0, @loopback}, 0x10) dup2(r0, 0xffffffffffffffff) tkill(r1, 0x1000000000016) 03:42:00 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f000080e000)={0x2, 0xe, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0xffffff80, 0x0, @in6}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0x60}, 0x1, 0x0, 0x0, 0xffffff7f}, 0x0) [ 1213.946975][ T7766] IPVS: length: 133 != 24 03:42:00 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f000080e000)={0x2, 0xe, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0xffffff80, 0x0, @in6}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0x60}, 0x1, 0x0, 0x0, 0xffffff80}, 0x0) 03:42:00 executing program 5: socket$inet_sctp(0x2, 0x5, 0x84) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f00000003c0)=ANY=[@ANYBLOB="7cdaf117ad949c33f5436f8e61287af40e63e6559df00e1c92e3892c4c1cde1e61dc755864675bb0084e5e8ed007ed531d2e2cbd9c775f9e6d807d11e9e6c7c13e9b9937"], 0x0) r1 = socket(0xa, 0x3, 0x5) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'bridge0\x00\x00\x01\x00'}) setsockopt$ARPT_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x0, 0x61, &(0x7f0000000080)={'filter\x00', 0x4}, 0x68) setsockopt$inet6_mtu(r1, 0x29, 0x17, &(0x7f00000001c0)=0x2, 0x4) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8923, &(0x7f0000000040)={'bridge0\x00', 0xfffffffffffffffd}) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) socket$inet(0x2, 0x4000000000000001, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCBRADDBR(r4, 0x89a0, &(0x7f00000000c0)='bcsf0\x00') setsockopt$inet6_mtu(r3, 0x29, 0x17, &(0x7f00000002c0)=0x7, 0x4) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(tnepres)\x00'}, 0x58) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r2, 0x84, 0x7c, &(0x7f0000000680)={0x0, 0x4}, &(0x7f00000006c0)=0x8) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f0000000700)={0x0, 0x0, 0x2, 0x1, r6}, 0x10) r7 = accept4(r5, 0x0, &(0x7f0000000000), 0x0) r8 = syz_genetlink_get_family_id$nbd(&(0x7f0000000740)='nbd\x00') sendmsg$NBD_CMD_STATUS(r4, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)={0x20, r8, 0x20, 0x70bd27, 0x25dfdbfd, {}, [@NBD_ATTR_TIMEOUT={0xc, 0x4, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x4000) sendto$unix(r7, &(0x7f0000000400), 0xfffffffffffffef8, 0x0, 0x0, 0x22) bind$bt_l2cap(r2, &(0x7f0000000280)={0x1f, 0x1000, {0x2, 0x8, 0x9, 0xff, 0x40, 0x65f}, 0x5, 0xa1}, 0xe) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000200)={r3, &(0x7f0000000140)="b127e17bb4729bdbe9df3309c28cfe1b0b69a52b7f9659d9f5e15f2d086700eb94d66d46780f09e48850970774d57053aa6f75", 0x0, 0x1}, 0x20) socket$alg(0x26, 0x5, 0x0) recvmmsg(r7, &(0x7f0000009140)=[{{&(0x7f0000001580)=@in={0x2, 0x0, @dev}, 0x80, &(0x7f0000004840)=[{&(0x7f0000003840)=""/4096, 0x6}, {&(0x7f0000001600)=""/129, 0x7fffeffa}], 0x2, &(0x7f00000048c0)=""/58, 0x3a}}], 0x1, 0x0, &(0x7f0000009340)={0x0, 0x989680}) ioctl$sock_SIOCBRDELBR(r4, 0x89a1, &(0x7f0000000180)='bcsf0\x00\x00\x00\x00\x00\x00\x00\x11\x00') getsockopt$bt_rfcomm_RFCOMM_LM(r3, 0x12, 0x3, &(0x7f0000000380), &(0x7f0000000240)=0x293) sendmsg$nl_xfrm(r0, &(0x7f0000000100)={&(0x7f0000f4dff4), 0xc, &(0x7f0000000040)={&(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000c011100"], 0x1}}, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000600)={'bridge0\x00'}) 03:42:00 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f000080e000)={0x2, 0xe, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0xffffff80, 0x0, @in6}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0x60}, 0x1, 0x0, 0x0, 0x40030000000000}, 0x0) [ 1214.278276][ T7755] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 1214.323257][ T7755] CPU: 1 PID: 7755 Comm: syz-executor.4 Not tainted 5.1.0-rc1-next-20190319 #6 [ 1214.332212][ T7755] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1214.342264][ T7755] Call Trace: [ 1214.342288][ T7755] dump_stack+0x172/0x1f0 [ 1214.342312][ T7755] dump_header+0x10f/0xb6c [ 1214.342334][ T7755] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1214.342354][ T7755] ? ___ratelimit+0x60/0x595 [ 1214.342371][ T7755] ? do_raw_spin_unlock+0x57/0x270 [ 1214.342392][ T7755] oom_kill_process.cold+0x10/0x15 [ 1214.375006][ T7755] out_of_memory+0x79a/0x1280 [ 1214.379705][ T7755] ? lock_downgrade+0x880/0x880 [ 1214.384572][ T7755] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1214.390822][ T7755] ? oom_killer_disable+0x280/0x280 [ 1214.390836][ T7755] ? find_held_lock+0x35/0x130 [ 1214.390865][ T7755] mem_cgroup_out_of_memory+0x1ca/0x230 [ 1214.390882][ T7755] ? memcg_event_wake+0x230/0x230 [ 1214.390918][ T7755] ? do_raw_spin_unlock+0x57/0x270 [ 1214.416505][ T7755] ? _raw_spin_unlock+0x2d/0x50 [ 1214.421370][ T7755] try_charge+0x118d/0x1790 [ 1214.421398][ T7755] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1214.421419][ T7755] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1214.421441][ T7755] ? kasan_check_read+0x11/0x20 [ 1214.421465][ T7755] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1214.421487][ T7755] mem_cgroup_try_charge+0x24d/0x5e0 [ 1214.421512][ T7755] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1214.437774][ T7755] __handle_mm_fault+0x1e1f/0x3ec0 [ 1214.437816][ T7755] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1214.469719][ T7755] ? find_held_lock+0x35/0x130 [ 1214.474499][ T7755] ? handle_mm_fault+0x322/0xb30 [ 1214.474531][ T7755] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1214.474555][ T7755] ? kasan_check_read+0x11/0x20 [ 1214.490565][ T7755] handle_mm_fault+0x43f/0xb30 [ 1214.495344][ T7755] __get_user_pages+0x7b6/0x1a40 [ 1214.495376][ T7755] ? follow_page_mask+0x19a0/0x19a0 [ 1214.495397][ T7755] ? perf_trace_lock+0xeb/0x510 [ 1214.510348][ T7755] ? __vma_adjust+0x1840/0x1840 [ 1214.515217][ T7755] ? lock_acquire+0x16f/0x3f0 [ 1214.515235][ T7755] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1214.515256][ T7755] populate_vma_page_range+0x20d/0x2a0 [ 1214.531638][ T7755] __mm_populate+0x204/0x380 [ 1214.536254][ T7755] ? populate_vma_page_range+0x2a0/0x2a0 [ 1214.541928][ T7755] __x64_sys_mlockall+0x35c/0x520 [ 1214.546970][ T7755] do_syscall_64+0x103/0x610 [ 1214.551581][ T7755] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1214.557482][ T7755] RIP: 0033:0x458079 [ 1214.561393][ T7755] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1214.581006][ T7755] RSP: 002b:00007fa3c5772c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 1214.589428][ T7755] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000458079 [ 1214.597406][ T7755] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 1214.605387][ T7755] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1214.613365][ T7755] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa3c57736d4 [ 1214.621344][ T7755] R13: 00000000004c3d3a R14: 00000000004d6f20 R15: 00000000ffffffff [ 1214.638942][ T7755] memory: usage 307196kB, limit 307200kB, failcnt 480 03:42:01 executing program 0: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r2 = socket$inet(0x2, 0x1, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) connect$inet(r2, &(0x7f0000000080)={0x2, 0x0, @loopback}, 0x10) dup2(r0, 0xffffffffffffffff) tkill(r1, 0x1000000000016) [ 1214.674239][ T7755] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1214.682772][ T7755] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1214.690157][ T7755] Memory cgroup stats for /syz4: cache:0KB rss:278948KB rss_huge:18432KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:235456KB active_anon:27412KB inactive_file:4KB active_file:0KB unevictable:16156KB 03:42:01 executing program 1: r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000a40)='xugetl\x04\x00\x00\x00\x00\x00\x00\x00age_ir_Z\xa2\xf4es\x00', 0x275a, 0x0) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000980)={r1, &(0x7f0000000800)="ab39524c6533fce2ec7386e3871297701c01494a930fce54aa6150d3acdf7460b855374e19b68de3d1ca660d8d6d631ecf1fd735d5dc6efdf9e56b1b55a0783abf6310", 0x0, 0x2}, 0x20) write$cgroup_int(r1, &(0x7f0000000000), 0xffffff6a) ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, 0x0) r2 = gettid() getsockopt$inet6_IPV6_IPSEC_POLICY(r1, 0x29, 0x22, &(0x7f0000000700)={{{@in6=@initdev, @in6=@ipv4={[], [], @initdev}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@remote}, 0x0, @in6=@mcast2}}, &(0x7f0000000040)=0xe8) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000180)={0x0, 0x0, 0x0}, &(0x7f0000000440)=0xc) setsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000500)={r2, r3, r4}, 0xc) r5 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r5, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r6 = socket$inet_udplite(0x2, 0x2, 0x88) r7 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r7, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x4}, 0x1c) getsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000340)={0x0, 0x40, &(0x7f0000000300)=[@in={0x2, 0x4e21, @multicast2}, @in={0x2, 0x4e23, @rand_addr=0x6}, @in={0x2, 0x4e22, @rand_addr=0x7}, @in={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f0000000380)=0x10) getsockopt$IP_VS_SO_GET_DESTS(r6, 0x0, 0x484, &(0x7f0000000600)=""/133, &(0x7f0000000400)=0x85) getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000540)={r8, @in6={{0xa, 0x4e24, 0x8, @dev={0xfe, 0x80, [], 0x23}, 0xfffffffffffeffff}}, 0x9, 0x6, 0x80000000, 0x3, 0x8}, &(0x7f00000003c0)=0x98) connect$llc(r0, &(0x7f0000000000)={0x1a, 0x1, 0x0, 0x0, 0x0, 0x0, @dev}, 0x10) recvmmsg(r0, &(0x7f0000001140)=[{{&(0x7f0000000100)=@alg, 0x80, &(0x7f0000000180), 0x0, &(0x7f00000001c0)=""/234, 0xea}, 0xfffffffffffffff9}], 0x1, 0x3, &(0x7f0000001240)) sendmmsg(r0, &(0x7f000000eac0)=[{{&(0x7f000000c440)=@sco={0x1f, {0x6, 0x3f, 0xffffffffffff0001, 0x7f, 0x80000000, 0xe87}}, 0x80, &(0x7f000000c6c0)=[{&(0x7f000000c680)}], 0x1}, 0x6}], 0x1, 0x20004000) [ 1214.719275][ T7755] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=7750,uid=0 [ 1214.762174][ T7755] Memory cgroup out of memory: Killed process 7750 (syz-executor.4) total-vm:72448kB, anon-rss:16016kB, file-rss:37164kB, shmem-rss:0kB [ 1214.785150][ T1043] oom_reaper: reaped process 7750 (syz-executor.4), now anon-rss:16064kB, file-rss:37944kB, shmem-rss:0kB [ 1214.952641][ T7791] IPVS: length: 133 != 24 [ 1215.680708][ C0] net_ratelimit: 16 callbacks suppressed [ 1215.680718][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1215.692210][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1215.920635][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1215.926402][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1216.720689][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1216.726489][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1216.732335][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1216.738085][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1216.743916][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1216.749662][ C1] protocol 88fb is buggy, dev hsr_slave_1 03:42:03 executing program 5: socket$inet_sctp(0x2, 0x5, 0x84) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f00000003c0)=ANY=[@ANYBLOB="7cdaf117ad949c33f5436f8e61287af40e63e6559df00e1c92e3892c4c1cde1e61dc755864675bb0084e5e8ed007ed531d2e2cbd9c775f9e6d807d11e9e6c7c13e9b9937"], 0x0) r1 = socket(0xa, 0x3, 0x5) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'bridge0\x00\x00\x01\x00'}) setsockopt$ARPT_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x0, 0x61, &(0x7f0000000080)={'filter\x00', 0x4}, 0x68) setsockopt$inet6_mtu(r1, 0x29, 0x17, &(0x7f00000001c0)=0x2, 0x4) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8923, &(0x7f0000000040)={'bridge0\x00', 0xfffffffffffffffd}) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) socket$inet(0x2, 0x4000000000000001, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCBRADDBR(r4, 0x89a0, &(0x7f00000000c0)='bcsf0\x00') setsockopt$inet6_mtu(r3, 0x29, 0x17, &(0x7f00000002c0)=0x7, 0x4) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(tnepres)\x00'}, 0x58) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r2, 0x84, 0x7c, &(0x7f0000000680)={0x0, 0x4}, &(0x7f00000006c0)=0x8) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f0000000700)={0x0, 0x0, 0x2, 0x1, r6}, 0x10) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000100), 0x0) r7 = syz_genetlink_get_family_id$nbd(&(0x7f0000000740)='nbd\x00') sendmsg$NBD_CMD_STATUS(r4, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)={0x20, r7, 0x20, 0x70bd27, 0x25dfdbfd, {}, [@NBD_ATTR_TIMEOUT={0xc, 0x4, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x4000) sendto$unix(0xffffffffffffffff, &(0x7f0000000400), 0xfffffffffffffef8, 0x0, 0x0, 0x22) bind$bt_l2cap(r2, &(0x7f0000000280)={0x1f, 0x1000, {0x2, 0x8, 0x9, 0xff, 0x40, 0x65f}, 0x5, 0xa1}, 0xe) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000200)={r3, &(0x7f0000000140)="b127e17bb4729bdbe9df3309c28cfe1b0b69a52b7f9659d9f5e15f2d086700eb94d66d46780f09e48850970774d57053aa6f75", 0x0, 0x1}, 0x20) socket$alg(0x26, 0x5, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000009140)=[{{&(0x7f0000001580)=@in={0x2, 0x0, @dev}, 0x80, &(0x7f0000004840)=[{&(0x7f0000003840)=""/4096, 0x6}, {&(0x7f0000001600)=""/129, 0x7fffeffa}], 0x2, &(0x7f00000048c0)=""/58, 0x3a}}], 0x1, 0x0, &(0x7f0000009340)={0x0, 0x989680}) ioctl$sock_SIOCBRDELBR(r4, 0x89a1, &(0x7f0000000180)='bcsf0\x00\x00\x00\x00\x00\x00\x00\x11\x00') getsockopt$bt_rfcomm_RFCOMM_LM(r3, 0x12, 0x3, &(0x7f0000000380), &(0x7f0000000240)=0x293) sendmsg$nl_xfrm(r0, &(0x7f0000000100)={&(0x7f0000f4dff4), 0xc, &(0x7f0000000040)={&(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000c011100"], 0x1}}, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000600)={'bridge0\x00'}) 03:42:03 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000440), 0x132224) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() setsockopt$IPT_SO_SET_REPLACE(r1, 0x0, 0x40, &(0x7f00000000c0)=ANY=[@ANYBLOB="6e61853167377400000100000000000000000000e4dbb77487e90104000000000040800000000000001b2300000503000018030000cc0000ac010000000000001004d1e090e1fe916dd282e0f34f8dfac0dc1695c4d700001004000010030002d3a379b87c5ade6e27a603551ae6543351c2f2d3c00f3f72e011777424c981c41f852110e5d4a50bc78b2aa66b63012812d04b94d660aab341cfe8364422b866cd445d5d0f4d6715baea5900323e00000000000071cf4f040095006f"], 0x1) ptrace$setopts(0x4206, r2, 0x0, 0x0) wait4(0x0, 0x0, 0x0, 0x0) tkill(r2, 0x3c) 03:42:03 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f000080e000)={0x2, 0xe, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0xffffff80, 0x0, @in6}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0x60}, 0x1, 0x0, 0x0, 0x100000000000000}, 0x0) 03:42:03 executing program 4: socketpair$unix(0x1, 0x0, 0x0, 0x0) r0 = creat(0x0, 0x0) r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_STATUS(r0, 0xc05c5340, &(0x7f0000000200)={0xff, 0x9, 0xff, {}, 0x2, 0x1}) mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x0, 0x6031, 0xffffffffffffffff, 0x0) fcntl$dupfd(r2, 0x406, r1) 03:42:03 executing program 1: r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000a40)='xugetl\x04\x00\x00\x00\x00\x00\x00\x00age_ir_Z\xa2\xf4es\x00', 0x275a, 0x0) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000980)={r1, &(0x7f0000000800)="ab39524c6533fce2ec7386e3871297701c01494a930fce54aa6150d3acdf7460b855374e19b68de3d1ca660d8d6d631ecf1fd735d5dc6efdf9e56b1b55a0783abf6310", 0x0, 0x2}, 0x20) write$cgroup_int(r1, &(0x7f0000000000), 0xffffff6a) ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, 0x0) r2 = gettid() getsockopt$inet6_IPV6_IPSEC_POLICY(r1, 0x29, 0x22, &(0x7f0000000700)={{{@in6=@initdev, @in6=@ipv4={[], [], @initdev}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@remote}, 0x0, @in6=@mcast2}}, &(0x7f0000000040)=0xe8) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000180)={0x0, 0x0, 0x0}, &(0x7f0000000440)=0xc) setsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000500)={r2, r3, r4}, 0xc) r5 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r5, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r6 = socket$inet_udplite(0x2, 0x2, 0x88) r7 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r7, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x4}, 0x1c) getsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000340)={0x0, 0x40, &(0x7f0000000300)=[@in={0x2, 0x4e21, @multicast2}, @in={0x2, 0x4e23, @rand_addr=0x6}, @in={0x2, 0x4e22, @rand_addr=0x7}, @in={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f0000000380)=0x10) getsockopt$IP_VS_SO_GET_DESTS(r6, 0x0, 0x484, &(0x7f0000000600)=""/133, &(0x7f0000000400)=0x85) getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000540)={r8, @in6={{0xa, 0x4e24, 0x8, @dev={0xfe, 0x80, [], 0x23}, 0xfffffffffffeffff}}, 0x9, 0x6, 0x80000000, 0x3, 0x8}, &(0x7f00000003c0)=0x98) connect$llc(r0, &(0x7f0000000000)={0x1a, 0x1, 0x0, 0x0, 0x0, 0x0, @dev}, 0x10) recvmmsg(r0, &(0x7f0000001140)=[{{&(0x7f0000000100)=@alg, 0x80, &(0x7f0000000180), 0x0, &(0x7f00000001c0)=""/234, 0xea}, 0xfffffffffffffff9}], 0x1, 0x3, &(0x7f0000001240)) sendmmsg(r0, &(0x7f000000eac0)=[{{&(0x7f000000c440)=@sco={0x1f, {0x6, 0x3f, 0xffffffffffff0001, 0x7f, 0x80000000, 0xe87}}, 0x80, &(0x7f000000c6c0)=[{&(0x7f000000c680)}], 0x1}, 0x6}], 0x1, 0x20004000) 03:42:03 executing program 0: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = socket$inet(0x2, 0x1, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) connect$inet(r1, &(0x7f0000000080)={0x2, 0x0, @loopback}, 0x10) dup2(r0, r1) tkill(0x0, 0x1000000000016) [ 1216.922885][ T7807] IPVS: length: 133 != 24 03:42:03 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f000080e000)={0x2, 0xe, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0xffffff80, 0x0, @in6}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0x60}, 0x1, 0x0, 0x0, 0x200000000000000}, 0x0) 03:42:03 executing program 5: socket$inet_sctp(0x2, 0x5, 0x84) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f00000003c0)=ANY=[@ANYBLOB="7cdaf117ad949c33f5436f8e61287af40e63e6559df00e1c92e3892c4c1cde1e61dc755864675bb0084e5e8ed007ed531d2e2cbd9c775f9e6d807d11e9e6c7c13e9b9937"], 0x0) r1 = socket(0xa, 0x3, 0x5) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'bridge0\x00\x00\x01\x00'}) setsockopt$ARPT_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x0, 0x61, &(0x7f0000000080)={'filter\x00', 0x4}, 0x68) setsockopt$inet6_mtu(r1, 0x29, 0x17, &(0x7f00000001c0)=0x2, 0x4) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8923, &(0x7f0000000040)={'bridge0\x00', 0xfffffffffffffffd}) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) socket$inet(0x2, 0x4000000000000001, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCBRADDBR(r4, 0x89a0, &(0x7f00000000c0)='bcsf0\x00') setsockopt$inet6_mtu(r3, 0x29, 0x17, &(0x7f00000002c0)=0x7, 0x4) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(tnepres)\x00'}, 0x58) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r2, 0x84, 0x7c, &(0x7f0000000680)={0x0, 0x4}, &(0x7f00000006c0)=0x8) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f0000000700)={0x0, 0x0, 0x2, 0x1, r6}, 0x10) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000100), 0x0) r7 = syz_genetlink_get_family_id$nbd(&(0x7f0000000740)='nbd\x00') sendmsg$NBD_CMD_STATUS(r4, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)={0x20, r7, 0x20, 0x70bd27, 0x25dfdbfd, {}, [@NBD_ATTR_TIMEOUT={0xc, 0x4, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x4000) sendto$unix(0xffffffffffffffff, &(0x7f0000000400), 0xfffffffffffffef8, 0x0, 0x0, 0x22) bind$bt_l2cap(r2, &(0x7f0000000280)={0x1f, 0x1000, {0x2, 0x8, 0x9, 0xff, 0x40, 0x65f}, 0x5, 0xa1}, 0xe) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000200)={r3, &(0x7f0000000140)="b127e17bb4729bdbe9df3309c28cfe1b0b69a52b7f9659d9f5e15f2d086700eb94d66d46780f09e48850970774d57053aa6f75", 0x0, 0x1}, 0x20) socket$alg(0x26, 0x5, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000009140)=[{{&(0x7f0000001580)=@in={0x2, 0x0, @dev}, 0x80, &(0x7f0000004840)=[{&(0x7f0000003840)=""/4096, 0x6}, {&(0x7f0000001600)=""/129, 0x7fffeffa}], 0x2, &(0x7f00000048c0)=""/58, 0x3a}}], 0x1, 0x0, &(0x7f0000009340)={0x0, 0x989680}) ioctl$sock_SIOCBRDELBR(r4, 0x89a1, &(0x7f0000000180)='bcsf0\x00\x00\x00\x00\x00\x00\x00\x11\x00') getsockopt$bt_rfcomm_RFCOMM_LM(r3, 0x12, 0x3, &(0x7f0000000380), &(0x7f0000000240)=0x293) sendmsg$nl_xfrm(r0, &(0x7f0000000100)={&(0x7f0000f4dff4), 0xc, &(0x7f0000000040)={&(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000c011100"], 0x1}}, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000600)={'bridge0\x00'}) 03:42:03 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f000080e000)={0x2, 0xe, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0xffffff80, 0x0, @in6}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0x60}, 0x1, 0x0, 0x0, 0x400000000000000}, 0x0) [ 1217.304557][ T7801] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 1217.344678][ T7801] CPU: 0 PID: 7801 Comm: syz-executor.4 Not tainted 5.1.0-rc1-next-20190319 #6 [ 1217.353640][ T7801] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1217.363714][ T7801] Call Trace: [ 1217.367013][ T7801] dump_stack+0x172/0x1f0 [ 1217.371348][ T7801] dump_header+0x10f/0xb6c [ 1217.375771][ T7801] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1217.381581][ T7801] ? ___ratelimit+0x60/0x595 [ 1217.386175][ T7801] ? do_raw_spin_unlock+0x57/0x270 [ 1217.391293][ T7801] oom_kill_process.cold+0x10/0x15 [ 1217.396408][ T7801] out_of_memory+0x79a/0x1280 [ 1217.401435][ T7801] ? lock_downgrade+0x880/0x880 [ 1217.406282][ T7801] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1217.412521][ T7801] ? oom_killer_disable+0x280/0x280 [ 1217.417711][ T7801] ? find_held_lock+0x35/0x130 [ 1217.422486][ T7801] mem_cgroup_out_of_memory+0x1ca/0x230 [ 1217.428029][ T7801] ? memcg_event_wake+0x230/0x230 [ 1217.433062][ T7801] ? do_raw_spin_unlock+0x57/0x270 [ 1217.438177][ T7801] ? _raw_spin_unlock+0x2d/0x50 [ 1217.443037][ T7801] try_charge+0x118d/0x1790 [ 1217.447546][ T7801] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1217.453093][ T7801] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1217.459336][ T7801] ? kasan_check_read+0x11/0x20 [ 1217.464195][ T7801] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1217.469740][ T7801] mem_cgroup_try_charge+0x24d/0x5e0 [ 1217.475032][ T7801] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1217.480665][ T7801] __handle_mm_fault+0x1e1f/0x3ec0 [ 1217.485782][ T7801] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1217.491324][ T7801] ? find_held_lock+0x35/0x130 [ 1217.496084][ T7801] ? handle_mm_fault+0x322/0xb30 [ 1217.501117][ T7801] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1217.507355][ T7801] ? kasan_check_read+0x11/0x20 [ 1217.512213][ T7801] handle_mm_fault+0x43f/0xb30 [ 1217.516981][ T7801] __get_user_pages+0x7b6/0x1a40 [ 1217.521928][ T7801] ? follow_page_mask+0x19a0/0x19a0 [ 1217.527124][ T7801] ? perf_trace_lock+0xeb/0x510 [ 1217.531972][ T7801] ? __vma_adjust+0x1840/0x1840 [ 1217.536827][ T7801] ? lock_acquire+0x16f/0x3f0 [ 1217.541499][ T7801] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1217.547744][ T7801] populate_vma_page_range+0x20d/0x2a0 [ 1217.553213][ T7801] __mm_populate+0x204/0x380 [ 1217.557803][ T7801] ? populate_vma_page_range+0x2a0/0x2a0 [ 1217.563446][ T7801] __x64_sys_mlockall+0x35c/0x520 [ 1217.568487][ T7801] do_syscall_64+0x103/0x610 [ 1217.573083][ T7801] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1217.578972][ T7801] RIP: 0033:0x458079 [ 1217.582865][ T7801] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1217.602467][ T7801] RSP: 002b:00007fa3c5772c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 1217.610893][ T7801] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000458079 [ 1217.618862][ T7801] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 1217.626836][ T7801] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1217.634813][ T7801] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa3c57736d4 [ 1217.642780][ T7801] R13: 00000000004c3d3a R14: 00000000004d6f20 R15: 00000000ffffffff 03:42:04 executing program 0: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = socket$inet(0x2, 0x1, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) connect$inet(r1, &(0x7f0000000080)={0x2, 0x0, @loopback}, 0x10) dup2(r0, r1) tkill(0x0, 0x1000000000016) [ 1217.750878][ T7801] memory: usage 307168kB, limit 307200kB, failcnt 515 [ 1217.760267][ T7801] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1217.791030][ T7801] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1217.813811][ T7801] Memory cgroup stats for /syz4: cache:0KB rss:278964KB rss_huge:18432KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:235456KB active_anon:27412KB inactive_file:4KB active_file:0KB unevictable:16172KB 03:42:04 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f000080e000)={0x2, 0xe, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0xffffff80, 0x0, @in6}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0x60}, 0x1, 0x0, 0x0, 0x800000000000000}, 0x0) 03:42:04 executing program 1: r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000a40)='xugetl\x04\x00\x00\x00\x00\x00\x00\x00age_ir_Z\xa2\xf4es\x00', 0x275a, 0x0) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000980)={r1, &(0x7f0000000800)="ab39524c6533fce2ec7386e3871297701c01494a930fce54aa6150d3acdf7460b855374e19b68de3d1ca660d8d6d631ecf1fd735d5dc6efdf9e56b1b55a0783abf6310", 0x0, 0x2}, 0x20) write$cgroup_int(r1, &(0x7f0000000000), 0xffffff6a) ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, 0x0) r2 = gettid() getsockopt$inet6_IPV6_IPSEC_POLICY(r1, 0x29, 0x22, &(0x7f0000000700)={{{@in6=@initdev, @in6=@ipv4={[], [], @initdev}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@remote}, 0x0, @in6=@mcast2}}, &(0x7f0000000040)=0xe8) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000180)={0x0, 0x0, 0x0}, &(0x7f0000000440)=0xc) setsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000500)={r2, r3, r4}, 0xc) r5 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r5, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r6 = socket$inet_udplite(0x2, 0x2, 0x88) r7 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r7, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x4}, 0x1c) getsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000340)={0x0, 0x40, &(0x7f0000000300)=[@in={0x2, 0x4e21, @multicast2}, @in={0x2, 0x4e23, @rand_addr=0x6}, @in={0x2, 0x4e22, @rand_addr=0x7}, @in={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f0000000380)=0x10) getsockopt$IP_VS_SO_GET_DESTS(r6, 0x0, 0x484, &(0x7f0000000600)=""/133, &(0x7f0000000400)=0x85) getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000540)={r8, @in6={{0xa, 0x4e24, 0x8, @dev={0xfe, 0x80, [], 0x23}, 0xfffffffffffeffff}}, 0x9, 0x6, 0x80000000, 0x3, 0x8}, &(0x7f00000003c0)=0x98) connect$llc(r0, &(0x7f0000000000)={0x1a, 0x1, 0x0, 0x0, 0x0, 0x0, @dev}, 0x10) recvmmsg(r0, &(0x7f0000001140)=[{{&(0x7f0000000100)=@alg, 0x80, &(0x7f0000000180), 0x0, &(0x7f00000001c0)=""/234, 0xea}, 0xfffffffffffffff9}], 0x1, 0x3, &(0x7f0000001240)) 03:42:04 executing program 5: socket$inet_sctp(0x2, 0x5, 0x84) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f00000003c0)=ANY=[@ANYBLOB="7cdaf117ad949c33f5436f8e61287af40e63e6559df00e1c92e3892c4c1cde1e61dc755864675bb0084e5e8ed007ed531d2e2cbd9c775f9e6d807d11e9e6c7c13e9b9937"], 0x0) r1 = socket(0xa, 0x3, 0x5) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'bridge0\x00\x00\x01\x00'}) setsockopt$ARPT_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x0, 0x61, &(0x7f0000000080)={'filter\x00', 0x4}, 0x68) setsockopt$inet6_mtu(r1, 0x29, 0x17, &(0x7f00000001c0)=0x2, 0x4) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8923, &(0x7f0000000040)={'bridge0\x00', 0xfffffffffffffffd}) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) socket$inet(0x2, 0x4000000000000001, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCBRADDBR(r4, 0x89a0, &(0x7f00000000c0)='bcsf0\x00') setsockopt$inet6_mtu(r3, 0x29, 0x17, &(0x7f00000002c0)=0x7, 0x4) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(tnepres)\x00'}, 0x58) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r2, 0x84, 0x7c, &(0x7f0000000680)={0x0, 0x4}, &(0x7f00000006c0)=0x8) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f0000000700)={0x0, 0x0, 0x2, 0x1, r6}, 0x10) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000100), 0x0) r7 = syz_genetlink_get_family_id$nbd(&(0x7f0000000740)='nbd\x00') sendmsg$NBD_CMD_STATUS(r4, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)={0x20, r7, 0x20, 0x70bd27, 0x25dfdbfd, {}, [@NBD_ATTR_TIMEOUT={0xc, 0x4, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x4000) sendto$unix(0xffffffffffffffff, &(0x7f0000000400), 0xfffffffffffffef8, 0x0, 0x0, 0x22) bind$bt_l2cap(r2, &(0x7f0000000280)={0x1f, 0x1000, {0x2, 0x8, 0x9, 0xff, 0x40, 0x65f}, 0x5, 0xa1}, 0xe) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000200)={r3, &(0x7f0000000140)="b127e17bb4729bdbe9df3309c28cfe1b0b69a52b7f9659d9f5e15f2d086700eb94d66d46780f09e48850970774d57053aa6f75", 0x0, 0x1}, 0x20) socket$alg(0x26, 0x5, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000009140)=[{{&(0x7f0000001580)=@in={0x2, 0x0, @dev}, 0x80, &(0x7f0000004840)=[{&(0x7f0000003840)=""/4096, 0x6}, {&(0x7f0000001600)=""/129, 0x7fffeffa}], 0x2, &(0x7f00000048c0)=""/58, 0x3a}}], 0x1, 0x0, &(0x7f0000009340)={0x0, 0x989680}) ioctl$sock_SIOCBRDELBR(r4, 0x89a1, &(0x7f0000000180)='bcsf0\x00\x00\x00\x00\x00\x00\x00\x11\x00') getsockopt$bt_rfcomm_RFCOMM_LM(r3, 0x12, 0x3, &(0x7f0000000380), &(0x7f0000000240)=0x293) sendmsg$nl_xfrm(r0, &(0x7f0000000100)={&(0x7f0000f4dff4), 0xc, &(0x7f0000000040)={&(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000c011100"], 0x1}}, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000600)={'bridge0\x00'}) [ 1217.858260][ T7801] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=7794,uid=0 [ 1217.883508][ T7801] Memory cgroup out of memory: Killed process 7794 (syz-executor.4) total-vm:72448kB, anon-rss:16016kB, file-rss:37164kB, shmem-rss:0kB 03:42:04 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000440), 0x132224) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() setsockopt$IPT_SO_SET_REPLACE(r1, 0x0, 0x40, &(0x7f00000000c0)=ANY=[@ANYBLOB="6e61853167377400000100000000000000000000e4dbb77487e90104000000000040800000000000001b2300000503000018030000cc0000ac010000000000001004d1e090e1fe916dd282e0f34f8dfac0dc1695c4d700001004000010030002d3a379b87c5ade6e27a603551ae6543351c2f2d3c00f3f72e011777424c981c41f852110e5d4a50bc78b2aa66b63012812d04b94d660aab341cfe8364422b866cd445d5d0f4d6715baea5900323e00000000000071cf4f040095006f"], 0x1) ptrace$setopts(0x4206, r2, 0x0, 0x0) wait4(0x0, 0x0, 0x0, 0x0) tkill(r2, 0x3c) [ 1217.916095][ T1043] oom_reaper: reaped process 7794 (syz-executor.4), now anon-rss:16064kB, file-rss:37944kB, shmem-rss:0kB 03:42:04 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f000080e000)={0x2, 0xe, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0xffffff80, 0x0, @in6}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0x60}, 0x1, 0x0, 0x0, 0x1000000000000000}, 0x0) [ 1218.132079][ T7882] IPVS: length: 133 != 24 03:42:04 executing program 4: socketpair$unix(0x1, 0x0, 0x0, 0x0) r0 = creat(0x0, 0x0) r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_STATUS(r0, 0xc05c5340, &(0x7f0000000200)={0xff, 0x9, 0xff, {}, 0x2, 0x1}) mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x0, 0x6031, 0xffffffffffffffff, 0x0) fcntl$dupfd(r2, 0x406, r1) 03:42:04 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f000080e000)={0x2, 0xe, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0xffffff80, 0x0, @in6}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0x60}, 0x1, 0x0, 0x0, 0x3f00000000000000}, 0x0) 03:42:04 executing program 5: socket$inet_sctp(0x2, 0x5, 0x84) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f00000003c0)=ANY=[@ANYBLOB="7cdaf117ad949c33f5436f8e61287af40e63e6559df00e1c92e3892c4c1cde1e61dc755864675bb0084e5e8ed007ed531d2e2cbd9c775f9e6d807d11e9e6c7c13e9b9937"], 0x0) r1 = socket(0xa, 0x3, 0x5) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'bridge0\x00\x00\x01\x00'}) setsockopt$ARPT_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x0, 0x61, &(0x7f0000000080)={'filter\x00', 0x4}, 0x68) setsockopt$inet6_mtu(r1, 0x29, 0x17, &(0x7f00000001c0)=0x2, 0x4) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8923, &(0x7f0000000040)={'bridge0\x00', 0xfffffffffffffffd}) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) socket$inet(0x2, 0x4000000000000001, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCBRADDBR(r4, 0x89a0, &(0x7f00000000c0)='bcsf0\x00') setsockopt$inet6_mtu(r3, 0x29, 0x17, &(0x7f00000002c0)=0x7, 0x4) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(tnepres)\x00'}, 0x58) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r2, 0x84, 0x7c, &(0x7f0000000680)={0x0, 0x4}, &(0x7f00000006c0)=0x8) r6 = accept4(r5, 0x0, &(0x7f0000000000), 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000100), 0x0) r7 = syz_genetlink_get_family_id$nbd(&(0x7f0000000740)='nbd\x00') sendmsg$NBD_CMD_STATUS(r4, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)={0x20, r7, 0x20, 0x70bd27, 0x25dfdbfd, {}, [@NBD_ATTR_TIMEOUT={0xc, 0x4, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x4000) sendto$unix(r6, &(0x7f0000000400), 0xfffffffffffffef8, 0x0, 0x0, 0x22) bind$bt_l2cap(r2, &(0x7f0000000280)={0x1f, 0x1000, {0x2, 0x8, 0x9, 0xff, 0x40, 0x65f}, 0x5, 0xa1}, 0xe) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000200)={r3, &(0x7f0000000140)="b127e17bb4729bdbe9df3309c28cfe1b0b69a52b7f9659d9f5e15f2d086700eb94d66d46780f09e48850970774d57053aa6f75", 0x0, 0x1}, 0x20) socket$alg(0x26, 0x5, 0x0) recvmmsg(r6, &(0x7f0000009140)=[{{&(0x7f0000001580)=@in={0x2, 0x0, @dev}, 0x80, &(0x7f0000004840)=[{&(0x7f0000003840)=""/4096, 0x6}, {&(0x7f0000001600)=""/129, 0x7fffeffa}], 0x2, &(0x7f00000048c0)=""/58, 0x3a}}], 0x1, 0x0, &(0x7f0000009340)={0x0, 0x989680}) ioctl$sock_SIOCBRDELBR(r4, 0x89a1, &(0x7f0000000180)='bcsf0\x00\x00\x00\x00\x00\x00\x00\x11\x00') getsockopt$bt_rfcomm_RFCOMM_LM(r3, 0x12, 0x3, &(0x7f0000000380), &(0x7f0000000240)=0x293) sendmsg$nl_xfrm(r0, &(0x7f0000000100)={&(0x7f0000f4dff4), 0xc, &(0x7f0000000040)={&(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000c011100"], 0x1}}, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000600)={'bridge0\x00'}) 03:42:04 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f000080e000)={0x2, 0xe, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0xffffff80, 0x0, @in6}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0x60}, 0x1, 0x0, 0x0, 0x80ffffff00000000}, 0x0) 03:42:05 executing program 0: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = socket$inet(0x2, 0x1, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) connect$inet(r1, &(0x7f0000000080)={0x2, 0x0, @loopback}, 0x10) dup2(r0, r1) tkill(0x0, 0x1000000000016) 03:42:05 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f000080e000)={0x2, 0xe, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0xffffff80, 0x0, @in6}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0x60}, 0x1, 0x0, 0x0, 0xffffff7f00000000}, 0x0) 03:42:05 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000440), 0x132224) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() setsockopt$IPT_SO_SET_REPLACE(r1, 0x0, 0x40, &(0x7f00000000c0)=ANY=[@ANYBLOB="6e61853167377400000100000000000000000000e4dbb77487e90104000000000040800000000000001b2300000503000018030000cc0000ac010000000000001004d1e090e1fe916dd282e0f34f8dfac0dc1695c4d700001004000010030002d3a379b87c5ade6e27a603551ae6543351c2f2d3c00f3f72e011777424c981c41f852110e5d4a50bc78b2aa66b63012812d04b94d660aab341cfe8364422b866cd445d5d0f4d6715baea5900323e00000000000071cf4f040095006f"], 0x1) ptrace$setopts(0x4206, r2, 0x0, 0x0) wait4(0x0, 0x0, 0x0, 0x0) tkill(r2, 0x3c) 03:42:05 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f000080e000)={0x2, 0xe, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0xffffff80, 0x0, @in6}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0x60}, 0x1, 0x0, 0x0, 0x0}, 0x0) [ 1218.853493][ T7898] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 1218.902105][ T7898] CPU: 1 PID: 7898 Comm: syz-executor.4 Not tainted 5.1.0-rc1-next-20190319 #6 [ 1218.911085][ T7898] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1218.921141][ T7898] Call Trace: [ 1218.924448][ T7898] dump_stack+0x172/0x1f0 [ 1218.928797][ T7898] dump_header+0x10f/0xb6c [ 1218.933321][ T7898] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1218.939144][ T7898] ? ___ratelimit+0x60/0x595 [ 1218.943748][ T7898] ? do_raw_spin_unlock+0x57/0x270 [ 1218.948871][ T7898] oom_kill_process.cold+0x10/0x15 [ 1218.954030][ T7898] out_of_memory+0x79a/0x1280 [ 1218.958725][ T7898] ? lock_downgrade+0x880/0x880 [ 1218.963584][ T7898] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1218.969838][ T7898] ? oom_killer_disable+0x280/0x280 [ 1218.975038][ T7898] ? find_held_lock+0x35/0x130 [ 1218.979839][ T7898] mem_cgroup_out_of_memory+0x1ca/0x230 [ 1218.985396][ T7898] ? memcg_event_wake+0x230/0x230 [ 1218.990791][ T7898] ? do_raw_spin_unlock+0x57/0x270 [ 1218.995947][ T7898] ? _raw_spin_unlock+0x2d/0x50 [ 1219.000925][ T7898] try_charge+0x118d/0x1790 [ 1219.006129][ T7898] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1219.011816][ T7898] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1219.018436][ T7898] ? kasan_check_read+0x11/0x20 [ 1219.023309][ T7898] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1219.029279][ T7898] mem_cgroup_try_charge+0x24d/0x5e0 [ 1219.034827][ T7898] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1219.040721][ T7898] __handle_mm_fault+0x1e1f/0x3ec0 [ 1219.046027][ T7898] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1219.051579][ T7898] ? find_held_lock+0x35/0x130 [ 1219.056349][ T7898] ? handle_mm_fault+0x322/0xb30 [ 1219.061316][ T7898] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1219.067565][ T7898] ? kasan_check_read+0x11/0x20 [ 1219.072430][ T7898] handle_mm_fault+0x43f/0xb30 [ 1219.077211][ T7898] __get_user_pages+0x7b6/0x1a40 [ 1219.082175][ T7898] ? follow_page_mask+0x19a0/0x19a0 [ 1219.087383][ T7898] ? perf_trace_lock+0xeb/0x510 [ 1219.092244][ T7898] ? __vma_adjust+0x1840/0x1840 [ 1219.097112][ T7898] ? lock_acquire+0x16f/0x3f0 [ 1219.101798][ T7898] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1219.108060][ T7898] populate_vma_page_range+0x20d/0x2a0 [ 1219.113550][ T7898] __mm_populate+0x204/0x380 [ 1219.118151][ T7898] ? populate_vma_page_range+0x2a0/0x2a0 [ 1219.123813][ T7898] __x64_sys_mlockall+0x35c/0x520 [ 1219.128853][ T7898] do_syscall_64+0x103/0x610 [ 1219.133468][ T7898] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1219.139371][ T7898] RIP: 0033:0x458079 [ 1219.143284][ T7898] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1219.162958][ T7898] RSP: 002b:00007fa3c5772c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 1219.171376][ T7898] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000458079 [ 1219.179330][ T7898] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 1219.187291][ T7898] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1219.195253][ T7898] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa3c57736d4 03:42:05 executing program 1: r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000a40)='xugetl\x04\x00\x00\x00\x00\x00\x00\x00age_ir_Z\xa2\xf4es\x00', 0x275a, 0x0) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000980)={r1, &(0x7f0000000800)="ab39524c6533fce2ec7386e3871297701c01494a930fce54aa6150d3acdf7460b855374e19b68de3d1ca660d8d6d631ecf1fd735d5dc6efdf9e56b1b55a0783abf6310", 0x0, 0x2}, 0x20) write$cgroup_int(r1, &(0x7f0000000000), 0xffffff6a) ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, 0x0) r2 = gettid() getsockopt$inet6_IPV6_IPSEC_POLICY(r1, 0x29, 0x22, &(0x7f0000000700)={{{@in6=@initdev, @in6=@ipv4={[], [], @initdev}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@remote}, 0x0, @in6=@mcast2}}, &(0x7f0000000040)=0xe8) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000180)={0x0, 0x0, 0x0}, &(0x7f0000000440)=0xc) setsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000500)={r2, r3, r4}, 0xc) r5 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r5, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r6 = socket$inet_udplite(0x2, 0x2, 0x88) r7 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r7, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x4}, 0x1c) getsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000340)={0x0, 0x40, &(0x7f0000000300)=[@in={0x2, 0x4e21, @multicast2}, @in={0x2, 0x4e23, @rand_addr=0x6}, @in={0x2, 0x4e22, @rand_addr=0x7}, @in={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f0000000380)=0x10) getsockopt$IP_VS_SO_GET_DESTS(r6, 0x0, 0x484, &(0x7f0000000600)=""/133, &(0x7f0000000400)=0x85) getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000540)={r8, @in6={{0xa, 0x4e24, 0x8, @dev={0xfe, 0x80, [], 0x23}, 0xfffffffffffeffff}}, 0x9, 0x6, 0x80000000, 0x3, 0x8}, &(0x7f00000003c0)=0x98) connect$llc(r0, &(0x7f0000000000)={0x1a, 0x1, 0x0, 0x0, 0x0, 0x0, @dev}, 0x10) recvmmsg(r0, &(0x7f0000001140)=[{{&(0x7f0000000100)=@alg, 0x80, &(0x7f0000000180), 0x0, &(0x7f00000001c0)=""/234, 0xea}, 0xfffffffffffffff9}], 0x1, 0x3, &(0x7f0000001240)) 03:42:05 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000440), 0x132224) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f00000000c0)=ANY=[@ANYBLOB="6e61853167377400000100000000000000000000e4dbb77487e90104000000000040800000000000001b2300000503000018030000cc0000ac010000000000001004d1e090e1fe916dd282e0f34f8dfac0dc1695c4d700001004000010030002d3a379b87c5ade6e27a603551ae6543351c2f2d3c00f3f72e011777424c981c41f852110e5d4a50bc78b2aa66b63012812d04b94d660aab341cfe8364422b866cd445d5d0f4d6715baea5900323e00000000000071cf4f040095006f"], 0x1) ptrace$setopts(0x4206, r2, 0x0, 0x0) wait4(0x0, 0x0, 0x0, 0x0) tkill(r2, 0x3c) 03:42:05 executing program 5: socket$inet_sctp(0x2, 0x5, 0x84) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f00000003c0)=ANY=[@ANYBLOB="7cdaf117ad949c33f5436f8e61287af40e63e6559df00e1c92e3892c4c1cde1e61dc755864675bb0084e5e8ed007ed531d2e2cbd9c775f9e6d807d11e9e6c7c13e9b9937"], 0x0) r1 = socket(0xa, 0x3, 0x5) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'bridge0\x00\x00\x01\x00'}) setsockopt$ARPT_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x0, 0x61, &(0x7f0000000080)={'filter\x00', 0x4}, 0x68) setsockopt$inet6_mtu(r1, 0x29, 0x17, &(0x7f00000001c0)=0x2, 0x4) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8923, &(0x7f0000000040)={'bridge0\x00', 0xfffffffffffffffd}) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) socket$inet(0x2, 0x4000000000000001, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCBRADDBR(r4, 0x89a0, &(0x7f00000000c0)='bcsf0\x00') setsockopt$inet6_mtu(r3, 0x29, 0x17, &(0x7f00000002c0)=0x7, 0x4) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(tnepres)\x00'}, 0x58) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r2, 0x84, 0x7c, &(0x7f0000000680)={0x0, 0x4}, &(0x7f00000006c0)=0x8) r6 = accept4(r5, 0x0, &(0x7f0000000000), 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000100), 0x0) r7 = syz_genetlink_get_family_id$nbd(&(0x7f0000000740)='nbd\x00') sendmsg$NBD_CMD_STATUS(r4, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)={0x20, r7, 0x20, 0x70bd27, 0x25dfdbfd, {}, [@NBD_ATTR_TIMEOUT={0xc, 0x4, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x4000) sendto$unix(r6, &(0x7f0000000400), 0xfffffffffffffef8, 0x0, 0x0, 0x22) bind$bt_l2cap(r2, &(0x7f0000000280)={0x1f, 0x1000, {0x2, 0x8, 0x9, 0xff, 0x40, 0x65f}, 0x5, 0xa1}, 0xe) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000200)={r3, &(0x7f0000000140)="b127e17bb4729bdbe9df3309c28cfe1b0b69a52b7f9659d9f5e15f2d086700eb94d66d46780f09e48850970774d57053aa6f75", 0x0, 0x1}, 0x20) socket$alg(0x26, 0x5, 0x0) recvmmsg(r6, &(0x7f0000009140)=[{{&(0x7f0000001580)=@in={0x2, 0x0, @dev}, 0x80, &(0x7f0000004840)=[{&(0x7f0000003840)=""/4096, 0x6}, {&(0x7f0000001600)=""/129, 0x7fffeffa}], 0x2, &(0x7f00000048c0)=""/58, 0x3a}}], 0x1, 0x0, &(0x7f0000009340)={0x0, 0x989680}) ioctl$sock_SIOCBRDELBR(r4, 0x89a1, &(0x7f0000000180)='bcsf0\x00\x00\x00\x00\x00\x00\x00\x11\x00') getsockopt$bt_rfcomm_RFCOMM_LM(r3, 0x12, 0x3, &(0x7f0000000380), &(0x7f0000000240)=0x293) sendmsg$nl_xfrm(r0, &(0x7f0000000100)={&(0x7f0000f4dff4), 0xc, &(0x7f0000000040)={&(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000c011100"], 0x1}}, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000600)={'bridge0\x00'}) [ 1219.203208][ T7898] R13: 00000000004c3d3a R14: 00000000004d6f20 R15: 00000000ffffffff [ 1219.230591][ T7898] memory: usage 307200kB, limit 307200kB, failcnt 524 [ 1219.237390][ T7898] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1219.287768][ T7898] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1219.301807][ T7898] Memory cgroup stats for /syz4: cache:0KB rss:278956KB rss_huge:18432KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:235456KB active_anon:27412KB inactive_file:4KB active_file:0KB unevictable:16236KB 03:42:05 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f000080e000)={0x2, 0xe, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0xffffff80, 0x0, @in6}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0x60}, 0x1, 0x0, 0x0, 0x0}, 0x0) [ 1219.361871][ T7898] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=7897,uid=0 [ 1219.407132][ T7898] Memory cgroup out of memory: Killed process 7897 (syz-executor.4) total-vm:72448kB, anon-rss:16016kB, file-rss:37164kB, shmem-rss:0kB [ 1219.422149][ T1043] oom_reaper: reaped process 7897 (syz-executor.4), now anon-rss:16064kB, file-rss:37940kB, shmem-rss:0kB [ 1219.502810][ T7935] IPVS: length: 133 != 24 03:42:06 executing program 4: socketpair$unix(0x1, 0x0, 0x0, 0x0) r0 = creat(0x0, 0x0) r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_STATUS(r0, 0xc05c5340, &(0x7f0000000200)={0xff, 0x9, 0xff, {}, 0x2, 0x1}) mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x0, 0x6031, 0xffffffffffffffff, 0x0) fcntl$dupfd(r2, 0x406, r1) 03:42:06 executing program 0: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r2 = socket$inet(0x2, 0x1, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) connect$inet(r2, &(0x7f0000000080)={0x2, 0x0, @loopback}, 0x10) dup2(r0, r2) tkill(r1, 0x0) 03:42:06 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f000080e000)={0x2, 0xe, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0xffffff80, 0x0, @in6}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0x60}, 0x1, 0x0, 0x0, 0x0}, 0x0) 03:42:06 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000440), 0x132224) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f00000000c0)=ANY=[@ANYBLOB="6e61853167377400000100000000000000000000e4dbb77487e90104000000000040800000000000001b2300000503000018030000cc0000ac010000000000001004d1e090e1fe916dd282e0f34f8dfac0dc1695c4d700001004000010030002d3a379b87c5ade6e27a603551ae6543351c2f2d3c00f3f72e011777424c981c41f852110e5d4a50bc78b2aa66b63012812d04b94d660aab341cfe8364422b866cd445d5d0f4d6715baea5900323e00000000000071cf4f040095006f"], 0x1) ptrace$setopts(0x4206, r2, 0x0, 0x0) wait4(0x0, 0x0, 0x0, 0x0) tkill(r2, 0x3c) 03:42:06 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f000080e000)={0x2, 0xe, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0xffffff80, 0x0, @in6}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0x60}, 0x1, 0x0, 0x0, 0x0}, 0x0) 03:42:06 executing program 5: socket$inet_sctp(0x2, 0x5, 0x84) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f00000003c0)=ANY=[@ANYBLOB="7cdaf117ad949c33f5436f8e61287af40e63e6559df00e1c92e3892c4c1cde1e61dc755864675bb0084e5e8ed007ed531d2e2cbd9c775f9e6d807d11e9e6c7c13e9b9937"], 0x0) r1 = socket(0xa, 0x3, 0x5) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'bridge0\x00\x00\x01\x00'}) setsockopt$ARPT_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x0, 0x61, &(0x7f0000000080)={'filter\x00', 0x4}, 0x68) setsockopt$inet6_mtu(r1, 0x29, 0x17, &(0x7f00000001c0)=0x2, 0x4) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8923, &(0x7f0000000040)={'bridge0\x00', 0xfffffffffffffffd}) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) socket$inet(0x2, 0x4000000000000001, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCBRADDBR(r4, 0x89a0, &(0x7f00000000c0)='bcsf0\x00') setsockopt$inet6_mtu(r3, 0x29, 0x17, &(0x7f00000002c0)=0x7, 0x4) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(tnepres)\x00'}, 0x58) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r2, 0x84, 0x7c, &(0x7f0000000680)={0x0, 0x4}, &(0x7f00000006c0)=0x8) r6 = accept4(r5, 0x0, &(0x7f0000000000), 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000100), 0x0) r7 = syz_genetlink_get_family_id$nbd(&(0x7f0000000740)='nbd\x00') sendmsg$NBD_CMD_STATUS(r4, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)={0x20, r7, 0x20, 0x70bd27, 0x25dfdbfd, {}, [@NBD_ATTR_TIMEOUT={0xc, 0x4, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x4000) sendto$unix(r6, &(0x7f0000000400), 0xfffffffffffffef8, 0x0, 0x0, 0x22) bind$bt_l2cap(r2, &(0x7f0000000280)={0x1f, 0x1000, {0x2, 0x8, 0x9, 0xff, 0x40, 0x65f}, 0x5, 0xa1}, 0xe) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000200)={r3, &(0x7f0000000140)="b127e17bb4729bdbe9df3309c28cfe1b0b69a52b7f9659d9f5e15f2d086700eb94d66d46780f09e48850970774d57053aa6f75", 0x0, 0x1}, 0x20) socket$alg(0x26, 0x5, 0x0) recvmmsg(r6, &(0x7f0000009140)=[{{&(0x7f0000001580)=@in={0x2, 0x0, @dev}, 0x80, &(0x7f0000004840)=[{&(0x7f0000003840)=""/4096, 0x6}, {&(0x7f0000001600)=""/129, 0x7fffeffa}], 0x2, &(0x7f00000048c0)=""/58, 0x3a}}], 0x1, 0x0, &(0x7f0000009340)={0x0, 0x989680}) ioctl$sock_SIOCBRDELBR(r4, 0x89a1, &(0x7f0000000180)='bcsf0\x00\x00\x00\x00\x00\x00\x00\x11\x00') getsockopt$bt_rfcomm_RFCOMM_LM(r3, 0x12, 0x3, &(0x7f0000000380), &(0x7f0000000240)=0x293) sendmsg$nl_xfrm(r0, &(0x7f0000000100)={&(0x7f0000f4dff4), 0xc, &(0x7f0000000040)={&(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000c011100"], 0x1}}, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000600)={'bridge0\x00'}) 03:42:06 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f000080e000)={0x2, 0xe, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0xffffff80, 0x0, @in6}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0x60}, 0x1, 0x0, 0x0, 0x0}, 0x0) [ 1220.266378][ T7941] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 1220.334030][ T7941] CPU: 1 PID: 7941 Comm: syz-executor.4 Not tainted 5.1.0-rc1-next-20190319 #6 [ 1220.343004][ T7941] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1220.353060][ T7941] Call Trace: [ 1220.356366][ T7941] dump_stack+0x172/0x1f0 [ 1220.360716][ T7941] dump_header+0x10f/0xb6c [ 1220.365151][ T7941] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1220.370982][ T7941] ? ___ratelimit+0x60/0x595 [ 1220.375591][ T7941] ? do_raw_spin_unlock+0x57/0x270 03:42:06 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000440), 0x132224) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f00000000c0)=ANY=[@ANYBLOB="6e61853167377400000100000000000000000000e4dbb77487e90104000000000040800000000000001b2300000503000018030000cc0000ac010000000000001004d1e090e1fe916dd282e0f34f8dfac0dc1695c4d700001004000010030002d3a379b87c5ade6e27a603551ae6543351c2f2d3c00f3f72e011777424c981c41f852110e5d4a50bc78b2aa66b63012812d04b94d660aab341cfe8364422b866cd445d5d0f4d6715baea5900323e00000000000071cf4f040095006f"], 0x1) ptrace$setopts(0x4206, r2, 0x0, 0x0) wait4(0x0, 0x0, 0x0, 0x0) tkill(r2, 0x3c) [ 1220.380721][ T7941] oom_kill_process.cold+0x10/0x15 [ 1220.385842][ T7941] out_of_memory+0x79a/0x1280 [ 1220.390539][ T7941] ? lock_downgrade+0x880/0x880 [ 1220.395405][ T7941] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1220.401657][ T7941] ? oom_killer_disable+0x280/0x280 [ 1220.406862][ T7941] ? find_held_lock+0x35/0x130 [ 1220.411649][ T7941] mem_cgroup_out_of_memory+0x1ca/0x230 [ 1220.417211][ T7941] ? memcg_event_wake+0x230/0x230 [ 1220.422255][ T7941] ? do_raw_spin_unlock+0x57/0x270 [ 1220.427376][ T7941] ? _raw_spin_unlock+0x2d/0x50 [ 1220.432242][ T7941] try_charge+0x118d/0x1790 [ 1220.436768][ T7941] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1220.442330][ T7941] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1220.448587][ T7941] ? kasan_check_read+0x11/0x20 [ 1220.453459][ T7941] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1220.459019][ T7941] mem_cgroup_try_charge+0x24d/0x5e0 [ 1220.464320][ T7941] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1220.469969][ T7941] __handle_mm_fault+0x1e1f/0x3ec0 [ 1220.475100][ T7941] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1220.480660][ T7941] ? find_held_lock+0x35/0x130 [ 1220.485439][ T7941] ? handle_mm_fault+0x322/0xb30 [ 1220.490399][ T7941] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1220.496659][ T7941] ? kasan_check_read+0x11/0x20 [ 1220.501530][ T7941] handle_mm_fault+0x43f/0xb30 [ 1220.506309][ T7941] __get_user_pages+0x7b6/0x1a40 [ 1220.511268][ T7941] ? follow_page_mask+0x19a0/0x19a0 [ 1220.516468][ T7941] ? perf_trace_lock+0xeb/0x510 [ 1220.521323][ T7941] ? __vma_adjust+0x1840/0x1840 [ 1220.526190][ T7941] ? lock_acquire+0x16f/0x3f0 [ 1220.530875][ T7941] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1220.537139][ T7941] populate_vma_page_range+0x20d/0x2a0 [ 1220.542613][ T7941] __mm_populate+0x204/0x380 [ 1220.547215][ T7941] ? populate_vma_page_range+0x2a0/0x2a0 [ 1220.552869][ T7941] __x64_sys_mlockall+0x35c/0x520 [ 1220.557924][ T7941] do_syscall_64+0x103/0x610 [ 1220.562529][ T7941] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1220.568427][ T7941] RIP: 0033:0x458079 [ 1220.572328][ T7941] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1220.592021][ T7941] RSP: 002b:00007fa3c5772c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 1220.600438][ T7941] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000458079 [ 1220.608426][ T7941] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 1220.616664][ T7941] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1220.624643][ T7941] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa3c57736d4 [ 1220.632614][ T7941] R13: 00000000004c3d3a R14: 00000000004d6f20 R15: 00000000ffffffff 03:42:07 executing program 1: r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000a40)='xugetl\x04\x00\x00\x00\x00\x00\x00\x00age_ir_Z\xa2\xf4es\x00', 0x275a, 0x0) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000980)={r1, &(0x7f0000000800)="ab39524c6533fce2ec7386e3871297701c01494a930fce54aa6150d3acdf7460b855374e19b68de3d1ca660d8d6d631ecf1fd735d5dc6efdf9e56b1b55a0783abf6310", 0x0, 0x2}, 0x20) write$cgroup_int(r1, &(0x7f0000000000), 0xffffff6a) ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, 0x0) r2 = gettid() getsockopt$inet6_IPV6_IPSEC_POLICY(r1, 0x29, 0x22, &(0x7f0000000700)={{{@in6=@initdev, @in6=@ipv4={[], [], @initdev}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@remote}, 0x0, @in6=@mcast2}}, &(0x7f0000000040)=0xe8) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000180)={0x0, 0x0, 0x0}, &(0x7f0000000440)=0xc) setsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000500)={r2, r3, r4}, 0xc) r5 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r5, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r6 = socket$inet_udplite(0x2, 0x2, 0x88) r7 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r7, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x4}, 0x1c) getsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000340)={0x0, 0x40, &(0x7f0000000300)=[@in={0x2, 0x4e21, @multicast2}, @in={0x2, 0x4e23, @rand_addr=0x6}, @in={0x2, 0x4e22, @rand_addr=0x7}, @in={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f0000000380)=0x10) getsockopt$IP_VS_SO_GET_DESTS(r6, 0x0, 0x484, &(0x7f0000000600)=""/133, &(0x7f0000000400)=0x85) getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000540)={r8, @in6={{0xa, 0x4e24, 0x8, @dev={0xfe, 0x80, [], 0x23}, 0xfffffffffffeffff}}, 0x9, 0x6, 0x80000000, 0x3, 0x8}, &(0x7f00000003c0)=0x98) connect$llc(r0, &(0x7f0000000000)={0x1a, 0x1, 0x0, 0x0, 0x0, 0x0, @dev}, 0x10) 03:42:07 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f000080e000)={0x2, 0xe, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0xffffff80, 0x0, @in6}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0x60}, 0x1, 0x0, 0x0, 0x0}, 0x0) 03:42:07 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000440), 0x132224) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() setsockopt$IPT_SO_SET_REPLACE(r1, 0x0, 0x40, 0x0, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) wait4(0x0, 0x0, 0x0, 0x0) tkill(r2, 0x3c) 03:42:07 executing program 0: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r2 = socket$inet(0x2, 0x1, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) connect$inet(r2, &(0x7f0000000080)={0x2, 0x0, @loopback}, 0x10) dup2(r0, r2) tkill(r1, 0x0) [ 1220.660687][ T7941] memory: usage 307200kB, limit 307200kB, failcnt 546 [ 1220.683324][ T7941] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1220.724342][ T7941] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1220.740369][ T7941] Memory cgroup stats for /syz4: cache:0KB rss:279048KB rss_huge:18432KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:235456KB active_anon:27412KB inactive_file:4KB active_file:0KB unevictable:16236KB [ 1220.793621][ T7941] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=7940,uid=0 [ 1220.825585][ T7941] Memory cgroup out of memory: Killed process 7940 (syz-executor.4) total-vm:72448kB, anon-rss:16016kB, file-rss:37164kB, shmem-rss:0kB [ 1220.869938][ T1043] oom_reaper: reaped process 7940 (syz-executor.4), now anon-rss:16064kB, file-rss:37944kB, shmem-rss:0kB [ 1220.881473][ C1] net_ratelimit: 14 callbacks suppressed [ 1220.881482][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1220.881551][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1220.881641][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1220.881695][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1220.881777][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1220.881819][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1220.987627][ T7977] IPVS: length: 133 != 24 03:42:07 executing program 4: socketpair$unix(0x1, 0x0, 0x0, 0x0) r0 = creat(0x0, 0x0) r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_STATUS(r0, 0xc05c5340, &(0x7f0000000200)={0xff, 0x9, 0xff, {}, 0x2, 0x1}) mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x0, 0x6031, 0xffffffffffffffff, 0x0) fcntl$dupfd(r2, 0x406, r1) 03:42:07 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f000080e000)={0x2, 0xe, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0xffffff80, 0x0, @in6}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0x60}, 0x1, 0x0, 0x0, 0x0}, 0x0) 03:42:07 executing program 5: socket$inet_sctp(0x2, 0x5, 0x84) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f00000003c0)=ANY=[@ANYBLOB="7cdaf117ad949c33f5436f8e61287af40e63e6559df00e1c92e3892c4c1cde1e61dc755864675bb0084e5e8ed007ed531d2e2cbd9c775f9e6d807d11e9e6c7c13e9b9937"], 0x0) r1 = socket(0xa, 0x3, 0x5) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'bridge0\x00\x00\x01\x00'}) setsockopt$ARPT_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x0, 0x61, &(0x7f0000000080)={'filter\x00', 0x4}, 0x68) setsockopt$inet6_mtu(r1, 0x29, 0x17, &(0x7f00000001c0)=0x2, 0x4) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8923, &(0x7f0000000040)={'bridge0\x00', 0xfffffffffffffffd}) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) socket$inet(0x2, 0x4000000000000001, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCBRADDBR(r4, 0x89a0, &(0x7f00000000c0)='bcsf0\x00') setsockopt$inet6_mtu(r3, 0x29, 0x17, &(0x7f00000002c0)=0x7, 0x4) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(tnepres)\x00'}, 0x58) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f0000000700)={0x0, 0x0, 0x2, 0x1}, 0x10) r6 = accept4(r5, 0x0, &(0x7f0000000000), 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000100), 0x0) r7 = syz_genetlink_get_family_id$nbd(&(0x7f0000000740)='nbd\x00') sendmsg$NBD_CMD_STATUS(r4, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)={0x20, r7, 0x20, 0x70bd27, 0x25dfdbfd, {}, [@NBD_ATTR_TIMEOUT={0xc, 0x4, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x4000) sendto$unix(r6, &(0x7f0000000400), 0xfffffffffffffef8, 0x0, 0x0, 0x22) bind$bt_l2cap(r2, &(0x7f0000000280)={0x1f, 0x1000, {0x2, 0x8, 0x9, 0xff, 0x40, 0x65f}, 0x5, 0xa1}, 0xe) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000200)={r3, &(0x7f0000000140)="b127e17bb4729bdbe9df3309c28cfe1b0b69a52b7f9659d9f5e15f2d086700eb94d66d46780f09e48850970774d57053aa6f75", 0x0, 0x1}, 0x20) socket$alg(0x26, 0x5, 0x0) recvmmsg(r6, &(0x7f0000009140)=[{{&(0x7f0000001580)=@in={0x2, 0x0, @dev}, 0x80, &(0x7f0000004840)=[{&(0x7f0000003840)=""/4096, 0x6}, {&(0x7f0000001600)=""/129, 0x7fffeffa}], 0x2, &(0x7f00000048c0)=""/58, 0x3a}}], 0x1, 0x0, &(0x7f0000009340)={0x0, 0x989680}) ioctl$sock_SIOCBRDELBR(r4, 0x89a1, &(0x7f0000000180)='bcsf0\x00\x00\x00\x00\x00\x00\x00\x11\x00') getsockopt$bt_rfcomm_RFCOMM_LM(r3, 0x12, 0x3, &(0x7f0000000380), &(0x7f0000000240)=0x293) sendmsg$nl_xfrm(r0, &(0x7f0000000100)={&(0x7f0000f4dff4), 0xc, &(0x7f0000000040)={&(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000c011100"], 0x1}}, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000600)={'bridge0\x00'}) 03:42:07 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f000080e000)={0x2, 0xe, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0xffffff80, 0x0, @in6}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0x60}, 0x1, 0x0, 0x0, 0x0}, 0x0) 03:42:08 executing program 0: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r2 = socket$inet(0x2, 0x1, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) connect$inet(r2, &(0x7f0000000080)={0x2, 0x0, @loopback}, 0x10) dup2(r0, r2) tkill(r1, 0x0) 03:42:08 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f000080e000)={0x2, 0xe, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0xffffff80, 0x0, @in6}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0x60}, 0x1, 0x0, 0x0, 0x0}, 0x0) [ 1221.697681][ T7985] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 1221.739058][ T7985] CPU: 0 PID: 7985 Comm: syz-executor.4 Not tainted 5.1.0-rc1-next-20190319 #6 [ 1221.748034][ T7985] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1221.758092][ T7985] Call Trace: [ 1221.761396][ T7985] dump_stack+0x172/0x1f0 [ 1221.765747][ T7985] dump_header+0x10f/0xb6c [ 1221.770191][ T7985] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1221.776013][ T7985] ? ___ratelimit+0x60/0x595 [ 1221.780615][ T7985] ? do_raw_spin_unlock+0x57/0x270 03:42:08 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f000080e000)={0x2, 0xe, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0xffffff80, 0x0, @in6}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0x60}, 0x1, 0x0, 0x0, 0x0}, 0x0) [ 1221.785745][ T7985] oom_kill_process.cold+0x10/0x15 [ 1221.790873][ T7985] out_of_memory+0x79a/0x1280 [ 1221.795579][ T7985] ? lock_downgrade+0x880/0x880 [ 1221.800446][ T7985] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1221.806714][ T7985] ? oom_killer_disable+0x280/0x280 [ 1221.811933][ T7985] ? find_held_lock+0x35/0x130 [ 1221.816748][ T7985] mem_cgroup_out_of_memory+0x1ca/0x230 [ 1221.822303][ T7985] ? memcg_event_wake+0x230/0x230 [ 1221.827349][ T7985] ? do_raw_spin_unlock+0x57/0x270 [ 1221.832478][ T7985] ? _raw_spin_unlock+0x2d/0x50 03:42:08 executing program 1: r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000a40)='xugetl\x04\x00\x00\x00\x00\x00\x00\x00age_ir_Z\xa2\xf4es\x00', 0x275a, 0x0) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000980)={r1, &(0x7f0000000800)="ab39524c6533fce2ec7386e3871297701c01494a930fce54aa6150d3acdf7460b855374e19b68de3d1ca660d8d6d631ecf1fd735d5dc6efdf9e56b1b55a0783abf6310", 0x0, 0x2}, 0x20) write$cgroup_int(r1, &(0x7f0000000000), 0xffffff6a) ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, 0x0) r2 = gettid() getsockopt$inet6_IPV6_IPSEC_POLICY(r1, 0x29, 0x22, &(0x7f0000000700)={{{@in6=@initdev, @in6=@ipv4={[], [], @initdev}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@remote}, 0x0, @in6=@mcast2}}, &(0x7f0000000040)=0xe8) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000180)={0x0, 0x0, 0x0}, &(0x7f0000000440)=0xc) setsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000500)={r2, r3, r4}, 0xc) r5 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r5, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r6 = socket$inet_udplite(0x2, 0x2, 0x88) r7 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r7, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x4}, 0x1c) getsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000340)={0x0, 0x40, &(0x7f0000000300)=[@in={0x2, 0x4e21, @multicast2}, @in={0x2, 0x4e23, @rand_addr=0x6}, @in={0x2, 0x4e22, @rand_addr=0x7}, @in={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f0000000380)=0x10) getsockopt$IP_VS_SO_GET_DESTS(r6, 0x0, 0x484, &(0x7f0000000600)=""/133, &(0x7f0000000400)=0x85) getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000540)={r8, @in6={{0xa, 0x4e24, 0x8, @dev={0xfe, 0x80, [], 0x23}, 0xfffffffffffeffff}}, 0x9, 0x6, 0x80000000, 0x3, 0x8}, &(0x7f00000003c0)=0x98) [ 1221.837354][ T7985] try_charge+0x118d/0x1790 [ 1221.841879][ T7985] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1221.847448][ T7985] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1221.853705][ T7985] ? kasan_check_read+0x11/0x20 [ 1221.858568][ T7985] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1221.864136][ T7985] mem_cgroup_try_charge+0x24d/0x5e0 [ 1221.869438][ T7985] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1221.875089][ T7985] __handle_mm_fault+0x1e1f/0x3ec0 [ 1221.880233][ T7985] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1221.885819][ T7985] ? find_held_lock+0x35/0x130 [ 1221.890595][ T7985] ? handle_mm_fault+0x322/0xb30 [ 1221.895561][ T7985] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1221.902316][ T7985] ? kasan_check_read+0x11/0x20 [ 1221.907180][ T7985] handle_mm_fault+0x43f/0xb30 [ 1221.911969][ T7985] __get_user_pages+0x7b6/0x1a40 [ 1221.916943][ T7985] ? follow_page_mask+0x19a0/0x19a0 [ 1221.922151][ T7985] ? perf_trace_lock+0xeb/0x510 [ 1221.927029][ T7985] ? __vma_adjust+0x1840/0x1840 [ 1221.931897][ T7985] ? lock_acquire+0x16f/0x3f0 [ 1221.936595][ T7985] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1221.942848][ T7985] populate_vma_page_range+0x20d/0x2a0 [ 1221.948327][ T7985] __mm_populate+0x204/0x380 [ 1221.952934][ T7985] ? populate_vma_page_range+0x2a0/0x2a0 [ 1221.958594][ T7985] __x64_sys_mlockall+0x35c/0x520 [ 1221.963637][ T7985] do_syscall_64+0x103/0x610 [ 1221.968244][ T7985] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1221.974139][ T7985] RIP: 0033:0x458079 [ 1221.978048][ T7985] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1221.997658][ T7985] RSP: 002b:00007fa3c5772c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 1222.006079][ T7985] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000458079 [ 1222.014060][ T7985] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 1222.022037][ T7985] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1222.030015][ T7985] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa3c57736d4 [ 1222.037991][ T7985] R13: 00000000004c3d3a R14: 00000000004d6f20 R15: 00000000ffffffff [ 1222.046423][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1222.052259][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1222.063349][ T8002] IPVS: length: 133 != 24 [ 1222.066398][ T7985] memory: usage 307200kB, limit 307200kB, failcnt 561 [ 1222.078903][ T7985] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 03:42:08 executing program 5: socket$inet_sctp(0x2, 0x5, 0x84) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f00000003c0)=ANY=[@ANYBLOB="7cdaf117ad949c33f5436f8e61287af40e63e6559df00e1c92e3892c4c1cde1e61dc755864675bb0084e5e8ed007ed531d2e2cbd9c775f9e6d807d11e9e6c7c13e9b9937"], 0x0) r1 = socket(0xa, 0x3, 0x5) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'bridge0\x00\x00\x01\x00'}) setsockopt$ARPT_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x0, 0x61, &(0x7f0000000080)={'filter\x00', 0x4}, 0x68) setsockopt$inet6_mtu(r1, 0x29, 0x17, &(0x7f00000001c0)=0x2, 0x4) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8923, &(0x7f0000000040)={'bridge0\x00', 0xfffffffffffffffd}) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) socket$inet(0x2, 0x4000000000000001, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCBRADDBR(r4, 0x89a0, &(0x7f00000000c0)='bcsf0\x00') setsockopt$inet6_mtu(r3, 0x29, 0x17, &(0x7f00000002c0)=0x7, 0x4) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(tnepres)\x00'}, 0x58) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f0000000700)={0x0, 0x0, 0x2, 0x1}, 0x10) r6 = accept4(r5, 0x0, &(0x7f0000000000), 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000100), 0x0) r7 = syz_genetlink_get_family_id$nbd(&(0x7f0000000740)='nbd\x00') sendmsg$NBD_CMD_STATUS(r4, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)={0x20, r7, 0x20, 0x70bd27, 0x25dfdbfd, {}, [@NBD_ATTR_TIMEOUT={0xc, 0x4, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x4000) sendto$unix(r6, &(0x7f0000000400), 0xfffffffffffffef8, 0x0, 0x0, 0x22) bind$bt_l2cap(r2, &(0x7f0000000280)={0x1f, 0x1000, {0x2, 0x8, 0x9, 0xff, 0x40, 0x65f}, 0x5, 0xa1}, 0xe) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000200)={r3, &(0x7f0000000140)="b127e17bb4729bdbe9df3309c28cfe1b0b69a52b7f9659d9f5e15f2d086700eb94d66d46780f09e48850970774d57053aa6f75", 0x0, 0x1}, 0x20) socket$alg(0x26, 0x5, 0x0) recvmmsg(r6, &(0x7f0000009140)=[{{&(0x7f0000001580)=@in={0x2, 0x0, @dev}, 0x80, &(0x7f0000004840)=[{&(0x7f0000003840)=""/4096, 0x6}, {&(0x7f0000001600)=""/129, 0x7fffeffa}], 0x2, &(0x7f00000048c0)=""/58, 0x3a}}], 0x1, 0x0, &(0x7f0000009340)={0x0, 0x989680}) ioctl$sock_SIOCBRDELBR(r4, 0x89a1, &(0x7f0000000180)='bcsf0\x00\x00\x00\x00\x00\x00\x00\x11\x00') getsockopt$bt_rfcomm_RFCOMM_LM(r3, 0x12, 0x3, &(0x7f0000000380), &(0x7f0000000240)=0x293) sendmsg$nl_xfrm(r0, &(0x7f0000000100)={&(0x7f0000f4dff4), 0xc, &(0x7f0000000040)={&(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000c011100"], 0x1}}, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000600)={'bridge0\x00'}) [ 1222.096265][ T7985] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1222.119071][ T7985] Memory cgroup stats for /syz4: cache:0KB rss:278908KB rss_huge:18432KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:235456KB active_anon:27412KB inactive_file:4KB active_file:0KB unevictable:16256KB [ 1222.160629][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1222.166469][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1222.192374][ T7985] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=7984,uid=0 03:42:08 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f000080e000)={0x2, 0xe, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0xffffff80, 0x0, @in6}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0x60}, 0x1, 0x0, 0x0, 0x0}, 0x0) [ 1222.223913][ T7985] Memory cgroup out of memory: Killed process 7984 (syz-executor.4) total-vm:72448kB, anon-rss:16016kB, file-rss:37164kB, shmem-rss:0kB [ 1222.260417][ T1043] oom_reaper: reaped process 7984 (syz-executor.4), now anon-rss:16064kB, file-rss:37940kB, shmem-rss:0kB 03:42:10 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000440), 0x132224) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() setsockopt$IPT_SO_SET_REPLACE(r1, 0x0, 0x40, 0x0, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) wait4(0x0, 0x0, 0x0, 0x0) tkill(r2, 0x3c) 03:42:10 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f000080e000)={0x2, 0xe, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0xffffff80, 0x0, @in6}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0x60}, 0x1, 0x0, 0x0, 0x0}, 0x0) 03:42:10 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, 0x0) ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, &(0x7f0000000040)=ANY=[@ANYBLOB="0f28cd"]) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000028000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 03:42:10 executing program 4: socketpair$unix(0x1, 0x0, 0x0, 0x0) r0 = creat(0x0, 0x0) r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_STATUS(r0, 0xc05c5340, &(0x7f0000000200)={0xff, 0x9, 0xff, {}, 0x2, 0x1}) mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x0, 0x6031, 0xffffffffffffffff, 0x0) fcntl$dupfd(r2, 0x406, r1) 03:42:10 executing program 1: r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000a40)='xugetl\x04\x00\x00\x00\x00\x00\x00\x00age_ir_Z\xa2\xf4es\x00', 0x275a, 0x0) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000980)={r1, &(0x7f0000000800)="ab39524c6533fce2ec7386e3871297701c01494a930fce54aa6150d3acdf7460b855374e19b68de3d1ca660d8d6d631ecf1fd735d5dc6efdf9e56b1b55a0783abf6310", 0x0, 0x2}, 0x20) write$cgroup_int(r1, &(0x7f0000000000), 0xffffff6a) ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, 0x0) r2 = gettid() getsockopt$inet6_IPV6_IPSEC_POLICY(r1, 0x29, 0x22, &(0x7f0000000700)={{{@in6=@initdev, @in6=@ipv4={[], [], @initdev}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@remote}, 0x0, @in6=@mcast2}}, &(0x7f0000000040)=0xe8) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000180)={0x0, 0x0, 0x0}, &(0x7f0000000440)=0xc) setsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000500)={r2, r3, r4}, 0xc) r5 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r5, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r6 = socket$inet_udplite(0x2, 0x2, 0x88) r7 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r7, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x4}, 0x1c) getsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000340)={0x0, 0x40, &(0x7f0000000300)=[@in={0x2, 0x4e21, @multicast2}, @in={0x2, 0x4e23, @rand_addr=0x6}, @in={0x2, 0x4e22, @rand_addr=0x7}, @in={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f0000000380)=0x10) getsockopt$IP_VS_SO_GET_DESTS(r6, 0x0, 0x484, &(0x7f0000000600)=""/133, &(0x7f0000000400)=0x85) 03:42:10 executing program 5: socket$inet_sctp(0x2, 0x5, 0x84) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f00000003c0)=ANY=[@ANYBLOB="7cdaf117ad949c33f5436f8e61287af40e63e6559df00e1c92e3892c4c1cde1e61dc755864675bb0084e5e8ed007ed531d2e2cbd9c775f9e6d807d11e9e6c7c13e9b9937"], 0x0) r1 = socket(0xa, 0x3, 0x5) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'bridge0\x00\x00\x01\x00'}) setsockopt$ARPT_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x0, 0x61, &(0x7f0000000080)={'filter\x00', 0x4}, 0x68) setsockopt$inet6_mtu(r1, 0x29, 0x17, &(0x7f00000001c0)=0x2, 0x4) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8923, &(0x7f0000000040)={'bridge0\x00', 0xfffffffffffffffd}) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) socket$inet(0x2, 0x4000000000000001, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCBRADDBR(r4, 0x89a0, &(0x7f00000000c0)='bcsf0\x00') setsockopt$inet6_mtu(r3, 0x29, 0x17, &(0x7f00000002c0)=0x7, 0x4) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(tnepres)\x00'}, 0x58) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f0000000700)={0x0, 0x0, 0x2, 0x1}, 0x10) r6 = accept4(r5, 0x0, &(0x7f0000000000), 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000100), 0x0) r7 = syz_genetlink_get_family_id$nbd(&(0x7f0000000740)='nbd\x00') sendmsg$NBD_CMD_STATUS(r4, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)={0x20, r7, 0x20, 0x70bd27, 0x25dfdbfd, {}, [@NBD_ATTR_TIMEOUT={0xc, 0x4, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x4000) sendto$unix(r6, &(0x7f0000000400), 0xfffffffffffffef8, 0x0, 0x0, 0x22) bind$bt_l2cap(r2, &(0x7f0000000280)={0x1f, 0x1000, {0x2, 0x8, 0x9, 0xff, 0x40, 0x65f}, 0x5, 0xa1}, 0xe) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000200)={r3, &(0x7f0000000140)="b127e17bb4729bdbe9df3309c28cfe1b0b69a52b7f9659d9f5e15f2d086700eb94d66d46780f09e48850970774d57053aa6f75", 0x0, 0x1}, 0x20) socket$alg(0x26, 0x5, 0x0) recvmmsg(r6, &(0x7f0000009140)=[{{&(0x7f0000001580)=@in={0x2, 0x0, @dev}, 0x80, &(0x7f0000004840)=[{&(0x7f0000003840)=""/4096, 0x6}, {&(0x7f0000001600)=""/129, 0x7fffeffa}], 0x2, &(0x7f00000048c0)=""/58, 0x3a}}], 0x1, 0x0, &(0x7f0000009340)={0x0, 0x989680}) ioctl$sock_SIOCBRDELBR(r4, 0x89a1, &(0x7f0000000180)='bcsf0\x00\x00\x00\x00\x00\x00\x00\x11\x00') getsockopt$bt_rfcomm_RFCOMM_LM(r3, 0x12, 0x3, &(0x7f0000000380), &(0x7f0000000240)=0x293) sendmsg$nl_xfrm(r0, &(0x7f0000000100)={&(0x7f0000f4dff4), 0xc, &(0x7f0000000040)={&(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000c011100"], 0x1}}, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000600)={'bridge0\x00'}) 03:42:10 executing program 0: [ 1223.817162][ T8030] IPVS: length: 133 != 24 03:42:10 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f000080e000)={0x2, 0xe, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0xffffff80, 0x0, @in6}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0x60}, 0x1, 0x0, 0x0, 0x0}, 0x0) 03:42:10 executing program 0: 03:42:10 executing program 0: 03:42:10 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f000080e000)={0x2, 0xe, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0xffffff80, 0x0, @in6}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0x60}, 0x1, 0x0, 0x0, 0x0}, 0x0) 03:42:10 executing program 0: [ 1224.208896][ T8024] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 1224.234032][ T8024] CPU: 0 PID: 8024 Comm: syz-executor.4 Not tainted 5.1.0-rc1-next-20190319 #6 [ 1224.242980][ T8024] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1224.253037][ T8024] Call Trace: [ 1224.256339][ T8024] dump_stack+0x172/0x1f0 [ 1224.260683][ T8024] dump_header+0x10f/0xb6c [ 1224.265118][ T8024] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1224.270943][ T8024] ? ___ratelimit+0x60/0x595 [ 1224.275551][ T8024] ? do_raw_spin_unlock+0x57/0x270 [ 1224.280684][ T8024] oom_kill_process.cold+0x10/0x15 [ 1224.285810][ T8024] out_of_memory+0x79a/0x1280 [ 1224.290504][ T8024] ? lock_downgrade+0x880/0x880 [ 1224.295368][ T8024] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1224.301621][ T8024] ? oom_killer_disable+0x280/0x280 [ 1224.306823][ T8024] ? find_held_lock+0x35/0x130 [ 1224.311607][ T8024] mem_cgroup_out_of_memory+0x1ca/0x230 [ 1224.317154][ T8024] ? memcg_event_wake+0x230/0x230 [ 1224.322217][ T8024] ? do_raw_spin_unlock+0x57/0x270 [ 1224.327336][ T8024] ? _raw_spin_unlock+0x2d/0x50 [ 1224.332196][ T8024] try_charge+0x118d/0x1790 [ 1224.336705][ T8024] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1224.342257][ T8024] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1224.348500][ T8024] ? kasan_check_read+0x11/0x20 [ 1224.353353][ T8024] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1224.358903][ T8024] mem_cgroup_try_charge+0x24d/0x5e0 [ 1224.364206][ T8024] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1224.369841][ T8024] __handle_mm_fault+0x1e1f/0x3ec0 [ 1224.374955][ T8024] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1224.380500][ T8024] ? find_held_lock+0x35/0x130 [ 1224.385263][ T8024] ? handle_mm_fault+0x322/0xb30 [ 1224.390215][ T8024] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1224.396463][ T8024] ? kasan_check_read+0x11/0x20 [ 1224.401315][ T8024] handle_mm_fault+0x43f/0xb30 [ 1224.406084][ T8024] __get_user_pages+0x7b6/0x1a40 [ 1224.411032][ T8024] ? follow_page_mask+0x19a0/0x19a0 [ 1224.416228][ T8024] ? perf_trace_lock+0xeb/0x510 [ 1224.421074][ T8024] ? __vma_adjust+0x1840/0x1840 [ 1224.425930][ T8024] ? lock_acquire+0x16f/0x3f0 [ 1224.430600][ T8024] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1224.436838][ T8024] populate_vma_page_range+0x20d/0x2a0 [ 1224.442303][ T8024] __mm_populate+0x204/0x380 [ 1224.446894][ T8024] ? populate_vma_page_range+0x2a0/0x2a0 [ 1224.452559][ T8024] __x64_sys_mlockall+0x35c/0x520 [ 1224.457583][ T8024] do_syscall_64+0x103/0x610 [ 1224.462181][ T8024] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1224.468080][ T8024] RIP: 0033:0x458079 [ 1224.471974][ T8024] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1224.491570][ T8024] RSP: 002b:00007fa3c5772c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 1224.499990][ T8024] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000458079 [ 1224.507958][ T8024] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 1224.515924][ T8024] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1224.523891][ T8024] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa3c57736d4 [ 1224.531855][ T8024] R13: 00000000004c3d3a R14: 00000000004d6f20 R15: 00000000ffffffff [ 1224.617002][ T8024] memory: usage 307200kB, limit 307200kB, failcnt 590 [ 1224.624337][ T8024] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1224.632409][ T8024] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1224.639453][ T8024] Memory cgroup stats for /syz4: cache:0KB rss:279108KB rss_huge:18432KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:235456KB active_anon:27412KB inactive_file:4KB active_file:0KB unevictable:16284KB [ 1224.662207][ T8024] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=8015,uid=0 [ 1224.690876][ T8024] Memory cgroup out of memory: Killed process 8015 (syz-executor.4) total-vm:72448kB, anon-rss:16016kB, file-rss:37164kB, shmem-rss:0kB 03:42:11 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000440), 0x132224) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() setsockopt$IPT_SO_SET_REPLACE(r1, 0x0, 0x40, 0x0, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) wait4(0x0, 0x0, 0x0, 0x0) tkill(r2, 0x3c) 03:42:11 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f000080e000)={0x2, 0xe, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0xffffff80, 0x0, @in6}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0x60}, 0x1, 0x0, 0x0, 0x0}, 0x0) 03:42:11 executing program 0: [ 1224.709430][ T1043] oom_reaper: reaped process 8015 (syz-executor.4), now anon-rss:16064kB, file-rss:37944kB, shmem-rss:0kB 03:42:11 executing program 4: socketpair$unix(0x1, 0x0, 0x0, 0x0) r0 = creat(0x0, 0x0) r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_STATUS(r0, 0xc05c5340, &(0x7f0000000200)={0xff, 0x9, 0xff, {}, 0x2, 0x1}) mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x0, 0x6031, 0xffffffffffffffff, 0x0) fcntl$dupfd(r2, 0x406, r1) 03:42:11 executing program 5: socket$inet_sctp(0x2, 0x5, 0x84) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f00000003c0)=ANY=[@ANYBLOB="7cdaf117ad949c33f5436f8e61287af40e63e6559df00e1c92e3892c4c1cde1e61dc755864675bb0084e5e8ed007ed531d2e2cbd9c775f9e6d807d11e9e6c7c13e9b9937"], 0x0) r1 = socket(0xa, 0x3, 0x5) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'bridge0\x00\x00\x01\x00'}) setsockopt$ARPT_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x0, 0x61, &(0x7f0000000080)={'filter\x00', 0x4}, 0x68) setsockopt$inet6_mtu(r1, 0x29, 0x17, &(0x7f00000001c0)=0x2, 0x4) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8923, &(0x7f0000000040)={'bridge0\x00', 0xfffffffffffffffd}) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) socket$inet(0x2, 0x4000000000000001, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCBRADDBR(r4, 0x89a0, &(0x7f00000000c0)='bcsf0\x00') setsockopt$inet6_mtu(r3, 0x29, 0x17, &(0x7f00000002c0)=0x7, 0x4) r5 = socket$alg(0x26, 0x5, 0x0) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r2, 0x84, 0x7c, &(0x7f0000000680)={0x0, 0x4}, &(0x7f00000006c0)=0x8) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f0000000700)={0x0, 0x0, 0x2, 0x1, r6}, 0x10) r7 = accept4(r5, 0x0, &(0x7f0000000000), 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000100), 0x0) r8 = syz_genetlink_get_family_id$nbd(&(0x7f0000000740)='nbd\x00') sendmsg$NBD_CMD_STATUS(r4, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)={0x20, r8, 0x20, 0x70bd27, 0x25dfdbfd, {}, [@NBD_ATTR_TIMEOUT={0xc, 0x4, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x4000) sendto$unix(r7, &(0x7f0000000400), 0xfffffffffffffef8, 0x0, 0x0, 0x22) bind$bt_l2cap(r2, &(0x7f0000000280)={0x1f, 0x1000, {0x2, 0x8, 0x9, 0xff, 0x40, 0x65f}, 0x5, 0xa1}, 0xe) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000200)={r3, &(0x7f0000000140)="b127e17bb4729bdbe9df3309c28cfe1b0b69a52b7f9659d9f5e15f2d086700eb94d66d46780f09e48850970774d57053aa6f75", 0x0, 0x1}, 0x20) socket$alg(0x26, 0x5, 0x0) recvmmsg(r7, &(0x7f0000009140)=[{{&(0x7f0000001580)=@in={0x2, 0x0, @dev}, 0x80, &(0x7f0000004840)=[{&(0x7f0000003840)=""/4096, 0x6}, {&(0x7f0000001600)=""/129, 0x7fffeffa}], 0x2, &(0x7f00000048c0)=""/58, 0x3a}}], 0x1, 0x0, &(0x7f0000009340)={0x0, 0x989680}) ioctl$sock_SIOCBRDELBR(r4, 0x89a1, &(0x7f0000000180)='bcsf0\x00\x00\x00\x00\x00\x00\x00\x11\x00') getsockopt$bt_rfcomm_RFCOMM_LM(r3, 0x12, 0x3, &(0x7f0000000380), &(0x7f0000000240)=0x293) sendmsg$nl_xfrm(r0, &(0x7f0000000100)={&(0x7f0000f4dff4), 0xc, &(0x7f0000000040)={&(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000c011100"], 0x1}}, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000600)={'bridge0\x00'}) 03:42:11 executing program 1: r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000a40)='xugetl\x04\x00\x00\x00\x00\x00\x00\x00age_ir_Z\xa2\xf4es\x00', 0x275a, 0x0) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000980)={r1, &(0x7f0000000800)="ab39524c6533fce2ec7386e3871297701c01494a930fce54aa6150d3acdf7460b855374e19b68de3d1ca660d8d6d631ecf1fd735d5dc6efdf9e56b1b55a0783abf6310", 0x0, 0x2}, 0x20) write$cgroup_int(r1, &(0x7f0000000000), 0xffffff6a) ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, 0x0) r2 = gettid() getsockopt$inet6_IPV6_IPSEC_POLICY(r1, 0x29, 0x22, &(0x7f0000000700)={{{@in6=@initdev, @in6=@ipv4={[], [], @initdev}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@remote}, 0x0, @in6=@mcast2}}, &(0x7f0000000040)=0xe8) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000180)={0x0, 0x0, 0x0}, &(0x7f0000000440)=0xc) setsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000500)={r2, r3, r4}, 0xc) r5 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r5, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r6 = socket$inet_udplite(0x2, 0x2, 0x88) r7 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r7, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x4}, 0x1c) getsockopt$IP_VS_SO_GET_DESTS(r6, 0x0, 0x484, &(0x7f0000000600)=""/133, &(0x7f0000000400)=0x85) 03:42:11 executing program 0: 03:42:11 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f000080e000)={0x2, 0xe, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0xffffff80, 0x0, @in6}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0x60}, 0x1, 0x0, 0x0, 0x0}, 0x0) 03:42:11 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = socket(0x0, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_AUTOCLOSE(0xffffffffffffffff, 0x84, 0x4, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000140)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x44b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f000}) ioctl$sock_netdev_private(0xffffffffffffffff, 0x0, &(0x7f0000000180)) write$P9_RRENAME(0xffffffffffffffff, &(0x7f00000002c0)={0x7, 0x15, 0x4}, 0x7) getresuid(&(0x7f0000000500), &(0x7f0000000540), &(0x7f0000000480)) ioctl$SNDRV_RAWMIDI_IOCTL_PVERSION(0xffffffffffffffff, 0x80045700, &(0x7f0000000400)) getgroups(0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) getresuid(0xffffffffffffffff, &(0x7f0000000440), &(0x7f00000004c0)) sendmsg$TIPC_CMD_GET_REMOTE_MNG(0xffffffffffffffff, 0x0, 0x0) ioctl$sock_inet6_udp_SIOCOUTQ(r1, 0x5411, &(0x7f00000001c0)) ioctl$SNDRV_CTL_IOCTL_CARD_INFO(0xffffffffffffffff, 0x81785501, &(0x7f0000000380)=""/67) r4 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, &(0x7f0000000300)={0x0, 0x0, 0x4}, 0x0) openat(0xffffffffffffffff, &(0x7f0000000100)='./file0\x00', 0x40000, 0x80) getsockopt$inet_sctp_SCTP_RESET_STREAMS(r1, 0x84, 0x77, 0x0, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x1000001, 0x13, r4, 0x0) [ 1225.050613][ T8065] IPVS: length: 133 != 24 03:42:11 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f000080e000)={0x2, 0xe, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0xffffff80, 0x0, @in6}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0x60}, 0x1, 0x0, 0x0, 0x0}, 0x0) 03:42:11 executing program 0: r0 = syz_open_dev$video(&(0x7f0000000280)='/dev/video#\x00', 0x9, 0x0) ioctl$VIDIOC_G_SELECTION(r0, 0xc040565e, &(0x7f00000000c0)={0x9, 0x100}) 03:42:11 executing program 5: socket$inet_sctp(0x2, 0x5, 0x84) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f00000003c0)=ANY=[@ANYBLOB="7cdaf117ad949c33f5436f8e61287af40e63e6559df00e1c92e3892c4c1cde1e61dc755864675bb0084e5e8ed007ed531d2e2cbd9c775f9e6d807d11e9e6c7c13e9b9937"], 0x0) r1 = socket(0xa, 0x3, 0x5) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'bridge0\x00\x00\x01\x00'}) setsockopt$ARPT_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x0, 0x61, &(0x7f0000000080)={'filter\x00', 0x4}, 0x68) setsockopt$inet6_mtu(r1, 0x29, 0x17, &(0x7f00000001c0)=0x2, 0x4) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8923, &(0x7f0000000040)={'bridge0\x00', 0xfffffffffffffffd}) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) socket$inet(0x2, 0x4000000000000001, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCBRADDBR(r4, 0x89a0, &(0x7f00000000c0)='bcsf0\x00') setsockopt$inet6_mtu(r3, 0x29, 0x17, &(0x7f00000002c0)=0x7, 0x4) r5 = socket$alg(0x26, 0x5, 0x0) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r2, 0x84, 0x7c, &(0x7f0000000680)={0x0, 0x4}, &(0x7f00000006c0)=0x8) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f0000000700)={0x0, 0x0, 0x2, 0x1, r6}, 0x10) r7 = accept4(r5, 0x0, &(0x7f0000000000), 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000100), 0x0) r8 = syz_genetlink_get_family_id$nbd(&(0x7f0000000740)='nbd\x00') sendmsg$NBD_CMD_STATUS(r4, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)={0x20, r8, 0x20, 0x70bd27, 0x25dfdbfd, {}, [@NBD_ATTR_TIMEOUT={0xc, 0x4, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x4000) sendto$unix(r7, &(0x7f0000000400), 0xfffffffffffffef8, 0x0, 0x0, 0x22) bind$bt_l2cap(r2, &(0x7f0000000280)={0x1f, 0x1000, {0x2, 0x8, 0x9, 0xff, 0x40, 0x65f}, 0x5, 0xa1}, 0xe) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000200)={r3, &(0x7f0000000140)="b127e17bb4729bdbe9df3309c28cfe1b0b69a52b7f9659d9f5e15f2d086700eb94d66d46780f09e48850970774d57053aa6f75", 0x0, 0x1}, 0x20) socket$alg(0x26, 0x5, 0x0) recvmmsg(r7, &(0x7f0000009140)=[{{&(0x7f0000001580)=@in={0x2, 0x0, @dev}, 0x80, &(0x7f0000004840)=[{&(0x7f0000003840)=""/4096, 0x6}, {&(0x7f0000001600)=""/129, 0x7fffeffa}], 0x2, &(0x7f00000048c0)=""/58, 0x3a}}], 0x1, 0x0, &(0x7f0000009340)={0x0, 0x989680}) ioctl$sock_SIOCBRDELBR(r4, 0x89a1, &(0x7f0000000180)='bcsf0\x00\x00\x00\x00\x00\x00\x00\x11\x00') getsockopt$bt_rfcomm_RFCOMM_LM(r3, 0x12, 0x3, &(0x7f0000000380), &(0x7f0000000240)=0x293) sendmsg$nl_xfrm(r0, &(0x7f0000000100)={&(0x7f0000f4dff4), 0xc, &(0x7f0000000040)={&(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000c011100"], 0x1}}, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000600)={'bridge0\x00'}) [ 1225.504374][ T8063] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 1225.562207][ T8063] CPU: 1 PID: 8063 Comm: syz-executor.4 Not tainted 5.1.0-rc1-next-20190319 #6 [ 1225.571180][ T8063] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1225.581246][ T8063] Call Trace: [ 1225.584549][ T8063] dump_stack+0x172/0x1f0 [ 1225.588896][ T8063] dump_header+0x10f/0xb6c [ 1225.593346][ T8063] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1225.599169][ T8063] ? ___ratelimit+0x60/0x595 [ 1225.603776][ T8063] ? do_raw_spin_unlock+0x57/0x270 [ 1225.609077][ T8063] oom_kill_process.cold+0x10/0x15 [ 1225.614216][ T8063] out_of_memory+0x79a/0x1280 [ 1225.618906][ T8063] ? lock_downgrade+0x880/0x880 [ 1225.623779][ T8063] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1225.630036][ T8063] ? oom_killer_disable+0x280/0x280 [ 1225.635242][ T8063] ? find_held_lock+0x35/0x130 [ 1225.640033][ T8063] mem_cgroup_out_of_memory+0x1ca/0x230 [ 1225.645591][ T8063] ? memcg_event_wake+0x230/0x230 [ 1225.650634][ T8063] ? do_raw_spin_unlock+0x57/0x270 [ 1225.655763][ T8063] ? _raw_spin_unlock+0x2d/0x50 [ 1225.660633][ T8063] try_charge+0x118d/0x1790 [ 1225.665174][ T8063] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1225.670740][ T8063] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1225.676997][ T8063] ? kasan_check_read+0x11/0x20 [ 1225.681864][ T8063] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1225.687440][ T8063] mem_cgroup_try_charge+0x24d/0x5e0 [ 1225.692749][ T8063] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1225.698401][ T8063] __handle_mm_fault+0x1e1f/0x3ec0 [ 1225.703534][ T8063] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1225.709090][ T8063] ? find_held_lock+0x35/0x130 [ 1225.713869][ T8063] ? handle_mm_fault+0x322/0xb30 [ 1225.718839][ T8063] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1225.725093][ T8063] ? kasan_check_read+0x11/0x20 [ 1225.729965][ T8063] handle_mm_fault+0x43f/0xb30 [ 1225.734781][ T8063] __get_user_pages+0x7b6/0x1a40 [ 1225.739745][ T8063] ? follow_page_mask+0x19a0/0x19a0 [ 1225.744962][ T8063] ? perf_trace_lock+0xeb/0x510 [ 1225.749829][ T8063] ? __vma_adjust+0x1840/0x1840 [ 1225.754708][ T8063] ? lock_acquire+0x16f/0x3f0 [ 1225.759396][ T8063] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1225.765658][ T8063] populate_vma_page_range+0x20d/0x2a0 [ 1225.771132][ T8063] __mm_populate+0x204/0x380 [ 1225.775713][ T8063] ? populate_vma_page_range+0x2a0/0x2a0 [ 1225.781338][ T8063] __x64_sys_mlockall+0x35c/0x520 [ 1225.786363][ T8063] do_syscall_64+0x103/0x610 [ 1225.790945][ T8063] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1225.796823][ T8063] RIP: 0033:0x458079 [ 1225.800716][ T8063] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1225.820303][ T8063] RSP: 002b:00007fa3c5772c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 1225.828706][ T8063] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000458079 [ 1225.836658][ T8063] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 1225.844614][ T8063] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1225.852582][ T8063] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa3c57736d4 [ 1225.860562][ T8063] R13: 00000000004c3d3a R14: 00000000004d6f20 R15: 00000000ffffffff [ 1225.896047][ T8063] memory: usage 307200kB, limit 307200kB, failcnt 602 [ 1225.903239][ T8063] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1225.910903][ T8063] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1225.917759][ T8063] Memory cgroup stats for /syz4: cache:0KB rss:278968KB rss_huge:18432KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:235456KB active_anon:27412KB inactive_file:4KB active_file:0KB unevictable:16324KB [ 1225.948009][ T8063] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=8062,uid=0 [ 1225.963696][ T8063] Memory cgroup out of memory: Killed process 8062 (syz-executor.4) total-vm:72448kB, anon-rss:16280kB, file-rss:37164kB, shmem-rss:0kB [ 1225.978311][ T1043] oom_reaper: reaped process 8062 (syz-executor.4), now anon-rss:16328kB, file-rss:37944kB, shmem-rss:0kB [ 1226.160668][ C0] net_ratelimit: 16 callbacks suppressed [ 1226.160677][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1226.172227][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1226.321602][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1226.327374][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1227.120694][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1227.126487][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1227.132278][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1227.138008][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1227.143786][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1227.149522][ C1] protocol 88fb is buggy, dev hsr_slave_1 03:42:14 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f000080e000)={0x2, 0xe, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0xffffff80, 0x0, @in6}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0x60}, 0x1, 0x0, 0x0, 0x0}, 0x0) 03:42:14 executing program 0: r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000), 0x1c) r1 = socket$packet(0x11, 0x3, 0x300) recvmmsg(r1, &(0x7f0000000300), 0x4, 0x0, 0x0) setsockopt$packet_int(r1, 0x107, 0x8, &(0x7f0000000040)=0x100, 0x4) sendmmsg(r0, &(0x7f00000092c0), 0x4000000000001b9, 0x0) 03:42:14 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000440), 0x132224) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() setsockopt$IPT_SO_SET_REPLACE(r1, 0x0, 0x40, &(0x7f00000000c0)=ANY=[], 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) wait4(0x0, 0x0, 0x0, 0x0) tkill(r2, 0x3c) 03:42:14 executing program 1: r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000a40)='xugetl\x04\x00\x00\x00\x00\x00\x00\x00age_ir_Z\xa2\xf4es\x00', 0x275a, 0x0) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000980)={r1, &(0x7f0000000800)="ab39524c6533fce2ec7386e3871297701c01494a930fce54aa6150d3acdf7460b855374e19b68de3d1ca660d8d6d631ecf1fd735d5dc6efdf9e56b1b55a0783abf6310", 0x0, 0x2}, 0x20) write$cgroup_int(r1, &(0x7f0000000000), 0xffffff6a) ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, 0x0) r2 = gettid() getsockopt$inet6_IPV6_IPSEC_POLICY(r1, 0x29, 0x22, &(0x7f0000000700)={{{@in6=@initdev, @in6=@ipv4={[], [], @initdev}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@remote}, 0x0, @in6=@mcast2}}, &(0x7f0000000040)=0xe8) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000180)={0x0, 0x0, 0x0}, &(0x7f0000000440)=0xc) setsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000500)={r2, r3, r4}, 0xc) r5 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r5, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r6 = socket$inet_udplite(0x2, 0x2, 0x88) socket$inet6(0xa, 0x2, 0x0) getsockopt$IP_VS_SO_GET_DESTS(r6, 0x0, 0x484, &(0x7f0000000600)=""/133, &(0x7f0000000400)=0x85) 03:42:14 executing program 5: socket$inet_sctp(0x2, 0x5, 0x84) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f00000003c0)=ANY=[@ANYBLOB="7cdaf117ad949c33f5436f8e61287af40e63e6559df00e1c92e3892c4c1cde1e61dc755864675bb0084e5e8ed007ed531d2e2cbd9c775f9e6d807d11e9e6c7c13e9b9937"], 0x0) r1 = socket(0xa, 0x3, 0x5) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'bridge0\x00\x00\x01\x00'}) setsockopt$ARPT_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x0, 0x61, &(0x7f0000000080)={'filter\x00', 0x4}, 0x68) setsockopt$inet6_mtu(r1, 0x29, 0x17, &(0x7f00000001c0)=0x2, 0x4) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8923, &(0x7f0000000040)={'bridge0\x00', 0xfffffffffffffffd}) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) socket$inet(0x2, 0x4000000000000001, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCBRADDBR(r4, 0x89a0, &(0x7f00000000c0)='bcsf0\x00') setsockopt$inet6_mtu(r3, 0x29, 0x17, &(0x7f00000002c0)=0x7, 0x4) r5 = socket$alg(0x26, 0x5, 0x0) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r2, 0x84, 0x7c, &(0x7f0000000680)={0x0, 0x4}, &(0x7f00000006c0)=0x8) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f0000000700)={0x0, 0x0, 0x2, 0x1, r6}, 0x10) r7 = accept4(r5, 0x0, &(0x7f0000000000), 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000100), 0x0) r8 = syz_genetlink_get_family_id$nbd(&(0x7f0000000740)='nbd\x00') sendmsg$NBD_CMD_STATUS(r4, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)={0x20, r8, 0x20, 0x70bd27, 0x25dfdbfd, {}, [@NBD_ATTR_TIMEOUT={0xc, 0x4, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x4000) sendto$unix(r7, &(0x7f0000000400), 0xfffffffffffffef8, 0x0, 0x0, 0x22) bind$bt_l2cap(r2, &(0x7f0000000280)={0x1f, 0x1000, {0x2, 0x8, 0x9, 0xff, 0x40, 0x65f}, 0x5, 0xa1}, 0xe) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000200)={r3, &(0x7f0000000140)="b127e17bb4729bdbe9df3309c28cfe1b0b69a52b7f9659d9f5e15f2d086700eb94d66d46780f09e48850970774d57053aa6f75", 0x0, 0x1}, 0x20) socket$alg(0x26, 0x5, 0x0) recvmmsg(r7, &(0x7f0000009140)=[{{&(0x7f0000001580)=@in={0x2, 0x0, @dev}, 0x80, &(0x7f0000004840)=[{&(0x7f0000003840)=""/4096, 0x6}, {&(0x7f0000001600)=""/129, 0x7fffeffa}], 0x2, &(0x7f00000048c0)=""/58, 0x3a}}], 0x1, 0x0, &(0x7f0000009340)={0x0, 0x989680}) ioctl$sock_SIOCBRDELBR(r4, 0x89a1, &(0x7f0000000180)='bcsf0\x00\x00\x00\x00\x00\x00\x00\x11\x00') getsockopt$bt_rfcomm_RFCOMM_LM(r3, 0x12, 0x3, &(0x7f0000000380), &(0x7f0000000240)=0x293) sendmsg$nl_xfrm(r0, &(0x7f0000000100)={&(0x7f0000f4dff4), 0xc, &(0x7f0000000040)={&(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000c011100"], 0x1}}, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000600)={'bridge0\x00'}) 03:42:14 executing program 4: socketpair$unix(0x1, 0x0, 0x0, 0x0) r0 = creat(0x0, 0x0) r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_STATUS(r0, 0xc05c5340, &(0x7f0000000200)={0xff, 0x9, 0xff, {}, 0x2, 0x1}) mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x0, 0x6031, 0xffffffffffffffff, 0x0) fcntl$dupfd(r2, 0x406, r1) [ 1227.887390][ T8108] IPVS: length: 133 != 24 03:42:14 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f000080e000)={0x2, 0xe, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0xffffff80, 0x0, @in6}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0x60}, 0x1, 0x0, 0x0, 0x0}, 0x0) 03:42:14 executing program 5: socket$inet_sctp(0x2, 0x5, 0x84) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f00000003c0)=ANY=[@ANYBLOB="7cdaf117ad949c33f5436f8e61287af40e63e6559df00e1c92e3892c4c1cde1e61dc755864675bb0084e5e8ed007ed531d2e2cbd9c775f9e6d807d11e9e6c7c13e9b9937"], 0x0) r1 = socket(0xa, 0x3, 0x5) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'bridge0\x00\x00\x01\x00'}) setsockopt$ARPT_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x0, 0x61, &(0x7f0000000080)={'filter\x00', 0x4}, 0x68) setsockopt$inet6_mtu(r1, 0x29, 0x17, &(0x7f00000001c0)=0x2, 0x4) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8923, &(0x7f0000000040)={'bridge0\x00', 0xfffffffffffffffd}) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) socket$inet(0x2, 0x4000000000000001, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCBRADDBR(r4, 0x89a0, &(0x7f00000000c0)='bcsf0\x00') setsockopt$inet6_mtu(r3, 0x29, 0x17, &(0x7f00000002c0)=0x7, 0x4) bind$alg(0xffffffffffffffff, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(tnepres)\x00'}, 0x58) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r2, 0x84, 0x7c, &(0x7f0000000680)={0x0, 0x4}, &(0x7f00000006c0)=0x8) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f0000000700)={0x0, 0x0, 0x2, 0x1, r5}, 0x10) r6 = accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000100), 0x0) r7 = syz_genetlink_get_family_id$nbd(&(0x7f0000000740)='nbd\x00') sendmsg$NBD_CMD_STATUS(r4, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)={0x20, r7, 0x20, 0x70bd27, 0x25dfdbfd, {}, [@NBD_ATTR_TIMEOUT={0xc, 0x4, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x4000) sendto$unix(r6, &(0x7f0000000400), 0xfffffffffffffef8, 0x0, 0x0, 0x22) bind$bt_l2cap(r2, &(0x7f0000000280)={0x1f, 0x1000, {0x2, 0x8, 0x9, 0xff, 0x40, 0x65f}, 0x5, 0xa1}, 0xe) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000200)={r3, &(0x7f0000000140)="b127e17bb4729bdbe9df3309c28cfe1b0b69a52b7f9659d9f5e15f2d086700eb94d66d46780f09e48850970774d57053aa6f75", 0x0, 0x1}, 0x20) socket$alg(0x26, 0x5, 0x0) recvmmsg(r6, &(0x7f0000009140)=[{{&(0x7f0000001580)=@in={0x2, 0x0, @dev}, 0x80, &(0x7f0000004840)=[{&(0x7f0000003840)=""/4096, 0x6}, {&(0x7f0000001600)=""/129, 0x7fffeffa}], 0x2, &(0x7f00000048c0)=""/58, 0x3a}}], 0x1, 0x0, &(0x7f0000009340)={0x0, 0x989680}) ioctl$sock_SIOCBRDELBR(r4, 0x89a1, &(0x7f0000000180)='bcsf0\x00\x00\x00\x00\x00\x00\x00\x11\x00') getsockopt$bt_rfcomm_RFCOMM_LM(r3, 0x12, 0x3, &(0x7f0000000380), &(0x7f0000000240)=0x293) sendmsg$nl_xfrm(r0, &(0x7f0000000100)={&(0x7f0000f4dff4), 0xc, &(0x7f0000000040)={&(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000c011100"], 0x1}}, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000600)={'bridge0\x00'}) 03:42:14 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f000080e000)={0x2, 0xe, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0xffffff80, 0x0, @in6}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0x60}, 0x1, 0x0, 0x0, 0x0}, 0x0) 03:42:14 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f000080e000)={0x2, 0xe, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0xffffff80, 0x0, @in6}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0x60}, 0x1, 0x0, 0x0, 0x0}, 0x0) 03:42:14 executing program 5: socket$inet_sctp(0x2, 0x5, 0x84) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f00000003c0)=ANY=[@ANYBLOB="7cdaf117ad949c33f5436f8e61287af40e63e6559df00e1c92e3892c4c1cde1e61dc755864675bb0084e5e8ed007ed531d2e2cbd9c775f9e6d807d11e9e6c7c13e9b9937"], 0x0) r1 = socket(0xa, 0x3, 0x5) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'bridge0\x00\x00\x01\x00'}) setsockopt$ARPT_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x0, 0x61, &(0x7f0000000080)={'filter\x00', 0x4}, 0x68) setsockopt$inet6_mtu(r1, 0x29, 0x17, &(0x7f00000001c0)=0x2, 0x4) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8923, &(0x7f0000000040)={'bridge0\x00', 0xfffffffffffffffd}) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) socket$inet(0x2, 0x4000000000000001, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCBRADDBR(r4, 0x89a0, &(0x7f00000000c0)='bcsf0\x00') setsockopt$inet6_mtu(r3, 0x29, 0x17, &(0x7f00000002c0)=0x7, 0x4) bind$alg(0xffffffffffffffff, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(tnepres)\x00'}, 0x58) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r2, 0x84, 0x7c, &(0x7f0000000680)={0x0, 0x4}, &(0x7f00000006c0)=0x8) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f0000000700)={0x0, 0x0, 0x2, 0x1, r5}, 0x10) r6 = accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000100), 0x0) r7 = syz_genetlink_get_family_id$nbd(&(0x7f0000000740)='nbd\x00') sendmsg$NBD_CMD_STATUS(r4, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)={0x20, r7, 0x20, 0x70bd27, 0x25dfdbfd, {}, [@NBD_ATTR_TIMEOUT={0xc, 0x4, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x4000) sendto$unix(r6, &(0x7f0000000400), 0xfffffffffffffef8, 0x0, 0x0, 0x22) bind$bt_l2cap(r2, &(0x7f0000000280)={0x1f, 0x1000, {0x2, 0x8, 0x9, 0xff, 0x40, 0x65f}, 0x5, 0xa1}, 0xe) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000200)={r3, &(0x7f0000000140)="b127e17bb4729bdbe9df3309c28cfe1b0b69a52b7f9659d9f5e15f2d086700eb94d66d46780f09e48850970774d57053aa6f75", 0x0, 0x1}, 0x20) socket$alg(0x26, 0x5, 0x0) recvmmsg(r6, &(0x7f0000009140)=[{{&(0x7f0000001580)=@in={0x2, 0x0, @dev}, 0x80, &(0x7f0000004840)=[{&(0x7f0000003840)=""/4096, 0x6}, {&(0x7f0000001600)=""/129, 0x7fffeffa}], 0x2, &(0x7f00000048c0)=""/58, 0x3a}}], 0x1, 0x0, &(0x7f0000009340)={0x0, 0x989680}) ioctl$sock_SIOCBRDELBR(r4, 0x89a1, &(0x7f0000000180)='bcsf0\x00\x00\x00\x00\x00\x00\x00\x11\x00') getsockopt$bt_rfcomm_RFCOMM_LM(r3, 0x12, 0x3, &(0x7f0000000380), &(0x7f0000000240)=0x293) sendmsg$nl_xfrm(r0, &(0x7f0000000100)={&(0x7f0000f4dff4), 0xc, &(0x7f0000000040)={&(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000c011100"], 0x1}}, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000600)={'bridge0\x00'}) [ 1228.517171][ T8096] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 1228.570878][ T8096] CPU: 0 PID: 8096 Comm: syz-executor.4 Not tainted 5.1.0-rc1-next-20190319 #6 [ 1228.579866][ T8096] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1228.589937][ T8096] Call Trace: [ 1228.593239][ T8096] dump_stack+0x172/0x1f0 [ 1228.597574][ T8096] dump_header+0x10f/0xb6c [ 1228.601992][ T8096] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1228.607796][ T8096] ? ___ratelimit+0x60/0x595 [ 1228.612381][ T8096] ? do_raw_spin_unlock+0x57/0x270 [ 1228.617493][ T8096] oom_kill_process.cold+0x10/0x15 [ 1228.622603][ T8096] out_of_memory+0x79a/0x1280 [ 1228.627281][ T8096] ? lock_downgrade+0x880/0x880 [ 1228.632129][ T8096] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1228.638366][ T8096] ? oom_killer_disable+0x280/0x280 [ 1228.643560][ T8096] ? find_held_lock+0x35/0x130 [ 1228.648333][ T8096] mem_cgroup_out_of_memory+0x1ca/0x230 [ 1228.653880][ T8096] ? memcg_event_wake+0x230/0x230 [ 1228.658924][ T8096] ? do_raw_spin_unlock+0x57/0x270 [ 1228.664051][ T8096] ? _raw_spin_unlock+0x2d/0x50 [ 1228.668903][ T8096] try_charge+0x118d/0x1790 [ 1228.673421][ T8096] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1228.678971][ T8096] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1228.685216][ T8096] ? kasan_check_read+0x11/0x20 [ 1228.690074][ T8096] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1228.695621][ T8096] mem_cgroup_try_charge+0x24d/0x5e0 [ 1228.700920][ T8096] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1228.706553][ T8096] __handle_mm_fault+0x1e1f/0x3ec0 [ 1228.711668][ T8096] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1228.717213][ T8096] ? find_held_lock+0x35/0x130 [ 1228.721988][ T8096] ? handle_mm_fault+0x322/0xb30 [ 1228.726941][ T8096] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1228.733183][ T8096] ? kasan_check_read+0x11/0x20 [ 1228.738041][ T8096] handle_mm_fault+0x43f/0xb30 [ 1228.742813][ T8096] __get_user_pages+0x7b6/0x1a40 [ 1228.747764][ T8096] ? follow_page_mask+0x19a0/0x19a0 [ 1228.752962][ T8096] ? perf_trace_lock+0xeb/0x510 [ 1228.757856][ T8096] ? __vma_adjust+0x1840/0x1840 [ 1228.762713][ T8096] ? lock_acquire+0x16f/0x3f0 [ 1228.767397][ T8096] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1228.773642][ T8096] populate_vma_page_range+0x20d/0x2a0 [ 1228.779107][ T8096] __mm_populate+0x204/0x380 [ 1228.783700][ T8096] ? populate_vma_page_range+0x2a0/0x2a0 [ 1228.789340][ T8096] __x64_sys_mlockall+0x35c/0x520 [ 1228.794367][ T8096] do_syscall_64+0x103/0x610 [ 1228.798975][ T8096] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1228.804864][ T8096] RIP: 0033:0x458079 [ 1228.808755][ T8096] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1228.828360][ T8096] RSP: 002b:00007fa3c5772c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 1228.836772][ T8096] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000458079 [ 1228.849532][ T8096] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 1228.857498][ T8096] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 03:42:15 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f000080e000)={0x2, 0xe, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0xffffff80, 0x0, @in6}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0x60}, 0x1, 0x0, 0x0, 0x0}, 0x0) [ 1228.865466][ T8096] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa3c57736d4 [ 1228.873454][ T8096] R13: 00000000004c3d3a R14: 00000000004d6f20 R15: 00000000ffffffff 03:42:15 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x8, 0x4, &(0x7f0000000000)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0xffffffbd}, [@ldst={0x3, 0x0, 0x3, 0x1c10a1}]}, 0x0, 0x5, 0xc3, &(0x7f000000cf3d)=""/195}, 0x48) [ 1228.950669][ T8096] memory: usage 307200kB, limit 307200kB, failcnt 634 [ 1228.957596][ T8096] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 03:42:15 executing program 1: r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000a40)='xugetl\x04\x00\x00\x00\x00\x00\x00\x00age_ir_Z\xa2\xf4es\x00', 0x275a, 0x0) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000980)={r1, &(0x7f0000000800)="ab39524c6533fce2ec7386e3871297701c01494a930fce54aa6150d3acdf7460b855374e19b68de3d1ca660d8d6d631ecf1fd735d5dc6efdf9e56b1b55a0783abf6310", 0x0, 0x2}, 0x20) write$cgroup_int(r1, &(0x7f0000000000), 0xffffff6a) ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, 0x0) r2 = gettid() getsockopt$inet6_IPV6_IPSEC_POLICY(r1, 0x29, 0x22, &(0x7f0000000700)={{{@in6=@initdev, @in6=@ipv4={[], [], @initdev}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@remote}, 0x0, @in6=@mcast2}}, &(0x7f0000000040)=0xe8) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000180)={0x0, 0x0, 0x0}, &(0x7f0000000440)=0xc) setsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000500)={r2, r3, r4}, 0xc) r5 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r5, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r6 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$IP_VS_SO_GET_DESTS(r6, 0x0, 0x484, &(0x7f0000000600)=""/133, &(0x7f0000000400)=0x85) [ 1229.016431][ T8096] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1229.094473][ T8096] Memory cgroup stats for /syz4: cache:0KB rss:279124KB rss_huge:18432KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:235456KB active_anon:27412KB inactive_file:4KB active_file:0KB unevictable:16412KB 03:42:15 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000440), 0x132224) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() setsockopt$IPT_SO_SET_REPLACE(r1, 0x0, 0x40, &(0x7f00000000c0)=ANY=[], 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) wait4(0x0, 0x0, 0x0, 0x0) tkill(r2, 0x3c) 03:42:15 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f000080e000)={0x2, 0xe, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0xffffff80, 0x0, @in6}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0x60}, 0x1, 0x0, 0x0, 0x0}, 0x0) 03:42:15 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)={0x13, 0x10, 0x3}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x5, &(0x7f00000003c0)=@framed={{0x18, 0x10000000, 0xfe030000, 0x0, 0x0, 0x7a00000000000000, 0x0, 0x1000000}, [@map={0x18, 0x2, 0x1, 0x0, r1}]}, &(0x7f0000000440)='syzkalle%\x00', 0x6, 0x21a, &(0x7f00000000c0)=""/144}, 0x48) [ 1229.244443][ T8096] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=8095,uid=0 [ 1229.295110][ T8152] IPVS: length: 133 != 24 [ 1229.448803][ T8096] Memory cgroup out of memory: Killed process 8095 (syz-executor.4) total-vm:72448kB, anon-rss:16280kB, file-rss:37164kB, shmem-rss:0kB [ 1229.472842][ T1043] oom_reaper: reaped process 8095 (syz-executor.4), now anon-rss:16328kB, file-rss:37944kB, shmem-rss:0kB 03:42:16 executing program 4: socketpair$unix(0x1, 0x0, 0x0, 0x0) r0 = creat(0x0, 0x0) r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_STATUS(r0, 0xc05c5340, &(0x7f0000000200)={0xff, 0x9, 0xff, {}, 0x2, 0x1}) mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x0, 0x6031, 0xffffffffffffffff, 0x0) fcntl$dupfd(r2, 0x406, r1) 03:42:16 executing program 5: socket$inet_sctp(0x2, 0x5, 0x84) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f00000003c0)=ANY=[@ANYBLOB="7cdaf117ad949c33f5436f8e61287af40e63e6559df00e1c92e3892c4c1cde1e61dc755864675bb0084e5e8ed007ed531d2e2cbd9c775f9e6d807d11e9e6c7c13e9b9937"], 0x0) r1 = socket(0xa, 0x3, 0x5) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'bridge0\x00\x00\x01\x00'}) setsockopt$ARPT_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x0, 0x61, &(0x7f0000000080)={'filter\x00', 0x4}, 0x68) setsockopt$inet6_mtu(r1, 0x29, 0x17, &(0x7f00000001c0)=0x2, 0x4) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8923, &(0x7f0000000040)={'bridge0\x00', 0xfffffffffffffffd}) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) socket$inet(0x2, 0x4000000000000001, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCBRADDBR(r4, 0x89a0, &(0x7f00000000c0)='bcsf0\x00') setsockopt$inet6_mtu(r3, 0x29, 0x17, &(0x7f00000002c0)=0x7, 0x4) bind$alg(0xffffffffffffffff, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(tnepres)\x00'}, 0x58) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r2, 0x84, 0x7c, &(0x7f0000000680)={0x0, 0x4}, &(0x7f00000006c0)=0x8) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f0000000700)={0x0, 0x0, 0x2, 0x1, r5}, 0x10) r6 = accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000100), 0x0) r7 = syz_genetlink_get_family_id$nbd(&(0x7f0000000740)='nbd\x00') sendmsg$NBD_CMD_STATUS(r4, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)={0x20, r7, 0x20, 0x70bd27, 0x25dfdbfd, {}, [@NBD_ATTR_TIMEOUT={0xc, 0x4, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x4000) sendto$unix(r6, &(0x7f0000000400), 0xfffffffffffffef8, 0x0, 0x0, 0x22) bind$bt_l2cap(r2, &(0x7f0000000280)={0x1f, 0x1000, {0x2, 0x8, 0x9, 0xff, 0x40, 0x65f}, 0x5, 0xa1}, 0xe) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000200)={r3, &(0x7f0000000140)="b127e17bb4729bdbe9df3309c28cfe1b0b69a52b7f9659d9f5e15f2d086700eb94d66d46780f09e48850970774d57053aa6f75", 0x0, 0x1}, 0x20) socket$alg(0x26, 0x5, 0x0) recvmmsg(r6, &(0x7f0000009140)=[{{&(0x7f0000001580)=@in={0x2, 0x0, @dev}, 0x80, &(0x7f0000004840)=[{&(0x7f0000003840)=""/4096, 0x6}, {&(0x7f0000001600)=""/129, 0x7fffeffa}], 0x2, &(0x7f00000048c0)=""/58, 0x3a}}], 0x1, 0x0, &(0x7f0000009340)={0x0, 0x989680}) ioctl$sock_SIOCBRDELBR(r4, 0x89a1, &(0x7f0000000180)='bcsf0\x00\x00\x00\x00\x00\x00\x00\x11\x00') getsockopt$bt_rfcomm_RFCOMM_LM(r3, 0x12, 0x3, &(0x7f0000000380), &(0x7f0000000240)=0x293) sendmsg$nl_xfrm(r0, &(0x7f0000000100)={&(0x7f0000f4dff4), 0xc, &(0x7f0000000040)={&(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000c011100"], 0x1}}, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000600)={'bridge0\x00'}) 03:42:16 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f000080e000)={0x2, 0xe, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0xffffff80, 0x0, @in6}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0x60}, 0x1, 0x0, 0x0, 0x0}, 0x0) 03:42:16 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)={0x13, 0x10, 0x3}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x5, &(0x7f00000003c0)=@framed={{0x18, 0x10000000, 0xfe030000, 0x0, 0x0, 0x7a00000000000000, 0x0, 0x1000000}, [@map={0x18, 0x2, 0x1, 0x0, r1}]}, &(0x7f0000000440)='syzkalle%\x00', 0x6, 0x21a, &(0x7f00000000c0)=""/144}, 0x48) 03:42:16 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)={0x13, 0x10, 0x3}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x5, &(0x7f00000003c0)=@framed={{0x18, 0x10000000, 0xfe030000, 0x0, 0x0, 0x7a00000000000000, 0x0, 0x1000000}, [@map={0x18, 0x2, 0x1, 0x0, r1}]}, &(0x7f0000000440)='syzkalle%\x00', 0x6, 0x21a, &(0x7f00000000c0)=""/144}, 0x48) 03:42:16 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f000080e000)={0x2, 0xe, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0xffffff80, 0x0, @in6}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0x60}, 0x1, 0x0, 0x0, 0x0}, 0x0) 03:42:16 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) socket$netlink(0x10, 0x3, 0x9) r1 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) ftruncate(r1, 0x200004) sendfile(r0, r1, 0x0, 0x8000ffffffff) ftruncate(r1, 0x0) 03:42:16 executing program 5: socket$inet_sctp(0x2, 0x5, 0x84) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f00000003c0)=ANY=[@ANYBLOB="7cdaf117ad949c33f5436f8e61287af40e63e6559df00e1c92e3892c4c1cde1e61dc755864675bb0084e5e8ed007ed531d2e2cbd9c775f9e6d807d11e9e6c7c13e9b9937"], 0x0) r1 = socket(0xa, 0x3, 0x5) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'bridge0\x00\x00\x01\x00'}) setsockopt$ARPT_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x0, 0x61, &(0x7f0000000080)={'filter\x00', 0x4}, 0x68) setsockopt$inet6_mtu(r1, 0x29, 0x17, &(0x7f00000001c0)=0x2, 0x4) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8923, &(0x7f0000000040)={'bridge0\x00', 0xfffffffffffffffd}) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) socket$inet(0x2, 0x4000000000000001, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCBRADDBR(r4, 0x89a0, &(0x7f00000000c0)='bcsf0\x00') r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(tnepres)\x00'}, 0x58) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r2, 0x84, 0x7c, &(0x7f0000000680)={0x0, 0x4}, &(0x7f00000006c0)=0x8) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f0000000700)={0x0, 0x0, 0x2, 0x1, r6}, 0x10) r7 = accept4(r5, 0x0, &(0x7f0000000000), 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000100), 0x0) r8 = syz_genetlink_get_family_id$nbd(&(0x7f0000000740)='nbd\x00') sendmsg$NBD_CMD_STATUS(r4, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)={0x20, r8, 0x20, 0x70bd27, 0x25dfdbfd, {}, [@NBD_ATTR_TIMEOUT={0xc, 0x4, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x4000) sendto$unix(r7, &(0x7f0000000400), 0xfffffffffffffef8, 0x0, 0x0, 0x22) bind$bt_l2cap(r2, &(0x7f0000000280)={0x1f, 0x1000, {0x2, 0x8, 0x9, 0xff, 0x40, 0x65f}, 0x5, 0xa1}, 0xe) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000200)={r3, &(0x7f0000000140)="b127e17bb4729bdbe9df3309c28cfe1b0b69a52b7f9659d9f5e15f2d086700eb94d66d46780f09e48850970774d57053aa6f75", 0x0, 0x1}, 0x20) socket$alg(0x26, 0x5, 0x0) recvmmsg(r7, &(0x7f0000009140)=[{{&(0x7f0000001580)=@in={0x2, 0x0, @dev}, 0x80, &(0x7f0000004840)=[{&(0x7f0000003840)=""/4096, 0x6}, {&(0x7f0000001600)=""/129, 0x7fffeffa}], 0x2, &(0x7f00000048c0)=""/58, 0x3a}}], 0x1, 0x0, &(0x7f0000009340)={0x0, 0x989680}) ioctl$sock_SIOCBRDELBR(r4, 0x89a1, &(0x7f0000000180)='bcsf0\x00\x00\x00\x00\x00\x00\x00\x11\x00') getsockopt$bt_rfcomm_RFCOMM_LM(r3, 0x12, 0x3, &(0x7f0000000380), &(0x7f0000000240)=0x293) sendmsg$nl_xfrm(r0, &(0x7f0000000100)={&(0x7f0000f4dff4), 0xc, &(0x7f0000000040)={&(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000c011100"], 0x1}}, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000600)={'bridge0\x00'}) 03:42:16 executing program 1: r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000a40)='xugetl\x04\x00\x00\x00\x00\x00\x00\x00age_ir_Z\xa2\xf4es\x00', 0x275a, 0x0) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000980)={r1, &(0x7f0000000800)="ab39524c6533fce2ec7386e3871297701c01494a930fce54aa6150d3acdf7460b855374e19b68de3d1ca660d8d6d631ecf1fd735d5dc6efdf9e56b1b55a0783abf6310", 0x0, 0x2}, 0x20) write$cgroup_int(r1, &(0x7f0000000000), 0xffffff6a) ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, 0x0) r2 = gettid() getsockopt$inet6_IPV6_IPSEC_POLICY(r1, 0x29, 0x22, &(0x7f0000000700)={{{@in6=@initdev, @in6=@ipv4={[], [], @initdev}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@remote}, 0x0, @in6=@mcast2}}, &(0x7f0000000040)=0xe8) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000180)={0x0, 0x0, 0x0}, &(0x7f0000000440)=0xc) setsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000500)={r2, r3, r4}, 0xc) r5 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r5, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") getsockopt$IP_VS_SO_GET_DESTS(0xffffffffffffffff, 0x0, 0x484, &(0x7f0000000600)=""/133, &(0x7f0000000400)=0x85) [ 1230.278938][ T8166] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 1230.303125][ T8166] CPU: 0 PID: 8166 Comm: syz-executor.4 Not tainted 5.1.0-rc1-next-20190319 #6 [ 1230.312181][ T8166] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1230.322241][ T8166] Call Trace: [ 1230.325538][ T8166] dump_stack+0x172/0x1f0 [ 1230.329871][ T8166] dump_header+0x10f/0xb6c [ 1230.334291][ T8166] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1230.340100][ T8166] ? ___ratelimit+0x60/0x595 [ 1230.344688][ T8166] ? do_raw_spin_unlock+0x57/0x270 [ 1230.349802][ T8166] oom_kill_process.cold+0x10/0x15 [ 1230.354921][ T8166] out_of_memory+0x79a/0x1280 [ 1230.359603][ T8166] ? lock_downgrade+0x880/0x880 [ 1230.364451][ T8166] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1230.370693][ T8166] ? oom_killer_disable+0x280/0x280 [ 1230.375886][ T8166] ? find_held_lock+0x35/0x130 [ 1230.380665][ T8166] mem_cgroup_out_of_memory+0x1ca/0x230 [ 1230.386226][ T8166] ? memcg_event_wake+0x230/0x230 [ 1230.391258][ T8166] ? do_raw_spin_unlock+0x57/0x270 [ 1230.396376][ T8166] ? _raw_spin_unlock+0x2d/0x50 [ 1230.401316][ T8166] try_charge+0x118d/0x1790 [ 1230.405831][ T8166] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1230.411378][ T8166] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1230.417618][ T8166] ? kasan_check_read+0x11/0x20 [ 1230.422491][ T8166] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1230.428043][ T8166] mem_cgroup_try_charge+0x24d/0x5e0 [ 1230.433335][ T8166] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1230.438984][ T8166] __handle_mm_fault+0x1e1f/0x3ec0 [ 1230.444101][ T8166] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1230.449645][ T8166] ? find_held_lock+0x35/0x130 [ 1230.454411][ T8166] ? handle_mm_fault+0x322/0xb30 [ 1230.459359][ T8166] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1230.465601][ T8166] ? kasan_check_read+0x11/0x20 [ 1230.470455][ T8166] handle_mm_fault+0x43f/0xb30 [ 1230.475227][ T8166] __get_user_pages+0x7b6/0x1a40 [ 1230.480175][ T8166] ? follow_page_mask+0x19a0/0x19a0 [ 1230.485378][ T8166] ? perf_trace_lock+0xeb/0x510 [ 1230.490228][ T8166] ? __vma_adjust+0x1840/0x1840 [ 1230.495090][ T8166] ? lock_acquire+0x16f/0x3f0 [ 1230.499761][ T8166] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1230.506009][ T8166] populate_vma_page_range+0x20d/0x2a0 [ 1230.511473][ T8166] __mm_populate+0x204/0x380 [ 1230.516066][ T8166] ? populate_vma_page_range+0x2a0/0x2a0 [ 1230.521708][ T8166] __x64_sys_mlockall+0x35c/0x520 [ 1230.526752][ T8166] do_syscall_64+0x103/0x610 [ 1230.531350][ T8166] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1230.537236][ T8166] RIP: 0033:0x458079 [ 1230.541128][ T8166] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1230.560726][ T8166] RSP: 002b:00007fa3c5772c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 1230.569220][ T8166] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000458079 [ 1230.577191][ T8166] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 1230.585184][ T8166] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1230.593157][ T8166] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa3c57736d4 [ 1230.601125][ T8166] R13: 00000000004c3d3a R14: 00000000004d6f20 R15: 00000000ffffffff [ 1230.619526][ T8166] memory: usage 307200kB, limit 307200kB, failcnt 659 [ 1230.628482][ T8166] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1230.644063][ T8166] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1230.651168][ T8166] Memory cgroup stats for /syz4: cache:0KB rss:279272KB rss_huge:18432KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:235456KB active_anon:27412KB inactive_file:4KB active_file:0KB unevictable:16568KB [ 1230.680909][ T8166] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=8165,uid=0 [ 1230.704006][ T8166] Memory cgroup out of memory: Killed process 8165 (syz-executor.4) total-vm:72448kB, anon-rss:16544kB, file-rss:37164kB, shmem-rss:0kB [ 1230.726364][ T1043] oom_reaper: reaped process 8165 (syz-executor.4), now anon-rss:16592kB, file-rss:37940kB, shmem-rss:0kB [ 1231.280680][ C1] net_ratelimit: 14 callbacks suppressed [ 1231.286366][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1231.292153][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1231.297983][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1231.303813][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1231.309641][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1231.315445][ C1] protocol 88fb is buggy, dev hsr_slave_1 03:42:18 executing program 0: 03:42:18 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f000080e000)={0x2, 0xe, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0xffffff80, 0x0, @in6}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0x60}}, 0x2) 03:42:18 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000440), 0x132224) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() setsockopt$IPT_SO_SET_REPLACE(r1, 0x0, 0x40, &(0x7f00000000c0)=ANY=[], 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) wait4(0x0, 0x0, 0x0, 0x0) tkill(r2, 0x3c) 03:42:18 executing program 4: socketpair$unix(0x1, 0x0, 0x0, 0x0) r0 = creat(0x0, 0x0) r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_STATUS(r0, 0xc05c5340, &(0x7f0000000200)={0xff, 0x9, 0xff, {}, 0x2, 0x1}) mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x0, 0x6031, 0xffffffffffffffff, 0x0) fcntl$dupfd(r2, 0x406, r1) 03:42:18 executing program 5: socket$inet_sctp(0x2, 0x5, 0x84) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f00000003c0)=ANY=[@ANYBLOB="7cdaf117ad949c33f5436f8e61287af40e63e6559df00e1c92e3892c4c1cde1e61dc755864675bb0084e5e8ed007ed531d2e2cbd9c775f9e6d807d11e9e6c7c13e9b9937"], 0x0) r1 = socket(0xa, 0x3, 0x5) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'bridge0\x00\x00\x01\x00'}) setsockopt$ARPT_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x0, 0x61, &(0x7f0000000080)={'filter\x00', 0x4}, 0x68) setsockopt$inet6_mtu(r1, 0x29, 0x17, &(0x7f00000001c0)=0x2, 0x4) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8923, &(0x7f0000000040)={'bridge0\x00', 0xfffffffffffffffd}) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) socket$inet(0x2, 0x4000000000000001, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCBRADDBR(r4, 0x89a0, &(0x7f00000000c0)='bcsf0\x00') r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(tnepres)\x00'}, 0x58) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r2, 0x84, 0x7c, &(0x7f0000000680)={0x0, 0x4}, &(0x7f00000006c0)=0x8) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f0000000700)={0x0, 0x0, 0x2, 0x1, r6}, 0x10) r7 = accept4(r5, 0x0, &(0x7f0000000000), 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000100), 0x0) r8 = syz_genetlink_get_family_id$nbd(&(0x7f0000000740)='nbd\x00') sendmsg$NBD_CMD_STATUS(r4, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)={0x20, r8, 0x20, 0x70bd27, 0x25dfdbfd, {}, [@NBD_ATTR_TIMEOUT={0xc, 0x4, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x4000) sendto$unix(r7, &(0x7f0000000400), 0xfffffffffffffef8, 0x0, 0x0, 0x22) bind$bt_l2cap(r2, &(0x7f0000000280)={0x1f, 0x1000, {0x2, 0x8, 0x9, 0xff, 0x40, 0x65f}, 0x5, 0xa1}, 0xe) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000200)={r3, &(0x7f0000000140)="b127e17bb4729bdbe9df3309c28cfe1b0b69a52b7f9659d9f5e15f2d086700eb94d66d46780f09e48850970774d57053aa6f75", 0x0, 0x1}, 0x20) socket$alg(0x26, 0x5, 0x0) recvmmsg(r7, &(0x7f0000009140)=[{{&(0x7f0000001580)=@in={0x2, 0x0, @dev}, 0x80, &(0x7f0000004840)=[{&(0x7f0000003840)=""/4096, 0x6}, {&(0x7f0000001600)=""/129, 0x7fffeffa}], 0x2, &(0x7f00000048c0)=""/58, 0x3a}}], 0x1, 0x0, &(0x7f0000009340)={0x0, 0x989680}) ioctl$sock_SIOCBRDELBR(r4, 0x89a1, &(0x7f0000000180)='bcsf0\x00\x00\x00\x00\x00\x00\x00\x11\x00') getsockopt$bt_rfcomm_RFCOMM_LM(r3, 0x12, 0x3, &(0x7f0000000380), &(0x7f0000000240)=0x293) sendmsg$nl_xfrm(r0, &(0x7f0000000100)={&(0x7f0000f4dff4), 0xc, &(0x7f0000000040)={&(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000c011100"], 0x1}}, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000600)={'bridge0\x00'}) 03:42:18 executing program 1: r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000a40)='xugetl\x04\x00\x00\x00\x00\x00\x00\x00age_ir_Z\xa2\xf4es\x00', 0x275a, 0x0) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000980)={r1, &(0x7f0000000800)="ab39524c6533fce2ec7386e3871297701c01494a930fce54aa6150d3acdf7460b855374e19b68de3d1ca660d8d6d631ecf1fd735d5dc6efdf9e56b1b55a0783abf6310", 0x0, 0x2}, 0x20) write$cgroup_int(r1, &(0x7f0000000000), 0xffffff6a) ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, 0x0) r2 = gettid() getsockopt$inet6_IPV6_IPSEC_POLICY(r1, 0x29, 0x22, &(0x7f0000000700)={{{@in6=@initdev, @in6=@ipv4={[], [], @initdev}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@remote}, 0x0, @in6=@mcast2}}, &(0x7f0000000040)=0xe8) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000180)={0x0, 0x0, 0x0}, &(0x7f0000000440)=0xc) setsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000500)={r2, r3, r4}, 0xc) r5 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r5, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") getsockopt$IP_VS_SO_GET_DESTS(0xffffffffffffffff, 0x0, 0x484, &(0x7f0000000600)=""/133, &(0x7f0000000400)=0x85) 03:42:18 executing program 0: 03:42:18 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f000080e000)={0x2, 0xe, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0xffffff80, 0x0, @in6}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0x60}}, 0x4) 03:42:18 executing program 0: 03:42:18 executing program 0: 03:42:19 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f000080e000)={0x2, 0xe, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0xffffff80, 0x0, @in6}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0x60}}, 0x8) [ 1232.560636][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1232.566544][ C1] protocol 88fb is buggy, dev hsr_slave_1 03:42:19 executing program 0: [ 1232.640680][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1232.646569][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1232.742182][ T8202] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 1232.780698][ T8202] CPU: 0 PID: 8202 Comm: syz-executor.4 Not tainted 5.1.0-rc1-next-20190319 #6 [ 1232.789666][ T8202] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1232.799731][ T8202] Call Trace: [ 1232.803035][ T8202] dump_stack+0x172/0x1f0 [ 1232.807384][ T8202] dump_header+0x10f/0xb6c [ 1232.811812][ T8202] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1232.817633][ T8202] ? ___ratelimit+0x60/0x595 [ 1232.822235][ T8202] ? do_raw_spin_unlock+0x57/0x270 [ 1232.827360][ T8202] oom_kill_process.cold+0x10/0x15 [ 1232.832483][ T8202] out_of_memory+0x79a/0x1280 [ 1232.837176][ T8202] ? lock_downgrade+0x880/0x880 [ 1232.846733][ T8202] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1232.852985][ T8202] ? oom_killer_disable+0x280/0x280 [ 1232.858194][ T8202] ? find_held_lock+0x35/0x130 [ 1232.862980][ T8202] mem_cgroup_out_of_memory+0x1ca/0x230 [ 1232.868536][ T8202] ? memcg_event_wake+0x230/0x230 [ 1232.873575][ T8202] ? do_raw_spin_unlock+0x57/0x270 [ 1232.878706][ T8202] ? _raw_spin_unlock+0x2d/0x50 [ 1232.883572][ T8202] try_charge+0x118d/0x1790 [ 1232.888101][ T8202] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1232.893658][ T8202] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1232.899922][ T8202] ? kasan_check_read+0x11/0x20 [ 1232.904788][ T8202] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1232.910362][ T8202] mem_cgroup_try_charge+0x24d/0x5e0 [ 1232.915670][ T8202] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1232.921357][ T8202] __handle_mm_fault+0x1e1f/0x3ec0 [ 1232.926487][ T8202] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1232.932145][ T8202] ? find_held_lock+0x35/0x130 [ 1232.936940][ T8202] ? handle_mm_fault+0x322/0xb30 [ 1232.941907][ T8202] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1232.948170][ T8202] ? sync_mm_rss+0xa4/0x1c0 [ 1232.952706][ T8202] handle_mm_fault+0x43f/0xb30 [ 1232.957489][ T8202] __get_user_pages+0x7b6/0x1a40 [ 1232.962455][ T8202] ? follow_page_mask+0x19a0/0x19a0 [ 1232.967667][ T8202] ? perf_trace_lock+0xeb/0x510 [ 1232.972531][ T8202] ? __vma_adjust+0x1840/0x1840 [ 1232.977400][ T8202] ? lock_acquire+0x16f/0x3f0 [ 1232.982090][ T8202] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1232.988346][ T8202] populate_vma_page_range+0x20d/0x2a0 [ 1232.993822][ T8202] __mm_populate+0x204/0x380 [ 1232.998433][ T8202] ? populate_vma_page_range+0x2a0/0x2a0 [ 1233.004094][ T8202] __x64_sys_mlockall+0x35c/0x520 [ 1233.009583][ T8202] do_syscall_64+0x103/0x610 [ 1233.014203][ T8202] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1233.020104][ T8202] RIP: 0033:0x458079 [ 1233.024010][ T8202] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1233.043622][ T8202] RSP: 002b:00007fa3c5772c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 1233.052041][ T8202] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000458079 [ 1233.060529][ T8202] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 1233.068511][ T8202] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1233.076491][ T8202] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa3c57736d4 [ 1233.084473][ T8202] R13: 00000000004c3d3a R14: 00000000004d6f20 R15: 00000000ffffffff 03:42:19 executing program 0: 03:42:19 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f000080e000)={0x2, 0xe, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0xffffff80, 0x0, @in6}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0x60}}, 0x10) [ 1233.105576][ T8202] memory: usage 307200kB, limit 307200kB, failcnt 683 [ 1233.127621][ T8202] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1233.146592][ T8202] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1233.166008][ T8202] Memory cgroup stats for /syz4: cache:0KB rss:279500KB rss_huge:20480KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:235456KB active_anon:27412KB inactive_file:0KB active_file:0KB unevictable:16756KB [ 1233.188893][ T8202] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=8200,uid=0 [ 1233.204853][ T8202] Memory cgroup out of memory: Killed process 8200 (syz-executor.4) total-vm:72448kB, anon-rss:16744kB, file-rss:37164kB, shmem-rss:0kB [ 1233.220039][ T1043] oom_reaper: reaped process 8200 (syz-executor.4), now anon-rss:16788kB, file-rss:37940kB, shmem-rss:0kB 03:42:21 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000440), 0x132224) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() setsockopt$IPT_SO_SET_REPLACE(r1, 0x0, 0x40, &(0x7f00000000c0)=ANY=[@ANYBLOB], 0x1) ptrace$setopts(0x4206, r2, 0x0, 0x0) wait4(0x0, 0x0, 0x0, 0x0) tkill(r2, 0x3c) 03:42:21 executing program 0: r0 = perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet6(0xa, 0x3, 0xff) ioctl$PERF_EVENT_IOC_REFRESH(r0, 0x2402, 0x10000) connect$inet6(r1, &(0x7f0000000040)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendmmsg(r1, &(0x7f00000002c0), 0x4cc, 0x20007ffc) 03:42:21 executing program 5: socket$inet_sctp(0x2, 0x5, 0x84) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f00000003c0)=ANY=[@ANYBLOB="7cdaf117ad949c33f5436f8e61287af40e63e6559df00e1c92e3892c4c1cde1e61dc755864675bb0084e5e8ed007ed531d2e2cbd9c775f9e6d807d11e9e6c7c13e9b9937"], 0x0) r1 = socket(0xa, 0x3, 0x5) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'bridge0\x00\x00\x01\x00'}) setsockopt$ARPT_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x0, 0x61, &(0x7f0000000080)={'filter\x00', 0x4}, 0x68) setsockopt$inet6_mtu(r1, 0x29, 0x17, &(0x7f00000001c0)=0x2, 0x4) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8923, &(0x7f0000000040)={'bridge0\x00', 0xfffffffffffffffd}) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) socket$inet(0x2, 0x4000000000000001, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCBRADDBR(r4, 0x89a0, &(0x7f00000000c0)='bcsf0\x00') r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(tnepres)\x00'}, 0x58) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r2, 0x84, 0x7c, &(0x7f0000000680)={0x0, 0x4}, &(0x7f00000006c0)=0x8) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f0000000700)={0x0, 0x0, 0x2, 0x1, r6}, 0x10) r7 = accept4(r5, 0x0, &(0x7f0000000000), 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000100), 0x0) r8 = syz_genetlink_get_family_id$nbd(&(0x7f0000000740)='nbd\x00') sendmsg$NBD_CMD_STATUS(r4, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)={0x20, r8, 0x20, 0x70bd27, 0x25dfdbfd, {}, [@NBD_ATTR_TIMEOUT={0xc, 0x4, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x4000) sendto$unix(r7, &(0x7f0000000400), 0xfffffffffffffef8, 0x0, 0x0, 0x22) bind$bt_l2cap(r2, &(0x7f0000000280)={0x1f, 0x1000, {0x2, 0x8, 0x9, 0xff, 0x40, 0x65f}, 0x5, 0xa1}, 0xe) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000200)={r3, &(0x7f0000000140)="b127e17bb4729bdbe9df3309c28cfe1b0b69a52b7f9659d9f5e15f2d086700eb94d66d46780f09e48850970774d57053aa6f75", 0x0, 0x1}, 0x20) socket$alg(0x26, 0x5, 0x0) recvmmsg(r7, &(0x7f0000009140)=[{{&(0x7f0000001580)=@in={0x2, 0x0, @dev}, 0x80, &(0x7f0000004840)=[{&(0x7f0000003840)=""/4096, 0x6}, {&(0x7f0000001600)=""/129, 0x7fffeffa}], 0x2, &(0x7f00000048c0)=""/58, 0x3a}}], 0x1, 0x0, &(0x7f0000009340)={0x0, 0x989680}) ioctl$sock_SIOCBRDELBR(r4, 0x89a1, &(0x7f0000000180)='bcsf0\x00\x00\x00\x00\x00\x00\x00\x11\x00') getsockopt$bt_rfcomm_RFCOMM_LM(r3, 0x12, 0x3, &(0x7f0000000380), &(0x7f0000000240)=0x293) sendmsg$nl_xfrm(r0, &(0x7f0000000100)={&(0x7f0000f4dff4), 0xc, &(0x7f0000000040)={&(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000c011100"], 0x1}}, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000600)={'bridge0\x00'}) 03:42:21 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f000080e000)={0x2, 0xe, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0xffffff80, 0x0, @in6}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0x60}}, 0x3f00) 03:42:21 executing program 1: r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000a40)='xugetl\x04\x00\x00\x00\x00\x00\x00\x00age_ir_Z\xa2\xf4es\x00', 0x275a, 0x0) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000980)={r1, &(0x7f0000000800)="ab39524c6533fce2ec7386e3871297701c01494a930fce54aa6150d3acdf7460b855374e19b68de3d1ca660d8d6d631ecf1fd735d5dc6efdf9e56b1b55a0783abf6310", 0x0, 0x2}, 0x20) write$cgroup_int(r1, &(0x7f0000000000), 0xffffff6a) ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, 0x0) r2 = gettid() getsockopt$inet6_IPV6_IPSEC_POLICY(r1, 0x29, 0x22, &(0x7f0000000700)={{{@in6=@initdev, @in6=@ipv4={[], [], @initdev}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@remote}, 0x0, @in6=@mcast2}}, &(0x7f0000000040)=0xe8) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000180)={0x0, 0x0, 0x0}, &(0x7f0000000440)=0xc) setsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000500)={r2, r3, r4}, 0xc) r5 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r5, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") getsockopt$IP_VS_SO_GET_DESTS(0xffffffffffffffff, 0x0, 0x484, &(0x7f0000000600)=""/133, &(0x7f0000000400)=0x85) 03:42:21 executing program 4: socketpair$unix(0x1, 0x0, 0x0, 0x0) r0 = creat(0x0, 0x0) r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_STATUS(r0, 0xc05c5340, &(0x7f0000000200)={0xff, 0x9, 0xff, {}, 0x2, 0x1}) mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x0, 0x6031, 0xffffffffffffffff, 0x0) fcntl$dupfd(r2, 0x406, r1) 03:42:21 executing program 0: sched_setaffinity(0x0, 0x8, &(0x7f0000000140)=0x8000009) r0 = perf_event_open(&(0x7f00000004c0)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1b, &(0x7f0000000840), 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x7fffffff, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) ioctl$EVIOCRMFF(r0, 0x40044581, &(0x7f00000000c0)=0x7fffffff) r2 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000002c0)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) capget(0x0, 0x0) r3 = socket$inet6(0xa, 0x400000000001, 0x0) setsockopt$SO_TIMESTAMPING(r3, 0x1, 0x25, &(0x7f0000000180)=0x126, 0x4) r4 = dup(r3) sendto$inet6(r2, 0x0, 0x0, 0x20000000, 0x0, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x80000001, 0x80000001, 0x56a, 0x0, 0x8, 0x2, 0xffffffffffffffff}, &(0x7f0000000200)={0x5, 0x5, 0x3f, 0x2}, 0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)={0xfff}, 0x8}) ioctl$ASHMEM_SET_PROT_MASK(0xffffffffffffffff, 0x40087705, 0x0) ptrace$setregset(0x4205, r1, 0x0, 0x0) ioctl$int_in(r3, 0x5452, &(0x7f0000000580)=0xe2e) fcntl$lock(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet6_MRT6_ADD_MIF(0xffffffffffffffff, 0x29, 0xca, 0x0, 0x0) io_cancel(0x0, 0x0, 0x0) setsockopt$inet6_tcp_int(r4, 0x6, 0x12, &(0x7f0000000000)=0x7f, 0x4) bind$inet6(r3, &(0x7f0000000480)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r3, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r5 = open(&(0x7f0000000440)='./bus\x00', 0x141042, 0x0) finit_module(r5, &(0x7f0000000240)='cpuacct.usage_percpu_user\x00', 0x2) ftruncate(r5, 0x2007fff) sendfile(r4, r5, &(0x7f0000d83ff8), 0x8000fffffffe) 03:42:21 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f000080e000)={0x2, 0xe, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0xffffff80, 0x0, @in6}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0x60}}, 0x34000) 03:42:22 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f000080e000)={0x2, 0xe, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0xffffff80, 0x0, @in6}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0x60}}, 0x400300) 03:42:22 executing program 0: r0 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r0, &(0x7f0000000040)={0x18, 0x0, {0x4, @dev={[], 0xa}, 'lo\x00'}}, 0x1e) setsockopt$sock_int(r0, 0x1, 0x21, &(0x7f0000000080), 0x4) sendmmsg(r0, &(0x7f0000004500)=[{{0x0, 0xffffff7f, 0x0}}], 0x1fe, 0x0) 03:42:22 executing program 0: openat$mixer(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/mixer\x00', 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) epoll_create1(0x0) syz_open_dev$vbi(0x0, 0xffffffffffffffff, 0x2) write(r1, &(0x7f0000000340), 0x10000014c) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) prctl$PR_SET_THP_DISABLE(0x29, 0x1) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) 03:42:22 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f000080e000)={0x2, 0xe, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0xffffff80, 0x0, @in6}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0x60}}, 0x1000000) [ 1235.916665][ T8235] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 1235.946452][ T8235] CPU: 0 PID: 8235 Comm: syz-executor.4 Not tainted 5.1.0-rc1-next-20190319 #6 [ 1235.955405][ T8235] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1235.965469][ T8235] Call Trace: [ 1235.968776][ T8235] dump_stack+0x172/0x1f0 [ 1235.973122][ T8235] dump_header+0x10f/0xb6c [ 1235.977556][ T8235] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1235.983379][ T8235] ? ___ratelimit+0x60/0x595 [ 1235.987992][ T8235] ? do_raw_spin_unlock+0x57/0x270 [ 1235.993122][ T8235] oom_kill_process.cold+0x10/0x15 [ 1235.998245][ T8235] out_of_memory+0x79a/0x1280 [ 1236.002948][ T8235] ? lock_downgrade+0x880/0x880 [ 1236.007814][ T8235] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1236.014069][ T8235] ? oom_killer_disable+0x280/0x280 [ 1236.019280][ T8235] ? find_held_lock+0x35/0x130 [ 1236.024069][ T8235] mem_cgroup_out_of_memory+0x1ca/0x230 [ 1236.029630][ T8235] ? memcg_event_wake+0x230/0x230 [ 1236.034675][ T8235] ? do_raw_spin_unlock+0x57/0x270 [ 1236.039799][ T8235] ? _raw_spin_unlock+0x2d/0x50 [ 1236.044663][ T8235] try_charge+0x118d/0x1790 [ 1236.049202][ T8235] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1236.054763][ T8235] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1236.061023][ T8235] ? kasan_check_read+0x11/0x20 [ 1236.065887][ T8235] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1236.071449][ T8235] mem_cgroup_try_charge+0x24d/0x5e0 [ 1236.076741][ T8235] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1236.082377][ T8235] __handle_mm_fault+0x1e1f/0x3ec0 [ 1236.087492][ T8235] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1236.093036][ T8235] ? find_held_lock+0x35/0x130 [ 1236.097796][ T8235] ? handle_mm_fault+0x322/0xb30 [ 1236.102742][ T8235] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1236.108983][ T8235] ? kasan_check_read+0x11/0x20 [ 1236.113841][ T8235] handle_mm_fault+0x43f/0xb30 [ 1236.118607][ T8235] __get_user_pages+0x7b6/0x1a40 [ 1236.123557][ T8235] ? follow_page_mask+0x19a0/0x19a0 [ 1236.128748][ T8235] ? perf_trace_lock+0xeb/0x510 [ 1236.133594][ T8235] ? __vma_adjust+0x1840/0x1840 [ 1236.138459][ T8235] ? lock_acquire+0x16f/0x3f0 [ 1236.143138][ T8235] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1236.149380][ T8235] populate_vma_page_range+0x20d/0x2a0 [ 1236.154844][ T8235] __mm_populate+0x204/0x380 [ 1236.159440][ T8235] ? populate_vma_page_range+0x2a0/0x2a0 [ 1236.165083][ T8235] __x64_sys_mlockall+0x35c/0x520 [ 1236.170109][ T8235] do_syscall_64+0x103/0x610 [ 1236.174708][ T8235] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1236.180597][ T8235] RIP: 0033:0x458079 [ 1236.184487][ T8235] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1236.204086][ T8235] RSP: 002b:00007fa3c5772c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 1236.212490][ T8235] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000458079 [ 1236.220477][ T8235] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 1236.228446][ T8235] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1236.236410][ T8235] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa3c57736d4 [ 1236.244379][ T8235] R13: 00000000004c3d3a R14: 00000000004d6f20 R15: 00000000ffffffff [ 1236.320814][ T8235] memory: usage 307200kB, limit 307200kB, failcnt 721 [ 1236.330754][ T8235] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1236.373611][ T8235] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1236.394552][ T8235] Memory cgroup stats for /syz4: cache:0KB rss:279628KB rss_huge:20480KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:235456KB active_anon:27412KB inactive_file:4KB active_file:0KB unevictable:16968KB 03:42:22 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000440), 0x132224) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() setsockopt$IPT_SO_SET_REPLACE(r1, 0x0, 0x40, &(0x7f00000000c0)=ANY=[@ANYBLOB], 0x1) ptrace$setopts(0x4206, r2, 0x0, 0x0) wait4(0x0, 0x0, 0x0, 0x0) tkill(r2, 0x3c) 03:42:22 executing program 1: r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000a40)='xugetl\x04\x00\x00\x00\x00\x00\x00\x00age_ir_Z\xa2\xf4es\x00', 0x275a, 0x0) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000980)={r1, &(0x7f0000000800)="ab39524c6533fce2ec7386e3871297701c01494a930fce54aa6150d3acdf7460b855374e19b68de3d1ca660d8d6d631ecf1fd735d5dc6efdf9e56b1b55a0783abf6310", 0x0, 0x2}, 0x20) write$cgroup_int(r1, &(0x7f0000000000), 0xffffff6a) ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, 0x0) r2 = gettid() getsockopt$inet6_IPV6_IPSEC_POLICY(r1, 0x29, 0x22, &(0x7f0000000700)={{{@in6=@initdev, @in6=@ipv4={[], [], @initdev}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@remote}, 0x0, @in6=@mcast2}}, &(0x7f0000000040)=0xe8) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000180)={0x0, 0x0, 0x0}, &(0x7f0000000440)=0xc) setsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000500)={r2, r3, r4}, 0xc) socket$inet_udplite(0x2, 0x2, 0x88) r5 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$IP_VS_SO_GET_DESTS(r5, 0x0, 0x484, &(0x7f0000000600)=""/133, &(0x7f0000000400)=0x85) 03:42:22 executing program 5: socket$inet_sctp(0x2, 0x5, 0x84) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f00000003c0)=ANY=[@ANYBLOB="7cdaf117ad949c33f5436f8e61287af40e63e6559df00e1c92e3892c4c1cde1e61dc755864675bb0084e5e8ed007ed531d2e2cbd9c775f9e6d807d11e9e6c7c13e9b9937"], 0x0) r1 = socket(0xa, 0x3, 0x5) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'bridge0\x00\x00\x01\x00'}) setsockopt$ARPT_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x0, 0x61, &(0x7f0000000080)={'filter\x00', 0x4}, 0x68) setsockopt$inet6_mtu(r1, 0x29, 0x17, &(0x7f00000001c0)=0x2, 0x4) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8923, &(0x7f0000000040)={'bridge0\x00', 0xfffffffffffffffd}) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) socket$inet(0x2, 0x4000000000000001, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) setsockopt$inet6_mtu(r3, 0x29, 0x17, &(0x7f00000002c0)=0x7, 0x4) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(tnepres)\x00'}, 0x58) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r2, 0x84, 0x7c, &(0x7f0000000680)={0x0, 0x4}, &(0x7f00000006c0)=0x8) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f0000000700)={0x0, 0x0, 0x2, 0x1, r6}, 0x10) r7 = accept4(r5, 0x0, &(0x7f0000000000), 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000100), 0x0) r8 = syz_genetlink_get_family_id$nbd(&(0x7f0000000740)='nbd\x00') sendmsg$NBD_CMD_STATUS(r4, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)={0x20, r8, 0x20, 0x70bd27, 0x25dfdbfd, {}, [@NBD_ATTR_TIMEOUT={0xc, 0x4, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x4000) sendto$unix(r7, &(0x7f0000000400), 0xfffffffffffffef8, 0x0, 0x0, 0x22) bind$bt_l2cap(r2, &(0x7f0000000280)={0x1f, 0x1000, {0x2, 0x8, 0x9, 0xff, 0x40, 0x65f}, 0x5, 0xa1}, 0xe) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000200)={r3, &(0x7f0000000140)="b127e17bb4729bdbe9df3309c28cfe1b0b69a52b7f9659d9f5e15f2d086700eb94d66d46780f09e48850970774d57053aa6f75", 0x0, 0x1}, 0x20) socket$alg(0x26, 0x5, 0x0) recvmmsg(r7, &(0x7f0000009140)=[{{&(0x7f0000001580)=@in={0x2, 0x0, @dev}, 0x80, &(0x7f0000004840)=[{&(0x7f0000003840)=""/4096, 0x6}, {&(0x7f0000001600)=""/129, 0x7fffeffa}], 0x2, &(0x7f00000048c0)=""/58, 0x3a}}], 0x1, 0x0, &(0x7f0000009340)={0x0, 0x989680}) ioctl$sock_SIOCBRDELBR(r4, 0x89a1, &(0x7f0000000180)='bcsf0\x00\x00\x00\x00\x00\x00\x00\x11\x00') getsockopt$bt_rfcomm_RFCOMM_LM(r3, 0x12, 0x3, &(0x7f0000000380), &(0x7f0000000240)=0x293) sendmsg$nl_xfrm(r0, &(0x7f0000000100)={&(0x7f0000f4dff4), 0xc, &(0x7f0000000040)={&(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000c011100"], 0x1}}, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000600)={'bridge0\x00'}) 03:42:22 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f000080e000)={0x2, 0xe, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0xffffff80, 0x0, @in6}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0x60}}, 0x2000000) [ 1236.417272][ T8235] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=8233,uid=0 [ 1236.434711][ T8235] Memory cgroup out of memory: Killed process 8233 (syz-executor.4) total-vm:72448kB, anon-rss:16744kB, file-rss:37164kB, shmem-rss:0kB [ 1236.450034][ T1043] oom_reaper: reaped process 8233 (syz-executor.4), now anon-rss:16788kB, file-rss:37940kB, shmem-rss:0kB [ 1236.575032][ T8284] IPVS: length: 133 != 24 03:42:23 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f000080e000)={0x2, 0xe, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0xffffff80, 0x0, @in6}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0x60}}, 0x4000000) [ 1236.720636][ C1] net_ratelimit: 16 callbacks suppressed [ 1236.720645][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1236.732357][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1236.800676][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1236.806581][ C0] protocol 88fb is buggy, dev hsr_slave_1 03:42:23 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f000080e000)={0x2, 0xe, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0xffffff80, 0x0, @in6}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0x60}}, 0x8000000) 03:42:23 executing program 4: socketpair$unix(0x1, 0x0, 0x0, 0x0) r0 = creat(0x0, 0x0) r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_STATUS(r0, 0xc05c5340, &(0x7f0000000200)={0xff, 0x9, 0xff, {}, 0x2, 0x1}) mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x0, 0x6031, 0xffffffffffffffff, 0x0) fcntl$dupfd(r2, 0x406, r1) 03:42:23 executing program 0: ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) socket$bt_rfcomm(0x1f, 0x0, 0x3) r2 = syz_open_dev$swradio(&(0x7f0000000140)='/dev/swradio#\x00', 0xffffffffffffffff, 0x2) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f00000001c0)={r2}) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) lseek(r0, 0x0, 0x4) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r3, 0xae80, 0x0) 03:42:23 executing program 0: r0 = socket$l2tp(0x18, 0x1, 0x1) setsockopt$l2tp_PPPOL2TP_SO_REORDERTO(r0, 0x111, 0x5, 0x400000, 0x4) 03:42:23 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f000080e000)={0x2, 0xe, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0xffffff80, 0x0, @in6}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0x60}}, 0x10000000) 03:42:23 executing program 0: 03:42:23 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f000080e000)={0x2, 0xe, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0xffffff80, 0x0, @in6}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0x60}}, 0x3f000000) [ 1237.357317][ T8299] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 1237.367436][ T8299] CPU: 0 PID: 8299 Comm: syz-executor.4 Not tainted 5.1.0-rc1-next-20190319 #6 [ 1237.376375][ T8299] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1237.386432][ T8299] Call Trace: [ 1237.389728][ T8299] dump_stack+0x172/0x1f0 [ 1237.394079][ T8299] dump_header+0x10f/0xb6c [ 1237.398498][ T8299] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1237.404307][ T8299] ? ___ratelimit+0x60/0x595 [ 1237.408893][ T8299] ? do_raw_spin_unlock+0x57/0x270 [ 1237.414015][ T8299] oom_kill_process.cold+0x10/0x15 [ 1237.419132][ T8299] out_of_memory+0x79a/0x1280 [ 1237.423811][ T8299] ? lock_downgrade+0x880/0x880 [ 1237.428657][ T8299] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1237.434897][ T8299] ? oom_killer_disable+0x280/0x280 [ 1237.440102][ T8299] ? find_held_lock+0x35/0x130 [ 1237.444877][ T8299] mem_cgroup_out_of_memory+0x1ca/0x230 [ 1237.450423][ T8299] ? memcg_event_wake+0x230/0x230 [ 1237.455455][ T8299] ? do_raw_spin_unlock+0x57/0x270 [ 1237.460567][ T8299] ? _raw_spin_unlock+0x2d/0x50 [ 1237.465423][ T8299] try_charge+0x118d/0x1790 [ 1237.469940][ T8299] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1237.475490][ T8299] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1237.481733][ T8299] ? kasan_check_read+0x11/0x20 [ 1237.486588][ T8299] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1237.492135][ T8299] mem_cgroup_try_charge+0x24d/0x5e0 [ 1237.497424][ T8299] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1237.503061][ T8299] __handle_mm_fault+0x1e1f/0x3ec0 [ 1237.508178][ T8299] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1237.513726][ T8299] ? find_held_lock+0x35/0x130 [ 1237.518487][ T8299] ? handle_mm_fault+0x322/0xb30 [ 1237.520680][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1237.523434][ T8299] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1237.529202][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1237.535371][ T8299] ? kasan_check_read+0x11/0x20 [ 1237.535392][ T8299] handle_mm_fault+0x43f/0xb30 [ 1237.535414][ T8299] __get_user_pages+0x7b6/0x1a40 [ 1237.535445][ T8299] ? follow_page_mask+0x19a0/0x19a0 [ 1237.541283][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1237.545986][ T8299] ? perf_trace_lock+0xeb/0x510 [ 1237.546007][ T8299] ? __vma_adjust+0x1840/0x1840 [ 1237.550835][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1237.555691][ T8299] ? lock_acquire+0x16f/0x3f0 [ 1237.561008][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1237.566582][ T8299] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1237.566604][ T8299] populate_vma_page_range+0x20d/0x2a0 [ 1237.571528][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1237.576297][ T8299] __mm_populate+0x204/0x380 [ 1237.614271][ T8299] ? populate_vma_page_range+0x2a0/0x2a0 [ 1237.619924][ T8299] __x64_sys_mlockall+0x35c/0x520 [ 1237.624959][ T8299] do_syscall_64+0x103/0x610 [ 1237.629554][ T8299] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1237.635441][ T8299] RIP: 0033:0x458079 [ 1237.639330][ T8299] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1237.658942][ T8299] RSP: 002b:00007fa3c5772c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 1237.667350][ T8299] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000458079 [ 1237.675316][ T8299] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 1237.683280][ T8299] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1237.691248][ T8299] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa3c57736d4 [ 1237.699219][ T8299] R13: 00000000004c3d3a R14: 00000000004d6f20 R15: 00000000ffffffff [ 1237.720189][ T8299] memory: usage 307184kB, limit 307200kB, failcnt 753 [ 1237.727967][ T8299] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1237.742057][ T8299] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1237.756590][ T8299] Memory cgroup stats for /syz4: cache:0KB rss:279644KB rss_huge:18432KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:235456KB active_anon:27412KB inactive_file:4KB active_file:0KB unevictable:16968KB [ 1237.780337][ T8299] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=8298,uid=0 [ 1237.797947][ T8299] Memory cgroup out of memory: Killed process 8298 (syz-executor.4) total-vm:72448kB, anon-rss:16808kB, file-rss:37164kB, shmem-rss:0kB [ 1237.812531][ T1043] oom_reaper: reaped process 8298 (syz-executor.4), now anon-rss:16856kB, file-rss:37944kB, shmem-rss:0kB 03:42:25 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000440), 0x132224) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() setsockopt$IPT_SO_SET_REPLACE(r1, 0x0, 0x40, &(0x7f00000000c0)=ANY=[@ANYBLOB], 0x1) ptrace$setopts(0x4206, r2, 0x0, 0x0) wait4(0x0, 0x0, 0x0, 0x0) tkill(r2, 0x3c) 03:42:25 executing program 0: 03:42:25 executing program 5: socket$inet_sctp(0x2, 0x5, 0x84) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f00000003c0)=ANY=[@ANYBLOB="7cdaf117ad949c33f5436f8e61287af40e63e6559df00e1c92e3892c4c1cde1e61dc755864675bb0084e5e8ed007ed531d2e2cbd9c775f9e6d807d11e9e6c7c13e9b9937"], 0x0) r1 = socket(0xa, 0x3, 0x5) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'bridge0\x00\x00\x01\x00'}) setsockopt$ARPT_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x0, 0x61, &(0x7f0000000080)={'filter\x00', 0x4}, 0x68) setsockopt$inet6_mtu(r1, 0x29, 0x17, &(0x7f00000001c0)=0x2, 0x4) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8923, &(0x7f0000000040)={'bridge0\x00', 0xfffffffffffffffd}) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) socket$inet(0x2, 0x4000000000000001, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) setsockopt$inet6_mtu(r3, 0x29, 0x17, &(0x7f00000002c0)=0x7, 0x4) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(tnepres)\x00'}, 0x58) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r2, 0x84, 0x7c, &(0x7f0000000680)={0x0, 0x4}, &(0x7f00000006c0)=0x8) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f0000000700)={0x0, 0x0, 0x2, 0x1, r6}, 0x10) r7 = accept4(r5, 0x0, &(0x7f0000000000), 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000100), 0x0) r8 = syz_genetlink_get_family_id$nbd(&(0x7f0000000740)='nbd\x00') sendmsg$NBD_CMD_STATUS(r4, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)={0x20, r8, 0x20, 0x70bd27, 0x25dfdbfd, {}, [@NBD_ATTR_TIMEOUT={0xc, 0x4, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x4000) sendto$unix(r7, &(0x7f0000000400), 0xfffffffffffffef8, 0x0, 0x0, 0x22) bind$bt_l2cap(r2, &(0x7f0000000280)={0x1f, 0x1000, {0x2, 0x8, 0x9, 0xff, 0x40, 0x65f}, 0x5, 0xa1}, 0xe) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000200)={r3, &(0x7f0000000140)="b127e17bb4729bdbe9df3309c28cfe1b0b69a52b7f9659d9f5e15f2d086700eb94d66d46780f09e48850970774d57053aa6f75", 0x0, 0x1}, 0x20) socket$alg(0x26, 0x5, 0x0) recvmmsg(r7, &(0x7f0000009140)=[{{&(0x7f0000001580)=@in={0x2, 0x0, @dev}, 0x80, &(0x7f0000004840)=[{&(0x7f0000003840)=""/4096, 0x6}, {&(0x7f0000001600)=""/129, 0x7fffeffa}], 0x2, &(0x7f00000048c0)=""/58, 0x3a}}], 0x1, 0x0, &(0x7f0000009340)={0x0, 0x989680}) ioctl$sock_SIOCBRDELBR(r4, 0x89a1, &(0x7f0000000180)='bcsf0\x00\x00\x00\x00\x00\x00\x00\x11\x00') getsockopt$bt_rfcomm_RFCOMM_LM(r3, 0x12, 0x3, &(0x7f0000000380), &(0x7f0000000240)=0x293) sendmsg$nl_xfrm(r0, &(0x7f0000000100)={&(0x7f0000f4dff4), 0xc, &(0x7f0000000040)={&(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000c011100"], 0x1}}, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000600)={'bridge0\x00'}) 03:42:25 executing program 1: r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000a40)='xugetl\x04\x00\x00\x00\x00\x00\x00\x00age_ir_Z\xa2\xf4es\x00', 0x275a, 0x0) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000980)={r1, &(0x7f0000000800)="ab39524c6533fce2ec7386e3871297701c01494a930fce54aa6150d3acdf7460b855374e19b68de3d1ca660d8d6d631ecf1fd735d5dc6efdf9e56b1b55a0783abf6310", 0x0, 0x2}, 0x20) write$cgroup_int(r1, &(0x7f0000000000), 0xffffff6a) ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, 0x0) r2 = gettid() getsockopt$inet6_IPV6_IPSEC_POLICY(r1, 0x29, 0x22, &(0x7f0000000700)={{{@in6=@initdev, @in6=@ipv4={[], [], @initdev}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@remote}, 0x0, @in6=@mcast2}}, &(0x7f0000000040)=0xe8) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000180)={0x0, 0x0, 0x0}, &(0x7f0000000440)=0xc) setsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000500)={r2, r3, r4}, 0xc) socket$inet_udplite(0x2, 0x2, 0x88) r5 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$IP_VS_SO_GET_DESTS(r5, 0x0, 0x484, &(0x7f0000000600)=""/133, &(0x7f0000000400)=0x85) 03:42:25 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f000080e000)={0x2, 0xe, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0xffffff80, 0x0, @in6}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0x60}}, 0x80ffffff) 03:42:25 executing program 4: socketpair$unix(0x1, 0x0, 0x0, 0x0) r0 = creat(0x0, 0x0) r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_STATUS(r0, 0xc05c5340, &(0x7f0000000200)={0xff, 0x9, 0xff, {}, 0x2, 0x1}) mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x0, 0x6031, 0xffffffffffffffff, 0x0) fcntl$dupfd(r2, 0x406, r1) 03:42:26 executing program 0: [ 1239.658996][ T8325] IPVS: length: 133 != 24 03:42:26 executing program 0: 03:42:26 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f000080e000)={0x2, 0xe, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0xffffff80, 0x0, @in6}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0x60}}, 0xffffff7f) 03:42:26 executing program 0: 03:42:26 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f000080e000)={0x2, 0xe, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0xffffff80, 0x0, @in6}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0x60}}, 0xffffff80) 03:42:26 executing program 0: [ 1240.051956][ T8318] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 1240.072076][ T8318] CPU: 1 PID: 8318 Comm: syz-executor.4 Not tainted 5.1.0-rc1-next-20190319 #6 [ 1240.081024][ T8318] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1240.091080][ T8318] Call Trace: [ 1240.094384][ T8318] dump_stack+0x172/0x1f0 [ 1240.098736][ T8318] dump_header+0x10f/0xb6c [ 1240.103171][ T8318] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1240.108991][ T8318] ? ___ratelimit+0x60/0x595 [ 1240.113595][ T8318] ? do_raw_spin_unlock+0x57/0x270 [ 1240.118732][ T8318] oom_kill_process.cold+0x10/0x15 [ 1240.123862][ T8318] out_of_memory+0x79a/0x1280 [ 1240.128557][ T8318] ? lock_downgrade+0x880/0x880 [ 1240.133420][ T8318] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1240.139674][ T8318] ? oom_killer_disable+0x280/0x280 [ 1240.144890][ T8318] ? find_held_lock+0x35/0x130 [ 1240.149686][ T8318] mem_cgroup_out_of_memory+0x1ca/0x230 [ 1240.155246][ T8318] ? memcg_event_wake+0x230/0x230 [ 1240.160291][ T8318] ? do_raw_spin_unlock+0x57/0x270 [ 1240.165420][ T8318] ? _raw_spin_unlock+0x2d/0x50 [ 1240.170293][ T8318] try_charge+0x118d/0x1790 [ 1240.174814][ T8318] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1240.180375][ T8318] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1240.186630][ T8318] ? kasan_check_read+0x11/0x20 [ 1240.191503][ T8318] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1240.197082][ T8318] mem_cgroup_try_charge+0x24d/0x5e0 [ 1240.202388][ T8318] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1240.208038][ T8318] __handle_mm_fault+0x1e1f/0x3ec0 [ 1240.213173][ T8318] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1240.218739][ T8318] ? find_held_lock+0x35/0x130 [ 1240.223515][ T8318] ? handle_mm_fault+0x322/0xb30 [ 1240.228478][ T8318] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1240.234746][ T8318] ? kasan_check_read+0x11/0x20 [ 1240.239618][ T8318] handle_mm_fault+0x43f/0xb30 [ 1240.244406][ T8318] __get_user_pages+0x7b6/0x1a40 [ 1240.249369][ T8318] ? follow_page_mask+0x19a0/0x19a0 [ 1240.254577][ T8318] ? perf_trace_lock+0xeb/0x510 [ 1240.259443][ T8318] ? __vma_adjust+0x1840/0x1840 [ 1240.264318][ T8318] ? lock_acquire+0x16f/0x3f0 [ 1240.269007][ T8318] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1240.275262][ T8318] populate_vma_page_range+0x20d/0x2a0 [ 1240.280748][ T8318] __mm_populate+0x204/0x380 [ 1240.285459][ T8318] ? populate_vma_page_range+0x2a0/0x2a0 [ 1240.291120][ T8318] __x64_sys_mlockall+0x35c/0x520 [ 1240.296162][ T8318] do_syscall_64+0x103/0x610 [ 1240.300772][ T8318] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1240.306673][ T8318] RIP: 0033:0x458079 [ 1240.310586][ T8318] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1240.330803][ T8318] RSP: 002b:00007fa3c5772c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 1240.339226][ T8318] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000458079 [ 1240.347207][ T8318] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 1240.355189][ T8318] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1240.363168][ T8318] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa3c57736d4 [ 1240.371145][ T8318] R13: 00000000004c3d3a R14: 00000000004d6f20 R15: 00000000ffffffff [ 1240.384211][ T8318] memory: usage 307200kB, limit 307200kB, failcnt 784 [ 1240.391140][ T8318] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1240.398613][ T8318] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1240.408961][ T8318] Memory cgroup stats for /syz4: cache:0KB rss:279636KB rss_huge:18432KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:235456KB active_anon:27412KB inactive_file:4KB active_file:0KB unevictable:16984KB [ 1240.443638][ T8318] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=8316,uid=0 [ 1240.467848][ T8318] Memory cgroup out of memory: Killed process 8316 (syz-executor.4) total-vm:72448kB, anon-rss:16808kB, file-rss:37164kB, shmem-rss:0kB [ 1240.484587][ T1043] oom_reaper: reaped process 8316 (syz-executor.4), now anon-rss:17020kB, file-rss:37944kB, shmem-rss:0kB 03:42:29 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000440), 0x132224) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() setsockopt$IPT_SO_SET_REPLACE(r1, 0x0, 0x40, &(0x7f00000000c0)=ANY=[@ANYBLOB="6e61853167377400000100000000000000000000e4dbb77487e90104000000000040800000000000001b2300000503000018030000cc0000ac010000000000001004d1e090e1fe916dd282e0f34f8dfac0dc1695c4d70000100400001003"], 0x1) ptrace$setopts(0x4206, r2, 0x0, 0x0) wait4(0x0, 0x0, 0x0, 0x0) tkill(r2, 0x3c) 03:42:29 executing program 0: 03:42:29 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f000080e000)={0x2, 0xe, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0xffffff80, 0x0, @in6}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0x60}}, 0x40030000000000) 03:42:29 executing program 1: r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000a40)='xugetl\x04\x00\x00\x00\x00\x00\x00\x00age_ir_Z\xa2\xf4es\x00', 0x275a, 0x0) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000980)={r1, &(0x7f0000000800)="ab39524c6533fce2ec7386e3871297701c01494a930fce54aa6150d3acdf7460b855374e19b68de3d1ca660d8d6d631ecf1fd735d5dc6efdf9e56b1b55a0783abf6310", 0x0, 0x2}, 0x20) write$cgroup_int(r1, &(0x7f0000000000), 0xffffff6a) ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, 0x0) r2 = gettid() getsockopt$inet6_IPV6_IPSEC_POLICY(r1, 0x29, 0x22, &(0x7f0000000700)={{{@in6=@initdev, @in6=@ipv4={[], [], @initdev}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@remote}, 0x0, @in6=@mcast2}}, &(0x7f0000000040)=0xe8) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000180)={0x0, 0x0, 0x0}, &(0x7f0000000440)=0xc) setsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000500)={r2, r3, r4}, 0xc) socket$inet_udplite(0x2, 0x2, 0x88) r5 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$IP_VS_SO_GET_DESTS(r5, 0x0, 0x484, &(0x7f0000000600)=""/133, &(0x7f0000000400)=0x85) 03:42:29 executing program 5: socket$inet_sctp(0x2, 0x5, 0x84) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f00000003c0)=ANY=[@ANYBLOB="7cdaf117ad949c33f5436f8e61287af40e63e6559df00e1c92e3892c4c1cde1e61dc755864675bb0084e5e8ed007ed531d2e2cbd9c775f9e6d807d11e9e6c7c13e9b9937"], 0x0) r1 = socket(0xa, 0x3, 0x5) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'bridge0\x00\x00\x01\x00'}) setsockopt$ARPT_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x0, 0x61, &(0x7f0000000080)={'filter\x00', 0x4}, 0x68) setsockopt$inet6_mtu(r1, 0x29, 0x17, &(0x7f00000001c0)=0x2, 0x4) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8923, &(0x7f0000000040)={'bridge0\x00', 0xfffffffffffffffd}) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) socket$inet(0x2, 0x4000000000000001, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) setsockopt$inet6_mtu(r3, 0x29, 0x17, &(0x7f00000002c0)=0x7, 0x4) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(tnepres)\x00'}, 0x58) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r2, 0x84, 0x7c, &(0x7f0000000680)={0x0, 0x4}, &(0x7f00000006c0)=0x8) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f0000000700)={0x0, 0x0, 0x2, 0x1, r6}, 0x10) r7 = accept4(r5, 0x0, &(0x7f0000000000), 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000100), 0x0) r8 = syz_genetlink_get_family_id$nbd(&(0x7f0000000740)='nbd\x00') sendmsg$NBD_CMD_STATUS(r4, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)={0x20, r8, 0x20, 0x70bd27, 0x25dfdbfd, {}, [@NBD_ATTR_TIMEOUT={0xc, 0x4, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x4000) sendto$unix(r7, &(0x7f0000000400), 0xfffffffffffffef8, 0x0, 0x0, 0x22) bind$bt_l2cap(r2, &(0x7f0000000280)={0x1f, 0x1000, {0x2, 0x8, 0x9, 0xff, 0x40, 0x65f}, 0x5, 0xa1}, 0xe) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000200)={r3, &(0x7f0000000140)="b127e17bb4729bdbe9df3309c28cfe1b0b69a52b7f9659d9f5e15f2d086700eb94d66d46780f09e48850970774d57053aa6f75", 0x0, 0x1}, 0x20) socket$alg(0x26, 0x5, 0x0) recvmmsg(r7, &(0x7f0000009140)=[{{&(0x7f0000001580)=@in={0x2, 0x0, @dev}, 0x80, &(0x7f0000004840)=[{&(0x7f0000003840)=""/4096, 0x6}, {&(0x7f0000001600)=""/129, 0x7fffeffa}], 0x2, &(0x7f00000048c0)=""/58, 0x3a}}], 0x1, 0x0, &(0x7f0000009340)={0x0, 0x989680}) ioctl$sock_SIOCBRDELBR(r4, 0x89a1, &(0x7f0000000180)='bcsf0\x00\x00\x00\x00\x00\x00\x00\x11\x00') getsockopt$bt_rfcomm_RFCOMM_LM(r3, 0x12, 0x3, &(0x7f0000000380), &(0x7f0000000240)=0x293) sendmsg$nl_xfrm(r0, &(0x7f0000000100)={&(0x7f0000f4dff4), 0xc, &(0x7f0000000040)={&(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000c011100"], 0x1}}, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000600)={'bridge0\x00'}) 03:42:29 executing program 4: socketpair$unix(0x1, 0x0, 0x0, 0x0) r0 = creat(0x0, 0x0) r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_STATUS(r0, 0xc05c5340, &(0x7f0000000200)={0xff, 0x9, 0xff, {}, 0x2, 0x1}) mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x0, 0x6031, 0xffffffffffffffff, 0x0) fcntl$dupfd(r2, 0x406, r1) 03:42:29 executing program 0: [ 1242.681688][ T8356] IPVS: length: 133 != 24 03:42:29 executing program 0: 03:42:29 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f000080e000)={0x2, 0xe, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0xffffff80, 0x0, @in6}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0x60}}, 0x100000000000000) 03:42:29 executing program 0: 03:42:29 executing program 0: 03:42:29 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f000080e000)={0x2, 0xe, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0xffffff80, 0x0, @in6}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0x60}}, 0x200000000000000) [ 1242.960627][ C1] net_ratelimit: 20 callbacks suppressed [ 1242.960636][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1242.972232][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1242.989406][ T8347] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 1243.000690][ T8347] CPU: 0 PID: 8347 Comm: syz-executor.4 Not tainted 5.1.0-rc1-next-20190319 #6 [ 1243.010214][ T8347] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1243.020275][ T8347] Call Trace: [ 1243.023587][ T8347] dump_stack+0x172/0x1f0 [ 1243.027946][ T8347] dump_header+0x10f/0xb6c [ 1243.032380][ T8347] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1243.038207][ T8347] ? ___ratelimit+0x60/0x595 [ 1243.042812][ T8347] ? do_raw_spin_unlock+0x57/0x270 [ 1243.047969][ T8347] oom_kill_process.cold+0x10/0x15 [ 1243.053094][ T8347] out_of_memory+0x79a/0x1280 [ 1243.057793][ T8347] ? lock_downgrade+0x880/0x880 [ 1243.062654][ T8347] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1243.068903][ T8347] ? oom_killer_disable+0x280/0x280 [ 1243.074120][ T8347] ? find_held_lock+0x35/0x130 [ 1243.078903][ T8347] mem_cgroup_out_of_memory+0x1ca/0x230 [ 1243.084475][ T8347] ? memcg_event_wake+0x230/0x230 [ 1243.089523][ T8347] ? do_raw_spin_unlock+0x57/0x270 [ 1243.094657][ T8347] ? _raw_spin_unlock+0x2d/0x50 [ 1243.099526][ T8347] try_charge+0x118d/0x1790 [ 1243.104053][ T8347] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1243.109614][ T8347] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1243.115876][ T8347] ? kasan_check_read+0x11/0x20 [ 1243.120755][ T8347] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1243.126323][ T8347] mem_cgroup_try_charge+0x24d/0x5e0 [ 1243.131631][ T8347] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1243.137289][ T8347] __handle_mm_fault+0x1e1f/0x3ec0 [ 1243.142423][ T8347] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1243.147981][ T8347] ? find_held_lock+0x35/0x130 [ 1243.152754][ T8347] ? handle_mm_fault+0x322/0xb30 [ 1243.157716][ T8347] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1243.163973][ T8347] ? kasan_check_read+0x11/0x20 [ 1243.168847][ T8347] handle_mm_fault+0x43f/0xb30 [ 1243.173623][ T8347] __get_user_pages+0x7b6/0x1a40 [ 1243.178585][ T8347] ? follow_page_mask+0x19a0/0x19a0 [ 1243.183797][ T8347] ? perf_trace_lock+0xeb/0x510 [ 1243.188664][ T8347] ? __vma_adjust+0x1840/0x1840 [ 1243.193542][ T8347] ? lock_acquire+0x16f/0x3f0 [ 1243.198238][ T8347] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1243.204491][ T8347] populate_vma_page_range+0x20d/0x2a0 [ 1243.209972][ T8347] __mm_populate+0x204/0x380 [ 1243.214583][ T8347] ? populate_vma_page_range+0x2a0/0x2a0 [ 1243.220249][ T8347] __x64_sys_mlockall+0x35c/0x520 [ 1243.225301][ T8347] do_syscall_64+0x103/0x610 [ 1243.229911][ T8347] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1243.235821][ T8347] RIP: 0033:0x458079 [ 1243.239726][ T8347] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1243.259339][ T8347] RSP: 002b:00007fa3c5772c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 1243.267790][ T8347] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000458079 [ 1243.275769][ T8347] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 1243.283746][ T8347] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1243.291723][ T8347] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa3c57736d4 [ 1243.299701][ T8347] R13: 00000000004c3d3a R14: 00000000004d6f20 R15: 00000000ffffffff [ 1243.308029][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1243.313869][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1243.363427][ T8347] memory: usage 307200kB, limit 307200kB, failcnt 800 [ 1243.371292][ T8347] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1243.378989][ T8347] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1243.391954][ T8347] Memory cgroup stats for /syz4: cache:0KB rss:279908KB rss_huge:20480KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:235456KB active_anon:27412KB inactive_file:4KB active_file:0KB unevictable:17168KB [ 1243.448563][ T8347] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=8342,uid=0 [ 1243.487243][ T8347] Memory cgroup out of memory: Killed process 8342 (syz-executor.4) total-vm:72448kB, anon-rss:17008kB, file-rss:37164kB, shmem-rss:0kB [ 1243.507799][ T1043] oom_reaper: reaped process 8342 (syz-executor.4), now anon-rss:17052kB, file-rss:37944kB, shmem-rss:0kB [ 1243.760685][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1243.766731][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1243.772669][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1243.778616][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1243.784367][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1243.790253][ C1] protocol 88fb is buggy, dev hsr_slave_1 03:42:32 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000440), 0x132224) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() setsockopt$IPT_SO_SET_REPLACE(r1, 0x0, 0x40, &(0x7f00000000c0)=ANY=[@ANYBLOB="6e61853167377400000100000000000000000000e4dbb77487e90104000000000040800000000000001b2300000503000018030000cc0000ac010000000000001004d1e090e1fe916dd282e0f34f8dfac0dc1695c4d70000100400001003"], 0x1) ptrace$setopts(0x4206, r2, 0x0, 0x0) wait4(0x0, 0x0, 0x0, 0x0) tkill(r2, 0x3c) 03:42:32 executing program 0: 03:42:32 executing program 5: socket$inet_sctp(0x2, 0x5, 0x84) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f00000003c0)=ANY=[@ANYBLOB="7cdaf117ad949c33f5436f8e61287af40e63e6559df00e1c92e3892c4c1cde1e61dc755864675bb0084e5e8ed007ed531d2e2cbd9c775f9e6d807d11e9e6c7c13e9b9937"], 0x0) r1 = socket(0xa, 0x3, 0x5) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'bridge0\x00\x00\x01\x00'}) setsockopt$ARPT_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x0, 0x61, &(0x7f0000000080)={'filter\x00', 0x4}, 0x68) setsockopt$inet6_mtu(r1, 0x29, 0x17, &(0x7f00000001c0)=0x2, 0x4) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8923, &(0x7f0000000040)={'bridge0\x00', 0xfffffffffffffffd}) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$sock_SIOCBRADDBR(0xffffffffffffffff, 0x89a0, &(0x7f00000000c0)='bcsf0\x00') setsockopt$inet6_mtu(r3, 0x29, 0x17, &(0x7f00000002c0)=0x7, 0x4) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(tnepres)\x00'}, 0x58) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r2, 0x84, 0x7c, &(0x7f0000000680)={0x0, 0x4}, &(0x7f00000006c0)=0x8) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f0000000700)={0x0, 0x0, 0x2, 0x1, r5}, 0x10) r6 = accept4(r4, 0x0, &(0x7f0000000000), 0x0) setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000000100), 0x0) r7 = syz_genetlink_get_family_id$nbd(&(0x7f0000000740)='nbd\x00') sendmsg$NBD_CMD_STATUS(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)={0x20, r7, 0x20, 0x70bd27, 0x25dfdbfd, {}, [@NBD_ATTR_TIMEOUT={0xc, 0x4, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x4000) sendto$unix(r6, &(0x7f0000000400), 0xfffffffffffffef8, 0x0, 0x0, 0x22) bind$bt_l2cap(r2, &(0x7f0000000280)={0x1f, 0x1000, {0x2, 0x8, 0x9, 0xff, 0x40, 0x65f}, 0x5, 0xa1}, 0xe) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000200)={r3, &(0x7f0000000140)="b127e17bb4729bdbe9df3309c28cfe1b0b69a52b7f9659d9f5e15f2d086700eb94d66d46780f09e48850970774d57053aa6f75", 0x0, 0x1}, 0x20) socket$alg(0x26, 0x5, 0x0) recvmmsg(r6, &(0x7f0000009140)=[{{&(0x7f0000001580)=@in={0x2, 0x0, @dev}, 0x80, &(0x7f0000004840)=[{&(0x7f0000003840)=""/4096, 0x6}, {&(0x7f0000001600)=""/129, 0x7fffeffa}], 0x2, &(0x7f00000048c0)=""/58, 0x3a}}], 0x1, 0x0, &(0x7f0000009340)={0x0, 0x989680}) ioctl$sock_SIOCBRDELBR(0xffffffffffffffff, 0x89a1, &(0x7f0000000180)='bcsf0\x00\x00\x00\x00\x00\x00\x00\x11\x00') getsockopt$bt_rfcomm_RFCOMM_LM(r3, 0x12, 0x3, &(0x7f0000000380), &(0x7f0000000240)=0x293) sendmsg$nl_xfrm(r0, &(0x7f0000000100)={&(0x7f0000f4dff4), 0xc, &(0x7f0000000040)={&(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000c011100"], 0x1}}, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000600)={'bridge0\x00'}) 03:42:32 executing program 1: r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000a40)='xugetl\x04\x00\x00\x00\x00\x00\x00\x00age_ir_Z\xa2\xf4es\x00', 0x275a, 0x0) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000980)={r1, &(0x7f0000000800)="ab39524c6533fce2ec7386e3871297701c01494a930fce54aa6150d3acdf7460b855374e19b68de3d1ca660d8d6d631ecf1fd735d5dc6efdf9e56b1b55a0783abf6310", 0x0, 0x2}, 0x20) write$cgroup_int(r1, &(0x7f0000000000), 0xffffff6a) ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, 0x0) r2 = gettid() getsockopt$inet6_IPV6_IPSEC_POLICY(r1, 0x29, 0x22, &(0x7f0000000700)={{{@in6=@initdev, @in6=@ipv4={[], [], @initdev}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@remote}, 0x0, @in6=@mcast2}}, &(0x7f0000000040)=0xe8) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000180)={0x0, 0x0, 0x0}, &(0x7f0000000440)=0xc) setsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000500)={r2, r3, r4}, 0xc) ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r5 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$IP_VS_SO_GET_DESTS(r5, 0x0, 0x484, &(0x7f0000000600)=""/133, &(0x7f0000000400)=0x85) 03:42:32 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f000080e000)={0x2, 0xe, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0xffffff80, 0x0, @in6}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0x60}}, 0x400000000000000) 03:42:32 executing program 4: socketpair$unix(0x1, 0x0, 0x0, 0x0) r0 = creat(0x0, 0x0) r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_STATUS(r0, 0xc05c5340, &(0x7f0000000200)={0xff, 0x9, 0xff, {}, 0x2, 0x1}) mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x0, 0x6031, 0xffffffffffffffff, 0x0) fcntl$dupfd(r2, 0x406, r1) 03:42:32 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f0000000140)="40c74adc7724e27d876f441d952bf111375896d876c4ed0f2e703cd5f8b64ff3cd946b507daea1c09fc1fe6c"}, 0x20) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x2, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4005}) r2 = socket$kcm(0x29, 0x5, 0x0) ioctl$TUNSETVNETHDRSZ(r1, 0x400454d8, &(0x7f0000000200)=0xa7) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000c00)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&') openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) write$cgroup_subtree(r1, &(0x7f00000000c0)={[{0x0, 'c\x86\xdd', 0x7}]}, 0xfdef) [ 1245.745241][ T8387] IPVS: length: 133 != 24 03:42:32 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f000080e000)={0x2, 0xe, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0xffffff80, 0x0, @in6}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0x60}}, 0x800000000000000) 03:42:32 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r2, 0x0) add_key$user(0x0, 0x0, &(0x7f0000001040)="d8b98318b88de56368d1a6da820065294787d16a63d50420019952e8f06a18a3c04f37e30b2fb760f6590a86fbb61b8e5863fc4b5cf2ab412922d63418b4a752b7a852508eac7f32899568ee242c8cb615d79341c68e97208da02d2f8b0f1b3c77de0442e0c3c3bcde1bfd8cc90b5e13db38ef64ed7156ae2989168cca0a533ce721f2daebc035835f32513c3147bbe6ca6d920e59753727a0f0b5e99528983590783f7aab76e996793f415a7b13e7be1ba7926245db63453ff642bc6a2844966df1f9e22db7b39e1901e2308153b4e7d7858450d23c4f0034488eb955003054f5", 0xe1, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 03:42:32 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f000080e000)={0x2, 0xe, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0xffffff80, 0x0, @in6}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0x60}}, 0x1000000000000000) 03:42:32 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x0, 0x0) read(r0, &(0x7f0000000040)=""/11, 0xb) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)) r1 = epoll_create1(0x0) r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000140)) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000100)) r3 = gettid() timer_create(0x0, &(0x7f0000000000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f0000000300)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r3, 0x16) 03:42:32 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f000080e000)={0x2, 0xe, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0xffffff80, 0x0, @in6}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0x60}}, 0x3f00000000000000) [ 1246.284887][ T8381] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 1246.305635][ T8381] CPU: 1 PID: 8381 Comm: syz-executor.4 Not tainted 5.1.0-rc1-next-20190319 #6 [ 1246.314581][ T8381] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1246.324651][ T8381] Call Trace: [ 1246.327976][ T8381] dump_stack+0x172/0x1f0 [ 1246.332321][ T8381] dump_header+0x10f/0xb6c [ 1246.336754][ T8381] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1246.342571][ T8381] ? ___ratelimit+0x60/0x595 [ 1246.347170][ T8381] ? do_raw_spin_unlock+0x57/0x270 [ 1246.352300][ T8381] oom_kill_process.cold+0x10/0x15 [ 1246.357421][ T8381] out_of_memory+0x79a/0x1280 [ 1246.362212][ T8381] ? lock_downgrade+0x880/0x880 [ 1246.367075][ T8381] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1246.373332][ T8381] ? oom_killer_disable+0x280/0x280 [ 1246.378536][ T8381] ? find_held_lock+0x35/0x130 [ 1246.383323][ T8381] mem_cgroup_out_of_memory+0x1ca/0x230 [ 1246.388874][ T8381] ? memcg_event_wake+0x230/0x230 [ 1246.393927][ T8381] ? do_raw_spin_unlock+0x57/0x270 [ 1246.399053][ T8381] ? _raw_spin_unlock+0x2d/0x50 [ 1246.403933][ T8381] try_charge+0x118d/0x1790 [ 1246.408460][ T8381] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1246.414020][ T8381] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1246.420281][ T8381] ? kasan_check_read+0x11/0x20 [ 1246.425161][ T8381] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1246.430735][ T8381] mem_cgroup_try_charge+0x24d/0x5e0 [ 1246.436042][ T8381] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1246.441688][ T8381] __handle_mm_fault+0x1e1f/0x3ec0 [ 1246.446822][ T8381] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1246.452383][ T8381] ? find_held_lock+0x35/0x130 [ 1246.457168][ T8381] ? handle_mm_fault+0x322/0xb30 [ 1246.462134][ T8381] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1246.468391][ T8381] ? kasan_check_read+0x11/0x20 [ 1246.473258][ T8381] handle_mm_fault+0x43f/0xb30 [ 1246.478035][ T8381] __get_user_pages+0x7b6/0x1a40 [ 1246.483002][ T8381] ? follow_page_mask+0x19a0/0x19a0 [ 1246.488205][ T8381] ? perf_trace_lock+0xeb/0x510 [ 1246.493075][ T8381] ? __vma_adjust+0x1840/0x1840 [ 1246.498085][ T8381] ? lock_acquire+0x16f/0x3f0 [ 1246.502772][ T8381] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1246.509023][ T8381] populate_vma_page_range+0x20d/0x2a0 [ 1246.514496][ T8381] __mm_populate+0x204/0x380 [ 1246.519095][ T8381] ? populate_vma_page_range+0x2a0/0x2a0 [ 1246.524745][ T8381] __x64_sys_mlockall+0x35c/0x520 [ 1246.529775][ T8381] do_syscall_64+0x103/0x610 [ 1246.534371][ T8381] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1246.540265][ T8381] RIP: 0033:0x458079 [ 1246.544159][ T8381] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1246.563944][ T8381] RSP: 002b:00007fa3c5772c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 1246.572359][ T8381] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000458079 [ 1246.580328][ T8381] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 1246.588282][ T8381] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1246.596242][ T8381] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa3c57736d4 [ 1246.604223][ T8381] R13: 00000000004c3d3a R14: 00000000004d6f20 R15: 00000000ffffffff [ 1246.628886][ T8381] memory: usage 307196kB, limit 307200kB, failcnt 836 [ 1246.638781][ T8381] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1246.658509][ T8381] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1246.668875][ T8381] Memory cgroup stats for /syz4: cache:0KB rss:279892KB rss_huge:18432KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:235456KB active_anon:27424KB inactive_file:4KB active_file:0KB unevictable:17216KB [ 1246.708951][ T8381] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=8377,uid=0 [ 1246.724871][ T8381] Memory cgroup out of memory: Killed process 8377 (syz-executor.4) total-vm:72448kB, anon-rss:17072kB, file-rss:37164kB, shmem-rss:0kB [ 1246.758575][ T1043] oom_reaper: reaped process 8377 (syz-executor.4), now anon-rss:17120kB, file-rss:37944kB, shmem-rss:0kB 03:42:35 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000440), 0x132224) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() setsockopt$IPT_SO_SET_REPLACE(r1, 0x0, 0x40, &(0x7f00000000c0)=ANY=[@ANYBLOB="6e61853167377400000100000000000000000000e4dbb77487e90104000000000040800000000000001b2300000503000018030000cc0000ac010000000000001004d1e090e1fe916dd282e0f34f8dfac0dc1695c4d70000100400001003"], 0x1) ptrace$setopts(0x4206, r2, 0x0, 0x0) wait4(0x0, 0x0, 0x0, 0x0) tkill(r2, 0x3c) 03:42:35 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) perf_event_open(&(0x7f0000c86f88)={0x2, 0x70, 0x910, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_NR_MMU_PAGES(r2, 0xae44, 0x200) 03:42:35 executing program 1: r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000a40)='xugetl\x04\x00\x00\x00\x00\x00\x00\x00age_ir_Z\xa2\xf4es\x00', 0x275a, 0x0) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000980)={r1, &(0x7f0000000800)="ab39524c6533fce2ec7386e3871297701c01494a930fce54aa6150d3acdf7460b855374e19b68de3d1ca660d8d6d631ecf1fd735d5dc6efdf9e56b1b55a0783abf6310", 0x0, 0x2}, 0x20) write$cgroup_int(r1, &(0x7f0000000000), 0xffffff6a) ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, 0x0) r2 = gettid() getsockopt$inet6_IPV6_IPSEC_POLICY(r1, 0x29, 0x22, &(0x7f0000000700)={{{@in6=@initdev, @in6=@ipv4={[], [], @initdev}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@remote}, 0x0, @in6=@mcast2}}, &(0x7f0000000040)=0xe8) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000180)={0x0, 0x0, 0x0}, &(0x7f0000000440)=0xc) setsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000500)={r2, r3, r4}, 0xc) ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r5 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$IP_VS_SO_GET_DESTS(r5, 0x0, 0x484, &(0x7f0000000600)=""/133, &(0x7f0000000400)=0x85) 03:42:35 executing program 5: socket$inet_sctp(0x2, 0x5, 0x84) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f00000003c0)=ANY=[@ANYBLOB="7cdaf117ad949c33f5436f8e61287af40e63e6559df00e1c92e3892c4c1cde1e61dc755864675bb0084e5e8ed007ed531d2e2cbd9c775f9e6d807d11e9e6c7c13e9b9937"], 0x0) r1 = socket(0xa, 0x3, 0x5) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'bridge0\x00\x00\x01\x00'}) setsockopt$ARPT_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x0, 0x61, &(0x7f0000000080)={'filter\x00', 0x4}, 0x68) setsockopt$inet6_mtu(r1, 0x29, 0x17, &(0x7f00000001c0)=0x2, 0x4) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8923, &(0x7f0000000040)={'bridge0\x00', 0xfffffffffffffffd}) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$sock_SIOCBRADDBR(0xffffffffffffffff, 0x89a0, &(0x7f00000000c0)='bcsf0\x00') setsockopt$inet6_mtu(r3, 0x29, 0x17, &(0x7f00000002c0)=0x7, 0x4) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(tnepres)\x00'}, 0x58) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r2, 0x84, 0x7c, &(0x7f0000000680)={0x0, 0x4}, &(0x7f00000006c0)=0x8) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f0000000700)={0x0, 0x0, 0x2, 0x1, r5}, 0x10) r6 = accept4(r4, 0x0, &(0x7f0000000000), 0x0) setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000000100), 0x0) r7 = syz_genetlink_get_family_id$nbd(&(0x7f0000000740)='nbd\x00') sendmsg$NBD_CMD_STATUS(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)={0x20, r7, 0x20, 0x70bd27, 0x25dfdbfd, {}, [@NBD_ATTR_TIMEOUT={0xc, 0x4, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x4000) sendto$unix(r6, &(0x7f0000000400), 0xfffffffffffffef8, 0x0, 0x0, 0x22) bind$bt_l2cap(r2, &(0x7f0000000280)={0x1f, 0x1000, {0x2, 0x8, 0x9, 0xff, 0x40, 0x65f}, 0x5, 0xa1}, 0xe) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000200)={r3, &(0x7f0000000140)="b127e17bb4729bdbe9df3309c28cfe1b0b69a52b7f9659d9f5e15f2d086700eb94d66d46780f09e48850970774d57053aa6f75", 0x0, 0x1}, 0x20) socket$alg(0x26, 0x5, 0x0) recvmmsg(r6, &(0x7f0000009140)=[{{&(0x7f0000001580)=@in={0x2, 0x0, @dev}, 0x80, &(0x7f0000004840)=[{&(0x7f0000003840)=""/4096, 0x6}, {&(0x7f0000001600)=""/129, 0x7fffeffa}], 0x2, &(0x7f00000048c0)=""/58, 0x3a}}], 0x1, 0x0, &(0x7f0000009340)={0x0, 0x989680}) ioctl$sock_SIOCBRDELBR(0xffffffffffffffff, 0x89a1, &(0x7f0000000180)='bcsf0\x00\x00\x00\x00\x00\x00\x00\x11\x00') getsockopt$bt_rfcomm_RFCOMM_LM(r3, 0x12, 0x3, &(0x7f0000000380), &(0x7f0000000240)=0x293) sendmsg$nl_xfrm(r0, &(0x7f0000000100)={&(0x7f0000f4dff4), 0xc, &(0x7f0000000040)={&(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000c011100"], 0x1}}, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000600)={'bridge0\x00'}) 03:42:35 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f000080e000)={0x2, 0xe, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0xffffff80, 0x0, @in6}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0x60}}, 0x80ffffff00000000) 03:42:35 executing program 4: socketpair$unix(0x1, 0x0, 0x0, 0x0) creat(0x0, 0x0) r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_STATUS(0xffffffffffffffff, 0xc05c5340, &(0x7f0000000200)={0xff, 0x9, 0xff, {}, 0x2, 0x1}) mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x0, 0x6031, 0xffffffffffffffff, 0x0) fcntl$dupfd(r1, 0x406, r0) 03:42:35 executing program 0: perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0xf0, 0x80000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='/group.sta\x9f\xd4t\x00+\x04J{\t\xab\v\x02t\xe1\t\x85\xa6\xfa\x15\xb3[\xa6\x94!\xf2\x04\xde\xc5f\x8a\x06\x00\x00\x00\xb9\x0f\xf8`\xe0\x1f&+\xaf\xacu\nm\\\xe2Y\xcba\xea\f\xd9DXX>\xef/\xc5\x97\xea\x93\xa7\xde\xc9\xb4\x16\x8eF\x8b\xe0Wm\x1d\x0e\xbf\x8b\xc4G\x8f\x8e\xd8[T|i$\x88\x04\x00\x00\x00\x00\x00\x00\x00\x90\x1eB\x8b\x98\xad\xd17_Q\xe15\x84\x8f\xea\x98\xc6\xe3WE\x11\xe0\xc6\x1f\xf2/\xf6\x1f', 0x2761, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)}, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x4030582a, &(0x7f0000000000)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) [ 1248.815101][ T8433] IPVS: length: 133 != 24 03:42:35 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f000080e000)={0x2, 0xe, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0xffffff80, 0x0, @in6}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0x60}}, 0xffffff7f00000000) 03:42:35 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000300)={r1, 0x0, 0x12, 0x0, &(0x7f0000000440)="26a4b8318b98ff4dc870bd6688a864084707", 0x0, 0x1280}, 0x28) 03:42:35 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f000080e000)={0x2, 0xe, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, [@sadb_sa={0x2, 0x1, 0x4d5, 0x61, 0x100000001, 0x10}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0x48}}, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000000)='/proc/capi/capi20ncci\x00', 0x4000, 0x0) ioctl$EVIOCGPHYS(r1, 0x80404507, &(0x7f0000000040)=""/83) setsockopt$IP_VS_SO_SET_TIMEOUT(r1, 0x0, 0x48a, &(0x7f0000000140)={0xfffffffffffffc00, 0x19, 0x9}, 0xc) 03:42:35 executing program 0: clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x1) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x20000000, 0xd0}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) [ 1249.200705][ C1] net_ratelimit: 20 callbacks suppressed [ 1249.200716][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1249.212317][ C1] protocol 88fb is buggy, dev hsr_slave_1 03:42:35 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_MCAST_LEAVE_GROUP(r1, 0x0, 0x2d, &(0x7f0000000080)={0x7, {{0x2, 0x4e22, @loopback}}}, 0x88) sendmsg$key(r0, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000000140)=ANY=[@ANYBLOB="020e00000c000000000300420000000005000600008000000a000000000ac2257c96d884cc38a729000000000000000000000000b49a09f0e956a55ab37f41624626ec00000000800df07382867ffcab36ee02e9000005000500000000000a00000000000000fe800000000000a5c42f70cceaed1c79704f7418b7f3ae8c325d2130bd996965177996244d438ca1cfb4f986e41563a51e91b98d5dae0289713d144a33e8d398086eb92b944363ab7100b799602be5668127a43ea1fe668db51942de5dbc6ec1385999279e6ce1101547b5e1121542bedca3d6aa8db255c3b4e1"], 0x60}}, 0x0) [ 1249.255479][ T8425] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 1249.280382][ T8425] CPU: 0 PID: 8425 Comm: syz-executor.4 Not tainted 5.1.0-rc1-next-20190319 #6 [ 1249.289352][ T8425] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1249.299416][ T8425] Call Trace: [ 1249.302718][ T8425] dump_stack+0x172/0x1f0 [ 1249.307075][ T8425] dump_header+0x10f/0xb6c [ 1249.311510][ T8425] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1249.317341][ T8425] ? ___ratelimit+0x60/0x595 [ 1249.321952][ T8425] ? do_raw_spin_unlock+0x57/0x270 [ 1249.327081][ T8425] oom_kill_process.cold+0x10/0x15 [ 1249.332219][ T8425] out_of_memory+0x79a/0x1280 [ 1249.336913][ T8425] ? lock_downgrade+0x880/0x880 [ 1249.341786][ T8425] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1249.348040][ T8425] ? oom_killer_disable+0x280/0x280 [ 1249.353249][ T8425] ? find_held_lock+0x35/0x130 [ 1249.358037][ T8425] mem_cgroup_out_of_memory+0x1ca/0x230 [ 1249.363594][ T8425] ? memcg_event_wake+0x230/0x230 [ 1249.368634][ T8425] ? do_raw_spin_unlock+0x57/0x270 [ 1249.373756][ T8425] ? _raw_spin_unlock+0x2d/0x50 [ 1249.378612][ T8425] try_charge+0x118d/0x1790 [ 1249.383122][ T8425] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1249.388670][ T8425] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1249.394925][ T8425] ? kasan_check_read+0x11/0x20 [ 1249.399782][ T8425] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1249.405328][ T8425] mem_cgroup_try_charge+0x24d/0x5e0 [ 1249.410620][ T8425] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1249.416251][ T8425] __handle_mm_fault+0x1e1f/0x3ec0 [ 1249.421366][ T8425] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1249.426912][ T8425] ? find_held_lock+0x35/0x130 [ 1249.431685][ T8425] ? handle_mm_fault+0x322/0xb30 [ 1249.436632][ T8425] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1249.442875][ T8425] ? kasan_check_read+0x11/0x20 [ 1249.447728][ T8425] handle_mm_fault+0x43f/0xb30 [ 1249.452498][ T8425] __get_user_pages+0x7b6/0x1a40 [ 1249.457449][ T8425] ? follow_page_mask+0x19a0/0x19a0 [ 1249.462640][ T8425] ? perf_trace_lock+0xeb/0x510 [ 1249.467488][ T8425] ? __vma_adjust+0x1840/0x1840 [ 1249.472341][ T8425] ? lock_acquire+0x16f/0x3f0 [ 1249.477017][ T8425] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1249.483260][ T8425] populate_vma_page_range+0x20d/0x2a0 [ 1249.488721][ T8425] __mm_populate+0x204/0x380 [ 1249.493315][ T8425] ? populate_vma_page_range+0x2a0/0x2a0 [ 1249.498961][ T8425] __x64_sys_mlockall+0x35c/0x520 [ 1249.503990][ T8425] do_syscall_64+0x103/0x610 [ 1249.508586][ T8425] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1249.514474][ T8425] RIP: 0033:0x458079 [ 1249.518372][ T8425] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1249.537973][ T8425] RSP: 002b:00007fa3c5772c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 1249.546402][ T8425] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000458079 [ 1249.554368][ T8425] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 1249.562951][ T8425] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1249.570940][ T8425] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa3c57736d4 [ 1249.578911][ T8425] R13: 00000000004c3d3a R14: 00000000004d6f20 R15: 00000000ffffffff [ 1249.587250][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1249.593092][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1249.673277][ T8425] memory: usage 307200kB, limit 307200kB, failcnt 871 [ 1249.691964][ T8425] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1249.707828][ T8425] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1249.715222][ T8425] Memory cgroup stats for /syz4: cache:0KB rss:280040KB rss_huge:20480KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:235456KB active_anon:27424KB inactive_file:4KB active_file:0KB unevictable:17272KB [ 1249.738003][ T8425] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=8419,uid=0 [ 1249.755261][ T8425] Memory cgroup out of memory: Killed process 8419 (syz-executor.4) total-vm:72448kB, anon-rss:17004kB, file-rss:37164kB, shmem-rss:0kB 03:42:36 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000440), 0x132224) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() setsockopt$IPT_SO_SET_REPLACE(r1, 0x0, 0x40, &(0x7f00000000c0)=ANY=[@ANYBLOB="6e61853167377400000100000000000000000000e4dbb77487e90104000000000040800000000000001b2300000503000018030000cc0000ac010000000000001004d1e090e1fe916dd282e0f34f8dfac0dc1695c4d700001004000010030002d3a379b87c5ade6e27a603551ae6543351c2f2d3c00f3f72e011777424c981c41f852110e5d4a50bc78b2aa66b"], 0x1) ptrace$setopts(0x4206, r2, 0x0, 0x0) wait4(0x0, 0x0, 0x0, 0x0) tkill(r2, 0x3c) 03:42:36 executing program 5: socket$inet_sctp(0x2, 0x5, 0x84) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f00000003c0)=ANY=[@ANYBLOB="7cdaf117ad949c33f5436f8e61287af40e63e6559df00e1c92e3892c4c1cde1e61dc755864675bb0084e5e8ed007ed531d2e2cbd9c775f9e6d807d11e9e6c7c13e9b9937"], 0x0) r1 = socket(0xa, 0x3, 0x5) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'bridge0\x00\x00\x01\x00'}) setsockopt$ARPT_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x0, 0x61, &(0x7f0000000080)={'filter\x00', 0x4}, 0x68) setsockopt$inet6_mtu(r1, 0x29, 0x17, &(0x7f00000001c0)=0x2, 0x4) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8923, &(0x7f0000000040)={'bridge0\x00', 0xfffffffffffffffd}) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$sock_SIOCBRADDBR(0xffffffffffffffff, 0x89a0, &(0x7f00000000c0)='bcsf0\x00') setsockopt$inet6_mtu(r3, 0x29, 0x17, &(0x7f00000002c0)=0x7, 0x4) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(tnepres)\x00'}, 0x58) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r2, 0x84, 0x7c, &(0x7f0000000680)={0x0, 0x4}, &(0x7f00000006c0)=0x8) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f0000000700)={0x0, 0x0, 0x2, 0x1, r5}, 0x10) r6 = accept4(r4, 0x0, &(0x7f0000000000), 0x0) setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000000100), 0x0) r7 = syz_genetlink_get_family_id$nbd(&(0x7f0000000740)='nbd\x00') sendmsg$NBD_CMD_STATUS(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)={0x20, r7, 0x20, 0x70bd27, 0x25dfdbfd, {}, [@NBD_ATTR_TIMEOUT={0xc, 0x4, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x4000) sendto$unix(r6, &(0x7f0000000400), 0xfffffffffffffef8, 0x0, 0x0, 0x22) bind$bt_l2cap(r2, &(0x7f0000000280)={0x1f, 0x1000, {0x2, 0x8, 0x9, 0xff, 0x40, 0x65f}, 0x5, 0xa1}, 0xe) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000200)={r3, &(0x7f0000000140)="b127e17bb4729bdbe9df3309c28cfe1b0b69a52b7f9659d9f5e15f2d086700eb94d66d46780f09e48850970774d57053aa6f75", 0x0, 0x1}, 0x20) socket$alg(0x26, 0x5, 0x0) recvmmsg(r6, &(0x7f0000009140)=[{{&(0x7f0000001580)=@in={0x2, 0x0, @dev}, 0x80, &(0x7f0000004840)=[{&(0x7f0000003840)=""/4096, 0x6}, {&(0x7f0000001600)=""/129, 0x7fffeffa}], 0x2, &(0x7f00000048c0)=""/58, 0x3a}}], 0x1, 0x0, &(0x7f0000009340)={0x0, 0x989680}) ioctl$sock_SIOCBRDELBR(0xffffffffffffffff, 0x89a1, &(0x7f0000000180)='bcsf0\x00\x00\x00\x00\x00\x00\x00\x11\x00') getsockopt$bt_rfcomm_RFCOMM_LM(r3, 0x12, 0x3, &(0x7f0000000380), &(0x7f0000000240)=0x293) sendmsg$nl_xfrm(r0, &(0x7f0000000100)={&(0x7f0000f4dff4), 0xc, &(0x7f0000000040)={&(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000c011100"], 0x1}}, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000600)={'bridge0\x00'}) 03:42:36 executing program 1: r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000a40)='xugetl\x04\x00\x00\x00\x00\x00\x00\x00age_ir_Z\xa2\xf4es\x00', 0x275a, 0x0) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000980)={r1, &(0x7f0000000800)="ab39524c6533fce2ec7386e3871297701c01494a930fce54aa6150d3acdf7460b855374e19b68de3d1ca660d8d6d631ecf1fd735d5dc6efdf9e56b1b55a0783abf6310", 0x0, 0x2}, 0x20) write$cgroup_int(r1, &(0x7f0000000000), 0xffffff6a) ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, 0x0) r2 = gettid() getsockopt$inet6_IPV6_IPSEC_POLICY(r1, 0x29, 0x22, &(0x7f0000000700)={{{@in6=@initdev, @in6=@ipv4={[], [], @initdev}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@remote}, 0x0, @in6=@mcast2}}, &(0x7f0000000040)=0xe8) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000180)={0x0, 0x0, 0x0}, &(0x7f0000000440)=0xc) setsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000500)={r2, r3, r4}, 0xc) ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r5 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$IP_VS_SO_GET_DESTS(r5, 0x0, 0x484, &(0x7f0000000600)=""/133, &(0x7f0000000400)=0x85) 03:42:36 executing program 0: clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x1) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x20000000, 0xd0}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 03:42:36 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="020e00000c000000000000000000000005000600008000000a0000000000000000000000000000000000000000000000000000000000000005000500000000000a00000004000000fe8001000000000000000000000000ff007190fea621eb9237"], 0x60}}, 0x0) r1 = openat$vfio(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vfio/vfio\x00', 0x90800, 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000040)={0x0, 0x8a, 0x30}, &(0x7f0000000080)=0xc) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000180)={r1, 0x50, &(0x7f0000000100)}, 0x10) setsockopt$inet_sctp_SCTP_ASSOCINFO(r1, 0x84, 0x1, &(0x7f00000000c0)={r2, 0x3, 0x1, 0x8, 0x3a, 0x8212}, 0x14) [ 1249.771024][ T1043] oom_reaper: reaped process 8419 (syz-executor.4), now anon-rss:17052kB, file-rss:37944kB, shmem-rss:0kB [ 1249.927513][ T8477] IPVS: length: 133 != 24 [ 1250.000640][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1250.007056][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1250.012961][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1250.018746][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1250.024611][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1250.030385][ C1] protocol 88fb is buggy, dev hsr_slave_1 03:42:36 executing program 4: socketpair$unix(0x1, 0x0, 0x0, 0x0) creat(0x0, 0x0) r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_STATUS(0xffffffffffffffff, 0xc05c5340, &(0x7f0000000200)={0xff, 0x9, 0xff, {}, 0x2, 0x1}) mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x0, 0x6031, 0xffffffffffffffff, 0x0) fcntl$dupfd(r1, 0x406, r0) 03:42:36 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000000)='/dev/rfkill\x00', 0x101200, 0x0) read$rfkill(r1, &(0x7f0000000040), 0x8) sendmsg$key(r0, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f000080e000)={0x2, 0xe, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0xffffff80, 0x0, @in6}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0x60}}, 0x0) 03:42:36 executing program 0: clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x1) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x20000000, 0xd0}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 03:42:36 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f000080e000)=ANY=[@ANYBLOB="020e00000c000000000000000000000005000600008000000a00000000000000000000000000004b1b7336686fd34b00000000000000000005000500000000000a00000000000000fe8000000000000000000000000000ff0000000000000000"], 0x60}}, 0x0) 03:42:36 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f000080e000)=ANY=[@ANYBLOB="020e00000c000000000000000000000005000600008000000a0000000000000000080000000000000000000000000000000000000000000005000500000000000a00fe8000000000000000000000000000ff0000000000000000000000000000"], 0x60}}, 0x0) [ 1250.535876][ T8490] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 1250.565452][ T8490] CPU: 0 PID: 8490 Comm: syz-executor.4 Not tainted 5.1.0-rc1-next-20190319 #6 [ 1250.574407][ T8490] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1250.584455][ T8490] Call Trace: [ 1250.587752][ T8490] dump_stack+0x172/0x1f0 [ 1250.592087][ T8490] dump_header+0x10f/0xb6c [ 1250.596504][ T8490] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1250.602310][ T8490] ? ___ratelimit+0x60/0x595 [ 1250.606895][ T8490] ? do_raw_spin_unlock+0x57/0x270 [ 1250.612016][ T8490] oom_kill_process.cold+0x10/0x15 [ 1250.617127][ T8490] out_of_memory+0x79a/0x1280 [ 1250.621807][ T8490] ? lock_downgrade+0x880/0x880 [ 1250.626658][ T8490] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1250.632900][ T8490] ? oom_killer_disable+0x280/0x280 [ 1250.638099][ T8490] ? find_held_lock+0x35/0x130 [ 1250.642873][ T8490] mem_cgroup_out_of_memory+0x1ca/0x230 [ 1250.648414][ T8490] ? memcg_event_wake+0x230/0x230 [ 1250.653447][ T8490] ? do_raw_spin_unlock+0x57/0x270 [ 1250.658560][ T8490] ? _raw_spin_unlock+0x2d/0x50 [ 1250.663511][ T8490] try_charge+0x118d/0x1790 [ 1250.668020][ T8490] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1250.673565][ T8490] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1250.679805][ T8490] ? kasan_check_read+0x11/0x20 [ 1250.684661][ T8490] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1250.690216][ T8490] mem_cgroup_try_charge+0x24d/0x5e0 [ 1250.695508][ T8490] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1250.701145][ T8490] __handle_mm_fault+0x1e1f/0x3ec0 [ 1250.706260][ T8490] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1250.711802][ T8490] ? find_held_lock+0x35/0x130 [ 1250.716564][ T8490] ? handle_mm_fault+0x322/0xb30 [ 1250.721512][ T8490] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1250.727754][ T8490] ? kasan_check_read+0x11/0x20 [ 1250.732611][ T8490] handle_mm_fault+0x43f/0xb30 [ 1250.737383][ T8490] __get_user_pages+0x7b6/0x1a40 [ 1250.742332][ T8490] ? follow_page_mask+0x19a0/0x19a0 [ 1250.747523][ T8490] ? perf_trace_lock+0xeb/0x510 [ 1250.752371][ T8490] ? __vma_adjust+0x1840/0x1840 [ 1250.757229][ T8490] ? lock_acquire+0x16f/0x3f0 [ 1250.761903][ T8490] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1250.768238][ T8490] populate_vma_page_range+0x20d/0x2a0 [ 1250.773702][ T8490] __mm_populate+0x204/0x380 [ 1250.778293][ T8490] ? populate_vma_page_range+0x2a0/0x2a0 [ 1250.783959][ T8490] __x64_sys_mlockall+0x35c/0x520 [ 1250.788989][ T8490] do_syscall_64+0x103/0x610 [ 1250.793584][ T8490] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1250.799471][ T8490] RIP: 0033:0x458079 [ 1250.803364][ T8490] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1250.822964][ T8490] RSP: 002b:00007fa3c5772c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 1250.831384][ T8490] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000458079 [ 1250.839353][ T8490] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 1250.847318][ T8490] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1250.855284][ T8490] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa3c57736d4 [ 1250.863250][ T8490] R13: 00000000004c3d3a R14: 00000000004d6f20 R15: 00000000ffffffff 03:42:37 executing program 5: socket$inet_sctp(0x2, 0x5, 0x84) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f00000003c0)=ANY=[@ANYBLOB="7cdaf117ad949c33f5436f8e61287af40e63e6559df00e1c92e3892c4c1cde1e61dc755864675bb0084e5e8ed007ed531d2e2cbd9c775f9e6d807d11e9e6c7c13e9b9937"], 0x0) r1 = socket(0xa, 0x3, 0x5) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'bridge0\x00\x00\x01\x00'}) setsockopt$ARPT_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x0, 0x61, &(0x7f0000000080)={'filter\x00', 0x4}, 0x68) setsockopt$inet6_mtu(r1, 0x29, 0x17, &(0x7f00000001c0)=0x2, 0x4) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8923, &(0x7f0000000040)={'bridge0\x00', 0xfffffffffffffffd}) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCBRADDBR(r4, 0x89a0, &(0x7f00000000c0)='bcsf0\x00') setsockopt$inet6_mtu(r3, 0x29, 0x17, &(0x7f00000002c0)=0x7, 0x4) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(tnepres)\x00'}, 0x58) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r2, 0x84, 0x7c, &(0x7f0000000680)={0x0, 0x4}, &(0x7f00000006c0)=0x8) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f0000000700)={0x0, 0x0, 0x2, 0x1, r6}, 0x10) r7 = accept4(r5, 0x0, &(0x7f0000000000), 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000100), 0x0) r8 = syz_genetlink_get_family_id$nbd(&(0x7f0000000740)='nbd\x00') sendmsg$NBD_CMD_STATUS(r4, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)={0x20, r8, 0x20, 0x70bd27, 0x25dfdbfd, {}, [@NBD_ATTR_TIMEOUT={0xc, 0x4, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x4000) sendto$unix(r7, &(0x7f0000000400), 0xfffffffffffffef8, 0x0, 0x0, 0x22) bind$bt_l2cap(r2, &(0x7f0000000280)={0x1f, 0x1000, {0x2, 0x8, 0x9, 0xff, 0x40, 0x65f}, 0x5, 0xa1}, 0xe) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000200)={r3, &(0x7f0000000140)="b127e17bb4729bdbe9df3309c28cfe1b0b69a52b7f9659d9f5e15f2d086700eb94d66d46780f09e48850970774d57053aa6f75", 0x0, 0x1}, 0x20) socket$alg(0x26, 0x5, 0x0) recvmmsg(r7, &(0x7f0000009140)=[{{&(0x7f0000001580)=@in={0x2, 0x0, @dev}, 0x80, &(0x7f0000004840)=[{&(0x7f0000003840)=""/4096, 0x6}, {&(0x7f0000001600)=""/129, 0x7fffeffa}], 0x2, &(0x7f00000048c0)=""/58, 0x3a}}], 0x1, 0x0, &(0x7f0000009340)={0x0, 0x989680}) ioctl$sock_SIOCBRDELBR(r4, 0x89a1, &(0x7f0000000180)='bcsf0\x00\x00\x00\x00\x00\x00\x00\x11\x00') getsockopt$bt_rfcomm_RFCOMM_LM(r3, 0x12, 0x3, &(0x7f0000000380), &(0x7f0000000240)=0x293) sendmsg$nl_xfrm(r0, &(0x7f0000000100)={&(0x7f0000f4dff4), 0xc, &(0x7f0000000040)={&(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000c011100"], 0x1}}, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000600)={'bridge0\x00'}) 03:42:37 executing program 1: syz_init_net_socket$llc(0x1a, 0x1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000a40)='xugetl\x04\x00\x00\x00\x00\x00\x00\x00age_ir_Z\xa2\xf4es\x00', 0x275a, 0x0) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000980)={r0, &(0x7f0000000800)="ab39524c6533fce2ec7386e3871297701c01494a930fce54aa6150d3acdf7460b855374e19b68de3d1ca660d8d6d631ecf1fd735d5dc6efdf9e56b1b55a0783abf6310", 0x0, 0x2}, 0x20) write$cgroup_int(r0, &(0x7f0000000000), 0xffffff6a) ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, 0x0) gettid() getsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x29, 0x22, &(0x7f0000000700)={{{@in6=@initdev, @in6=@ipv4={[], [], @initdev}}}, {{@in=@remote}, 0x0, @in6=@mcast2}}, &(0x7f0000000040)=0xe8) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000180), &(0x7f0000000440)=0xc) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r2 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$IP_VS_SO_GET_DESTS(r2, 0x0, 0x484, &(0x7f0000000600)=""/133, &(0x7f0000000400)=0x85) [ 1250.996028][ T8490] memory: usage 307200kB, limit 307200kB, failcnt 900 [ 1251.010464][ T8490] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1251.024136][ T8490] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1251.039418][ T8490] Memory cgroup stats for /syz4: cache:0KB rss:280144KB rss_huge:18432KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:235456KB active_anon:27424KB inactive_file:4KB active_file:0KB unevictable:17280KB [ 1251.067311][ T8490] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=8489,uid=0 [ 1251.100214][ T8490] Memory cgroup out of memory: Killed process 8489 (syz-executor.4) total-vm:72448kB, anon-rss:17072kB, file-rss:37164kB, shmem-rss:0kB [ 1251.115218][ T1043] oom_reaper: reaped process 8489 (syz-executor.4), now anon-rss:17120kB, file-rss:37944kB, shmem-rss:0kB [ 1251.168673][ T8506] IPVS: length: 133 != 24 03:42:39 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000440), 0x132224) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() setsockopt$IPT_SO_SET_REPLACE(r1, 0x0, 0x40, &(0x7f00000000c0)=ANY=[@ANYBLOB="6e61853167377400000100000000000000000000e4dbb77487e90104000000000040800000000000001b2300000503000018030000cc0000ac010000000000001004d1e090e1fe916dd282e0f34f8dfac0dc1695c4d700001004000010030002d3a379b87c5ade6e27a603551ae6543351c2f2d3c00f3f72e011777424c981c41f852110e5d4a50bc78b2aa66b"], 0x1) ptrace$setopts(0x4206, r2, 0x0, 0x0) wait4(0x0, 0x0, 0x0, 0x0) tkill(r2, 0x3c) 03:42:39 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) r1 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm_plock\x00', 0x0, 0x0) r2 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0)='TIPC\x00') sendmsg$TIPC_CMD_SHOW_STATS(r1, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2204202}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x1c, r2, 0x200, 0x70bd2b, 0x25dfdbff, {}, ["", "", "", "", "", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x50}, 0x20000000) syz_open_dev$midi(&(0x7f0000000000)='/dev/midi#\x00', 0x8838, 0x0) sendmsg$key(r0, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f000080e000)={0x2, 0xe, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0xffffff80, 0x0, @in6}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0x60}}, 0x0) getsockopt$bt_l2cap_L2CAP_LM(r1, 0x6, 0x3, &(0x7f00000002c0), &(0x7f0000000200)=0xffab) 03:42:39 executing program 4: socketpair$unix(0x1, 0x0, 0x0, 0x0) creat(0x0, 0x0) r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_STATUS(0xffffffffffffffff, 0xc05c5340, &(0x7f0000000200)={0xff, 0x9, 0xff, {}, 0x2, 0x1}) mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x0, 0x6031, 0xffffffffffffffff, 0x0) fcntl$dupfd(r1, 0x406, r0) 03:42:39 executing program 1: syz_init_net_socket$llc(0x1a, 0x1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000a40)='xugetl\x04\x00\x00\x00\x00\x00\x00\x00age_ir_Z\xa2\xf4es\x00', 0x275a, 0x0) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000980)={r0, &(0x7f0000000800)="ab39524c6533fce2ec7386e3871297701c01494a930fce54aa6150d3acdf7460b855374e19b68de3d1ca660d8d6d631ecf1fd735d5dc6efdf9e56b1b55a0783abf6310", 0x0, 0x2}, 0x20) write$cgroup_int(r0, &(0x7f0000000000), 0xffffff6a) ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, 0x0) gettid() getsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x29, 0x22, &(0x7f0000000700)={{{@in6=@initdev, @in6=@ipv4={[], [], @initdev}}}, {{@in=@remote}, 0x0, @in6=@mcast2}}, &(0x7f0000000040)=0xe8) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r2 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$IP_VS_SO_GET_DESTS(r2, 0x0, 0x484, &(0x7f0000000600)=""/133, &(0x7f0000000400)=0x85) 03:42:39 executing program 5: socket$inet_sctp(0x2, 0x5, 0x84) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f00000003c0)=ANY=[@ANYBLOB="7cdaf117ad949c33f5436f8e61287af40e63e6559df00e1c92e3892c4c1cde1e61dc755864675bb0084e5e8ed007ed531d2e2cbd9c775f9e6d807d11e9e6c7c13e9b9937"], 0x0) r1 = socket(0xa, 0x3, 0x5) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'bridge0\x00\x00\x01\x00'}) setsockopt$ARPT_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x0, 0x61, &(0x7f0000000080)={'filter\x00', 0x4}, 0x68) setsockopt$inet6_mtu(r1, 0x29, 0x17, &(0x7f00000001c0)=0x2, 0x4) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8923, &(0x7f0000000040)={'bridge0\x00', 0xfffffffffffffffd}) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCBRADDBR(r4, 0x89a0, &(0x7f00000000c0)='bcsf0\x00') setsockopt$inet6_mtu(r3, 0x29, 0x17, &(0x7f00000002c0)=0x7, 0x4) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(tnepres)\x00'}, 0x58) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r2, 0x84, 0x7c, &(0x7f0000000680)={0x0, 0x4}, &(0x7f00000006c0)=0x8) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f0000000700)={0x0, 0x0, 0x2, 0x1, r6}, 0x10) r7 = accept4(r5, 0x0, &(0x7f0000000000), 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000100), 0x0) r8 = syz_genetlink_get_family_id$nbd(&(0x7f0000000740)='nbd\x00') sendmsg$NBD_CMD_STATUS(r4, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)={0x20, r8, 0x20, 0x70bd27, 0x25dfdbfd, {}, [@NBD_ATTR_TIMEOUT={0xc, 0x4, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x4000) sendto$unix(r7, &(0x7f0000000400), 0xfffffffffffffef8, 0x0, 0x0, 0x22) bind$bt_l2cap(r2, &(0x7f0000000280)={0x1f, 0x1000, {0x2, 0x8, 0x9, 0xff, 0x40, 0x65f}, 0x5, 0xa1}, 0xe) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000200)={r3, &(0x7f0000000140)="b127e17bb4729bdbe9df3309c28cfe1b0b69a52b7f9659d9f5e15f2d086700eb94d66d46780f09e48850970774d57053aa6f75", 0x0, 0x1}, 0x20) socket$alg(0x26, 0x5, 0x0) recvmmsg(r7, &(0x7f0000009140)=[{{&(0x7f0000001580)=@in={0x2, 0x0, @dev}, 0x80, &(0x7f0000004840)=[{&(0x7f0000003840)=""/4096, 0x6}, {&(0x7f0000001600)=""/129, 0x7fffeffa}], 0x2, &(0x7f00000048c0)=""/58, 0x3a}}], 0x1, 0x0, &(0x7f0000009340)={0x0, 0x989680}) ioctl$sock_SIOCBRDELBR(r4, 0x89a1, &(0x7f0000000180)='bcsf0\x00\x00\x00\x00\x00\x00\x00\x11\x00') getsockopt$bt_rfcomm_RFCOMM_LM(r3, 0x12, 0x3, &(0x7f0000000380), &(0x7f0000000240)=0x293) sendmsg$nl_xfrm(r0, &(0x7f0000000100)={&(0x7f0000f4dff4), 0xc, &(0x7f0000000040)={&(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000c011100"], 0x1}}, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000600)={'bridge0\x00'}) [ 1252.966981][ T8524] IPVS: length: 133 != 24 03:42:39 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f000080e000)={0x2, 0xe, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0xffffff80, 0x0, @in6}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0x60}}, 0x0) fcntl$setsig(r0, 0xa, 0x3d) 03:42:39 executing program 0: clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x1) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x20000000, 0xd0}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 03:42:39 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f000080e000)={0x2, 0xe, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0xffffff80, 0x0, @in6}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0x60}}, 0x0) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffff9c, 0x0, 0x10, &(0x7f0000000040)={{{@in6=@ipv4, @in6=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@remote}, 0x0, @in6}}, &(0x7f0000000140)=0xe8) lstat(&(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0}) r3 = getuid() getsockopt$inet_IP_IPSEC_POLICY(r0, 0x0, 0x10, &(0x7f0000000240)={{{@in=@multicast1, @in=@multicast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@loopback}, 0x0, @in6=@mcast1}}, &(0x7f0000000340)=0xe8) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffff9c, 0x0, 0x11, &(0x7f0000000380)={{{@in=@local, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@remote}, 0x0, @in6=@mcast2}}, &(0x7f0000000480)=0xe8) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000004c0)={0x0, 0x0}, &(0x7f0000000500)=0xc) getsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000540)={{{@in6=@ipv4={[], [], @loopback}, @in=@empty, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@local}, 0x0, @in=@local}}, &(0x7f0000000640)=0xe8) getresuid(&(0x7f0000000680), &(0x7f00000006c0)=0x0, &(0x7f0000000700)) fstat(r0, &(0x7f0000000740)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) lstat(&(0x7f0000000ac0)='./file0\x00', &(0x7f0000000c40)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) getgroups(0x5, &(0x7f0000000880)=[0xee01, 0xee01, 0x0, 0xee01, 0xffffffffffffffff]) stat(&(0x7f00000008c0)='./file0\x00', &(0x7f0000000900)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) lstat(&(0x7f0000000980)='./file0\x00', &(0x7f00000009c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) fsetxattr$system_posix_acl(r0, &(0x7f0000000000)='system.posix_acl_access\x00', &(0x7f0000000b00)=ANY=[@ANYBLOB="02000000010004000000000002000000", @ANYRES32=r1, @ANYBLOB="02000700", @ANYRES32=r2, @ANYBLOB="02000400", @ANYRES32=r3, @ANYBLOB="02000100", @ANYRES32=r4, @ANYBLOB="02000200", @ANYRES32=r5, @ANYBLOB="02000400", @ANYRES32=r6, @ANYBLOB="02000000", @ANYRES32=r7, @ANYBLOB="02000700", @ANYRES32=r8, @ANYBLOB="0400000000000000d49c088039f4c704176cc9f106cdaa08000700", @ANYRES32=r9, @ANYBLOB="08000100", @ANYRES32=r10, @ANYBLOB='\b\x00\a\x00', @ANYRES32=r11, @ANYBLOB="08000600", @ANYRES32=r12, @ANYBLOB="08000500", @ANYRES32=r13, @ANYBLOB="10000400000000002000050000000000"], 0x8c, 0x3) [ 1253.299521][ T8515] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 1253.322191][ T8515] CPU: 1 PID: 8515 Comm: syz-executor.4 Not tainted 5.1.0-rc1-next-20190319 #6 [ 1253.331147][ T8515] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1253.341201][ T8515] Call Trace: [ 1253.344504][ T8515] dump_stack+0x172/0x1f0 [ 1253.348851][ T8515] dump_header+0x10f/0xb6c [ 1253.353279][ T8515] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1253.359097][ T8515] ? ___ratelimit+0x60/0x595 [ 1253.363706][ T8515] ? do_raw_spin_unlock+0x57/0x270 [ 1253.368831][ T8515] oom_kill_process.cold+0x10/0x15 [ 1253.373963][ T8515] out_of_memory+0x79a/0x1280 [ 1253.378650][ T8515] ? lock_downgrade+0x880/0x880 [ 1253.383510][ T8515] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1253.389762][ T8515] ? oom_killer_disable+0x280/0x280 [ 1253.394967][ T8515] ? find_held_lock+0x35/0x130 [ 1253.399753][ T8515] mem_cgroup_out_of_memory+0x1ca/0x230 [ 1253.405307][ T8515] ? memcg_event_wake+0x230/0x230 [ 1253.410352][ T8515] ? do_raw_spin_unlock+0x57/0x270 [ 1253.415473][ T8515] ? _raw_spin_unlock+0x2d/0x50 [ 1253.420347][ T8515] try_charge+0x118d/0x1790 [ 1253.424895][ T8515] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1253.430463][ T8515] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1253.436728][ T8515] ? kasan_check_read+0x11/0x20 [ 1253.441600][ T8515] ? get_mem_cgroup_from_mm+0x128/0x2b0 03:42:39 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000440), 0x132224) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() setsockopt$IPT_SO_SET_REPLACE(r1, 0x0, 0x40, &(0x7f00000000c0)=ANY=[@ANYBLOB="6e61853167377400000100000000000000000000e4dbb77487e90104000000000040800000000000001b2300000503000018030000cc0000ac010000000000001004d1e090e1fe916dd282e0f34f8dfac0dc1695c4d700001004000010030002d3a379b87c5ade6e27a603551ae6543351c2f2d3c00f3f72e011777424c981c41f852110e5d4a50bc78b2aa66b"], 0x1) ptrace$setopts(0x4206, r2, 0x0, 0x0) wait4(0x0, 0x0, 0x0, 0x0) tkill(r2, 0x3c) [ 1253.447165][ T8515] mem_cgroup_try_charge+0x24d/0x5e0 [ 1253.452492][ T8515] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1253.458143][ T8515] __handle_mm_fault+0x1e1f/0x3ec0 [ 1253.463275][ T8515] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1253.468842][ T8515] ? find_held_lock+0x35/0x130 [ 1253.473619][ T8515] ? handle_mm_fault+0x322/0xb30 [ 1253.478582][ T8515] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1253.484837][ T8515] ? kasan_check_read+0x11/0x20 [ 1253.489718][ T8515] handle_mm_fault+0x43f/0xb30 [ 1253.494509][ T8515] __get_user_pages+0x7b6/0x1a40 [ 1253.499477][ T8515] ? follow_page_mask+0x19a0/0x19a0 [ 1253.504692][ T8515] ? perf_trace_lock+0xeb/0x510 [ 1253.509568][ T8515] ? __vma_adjust+0x1840/0x1840 [ 1253.514438][ T8515] ? lock_acquire+0x16f/0x3f0 [ 1253.519125][ T8515] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1253.525385][ T8515] populate_vma_page_range+0x20d/0x2a0 [ 1253.530863][ T8515] __mm_populate+0x204/0x380 [ 1253.535474][ T8515] ? populate_vma_page_range+0x2a0/0x2a0 [ 1253.541134][ T8515] __x64_sys_mlockall+0x35c/0x520 [ 1253.546180][ T8515] do_syscall_64+0x103/0x610 [ 1253.550792][ T8515] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1253.556703][ T8515] RIP: 0033:0x458079 [ 1253.560613][ T8515] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1253.580224][ T8515] RSP: 002b:00007fa3c5772c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 1253.588645][ T8515] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000458079 [ 1253.596627][ T8515] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 1253.604609][ T8515] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1253.612591][ T8515] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa3c57736d4 [ 1253.620569][ T8515] R13: 00000000004c3d3a R14: 00000000004d6f20 R15: 00000000ffffffff [ 1253.632684][ T8515] memory: usage 307200kB, limit 307200kB, failcnt 910 [ 1253.639467][ T8515] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 03:42:40 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f000080e000)={0x2, 0xe, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0xffffff80, 0x0, @in6}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0x60}}, 0x0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x1) ioctl$EVIOCSFF(r1, 0x40304580, &(0x7f00000000c0)={0x56, 0x43, 0x10001, {0x2, 0x6}, {0x4, 0x2}, @rumble={0x8c, 0x84}}) r2 = fcntl$dupfd(r0, 0x406, r0) getsockopt$inet_sctp_SCTP_AUTOCLOSE(r2, 0x84, 0x4, &(0x7f0000000000), &(0x7f0000000040)=0x4) [ 1253.670601][ T8515] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1253.693192][ T8515] Memory cgroup stats for /syz4: cache:0KB rss:279988KB rss_huge:20480KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:235456KB active_anon:27424KB inactive_file:4KB active_file:0KB unevictable:17292KB 03:42:40 executing program 5: socket$inet_sctp(0x2, 0x5, 0x84) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f00000003c0)=ANY=[@ANYBLOB="7cdaf117ad949c33f5436f8e61287af40e63e6559df00e1c92e3892c4c1cde1e61dc755864675bb0084e5e8ed007ed531d2e2cbd9c775f9e6d807d11e9e6c7c13e9b9937"], 0x0) r1 = socket(0xa, 0x3, 0x5) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'bridge0\x00\x00\x01\x00'}) setsockopt$ARPT_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x0, 0x61, &(0x7f0000000080)={'filter\x00', 0x4}, 0x68) setsockopt$inet6_mtu(r1, 0x29, 0x17, &(0x7f00000001c0)=0x2, 0x4) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8923, &(0x7f0000000040)={'bridge0\x00', 0xfffffffffffffffd}) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCBRADDBR(r4, 0x89a0, &(0x7f00000000c0)='bcsf0\x00') setsockopt$inet6_mtu(r3, 0x29, 0x17, &(0x7f00000002c0)=0x7, 0x4) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(tnepres)\x00'}, 0x58) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r2, 0x84, 0x7c, &(0x7f0000000680)={0x0, 0x4}, &(0x7f00000006c0)=0x8) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f0000000700)={0x0, 0x0, 0x2, 0x1, r6}, 0x10) r7 = accept4(r5, 0x0, &(0x7f0000000000), 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000100), 0x0) r8 = syz_genetlink_get_family_id$nbd(&(0x7f0000000740)='nbd\x00') sendmsg$NBD_CMD_STATUS(r4, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)={0x20, r8, 0x20, 0x70bd27, 0x25dfdbfd, {}, [@NBD_ATTR_TIMEOUT={0xc, 0x4, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x4000) sendto$unix(r7, &(0x7f0000000400), 0xfffffffffffffef8, 0x0, 0x0, 0x22) bind$bt_l2cap(r2, &(0x7f0000000280)={0x1f, 0x1000, {0x2, 0x8, 0x9, 0xff, 0x40, 0x65f}, 0x5, 0xa1}, 0xe) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000200)={r3, &(0x7f0000000140)="b127e17bb4729bdbe9df3309c28cfe1b0b69a52b7f9659d9f5e15f2d086700eb94d66d46780f09e48850970774d57053aa6f75", 0x0, 0x1}, 0x20) socket$alg(0x26, 0x5, 0x0) recvmmsg(r7, &(0x7f0000009140)=[{{&(0x7f0000001580)=@in={0x2, 0x0, @dev}, 0x80, &(0x7f0000004840)=[{&(0x7f0000003840)=""/4096, 0x6}, {&(0x7f0000001600)=""/129, 0x7fffeffa}], 0x2, &(0x7f00000048c0)=""/58, 0x3a}}], 0x1, 0x0, &(0x7f0000009340)={0x0, 0x989680}) ioctl$sock_SIOCBRDELBR(r4, 0x89a1, &(0x7f0000000180)='bcsf0\x00\x00\x00\x00\x00\x00\x00\x11\x00') getsockopt$bt_rfcomm_RFCOMM_LM(r3, 0x12, 0x3, &(0x7f0000000380), &(0x7f0000000240)=0x293) sendmsg$nl_xfrm(r0, &(0x7f0000000100)={&(0x7f0000f4dff4), 0xc, &(0x7f0000000040)={&(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000c011100"], 0x1}}, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000600)={'bridge0\x00'}) [ 1253.766651][ T8515] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=8513,uid=0 03:42:40 executing program 1: syz_init_net_socket$llc(0x1a, 0x1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000a40)='xugetl\x04\x00\x00\x00\x00\x00\x00\x00age_ir_Z\xa2\xf4es\x00', 0x275a, 0x0) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000980)={r0, &(0x7f0000000800)="ab39524c6533fce2ec7386e3871297701c01494a930fce54aa6150d3acdf7460b855374e19b68de3d1ca660d8d6d631ecf1fd735d5dc6efdf9e56b1b55a0783abf6310", 0x0, 0x2}, 0x20) write$cgroup_int(r0, &(0x7f0000000000), 0xffffff6a) ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, 0x0) gettid() r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r2 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$IP_VS_SO_GET_DESTS(r2, 0x0, 0x484, &(0x7f0000000600)=""/133, &(0x7f0000000400)=0x85) [ 1253.818073][ T8515] Memory cgroup out of memory: Killed process 8513 (syz-executor.4) total-vm:72448kB, anon-rss:17268kB, file-rss:37164kB, shmem-rss:0kB [ 1253.859981][ T1043] oom_reaper: reaped process 8513 (syz-executor.4), now anon-rss:17328kB, file-rss:37944kB, shmem-rss:0kB 03:42:40 executing program 2: r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x2000, 0x0) ioctl$TIOCEXCL(r0, 0x540c) r1 = socket$key(0xf, 0x3, 0x2) ioctl$EXT4_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)=0x8000) sendmsg$key(r1, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000000040)={0x2, 0xe, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0xffffff80, 0x0, @in6}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0xffffffffffffffcc}}, 0x40000) 03:42:40 executing program 2: socket$key(0xf, 0x3, 0x2) [ 1254.176319][ T8564] IPVS: length: 133 != 24 03:42:40 executing program 4: socketpair$unix(0x1, 0x0, 0x0, 0x0) r0 = creat(0x0, 0x0) r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_STATUS(r0, 0xc05c5340, 0x0) mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x0, 0x6031, 0xffffffffffffffff, 0x0) fcntl$dupfd(r2, 0x406, r1) 03:42:40 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffff9c, 0x29, 0x22, &(0x7f0000000000)={{{@in6, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@mcast2}, 0x0, @in=@multicast1}}, &(0x7f0000000100)=0xe8) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000140)={0x0, 0x0, 0x0}, &(0x7f0000000180)=0xc) fchown(r0, r1, r2) sendmsg$key(r0, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f000080e000)={0x2, 0xe, 0xfffffffffffffffc, 0x0, 0x2}, 0x10}}, 0x0) [ 1254.446021][ T8569] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 1254.475123][ T8569] CPU: 1 PID: 8569 Comm: syz-executor.4 Not tainted 5.1.0-rc1-next-20190319 #6 [ 1254.484096][ T8569] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1254.494303][ T8569] Call Trace: [ 1254.497668][ T8569] dump_stack+0x172/0x1f0 [ 1254.502025][ T8569] dump_header+0x10f/0xb6c [ 1254.506463][ T8569] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1254.512309][ T8569] ? ___ratelimit+0x60/0x595 [ 1254.516915][ T8569] ? do_raw_spin_unlock+0x57/0x270 [ 1254.522061][ T8569] oom_kill_process.cold+0x10/0x15 [ 1254.527186][ T8569] out_of_memory+0x79a/0x1280 [ 1254.531887][ T8569] ? lock_downgrade+0x880/0x880 [ 1254.536783][ T8569] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1254.543039][ T8569] ? oom_killer_disable+0x280/0x280 [ 1254.548245][ T8569] ? find_held_lock+0x35/0x130 [ 1254.553034][ T8569] mem_cgroup_out_of_memory+0x1ca/0x230 [ 1254.558591][ T8569] ? memcg_event_wake+0x230/0x230 [ 1254.563635][ T8569] ? do_raw_spin_unlock+0x57/0x270 [ 1254.568772][ T8569] ? _raw_spin_unlock+0x2d/0x50 [ 1254.573640][ T8569] try_charge+0x118d/0x1790 [ 1254.578164][ T8569] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1254.583730][ T8569] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1254.589993][ T8569] ? kasan_check_read+0x11/0x20 [ 1254.594879][ T8569] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1254.600455][ T8569] mem_cgroup_try_charge+0x24d/0x5e0 [ 1254.605761][ T8569] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1254.611410][ T8569] __handle_mm_fault+0x1e1f/0x3ec0 [ 1254.616541][ T8569] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1254.622103][ T8569] ? find_held_lock+0x35/0x130 [ 1254.626879][ T8569] ? handle_mm_fault+0x322/0xb30 [ 1254.631854][ T8569] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1254.638115][ T8569] ? kasan_check_read+0x11/0x20 [ 1254.642982][ T8569] handle_mm_fault+0x43f/0xb30 [ 1254.647765][ T8569] __get_user_pages+0x7b6/0x1a40 [ 1254.652741][ T8569] ? follow_page_mask+0x19a0/0x19a0 [ 1254.657989][ T8569] ? perf_trace_lock+0xeb/0x510 [ 1254.662877][ T8569] ? __vma_adjust+0x1840/0x1840 [ 1254.667760][ T8569] ? lock_acquire+0x16f/0x3f0 [ 1254.672441][ T8569] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1254.678706][ T8569] populate_vma_page_range+0x20d/0x2a0 [ 1254.684189][ T8569] __mm_populate+0x204/0x380 [ 1254.688794][ T8569] ? populate_vma_page_range+0x2a0/0x2a0 [ 1254.694448][ T8569] __x64_sys_mlockall+0x35c/0x520 [ 1254.699495][ T8569] do_syscall_64+0x103/0x610 [ 1254.704105][ T8569] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1254.710006][ T8569] RIP: 0033:0x458079 [ 1254.713909][ T8569] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1254.733533][ T8569] RSP: 002b:00007fa3c5772c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 03:42:41 executing program 5: socket$inet_sctp(0x2, 0x5, 0x84) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f00000003c0)=ANY=[@ANYBLOB="7cdaf117ad949c33f5436f8e61287af40e63e6559df00e1c92e3892c4c1cde1e61dc755864675bb0084e5e8ed007ed531d2e2cbd9c775f9e6d807d11e9e6c7c13e9b9937"], 0x0) r1 = socket(0xa, 0x3, 0x5) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'bridge0\x00\x00\x01\x00'}) setsockopt$ARPT_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x0, 0x61, &(0x7f0000000080)={'filter\x00', 0x4}, 0x68) setsockopt$inet6_mtu(r1, 0x29, 0x17, &(0x7f00000001c0)=0x2, 0x4) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8923, &(0x7f0000000040)={'bridge0\x00', 0xfffffffffffffffd}) socket$inet(0x2, 0x4000000000000001, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCBRADDBR(r2, 0x89a0, &(0x7f00000000c0)='bcsf0\x00') setsockopt$inet6_mtu(0xffffffffffffffff, 0x29, 0x17, &(0x7f00000002c0)=0x7, 0x4) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(tnepres)\x00'}, 0x58) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, &(0x7f0000000680)={0x0, 0x4}, &(0x7f00000006c0)=0x8) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f0000000700)={0x0, 0x0, 0x2, 0x1, r4}, 0x10) r5 = accept4(r3, 0x0, &(0x7f0000000000), 0x0) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000100), 0x0) r6 = syz_genetlink_get_family_id$nbd(&(0x7f0000000740)='nbd\x00') sendmsg$NBD_CMD_STATUS(r2, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)={0x20, r6, 0x20, 0x70bd27, 0x25dfdbfd, {}, [@NBD_ATTR_TIMEOUT={0xc, 0x4, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x4000) sendto$unix(r5, &(0x7f0000000400), 0xfffffffffffffef8, 0x0, 0x0, 0x22) bind$bt_l2cap(0xffffffffffffffff, &(0x7f0000000280)={0x1f, 0x1000, {0x2, 0x8, 0x9, 0xff, 0x40, 0x65f}, 0x5, 0xa1}, 0xe) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000200)={0xffffffffffffffff, &(0x7f0000000140)="b127e17bb4729bdbe9df3309c28cfe1b0b69a52b7f9659d9f5e15f2d086700eb94d66d46780f09e48850970774d57053aa6f75", 0x0, 0x1}, 0x20) socket$alg(0x26, 0x5, 0x0) recvmmsg(r5, &(0x7f0000009140)=[{{&(0x7f0000001580)=@in={0x2, 0x0, @dev}, 0x80, &(0x7f0000004840)=[{&(0x7f0000003840)=""/4096, 0x6}, {&(0x7f0000001600)=""/129, 0x7fffeffa}], 0x2, &(0x7f00000048c0)=""/58, 0x3a}}], 0x1, 0x0, &(0x7f0000009340)={0x0, 0x989680}) ioctl$sock_SIOCBRDELBR(r2, 0x89a1, &(0x7f0000000180)='bcsf0\x00\x00\x00\x00\x00\x00\x00\x11\x00') getsockopt$bt_rfcomm_RFCOMM_LM(0xffffffffffffffff, 0x12, 0x3, &(0x7f0000000380), &(0x7f0000000240)=0x293) sendmsg$nl_xfrm(r0, &(0x7f0000000100)={&(0x7f0000f4dff4), 0xc, &(0x7f0000000040)={&(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000c011100"], 0x1}}, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000600)={'bridge0\x00'}) 03:42:41 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) syz_open_dev$video(&(0x7f0000000180)='/dev/video#\x00', 0x3f, 0x60040) sendmsg$key(r0, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000000000)=ANY=[@ANYBLOB="020e00000c000000000000000000000005000600808000000a0000000000000000000000000000000000000000000000000000000000000005000500000000000a00000000000000fe8000000000000000000000000000ff000100000000000027438dc3594e7fa1afddfdcee0680bc3c0778d4132bac71bcccb198192deda5f13927704cf89c8fc0c5a1dc5cbddfc88267f37adac3d4dfe96788d477802932e8db608000000000000000d4eca38b3da2209001783b84ecd2dddad9cd0beac7d035f746746497e28fb4d3f2ca0acdd6dcc6a95ba78e11307dfae9479405910092d04a5431596f3921c2868e207075a6b3cbf4fe41c9ac8842845bac3a812fddc0c43d66191fc5aa2f7e5f42b7312f1ef9c86938112c456b22a5daed4a77488225cae341ca431b81776c2cb27ddb49eccfcab119ae716c9bcb4898385911d91b99ec71e1f8b"], 0x60}}, 0x0) [ 1254.741955][ T8569] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000458079 [ 1254.749942][ T8569] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 1254.757934][ T8569] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1254.765929][ T8569] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa3c57736d4 [ 1254.773909][ T8569] R13: 00000000004c3d3a R14: 00000000004d6f20 R15: 00000000ffffffff [ 1254.821070][ T8569] memory: usage 307200kB, limit 307200kB, failcnt 939 [ 1254.834054][ T8569] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1254.856454][ T8569] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1254.883655][ T8569] Memory cgroup stats for /syz4: cache:0KB rss:279964KB rss_huge:20480KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:235456KB active_anon:27424KB inactive_file:4KB active_file:0KB unevictable:17268KB [ 1254.966270][ T8569] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=8568,uid=0 [ 1254.987295][ T8569] Memory cgroup out of memory: Killed process 8568 (syz-executor.4) total-vm:72448kB, anon-rss:17008kB, file-rss:37164kB, shmem-rss:0kB [ 1255.002538][ T1043] oom_reaper: reaped process 8568 (syz-executor.4), now anon-rss:17052kB, file-rss:37940kB, shmem-rss:0kB [ 1255.680649][ C1] net_ratelimit: 20 callbacks suppressed [ 1255.680655][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1255.692093][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1255.760651][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1255.766443][ C0] protocol 88fb is buggy, dev hsr_slave_1 03:42:42 executing program 0: clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x1) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x20000000, 0xd0}) ptrace$cont(0x1f, r0, 0x0, 0x0) 03:42:42 executing program 1: syz_init_net_socket$llc(0x1a, 0x1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000a40)='xugetl\x04\x00\x00\x00\x00\x00\x00\x00age_ir_Z\xa2\xf4es\x00', 0x275a, 0x0) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000980)={r0, &(0x7f0000000800)="ab39524c6533fce2ec7386e3871297701c01494a930fce54aa6150d3acdf7460b855374e19b68de3d1ca660d8d6d631ecf1fd735d5dc6efdf9e56b1b55a0783abf6310", 0x0, 0x2}, 0x20) write$cgroup_int(r0, &(0x7f0000000000), 0xffffff6a) ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r2 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$IP_VS_SO_GET_DESTS(r2, 0x0, 0x484, &(0x7f0000000600)=""/133, &(0x7f0000000400)=0x85) [ 1256.240683][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1256.246553][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1256.252404][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1256.258153][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1256.263992][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1256.269767][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1256.363545][ T8591] IPVS: length: 133 != 24 03:42:42 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000440), 0x132224) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() setsockopt$IPT_SO_SET_REPLACE(r1, 0x0, 0x40, &(0x7f00000000c0)=ANY=[@ANYBLOB="6e61853167377400000100000000000000000000e4dbb77487e90104000000000040800000000000001b2300000503000018030000cc0000ac010000000000001004d1e090e1fe916dd282e0f34f8dfac0dc1695c4d700001004000010030002d3a379b87c5ade6e27a603551ae6543351c2f2d3c00f3f72e011777424c981c41f852110e5d4a50bc78b2aa66b63012812d04b94d660aab341cfe8364422b866cd445d5d0f"], 0x1) ptrace$setopts(0x4206, r2, 0x0, 0x0) wait4(0x0, 0x0, 0x0, 0x0) tkill(r2, 0x3c) 03:42:42 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000000000)=ANY=[@ANYBLOB="020e00000c000000000000000000000005000600008000000a0000000000000000000000000000000000000000000000004000000000000005869700000000000000000000000000fe8000000000000000000000000000ff000000000000000083c2c7a766ea0d7bc2fd7e459f184feec4dc216b00aadf8d95c0bd7a30ecb8c893778f0d1dc06d05661207f07a51e5494ee32de016d826507bff570a"], 0x60}}, 0x0) 03:42:42 executing program 4: socketpair$unix(0x1, 0x0, 0x0, 0x0) r0 = creat(0x0, 0x0) r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_STATUS(r0, 0xc05c5340, 0x0) mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x0, 0x6031, 0xffffffffffffffff, 0x0) fcntl$dupfd(r2, 0x406, r1) 03:42:42 executing program 5: socket$inet_sctp(0x2, 0x5, 0x84) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f00000003c0)=ANY=[@ANYBLOB="7cdaf117ad949c33f5436f8e61287af40e63e6559df00e1c92e3892c4c1cde1e61dc755864675bb0084e5e8ed007ed531d2e2cbd9c775f9e6d807d11e9e6c7c13e9b9937"], 0x0) r1 = socket(0xa, 0x3, 0x5) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'bridge0\x00\x00\x01\x00'}) setsockopt$ARPT_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x0, 0x61, &(0x7f0000000080)={'filter\x00', 0x4}, 0x68) setsockopt$inet6_mtu(r1, 0x29, 0x17, &(0x7f00000001c0)=0x2, 0x4) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8923, &(0x7f0000000040)={'bridge0\x00', 0xfffffffffffffffd}) socket$inet(0x2, 0x4000000000000001, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCBRADDBR(r2, 0x89a0, &(0x7f00000000c0)='bcsf0\x00') setsockopt$inet6_mtu(0xffffffffffffffff, 0x29, 0x17, &(0x7f00000002c0)=0x7, 0x4) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(tnepres)\x00'}, 0x58) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, &(0x7f0000000680)={0x0, 0x4}, &(0x7f00000006c0)=0x8) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f0000000700)={0x0, 0x0, 0x2, 0x1, r4}, 0x10) r5 = accept4(r3, 0x0, &(0x7f0000000000), 0x0) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000100), 0x0) r6 = syz_genetlink_get_family_id$nbd(&(0x7f0000000740)='nbd\x00') sendmsg$NBD_CMD_STATUS(r2, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)={0x20, r6, 0x20, 0x70bd27, 0x25dfdbfd, {}, [@NBD_ATTR_TIMEOUT={0xc, 0x4, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x4000) sendto$unix(r5, &(0x7f0000000400), 0xfffffffffffffef8, 0x0, 0x0, 0x22) bind$bt_l2cap(0xffffffffffffffff, &(0x7f0000000280)={0x1f, 0x1000, {0x2, 0x8, 0x9, 0xff, 0x40, 0x65f}, 0x5, 0xa1}, 0xe) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000200)={0xffffffffffffffff, &(0x7f0000000140)="b127e17bb4729bdbe9df3309c28cfe1b0b69a52b7f9659d9f5e15f2d086700eb94d66d46780f09e48850970774d57053aa6f75", 0x0, 0x1}, 0x20) socket$alg(0x26, 0x5, 0x0) recvmmsg(r5, &(0x7f0000009140)=[{{&(0x7f0000001580)=@in={0x2, 0x0, @dev}, 0x80, &(0x7f0000004840)=[{&(0x7f0000003840)=""/4096, 0x6}, {&(0x7f0000001600)=""/129, 0x7fffeffa}], 0x2, &(0x7f00000048c0)=""/58, 0x3a}}], 0x1, 0x0, &(0x7f0000009340)={0x0, 0x989680}) ioctl$sock_SIOCBRDELBR(r2, 0x89a1, &(0x7f0000000180)='bcsf0\x00\x00\x00\x00\x00\x00\x00\x11\x00') getsockopt$bt_rfcomm_RFCOMM_LM(0xffffffffffffffff, 0x12, 0x3, &(0x7f0000000380), &(0x7f0000000240)=0x293) sendmsg$nl_xfrm(r0, &(0x7f0000000100)={&(0x7f0000f4dff4), 0xc, &(0x7f0000000040)={&(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000c011100"], 0x1}}, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000600)={'bridge0\x00'}) 03:42:43 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) r1 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000400)='/dev/mixer\x00', 0x200080, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_INFO(r1, 0x40bc5311, &(0x7f0000000040)={0x0, 0x0, 'client1\x00', 0x3, "5d68b91aa2e5f367", "d73f9954d513367d4704f8b98fb82e4fd183b45f9be65931db3c5339238b3ca5", 0x10001, 0x7fffffff}) socket$nl_generic(0x10, 0x3, 0x10) setsockopt$bt_BT_POWER(r1, 0x112, 0x9, &(0x7f0000000140)=0x6, 0x0) setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(r1, 0x6, 0x21, &(0x7f0000000100)="3f8049f9d2a1b052914deeaf387ad773", 0x10) sendmsg$key(r0, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f000080e000)={0x2, 0xe, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0xffffff80, 0x0, @in6}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0x60}}, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f00000001c0)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000180)={0xffffffffffffffff}, 0x13f}}, 0x20) write$RDMA_USER_CM_CMD_ACCEPT(r1, &(0x7f0000000200)={0x8, 0x120, 0xfa00, {0x3, {0x5, 0x0, "f4c141358a184b106899e2cc9e5b34fe78aeaf165dbd04338483450ee941ef12ae3db99c766c9bdea04e687ce414d705b0f290a114861c090ca6d5a589d498b55ee565a11ea68e839ab645440b2b327509b23db24f423584318c99448e30adb2ab9286e32fe57f8abb877e2ce6993555c5bf444ca15732aa792e4d0ede17d7fec8691cb79d363dad78909107997f529731e2570cdfd801535b879e227b4495a64f386cedb2ed01aaec4de9ea7aa88f2e322d2e25070a26b9361399574b08447accaa73c54eb84b3bfb34d27c5833cee44bebb6cd5805766850238a6891051f042776837f26673535146aa8dde30dddfe075fdacbb1f3a897c1b08ab0c496a9e1", 0x9e, 0x9, 0x8001, 0x0, 0xffffffff, 0x8, 0x69f}, r2}}, 0x128) 03:42:43 executing program 1: syz_init_net_socket$llc(0x1a, 0x1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000a40)='xugetl\x04\x00\x00\x00\x00\x00\x00\x00age_ir_Z\xa2\xf4es\x00', 0x275a, 0x0) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000980)={r0, &(0x7f0000000800)="ab39524c6533fce2ec7386e3871297701c01494a930fce54aa6150d3acdf7460b855374e19b68de3d1ca660d8d6d631ecf1fd735d5dc6efdf9e56b1b55a0783abf6310", 0x0, 0x2}, 0x20) write$cgroup_int(r0, &(0x7f0000000000), 0xffffff6a) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r2 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$IP_VS_SO_GET_DESTS(r2, 0x0, 0x484, &(0x7f0000000600)=""/133, &(0x7f0000000400)=0x85) 03:42:43 executing program 2: socket$key(0xf, 0x3, 0x2) [ 1256.928864][ T8593] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 1256.958798][ T8593] CPU: 0 PID: 8593 Comm: syz-executor.4 Not tainted 5.1.0-rc1-next-20190319 #6 [ 1256.967754][ T8593] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1256.977812][ T8593] Call Trace: [ 1256.981116][ T8593] dump_stack+0x172/0x1f0 [ 1256.985460][ T8593] dump_header+0x10f/0xb6c [ 1256.989888][ T8593] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1256.995718][ T8593] ? ___ratelimit+0x60/0x595 [ 1257.000320][ T8593] ? do_raw_spin_unlock+0x57/0x270 [ 1257.005982][ T8593] oom_kill_process.cold+0x10/0x15 [ 1257.011106][ T8593] out_of_memory+0x79a/0x1280 [ 1257.015802][ T8593] ? lock_downgrade+0x880/0x880 [ 1257.020697][ T8593] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1257.026960][ T8593] ? oom_killer_disable+0x280/0x280 [ 1257.032169][ T8593] ? find_held_lock+0x35/0x130 [ 1257.036975][ T8593] mem_cgroup_out_of_memory+0x1ca/0x230 [ 1257.042536][ T8593] ? memcg_event_wake+0x230/0x230 [ 1257.047581][ T8593] ? do_raw_spin_unlock+0x57/0x270 [ 1257.053259][ T8593] ? _raw_spin_unlock+0x2d/0x50 [ 1257.058126][ T8593] try_charge+0x118d/0x1790 [ 1257.062651][ T8593] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1257.068214][ T8593] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1257.074469][ T8593] ? kasan_check_read+0x11/0x20 [ 1257.079332][ T8593] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1257.084891][ T8593] mem_cgroup_try_charge+0x24d/0x5e0 [ 1257.090209][ T8593] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1257.095857][ T8593] __handle_mm_fault+0x1e1f/0x3ec0 [ 1257.100988][ T8593] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1257.106545][ T8593] ? find_held_lock+0x35/0x130 [ 1257.111317][ T8593] ? handle_mm_fault+0x322/0xb30 [ 1257.116275][ T8593] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1257.122531][ T8593] ? kasan_check_read+0x11/0x20 [ 1257.127398][ T8593] handle_mm_fault+0x43f/0xb30 [ 1257.132178][ T8593] __get_user_pages+0x7b6/0x1a40 [ 1257.137149][ T8593] ? follow_page_mask+0x19a0/0x19a0 [ 1257.142351][ T8593] ? perf_trace_lock+0xeb/0x510 [ 1257.147219][ T8593] ? __vma_adjust+0x1840/0x1840 [ 1257.152087][ T8593] ? lock_acquire+0x16f/0x3f0 [ 1257.156773][ T8593] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1257.163030][ T8593] populate_vma_page_range+0x20d/0x2a0 [ 1257.168509][ T8593] __mm_populate+0x204/0x380 [ 1257.173114][ T8593] ? populate_vma_page_range+0x2a0/0x2a0 [ 1257.178769][ T8593] __x64_sys_mlockall+0x35c/0x520 [ 1257.183808][ T8593] do_syscall_64+0x103/0x610 [ 1257.188454][ T8593] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1257.194353][ T8593] RIP: 0033:0x458079 [ 1257.198258][ T8593] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1257.217865][ T8593] RSP: 002b:00007fa3c5772c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 1257.226283][ T8593] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000458079 [ 1257.234345][ T8593] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 1257.242318][ T8593] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1257.250300][ T8593] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa3c57736d4 [ 1257.258281][ T8593] R13: 00000000004c3d3a R14: 00000000004d6f20 R15: 00000000ffffffff [ 1257.269542][ T8617] IPVS: length: 133 != 24 [ 1257.271172][ T8593] memory: usage 307200kB, limit 307200kB, failcnt 960 [ 1257.280987][ T8593] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1257.288662][ T8593] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1257.296230][ T8593] Memory cgroup stats for /syz4: cache:0KB rss:279936KB rss_huge:18432KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:235456KB active_anon:27424KB inactive_file:4KB active_file:0KB unevictable:17248KB [ 1257.318858][ T8593] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=8592,uid=0 03:42:43 executing program 5: socket$inet_sctp(0x2, 0x5, 0x84) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f00000003c0)=ANY=[@ANYBLOB="7cdaf117ad949c33f5436f8e61287af40e63e6559df00e1c92e3892c4c1cde1e61dc755864675bb0084e5e8ed007ed531d2e2cbd9c775f9e6d807d11e9e6c7c13e9b9937"], 0x0) r1 = socket(0xa, 0x3, 0x5) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'bridge0\x00\x00\x01\x00'}) setsockopt$ARPT_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x0, 0x61, &(0x7f0000000080)={'filter\x00', 0x4}, 0x68) setsockopt$inet6_mtu(r1, 0x29, 0x17, &(0x7f00000001c0)=0x2, 0x4) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8923, &(0x7f0000000040)={'bridge0\x00', 0xfffffffffffffffd}) socket$inet(0x2, 0x4000000000000001, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCBRADDBR(r2, 0x89a0, &(0x7f00000000c0)='bcsf0\x00') setsockopt$inet6_mtu(0xffffffffffffffff, 0x29, 0x17, &(0x7f00000002c0)=0x7, 0x4) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(tnepres)\x00'}, 0x58) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, &(0x7f0000000680)={0x0, 0x4}, &(0x7f00000006c0)=0x8) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f0000000700)={0x0, 0x0, 0x2, 0x1, r4}, 0x10) r5 = accept4(r3, 0x0, &(0x7f0000000000), 0x0) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000100), 0x0) r6 = syz_genetlink_get_family_id$nbd(&(0x7f0000000740)='nbd\x00') sendmsg$NBD_CMD_STATUS(r2, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)={0x20, r6, 0x20, 0x70bd27, 0x25dfdbfd, {}, [@NBD_ATTR_TIMEOUT={0xc, 0x4, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x4000) sendto$unix(r5, &(0x7f0000000400), 0xfffffffffffffef8, 0x0, 0x0, 0x22) bind$bt_l2cap(0xffffffffffffffff, &(0x7f0000000280)={0x1f, 0x1000, {0x2, 0x8, 0x9, 0xff, 0x40, 0x65f}, 0x5, 0xa1}, 0xe) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000200)={0xffffffffffffffff, &(0x7f0000000140)="b127e17bb4729bdbe9df3309c28cfe1b0b69a52b7f9659d9f5e15f2d086700eb94d66d46780f09e48850970774d57053aa6f75", 0x0, 0x1}, 0x20) socket$alg(0x26, 0x5, 0x0) recvmmsg(r5, &(0x7f0000009140)=[{{&(0x7f0000001580)=@in={0x2, 0x0, @dev}, 0x80, &(0x7f0000004840)=[{&(0x7f0000003840)=""/4096, 0x6}, {&(0x7f0000001600)=""/129, 0x7fffeffa}], 0x2, &(0x7f00000048c0)=""/58, 0x3a}}], 0x1, 0x0, &(0x7f0000009340)={0x0, 0x989680}) ioctl$sock_SIOCBRDELBR(r2, 0x89a1, &(0x7f0000000180)='bcsf0\x00\x00\x00\x00\x00\x00\x00\x11\x00') getsockopt$bt_rfcomm_RFCOMM_LM(0xffffffffffffffff, 0x12, 0x3, &(0x7f0000000380), &(0x7f0000000240)=0x293) sendmsg$nl_xfrm(r0, &(0x7f0000000100)={&(0x7f0000f4dff4), 0xc, &(0x7f0000000040)={&(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000c011100"], 0x1}}, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000600)={'bridge0\x00'}) [ 1257.359359][ T8593] Memory cgroup out of memory: Killed process 8592 (syz-executor.4) total-vm:72448kB, anon-rss:17072kB, file-rss:37164kB, shmem-rss:0kB 03:42:43 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000280)={0x2, 0xf, 0x2c, 0xf, 0x1e, 0x0, 0x70bd26, 0x25dfdbfd, [@sadb_x_policy={0x8, 0x12, 0x1, 0x0, 0x0, 0x4, 0x6, {0x6, 0x3f, 0x8, 0x2bf, 0x0, 0x20, 0x0, @in6=@ipv4={[], [], @remote}, @in6=@dev}}, @sadb_x_sa2={0x2, 0x13, 0x0, 0x0, 0x0, 0x70bd2a, 0x3507}, @sadb_x_policy={0x8, 0x12, 0x3, 0x0, 0x0, 0x6e6bb2, 0x3, {0x6, 0x0, 0x2, 0xffffffff, 0x0, 0x1, 0x0, @in=@multicast1, @in6=@initdev={0xfe, 0x88, [], 0x0, 0x0}}}, @sadb_x_nat_t_port={0x1, 0x15, 0x4e20}, @sadb_lifetime={0x4, 0x2, 0x80000001, 0x3b92eb77, 0x2, 0x1000}, @sadb_x_kmaddress={0x5, 0x19, 0x0, @in={0x2, 0x4e21, @empty}, @in={0x2, 0x4e22, @local}}]}, 0xf0}}, 0x1) write$binfmt_elf64(r0, &(0x7f0000000380)={{0x7f, 0x45, 0x4c, 0x46, 0x917, 0xfffffffffffffffd, 0x0, 0x80000001, 0x3, 0x3, 0x7, 0x4, 0x23f, 0x40, 0x159, 0x8001, 0xff, 0x38, 0x2, 0x9, 0x9, 0xffffffffffffffbd}, [{0x70000007, 0x101, 0x80, 0xebb1, 0x0, 0x9, 0x0, 0x1e}, {0x0, 0x80000000, 0x25, 0x3, 0xb8, 0x1, 0x444cc96d}], "ddaf50a231f984ee669f1261ec0249b6a82629661ddf113b1d4a2669b0ca0e24f7f1", [[], [], [], [], [], []]}, 0x6d2) r1 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x80000001, 0x8001) r2 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_SET_CONFIG(r1, &(0x7f0000000a80)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8014}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, r2, 0x10, 0x70bd25, 0x25dfdbfc, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000004}, 0x4800) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000000200)={0x1, 0x6, 0x3, 0x0, 0x0, [{r0, 0x0, 0x3ff}, {r0, 0x0, 0x7}, {r0, 0x0, 0x100000000}]}) write$P9_RMKDIR(r0, &(0x7f00000001c0)={0x14, 0x49, 0x2, {0x0, 0x4, 0x4}}, 0x14) sendmsg$key(r0, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f000080e000)=ANY=[@ANYBLOB="020e00000c000000000000000000000005000600008000000a00000000000000000100000000e2380000000000000000000000000000000005000500000000000a00000000000000fe800000000000e8ffffffffffffffff0000000000000000"], 0x60}}, 0x0) [ 1257.422400][ T1043] oom_reaper: reaped process 8592 (syz-executor.4), now anon-rss:17120kB, file-rss:37944kB, shmem-rss:0kB 03:42:44 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) r1 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mixer\x00', 0x800, 0x0) setsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r1, 0x84, 0x13, &(0x7f0000000040)=0x825, 0x4) sendmsg$key(r0, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f000080e000)={0x2, 0xe, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0xffffff80, 0x0, @in6}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0x60}}, 0x0) write$P9_RCLUNK(r0, &(0x7f0000000080)={0x7, 0x79, 0x1}, 0x7) 03:42:45 executing program 0: clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x1) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x20000000, 0xd0}) ptrace$cont(0x1f, r0, 0x0, 0x0) 03:42:45 executing program 4: socketpair$unix(0x1, 0x0, 0x0, 0x0) r0 = creat(0x0, 0x0) r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_STATUS(r0, 0xc05c5340, 0x0) mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x0, 0x6031, 0xffffffffffffffff, 0x0) fcntl$dupfd(r2, 0x406, r1) [ 1259.446111][ T8637] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 1259.456222][ T8637] CPU: 0 PID: 8637 Comm: syz-executor.4 Not tainted 5.1.0-rc1-next-20190319 #6 [ 1259.465170][ T8637] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1259.475227][ T8637] Call Trace: [ 1259.478530][ T8637] dump_stack+0x172/0x1f0 [ 1259.482880][ T8637] dump_header+0x10f/0xb6c [ 1259.487321][ T8637] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1259.493127][ T8637] ? ___ratelimit+0x60/0x595 [ 1259.497724][ T8637] ? do_raw_spin_unlock+0x57/0x270 [ 1259.502839][ T8637] oom_kill_process.cold+0x10/0x15 [ 1259.507955][ T8637] out_of_memory+0x79a/0x1280 [ 1259.512633][ T8637] ? lock_downgrade+0x880/0x880 [ 1259.517482][ T8637] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1259.523727][ T8637] ? oom_killer_disable+0x280/0x280 [ 1259.528951][ T8637] ? find_held_lock+0x35/0x130 [ 1259.533729][ T8637] mem_cgroup_out_of_memory+0x1ca/0x230 [ 1259.539273][ T8637] ? memcg_event_wake+0x230/0x230 [ 1259.544305][ T8637] ? do_raw_spin_unlock+0x57/0x270 [ 1259.549420][ T8637] ? _raw_spin_unlock+0x2d/0x50 [ 1259.554271][ T8637] try_charge+0x118d/0x1790 [ 1259.558793][ T8637] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1259.564339][ T8637] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1259.570583][ T8637] ? kasan_check_read+0x11/0x20 [ 1259.575434][ T8637] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1259.580984][ T8637] mem_cgroup_try_charge+0x24d/0x5e0 [ 1259.586276][ T8637] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1259.591911][ T8637] __handle_mm_fault+0x1e1f/0x3ec0 [ 1259.597041][ T8637] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1259.602583][ T8637] ? find_held_lock+0x35/0x130 [ 1259.607344][ T8637] ? handle_mm_fault+0x322/0xb30 [ 1259.612293][ T8637] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1259.618534][ T8637] ? kasan_check_read+0x11/0x20 [ 1259.623385][ T8637] handle_mm_fault+0x43f/0xb30 [ 1259.628155][ T8637] __get_user_pages+0x7b6/0x1a40 [ 1259.633105][ T8637] ? follow_page_mask+0x19a0/0x19a0 [ 1259.638298][ T8637] ? perf_trace_lock+0xeb/0x510 [ 1259.643147][ T8637] ? __vma_adjust+0x1840/0x1840 [ 1259.648006][ T8637] ? lock_acquire+0x16f/0x3f0 [ 1259.652678][ T8637] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1259.658931][ T8637] populate_vma_page_range+0x20d/0x2a0 [ 1259.664397][ T8637] __mm_populate+0x204/0x380 [ 1259.668992][ T8637] ? populate_vma_page_range+0x2a0/0x2a0 [ 1259.674634][ T8637] __x64_sys_mlockall+0x35c/0x520 [ 1259.679660][ T8637] do_syscall_64+0x103/0x610 [ 1259.684253][ T8637] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1259.690137][ T8637] RIP: 0033:0x458079 [ 1259.694032][ T8637] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1259.713629][ T8637] RSP: 002b:00007fa3c5772c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 1259.722041][ T8637] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000458079 [ 1259.730004][ T8637] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 1259.737968][ T8637] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 03:42:46 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000440), 0x132224) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() setsockopt$IPT_SO_SET_REPLACE(r1, 0x0, 0x40, &(0x7f00000000c0)=ANY=[@ANYBLOB="6e61853167377400000100000000000000000000e4dbb77487e90104000000000040800000000000001b2300000503000018030000cc0000ac010000000000001004d1e090e1fe916dd282e0f34f8dfac0dc1695c4d700001004000010030002d3a379b87c5ade6e27a603551ae6543351c2f2d3c00f3f72e011777424c981c41f852110e5d4a50bc78b2aa66b63012812d04b94d660aab341cfe8364422b866cd445d5d0f"], 0x1) ptrace$setopts(0x4206, r2, 0x0, 0x0) wait4(0x0, 0x0, 0x0, 0x0) tkill(r2, 0x3c) 03:42:46 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f000080e000)={0x2, 0xe, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0xffffff80, 0x0, @in6}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0x60}}, 0x0) r1 = openat$random(0xffffffffffffff9c, &(0x7f0000000080)='/dev/urandom\x00', 0x10000, 0x0) ioctl$RNDZAPENTCNT(r1, 0x5204, &(0x7f00000000c0)=0x7) r2 = syz_open_dev$media(&(0x7f0000000000)='/dev/media#\x00', 0x7ff, 0x80000) ioctl$TUNSETVNETBE(r2, 0x400454de, &(0x7f0000000040)=0x1) 03:42:46 executing program 1: syz_init_net_socket$llc(0x1a, 0x1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000a40)='xugetl\x04\x00\x00\x00\x00\x00\x00\x00age_ir_Z\xa2\xf4es\x00', 0x275a, 0x0) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000980)={r0, &(0x7f0000000800)="ab39524c6533fce2ec7386e3871297701c01494a930fce54aa6150d3acdf7460b855374e19b68de3d1ca660d8d6d631ecf1fd735d5dc6efdf9e56b1b55a0783abf6310", 0x0, 0x2}, 0x20) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r2 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$IP_VS_SO_GET_DESTS(r2, 0x0, 0x484, &(0x7f0000000600)=""/133, &(0x7f0000000400)=0x85) 03:42:46 executing program 5: socket$inet_sctp(0x2, 0x5, 0x84) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f00000003c0)=ANY=[@ANYBLOB="7cdaf117ad949c33f5436f8e61287af40e63e6559df00e1c92e3892c4c1cde1e61dc755864675bb0084e5e8ed007ed531d2e2cbd9c775f9e6d807d11e9e6c7c13e9b9937"], 0x0) r1 = socket(0xa, 0x3, 0x5) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'bridge0\x00\x00\x01\x00'}) setsockopt$ARPT_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x0, 0x61, &(0x7f0000000080)={'filter\x00', 0x4}, 0x68) setsockopt$inet6_mtu(r1, 0x29, 0x17, &(0x7f00000001c0)=0x2, 0x4) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) socket$inet(0x2, 0x4000000000000001, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCBRADDBR(r4, 0x89a0, &(0x7f00000000c0)='bcsf0\x00') setsockopt$inet6_mtu(r3, 0x29, 0x17, &(0x7f00000002c0)=0x7, 0x4) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(tnepres)\x00'}, 0x58) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r2, 0x84, 0x7c, &(0x7f0000000680)={0x0, 0x4}, &(0x7f00000006c0)=0x8) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f0000000700)={0x0, 0x0, 0x2, 0x1, r6}, 0x10) r7 = accept4(r5, 0x0, &(0x7f0000000000), 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000100), 0x0) r8 = syz_genetlink_get_family_id$nbd(&(0x7f0000000740)='nbd\x00') sendmsg$NBD_CMD_STATUS(r4, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)={0x20, r8, 0x20, 0x70bd27, 0x25dfdbfd, {}, [@NBD_ATTR_TIMEOUT={0xc, 0x4, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x4000) sendto$unix(r7, &(0x7f0000000400), 0xfffffffffffffef8, 0x0, 0x0, 0x22) bind$bt_l2cap(r2, &(0x7f0000000280)={0x1f, 0x1000, {0x2, 0x8, 0x9, 0xff, 0x40, 0x65f}, 0x5, 0xa1}, 0xe) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000200)={r3, &(0x7f0000000140)="b127e17bb4729bdbe9df3309c28cfe1b0b69a52b7f9659d9f5e15f2d086700eb94d66d46780f09e48850970774d57053aa6f75", 0x0, 0x1}, 0x20) socket$alg(0x26, 0x5, 0x0) recvmmsg(r7, &(0x7f0000009140)=[{{&(0x7f0000001580)=@in={0x2, 0x0, @dev}, 0x80, &(0x7f0000004840)=[{&(0x7f0000003840)=""/4096, 0x6}, {&(0x7f0000001600)=""/129, 0x7fffeffa}], 0x2, &(0x7f00000048c0)=""/58, 0x3a}}], 0x1, 0x0, &(0x7f0000009340)={0x0, 0x989680}) ioctl$sock_SIOCBRDELBR(r4, 0x89a1, &(0x7f0000000180)='bcsf0\x00\x00\x00\x00\x00\x00\x00\x11\x00') getsockopt$bt_rfcomm_RFCOMM_LM(r3, 0x12, 0x3, &(0x7f0000000380), &(0x7f0000000240)=0x293) sendmsg$nl_xfrm(r0, &(0x7f0000000100)={&(0x7f0000f4dff4), 0xc, &(0x7f0000000040)={&(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000c011100"], 0x1}}, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000600)={'bridge0\x00'}) 03:42:46 executing program 0: clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x1) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x20000000, 0xd0}) ptrace$cont(0x1f, r0, 0x0, 0x0) [ 1259.745940][ T8637] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa3c57736d4 [ 1259.753909][ T8637] R13: 00000000004c3d3a R14: 00000000004d6f20 R15: 00000000ffffffff [ 1259.770687][ T8637] memory: usage 307200kB, limit 307200kB, failcnt 992 [ 1259.777579][ T8637] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1259.819513][ T8646] IPVS: length: 133 != 24 [ 1259.824372][ T8637] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 03:42:46 executing program 0: clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x1) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 03:42:46 executing program 1: syz_init_net_socket$llc(0x1a, 0x1, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000a40)='xugetl\x04\x00\x00\x00\x00\x00\x00\x00age_ir_Z\xa2\xf4es\x00', 0x275a, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$IP_VS_SO_GET_DESTS(r1, 0x0, 0x484, &(0x7f0000000600)=""/133, &(0x7f0000000400)=0x85) [ 1259.848385][ T8637] Memory cgroup stats for /syz4: cache:0KB rss:280056KB rss_huge:18432KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:235456KB active_anon:27424KB inactive_file:4KB active_file:0KB unevictable:17212KB 03:42:46 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) r1 = syz_open_dev$sndpcmc(&(0x7f00000004c0)='/dev/snd/pcmC#D#c\x00', 0x51a00000, 0x101400) getsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r1, 0x84, 0x13, 0xfffffffffffffffd, &(0x7f0000000500)) sendmsg$key(r0, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f000080e000)={0x2, 0xe, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0xffffff80, 0x0, @in6}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0x60}}, 0x0) [ 1259.925695][ T8637] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=8635,uid=0 [ 1259.944318][ T8663] IPVS: length: 133 != 24 03:42:46 executing program 1: syz_init_net_socket$llc(0x1a, 0x1, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$IP_VS_SO_GET_DESTS(r1, 0x0, 0x484, &(0x7f0000000600)=""/133, &(0x7f0000000400)=0x85) [ 1259.965142][ T8637] Memory cgroup out of memory: Killed process 8635 (syz-executor.4) total-vm:72448kB, anon-rss:17072kB, file-rss:37164kB, shmem-rss:0kB [ 1260.010618][ T1043] oom_reaper: reaped process 8635 (syz-executor.4), now anon-rss:17120kB, file-rss:37944kB, shmem-rss:0kB 03:42:46 executing program 2: r0 = add_key$keyring(&(0x7f0000000040)='keyring\x00', &(0x7f0000000080)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) keyctl$invalidate(0x15, r0) r1 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r1, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020e00000c000000000000000000000005000600008000000a0000000000000000000000000000000000000000000000000000000000000005000500000000000a00000000000000fe8000000000000000000000000000ff000000000000000099f01d1c384376f55de682a0e3006a2d71c2d14e48ae7fc5719236df4ba73213dc28fc164ef472efbd255d0ad14110d168a443c3a74dde2a5cb616098d0627a3325024a950a43a25"], 0x60}}, 0x0) r2 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vga_arbiter\x00', 0x6002, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r2, 0x40042409, 0x0) [ 1260.102836][ T8671] IPVS: length: 133 != 24 03:42:46 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$IP_VS_SO_GET_DESTS(r1, 0x0, 0x484, &(0x7f0000000600)=""/133, &(0x7f0000000400)=0x85) 03:42:46 executing program 4: socketpair$unix(0x1, 0x0, 0x0, 0x0) r0 = creat(0x0, 0x0) r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_STATUS(r0, 0xc05c5340, &(0x7f0000000200)={0x0, 0x9, 0xff, {}, 0x2, 0x1}) mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x0, 0x6031, 0xffffffffffffffff, 0x0) fcntl$dupfd(r2, 0x406, r1) [ 1260.248885][ T8676] IPVS: length: 133 != 24 [ 1260.468274][ T8678] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 1260.479576][ T8678] CPU: 1 PID: 8678 Comm: syz-executor.4 Not tainted 5.1.0-rc1-next-20190319 #6 [ 1260.488528][ T8678] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1260.498566][ T8678] Call Trace: [ 1260.501855][ T8678] dump_stack+0x172/0x1f0 [ 1260.506223][ T8678] dump_header+0x10f/0xb6c [ 1260.510633][ T8678] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1260.516645][ T8678] ? ___ratelimit+0x60/0x595 [ 1260.521245][ T8678] ? do_raw_spin_unlock+0x57/0x270 [ 1260.526341][ T8678] oom_kill_process.cold+0x10/0x15 [ 1260.531451][ T8678] out_of_memory+0x79a/0x1280 [ 1260.536135][ T8678] ? lock_downgrade+0x880/0x880 [ 1260.540996][ T8678] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1260.547228][ T8678] ? oom_killer_disable+0x280/0x280 [ 1260.552412][ T8678] ? find_held_lock+0x35/0x130 [ 1260.557176][ T8678] mem_cgroup_out_of_memory+0x1ca/0x230 [ 1260.562733][ T8678] ? memcg_event_wake+0x230/0x230 [ 1260.567752][ T8678] ? do_raw_spin_unlock+0x57/0x270 [ 1260.572873][ T8678] ? _raw_spin_unlock+0x2d/0x50 [ 1260.577716][ T8678] try_charge+0x118d/0x1790 [ 1260.582212][ T8678] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1260.587764][ T8678] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1260.594010][ T8678] ? kasan_check_read+0x11/0x20 [ 1260.598850][ T8678] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1260.604388][ T8678] mem_cgroup_try_charge+0x24d/0x5e0 [ 1260.609661][ T8678] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1260.615294][ T8678] __handle_mm_fault+0x1e1f/0x3ec0 [ 1260.620396][ T8678] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1260.625935][ T8678] ? find_held_lock+0x35/0x130 [ 1260.630687][ T8678] ? handle_mm_fault+0x322/0xb30 [ 1260.635623][ T8678] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1260.641865][ T8678] ? kasan_check_read+0x11/0x20 [ 1260.646732][ T8678] handle_mm_fault+0x43f/0xb30 [ 1260.651511][ T8678] __get_user_pages+0x7b6/0x1a40 [ 1260.656470][ T8678] ? follow_page_mask+0x19a0/0x19a0 [ 1260.661675][ T8678] ? perf_trace_lock+0xeb/0x510 [ 1260.666537][ T8678] ? __vma_adjust+0x1840/0x1840 [ 1260.671408][ T8678] ? lock_acquire+0x16f/0x3f0 [ 1260.676088][ T8678] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1260.682322][ T8678] populate_vma_page_range+0x20d/0x2a0 [ 1260.687836][ T8678] __mm_populate+0x204/0x380 [ 1260.692423][ T8678] ? populate_vma_page_range+0x2a0/0x2a0 [ 1260.698067][ T8678] __x64_sys_mlockall+0x35c/0x520 [ 1260.703099][ T8678] do_syscall_64+0x103/0x610 [ 1260.707715][ T8678] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1260.713601][ T8678] RIP: 0033:0x458079 [ 1260.717501][ T8678] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1260.717511][ T8678] RSP: 002b:00007fa3c5772c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 1260.717528][ T8678] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000458079 [ 1260.717538][ T8678] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 1260.717548][ T8678] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1260.717557][ T8678] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa3c57736d4 [ 1260.717567][ T8678] R13: 00000000004c3d3a R14: 00000000004d6f20 R15: 00000000ffffffff [ 1260.719012][ T8678] memory: usage 307200kB, limit 307200kB, failcnt 1035 [ 1260.753798][ T8678] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1260.753810][ T8678] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1260.753818][ T8678] Memory cgroup stats for /syz4: cache:0KB rss:279996KB rss_huge:18432KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:235456KB active_anon:27424KB inactive_file:4KB active_file:0KB unevictable:17204KB [ 1260.829361][ T8678] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=8677,uid=0 [ 1260.844752][ T8678] Memory cgroup out of memory: Killed process 8677 (syz-executor.4) total-vm:72448kB, anon-rss:17072kB, file-rss:37164kB, shmem-rss:0kB [ 1260.859226][ T1043] oom_reaper: reaped process 8677 (syz-executor.4), now anon-rss:17120kB, file-rss:37940kB, shmem-rss:0kB [ 1261.920669][ C1] net_ratelimit: 20 callbacks suppressed [ 1261.920678][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1261.932198][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1262.000777][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1262.006618][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1262.480675][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1262.486547][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1262.492399][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1262.498153][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1262.504019][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1262.509780][ C1] protocol 88fb is buggy, dev hsr_slave_1 03:42:49 executing program 1: socket$inet_udplite(0x2, 0x2, 0x88) ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r0 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$IP_VS_SO_GET_DESTS(r0, 0x0, 0x484, &(0x7f0000000600)=""/133, &(0x7f0000000400)=0x85) 03:42:49 executing program 2: r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) fcntl$getownex(0xffffffffffffff9c, 0x10, &(0x7f0000000000)={0x0, 0x0}) ioctl$sock_FIOSETOWN(r0, 0x8901, &(0x7f0000000040)=r1) r2 = socket$key(0xf, 0x3, 0x2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f0000000200)=0x100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) r4 = syz_open_procfs(0x0, &(0x7f0000000080)='pagemap\x00') sigaltstack(&(0x7f0000ff9000/0x4000)=nil, 0x0) sendfile(r3, r4, &(0x7f00000000c0)=0x100000, 0xfffc) sendmsg$key(r2, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000000180)=ANY=[@ANYBLOB="020e00000c000000000000000000000005000600008000000a0000000000000000000000000000000000000000000000000000000000000005000500000003389879fa9100000a00000000000000fe8000000000000000000000000000ff0000000000000000"], 0x60}}, 0x0) 03:42:49 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000440), 0x132224) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() setsockopt$IPT_SO_SET_REPLACE(r1, 0x0, 0x40, &(0x7f00000000c0)=ANY=[@ANYBLOB="6e61853167377400000100000000000000000000e4dbb77487e90104000000000040800000000000001b2300000503000018030000cc0000ac010000000000001004d1e090e1fe916dd282e0f34f8dfac0dc1695c4d700001004000010030002d3a379b87c5ade6e27a603551ae6543351c2f2d3c00f3f72e011777424c981c41f852110e5d4a50bc78b2aa66b63012812d04b94d660aab341cfe8364422b866cd445d5d0f"], 0x1) ptrace$setopts(0x4206, r2, 0x0, 0x0) wait4(0x0, 0x0, 0x0, 0x0) tkill(r2, 0x3c) 03:42:49 executing program 5: socket$inet_sctp(0x2, 0x5, 0x84) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f00000003c0)=ANY=[@ANYBLOB="7cdaf117ad949c33f5436f8e61287af40e63e6559df00e1c92e3892c4c1cde1e61dc755864675bb0084e5e8ed007ed531d2e2cbd9c775f9e6d807d11e9e6c7c13e9b9937"], 0x0) r1 = socket(0xa, 0x3, 0x5) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'bridge0\x00\x00\x01\x00'}) setsockopt$ARPT_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x0, 0x61, &(0x7f0000000080)={'filter\x00', 0x4}, 0x68) setsockopt$inet6_mtu(r1, 0x29, 0x17, &(0x7f00000001c0)=0x2, 0x4) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) socket$inet(0x2, 0x4000000000000001, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCBRADDBR(r4, 0x89a0, &(0x7f00000000c0)='bcsf0\x00') setsockopt$inet6_mtu(r3, 0x29, 0x17, &(0x7f00000002c0)=0x7, 0x4) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(tnepres)\x00'}, 0x58) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r2, 0x84, 0x7c, &(0x7f0000000680)={0x0, 0x4}, &(0x7f00000006c0)=0x8) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f0000000700)={0x0, 0x0, 0x2, 0x1, r6}, 0x10) r7 = accept4(r5, 0x0, &(0x7f0000000000), 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000100), 0x0) r8 = syz_genetlink_get_family_id$nbd(&(0x7f0000000740)='nbd\x00') sendmsg$NBD_CMD_STATUS(r4, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)={0x20, r8, 0x20, 0x70bd27, 0x25dfdbfd, {}, [@NBD_ATTR_TIMEOUT={0xc, 0x4, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x4000) sendto$unix(r7, &(0x7f0000000400), 0xfffffffffffffef8, 0x0, 0x0, 0x22) bind$bt_l2cap(r2, &(0x7f0000000280)={0x1f, 0x1000, {0x2, 0x8, 0x9, 0xff, 0x40, 0x65f}, 0x5, 0xa1}, 0xe) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000200)={r3, &(0x7f0000000140)="b127e17bb4729bdbe9df3309c28cfe1b0b69a52b7f9659d9f5e15f2d086700eb94d66d46780f09e48850970774d57053aa6f75", 0x0, 0x1}, 0x20) socket$alg(0x26, 0x5, 0x0) recvmmsg(r7, &(0x7f0000009140)=[{{&(0x7f0000001580)=@in={0x2, 0x0, @dev}, 0x80, &(0x7f0000004840)=[{&(0x7f0000003840)=""/4096, 0x6}, {&(0x7f0000001600)=""/129, 0x7fffeffa}], 0x2, &(0x7f00000048c0)=""/58, 0x3a}}], 0x1, 0x0, &(0x7f0000009340)={0x0, 0x989680}) ioctl$sock_SIOCBRDELBR(r4, 0x89a1, &(0x7f0000000180)='bcsf0\x00\x00\x00\x00\x00\x00\x00\x11\x00') getsockopt$bt_rfcomm_RFCOMM_LM(r3, 0x12, 0x3, &(0x7f0000000380), &(0x7f0000000240)=0x293) sendmsg$nl_xfrm(r0, &(0x7f0000000100)={&(0x7f0000f4dff4), 0xc, &(0x7f0000000040)={&(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000c011100"], 0x1}}, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000600)={'bridge0\x00'}) 03:42:49 executing program 4: socketpair$unix(0x1, 0x0, 0x0, 0x0) r0 = creat(0x0, 0x0) r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_STATUS(r0, 0xc05c5340, &(0x7f0000000200)={0x0, 0x9, 0xff, {}, 0x2, 0x1}) mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x0, 0x6031, 0xffffffffffffffff, 0x0) fcntl$dupfd(r2, 0x406, r1) [ 1262.843427][ T8684] IPVS: length: 133 != 24 03:42:49 executing program 0: clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x1) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 03:42:49 executing program 1: socket$inet_udplite(0x2, 0x2, 0x88) ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r0 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$IP_VS_SO_GET_DESTS(r0, 0x0, 0x484, &(0x7f0000000600)=""/133, &(0x7f0000000400)=0x85) 03:42:49 executing program 2: r0 = accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000000000), &(0x7f0000000040)=0xe, 0x80000) ioctl$sock_SIOCDELDLCI(r0, 0x8981, &(0x7f0000000080)={'eql\x00', 0x5}) r1 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r1, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f000080e000)={0x2, 0xe, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0xffffff80, 0x0, @in6}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0x60}}, 0x0) r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/self/net/pfkey\x00', 0x220400, 0x0) getsockopt$inet_sctp_SCTP_MAXSEG(0xffffffffffffff9c, 0x84, 0xd, &(0x7f0000000100)=@assoc_id=0x0, &(0x7f0000000140)=0x4) ioctl$TIOCGSID(r2, 0x5429, &(0x7f0000000240)) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f0000000180)={r3, @in6={{0xa, 0x4e23, 0x7, @ipv4={[], [], @empty}}}, 0x4, 0x4af62754, 0x0, 0xfffffffffffffffb, 0x2a}, 0x98) syz_open_dev$sndpcmc(&(0x7f0000000280)='/dev/snd/pcmC#D#c\x00', 0x10001, 0x1) fcntl$setstatus(r1, 0x4, 0x44400) [ 1262.980378][ T8698] IPVS: length: 133 != 24 03:42:49 executing program 1: socket$inet_udplite(0x2, 0x2, 0x88) ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r0 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$IP_VS_SO_GET_DESTS(r0, 0x0, 0x484, &(0x7f0000000600)=""/133, &(0x7f0000000400)=0x85) 03:42:49 executing program 0: clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x1) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) [ 1263.105940][ T8708] IPVS: length: 133 != 24 03:42:49 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x0, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$IP_VS_SO_GET_DESTS(r1, 0x0, 0x484, &(0x7f0000000600)=""/133, &(0x7f0000000400)=0x85) 03:42:49 executing program 0: clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x1) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x20000000, 0xd0}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 03:42:49 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f000080e000)={0x2, 0xe, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0xffffff80, 0x0, @in6}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0x60}}, 0x0) lookup_dcookie(0x3, &(0x7f0000000080)=""/119, 0xfffffffffffffd1b) r1 = syz_open_dev$vcsn(&(0x7f0000000000)='/dev/vcs#\x00', 0x100, 0x0) getsockopt$inet6_mreq(0xffffffffffffff9c, 0x29, 0x0, &(0x7f0000000040)={@mcast2, 0x0}, &(0x7f0000000100)=0x14) ioctl$TUNSETIFINDEX(r1, 0x400454da, &(0x7f0000000140)=r2) [ 1263.232519][ T8713] IPVS: length: 133 != 24 03:42:49 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x0, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$IP_VS_SO_GET_DESTS(r1, 0x0, 0x484, &(0x7f0000000600)=""/133, &(0x7f0000000400)=0x85) [ 1263.308164][ T8687] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 1263.319498][ T8687] CPU: 1 PID: 8687 Comm: syz-executor.4 Not tainted 5.1.0-rc1-next-20190319 #6 [ 1263.328450][ T8687] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1263.338507][ T8687] Call Trace: [ 1263.341808][ T8687] dump_stack+0x172/0x1f0 [ 1263.346154][ T8687] dump_header+0x10f/0xb6c [ 1263.350586][ T8687] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1263.356401][ T8687] ? ___ratelimit+0x60/0x595 [ 1263.360997][ T8687] ? do_raw_spin_unlock+0x57/0x270 [ 1263.366124][ T8687] oom_kill_process.cold+0x10/0x15 [ 1263.371247][ T8687] out_of_memory+0x79a/0x1280 [ 1263.375949][ T8687] ? lock_downgrade+0x880/0x880 [ 1263.380810][ T8687] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1263.386457][ T8721] IPVS: length: 133 != 24 [ 1263.387063][ T8687] ? oom_killer_disable+0x280/0x280 [ 1263.387077][ T8687] ? find_held_lock+0x35/0x130 [ 1263.387107][ T8687] mem_cgroup_out_of_memory+0x1ca/0x230 [ 1263.406896][ T8687] ? memcg_event_wake+0x230/0x230 [ 1263.411979][ T8687] ? do_raw_spin_unlock+0x57/0x270 [ 1263.417111][ T8687] ? _raw_spin_unlock+0x2d/0x50 [ 1263.421967][ T8687] try_charge+0x118d/0x1790 [ 1263.426457][ T8687] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1263.431990][ T8687] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1263.438222][ T8687] ? kasan_check_read+0x11/0x20 [ 1263.443060][ T8687] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1263.448588][ T8687] mem_cgroup_try_charge+0x24d/0x5e0 [ 1263.453877][ T8687] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1263.459533][ T8687] __handle_mm_fault+0x1e1f/0x3ec0 [ 1263.464644][ T8687] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1263.470172][ T8687] ? find_held_lock+0x35/0x130 [ 1263.474919][ T8687] ? handle_mm_fault+0x322/0xb30 [ 1263.479870][ T8687] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1263.486102][ T8687] ? kasan_check_read+0x11/0x20 [ 1263.490945][ T8687] handle_mm_fault+0x43f/0xb30 [ 1263.495703][ T8687] __get_user_pages+0x7b6/0x1a40 [ 1263.500631][ T8687] ? follow_page_mask+0x19a0/0x19a0 [ 1263.505817][ T8687] ? perf_trace_lock+0xeb/0x510 [ 1263.510659][ T8687] ? __vma_adjust+0x1840/0x1840 [ 1263.515529][ T8687] ? lock_acquire+0x16f/0x3f0 [ 1263.520188][ T8687] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1263.526414][ T8687] populate_vma_page_range+0x20d/0x2a0 [ 1263.531861][ T8687] __mm_populate+0x204/0x380 [ 1263.536440][ T8687] ? populate_vma_page_range+0x2a0/0x2a0 [ 1263.542065][ T8687] __x64_sys_mlockall+0x35c/0x520 [ 1263.547075][ T8687] do_syscall_64+0x103/0x610 [ 1263.551685][ T8687] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1263.557578][ T8687] RIP: 0033:0x458079 [ 1263.561505][ T8687] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1263.581099][ T8687] RSP: 002b:00007fa3c5772c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 1263.589532][ T8687] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000458079 [ 1263.597488][ T8687] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 1263.605457][ T8687] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1263.613408][ T8687] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa3c57736d4 [ 1263.621362][ T8687] R13: 00000000004c3d3a R14: 00000000004d6f20 R15: 00000000ffffffff [ 1263.631021][ T8687] memory: usage 307200kB, limit 307200kB, failcnt 1048 [ 1263.638283][ T8687] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1263.646158][ T8687] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1263.653310][ T8687] Memory cgroup stats for /syz4: cache:0KB rss:279992KB rss_huge:18432KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:235456KB active_anon:27424KB inactive_file:4KB active_file:0KB unevictable:17172KB [ 1263.675685][ T8687] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=8682,uid=0 [ 1263.692119][ T8687] Memory cgroup out of memory: Killed process 8682 (syz-executor.4) total-vm:72448kB, anon-rss:17072kB, file-rss:37164kB, shmem-rss:0kB [ 1263.711939][ T1043] oom_reaper: reaped process 8682 (syz-executor.4), now anon-rss:17120kB, file-rss:37944kB, shmem-rss:0kB 03:42:52 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000440), 0x132224) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() setsockopt$IPT_SO_SET_REPLACE(r1, 0x0, 0x40, &(0x7f00000000c0)=ANY=[@ANYBLOB="6e61853167377400000100000000000000000000e4dbb77487e90104000000000040800000000000001b2300000503000018030000cc0000ac010000000000001004d1e090e1fe916dd282e0f34f8dfac0dc1695c4d700001004000010030002d3a379b87c5ade6e27a603551ae6543351c2f2d3c00f3f72e011777424c981c41f852110e5d4a50bc78b2aa66b63012812d04b94d660aab341cfe8364422b866cd445d5d0f4d6715baea5900323e000000"], 0x1) ptrace$setopts(0x4206, r2, 0x0, 0x0) wait4(0x0, 0x0, 0x0, 0x0) tkill(r2, 0x3c) 03:42:52 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x0, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$IP_VS_SO_GET_DESTS(r1, 0x0, 0x484, &(0x7f0000000600)=""/133, &(0x7f0000000400)=0x85) 03:42:52 executing program 5: socket$inet_sctp(0x2, 0x5, 0x84) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f00000003c0)=ANY=[@ANYBLOB="7cdaf117ad949c33f5436f8e61287af40e63e6559df00e1c92e3892c4c1cde1e61dc755864675bb0084e5e8ed007ed531d2e2cbd9c775f9e6d807d11e9e6c7c13e9b9937"], 0x0) r1 = socket(0xa, 0x3, 0x5) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'bridge0\x00\x00\x01\x00'}) setsockopt$ARPT_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x0, 0x61, &(0x7f0000000080)={'filter\x00', 0x4}, 0x68) setsockopt$inet6_mtu(r1, 0x29, 0x17, &(0x7f00000001c0)=0x2, 0x4) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) socket$inet(0x2, 0x4000000000000001, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCBRADDBR(r4, 0x89a0, &(0x7f00000000c0)='bcsf0\x00') setsockopt$inet6_mtu(r3, 0x29, 0x17, &(0x7f00000002c0)=0x7, 0x4) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(tnepres)\x00'}, 0x58) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r2, 0x84, 0x7c, &(0x7f0000000680)={0x0, 0x4}, &(0x7f00000006c0)=0x8) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f0000000700)={0x0, 0x0, 0x2, 0x1, r6}, 0x10) r7 = accept4(r5, 0x0, &(0x7f0000000000), 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000100), 0x0) r8 = syz_genetlink_get_family_id$nbd(&(0x7f0000000740)='nbd\x00') sendmsg$NBD_CMD_STATUS(r4, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)={0x20, r8, 0x20, 0x70bd27, 0x25dfdbfd, {}, [@NBD_ATTR_TIMEOUT={0xc, 0x4, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x4000) sendto$unix(r7, &(0x7f0000000400), 0xfffffffffffffef8, 0x0, 0x0, 0x22) bind$bt_l2cap(r2, &(0x7f0000000280)={0x1f, 0x1000, {0x2, 0x8, 0x9, 0xff, 0x40, 0x65f}, 0x5, 0xa1}, 0xe) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000200)={r3, &(0x7f0000000140)="b127e17bb4729bdbe9df3309c28cfe1b0b69a52b7f9659d9f5e15f2d086700eb94d66d46780f09e48850970774d57053aa6f75", 0x0, 0x1}, 0x20) socket$alg(0x26, 0x5, 0x0) recvmmsg(r7, &(0x7f0000009140)=[{{&(0x7f0000001580)=@in={0x2, 0x0, @dev}, 0x80, &(0x7f0000004840)=[{&(0x7f0000003840)=""/4096, 0x6}, {&(0x7f0000001600)=""/129, 0x7fffeffa}], 0x2, &(0x7f00000048c0)=""/58, 0x3a}}], 0x1, 0x0, &(0x7f0000009340)={0x0, 0x989680}) ioctl$sock_SIOCBRDELBR(r4, 0x89a1, &(0x7f0000000180)='bcsf0\x00\x00\x00\x00\x00\x00\x00\x11\x00') getsockopt$bt_rfcomm_RFCOMM_LM(r3, 0x12, 0x3, &(0x7f0000000380), &(0x7f0000000240)=0x293) sendmsg$nl_xfrm(r0, &(0x7f0000000100)={&(0x7f0000f4dff4), 0xc, &(0x7f0000000040)={&(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000c011100"], 0x1}}, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000600)={'bridge0\x00'}) 03:42:52 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000000000)={'hsr0\x00', {0x2, 0x4e21, @multicast2}}) 03:42:52 executing program 4: socketpair$unix(0x1, 0x0, 0x0, 0x0) r0 = creat(0x0, 0x0) r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_STATUS(r0, 0xc05c5340, &(0x7f0000000200)={0x0, 0x9, 0xff, {}, 0x2, 0x1}) mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x0, 0x6031, 0xffffffffffffffff, 0x0) fcntl$dupfd(r2, 0x406, r1) [ 1265.907986][ T8733] IPVS: length: 133 != 24 03:42:52 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$IP_VS_SO_GET_DESTS(r1, 0x0, 0x484, &(0x7f0000000600)=""/133, &(0x7f0000000400)=0x85) 03:42:52 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f000080e000)={0x2, 0xe, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0xffffff80, 0x0, @in6}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0x60}}, 0x0) [ 1266.033862][ T8740] IPVS: length: 133 != 24 03:42:52 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$IP_VS_SO_GET_DESTS(r1, 0x0, 0x484, &(0x7f0000000600)=""/133, &(0x7f0000000400)=0x85) [ 1266.132068][ T8745] IPVS: length: 133 != 24 03:42:52 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$IP_VS_SO_GET_DESTS(r1, 0x0, 0x484, &(0x7f0000000600)=""/133, &(0x7f0000000400)=0x85) [ 1266.215880][ T8747] IPVS: length: 133 != 24 03:42:52 executing program 0: clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x1) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x20000000, 0xd0}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 03:42:52 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='io.stat\x00', 0x0, 0x0) ioctl$sock_inet_SIOCSIFBRDADDR(r0, 0x891a, &(0x7f0000000040)={'veth1_to_bridge\x00', {0x2, 0x4e23, @local}}) r1 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r1, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f000080e000)={0x2, 0xe, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0xffffff80, 0x0, @in6}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0x60}}, 0x0) 03:42:52 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)) r1 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$IP_VS_SO_GET_DESTS(r1, 0x0, 0x484, &(0x7f0000000600)=""/133, &(0x7f0000000400)=0x85) [ 1266.286788][ T8732] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 1266.330749][ T8732] CPU: 0 PID: 8732 Comm: syz-executor.4 Not tainted 5.1.0-rc1-next-20190319 #6 [ 1266.332461][ T8751] IPVS: length: 133 != 24 [ 1266.339705][ T8732] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1266.339712][ T8732] Call Trace: [ 1266.339735][ T8732] dump_stack+0x172/0x1f0 [ 1266.339764][ T8732] dump_header+0x10f/0xb6c [ 1266.366133][ T8732] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1266.371956][ T8732] ? ___ratelimit+0x60/0x595 [ 1266.376566][ T8732] ? do_raw_spin_unlock+0x57/0x270 [ 1266.381690][ T8732] oom_kill_process.cold+0x10/0x15 [ 1266.386814][ T8732] out_of_memory+0x79a/0x1280 [ 1266.391515][ T8732] ? lock_downgrade+0x880/0x880 [ 1266.396377][ T8732] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1266.402631][ T8732] ? oom_killer_disable+0x280/0x280 [ 1266.407835][ T8732] ? find_held_lock+0x35/0x130 [ 1266.412622][ T8732] mem_cgroup_out_of_memory+0x1ca/0x230 [ 1266.418162][ T8732] ? memcg_event_wake+0x230/0x230 [ 1266.423194][ T8732] ? do_raw_spin_unlock+0x57/0x270 [ 1266.428317][ T8732] ? _raw_spin_unlock+0x2d/0x50 [ 1266.433338][ T8732] try_charge+0x118d/0x1790 [ 1266.437843][ T8732] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1266.443387][ T8732] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1266.449624][ T8732] ? kasan_check_read+0x11/0x20 [ 1266.454473][ T8732] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1266.460019][ T8732] mem_cgroup_try_charge+0x24d/0x5e0 [ 1266.465292][ T8732] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1266.470927][ T8732] __handle_mm_fault+0x1e1f/0x3ec0 [ 1266.476040][ T8732] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1266.481578][ T8732] ? find_held_lock+0x35/0x130 [ 1266.486339][ T8732] ? handle_mm_fault+0x322/0xb30 [ 1266.491289][ T8732] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1266.497532][ T8732] ? kasan_check_read+0x11/0x20 [ 1266.502387][ T8732] handle_mm_fault+0x43f/0xb30 [ 1266.507166][ T8732] __get_user_pages+0x7b6/0x1a40 [ 1266.512117][ T8732] ? follow_page_mask+0x19a0/0x19a0 [ 1266.517317][ T8732] ? lock_acquire+0x16f/0x3f0 [ 1266.521987][ T8732] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1266.528233][ T8732] populate_vma_page_range+0x20d/0x2a0 [ 1266.533692][ T8732] __mm_populate+0x204/0x380 [ 1266.538301][ T8732] ? populate_vma_page_range+0x2a0/0x2a0 [ 1266.543937][ T8732] __x64_sys_mlockall+0x35c/0x520 [ 1266.548948][ T8732] do_syscall_64+0x103/0x610 [ 1266.553531][ T8732] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1266.559430][ T8732] RIP: 0033:0x458079 [ 1266.563324][ T8732] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1266.582928][ T8732] RSP: 002b:00007fa3c5772c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 1266.591345][ T8732] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000458079 [ 1266.599325][ T8732] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 1266.607295][ T8732] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1266.615249][ T8732] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa3c57736d4 [ 1266.623216][ T8732] R13: 00000000004c3d3a R14: 00000000004d6f20 R15: 00000000ffffffff [ 1266.633967][ T8732] memory: usage 307200kB, limit 307200kB, failcnt 1073 [ 1266.641104][ T8732] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1266.648561][ T8732] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1266.655478][ T8732] Memory cgroup stats for /syz4: cache:0KB rss:279904KB rss_huge:18432KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:235456KB active_anon:27424KB inactive_file:4KB active_file:0KB unevictable:17176KB [ 1266.677700][ T8732] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=8729,uid=0 [ 1266.693100][ T8732] Memory cgroup out of memory: Killed process 8729 (syz-executor.4) total-vm:72448kB, anon-rss:17072kB, file-rss:37164kB, shmem-rss:0kB [ 1266.707486][ T1043] oom_reaper: reaped process 8729 (syz-executor.4), now anon-rss:17212kB, file-rss:37944kB, shmem-rss:0kB [ 1268.160644][ C1] net_ratelimit: 20 callbacks suppressed [ 1268.160653][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1268.172128][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1268.240674][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1268.246449][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1268.720637][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1268.726475][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1268.732326][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1268.738072][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1268.743943][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1268.749699][ C1] protocol 88fb is buggy, dev hsr_slave_1 03:42:55 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000440), 0x132224) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() setsockopt$IPT_SO_SET_REPLACE(r1, 0x0, 0x40, &(0x7f00000000c0)=ANY=[@ANYBLOB="6e61853167377400000100000000000000000000e4dbb77487e90104000000000040800000000000001b2300000503000018030000cc0000ac010000000000001004d1e090e1fe916dd282e0f34f8dfac0dc1695c4d700001004000010030002d3a379b87c5ade6e27a603551ae6543351c2f2d3c00f3f72e011777424c981c41f852110e5d4a50bc78b2aa66b63012812d04b94d660aab341cfe8364422b866cd445d5d0f4d6715baea5900323e000000"], 0x1) ptrace$setopts(0x4206, r2, 0x0, 0x0) wait4(0x0, 0x0, 0x0, 0x0) tkill(r2, 0x3c) 03:42:55 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)) r1 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$IP_VS_SO_GET_DESTS(r1, 0x0, 0x484, &(0x7f0000000600)=""/133, &(0x7f0000000400)=0x85) 03:42:55 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000000)={'veth0_to_bridge\x00', {0x2, 0x4e21, @broadcast}}) 03:42:55 executing program 5: socket$inet_sctp(0x2, 0x5, 0x84) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f00000003c0)=ANY=[@ANYBLOB="7cdaf117ad949c33f5436f8e61287af40e63e6559df00e1c92e3892c4c1cde1e61dc755864675bb0084e5e8ed007ed531d2e2cbd9c775f9e6d807d11e9e6c7c13e9b9937"], 0x0) r1 = socket(0xa, 0x3, 0x5) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'bridge0\x00\x00\x01\x00'}) setsockopt$ARPT_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x0, 0x61, &(0x7f0000000080)={'filter\x00', 0x4}, 0x68) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8923, &(0x7f0000000040)={'bridge0\x00', 0xfffffffffffffffd}) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) socket$inet(0x2, 0x4000000000000001, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCBRADDBR(r4, 0x89a0, &(0x7f00000000c0)='bcsf0\x00') setsockopt$inet6_mtu(r3, 0x29, 0x17, &(0x7f00000002c0)=0x7, 0x4) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(tnepres)\x00'}, 0x58) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r2, 0x84, 0x7c, &(0x7f0000000680)={0x0, 0x4}, &(0x7f00000006c0)=0x8) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f0000000700)={0x0, 0x0, 0x2, 0x1, r6}, 0x10) r7 = accept4(r5, 0x0, &(0x7f0000000000), 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000100), 0x0) r8 = syz_genetlink_get_family_id$nbd(&(0x7f0000000740)='nbd\x00') sendmsg$NBD_CMD_STATUS(r4, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)={0x20, r8, 0x20, 0x70bd27, 0x25dfdbfd, {}, [@NBD_ATTR_TIMEOUT={0xc, 0x4, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x4000) sendto$unix(r7, &(0x7f0000000400), 0xfffffffffffffef8, 0x0, 0x0, 0x22) bind$bt_l2cap(r2, &(0x7f0000000280)={0x1f, 0x1000, {0x2, 0x8, 0x9, 0xff, 0x40, 0x65f}, 0x5, 0xa1}, 0xe) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000200)={r3, &(0x7f0000000140)="b127e17bb4729bdbe9df3309c28cfe1b0b69a52b7f9659d9f5e15f2d086700eb94d66d46780f09e48850970774d57053aa6f75", 0x0, 0x1}, 0x20) socket$alg(0x26, 0x5, 0x0) recvmmsg(r7, &(0x7f0000009140)=[{{&(0x7f0000001580)=@in={0x2, 0x0, @dev}, 0x80, &(0x7f0000004840)=[{&(0x7f0000003840)=""/4096, 0x6}, {&(0x7f0000001600)=""/129, 0x7fffeffa}], 0x2, &(0x7f00000048c0)=""/58, 0x3a}}], 0x1, 0x0, &(0x7f0000009340)={0x0, 0x989680}) ioctl$sock_SIOCBRDELBR(r4, 0x89a1, &(0x7f0000000180)='bcsf0\x00\x00\x00\x00\x00\x00\x00\x11\x00') getsockopt$bt_rfcomm_RFCOMM_LM(r3, 0x12, 0x3, &(0x7f0000000380), &(0x7f0000000240)=0x293) sendmsg$nl_xfrm(r0, &(0x7f0000000100)={&(0x7f0000f4dff4), 0xc, &(0x7f0000000040)={&(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000c011100"], 0x1}}, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000600)={'bridge0\x00'}) 03:42:55 executing program 4: socketpair$unix(0x1, 0x0, 0x0, 0x0) r0 = creat(0x0, 0x0) r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_STATUS(r0, 0xc05c5340, &(0x7f0000000200)={0xff, 0x0, 0xff, {}, 0x2, 0x1}) mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x0, 0x6031, 0xffffffffffffffff, 0x0) fcntl$dupfd(r2, 0x406, r1) [ 1268.928326][ T8765] IPVS: length: 133 != 24 03:42:55 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)) r1 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$IP_VS_SO_GET_DESTS(r1, 0x0, 0x484, &(0x7f0000000600)=""/133, &(0x7f0000000400)=0x85) 03:42:55 executing program 2: r0 = syz_open_dev$media(&(0x7f0000000180)='/dev/media#\x00', 0x100000001, 0x0) r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000100)='/proc/self/net/pfkey\x00', 0x201, 0x0) getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f00000001c0)={0x0, @rand_addr, @loopback}, &(0x7f0000000200)=0xc) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000240)={'vcan0\x00', r2}) ioctl$SG_SET_DEBUG(r1, 0x227e, &(0x7f0000000140)) socket$key(0xf, 0x3, 0x2) r3 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x8040, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r3, 0x40a85323, &(0x7f0000000040)={{0x3, 0xc2}, 'port0\x00', 0x40, 0x800, 0x6, 0x7, 0x2, 0xffff, 0x1, 0x0, 0x6, 0x7}) [ 1269.040225][ T8776] IPVS: length: 133 != 24 03:42:55 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c12") r1 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$IP_VS_SO_GET_DESTS(r1, 0x0, 0x484, &(0x7f0000000600)=""/133, &(0x7f0000000400)=0x85) [ 1269.196691][ T8783] IPVS: length: 133 != 24 03:42:55 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f000080e000)={0x2, 0xe, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0xffffff80, 0x0, @in6}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0x60}}, 0x0) r1 = syz_open_dev$audion(&(0x7f0000000000)='/dev/audio#\x00', 0x2, 0x20000) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'veth0_to_bridge\x00', 0x0}) ioctl$sock_inet6_SIOCSIFDSTADDR(r1, 0x8918, &(0x7f0000000080)={@ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x20}}, 0x55, r2}) [ 1269.323183][ T8762] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 1269.335046][ T8762] CPU: 1 PID: 8762 Comm: syz-executor.4 Not tainted 5.1.0-rc1-next-20190319 #6 [ 1269.343991][ T8762] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1269.354049][ T8762] Call Trace: [ 1269.357347][ T8762] dump_stack+0x172/0x1f0 [ 1269.361696][ T8762] dump_header+0x10f/0xb6c [ 1269.366130][ T8762] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1269.371952][ T8762] ? ___ratelimit+0x60/0x595 [ 1269.376554][ T8762] ? do_raw_spin_unlock+0x57/0x270 [ 1269.381683][ T8762] oom_kill_process.cold+0x10/0x15 [ 1269.386811][ T8762] out_of_memory+0x79a/0x1280 [ 1269.391498][ T8762] ? lock_downgrade+0x880/0x880 [ 1269.396358][ T8762] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1269.402607][ T8762] ? oom_killer_disable+0x280/0x280 [ 1269.407807][ T8762] ? find_held_lock+0x35/0x130 [ 1269.412592][ T8762] mem_cgroup_out_of_memory+0x1ca/0x230 [ 1269.418154][ T8762] ? memcg_event_wake+0x230/0x230 [ 1269.423201][ T8762] ? do_raw_spin_unlock+0x57/0x270 [ 1269.428334][ T8762] ? _raw_spin_unlock+0x2d/0x50 [ 1269.433197][ T8762] try_charge+0x118d/0x1790 [ 1269.437707][ T8762] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1269.443254][ T8762] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1269.449758][ T8762] ? kasan_check_read+0x11/0x20 [ 1269.454610][ T8762] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1269.460156][ T8762] mem_cgroup_try_charge+0x24d/0x5e0 [ 1269.465466][ T8762] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1269.471113][ T8762] __handle_mm_fault+0x1e1f/0x3ec0 [ 1269.476243][ T8762] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1269.481796][ T8762] ? find_held_lock+0x35/0x130 [ 1269.486562][ T8762] ? handle_mm_fault+0x322/0xb30 [ 1269.491520][ T8762] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1269.497760][ T8762] ? kasan_check_read+0x11/0x20 [ 1269.502610][ T8762] handle_mm_fault+0x43f/0xb30 [ 1269.507371][ T8762] __get_user_pages+0x7b6/0x1a40 [ 1269.512320][ T8762] ? follow_page_mask+0x19a0/0x19a0 [ 1269.517519][ T8762] ? perf_trace_lock+0xeb/0x510 [ 1269.522371][ T8762] ? __vma_adjust+0x1840/0x1840 [ 1269.527244][ T8762] ? lock_acquire+0x16f/0x3f0 [ 1269.531917][ T8762] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1269.538175][ T8762] populate_vma_page_range+0x20d/0x2a0 [ 1269.543640][ T8762] __mm_populate+0x204/0x380 [ 1269.548233][ T8762] ? populate_vma_page_range+0x2a0/0x2a0 [ 1269.553878][ T8762] __x64_sys_mlockall+0x35c/0x520 [ 1269.558902][ T8762] do_syscall_64+0x103/0x610 [ 1269.563507][ T8762] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1269.569395][ T8762] RIP: 0033:0x458079 [ 1269.573286][ T8762] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1269.592885][ T8762] RSP: 002b:00007fa3c5772c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 1269.601300][ T8762] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000458079 [ 1269.609270][ T8762] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 03:42:56 executing program 0: clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x1) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x20000000, 0xd0}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 03:42:56 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c12") r1 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$IP_VS_SO_GET_DESTS(r1, 0x0, 0x484, &(0x7f0000000600)=""/133, &(0x7f0000000400)=0x85) [ 1269.617241][ T8762] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1269.625208][ T8762] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa3c57736d4 [ 1269.633179][ T8762] R13: 00000000004c3d3a R14: 00000000004d6f20 R15: 00000000ffffffff [ 1269.649487][ T8762] memory: usage 307200kB, limit 307200kB, failcnt 1085 [ 1269.677682][ T8762] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1269.686490][ T8789] IPVS: length: 133 != 24 [ 1269.686505][ T8762] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 03:42:56 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c12") r1 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$IP_VS_SO_GET_DESTS(r1, 0x0, 0x484, &(0x7f0000000600)=""/133, &(0x7f0000000400)=0x85) [ 1269.707297][ T8762] Memory cgroup stats for /syz4: cache:0KB rss:279944KB rss_huge:18432KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:235456KB active_anon:27424KB inactive_file:4KB active_file:0KB unevictable:17160KB [ 1269.759550][ T8762] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=8759,uid=0 [ 1269.795198][ T8762] Memory cgroup out of memory: Killed process 8759 (syz-executor.4) total-vm:72448kB, anon-rss:17072kB, file-rss:37164kB, shmem-rss:0kB [ 1269.811489][ T8794] IPVS: length: 133 != 24 03:42:58 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000440), 0x132224) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() setsockopt$IPT_SO_SET_REPLACE(r1, 0x0, 0x40, &(0x7f00000000c0)=ANY=[@ANYBLOB="6e61853167377400000100000000000000000000e4dbb77487e90104000000000040800000000000001b2300000503000018030000cc0000ac010000000000001004d1e090e1fe916dd282e0f34f8dfac0dc1695c4d700001004000010030002d3a379b87c5ade6e27a603551ae6543351c2f2d3c00f3f72e011777424c981c41f852110e5d4a50bc78b2aa66b63012812d04b94d660aab341cfe8364422b866cd445d5d0f4d6715baea5900323e000000"], 0x1) ptrace$setopts(0x4206, r2, 0x0, 0x0) wait4(0x0, 0x0, 0x0, 0x0) tkill(r2, 0x3c) 03:42:58 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f000080e000)=ANY=[@ANYBLOB="020efc000c00000000000000000000000500060000800098690800000700000000000000000000000000000000000000000000000000000005000500000000000a00000000000000fe8000000000000000000000246e2a540000000000000000"], 0x60}}, 0x0) 03:42:58 executing program 5: socket$inet_sctp(0x2, 0x5, 0x84) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f00000003c0)=ANY=[@ANYBLOB="7cdaf117ad949c33f5436f8e61287af40e63e6559df00e1c92e3892c4c1cde1e61dc755864675bb0084e5e8ed007ed531d2e2cbd9c775f9e6d807d11e9e6c7c13e9b9937"], 0x0) r1 = socket(0xa, 0x3, 0x5) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'bridge0\x00\x00\x01\x00'}) setsockopt$ARPT_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x0, 0x61, &(0x7f0000000080)={'filter\x00', 0x4}, 0x68) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8923, &(0x7f0000000040)={'bridge0\x00', 0xfffffffffffffffd}) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) socket$inet(0x2, 0x4000000000000001, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCBRADDBR(r4, 0x89a0, &(0x7f00000000c0)='bcsf0\x00') setsockopt$inet6_mtu(r3, 0x29, 0x17, &(0x7f00000002c0)=0x7, 0x4) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(tnepres)\x00'}, 0x58) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r2, 0x84, 0x7c, &(0x7f0000000680)={0x0, 0x4}, &(0x7f00000006c0)=0x8) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f0000000700)={0x0, 0x0, 0x2, 0x1, r6}, 0x10) r7 = accept4(r5, 0x0, &(0x7f0000000000), 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000100), 0x0) r8 = syz_genetlink_get_family_id$nbd(&(0x7f0000000740)='nbd\x00') sendmsg$NBD_CMD_STATUS(r4, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)={0x20, r8, 0x20, 0x70bd27, 0x25dfdbfd, {}, [@NBD_ATTR_TIMEOUT={0xc, 0x4, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x4000) sendto$unix(r7, &(0x7f0000000400), 0xfffffffffffffef8, 0x0, 0x0, 0x22) bind$bt_l2cap(r2, &(0x7f0000000280)={0x1f, 0x1000, {0x2, 0x8, 0x9, 0xff, 0x40, 0x65f}, 0x5, 0xa1}, 0xe) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000200)={r3, &(0x7f0000000140)="b127e17bb4729bdbe9df3309c28cfe1b0b69a52b7f9659d9f5e15f2d086700eb94d66d46780f09e48850970774d57053aa6f75", 0x0, 0x1}, 0x20) socket$alg(0x26, 0x5, 0x0) recvmmsg(r7, &(0x7f0000009140)=[{{&(0x7f0000001580)=@in={0x2, 0x0, @dev}, 0x80, &(0x7f0000004840)=[{&(0x7f0000003840)=""/4096, 0x6}, {&(0x7f0000001600)=""/129, 0x7fffeffa}], 0x2, &(0x7f00000048c0)=""/58, 0x3a}}], 0x1, 0x0, &(0x7f0000009340)={0x0, 0x989680}) ioctl$sock_SIOCBRDELBR(r4, 0x89a1, &(0x7f0000000180)='bcsf0\x00\x00\x00\x00\x00\x00\x00\x11\x00') getsockopt$bt_rfcomm_RFCOMM_LM(r3, 0x12, 0x3, &(0x7f0000000380), &(0x7f0000000240)=0x293) sendmsg$nl_xfrm(r0, &(0x7f0000000100)={&(0x7f0000f4dff4), 0xc, &(0x7f0000000040)={&(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000c011100"], 0x1}}, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000600)={'bridge0\x00'}) 03:42:58 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188") r1 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$IP_VS_SO_GET_DESTS(r1, 0x0, 0x484, &(0x7f0000000600)=""/133, &(0x7f0000000400)=0x85) 03:42:58 executing program 4: socketpair$unix(0x1, 0x0, 0x0, 0x0) r0 = creat(0x0, 0x0) r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_STATUS(r0, 0xc05c5340, &(0x7f0000000200)={0xff, 0x0, 0xff, {}, 0x2, 0x1}) mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x0, 0x6031, 0xffffffffffffffff, 0x0) fcntl$dupfd(r2, 0x406, r1) [ 1271.994393][ T8802] IPVS: length: 133 != 24 03:42:58 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188") r1 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$IP_VS_SO_GET_DESTS(r1, 0x0, 0x484, &(0x7f0000000600)=""/133, &(0x7f0000000400)=0x85) 03:42:58 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f000080e000)=ANY=[@ANYBLOB="020e00000c000000000000000000000005000600008000000a0000000000000000000100000000000000000000000000000000000000000005000500000000000a00000000000000fe8000000000000000000000000000ff0000000000000000"], 0x60}}, 0x0) [ 1272.120860][ T8813] IPVS: length: 133 != 24 03:42:58 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188") r1 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$IP_VS_SO_GET_DESTS(r1, 0x0, 0x484, &(0x7f0000000600)=""/133, &(0x7f0000000400)=0x85) 03:42:58 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f000080e000)={0x2, 0xe, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0xffffff80, 0x0, @in6}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0x60}}, 0x0) ioctl(r0, 0x0, &(0x7f0000000000)="93b30215ddff228be75e98f1e35f97928787e899b4e10fd66de60bd7cad032d5e86cb9a0b46978938ee45619c13d56503966ac0d16eb14df1d5cd9971a6d7ce0d5cd") [ 1272.261957][ T8820] IPVS: length: 133 != 24 [ 1272.367676][ T8801] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 1272.401833][ T8801] CPU: 0 PID: 8801 Comm: syz-executor.4 Not tainted 5.1.0-rc1-next-20190319 #6 [ 1272.410782][ T8801] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1272.420840][ T8801] Call Trace: [ 1272.424143][ T8801] dump_stack+0x172/0x1f0 [ 1272.428494][ T8801] dump_header+0x10f/0xb6c [ 1272.432911][ T8801] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1272.438712][ T8801] ? ___ratelimit+0x60/0x595 [ 1272.443301][ T8801] ? do_raw_spin_unlock+0x57/0x270 [ 1272.448430][ T8801] oom_kill_process.cold+0x10/0x15 [ 1272.453562][ T8801] out_of_memory+0x79a/0x1280 [ 1272.458254][ T8801] ? lock_downgrade+0x880/0x880 [ 1272.463109][ T8801] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1272.469343][ T8801] ? oom_killer_disable+0x280/0x280 [ 1272.474542][ T8801] ? find_held_lock+0x35/0x130 [ 1272.479297][ T8801] mem_cgroup_out_of_memory+0x1ca/0x230 [ 1272.484827][ T8801] ? memcg_event_wake+0x230/0x230 [ 1272.489840][ T8801] ? do_raw_spin_unlock+0x57/0x270 [ 1272.494949][ T8801] ? _raw_spin_unlock+0x2d/0x50 [ 1272.499825][ T8801] try_charge+0x118d/0x1790 [ 1272.504328][ T8801] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1272.509862][ T8801] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1272.516089][ T8801] ? kasan_check_read+0x11/0x20 [ 1272.520975][ T8801] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1272.526527][ T8801] mem_cgroup_try_charge+0x24d/0x5e0 [ 1272.531882][ T8801] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1272.537557][ T8801] __handle_mm_fault+0x1e1f/0x3ec0 [ 1272.542684][ T8801] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1272.548288][ T8801] ? find_held_lock+0x35/0x130 [ 1272.553051][ T8801] ? handle_mm_fault+0x322/0xb30 [ 1272.557995][ T8801] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1272.564253][ T8801] ? kasan_check_read+0x11/0x20 [ 1272.569122][ T8801] handle_mm_fault+0x43f/0xb30 [ 1272.573885][ T8801] __get_user_pages+0x7b6/0x1a40 [ 1272.578830][ T8801] ? follow_page_mask+0x19a0/0x19a0 [ 1272.584035][ T8801] ? perf_trace_lock+0xeb/0x510 [ 1272.588876][ T8801] ? __vma_adjust+0x1840/0x1840 [ 1272.593731][ T8801] ? lock_acquire+0x16f/0x3f0 [ 1272.598429][ T8801] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1272.604656][ T8801] populate_vma_page_range+0x20d/0x2a0 [ 1272.610117][ T8801] __mm_populate+0x204/0x380 [ 1272.614720][ T8801] ? populate_vma_page_range+0x2a0/0x2a0 [ 1272.620376][ T8801] __x64_sys_mlockall+0x35c/0x520 [ 1272.625406][ T8801] do_syscall_64+0x103/0x610 [ 1272.630017][ T8801] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1272.635915][ T8801] RIP: 0033:0x458079 [ 1272.639830][ T8801] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1272.659435][ T8801] RSP: 002b:00007fa3c5772c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 03:42:59 executing program 0: clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x20000000, 0xd0}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 03:42:59 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b0") r1 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$IP_VS_SO_GET_DESTS(r1, 0x0, 0x484, &(0x7f0000000600)=""/133, &(0x7f0000000400)=0x85) [ 1272.667836][ T8801] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000458079 [ 1272.675812][ T8801] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 1272.683788][ T8801] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1272.691764][ T8801] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa3c57736d4 [ 1272.699741][ T8801] R13: 00000000004c3d3a R14: 00000000004d6f20 R15: 00000000ffffffff [ 1272.711178][ T8801] memory: usage 307168kB, limit 307200kB, failcnt 1112 [ 1272.718049][ T8801] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1272.720259][ T8825] IPVS: length: 133 != 24 [ 1272.725621][ T8801] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1272.725630][ T8801] Memory cgroup stats for /syz4: cache:0KB rss:279932KB rss_huge:20480KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:235456KB active_anon:27424KB inactive_file:0KB active_file:0KB unevictable:17148KB 03:42:59 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f000080e000)={0x2, 0xe, 0x0, 0x0, 0xc, 0x0, 0x70bd2a, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0xffffff80, 0x0, @in6}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0x60}}, 0x0) [ 1272.780033][ T8801] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=8795,uid=0 [ 1272.810987][ T8801] Memory cgroup out of memory: Killed process 8795 (syz-executor.4) total-vm:72448kB, anon-rss:17004kB, file-rss:37164kB, shmem-rss:0kB [ 1274.400689][ C1] net_ratelimit: 20 callbacks suppressed [ 1274.400695][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1274.412130][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1274.480685][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1274.486497][ C0] protocol 88fb is buggy, dev hsr_slave_1 03:43:01 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000440), 0x132224) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() setsockopt$IPT_SO_SET_REPLACE(r1, 0x0, 0x40, &(0x7f00000000c0)=ANY=[@ANYBLOB="6e61853167377400000100000000000000000000e4dbb77487e90104000000000040800000000000001b2300000503000018030000cc0000ac010000000000001004d1e090e1fe916dd282e0f34f8dfac0dc1695c4d700001004000010030002d3a379b87c5ade6e27a603551ae6543351c2f2d3c00f3f72e011777424c981c41f852110e5d4a50bc78b2aa66b63012812d04b94d660aab341cfe8364422b866cd445d5d0f4d6715baea5900323e00000000000071cf4f"], 0x1) ptrace$setopts(0x4206, r2, 0x0, 0x0) wait4(0x0, 0x0, 0x0, 0x0) tkill(r2, 0x3c) 03:43:01 executing program 5: socket$inet_sctp(0x2, 0x5, 0x84) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f00000003c0)=ANY=[@ANYBLOB="7cdaf117ad949c33f5436f8e61287af40e63e6559df00e1c92e3892c4c1cde1e61dc755864675bb0084e5e8ed007ed531d2e2cbd9c775f9e6d807d11e9e6c7c13e9b9937"], 0x0) r1 = socket(0xa, 0x3, 0x5) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'bridge0\x00\x00\x01\x00'}) setsockopt$ARPT_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x0, 0x61, &(0x7f0000000080)={'filter\x00', 0x4}, 0x68) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8923, &(0x7f0000000040)={'bridge0\x00', 0xfffffffffffffffd}) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) socket$inet(0x2, 0x4000000000000001, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCBRADDBR(r4, 0x89a0, &(0x7f00000000c0)='bcsf0\x00') setsockopt$inet6_mtu(r3, 0x29, 0x17, &(0x7f00000002c0)=0x7, 0x4) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(tnepres)\x00'}, 0x58) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r2, 0x84, 0x7c, &(0x7f0000000680)={0x0, 0x4}, &(0x7f00000006c0)=0x8) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f0000000700)={0x0, 0x0, 0x2, 0x1, r6}, 0x10) r7 = accept4(r5, 0x0, &(0x7f0000000000), 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000100), 0x0) r8 = syz_genetlink_get_family_id$nbd(&(0x7f0000000740)='nbd\x00') sendmsg$NBD_CMD_STATUS(r4, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)={0x20, r8, 0x20, 0x70bd27, 0x25dfdbfd, {}, [@NBD_ATTR_TIMEOUT={0xc, 0x4, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x4000) sendto$unix(r7, &(0x7f0000000400), 0xfffffffffffffef8, 0x0, 0x0, 0x22) bind$bt_l2cap(r2, &(0x7f0000000280)={0x1f, 0x1000, {0x2, 0x8, 0x9, 0xff, 0x40, 0x65f}, 0x5, 0xa1}, 0xe) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000200)={r3, &(0x7f0000000140)="b127e17bb4729bdbe9df3309c28cfe1b0b69a52b7f9659d9f5e15f2d086700eb94d66d46780f09e48850970774d57053aa6f75", 0x0, 0x1}, 0x20) socket$alg(0x26, 0x5, 0x0) recvmmsg(r7, &(0x7f0000009140)=[{{&(0x7f0000001580)=@in={0x2, 0x0, @dev}, 0x80, &(0x7f0000004840)=[{&(0x7f0000003840)=""/4096, 0x6}, {&(0x7f0000001600)=""/129, 0x7fffeffa}], 0x2, &(0x7f00000048c0)=""/58, 0x3a}}], 0x1, 0x0, &(0x7f0000009340)={0x0, 0x989680}) ioctl$sock_SIOCBRDELBR(r4, 0x89a1, &(0x7f0000000180)='bcsf0\x00\x00\x00\x00\x00\x00\x00\x11\x00') getsockopt$bt_rfcomm_RFCOMM_LM(r3, 0x12, 0x3, &(0x7f0000000380), &(0x7f0000000240)=0x293) sendmsg$nl_xfrm(r0, &(0x7f0000000100)={&(0x7f0000f4dff4), 0xc, &(0x7f0000000040)={&(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000c011100"], 0x1}}, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000600)={'bridge0\x00'}) 03:43:01 executing program 4: socketpair$unix(0x1, 0x0, 0x0, 0x0) r0 = creat(0x0, 0x0) r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_STATUS(r0, 0xc05c5340, &(0x7f0000000200)={0xff, 0x0, 0xff, {}, 0x2, 0x1}) mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x0, 0x6031, 0xffffffffffffffff, 0x0) fcntl$dupfd(r2, 0x406, r1) 03:43:01 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b0") r1 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$IP_VS_SO_GET_DESTS(r1, 0x0, 0x484, &(0x7f0000000600)=""/133, &(0x7f0000000400)=0x85) 03:43:01 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f000080e000)={0x2, 0xe, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0xffffff80, 0x0, @in6}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0x60}}, 0x0) r1 = syz_open_dev$usb(&(0x7f0000000000)='/dev/bus/usb/00#/00#\x00', 0x4, 0x10000) r2 = gettid() write$cgroup_pid(r1, &(0x7f0000000040)=r2, 0x12) [ 1274.960649][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1274.966501][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1274.972344][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1274.978092][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1274.983918][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1274.989665][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1275.038248][ T8834] IPVS: length: 133 != 24 03:43:01 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b0") r1 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$IP_VS_SO_GET_DESTS(r1, 0x0, 0x484, &(0x7f0000000600)=""/133, &(0x7f0000000400)=0x85) 03:43:01 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f000080e000)={0x2, 0xe, 0x0, 0x0, 0x20000000000000d7, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0xffffff80, 0x0, @in6}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0x60}}, 0x0) [ 1275.208654][ T8854] IPVS: length: 133 != 24 03:43:01 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$IP_VS_SO_GET_DESTS(0xffffffffffffffff, 0x0, 0x484, &(0x7f0000000600)=""/133, &(0x7f0000000400)=0x85) 03:43:01 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) getsockopt$bt_hci(r0, 0x0, 0x3, &(0x7f0000000000)=""/223, &(0x7f0000000100)=0xdf) sendmsg$key(r0, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f000080e000)=ANY=[@ANYBLOB="020ef4000c000000000000000000000005000600008000000a0000000000000000000000000000000000000000000000000000000000000005000500000000000a00000000000000fe8000000000000000000000000000ff0008000000000000"], 0x60}}, 0x0) [ 1275.380429][ T8837] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 1275.394358][ T8837] CPU: 1 PID: 8837 Comm: syz-executor.4 Not tainted 5.1.0-rc1-next-20190319 #6 [ 1275.403300][ T8837] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1275.403308][ T8837] Call Trace: [ 1275.403329][ T8837] dump_stack+0x172/0x1f0 [ 1275.403353][ T8837] dump_header+0x10f/0xb6c [ 1275.403373][ T8837] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1275.403393][ T8837] ? ___ratelimit+0x60/0x595 [ 1275.403417][ T8837] ? do_raw_spin_unlock+0x57/0x270 [ 1275.435831][ T8837] oom_kill_process.cold+0x10/0x15 [ 1275.435853][ T8837] out_of_memory+0x79a/0x1280 [ 1275.435880][ T8837] ? lock_downgrade+0x880/0x880 [ 1275.456029][ T8837] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1275.456050][ T8837] ? oom_killer_disable+0x280/0x280 [ 1275.456065][ T8837] ? find_held_lock+0x35/0x130 [ 1275.456094][ T8837] mem_cgroup_out_of_memory+0x1ca/0x230 [ 1275.477783][ T8837] ? memcg_event_wake+0x230/0x230 [ 1275.482822][ T8837] ? do_raw_spin_unlock+0x57/0x270 [ 1275.487944][ T8837] ? _raw_spin_unlock+0x2d/0x50 [ 1275.492805][ T8837] try_charge+0x118d/0x1790 [ 1275.497329][ T8837] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1275.503020][ T8837] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1275.509273][ T8837] ? kasan_check_read+0x11/0x20 [ 1275.514449][ T8837] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1275.520005][ T8837] mem_cgroup_try_charge+0x24d/0x5e0 [ 1275.525303][ T8837] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1275.530947][ T8837] __handle_mm_fault+0x1e1f/0x3ec0 [ 1275.536074][ T8837] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1275.541631][ T8837] ? find_held_lock+0x35/0x130 [ 1275.546396][ T8837] ? handle_mm_fault+0x322/0xb30 [ 1275.551323][ T8837] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1275.557546][ T8837] ? kasan_check_read+0x11/0x20 [ 1275.562382][ T8837] handle_mm_fault+0x43f/0xb30 [ 1275.567133][ T8837] __get_user_pages+0x7b6/0x1a40 [ 1275.572060][ T8837] ? follow_page_mask+0x19a0/0x19a0 [ 1275.577247][ T8837] ? perf_trace_lock+0xeb/0x510 [ 1275.582101][ T8837] ? __vma_adjust+0x1840/0x1840 [ 1275.586941][ T8837] ? lock_acquire+0x16f/0x3f0 [ 1275.591600][ T8837] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1275.597850][ T8837] populate_vma_page_range+0x20d/0x2a0 [ 1275.603330][ T8837] __mm_populate+0x204/0x380 [ 1275.607924][ T8837] ? populate_vma_page_range+0x2a0/0x2a0 [ 1275.613550][ T8837] __x64_sys_mlockall+0x35c/0x520 [ 1275.618560][ T8837] do_syscall_64+0x103/0x610 [ 1275.623589][ T8837] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1275.629462][ T8837] RIP: 0033:0x458079 [ 1275.633350][ T8837] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1275.652949][ T8837] RSP: 002b:00007fa3c5772c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 1275.661340][ T8837] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000458079 [ 1275.669413][ T8837] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 1275.677676][ T8837] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1275.685631][ T8837] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa3c57736d4 [ 1275.693581][ T8837] R13: 00000000004c3d3a R14: 00000000004d6f20 R15: 00000000ffffffff [ 1275.705672][ T8837] memory: usage 307200kB, limit 307200kB, failcnt 1144 [ 1275.715069][ T8837] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1275.722958][ T8837] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1275.730095][ T8837] Memory cgroup stats for /syz4: cache:0KB rss:279936KB rss_huge:18432KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:235456KB active_anon:27424KB inactive_file:4KB active_file:0KB unevictable:17164KB [ 1275.752598][ T8837] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=8836,uid=0 03:43:02 executing program 0: clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x20000000, 0xd0}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 03:43:02 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$IP_VS_SO_GET_DESTS(0xffffffffffffffff, 0x0, 0x484, &(0x7f0000000600)=""/133, &(0x7f0000000400)=0x85) 03:43:02 executing program 2: syz_init_net_socket$x25(0x9, 0x5, 0x0) r0 = socket$key(0xf, 0x3, 0x2) r1 = syz_open_dev$mouse(&(0x7f0000000000)='/dev/input/mouse#\x00', 0x4, 0x101400) ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffff9c, 0xc0086420, &(0x7f0000000040)={0x0}) ioctl$DRM_IOCTL_SET_SAREA_CTX(r1, 0x4010641c, &(0x7f0000000100)={r2, &(0x7f00000000c0)=""/48}) socket$caif_stream(0x25, 0x1, 0x5) sendmsg$key(r0, &(0x7f00005f5000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f000080e000)={0x2, 0xe, 0x0, 0x0, 0x2000000000000137, 0x0, 0x0, 0x25dfdbfb, [@sadb_address={0x5, 0x6, 0x0, 0xffffff80, 0x0, @in6}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0x60}}, 0x0) [ 1275.778891][ T8837] Memory cgroup out of memory: Killed process 8836 (syz-executor.4) total-vm:72448kB, anon-rss:17072kB, file-rss:37164kB, shmem-rss:0kB [ 1275.813372][ T1043] oom_reaper: reaped process 8836 (syz-executor.4), now anon-rss:17120kB, file-rss:37944kB, shmem-rss:0kB 03:43:04 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000440), 0x132224) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() setsockopt$IPT_SO_SET_REPLACE(r1, 0x0, 0x40, &(0x7f00000000c0)=ANY=[@ANYBLOB="6e61853167377400000100000000000000000000e4dbb77487e90104000000000040800000000000001b2300000503000018030000cc0000ac010000000000001004d1e090e1fe916dd282e0f34f8dfac0dc1695c4d700001004000010030002d3a379b87c5ade6e27a603551ae6543351c2f2d3c00f3f72e011777424c981c41f852110e5d4a50bc78b2aa66b63012812d04b94d660aab341cfe8364422b866cd445d5d0f4d6715baea5900323e00000000000071cf4f"], 0x1) ptrace$setopts(0x4206, r2, 0x0, 0x0) wait4(0x0, 0x0, 0x0, 0x0) tkill(r2, 0x3c) 03:43:04 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$IP_VS_SO_GET_DESTS(0xffffffffffffffff, 0x0, 0x484, &(0x7f0000000600)=""/133, &(0x7f0000000400)=0x85) 03:43:04 executing program 5: socket$inet_sctp(0x2, 0x5, 0x84) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f00000003c0)=ANY=[@ANYBLOB="7cdaf117ad949c33f5436f8e61287af40e63e6559df00e1c92e3892c4c1cde1e61dc755864675bb0084e5e8ed007ed531d2e2cbd9c775f9e6d807d11e9e6c7c13e9b9937"], 0x0) r1 = socket(0xa, 0x3, 0x5) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'bridge0\x00\x00\x01\x00'}) setsockopt$inet6_mtu(r1, 0x29, 0x17, &(0x7f00000001c0)=0x2, 0x4) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8923, &(0x7f0000000040)={'bridge0\x00', 0xfffffffffffffffd}) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) socket$inet(0x2, 0x4000000000000001, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCBRADDBR(r4, 0x89a0, &(0x7f00000000c0)='bcsf0\x00') setsockopt$inet6_mtu(r3, 0x29, 0x17, &(0x7f00000002c0)=0x7, 0x4) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(tnepres)\x00'}, 0x58) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r2, 0x84, 0x7c, &(0x7f0000000680)={0x0, 0x4}, &(0x7f00000006c0)=0x8) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f0000000700)={0x0, 0x0, 0x2, 0x1, r6}, 0x10) r7 = accept4(r5, 0x0, &(0x7f0000000000), 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000100), 0x0) r8 = syz_genetlink_get_family_id$nbd(&(0x7f0000000740)='nbd\x00') sendmsg$NBD_CMD_STATUS(r4, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)={0x20, r8, 0x20, 0x70bd27, 0x25dfdbfd, {}, [@NBD_ATTR_TIMEOUT={0xc, 0x4, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x4000) sendto$unix(r7, &(0x7f0000000400), 0xfffffffffffffef8, 0x0, 0x0, 0x22) bind$bt_l2cap(r2, &(0x7f0000000280)={0x1f, 0x1000, {0x2, 0x8, 0x9, 0xff, 0x40, 0x65f}, 0x5, 0xa1}, 0xe) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000200)={r3, &(0x7f0000000140)="b127e17bb4729bdbe9df3309c28cfe1b0b69a52b7f9659d9f5e15f2d086700eb94d66d46780f09e48850970774d57053aa6f75", 0x0, 0x1}, 0x20) socket$alg(0x26, 0x5, 0x0) recvmmsg(r7, &(0x7f0000009140)=[{{&(0x7f0000001580)=@in={0x2, 0x0, @dev}, 0x80, &(0x7f0000004840)=[{&(0x7f0000003840)=""/4096, 0x6}, {&(0x7f0000001600)=""/129, 0x7fffeffa}], 0x2, &(0x7f00000048c0)=""/58, 0x3a}}], 0x1, 0x0, &(0x7f0000009340)={0x0, 0x989680}) ioctl$sock_SIOCBRDELBR(r4, 0x89a1, &(0x7f0000000180)='bcsf0\x00\x00\x00\x00\x00\x00\x00\x11\x00') getsockopt$bt_rfcomm_RFCOMM_LM(r3, 0x12, 0x3, &(0x7f0000000380), &(0x7f0000000240)=0x293) sendmsg$nl_xfrm(r0, &(0x7f0000000100)={&(0x7f0000f4dff4), 0xc, &(0x7f0000000040)={&(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000c011100"], 0x1}}, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000600)={'bridge0\x00'}) 03:43:04 executing program 4: socketpair$unix(0x1, 0x0, 0x0, 0x0) r0 = creat(0x0, 0x0) r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_STATUS(r0, 0xc05c5340, &(0x7f0000000200)={0xff, 0x9, 0x0, {}, 0x2, 0x1}) mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x0, 0x6031, 0xffffffffffffffff, 0x0) fcntl$dupfd(r2, 0x406, r1) 03:43:04 executing program 2: r0 = dup(0xffffffffffffff9c) ioctl$SG_SCSI_RESET(r0, 0x2284, 0x0) r1 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r1, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f000080e000)={0x2, 0xe, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0xffffff80, 0x0, @in6}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0x60}}, 0x0) dup(r1) 03:43:04 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$IP_VS_SO_GET_DESTS(r1, 0x0, 0x484, 0x0, &(0x7f0000000400)) 03:43:04 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f000080e000)={0x2, 0xc, 0x0, 0x6, 0x9, 0x0, 0x0, 0x0, [@sadb_ident={0x2, 0xa, 0x3, 0x0, 0x7ff}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0x48}}, 0x800) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000100)='/dev/loop-control\x00', 0x2, 0x0) r1 = syz_open_dev$vbi(&(0x7f0000000340)='/dev/vbi#\x00', 0x2, 0x2) r2 = inotify_add_watch(r0, &(0x7f0000000440)='./file0/../file0\x00', 0x2000040) inotify_rm_watch(r1, r2) ioctl$SIOCX25SCALLUSERDATA(r1, 0x89e5, &(0x7f0000000380)={0x21, "dee91ca2f45b6f0f87aa8e482ba9ea759ec4677874668bbe6f39024de97c5d872e5be03d7d2e5b22c9b323dba9a24f78077a28bdb7acb91b36348fe6906e9c05164d029c00a0326d2746db13818e46f1482346a35b278d124752ae412acb53ab5c83025cc1236b2d7f7bda481b16c72737271c61834a5706a7aee53ebdb08f06"}) r3 = syz_open_dev$dmmidi(&(0x7f0000000000)='/dev/dmmidi#\x00', 0xfffffffffffffff9, 0x200000) syz_mount_image$xfs(&(0x7f0000000040)='xfs\x00', &(0x7f0000000140)='./file0\x00', 0x81, 0x1, &(0x7f0000000240)=[{&(0x7f0000000180)="b4e50b3b44ef8258ffed6b6ddc58d5a8a5cb29cfe2da8801f8335cc4acb1b36df35e180d852ee9743b092173f63ba7cb3c41ea10e3c34623bc72b2b6c39d6239986558df2c625da7e4268b735086b13fc6fe8dca15b421ecefb3f8a05a3ebd17d37e9e89d3c8462c3539757f1374c79754b003a3068d82573dce9af0297eba42613ea750464a05be9db5e0cf7fa86786ed27614ad64a77353f033fa62c8f2bf5bfc6250d3024cc8ff3360cd7630298a343d26f083566", 0xb6, 0x3}], 0x800, &(0x7f0000000280)={[{@swalloc='swalloc'}, {@filestreams='filestreams'}, {@biosize={'biosize', 0x3d, 0x3}}, {@barrier='barrier'}, {@nolargeio='nolargeio'}, {@nouuid='nouuid'}, {@inode32='inode32'}], [{@hash='hash'}, {@mask={'mask', 0x3d, '^MAY_EXEC'}}, {@defcontext={'defcontext', 0x3d, 'user_u'}}, {@smackfsroot={'smackfsroot', 0x3d, '/dev/dmmidi#\x00'}}]}) getsockopt$TIPC_NODE_RECVQ_DEPTH(r3, 0x10f, 0x83, &(0x7f0000000080), &(0x7f00000000c0)=0x4) 03:43:04 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$IP_VS_SO_GET_DESTS(r1, 0x0, 0x484, 0x0, &(0x7f0000000400)) 03:43:04 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$IP_VS_SO_GET_DESTS(r1, 0x0, 0x484, 0x0, &(0x7f0000000400)) [ 1278.450029][ T8873] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 1278.462418][ T8873] CPU: 0 PID: 8873 Comm: syz-executor.4 Not tainted 5.1.0-rc1-next-20190319 #6 [ 1278.471363][ T8873] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1278.481420][ T8873] Call Trace: [ 1278.484719][ T8873] dump_stack+0x172/0x1f0 [ 1278.489066][ T8873] dump_header+0x10f/0xb6c [ 1278.493587][ T8873] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1278.499407][ T8873] ? ___ratelimit+0x60/0x595 [ 1278.504012][ T8873] ? do_raw_spin_unlock+0x57/0x270 [ 1278.509137][ T8873] oom_kill_process.cold+0x10/0x15 [ 1278.514256][ T8873] out_of_memory+0x79a/0x1280 [ 1278.518952][ T8873] ? lock_downgrade+0x880/0x880 [ 1278.523815][ T8873] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1278.530061][ T8873] ? oom_killer_disable+0x280/0x280 [ 1278.535264][ T8873] ? find_held_lock+0x35/0x130 [ 1278.540050][ T8873] mem_cgroup_out_of_memory+0x1ca/0x230 [ 1278.545600][ T8873] ? memcg_event_wake+0x230/0x230 [ 1278.550639][ T8873] ? do_raw_spin_unlock+0x57/0x270 [ 1278.555758][ T8873] ? _raw_spin_unlock+0x2d/0x50 [ 1278.560620][ T8873] try_charge+0x118d/0x1790 [ 1278.565142][ T8873] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1278.570702][ T8873] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1278.576966][ T8873] ? kasan_check_read+0x11/0x20 [ 1278.581839][ T8873] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1278.587392][ T8873] mem_cgroup_try_charge+0x24d/0x5e0 [ 1278.592689][ T8873] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1278.598336][ T8873] __handle_mm_fault+0x1e1f/0x3ec0 [ 1278.603468][ T8873] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1278.609024][ T8873] ? find_held_lock+0x35/0x130 [ 1278.613796][ T8873] ? handle_mm_fault+0x322/0xb30 [ 1278.618764][ T8873] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1278.625021][ T8873] ? kasan_check_read+0x11/0x20 [ 1278.629891][ T8873] handle_mm_fault+0x43f/0xb30 [ 1278.634685][ T8873] __get_user_pages+0x7b6/0x1a40 [ 1278.639647][ T8873] ? follow_page_mask+0x19a0/0x19a0 [ 1278.644846][ T8873] ? perf_trace_lock+0xeb/0x510 [ 1278.649694][ T8873] ? __vma_adjust+0x1840/0x1840 [ 1278.654553][ T8873] ? lock_acquire+0x16f/0x3f0 [ 1278.659230][ T8873] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1278.665471][ T8873] populate_vma_page_range+0x20d/0x2a0 [ 1278.670944][ T8873] __mm_populate+0x204/0x380 [ 1278.675535][ T8873] ? populate_vma_page_range+0x2a0/0x2a0 [ 1278.681265][ T8873] __x64_sys_mlockall+0x35c/0x520 [ 1278.686291][ T8873] do_syscall_64+0x103/0x610 [ 1278.690885][ T8873] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1278.696773][ T8873] RIP: 0033:0x458079 [ 1278.700665][ T8873] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1278.720260][ T8873] RSP: 002b:00007fa3c5772c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 1278.728667][ T8873] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000458079 [ 1278.736635][ T8873] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 1278.744604][ T8873] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1278.752572][ T8873] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa3c57736d4 [ 1278.760536][ T8873] R13: 00000000004c3d3a R14: 00000000004d6f20 R15: 00000000ffffffff [ 1278.777901][ T8873] memory: usage 307200kB, limit 307200kB, failcnt 1183 [ 1278.785110][ T8873] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1278.793230][ T8873] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 03:43:05 executing program 0: clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x20000000, 0xd0}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 03:43:05 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000000040)=ANY=[@ANYBLOB="020e00000c00000000000000000000000500064f00008000000a0000000000000000000000000000000000000000000000000000000000000005000500000000000a00000000000000fe8000000000000000000000000000ff00000000000000006b63bce8b0e6ccf8c04963b015"], 0x60}}, 0x0) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snapshot\x00', 0xa80, 0x0) ioctl$PPPOEIOCDFWD(r1, 0xb101, 0x0) 03:43:05 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$IP_VS_SO_GET_DESTS(r1, 0x0, 0x484, &(0x7f0000000600)=""/133, 0x0) 03:43:05 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000440), 0x132224) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() setsockopt$IPT_SO_SET_REPLACE(r1, 0x0, 0x40, &(0x7f00000000c0)=ANY=[@ANYBLOB="6e61853167377400000100000000000000000000e4dbb77487e90104000000000040800000000000001b2300000503000018030000cc0000ac010000000000001004d1e090e1fe916dd282e0f34f8dfac0dc1695c4d700001004000010030002d3a379b87c5ade6e27a603551ae6543351c2f2d3c00f3f72e011777424c981c41f852110e5d4a50bc78b2aa66b63012812d04b94d660aab341cfe8364422b866cd445d5d0f4d6715baea5900323e00000000000071cf4f"], 0x1) ptrace$setopts(0x4206, r2, 0x0, 0x0) wait4(0x0, 0x0, 0x0, 0x0) tkill(r2, 0x3c) [ 1278.800201][ T8873] Memory cgroup stats for /syz4: cache:0KB rss:279908KB rss_huge:20480KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:235456KB active_anon:27424KB inactive_file:4KB active_file:0KB unevictable:17132KB [ 1278.823014][ T8873] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=8872,uid=0 03:43:05 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$IP_VS_SO_GET_DESTS(r1, 0x0, 0x484, &(0x7f0000000600)=""/133, 0x0) [ 1278.868535][ T8873] Memory cgroup out of memory: Killed process 8872 (syz-executor.4) total-vm:72448kB, anon-rss:17008kB, file-rss:37164kB, shmem-rss:0kB 03:43:05 executing program 0: clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) tkill(r0, 0x1) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x20000000, 0xd0}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) [ 1278.934949][ T1043] oom_reaper: reaped process 8872 (syz-executor.4), now anon-rss:17168kB, file-rss:37944kB, shmem-rss:0kB 03:43:05 executing program 4: socketpair$unix(0x1, 0x0, 0x0, 0x0) r0 = creat(0x0, 0x0) r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_STATUS(r0, 0xc05c5340, &(0x7f0000000200)={0xff, 0x9, 0x0, {}, 0x2, 0x1}) mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x0, 0x6031, 0xffffffffffffffff, 0x0) fcntl$dupfd(r2, 0x406, r1) 03:43:05 executing program 5: socket$inet_sctp(0x2, 0x5, 0x84) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f00000003c0)=ANY=[@ANYBLOB="7cdaf117ad949c33f5436f8e61287af40e63e6559df00e1c92e3892c4c1cde1e61dc755864675bb0084e5e8ed007ed531d2e2cbd9c775f9e6d807d11e9e6c7c13e9b9937"], 0x0) r1 = socket(0xa, 0x3, 0x5) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'bridge0\x00\x00\x01\x00'}) setsockopt$inet6_mtu(r1, 0x29, 0x17, &(0x7f00000001c0)=0x2, 0x4) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8923, &(0x7f0000000040)={'bridge0\x00', 0xfffffffffffffffd}) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) socket$inet(0x2, 0x4000000000000001, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCBRADDBR(r4, 0x89a0, &(0x7f00000000c0)='bcsf0\x00') setsockopt$inet6_mtu(r3, 0x29, 0x17, &(0x7f00000002c0)=0x7, 0x4) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(tnepres)\x00'}, 0x58) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r2, 0x84, 0x7c, &(0x7f0000000680)={0x0, 0x4}, &(0x7f00000006c0)=0x8) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f0000000700)={0x0, 0x0, 0x2, 0x1, r6}, 0x10) r7 = accept4(r5, 0x0, &(0x7f0000000000), 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000100), 0x0) r8 = syz_genetlink_get_family_id$nbd(&(0x7f0000000740)='nbd\x00') sendmsg$NBD_CMD_STATUS(r4, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)={0x20, r8, 0x20, 0x70bd27, 0x25dfdbfd, {}, [@NBD_ATTR_TIMEOUT={0xc, 0x4, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x4000) sendto$unix(r7, &(0x7f0000000400), 0xfffffffffffffef8, 0x0, 0x0, 0x22) bind$bt_l2cap(r2, &(0x7f0000000280)={0x1f, 0x1000, {0x2, 0x8, 0x9, 0xff, 0x40, 0x65f}, 0x5, 0xa1}, 0xe) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000200)={r3, &(0x7f0000000140)="b127e17bb4729bdbe9df3309c28cfe1b0b69a52b7f9659d9f5e15f2d086700eb94d66d46780f09e48850970774d57053aa6f75", 0x0, 0x1}, 0x20) socket$alg(0x26, 0x5, 0x0) recvmmsg(r7, &(0x7f0000009140)=[{{&(0x7f0000001580)=@in={0x2, 0x0, @dev}, 0x80, &(0x7f0000004840)=[{&(0x7f0000003840)=""/4096, 0x6}, {&(0x7f0000001600)=""/129, 0x7fffeffa}], 0x2, &(0x7f00000048c0)=""/58, 0x3a}}], 0x1, 0x0, &(0x7f0000009340)={0x0, 0x989680}) ioctl$sock_SIOCBRDELBR(r4, 0x89a1, &(0x7f0000000180)='bcsf0\x00\x00\x00\x00\x00\x00\x00\x11\x00') getsockopt$bt_rfcomm_RFCOMM_LM(r3, 0x12, 0x3, &(0x7f0000000380), &(0x7f0000000240)=0x293) sendmsg$nl_xfrm(r0, &(0x7f0000000100)={&(0x7f0000f4dff4), 0xc, &(0x7f0000000040)={&(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000c011100"], 0x1}}, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000600)={'bridge0\x00'}) 03:43:05 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f000080e000)={0x2, 0xe, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0xffffff80, 0x0, @in6}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0x60}}, 0x0) r1 = dup2(r0, r0) ioctl$TUNGETIFF(r1, 0x800454d2, &(0x7f0000000000)) r2 = dup(r0) ioctl$DRM_IOCTL_SET_MASTER(r2, 0x641e) 03:43:05 executing program 0: clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) tkill(r0, 0x1) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x20000000, 0xd0}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 03:43:05 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$IP_VS_SO_GET_DESTS(r1, 0x0, 0x484, &(0x7f0000000600)=""/133, 0x0) 03:43:05 executing program 0: clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) tkill(r0, 0x1) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x20000000, 0xd0}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 03:43:05 executing program 1: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0xf7c, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prctl$PR_TASK_PERF_EVENTS_ENABLE(0x20) 03:43:05 executing program 0: clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x1) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x20000000, 0xd0}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 03:43:05 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f000080e000)=ANY=[@ANYBLOB="020e00000c000000000000000000000005000600008000000a0000000000000000000000000000000000000000000000000000000000000005800500000000000a00000000000000fe8000000000000000000000000000ff0000000000000000"], 0x60}}, 0x0) sendmsg$key(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)={0x2, 0x4, 0x4, 0x3, 0x28, 0x0, 0x70bd28, 0x25dfdbfd, [@sadb_x_kmaddress={0x8, 0x19, 0x0, @in6={0xa, 0x4e24, 0x9b, @local, 0x7}, @in6={0xa, 0x4e24, 0x1f, @empty, 0x4}}, @sadb_sa={0x2, 0x1, 0x4d4, 0x10001, 0x6, 0xd, 0x0, 0xa0000000}, @sadb_lifetime={0x4, 0x6, 0x9779, 0x9, 0x1f, 0x2}, @sadb_ident={0x2, 0xb, 0x7, 0x0, 0x1}, @sadb_ident={0x2, 0xa, 0x5d82, 0x0, 0x5}, @sadb_address={0x3, 0x6, 0x3f, 0x80, 0x0, @in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x23}}}, @sadb_spirange={0x2, 0x10, 0x4d6, 0x4d4}, @sadb_x_kmaddress={0x8, 0x19, 0x0, @in6={0xa, 0x4e22, 0x101, @mcast1, 0x3}, @in6={0xa, 0x4e24, 0x7, @rand_addr="74445e202aa818c66e36a4e6403b39e5", 0xbc0d}}, @sadb_sa={0x2, 0x1, 0x4d6, 0xacdf, 0x3, 0x16, 0x1, 0x40000000}, @sadb_address={0x5, 0x7, 0x33, 0x20, 0x0, @in6={0xa, 0x4e24, 0xfffffffffffffeff, @loopback, 0x80}}]}, 0x140}}, 0x14) [ 1279.529685][ T8932] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 1279.539704][ T8932] CPU: 0 PID: 8932 Comm: syz-executor.4 Not tainted 5.1.0-rc1-next-20190319 #6 [ 1279.548639][ T8932] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1279.558685][ T8932] Call Trace: [ 1279.561997][ T8932] dump_stack+0x172/0x1f0 [ 1279.566344][ T8932] dump_header+0x10f/0xb6c [ 1279.570776][ T8932] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1279.576582][ T8932] ? ___ratelimit+0x60/0x595 [ 1279.581172][ T8932] ? do_raw_spin_unlock+0x57/0x270 [ 1279.586307][ T8932] oom_kill_process.cold+0x10/0x15 [ 1279.591424][ T8932] out_of_memory+0x79a/0x1280 [ 1279.596099][ T8932] ? lock_downgrade+0x880/0x880 [ 1279.600956][ T8932] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1279.607198][ T8932] ? oom_killer_disable+0x280/0x280 [ 1279.612393][ T8932] ? find_held_lock+0x35/0x130 [ 1279.617167][ T8932] mem_cgroup_out_of_memory+0x1ca/0x230 [ 1279.622707][ T8932] ? memcg_event_wake+0x230/0x230 [ 1279.627735][ T8932] ? do_raw_spin_unlock+0x57/0x270 [ 1279.632846][ T8932] ? _raw_spin_unlock+0x2d/0x50 [ 1279.637695][ T8932] try_charge+0x118d/0x1790 [ 1279.642214][ T8932] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1279.647759][ T8932] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1279.654001][ T8932] ? kasan_check_read+0x11/0x20 [ 1279.658855][ T8932] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1279.664405][ T8932] mem_cgroup_try_charge+0x24d/0x5e0 [ 1279.669696][ T8932] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1279.675333][ T8932] __handle_mm_fault+0x1e1f/0x3ec0 [ 1279.680448][ T8932] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1279.685994][ T8932] ? find_held_lock+0x35/0x130 [ 1279.690760][ T8932] ? handle_mm_fault+0x322/0xb30 [ 1279.695711][ T8932] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1279.701961][ T8932] ? kasan_check_read+0x11/0x20 [ 1279.706817][ T8932] handle_mm_fault+0x43f/0xb30 [ 1279.711581][ T8932] __get_user_pages+0x7b6/0x1a40 [ 1279.716529][ T8932] ? follow_page_mask+0x19a0/0x19a0 [ 1279.721727][ T8932] ? perf_trace_lock+0xeb/0x510 [ 1279.726572][ T8932] ? __vma_adjust+0x1840/0x1840 [ 1279.731431][ T8932] ? lock_acquire+0x16f/0x3f0 [ 1279.736102][ T8932] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1279.742342][ T8932] populate_vma_page_range+0x20d/0x2a0 [ 1279.747804][ T8932] __mm_populate+0x204/0x380 [ 1279.752394][ T8932] ? populate_vma_page_range+0x2a0/0x2a0 [ 1279.758058][ T8932] __x64_sys_mlockall+0x35c/0x520 [ 1279.763088][ T8932] do_syscall_64+0x103/0x610 [ 1279.767681][ T8932] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1279.773568][ T8932] RIP: 0033:0x458079 [ 1279.777460][ T8932] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1279.797057][ T8932] RSP: 002b:00007fa3c5772c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 1279.805462][ T8932] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000458079 [ 1279.813430][ T8932] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 1279.821396][ T8932] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1279.829360][ T8932] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa3c57736d4 [ 1279.837323][ T8932] R13: 00000000004c3d3a R14: 00000000004d6f20 R15: 00000000ffffffff [ 1279.860097][ T8932] memory: usage 307200kB, limit 307200kB, failcnt 1222 [ 1279.867344][ T8932] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1279.875289][ T8932] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1279.882586][ T8932] Memory cgroup stats for /syz4: cache:0KB rss:279888KB rss_huge:18432KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:235456KB active_anon:27424KB inactive_file:4KB active_file:0KB unevictable:17084KB [ 1279.906048][ T8932] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=8930,uid=0 [ 1279.926776][ T8932] Memory cgroup out of memory: Killed process 8930 (syz-executor.4) total-vm:72448kB, anon-rss:16808kB, file-rss:37164kB, shmem-rss:0kB [ 1279.945728][ T1043] oom_reaper: reaped process 8930 (syz-executor.4), now anon-rss:16856kB, file-rss:37940kB, shmem-rss:0kB [ 1280.640613][ C1] net_ratelimit: 20 callbacks suppressed [ 1280.640620][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1280.652027][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1280.800675][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1280.806485][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1281.200639][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1281.206408][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1281.212235][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1281.217983][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1281.223868][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1281.229620][ C1] protocol 88fb is buggy, dev hsr_slave_1 03:43:08 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000440), 0x132224) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() setsockopt$IPT_SO_SET_REPLACE(r1, 0x0, 0x40, &(0x7f00000000c0)=ANY=[@ANYBLOB="6e61853167377400000100000000000000000000e4dbb77487e90104000000000040800000000000001b2300000503000018030000cc0000ac010000000000001004d1e090e1fe916dd282e0f34f8dfac0dc1695c4d700001004000010030002d3a379b87c5ade6e27a603551ae6543351c2f2d3c00f3f72e011777424c981c41f852110e5d4a50bc78b2aa66b63012812d04b94d660aab341cfe8364422b866cd445d5d0f4d6715baea5900323e00000000000071cf4f040095"], 0x1) ptrace$setopts(0x4206, r2, 0x0, 0x0) wait4(0x0, 0x0, 0x0, 0x0) tkill(r2, 0x3c) 03:43:08 executing program 0: clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x1) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x20000000, 0xd0}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 03:43:08 executing program 1: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0xf7c, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$vfat(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_open_dev$vcsn(0x0, 0x0, 0x80040) 03:43:08 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f000080e000)={0x2, 0xe, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0xffffff80, 0x0, @in6}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0x60}}, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f0000000000)='tls\x00', 0x4) 03:43:08 executing program 5: socket$inet_sctp(0x2, 0x5, 0x84) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f00000003c0)=ANY=[@ANYBLOB="7cdaf117ad949c33f5436f8e61287af40e63e6559df00e1c92e3892c4c1cde1e61dc755864675bb0084e5e8ed007ed531d2e2cbd9c775f9e6d807d11e9e6c7c13e9b9937"], 0x0) r1 = socket(0xa, 0x3, 0x5) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'bridge0\x00\x00\x01\x00'}) setsockopt$inet6_mtu(r1, 0x29, 0x17, &(0x7f00000001c0)=0x2, 0x4) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8923, &(0x7f0000000040)={'bridge0\x00', 0xfffffffffffffffd}) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) socket$inet(0x2, 0x4000000000000001, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCBRADDBR(r4, 0x89a0, &(0x7f00000000c0)='bcsf0\x00') setsockopt$inet6_mtu(r3, 0x29, 0x17, &(0x7f00000002c0)=0x7, 0x4) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(tnepres)\x00'}, 0x58) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r2, 0x84, 0x7c, &(0x7f0000000680)={0x0, 0x4}, &(0x7f00000006c0)=0x8) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f0000000700)={0x0, 0x0, 0x2, 0x1, r6}, 0x10) r7 = accept4(r5, 0x0, &(0x7f0000000000), 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000100), 0x0) r8 = syz_genetlink_get_family_id$nbd(&(0x7f0000000740)='nbd\x00') sendmsg$NBD_CMD_STATUS(r4, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)={0x20, r8, 0x20, 0x70bd27, 0x25dfdbfd, {}, [@NBD_ATTR_TIMEOUT={0xc, 0x4, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x4000) sendto$unix(r7, &(0x7f0000000400), 0xfffffffffffffef8, 0x0, 0x0, 0x22) bind$bt_l2cap(r2, &(0x7f0000000280)={0x1f, 0x1000, {0x2, 0x8, 0x9, 0xff, 0x40, 0x65f}, 0x5, 0xa1}, 0xe) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000200)={r3, &(0x7f0000000140)="b127e17bb4729bdbe9df3309c28cfe1b0b69a52b7f9659d9f5e15f2d086700eb94d66d46780f09e48850970774d57053aa6f75", 0x0, 0x1}, 0x20) socket$alg(0x26, 0x5, 0x0) recvmmsg(r7, &(0x7f0000009140)=[{{&(0x7f0000001580)=@in={0x2, 0x0, @dev}, 0x80, &(0x7f0000004840)=[{&(0x7f0000003840)=""/4096, 0x6}, {&(0x7f0000001600)=""/129, 0x7fffeffa}], 0x2, &(0x7f00000048c0)=""/58, 0x3a}}], 0x1, 0x0, &(0x7f0000009340)={0x0, 0x989680}) ioctl$sock_SIOCBRDELBR(r4, 0x89a1, &(0x7f0000000180)='bcsf0\x00\x00\x00\x00\x00\x00\x00\x11\x00') getsockopt$bt_rfcomm_RFCOMM_LM(r3, 0x12, 0x3, &(0x7f0000000380), &(0x7f0000000240)=0x293) sendmsg$nl_xfrm(r0, &(0x7f0000000100)={&(0x7f0000f4dff4), 0xc, &(0x7f0000000040)={&(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000c011100"], 0x1}}, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000600)={'bridge0\x00'}) 03:43:08 executing program 4: socketpair$unix(0x1, 0x0, 0x0, 0x0) r0 = creat(0x0, 0x0) r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_STATUS(r0, 0xc05c5340, &(0x7f0000000200)={0xff, 0x9, 0x0, {}, 0x2, 0x1}) mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x0, 0x6031, 0xffffffffffffffff, 0x0) fcntl$dupfd(r2, 0x406, r1) 03:43:08 executing program 0: clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x1) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x20000000, 0xd0}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 03:43:08 executing program 0: clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(0x0, 0x1) ptrace$cont(0x18, 0x0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x20000000, 0xd0}) ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, 0x0, 0x0, 0x0) 03:43:08 executing program 1: r0 = openat$urandom(0xffffffffffffff9c, &(0x7f0000000000)='/dev/urandom\x00', 0x0, 0x0) ioctl$RNDADDTOENTCNT(r0, 0x40045201, &(0x7f0000000040)=0x1f) 03:43:08 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000000140)=ANY=[@ANYRESOCT=r0], 0x7e8787d9cfdade05}}, 0x400000004400) 03:43:08 executing program 1: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0xf7c, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$vfat(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) umount2(0x0, 0x0) syz_open_dev$vcsn(0x0, 0x0, 0x80040) keyctl$assume_authority(0x10, 0x0) 03:43:08 executing program 0: clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(0x0, 0x1) ptrace$cont(0x18, 0x0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x20000000, 0xd0}) ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, 0x0, 0x0, 0x0) [ 1282.352800][ T8957] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 1282.363115][ T8957] CPU: 0 PID: 8957 Comm: syz-executor.4 Not tainted 5.1.0-rc1-next-20190319 #6 [ 1282.372058][ T8957] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1282.382116][ T8957] Call Trace: [ 1282.385414][ T8957] dump_stack+0x172/0x1f0 [ 1282.389759][ T8957] dump_header+0x10f/0xb6c [ 1282.394181][ T8957] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1282.399990][ T8957] ? ___ratelimit+0x60/0x595 [ 1282.404579][ T8957] ? do_raw_spin_unlock+0x57/0x270 [ 1282.409693][ T8957] oom_kill_process.cold+0x10/0x15 [ 1282.414804][ T8957] out_of_memory+0x79a/0x1280 [ 1282.419482][ T8957] ? lock_downgrade+0x880/0x880 [ 1282.424329][ T8957] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1282.430574][ T8957] ? oom_killer_disable+0x280/0x280 [ 1282.435771][ T8957] ? find_held_lock+0x35/0x130 [ 1282.440554][ T8957] mem_cgroup_out_of_memory+0x1ca/0x230 [ 1282.446099][ T8957] ? memcg_event_wake+0x230/0x230 [ 1282.451132][ T8957] ? do_raw_spin_unlock+0x57/0x270 [ 1282.456245][ T8957] ? _raw_spin_unlock+0x2d/0x50 [ 1282.461098][ T8957] try_charge+0x118d/0x1790 [ 1282.465630][ T8957] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1282.471177][ T8957] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1282.477424][ T8957] ? kasan_check_read+0x11/0x20 [ 1282.482278][ T8957] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1282.487828][ T8957] mem_cgroup_try_charge+0x24d/0x5e0 [ 1282.493122][ T8957] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1282.498755][ T8957] __handle_mm_fault+0x1e1f/0x3ec0 [ 1282.503868][ T8957] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1282.509411][ T8957] ? find_held_lock+0x35/0x130 [ 1282.514171][ T8957] ? handle_mm_fault+0x322/0xb30 [ 1282.519146][ T8957] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1282.525390][ T8957] ? kasan_check_read+0x11/0x20 [ 1282.530244][ T8957] handle_mm_fault+0x43f/0xb30 [ 1282.535014][ T8957] __get_user_pages+0x7b6/0x1a40 [ 1282.539977][ T8957] ? follow_page_mask+0x19a0/0x19a0 [ 1282.545172][ T8957] ? perf_trace_lock+0xeb/0x510 [ 1282.550022][ T8957] ? __vma_adjust+0x1840/0x1840 [ 1282.554879][ T8957] ? lock_acquire+0x16f/0x3f0 [ 1282.559570][ T8957] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1282.565818][ T8957] populate_vma_page_range+0x20d/0x2a0 [ 1282.571284][ T8957] __mm_populate+0x204/0x380 [ 1282.575874][ T8957] ? populate_vma_page_range+0x2a0/0x2a0 [ 1282.581515][ T8957] __x64_sys_mlockall+0x35c/0x520 [ 1282.586538][ T8957] do_syscall_64+0x103/0x610 [ 1282.591135][ T8957] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1282.597031][ T8957] RIP: 0033:0x458079 [ 1282.600922][ T8957] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1282.620532][ T8957] RSP: 002b:00007fa3c5772c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 1282.628950][ T8957] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000458079 [ 1282.636918][ T8957] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 1282.644903][ T8957] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1282.652878][ T8957] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa3c57736d4 [ 1282.660841][ T8957] R13: 00000000004c3d3a R14: 00000000004d6f20 R15: 00000000ffffffff [ 1282.682088][ T8957] memory: usage 307200kB, limit 307200kB, failcnt 1256 [ 1282.706248][ T8957] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1282.714346][ T8957] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1282.730999][ T8957] Memory cgroup stats for /syz4: cache:0KB rss:279756KB rss_huge:18432KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:235456KB active_anon:27424KB inactive_file:4KB active_file:0KB unevictable:17076KB [ 1282.767663][ T8957] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=8956,uid=0 [ 1282.790939][ T8957] Memory cgroup out of memory: Killed process 8956 (syz-executor.4) total-vm:72448kB, anon-rss:16808kB, file-rss:37164kB, shmem-rss:0kB 03:43:09 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000440), 0x132224) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() setsockopt$IPT_SO_SET_REPLACE(r1, 0x0, 0x40, &(0x7f00000000c0)=ANY=[@ANYBLOB="6e61853167377400000100000000000000000000e4dbb77487e90104000000000040800000000000001b2300000503000018030000cc0000ac010000000000001004d1e090e1fe916dd282e0f34f8dfac0dc1695c4d700001004000010030002d3a379b87c5ade6e27a603551ae6543351c2f2d3c00f3f72e011777424c981c41f852110e5d4a50bc78b2aa66b63012812d04b94d660aab341cfe8364422b866cd445d5d0f4d6715baea5900323e00000000000071cf4f040095"], 0x1) ptrace$setopts(0x4206, r2, 0x0, 0x0) wait4(0x0, 0x0, 0x0, 0x0) tkill(r2, 0x3c) 03:43:09 executing program 0: clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(0x0, 0x1) ptrace$cont(0x18, 0x0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x20000000, 0xd0}) ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, 0x0, 0x0, 0x0) 03:43:09 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f000080e000)=ANY=[@ANYBLOB="021e00000c000000000000000000000005000600008000000a0000000000000000000000000000000000000000000000000000000000000005000500000000000a00000000000000fe8000000000000000000000000000ff0000000000000000"], 0x60}}, 0x0) 03:43:09 executing program 1: r0 = openat$full(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/full\x00', 0x0, 0x0) readv(r0, &(0x7f0000002ac0)=[{0x0}, {0x0}, {&(0x7f00000004c0)=""/249, 0xf9}], 0x3) 03:43:09 executing program 5: socket$inet_sctp(0x2, 0x5, 0x84) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f00000003c0)=ANY=[@ANYBLOB="7cdaf117ad949c33f5436f8e61287af40e63e6559df00e1c92e3892c4c1cde1e61dc755864675bb0084e5e8ed007ed531d2e2cbd9c775f9e6d807d11e9e6c7c13e9b9937"], 0x0) ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x8914, &(0x7f0000000000)={'bridge0\x00\x00\x01\x00'}) setsockopt$ARPT_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x0, 0x61, &(0x7f0000000080)={'filter\x00', 0x4}, 0x68) setsockopt$inet6_mtu(0xffffffffffffffff, 0x29, 0x17, &(0x7f00000001c0)=0x2, 0x4) ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x8923, &(0x7f0000000040)={'bridge0\x00', 0xfffffffffffffffd}) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) socket$inet(0x2, 0x4000000000000001, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCBRADDBR(r3, 0x89a0, &(0x7f00000000c0)='bcsf0\x00') setsockopt$inet6_mtu(r2, 0x29, 0x17, &(0x7f00000002c0)=0x7, 0x4) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(tnepres)\x00'}, 0x58) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r1, 0x84, 0x7c, &(0x7f0000000680)={0x0, 0x4}, &(0x7f00000006c0)=0x8) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000700)={0x0, 0x0, 0x2, 0x1, r5}, 0x10) r6 = accept4(r4, 0x0, &(0x7f0000000000), 0x0) setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000000100), 0x0) r7 = syz_genetlink_get_family_id$nbd(&(0x7f0000000740)='nbd\x00') sendmsg$NBD_CMD_STATUS(r3, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)={0x20, r7, 0x20, 0x70bd27, 0x25dfdbfd, {}, [@NBD_ATTR_TIMEOUT={0xc, 0x4, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x4000) sendto$unix(r6, &(0x7f0000000400), 0xfffffffffffffef8, 0x0, 0x0, 0x22) bind$bt_l2cap(r1, &(0x7f0000000280)={0x1f, 0x1000, {0x2, 0x8, 0x9, 0xff, 0x40, 0x65f}, 0x5, 0xa1}, 0xe) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000200)={r2, &(0x7f0000000140)="b127e17bb4729bdbe9df3309c28cfe1b0b69a52b7f9659d9f5e15f2d086700eb94d66d46780f09e48850970774d57053aa6f75", 0x0, 0x1}, 0x20) socket$alg(0x26, 0x5, 0x0) recvmmsg(r6, &(0x7f0000009140)=[{{&(0x7f0000001580)=@in={0x2, 0x0, @dev}, 0x80, &(0x7f0000004840)=[{&(0x7f0000003840)=""/4096, 0x6}, {&(0x7f0000001600)=""/129, 0x7fffeffa}], 0x2, &(0x7f00000048c0)=""/58, 0x3a}}], 0x1, 0x0, &(0x7f0000009340)={0x0, 0x989680}) ioctl$sock_SIOCBRDELBR(r3, 0x89a1, &(0x7f0000000180)='bcsf0\x00\x00\x00\x00\x00\x00\x00\x11\x00') getsockopt$bt_rfcomm_RFCOMM_LM(r2, 0x12, 0x3, &(0x7f0000000380), &(0x7f0000000240)=0x293) sendmsg$nl_xfrm(r0, &(0x7f0000000100)={&(0x7f0000f4dff4), 0xc, &(0x7f0000000040)={&(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000c011100"], 0x1}}, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000600)={'bridge0\x00'}) [ 1282.809880][ T1043] oom_reaper: reaped process 8956 (syz-executor.4), now anon-rss:16856kB, file-rss:37940kB, shmem-rss:0kB 03:43:09 executing program 4: socketpair$unix(0x1, 0x0, 0x0, 0x0) r0 = creat(0x0, 0x0) r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_STATUS(r0, 0xc05c5340, &(0x7f0000000200)={0xff, 0x9, 0xff, {}, 0x0, 0x1}) mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x0, 0x6031, 0xffffffffffffffff, 0x0) fcntl$dupfd(r2, 0x406, r1) 03:43:09 executing program 0: r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x1) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x20000000, 0xd0}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 03:43:09 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000180)="0adc1f123c123f3188b070") r1 = socket$inet6(0xa, 0x400000000001, 0x0) bind$inet6(r1, &(0x7f0000000200)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r1, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) syz_genetlink_get_family_id$net_dm(0x0) r2 = perf_event_open$cgroup(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, 0xffffffffffffffff) sendmsg$NET_DM_CMD_STOP(0xffffffffffffffff, 0x0, 0x0) chdir(&(0x7f0000000240)='./file0\x00') openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x26e1, 0x0) r3 = open(&(0x7f0000000140)='./bus\x00', 0x141042, 0x0) fchown(r2, 0x0, 0x0) ioctl$TUNGETSNDBUF(r3, 0x800454d3, &(0x7f00000001c0)) getuid() syz_mount_image$hfsplus(&(0x7f0000000040)='hfsplus\x00', &(0x7f0000000080)='./bus\x00', 0x3, 0x1, &(0x7f0000000700)=[{0x0, 0x3b6}], 0x0, 0x0) msgget(0xffffffffffffffff, 0x0) msgrcv(0x0, 0x0, 0xfffffc46, 0x0, 0x0) lsetxattr$trusted_overlay_origin(0x0, 0x0, 0x0, 0x0, 0x0) write$UHID_INPUT(r3, &(0x7f0000002480)={0x8, "c0c814a55b6300d28afc61ac7dd1ffb869b761e8e53ee36e4be89e9fea175523e4468dec44bf8b5473c7a5062b4ede67dcb24cb9484ccfff2b3a70befc56e8ab2eee3483f5bf78c16beac035b700eb84e2216f268d02b717d2046c273814475b412437f7dc08a13a55d3c02132999dfd9fe80b750eff4d7c1da975b3835602728ae09e72527fcee19377e29c6c19e1ccce0f75e0e54001e3e83e473fa3d37eca8be1b3de565571e0e84f310c11fa8616068113b038aaa5c69967699fc2aa41c6f26fc22cf68e3577242c9b4ca20fab9de5885e0648fbd7af089b05f38f152d2f8144461608733c567b6dc5d2a07022c3764565c85abcfd99dd7a85e58939278235d50e8b321be7dbaa5141e097c28364fad2f713d666ca94f4e429687fcabb72aceeaf8abe5b506d98dc393b6e97492d785ead0ca2953f92c4d2b2c9f616e3d98b36be55a923fc5892413f7a3b615cec89b52e0ecdcee0aa5af72bcbb91b4bade7435dd8b529feaf13f8b48fcaca5952235d2e909f8831d8ca05a0daa3f6c581f388e0c1879b41fe63ef3d122bd0c5acd4fb07b96797918791075ae7383bb1bbdea574b31301ff37ecc45671ee2e7fc55bf6244025d1fd82dca56a42a23aa826a0b1e102bd87893ddc05649304eb1866c796e46e0d57f552bd572891ef892918bb2e7f2c6bcf68f388ea0c50f48c06de1b46b1434cdf25ca1288ebabe2a33d1c6effb77f91ef75471e93952caeda8ac2b2677e46d62b8366922d093832bccb949e177b4417864812d22972d81d89158288b5318d017329d4e8f66273abf74c434f318ebf32c7629342a85336387231b1e579d57cff0b125bef9dddf0fc33f71cb59d5a8972cda06ba6bba4a89cb8d3b465492c431698984998b2979ea61fed3d99b049724f2bdda5a0700ccb28825da1343f41290e569a6d38d4ae3968147cf39b097efd78e058fc71523c12e724bf93dc4ecc02b5cb18d13b59ec8f85368ac1ea93ed0149c60c53569dc69cdb3f37470eab26ef010b03a7e651b9e8e9065da347660836eddb3988c9a0f394aad055f727310f646d6cb35131d02aaf24735792bfce250798bebf0d1a4495fca568b9449e81afef2937b50faf873257d7efa07d31759474d50ca2a7922e79ab47dd59b11dfd1ec43fef3551aed81d01ee4ab997c6cecc39013dcaa442aec803e4cebbc288b4f9e87b30613f0ec88ddc6f60f56787f4040897e6e6bdac317d74b27f97f2efadb031f03c61954fd0232373582b7fa315d3eb9f67053126d2ed0636f04d669c47bdeb078fbda177533902e20b5ce9d8f395ea4c0aaf2cae774fe99bc40105a9ca184bcb598ab2f49c1df62d32d1a6d73a26812cb47a2ccaf0e9b759df89ad1e18238d897b9fd658f6786a92a0c12bd0ee6dad8a430a67962363e5b9afb3329e4f1f6fcd7e63cb8f24872bcf5b8c349d9ce423666ca39f16884219dea338b388e40f4ad996419cb3858637364d8e5af67f846d77b2749115131a3642ef56681315e4a2cbca5e60febabf693570f515e09c2a8994a8e2be3cba28118ef429d4de781118182607dd2c2d5aaba621ea29c140338bd8f1787fd2a3f43bb7fa22a8ce053adb331a4c78eab569af317e14360a6bf1c8b7394f34bfc1a941ac88dab334d5a2d45fc83bee28884698fd82339c972a06efb369220049ca89727513bd4262ad6f94f55f659ec98b684b1d92e1b6a303548a196cc5316e9845baaf01e737ef047d3d1ac4fe13de618e8fd6471c225e688b73b866213f4765c1a1ecf041f66a11177b0425b0423c455dccfa35a34f3b1c4c9850267bd41dcc366f4f8fef6982699e9aee7f3edff90217c84f6865234676e65911e5e99739792161766e959d061d6e86797b595ae3cffc043da0929dce1b4bd27e04532800f14f69398a681d46f00197f547fa138e676a4c84e586e9a2037faad7d7342221c229ff13606688ab70305dc28d01270604fbcb2b5777541e637a10e7d6c2dfa76461b18c8b303234282f31b7ed8afd0cdcc3978c6520a182000ea312296c7d9df08c2a67b944bc519113822014a831c8d6a7f8d26a7a443666b6077bdc1c11cf47001bcbb484d163543445c77a02140191bbb813da818b4dc3ef1ca420f624e5cb67c48024aeb8691b549202750899938067a3ad49da19e9fffc6486b3525fba8b2ff991fb3b4c1a536818f2dad96f713ac264a22136c6a3a9eacb4f69ab08cfe2b971a7d916833c6a0370d4b0bc428db2e4b4013899668b73caf9c983e2f07e46b4b5b4f0d231edee8b1951e1d0e34c881d1fc5c6be05b92b13680398e7109bd18048f0bd980fceb24e59411873e7a8a7f95f4da2ba5c082fdda710361e163a213a3dbb82c08a69020545da4636c09a67cd962182a011cf5eb1c3d999abc7b834ee518bb53afe19941927ca190699abf79c334c52e206fc851deb7398947ad5bd125ef3f51349497142e921c85506c739f6319ae0eb8e3c551ceb7e16afc2d6aad36841ed8eb560ef984ee5e00f1ead2c646546b3c145e3700b07fc257551641cf3dcb76a8b3cc75994f2c3eb521cea22d64c8b72b2de506fde8185b70b4707b7f571668a5925ca21e605904d7c896a5d7290b9c4fc75ecc7ddbbd7f6f003a74f53d1a5432e0377a3efce1e7ac61e36dc13aeea57400d4d3986db3fccb6edaf83f86daeb42f416f58c502e74178e013b399d0b155e0df86b40b5f3f2ab0ad61c90870cee340c07977b55622699101e5372677dd4e208fa6b5d4834a2d6f37b2ead107218aa0e702d1f6a60bd4ad3a2e22807237129fdc02993ef1fffe3c285bd4f7b093b2da8d772ce2df7874bf9b7fd0893eb66a4931acc38129bfe4a8fc6b28ea83bcca1220b66c86d4d90914bb9e9a425fce618f11b66f93aa78515eac0f3956cb1e8b6f12d7f6f22c1ca5563e280b15c64732aec2a37d6010cee0fd2263ea3ea2011043153284b4a5fc87cc0dd8c36f084ce715a6e9ba3e8b2586726255d122f2b5677d6590405ae031df8f83840ef3011a7f5d18037407758270d980aa65d5a4aa26a35a61b65178b6183b282771e89a8fe47bd3ea5a23146b924a47c3cc2540a9c8d91d4a8924e010fb6d3e60457e0aa86749cc3444707fda055a0f489aecda68af7f0d7d31cf25641a10bcc0d00996cddf9059121639fa3ff2e5490bae6b702fcf226d8e50f27f0973e5e4cf543445524d0fe3bd55d3f215978bfabcba0d44c076f5b333b2095c70f6a5426338bf0c065ddce27f6730606d84d1ccef8cebcd15085fa8a5d0975dc47eeb09a4ab6da21d01916c97f4e266c4b01f2bfb3b6a08bb5a7cf834e56782d824e7c55b591cd883ed9e806a4f7033bbab49a2b8ab2cb0f6da9d76968208236b35a51f8eba3769a676ad60d69c475706a630f3a078ebaa6ba5bc25719867cb61d48cc3a381b261165c04f3c93f37d72fc15f43df1de34e24e80a46f5d15fb362e71cb4a5365dde04a53dc5e42745fbd601ff148db416244dd76ac16f24138ef9a02491eb5b48d731a8bdcd46040d0ff11a07c040b83db84bfd21ffb1d818203cb7d3f8fca47f1dc510afa8219ab031aaba2147aed7c50228930e895a72abf55ca6997131e231ea92e0059b680735548adf2d572c3540e096a644deb3750e3b341bbeffee70ff22e0b4e56142e4c1965c01a646dd9b5b0055f88f08987ad45adb844b9ffc84792073048c28bcb60f2666802052ee45dcd9a2950d55ecf0234a3dcf67e83cfa0bfb1285eb54e6292d8075c9e1b459e48556f416898557c9c864fc5de459feb53e33dd1a6860a2d1a836ab5ff6efaee123b3715a7137787ee4345efbce38074e262f363a8ff400345c8539d44a7286c7291246810bce063f0877db6585842380b530a4aaef6e36779a95fed220cef6c1fff2fdd5031f83987dc3282d432f322852cc9dc6d00c59d5ed83b386ff97c521e528e59f2df932467ac02d17f8818c2de26d69725f42cecaf186fab7b6e10b1ebd9a9a12ed83cd382d9a6f9a9bed2736cb0ec0260057f5ec704d2e1a64caad59e02ff2022174b23564cb0942e6769b12e0ae4d65dc4c5e6b6ceaf2667e085909c93a9768b7bfdac612801c0bc3848bad51e2367f788cbd1c5091ce0e9c567528c72003712e91247d87f1ff60d3865fc687a35886822079392f8d151b89e09469bef98e59139c460a53805a93245148cbb9a6a010dadc87e9b1a0e0a89e87e433ff1c0ad4b125760858c8badff4d82cbd31cf88f3e2e16a4e960e1e0b5825fc0f2b21d660cf60069d43fb6a8a96c44fa922164f02c9cd5ebb6fad848871224d157777b5a70dc6deb988506bd03aa4ce2200e9ce23641221784250c22d2c8635a3512f45d433cf66e158eb261f48a23d54f5ef4358df3487da471eb5775bdba565ee170be126b2300d0dad050212606f2d77a63fa2ab430e62670e852b89944e611509415bee36bf0961c8918bd8b0eb8af45b1a9d0420c7101a9c5f4a63efb9cc8de7897b5e2b02cb5885ad8d0d8ac7754ba8d4e9d37175e614e3f3a6a7b122bbc6dd9ce78f1b9a4e940a1160bb85650d8932fe1a82d0525630ba017be5129625a45c3cae66c7cdaa33ee704791db81ef2e11a2f528974fa388cd929c934dbdb21425e6117839ab33b2926b036457db3a43083c3ec17231aed4ee5b607a45a5735c9470c03a424b43efcea953c078717344aeb1449c0dfa3a3ec224b542c16cf735466bdaf26b522aef1db547b14f07ebd4f5da34426a46007757be47ed3f643c47f2c4467762cd049d6f4cf8a78d04f8318bdedcee80871e91c0330499d88254555c456d9bde8a892394267eac15c230cf7e7ba19ebc01b1905c80476de3cea8258f6d0820d159f4aa8a37fb378b2685da4e0e89d253187219869f1157bbe4a8a43eabf65e86a6d9b21e25d91c43c3036914427833ed87073886719069148e2e47219bb5da5d9664d64dc5c4ff71c0e808dadbb53a23e41e3c02fd0c9e0704490f3283d1864d15d795882e6522f31445556cab6832f273dac0c7aef4e3f8c09a34d1624fdb087d852f2e827fb2c3105f1afda54b9dc12cfde3cf7747daa5ac70904e82636a13155303f9a1198d6e7f9dc7be394ebc5db9e8380e290e6cae5f320caa56aa94490789fce2e2540b3de8865396f58e14d61d3cb122f7bd1af5a27c6fe733eba3cc39106efc906ea967fb833e2480aa80bd56ccd9e5c25304e2b8135f1453af70059e599cb67bc8eaaa38c39768e74d3da8aba0135f0192d7ddf0149ce62f353b0360251f1f88b272c6e85b4ee4e0563a6de80de83749af6e6aa4d80cab7031aff3f7e8d0c9114940549f828a62be9fd6a16db001369728b4b93d4ecf91563ae03def3ca4e9900a97657c4ff1e41c5742fb3329ba882ed61645aedb22f2543b83cd4007e5d228697a48064acc32ece41f2d5ead3f31a9689249e8b4bb57ac0b136b6c60ec531708235b94db823344aafbb9b79e21959635664b2193c3add0b28767906b7ba4118e6548e9a23b49e9181dc6f7dc7857425c9ab1b1451bc4572fd060190d0b5a76b8368b68e72a212bd0f89d0778d293b1d32f155f30c9aafe7215d2e746ea8f2c73a30bcd8c093a489519b60616b15afe69074ee77fb65caf5faf0aad49106057a91fdcd622a07ac21eb5c221f2e65323228af41b3eb894517c34c4f60ba20fb6f6c4309a7357884c0eeeb0a4874550107f2d0ffdc412f86bdf712f96183b3932cfb4da3f179cde1a288df9af09c243fae8c67b0d208d9cdb7adde8d5e548e0624b19da4818ef656b88280a", 0x1000}, 0x1006) getpeername$packet(0xffffffffffffffff, 0x0, 0x0) r4 = semget(0x3, 0x0, 0x2) semctl$GETVAL(r4, 0x3, 0xc, &(0x7f0000000300)=""/131) recvfrom$packet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) fadvise64(r3, 0x0, 0x0, 0x4) r5 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) sendfile(r1, r5, 0x0, 0x8000fffffffe) 03:43:09 executing program 2: r0 = dup2(0xffffffffffffffff, 0xffffffffffffffff) getsockopt$inet_sctp_SCTP_PR_STREAM_STATUS(r0, 0x84, 0x74, &(0x7f0000000740)=""/216, &(0x7f0000000580)=0xfe12) ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000000000)={&(0x7f0000ffa000/0x3000)=nil, 0x3000}) ioctl$VIDIOC_SUBSCRIBE_EVENT(r0, 0x4020565a, &(0x7f0000000200)={0x8001008, 0x6, 0x2}) r1 = socket$key(0xf, 0x3, 0x2) r2 = syz_genetlink_get_family_id$net_dm(&(0x7f00000002c0)='NET_DM\x00') r3 = openat$vcs(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/vcs\x00', 0x400080, 0x0) getsockopt$EBT_SO_GET_ENTRIES(r3, 0x0, 0x81, &(0x7f00000004c0)={'filter\x00', 0x0, 0x4, 0x4a, [], 0x1, &(0x7f0000000400)=[{}], &(0x7f0000000440)=""/74}, &(0x7f0000000540)=0x78) sendmsg$NET_DM_CMD_STOP(r0, &(0x7f0000000380)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x8004000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x14, r2, 0x20, 0x70bd26, 0x25dfdbfc, {}, ["", "", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x8c4}, 0x8800) sendmsg$key(r1, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f00000005c0)=ANY=[@ANYBLOB="020e00000c000000000000000000000005000600008000000a0000000000000000000000000000000000000000000000000000000000000005000500007f1a255b99eef1b6d06c4c590a0000000a00000000000000fe8000000000000000000000000000ff0005d5ab6eacc0aa"], 0x60}}, 0x0) bind$inet6(r0, &(0x7f0000000240)={0xa, 0x4e20, 0x1, @loopback, 0x2}, 0x1c) fsetxattr(r1, &(0x7f0000000040)=@known='trusted.overlay.opaque\x00', &(0x7f0000000080)=',&vmnet0security@-ppp0$.\x00', 0x19, 0x2) ioctl$NBD_CLEAR_SOCK(r0, 0xab04) 03:43:09 executing program 0: r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x1) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x20000000, 0xd0}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 03:43:09 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f000080e000)=ANY=[@ANYBLOB="021200000c000000000000000000000005000600008000000a000000000000000000000000000000000000000000000000000005000500000000000a00000000000000fe8000000000000000000000000000ff0000000000000000"], 0x60}}, 0x0) sendmsg$key(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x2, 0x15, 0x1, 0x8, 0x2, 0x0, 0x70bd26, 0x25dfdbff}, 0x10}}, 0x4000000) [ 1283.202635][ T26] audit: type=1804 audit(2000000589.629:2569): pid=9012 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/file0/file0/file0/file0/file0/root/syzkaller-testdir754838547/syzkaller.QfY93s/1463/bus" dev="sda1" ino=16821 res=1 03:43:09 executing program 0: r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x1) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x20000000, 0xd0}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) [ 1283.286828][ T26] audit: type=1804 audit(2000000589.709:2570): pid=9012 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/file0/file0/file0/file0/file0/root/syzkaller-testdir754838547/syzkaller.QfY93s/1463/bus" dev="sda1" ino=16821 res=1 [ 1283.355559][ T26] audit: type=1804 audit(2000000589.749:2571): pid=9017 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/file0/file0/file0/file0/file0/root/syzkaller-testdir754838547/syzkaller.QfY93s/1463/bus" dev="sda1" ino=16821 res=1 [ 1283.464661][ T9015] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 1283.478087][ T9015] CPU: 0 PID: 9015 Comm: syz-executor.4 Not tainted 5.1.0-rc1-next-20190319 #6 [ 1283.487034][ T9015] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1283.497112][ T9015] Call Trace: [ 1283.500422][ T9015] dump_stack+0x172/0x1f0 [ 1283.504773][ T9015] dump_header+0x10f/0xb6c [ 1283.509211][ T9015] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1283.515017][ T9015] ? ___ratelimit+0x60/0x595 [ 1283.519592][ T9015] ? do_raw_spin_unlock+0x57/0x270 [ 1283.524748][ T9015] oom_kill_process.cold+0x10/0x15 [ 1283.529863][ T9015] out_of_memory+0x79a/0x1280 [ 1283.534530][ T9015] ? lock_downgrade+0x880/0x880 [ 1283.539364][ T9015] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1283.545601][ T9015] ? oom_killer_disable+0x280/0x280 [ 1283.550806][ T9015] ? find_held_lock+0x35/0x130 [ 1283.555572][ T9015] mem_cgroup_out_of_memory+0x1ca/0x230 [ 1283.561115][ T9015] ? memcg_event_wake+0x230/0x230 [ 1283.566156][ T9015] ? do_raw_spin_unlock+0x57/0x270 [ 1283.571283][ T9015] ? _raw_spin_unlock+0x2d/0x50 [ 1283.576140][ T9015] try_charge+0x118d/0x1790 [ 1283.580648][ T9015] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1283.586213][ T9015] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1283.592467][ T9015] ? kasan_check_read+0x11/0x20 [ 1283.597316][ T9015] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1283.602859][ T9015] mem_cgroup_try_charge+0x24d/0x5e0 [ 1283.608149][ T9015] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1283.613781][ T9015] __handle_mm_fault+0x1e1f/0x3ec0 [ 1283.618896][ T9015] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1283.624435][ T9015] ? find_held_lock+0x35/0x130 [ 1283.629196][ T9015] ? handle_mm_fault+0x322/0xb30 [ 1283.634140][ T9015] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1283.640364][ T9015] ? kasan_check_read+0x11/0x20 [ 1283.645225][ T9015] handle_mm_fault+0x43f/0xb30 [ 1283.650006][ T9015] __get_user_pages+0x7b6/0x1a40 [ 1283.654979][ T9015] ? follow_page_mask+0x19a0/0x19a0 [ 1283.660184][ T9015] ? perf_trace_lock+0xeb/0x510 [ 1283.665043][ T9015] ? __vma_adjust+0x1840/0x1840 [ 1283.669912][ T9015] ? lock_acquire+0x16f/0x3f0 [ 1283.674606][ T9015] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1283.680858][ T9015] populate_vma_page_range+0x20d/0x2a0 [ 1283.686330][ T9015] __mm_populate+0x204/0x380 [ 1283.690942][ T9015] ? populate_vma_page_range+0x2a0/0x2a0 [ 1283.690973][ T9015] __x64_sys_mlockall+0x35c/0x520 [ 1283.690994][ T9015] do_syscall_64+0x103/0x610 [ 1283.691019][ T9015] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1283.691033][ T9015] RIP: 0033:0x458079 [ 1283.691048][ T9015] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1283.691058][ T9015] RSP: 002b:00007fa3c5772c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 1283.744030][ T9015] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000458079 [ 1283.752008][ T9015] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 03:43:10 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000440), 0x132224) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() setsockopt$IPT_SO_SET_REPLACE(r1, 0x0, 0x40, &(0x7f00000000c0)=ANY=[@ANYBLOB="6e61853167377400000100000000000000000000e4dbb77487e90104000000000040800000000000001b2300000503000018030000cc0000ac010000000000001004d1e090e1fe916dd282e0f34f8dfac0dc1695c4d700001004000010030002d3a379b87c5ade6e27a603551ae6543351c2f2d3c00f3f72e011777424c981c41f852110e5d4a50bc78b2aa66b63012812d04b94d660aab341cfe8364422b866cd445d5d0f4d6715baea5900323e00000000000071cf4f040095"], 0x1) ptrace$setopts(0x4206, r2, 0x0, 0x0) wait4(0x0, 0x0, 0x0, 0x0) tkill(r2, 0x3c) 03:43:10 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000180)="0adc1f123c123f3188b070") r1 = socket$inet6(0xa, 0x400000000001, 0x0) bind$inet6(r1, &(0x7f0000000200)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r1, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) syz_genetlink_get_family_id$net_dm(0x0) r2 = perf_event_open$cgroup(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, 0xffffffffffffffff) sendmsg$NET_DM_CMD_STOP(0xffffffffffffffff, 0x0, 0x0) chdir(&(0x7f0000000240)='./file0\x00') openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x26e1, 0x0) r3 = open(&(0x7f0000000140)='./bus\x00', 0x141042, 0x0) fchown(r2, 0x0, 0x0) ioctl$TUNGETSNDBUF(r3, 0x800454d3, &(0x7f00000001c0)) getuid() syz_mount_image$hfsplus(&(0x7f0000000040)='hfsplus\x00', &(0x7f0000000080)='./bus\x00', 0x3, 0x1, &(0x7f0000000700)=[{0x0, 0x3b6}], 0x0, 0x0) msgget(0xffffffffffffffff, 0x0) msgrcv(0x0, 0x0, 0xfffffc46, 0x0, 0x0) lsetxattr$trusted_overlay_origin(0x0, 0x0, 0x0, 0x0, 0x0) write$UHID_INPUT(r3, &(0x7f0000002480)={0x8, "c0c814a55b6300d28afc61ac7dd1ffb869b761e8e53ee36e4be89e9fea175523e4468dec44bf8b5473c7a5062b4ede67dcb24cb9484ccfff2b3a70befc56e8ab2eee3483f5bf78c16beac035b700eb84e2216f268d02b717d2046c273814475b412437f7dc08a13a55d3c02132999dfd9fe80b750eff4d7c1da975b3835602728ae09e72527fcee19377e29c6c19e1ccce0f75e0e54001e3e83e473fa3d37eca8be1b3de565571e0e84f310c11fa8616068113b038aaa5c69967699fc2aa41c6f26fc22cf68e3577242c9b4ca20fab9de5885e0648fbd7af089b05f38f152d2f8144461608733c567b6dc5d2a07022c3764565c85abcfd99dd7a85e58939278235d50e8b321be7dbaa5141e097c28364fad2f713d666ca94f4e429687fcabb72aceeaf8abe5b506d98dc393b6e97492d785ead0ca2953f92c4d2b2c9f616e3d98b36be55a923fc5892413f7a3b615cec89b52e0ecdcee0aa5af72bcbb91b4bade7435dd8b529feaf13f8b48fcaca5952235d2e909f8831d8ca05a0daa3f6c581f388e0c1879b41fe63ef3d122bd0c5acd4fb07b96797918791075ae7383bb1bbdea574b31301ff37ecc45671ee2e7fc55bf6244025d1fd82dca56a42a23aa826a0b1e102bd87893ddc05649304eb1866c796e46e0d57f552bd572891ef892918bb2e7f2c6bcf68f388ea0c50f48c06de1b46b1434cdf25ca1288ebabe2a33d1c6effb77f91ef75471e93952caeda8ac2b2677e46d62b8366922d093832bccb949e177b4417864812d22972d81d89158288b5318d017329d4e8f66273abf74c434f318ebf32c7629342a85336387231b1e579d57cff0b125bef9dddf0fc33f71cb59d5a8972cda06ba6bba4a89cb8d3b465492c431698984998b2979ea61fed3d99b049724f2bdda5a0700ccb28825da1343f41290e569a6d38d4ae3968147cf39b097efd78e058fc71523c12e724bf93dc4ecc02b5cb18d13b59ec8f85368ac1ea93ed0149c60c53569dc69cdb3f37470eab26ef010b03a7e651b9e8e9065da347660836eddb3988c9a0f394aad055f727310f646d6cb35131d02aaf24735792bfce250798bebf0d1a4495fca568b9449e81afef2937b50faf873257d7efa07d31759474d50ca2a7922e79ab47dd59b11dfd1ec43fef3551aed81d01ee4ab997c6cecc39013dcaa442aec803e4cebbc288b4f9e87b30613f0ec88ddc6f60f56787f4040897e6e6bdac317d74b27f97f2efadb031f03c61954fd0232373582b7fa315d3eb9f67053126d2ed0636f04d669c47bdeb078fbda177533902e20b5ce9d8f395ea4c0aaf2cae774fe99bc40105a9ca184bcb598ab2f49c1df62d32d1a6d73a26812cb47a2ccaf0e9b759df89ad1e18238d897b9fd658f6786a92a0c12bd0ee6dad8a430a67962363e5b9afb3329e4f1f6fcd7e63cb8f24872bcf5b8c349d9ce423666ca39f16884219dea338b388e40f4ad996419cb3858637364d8e5af67f846d77b2749115131a3642ef56681315e4a2cbca5e60febabf693570f515e09c2a8994a8e2be3cba28118ef429d4de781118182607dd2c2d5aaba621ea29c140338bd8f1787fd2a3f43bb7fa22a8ce053adb331a4c78eab569af317e14360a6bf1c8b7394f34bfc1a941ac88dab334d5a2d45fc83bee28884698fd82339c972a06efb369220049ca89727513bd4262ad6f94f55f659ec98b684b1d92e1b6a303548a196cc5316e9845baaf01e737ef047d3d1ac4fe13de618e8fd6471c225e688b73b866213f4765c1a1ecf041f66a11177b0425b0423c455dccfa35a34f3b1c4c9850267bd41dcc366f4f8fef6982699e9aee7f3edff90217c84f6865234676e65911e5e99739792161766e959d061d6e86797b595ae3cffc043da0929dce1b4bd27e04532800f14f69398a681d46f00197f547fa138e676a4c84e586e9a2037faad7d7342221c229ff13606688ab70305dc28d01270604fbcb2b5777541e637a10e7d6c2dfa76461b18c8b303234282f31b7ed8afd0cdcc3978c6520a182000ea312296c7d9df08c2a67b944bc519113822014a831c8d6a7f8d26a7a443666b6077bdc1c11cf47001bcbb484d163543445c77a02140191bbb813da818b4dc3ef1ca420f624e5cb67c48024aeb8691b549202750899938067a3ad49da19e9fffc6486b3525fba8b2ff991fb3b4c1a536818f2dad96f713ac264a22136c6a3a9eacb4f69ab08cfe2b971a7d916833c6a0370d4b0bc428db2e4b4013899668b73caf9c983e2f07e46b4b5b4f0d231edee8b1951e1d0e34c881d1fc5c6be05b92b13680398e7109bd18048f0bd980fceb24e59411873e7a8a7f95f4da2ba5c082fdda710361e163a213a3dbb82c08a69020545da4636c09a67cd962182a011cf5eb1c3d999abc7b834ee518bb53afe19941927ca190699abf79c334c52e206fc851deb7398947ad5bd125ef3f51349497142e921c85506c739f6319ae0eb8e3c551ceb7e16afc2d6aad36841ed8eb560ef984ee5e00f1ead2c646546b3c145e3700b07fc257551641cf3dcb76a8b3cc75994f2c3eb521cea22d64c8b72b2de506fde8185b70b4707b7f571668a5925ca21e605904d7c896a5d7290b9c4fc75ecc7ddbbd7f6f003a74f53d1a5432e0377a3efce1e7ac61e36dc13aeea57400d4d3986db3fccb6edaf83f86daeb42f416f58c502e74178e013b399d0b155e0df86b40b5f3f2ab0ad61c90870cee340c07977b55622699101e5372677dd4e208fa6b5d4834a2d6f37b2ead107218aa0e702d1f6a60bd4ad3a2e22807237129fdc02993ef1fffe3c285bd4f7b093b2da8d772ce2df7874bf9b7fd0893eb66a4931acc38129bfe4a8fc6b28ea83bcca1220b66c86d4d90914bb9e9a425fce618f11b66f93aa78515eac0f3956cb1e8b6f12d7f6f22c1ca5563e280b15c64732aec2a37d6010cee0fd2263ea3ea2011043153284b4a5fc87cc0dd8c36f084ce715a6e9ba3e8b2586726255d122f2b5677d6590405ae031df8f83840ef3011a7f5d18037407758270d980aa65d5a4aa26a35a61b65178b6183b282771e89a8fe47bd3ea5a23146b924a47c3cc2540a9c8d91d4a8924e010fb6d3e60457e0aa86749cc3444707fda055a0f489aecda68af7f0d7d31cf25641a10bcc0d00996cddf9059121639fa3ff2e5490bae6b702fcf226d8e50f27f0973e5e4cf543445524d0fe3bd55d3f215978bfabcba0d44c076f5b333b2095c70f6a5426338bf0c065ddce27f6730606d84d1ccef8cebcd15085fa8a5d0975dc47eeb09a4ab6da21d01916c97f4e266c4b01f2bfb3b6a08bb5a7cf834e56782d824e7c55b591cd883ed9e806a4f7033bbab49a2b8ab2cb0f6da9d76968208236b35a51f8eba3769a676ad60d69c475706a630f3a078ebaa6ba5bc25719867cb61d48cc3a381b261165c04f3c93f37d72fc15f43df1de34e24e80a46f5d15fb362e71cb4a5365dde04a53dc5e42745fbd601ff148db416244dd76ac16f24138ef9a02491eb5b48d731a8bdcd46040d0ff11a07c040b83db84bfd21ffb1d818203cb7d3f8fca47f1dc510afa8219ab031aaba2147aed7c50228930e895a72abf55ca6997131e231ea92e0059b680735548adf2d572c3540e096a644deb3750e3b341bbeffee70ff22e0b4e56142e4c1965c01a646dd9b5b0055f88f08987ad45adb844b9ffc84792073048c28bcb60f2666802052ee45dcd9a2950d55ecf0234a3dcf67e83cfa0bfb1285eb54e6292d8075c9e1b459e48556f416898557c9c864fc5de459feb53e33dd1a6860a2d1a836ab5ff6efaee123b3715a7137787ee4345efbce38074e262f363a8ff400345c8539d44a7286c7291246810bce063f0877db6585842380b530a4aaef6e36779a95fed220cef6c1fff2fdd5031f83987dc3282d432f322852cc9dc6d00c59d5ed83b386ff97c521e528e59f2df932467ac02d17f8818c2de26d69725f42cecaf186fab7b6e10b1ebd9a9a12ed83cd382d9a6f9a9bed2736cb0ec0260057f5ec704d2e1a64caad59e02ff2022174b23564cb0942e6769b12e0ae4d65dc4c5e6b6ceaf2667e085909c93a9768b7bfdac612801c0bc3848bad51e2367f788cbd1c5091ce0e9c567528c72003712e91247d87f1ff60d3865fc687a35886822079392f8d151b89e09469bef98e59139c460a53805a93245148cbb9a6a010dadc87e9b1a0e0a89e87e433ff1c0ad4b125760858c8badff4d82cbd31cf88f3e2e16a4e960e1e0b5825fc0f2b21d660cf60069d43fb6a8a96c44fa922164f02c9cd5ebb6fad848871224d157777b5a70dc6deb988506bd03aa4ce2200e9ce23641221784250c22d2c8635a3512f45d433cf66e158eb261f48a23d54f5ef4358df3487da471eb5775bdba565ee170be126b2300d0dad050212606f2d77a63fa2ab430e62670e852b89944e611509415bee36bf0961c8918bd8b0eb8af45b1a9d0420c7101a9c5f4a63efb9cc8de7897b5e2b02cb5885ad8d0d8ac7754ba8d4e9d37175e614e3f3a6a7b122bbc6dd9ce78f1b9a4e940a1160bb85650d8932fe1a82d0525630ba017be5129625a45c3cae66c7cdaa33ee704791db81ef2e11a2f528974fa388cd929c934dbdb21425e6117839ab33b2926b036457db3a43083c3ec17231aed4ee5b607a45a5735c9470c03a424b43efcea953c078717344aeb1449c0dfa3a3ec224b542c16cf735466bdaf26b522aef1db547b14f07ebd4f5da34426a46007757be47ed3f643c47f2c4467762cd049d6f4cf8a78d04f8318bdedcee80871e91c0330499d88254555c456d9bde8a892394267eac15c230cf7e7ba19ebc01b1905c80476de3cea8258f6d0820d159f4aa8a37fb378b2685da4e0e89d253187219869f1157bbe4a8a43eabf65e86a6d9b21e25d91c43c3036914427833ed87073886719069148e2e47219bb5da5d9664d64dc5c4ff71c0e808dadbb53a23e41e3c02fd0c9e0704490f3283d1864d15d795882e6522f31445556cab6832f273dac0c7aef4e3f8c09a34d1624fdb087d852f2e827fb2c3105f1afda54b9dc12cfde3cf7747daa5ac70904e82636a13155303f9a1198d6e7f9dc7be394ebc5db9e8380e290e6cae5f320caa56aa94490789fce2e2540b3de8865396f58e14d61d3cb122f7bd1af5a27c6fe733eba3cc39106efc906ea967fb833e2480aa80bd56ccd9e5c25304e2b8135f1453af70059e599cb67bc8eaaa38c39768e74d3da8aba0135f0192d7ddf0149ce62f353b0360251f1f88b272c6e85b4ee4e0563a6de80de83749af6e6aa4d80cab7031aff3f7e8d0c9114940549f828a62be9fd6a16db001369728b4b93d4ecf91563ae03def3ca4e9900a97657c4ff1e41c5742fb3329ba882ed61645aedb22f2543b83cd4007e5d228697a48064acc32ece41f2d5ead3f31a9689249e8b4bb57ac0b136b6c60ec531708235b94db823344aafbb9b79e21959635664b2193c3add0b28767906b7ba4118e6548e9a23b49e9181dc6f7dc7857425c9ab1b1451bc4572fd060190d0b5a76b8368b68e72a212bd0f89d0778d293b1d32f155f30c9aafe7215d2e746ea8f2c73a30bcd8c093a489519b60616b15afe69074ee77fb65caf5faf0aad49106057a91fdcd622a07ac21eb5c221f2e65323228af41b3eb894517c34c4f60ba20fb6f6c4309a7357884c0eeeb0a4874550107f2d0ffdc412f86bdf712f96183b3932cfb4da3f179cde1a288df9af09c243fae8c67b0d208d9cdb7adde8d5e548e0624b19da4818ef656b88280a", 0x1000}, 0x1006) getpeername$packet(0xffffffffffffffff, 0x0, 0x0) r4 = semget(0x3, 0x0, 0x2) semctl$GETVAL(r4, 0x3, 0xc, &(0x7f0000000300)=""/131) recvfrom$packet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) fadvise64(r3, 0x0, 0x0, 0x4) r5 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) sendfile(r1, r5, 0x0, 0x8000fffffffe) 03:43:10 executing program 0: clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x1) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x20000000, 0xd0}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 03:43:10 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000000000)=ANY=[@ANYBLOB="020e00000c000000000000000000400605000600008000000a00f8ffffff0000210000000000000000000000000000000000050005efffffffff0900000000000000fe8000000000000000000000000000ff0000000000000000000000faa7262f397ed827a60477ab22c405661158c1f3a330d4d47b6322fe340447b546e90c8dd67d9eca4f422170e667f9eb69bfaa3486fa5bbc272355c5fb9cea30bc978b7940421e77345f745193a335f6758b75a6e8bca8884f873bd574a793a6656b86bdec8e35b782891758a68143b369334e4aa2e8126af620abd5980a941b430bd183dba52a2210e2585b3293d30dd93e48d0e9c83d6701528e73b7bd3657262cf44d6c1d182ae8d0491c866ab240c84b8633adda9e9d09889f773376510469bdd48d5f447a2bf5f500803ad605000000d10b359722d2c0da045ac63a147f79807b5eb156254960e0d0774f0809dbb3563aac6c1bd6a014d5d2989a2344bf22d507ec99d210db2c695a4aa463a7b2f962498f5cff403225eeedd0a16654aca098a9bddaa71c8ba06ea310c4d8bf63649a1b9f4db2febcb15864e102d78d9555e622c968768aa95be32ddedaadae"], 0x60}}, 0x0) 03:43:10 executing program 5: socket$inet_sctp(0x2, 0x5, 0x84) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f00000003c0)=ANY=[@ANYBLOB="7cdaf117ad949c33f5436f8e61287af40e63e6559df00e1c92e3892c4c1cde1e61dc755864675bb0084e5e8ed007ed531d2e2cbd9c775f9e6d807d11e9e6c7c13e9b9937"], 0x0) ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x8914, &(0x7f0000000000)={'bridge0\x00\x00\x01\x00'}) setsockopt$ARPT_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x0, 0x61, &(0x7f0000000080)={'filter\x00', 0x4}, 0x68) setsockopt$inet6_mtu(0xffffffffffffffff, 0x29, 0x17, &(0x7f00000001c0)=0x2, 0x4) ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x8923, &(0x7f0000000040)={'bridge0\x00', 0xfffffffffffffffd}) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) socket$inet(0x2, 0x4000000000000001, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCBRADDBR(r3, 0x89a0, &(0x7f00000000c0)='bcsf0\x00') setsockopt$inet6_mtu(r2, 0x29, 0x17, &(0x7f00000002c0)=0x7, 0x4) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(tnepres)\x00'}, 0x58) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r1, 0x84, 0x7c, &(0x7f0000000680)={0x0, 0x4}, &(0x7f00000006c0)=0x8) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000700)={0x0, 0x0, 0x2, 0x1, r5}, 0x10) r6 = accept4(r4, 0x0, &(0x7f0000000000), 0x0) setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000000100), 0x0) r7 = syz_genetlink_get_family_id$nbd(&(0x7f0000000740)='nbd\x00') sendmsg$NBD_CMD_STATUS(r3, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)={0x20, r7, 0x20, 0x70bd27, 0x25dfdbfd, {}, [@NBD_ATTR_TIMEOUT={0xc, 0x4, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x4000) sendto$unix(r6, &(0x7f0000000400), 0xfffffffffffffef8, 0x0, 0x0, 0x22) bind$bt_l2cap(r1, &(0x7f0000000280)={0x1f, 0x1000, {0x2, 0x8, 0x9, 0xff, 0x40, 0x65f}, 0x5, 0xa1}, 0xe) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000200)={r2, &(0x7f0000000140)="b127e17bb4729bdbe9df3309c28cfe1b0b69a52b7f9659d9f5e15f2d086700eb94d66d46780f09e48850970774d57053aa6f75", 0x0, 0x1}, 0x20) socket$alg(0x26, 0x5, 0x0) recvmmsg(r6, &(0x7f0000009140)=[{{&(0x7f0000001580)=@in={0x2, 0x0, @dev}, 0x80, &(0x7f0000004840)=[{&(0x7f0000003840)=""/4096, 0x6}, {&(0x7f0000001600)=""/129, 0x7fffeffa}], 0x2, &(0x7f00000048c0)=""/58, 0x3a}}], 0x1, 0x0, &(0x7f0000009340)={0x0, 0x989680}) ioctl$sock_SIOCBRDELBR(r3, 0x89a1, &(0x7f0000000180)='bcsf0\x00\x00\x00\x00\x00\x00\x00\x11\x00') getsockopt$bt_rfcomm_RFCOMM_LM(r2, 0x12, 0x3, &(0x7f0000000380), &(0x7f0000000240)=0x293) sendmsg$nl_xfrm(r0, &(0x7f0000000100)={&(0x7f0000f4dff4), 0xc, &(0x7f0000000040)={&(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000c011100"], 0x1}}, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000600)={'bridge0\x00'}) [ 1283.759984][ T9015] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1283.767961][ T9015] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa3c57736d4 [ 1283.775926][ T9015] R13: 00000000004c3d3a R14: 00000000004d6f20 R15: 00000000ffffffff [ 1283.785646][ T9015] memory: usage 307200kB, limit 307200kB, failcnt 1266 [ 1283.794273][ T9015] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1283.812823][ T9015] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1283.850805][ T9015] Memory cgroup stats for /syz4: cache:0KB rss:279784KB rss_huge:18432KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:235456KB active_anon:27424KB inactive_file:4KB active_file:0KB unevictable:17068KB [ 1283.873499][ T9015] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=9013,uid=0 [ 1283.889447][ T9015] Memory cgroup out of memory: Killed process 9013 (syz-executor.4) total-vm:72448kB, anon-rss:16808kB, file-rss:37164kB, shmem-rss:0kB [ 1283.907503][ T26] audit: type=1804 audit(2000000590.339:2572): pid=9029 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/file0/file0/file0/file0/file0/root/syzkaller-testdir754838547/syzkaller.QfY93s/1464/bus" dev="sda1" ino=17074 res=1 [ 1283.910316][ T1043] oom_reaper: reaped process 9013 (syz-executor.4), now anon-rss:16856kB, file-rss:37944kB, shmem-rss:0kB 03:43:10 executing program 4: socketpair$unix(0x1, 0x0, 0x0, 0x0) r0 = creat(0x0, 0x0) r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_STATUS(r0, 0xc05c5340, &(0x7f0000000200)={0xff, 0x9, 0xff, {}, 0x0, 0x1}) mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x0, 0x6031, 0xffffffffffffffff, 0x0) fcntl$dupfd(r2, 0x406, r1) 03:43:10 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000180)="0adc1f123c123f3188b070") r1 = socket$inet6(0xa, 0x400000000001, 0x0) bind$inet6(r1, &(0x7f0000000200)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r1, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) syz_genetlink_get_family_id$net_dm(0x0) r2 = perf_event_open$cgroup(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, 0xffffffffffffffff) sendmsg$NET_DM_CMD_STOP(0xffffffffffffffff, 0x0, 0x0) chdir(&(0x7f0000000240)='./file0\x00') openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x26e1, 0x0) r3 = open(&(0x7f0000000140)='./bus\x00', 0x141042, 0x0) fchown(r2, 0x0, 0x0) ioctl$TUNGETSNDBUF(r3, 0x800454d3, &(0x7f00000001c0)) getuid() syz_mount_image$hfsplus(&(0x7f0000000040)='hfsplus\x00', &(0x7f0000000080)='./bus\x00', 0x3, 0x1, &(0x7f0000000700)=[{0x0, 0x3b6}], 0x0, 0x0) msgget(0xffffffffffffffff, 0x0) msgrcv(0x0, 0x0, 0xfffffc46, 0x0, 0x0) lsetxattr$trusted_overlay_origin(0x0, 0x0, 0x0, 0x0, 0x0) write$UHID_INPUT(r3, &(0x7f0000002480)={0x8, "c0c814a55b6300d28afc61ac7dd1ffb869b761e8e53ee36e4be89e9fea175523e4468dec44bf8b5473c7a5062b4ede67dcb24cb9484ccfff2b3a70befc56e8ab2eee3483f5bf78c16beac035b700eb84e2216f268d02b717d2046c273814475b412437f7dc08a13a55d3c02132999dfd9fe80b750eff4d7c1da975b3835602728ae09e72527fcee19377e29c6c19e1ccce0f75e0e54001e3e83e473fa3d37eca8be1b3de565571e0e84f310c11fa8616068113b038aaa5c69967699fc2aa41c6f26fc22cf68e3577242c9b4ca20fab9de5885e0648fbd7af089b05f38f152d2f8144461608733c567b6dc5d2a07022c3764565c85abcfd99dd7a85e58939278235d50e8b321be7dbaa5141e097c28364fad2f713d666ca94f4e429687fcabb72aceeaf8abe5b506d98dc393b6e97492d785ead0ca2953f92c4d2b2c9f616e3d98b36be55a923fc5892413f7a3b615cec89b52e0ecdcee0aa5af72bcbb91b4bade7435dd8b529feaf13f8b48fcaca5952235d2e909f8831d8ca05a0daa3f6c581f388e0c1879b41fe63ef3d122bd0c5acd4fb07b96797918791075ae7383bb1bbdea574b31301ff37ecc45671ee2e7fc55bf6244025d1fd82dca56a42a23aa826a0b1e102bd87893ddc05649304eb1866c796e46e0d57f552bd572891ef892918bb2e7f2c6bcf68f388ea0c50f48c06de1b46b1434cdf25ca1288ebabe2a33d1c6effb77f91ef75471e93952caeda8ac2b2677e46d62b8366922d093832bccb949e177b4417864812d22972d81d89158288b5318d017329d4e8f66273abf74c434f318ebf32c7629342a85336387231b1e579d57cff0b125bef9dddf0fc33f71cb59d5a8972cda06ba6bba4a89cb8d3b465492c431698984998b2979ea61fed3d99b049724f2bdda5a0700ccb28825da1343f41290e569a6d38d4ae3968147cf39b097efd78e058fc71523c12e724bf93dc4ecc02b5cb18d13b59ec8f85368ac1ea93ed0149c60c53569dc69cdb3f37470eab26ef010b03a7e651b9e8e9065da347660836eddb3988c9a0f394aad055f727310f646d6cb35131d02aaf24735792bfce250798bebf0d1a4495fca568b9449e81afef2937b50faf873257d7efa07d31759474d50ca2a7922e79ab47dd59b11dfd1ec43fef3551aed81d01ee4ab997c6cecc39013dcaa442aec803e4cebbc288b4f9e87b30613f0ec88ddc6f60f56787f4040897e6e6bdac317d74b27f97f2efadb031f03c61954fd0232373582b7fa315d3eb9f67053126d2ed0636f04d669c47bdeb078fbda177533902e20b5ce9d8f395ea4c0aaf2cae774fe99bc40105a9ca184bcb598ab2f49c1df62d32d1a6d73a26812cb47a2ccaf0e9b759df89ad1e18238d897b9fd658f6786a92a0c12bd0ee6dad8a430a67962363e5b9afb3329e4f1f6fcd7e63cb8f24872bcf5b8c349d9ce423666ca39f16884219dea338b388e40f4ad996419cb3858637364d8e5af67f846d77b2749115131a3642ef56681315e4a2cbca5e60febabf693570f515e09c2a8994a8e2be3cba28118ef429d4de781118182607dd2c2d5aaba621ea29c140338bd8f1787fd2a3f43bb7fa22a8ce053adb331a4c78eab569af317e14360a6bf1c8b7394f34bfc1a941ac88dab334d5a2d45fc83bee28884698fd82339c972a06efb369220049ca89727513bd4262ad6f94f55f659ec98b684b1d92e1b6a303548a196cc5316e9845baaf01e737ef047d3d1ac4fe13de618e8fd6471c225e688b73b866213f4765c1a1ecf041f66a11177b0425b0423c455dccfa35a34f3b1c4c9850267bd41dcc366f4f8fef6982699e9aee7f3edff90217c84f6865234676e65911e5e99739792161766e959d061d6e86797b595ae3cffc043da0929dce1b4bd27e04532800f14f69398a681d46f00197f547fa138e676a4c84e586e9a2037faad7d7342221c229ff13606688ab70305dc28d01270604fbcb2b5777541e637a10e7d6c2dfa76461b18c8b303234282f31b7ed8afd0cdcc3978c6520a182000ea312296c7d9df08c2a67b944bc519113822014a831c8d6a7f8d26a7a443666b6077bdc1c11cf47001bcbb484d163543445c77a02140191bbb813da818b4dc3ef1ca420f624e5cb67c48024aeb8691b549202750899938067a3ad49da19e9fffc6486b3525fba8b2ff991fb3b4c1a536818f2dad96f713ac264a22136c6a3a9eacb4f69ab08cfe2b971a7d916833c6a0370d4b0bc428db2e4b4013899668b73caf9c983e2f07e46b4b5b4f0d231edee8b1951e1d0e34c881d1fc5c6be05b92b13680398e7109bd18048f0bd980fceb24e59411873e7a8a7f95f4da2ba5c082fdda710361e163a213a3dbb82c08a69020545da4636c09a67cd962182a011cf5eb1c3d999abc7b834ee518bb53afe19941927ca190699abf79c334c52e206fc851deb7398947ad5bd125ef3f51349497142e921c85506c739f6319ae0eb8e3c551ceb7e16afc2d6aad36841ed8eb560ef984ee5e00f1ead2c646546b3c145e3700b07fc257551641cf3dcb76a8b3cc75994f2c3eb521cea22d64c8b72b2de506fde8185b70b4707b7f571668a5925ca21e605904d7c896a5d7290b9c4fc75ecc7ddbbd7f6f003a74f53d1a5432e0377a3efce1e7ac61e36dc13aeea57400d4d3986db3fccb6edaf83f86daeb42f416f58c502e74178e013b399d0b155e0df86b40b5f3f2ab0ad61c90870cee340c07977b55622699101e5372677dd4e208fa6b5d4834a2d6f37b2ead107218aa0e702d1f6a60bd4ad3a2e22807237129fdc02993ef1fffe3c285bd4f7b093b2da8d772ce2df7874bf9b7fd0893eb66a4931acc38129bfe4a8fc6b28ea83bcca1220b66c86d4d90914bb9e9a425fce618f11b66f93aa78515eac0f3956cb1e8b6f12d7f6f22c1ca5563e280b15c64732aec2a37d6010cee0fd2263ea3ea2011043153284b4a5fc87cc0dd8c36f084ce715a6e9ba3e8b2586726255d122f2b5677d6590405ae031df8f83840ef3011a7f5d18037407758270d980aa65d5a4aa26a35a61b65178b6183b282771e89a8fe47bd3ea5a23146b924a47c3cc2540a9c8d91d4a8924e010fb6d3e60457e0aa86749cc3444707fda055a0f489aecda68af7f0d7d31cf25641a10bcc0d00996cddf9059121639fa3ff2e5490bae6b702fcf226d8e50f27f0973e5e4cf543445524d0fe3bd55d3f215978bfabcba0d44c076f5b333b2095c70f6a5426338bf0c065ddce27f6730606d84d1ccef8cebcd15085fa8a5d0975dc47eeb09a4ab6da21d01916c97f4e266c4b01f2bfb3b6a08bb5a7cf834e56782d824e7c55b591cd883ed9e806a4f7033bbab49a2b8ab2cb0f6da9d76968208236b35a51f8eba3769a676ad60d69c475706a630f3a078ebaa6ba5bc25719867cb61d48cc3a381b261165c04f3c93f37d72fc15f43df1de34e24e80a46f5d15fb362e71cb4a5365dde04a53dc5e42745fbd601ff148db416244dd76ac16f24138ef9a02491eb5b48d731a8bdcd46040d0ff11a07c040b83db84bfd21ffb1d818203cb7d3f8fca47f1dc510afa8219ab031aaba2147aed7c50228930e895a72abf55ca6997131e231ea92e0059b680735548adf2d572c3540e096a644deb3750e3b341bbeffee70ff22e0b4e56142e4c1965c01a646dd9b5b0055f88f08987ad45adb844b9ffc84792073048c28bcb60f2666802052ee45dcd9a2950d55ecf0234a3dcf67e83cfa0bfb1285eb54e6292d8075c9e1b459e48556f416898557c9c864fc5de459feb53e33dd1a6860a2d1a836ab5ff6efaee123b3715a7137787ee4345efbce38074e262f363a8ff400345c8539d44a7286c7291246810bce063f0877db6585842380b530a4aaef6e36779a95fed220cef6c1fff2fdd5031f83987dc3282d432f322852cc9dc6d00c59d5ed83b386ff97c521e528e59f2df932467ac02d17f8818c2de26d69725f42cecaf186fab7b6e10b1ebd9a9a12ed83cd382d9a6f9a9bed2736cb0ec0260057f5ec704d2e1a64caad59e02ff2022174b23564cb0942e6769b12e0ae4d65dc4c5e6b6ceaf2667e085909c93a9768b7bfdac612801c0bc3848bad51e2367f788cbd1c5091ce0e9c567528c72003712e91247d87f1ff60d3865fc687a35886822079392f8d151b89e09469bef98e59139c460a53805a93245148cbb9a6a010dadc87e9b1a0e0a89e87e433ff1c0ad4b125760858c8badff4d82cbd31cf88f3e2e16a4e960e1e0b5825fc0f2b21d660cf60069d43fb6a8a96c44fa922164f02c9cd5ebb6fad848871224d157777b5a70dc6deb988506bd03aa4ce2200e9ce23641221784250c22d2c8635a3512f45d433cf66e158eb261f48a23d54f5ef4358df3487da471eb5775bdba565ee170be126b2300d0dad050212606f2d77a63fa2ab430e62670e852b89944e611509415bee36bf0961c8918bd8b0eb8af45b1a9d0420c7101a9c5f4a63efb9cc8de7897b5e2b02cb5885ad8d0d8ac7754ba8d4e9d37175e614e3f3a6a7b122bbc6dd9ce78f1b9a4e940a1160bb85650d8932fe1a82d0525630ba017be5129625a45c3cae66c7cdaa33ee704791db81ef2e11a2f528974fa388cd929c934dbdb21425e6117839ab33b2926b036457db3a43083c3ec17231aed4ee5b607a45a5735c9470c03a424b43efcea953c078717344aeb1449c0dfa3a3ec224b542c16cf735466bdaf26b522aef1db547b14f07ebd4f5da34426a46007757be47ed3f643c47f2c4467762cd049d6f4cf8a78d04f8318bdedcee80871e91c0330499d88254555c456d9bde8a892394267eac15c230cf7e7ba19ebc01b1905c80476de3cea8258f6d0820d159f4aa8a37fb378b2685da4e0e89d253187219869f1157bbe4a8a43eabf65e86a6d9b21e25d91c43c3036914427833ed87073886719069148e2e47219bb5da5d9664d64dc5c4ff71c0e808dadbb53a23e41e3c02fd0c9e0704490f3283d1864d15d795882e6522f31445556cab6832f273dac0c7aef4e3f8c09a34d1624fdb087d852f2e827fb2c3105f1afda54b9dc12cfde3cf7747daa5ac70904e82636a13155303f9a1198d6e7f9dc7be394ebc5db9e8380e290e6cae5f320caa56aa94490789fce2e2540b3de8865396f58e14d61d3cb122f7bd1af5a27c6fe733eba3cc39106efc906ea967fb833e2480aa80bd56ccd9e5c25304e2b8135f1453af70059e599cb67bc8eaaa38c39768e74d3da8aba0135f0192d7ddf0149ce62f353b0360251f1f88b272c6e85b4ee4e0563a6de80de83749af6e6aa4d80cab7031aff3f7e8d0c9114940549f828a62be9fd6a16db001369728b4b93d4ecf91563ae03def3ca4e9900a97657c4ff1e41c5742fb3329ba882ed61645aedb22f2543b83cd4007e5d228697a48064acc32ece41f2d5ead3f31a9689249e8b4bb57ac0b136b6c60ec531708235b94db823344aafbb9b79e21959635664b2193c3add0b28767906b7ba4118e6548e9a23b49e9181dc6f7dc7857425c9ab1b1451bc4572fd060190d0b5a76b8368b68e72a212bd0f89d0778d293b1d32f155f30c9aafe7215d2e746ea8f2c73a30bcd8c093a489519b60616b15afe69074ee77fb65caf5faf0aad49106057a91fdcd622a07ac21eb5c221f2e65323228af41b3eb894517c34c4f60ba20fb6f6c4309a7357884c0eeeb0a4874550107f2d0ffdc412f86bdf712f96183b3932cfb4da3f179cde1a288df9af09c243fae8c67b0d208d9cdb7adde8d5e548e0624b19da4818ef656b88280a", 0x1000}, 0x1006) getpeername$packet(0xffffffffffffffff, 0x0, 0x0) r4 = semget(0x3, 0x0, 0x2) semctl$GETVAL(r4, 0x3, 0xc, &(0x7f0000000300)=""/131) recvfrom$packet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) fadvise64(r3, 0x0, 0x0, 0x4) r5 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) sendfile(r1, r5, 0x0, 0x8000fffffffe) 03:43:10 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f000080e000)=ANY=[@ANYBLOB="020e00000c0000004f4881260000000005000600008000000a0000000000000000000000000000000000000000000000000000000000000005000500000000000a00000000000000fe8000000000000000000000000000ff0000000000000000"], 0x60}}, 0x0) 03:43:10 executing program 0: clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x1) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x20000000, 0xd0}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 03:43:10 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000180)="0adc1f123c123f3188b070") r1 = socket$inet6(0xa, 0x400000000001, 0x0) bind$inet6(r1, &(0x7f0000000200)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r1, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) syz_genetlink_get_family_id$net_dm(0x0) r2 = perf_event_open$cgroup(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, 0xffffffffffffffff) sendmsg$NET_DM_CMD_STOP(0xffffffffffffffff, 0x0, 0x0) chdir(&(0x7f0000000240)='./file0\x00') openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x26e1, 0x0) r3 = open(&(0x7f0000000140)='./bus\x00', 0x141042, 0x0) fchown(r2, 0x0, 0x0) ioctl$TUNGETSNDBUF(r3, 0x800454d3, &(0x7f00000001c0)) getuid() syz_mount_image$hfsplus(&(0x7f0000000040)='hfsplus\x00', &(0x7f0000000080)='./bus\x00', 0x3, 0x1, &(0x7f0000000700)=[{0x0, 0x3b6}], 0x0, 0x0) msgget(0xffffffffffffffff, 0x0) msgrcv(0x0, 0x0, 0xfffffc46, 0x0, 0x0) lsetxattr$trusted_overlay_origin(0x0, 0x0, 0x0, 0x0, 0x0) write$UHID_INPUT(r3, &(0x7f0000002480)={0x8, "c0c814a55b6300d28afc61ac7dd1ffb869b761e8e53ee36e4be89e9fea175523e4468dec44bf8b5473c7a5062b4ede67dcb24cb9484ccfff2b3a70befc56e8ab2eee3483f5bf78c16beac035b700eb84e2216f268d02b717d2046c273814475b412437f7dc08a13a55d3c02132999dfd9fe80b750eff4d7c1da975b3835602728ae09e72527fcee19377e29c6c19e1ccce0f75e0e54001e3e83e473fa3d37eca8be1b3de565571e0e84f310c11fa8616068113b038aaa5c69967699fc2aa41c6f26fc22cf68e3577242c9b4ca20fab9de5885e0648fbd7af089b05f38f152d2f8144461608733c567b6dc5d2a07022c3764565c85abcfd99dd7a85e58939278235d50e8b321be7dbaa5141e097c28364fad2f713d666ca94f4e429687fcabb72aceeaf8abe5b506d98dc393b6e97492d785ead0ca2953f92c4d2b2c9f616e3d98b36be55a923fc5892413f7a3b615cec89b52e0ecdcee0aa5af72bcbb91b4bade7435dd8b529feaf13f8b48fcaca5952235d2e909f8831d8ca05a0daa3f6c581f388e0c1879b41fe63ef3d122bd0c5acd4fb07b96797918791075ae7383bb1bbdea574b31301ff37ecc45671ee2e7fc55bf6244025d1fd82dca56a42a23aa826a0b1e102bd87893ddc05649304eb1866c796e46e0d57f552bd572891ef892918bb2e7f2c6bcf68f388ea0c50f48c06de1b46b1434cdf25ca1288ebabe2a33d1c6effb77f91ef75471e93952caeda8ac2b2677e46d62b8366922d093832bccb949e177b4417864812d22972d81d89158288b5318d017329d4e8f66273abf74c434f318ebf32c7629342a85336387231b1e579d57cff0b125bef9dddf0fc33f71cb59d5a8972cda06ba6bba4a89cb8d3b465492c431698984998b2979ea61fed3d99b049724f2bdda5a0700ccb28825da1343f41290e569a6d38d4ae3968147cf39b097efd78e058fc71523c12e724bf93dc4ecc02b5cb18d13b59ec8f85368ac1ea93ed0149c60c53569dc69cdb3f37470eab26ef010b03a7e651b9e8e9065da347660836eddb3988c9a0f394aad055f727310f646d6cb35131d02aaf24735792bfce250798bebf0d1a4495fca568b9449e81afef2937b50faf873257d7efa07d31759474d50ca2a7922e79ab47dd59b11dfd1ec43fef3551aed81d01ee4ab997c6cecc39013dcaa442aec803e4cebbc288b4f9e87b30613f0ec88ddc6f60f56787f4040897e6e6bdac317d74b27f97f2efadb031f03c61954fd0232373582b7fa315d3eb9f67053126d2ed0636f04d669c47bdeb078fbda177533902e20b5ce9d8f395ea4c0aaf2cae774fe99bc40105a9ca184bcb598ab2f49c1df62d32d1a6d73a26812cb47a2ccaf0e9b759df89ad1e18238d897b9fd658f6786a92a0c12bd0ee6dad8a430a67962363e5b9afb3329e4f1f6fcd7e63cb8f24872bcf5b8c349d9ce423666ca39f16884219dea338b388e40f4ad996419cb3858637364d8e5af67f846d77b2749115131a3642ef56681315e4a2cbca5e60febabf693570f515e09c2a8994a8e2be3cba28118ef429d4de781118182607dd2c2d5aaba621ea29c140338bd8f1787fd2a3f43bb7fa22a8ce053adb331a4c78eab569af317e14360a6bf1c8b7394f34bfc1a941ac88dab334d5a2d45fc83bee28884698fd82339c972a06efb369220049ca89727513bd4262ad6f94f55f659ec98b684b1d92e1b6a303548a196cc5316e9845baaf01e737ef047d3d1ac4fe13de618e8fd6471c225e688b73b866213f4765c1a1ecf041f66a11177b0425b0423c455dccfa35a34f3b1c4c9850267bd41dcc366f4f8fef6982699e9aee7f3edff90217c84f6865234676e65911e5e99739792161766e959d061d6e86797b595ae3cffc043da0929dce1b4bd27e04532800f14f69398a681d46f00197f547fa138e676a4c84e586e9a2037faad7d7342221c229ff13606688ab70305dc28d01270604fbcb2b5777541e637a10e7d6c2dfa76461b18c8b303234282f31b7ed8afd0cdcc3978c6520a182000ea312296c7d9df08c2a67b944bc519113822014a831c8d6a7f8d26a7a443666b6077bdc1c11cf47001bcbb484d163543445c77a02140191bbb813da818b4dc3ef1ca420f624e5cb67c48024aeb8691b549202750899938067a3ad49da19e9fffc6486b3525fba8b2ff991fb3b4c1a536818f2dad96f713ac264a22136c6a3a9eacb4f69ab08cfe2b971a7d916833c6a0370d4b0bc428db2e4b4013899668b73caf9c983e2f07e46b4b5b4f0d231edee8b1951e1d0e34c881d1fc5c6be05b92b13680398e7109bd18048f0bd980fceb24e59411873e7a8a7f95f4da2ba5c082fdda710361e163a213a3dbb82c08a69020545da4636c09a67cd962182a011cf5eb1c3d999abc7b834ee518bb53afe19941927ca190699abf79c334c52e206fc851deb7398947ad5bd125ef3f51349497142e921c85506c739f6319ae0eb8e3c551ceb7e16afc2d6aad36841ed8eb560ef984ee5e00f1ead2c646546b3c145e3700b07fc257551641cf3dcb76a8b3cc75994f2c3eb521cea22d64c8b72b2de506fde8185b70b4707b7f571668a5925ca21e605904d7c896a5d7290b9c4fc75ecc7ddbbd7f6f003a74f53d1a5432e0377a3efce1e7ac61e36dc13aeea57400d4d3986db3fccb6edaf83f86daeb42f416f58c502e74178e013b399d0b155e0df86b40b5f3f2ab0ad61c90870cee340c07977b55622699101e5372677dd4e208fa6b5d4834a2d6f37b2ead107218aa0e702d1f6a60bd4ad3a2e22807237129fdc02993ef1fffe3c285bd4f7b093b2da8d772ce2df7874bf9b7fd0893eb66a4931acc38129bfe4a8fc6b28ea83bcca1220b66c86d4d90914bb9e9a425fce618f11b66f93aa78515eac0f3956cb1e8b6f12d7f6f22c1ca5563e280b15c64732aec2a37d6010cee0fd2263ea3ea2011043153284b4a5fc87cc0dd8c36f084ce715a6e9ba3e8b2586726255d122f2b5677d6590405ae031df8f83840ef3011a7f5d18037407758270d980aa65d5a4aa26a35a61b65178b6183b282771e89a8fe47bd3ea5a23146b924a47c3cc2540a9c8d91d4a8924e010fb6d3e60457e0aa86749cc3444707fda055a0f489aecda68af7f0d7d31cf25641a10bcc0d00996cddf9059121639fa3ff2e5490bae6b702fcf226d8e50f27f0973e5e4cf543445524d0fe3bd55d3f215978bfabcba0d44c076f5b333b2095c70f6a5426338bf0c065ddce27f6730606d84d1ccef8cebcd15085fa8a5d0975dc47eeb09a4ab6da21d01916c97f4e266c4b01f2bfb3b6a08bb5a7cf834e56782d824e7c55b591cd883ed9e806a4f7033bbab49a2b8ab2cb0f6da9d76968208236b35a51f8eba3769a676ad60d69c475706a630f3a078ebaa6ba5bc25719867cb61d48cc3a381b261165c04f3c93f37d72fc15f43df1de34e24e80a46f5d15fb362e71cb4a5365dde04a53dc5e42745fbd601ff148db416244dd76ac16f24138ef9a02491eb5b48d731a8bdcd46040d0ff11a07c040b83db84bfd21ffb1d818203cb7d3f8fca47f1dc510afa8219ab031aaba2147aed7c50228930e895a72abf55ca6997131e231ea92e0059b680735548adf2d572c3540e096a644deb3750e3b341bbeffee70ff22e0b4e56142e4c1965c01a646dd9b5b0055f88f08987ad45adb844b9ffc84792073048c28bcb60f2666802052ee45dcd9a2950d55ecf0234a3dcf67e83cfa0bfb1285eb54e6292d8075c9e1b459e48556f416898557c9c864fc5de459feb53e33dd1a6860a2d1a836ab5ff6efaee123b3715a7137787ee4345efbce38074e262f363a8ff400345c8539d44a7286c7291246810bce063f0877db6585842380b530a4aaef6e36779a95fed220cef6c1fff2fdd5031f83987dc3282d432f322852cc9dc6d00c59d5ed83b386ff97c521e528e59f2df932467ac02d17f8818c2de26d69725f42cecaf186fab7b6e10b1ebd9a9a12ed83cd382d9a6f9a9bed2736cb0ec0260057f5ec704d2e1a64caad59e02ff2022174b23564cb0942e6769b12e0ae4d65dc4c5e6b6ceaf2667e085909c93a9768b7bfdac612801c0bc3848bad51e2367f788cbd1c5091ce0e9c567528c72003712e91247d87f1ff60d3865fc687a35886822079392f8d151b89e09469bef98e59139c460a53805a93245148cbb9a6a010dadc87e9b1a0e0a89e87e433ff1c0ad4b125760858c8badff4d82cbd31cf88f3e2e16a4e960e1e0b5825fc0f2b21d660cf60069d43fb6a8a96c44fa922164f02c9cd5ebb6fad848871224d157777b5a70dc6deb988506bd03aa4ce2200e9ce23641221784250c22d2c8635a3512f45d433cf66e158eb261f48a23d54f5ef4358df3487da471eb5775bdba565ee170be126b2300d0dad050212606f2d77a63fa2ab430e62670e852b89944e611509415bee36bf0961c8918bd8b0eb8af45b1a9d0420c7101a9c5f4a63efb9cc8de7897b5e2b02cb5885ad8d0d8ac7754ba8d4e9d37175e614e3f3a6a7b122bbc6dd9ce78f1b9a4e940a1160bb85650d8932fe1a82d0525630ba017be5129625a45c3cae66c7cdaa33ee704791db81ef2e11a2f528974fa388cd929c934dbdb21425e6117839ab33b2926b036457db3a43083c3ec17231aed4ee5b607a45a5735c9470c03a424b43efcea953c078717344aeb1449c0dfa3a3ec224b542c16cf735466bdaf26b522aef1db547b14f07ebd4f5da34426a46007757be47ed3f643c47f2c4467762cd049d6f4cf8a78d04f8318bdedcee80871e91c0330499d88254555c456d9bde8a892394267eac15c230cf7e7ba19ebc01b1905c80476de3cea8258f6d0820d159f4aa8a37fb378b2685da4e0e89d253187219869f1157bbe4a8a43eabf65e86a6d9b21e25d91c43c3036914427833ed87073886719069148e2e47219bb5da5d9664d64dc5c4ff71c0e808dadbb53a23e41e3c02fd0c9e0704490f3283d1864d15d795882e6522f31445556cab6832f273dac0c7aef4e3f8c09a34d1624fdb087d852f2e827fb2c3105f1afda54b9dc12cfde3cf7747daa5ac70904e82636a13155303f9a1198d6e7f9dc7be394ebc5db9e8380e290e6cae5f320caa56aa94490789fce2e2540b3de8865396f58e14d61d3cb122f7bd1af5a27c6fe733eba3cc39106efc906ea967fb833e2480aa80bd56ccd9e5c25304e2b8135f1453af70059e599cb67bc8eaaa38c39768e74d3da8aba0135f0192d7ddf0149ce62f353b0360251f1f88b272c6e85b4ee4e0563a6de80de83749af6e6aa4d80cab7031aff3f7e8d0c9114940549f828a62be9fd6a16db001369728b4b93d4ecf91563ae03def3ca4e9900a97657c4ff1e41c5742fb3329ba882ed61645aedb22f2543b83cd4007e5d228697a48064acc32ece41f2d5ead3f31a9689249e8b4bb57ac0b136b6c60ec531708235b94db823344aafbb9b79e21959635664b2193c3add0b28767906b7ba4118e6548e9a23b49e9181dc6f7dc7857425c9ab1b1451bc4572fd060190d0b5a76b8368b68e72a212bd0f89d0778d293b1d32f155f30c9aafe7215d2e746ea8f2c73a30bcd8c093a489519b60616b15afe69074ee77fb65caf5faf0aad49106057a91fdcd622a07ac21eb5c221f2e65323228af41b3eb894517c34c4f60ba20fb6f6c4309a7357884c0eeeb0a4874550107f2d0ffdc412f86bdf712f96183b3932cfb4da3f179cde1a288df9af09c243fae8c67b0d208d9cdb7adde8d5e548e0624b19da4818ef656b88280a", 0x1000}, 0x1006) getpeername$packet(0xffffffffffffffff, 0x0, 0x0) r4 = semget(0x3, 0x0, 0x2) semctl$GETVAL(r4, 0x3, 0xc, &(0x7f0000000300)=""/131) recvfrom$packet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) fadvise64(r3, 0x0, 0x0, 0x4) r5 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) sendfile(r1, r5, 0x0, 0x8000fffffffe) 03:43:10 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f000080e000)=ANY=[@ANYBLOB="0207000000000000000000000000000005000600008000000a0000000000000000000000000000000000000000000000050085d79b613a00000000000000fe8000000000000000000000000000ff00000000000000000000000000000000"], 0x60}}, 0x0) r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/autofs\x00', 0x10000, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(r1, 0x89e2, &(0x7f0000000040)={r0}) 03:43:10 executing program 0: clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x1) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x20000000, 0xd0}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) [ 1284.321368][ T26] audit: type=1804 audit(2000000590.739:2573): pid=9051 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/file0/file0/file0/file0/file0/root/syzkaller-testdir754838547/syzkaller.QfY93s/1465/bus" dev="sda1" ino=17089 res=1 [ 1284.551822][ T26] audit: type=1804 audit(2000000590.979:2574): pid=9063 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/file0/file0/file0/file0/file0/root/syzkaller-testdir754838547/syzkaller.QfY93s/1466/bus" dev="sda1" ino=17106 res=1 [ 1284.574075][ T9055] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 1284.600874][ T9055] CPU: 1 PID: 9055 Comm: syz-executor.4 Not tainted 5.1.0-rc1-next-20190319 #6 [ 1284.609904][ T9055] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1284.619955][ T9055] Call Trace: [ 1284.623252][ T9055] dump_stack+0x172/0x1f0 [ 1284.627588][ T9055] dump_header+0x10f/0xb6c [ 1284.632006][ T9055] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1284.637808][ T9055] ? ___ratelimit+0x60/0x595 [ 1284.642399][ T9055] ? do_raw_spin_unlock+0x57/0x270 [ 1284.647508][ T9055] oom_kill_process.cold+0x10/0x15 [ 1284.652620][ T9055] out_of_memory+0x79a/0x1280 [ 1284.657295][ T9055] ? lock_downgrade+0x880/0x880 [ 1284.662142][ T9055] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1284.668380][ T9055] ? oom_killer_disable+0x280/0x280 [ 1284.673574][ T9055] ? find_held_lock+0x35/0x130 [ 1284.678351][ T9055] mem_cgroup_out_of_memory+0x1ca/0x230 [ 1284.683891][ T9055] ? memcg_event_wake+0x230/0x230 [ 1284.688919][ T9055] ? do_raw_spin_unlock+0x57/0x270 [ 1284.694029][ T9055] ? _raw_spin_unlock+0x2d/0x50 [ 1284.698877][ T9055] try_charge+0x118d/0x1790 [ 1284.703384][ T9055] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1284.708932][ T9055] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1284.715182][ T9055] ? kasan_check_read+0x11/0x20 [ 1284.720035][ T9055] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1284.725580][ T9055] mem_cgroup_try_charge+0x24d/0x5e0 [ 1284.730869][ T9055] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1284.736501][ T9055] __handle_mm_fault+0x1e1f/0x3ec0 [ 1284.741620][ T9055] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1284.747165][ T9055] ? find_held_lock+0x35/0x130 [ 1284.751926][ T9055] ? handle_mm_fault+0x322/0xb30 [ 1284.756877][ T9055] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1284.763120][ T9055] ? kasan_check_read+0x11/0x20 [ 1284.767983][ T9055] handle_mm_fault+0x43f/0xb30 [ 1284.772754][ T9055] __get_user_pages+0x7b6/0x1a40 [ 1284.777703][ T9055] ? follow_page_mask+0x19a0/0x19a0 [ 1284.782901][ T9055] ? perf_trace_lock+0xeb/0x510 [ 1284.787749][ T9055] ? __vma_adjust+0x1840/0x1840 [ 1284.792606][ T9055] ? lock_acquire+0x16f/0x3f0 [ 1284.797283][ T9055] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1284.803525][ T9055] populate_vma_page_range+0x20d/0x2a0 [ 1284.808986][ T9055] __mm_populate+0x204/0x380 [ 1284.813577][ T9055] ? populate_vma_page_range+0x2a0/0x2a0 [ 1284.819218][ T9055] __x64_sys_mlockall+0x35c/0x520 [ 1284.824247][ T9055] do_syscall_64+0x103/0x610 [ 1284.828839][ T9055] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1284.834730][ T9055] RIP: 0033:0x458079 [ 1284.838621][ T9055] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1284.858221][ T9055] RSP: 002b:00007fa3c5772c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 1284.866649][ T9055] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000458079 [ 1284.874613][ T9055] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 1284.882579][ T9055] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1284.890551][ T9055] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa3c57736d4 [ 1284.898529][ T9055] R13: 00000000004c3d3a R14: 00000000004d6f20 R15: 00000000ffffffff [ 1284.931607][ T9055] memory: usage 307156kB, limit 307200kB, failcnt 1295 [ 1284.938499][ T9055] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1284.968478][ T9055] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1284.975650][ T9055] Memory cgroup stats for /syz4: cache:0KB rss:279840KB rss_huge:20480KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:235456KB active_anon:27424KB inactive_file:4KB active_file:0KB unevictable:17008KB [ 1285.000745][ T9055] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=9054,uid=0 [ 1285.016666][ T9055] Memory cgroup out of memory: Killed process 9054 (syz-executor.4) total-vm:72448kB, anon-rss:16740kB, file-rss:37164kB, shmem-rss:0kB [ 1285.031066][ T1043] oom_reaper: reaped process 9054 (syz-executor.4), now anon-rss:16788kB, file-rss:37940kB, shmem-rss:0kB 03:43:13 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000440), 0x132224) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() setsockopt$IPT_SO_SET_REPLACE(r1, 0x0, 0x40, &(0x7f00000000c0)=ANY=[@ANYBLOB="6e61853167377400000100000000000000000000e4dbb77487e90104000000000040800000000000001b2300000503000018030000cc0000ac010000000000001004d1e090e1fe916dd282e0f34f8dfac0dc1695c4d700001004000010030002d3a379b87c5ade6e27a603551ae6543351c2f2d3c00f3f72e011777424c981c41f852110e5d4a50bc78b2aa66b63012812d04b94d660aab341cfe8364422b866cd445d5d0f4d6715baea5900323e00000000000071cf4f04009500"], 0x1) ptrace$setopts(0x4206, r2, 0x0, 0x0) wait4(0x0, 0x0, 0x0, 0x0) tkill(r2, 0x3c) 03:43:13 executing program 0: clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x1) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x20000000, 0xd0}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 03:43:13 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) r1 = syz_open_dev$amidi(&(0x7f00000000c0)='/dev/amidi#\x00', 0xc4a, 0x0) r2 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000100)='/dev/snapshot\x00', 0x4080, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(r1, 0x89e0, &(0x7f0000000140)={r0, r2}) ioctl$NBD_SET_FLAGS(r1, 0xab0a, 0x228) r3 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x80, 0x0) signalfd(r0, &(0x7f0000000180)={0x7}, 0x8) ioctl$VIDIOC_G_FBUF(r3, 0x8030560a, &(0x7f0000000080)={0xa0, 0x2, &(0x7f0000000040)="729c542d0513e2576ab562613805c81edfaff64e287b8f61de476154397c1e35820dff49d82f6cbfc05df807d6a6e603e73a575081621f3bb122", {0x800, 0x2, 0x56555959, 0x8, 0xffffffffffffff00, 0x101, 0x2, 0x6}}) sendmsg$key(r0, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f000080e000)={0x2, 0x7, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0xffffff80, 0x0, @in6}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0x15}}, 0x0) 03:43:13 executing program 5: socket$inet_sctp(0x2, 0x5, 0x84) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f00000003c0)=ANY=[@ANYBLOB="7cdaf117ad949c33f5436f8e61287af40e63e6559df00e1c92e3892c4c1cde1e61dc755864675bb0084e5e8ed007ed531d2e2cbd9c775f9e6d807d11e9e6c7c13e9b9937"], 0x0) ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x8914, &(0x7f0000000000)={'bridge0\x00\x00\x01\x00'}) setsockopt$ARPT_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x0, 0x61, &(0x7f0000000080)={'filter\x00', 0x4}, 0x68) setsockopt$inet6_mtu(0xffffffffffffffff, 0x29, 0x17, &(0x7f00000001c0)=0x2, 0x4) ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x8923, &(0x7f0000000040)={'bridge0\x00', 0xfffffffffffffffd}) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) socket$inet(0x2, 0x4000000000000001, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCBRADDBR(r3, 0x89a0, &(0x7f00000000c0)='bcsf0\x00') setsockopt$inet6_mtu(r2, 0x29, 0x17, &(0x7f00000002c0)=0x7, 0x4) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(tnepres)\x00'}, 0x58) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r1, 0x84, 0x7c, &(0x7f0000000680)={0x0, 0x4}, &(0x7f00000006c0)=0x8) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000700)={0x0, 0x0, 0x2, 0x1, r5}, 0x10) r6 = accept4(r4, 0x0, &(0x7f0000000000), 0x0) setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000000100), 0x0) r7 = syz_genetlink_get_family_id$nbd(&(0x7f0000000740)='nbd\x00') sendmsg$NBD_CMD_STATUS(r3, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)={0x20, r7, 0x20, 0x70bd27, 0x25dfdbfd, {}, [@NBD_ATTR_TIMEOUT={0xc, 0x4, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x4000) sendto$unix(r6, &(0x7f0000000400), 0xfffffffffffffef8, 0x0, 0x0, 0x22) bind$bt_l2cap(r1, &(0x7f0000000280)={0x1f, 0x1000, {0x2, 0x8, 0x9, 0xff, 0x40, 0x65f}, 0x5, 0xa1}, 0xe) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000200)={r2, &(0x7f0000000140)="b127e17bb4729bdbe9df3309c28cfe1b0b69a52b7f9659d9f5e15f2d086700eb94d66d46780f09e48850970774d57053aa6f75", 0x0, 0x1}, 0x20) socket$alg(0x26, 0x5, 0x0) recvmmsg(r6, &(0x7f0000009140)=[{{&(0x7f0000001580)=@in={0x2, 0x0, @dev}, 0x80, &(0x7f0000004840)=[{&(0x7f0000003840)=""/4096, 0x6}, {&(0x7f0000001600)=""/129, 0x7fffeffa}], 0x2, &(0x7f00000048c0)=""/58, 0x3a}}], 0x1, 0x0, &(0x7f0000009340)={0x0, 0x989680}) ioctl$sock_SIOCBRDELBR(r3, 0x89a1, &(0x7f0000000180)='bcsf0\x00\x00\x00\x00\x00\x00\x00\x11\x00') getsockopt$bt_rfcomm_RFCOMM_LM(r2, 0x12, 0x3, &(0x7f0000000380), &(0x7f0000000240)=0x293) sendmsg$nl_xfrm(r0, &(0x7f0000000100)={&(0x7f0000f4dff4), 0xc, &(0x7f0000000040)={&(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000c011100"], 0x1}}, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000600)={'bridge0\x00'}) 03:43:13 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000180)="0adc1f123c123f3188b070") r1 = socket$inet6(0xa, 0x400000000001, 0x0) bind$inet6(r1, &(0x7f0000000200)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r1, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) syz_genetlink_get_family_id$net_dm(0x0) r2 = perf_event_open$cgroup(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, 0xffffffffffffffff) sendmsg$NET_DM_CMD_STOP(0xffffffffffffffff, 0x0, 0x0) chdir(&(0x7f0000000240)='./file0\x00') openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x26e1, 0x0) r3 = open(&(0x7f0000000140)='./bus\x00', 0x141042, 0x0) fchown(r2, 0x0, 0x0) ioctl$TUNGETSNDBUF(r3, 0x800454d3, &(0x7f00000001c0)) getuid() syz_mount_image$hfsplus(&(0x7f0000000040)='hfsplus\x00', &(0x7f0000000080)='./bus\x00', 0x3, 0x1, &(0x7f0000000700)=[{0x0, 0x3b6}], 0x0, 0x0) msgget(0xffffffffffffffff, 0x0) msgrcv(0x0, 0x0, 0xfffffc46, 0x0, 0x0) lsetxattr$trusted_overlay_origin(0x0, 0x0, 0x0, 0x0, 0x0) write$UHID_INPUT(r3, &(0x7f0000002480)={0x8, "c0c814a55b6300d28afc61ac7dd1ffb869b761e8e53ee36e4be89e9fea175523e4468dec44bf8b5473c7a5062b4ede67dcb24cb9484ccfff2b3a70befc56e8ab2eee3483f5bf78c16beac035b700eb84e2216f268d02b717d2046c273814475b412437f7dc08a13a55d3c02132999dfd9fe80b750eff4d7c1da975b3835602728ae09e72527fcee19377e29c6c19e1ccce0f75e0e54001e3e83e473fa3d37eca8be1b3de565571e0e84f310c11fa8616068113b038aaa5c69967699fc2aa41c6f26fc22cf68e3577242c9b4ca20fab9de5885e0648fbd7af089b05f38f152d2f8144461608733c567b6dc5d2a07022c3764565c85abcfd99dd7a85e58939278235d50e8b321be7dbaa5141e097c28364fad2f713d666ca94f4e429687fcabb72aceeaf8abe5b506d98dc393b6e97492d785ead0ca2953f92c4d2b2c9f616e3d98b36be55a923fc5892413f7a3b615cec89b52e0ecdcee0aa5af72bcbb91b4bade7435dd8b529feaf13f8b48fcaca5952235d2e909f8831d8ca05a0daa3f6c581f388e0c1879b41fe63ef3d122bd0c5acd4fb07b96797918791075ae7383bb1bbdea574b31301ff37ecc45671ee2e7fc55bf6244025d1fd82dca56a42a23aa826a0b1e102bd87893ddc05649304eb1866c796e46e0d57f552bd572891ef892918bb2e7f2c6bcf68f388ea0c50f48c06de1b46b1434cdf25ca1288ebabe2a33d1c6effb77f91ef75471e93952caeda8ac2b2677e46d62b8366922d093832bccb949e177b4417864812d22972d81d89158288b5318d017329d4e8f66273abf74c434f318ebf32c7629342a85336387231b1e579d57cff0b125bef9dddf0fc33f71cb59d5a8972cda06ba6bba4a89cb8d3b465492c431698984998b2979ea61fed3d99b049724f2bdda5a0700ccb28825da1343f41290e569a6d38d4ae3968147cf39b097efd78e058fc71523c12e724bf93dc4ecc02b5cb18d13b59ec8f85368ac1ea93ed0149c60c53569dc69cdb3f37470eab26ef010b03a7e651b9e8e9065da347660836eddb3988c9a0f394aad055f727310f646d6cb35131d02aaf24735792bfce250798bebf0d1a4495fca568b9449e81afef2937b50faf873257d7efa07d31759474d50ca2a7922e79ab47dd59b11dfd1ec43fef3551aed81d01ee4ab997c6cecc39013dcaa442aec803e4cebbc288b4f9e87b30613f0ec88ddc6f60f56787f4040897e6e6bdac317d74b27f97f2efadb031f03c61954fd0232373582b7fa315d3eb9f67053126d2ed0636f04d669c47bdeb078fbda177533902e20b5ce9d8f395ea4c0aaf2cae774fe99bc40105a9ca184bcb598ab2f49c1df62d32d1a6d73a26812cb47a2ccaf0e9b759df89ad1e18238d897b9fd658f6786a92a0c12bd0ee6dad8a430a67962363e5b9afb3329e4f1f6fcd7e63cb8f24872bcf5b8c349d9ce423666ca39f16884219dea338b388e40f4ad996419cb3858637364d8e5af67f846d77b2749115131a3642ef56681315e4a2cbca5e60febabf693570f515e09c2a8994a8e2be3cba28118ef429d4de781118182607dd2c2d5aaba621ea29c140338bd8f1787fd2a3f43bb7fa22a8ce053adb331a4c78eab569af317e14360a6bf1c8b7394f34bfc1a941ac88dab334d5a2d45fc83bee28884698fd82339c972a06efb369220049ca89727513bd4262ad6f94f55f659ec98b684b1d92e1b6a303548a196cc5316e9845baaf01e737ef047d3d1ac4fe13de618e8fd6471c225e688b73b866213f4765c1a1ecf041f66a11177b0425b0423c455dccfa35a34f3b1c4c9850267bd41dcc366f4f8fef6982699e9aee7f3edff90217c84f6865234676e65911e5e99739792161766e959d061d6e86797b595ae3cffc043da0929dce1b4bd27e04532800f14f69398a681d46f00197f547fa138e676a4c84e586e9a2037faad7d7342221c229ff13606688ab70305dc28d01270604fbcb2b5777541e637a10e7d6c2dfa76461b18c8b303234282f31b7ed8afd0cdcc3978c6520a182000ea312296c7d9df08c2a67b944bc519113822014a831c8d6a7f8d26a7a443666b6077bdc1c11cf47001bcbb484d163543445c77a02140191bbb813da818b4dc3ef1ca420f624e5cb67c48024aeb8691b549202750899938067a3ad49da19e9fffc6486b3525fba8b2ff991fb3b4c1a536818f2dad96f713ac264a22136c6a3a9eacb4f69ab08cfe2b971a7d916833c6a0370d4b0bc428db2e4b4013899668b73caf9c983e2f07e46b4b5b4f0d231edee8b1951e1d0e34c881d1fc5c6be05b92b13680398e7109bd18048f0bd980fceb24e59411873e7a8a7f95f4da2ba5c082fdda710361e163a213a3dbb82c08a69020545da4636c09a67cd962182a011cf5eb1c3d999abc7b834ee518bb53afe19941927ca190699abf79c334c52e206fc851deb7398947ad5bd125ef3f51349497142e921c85506c739f6319ae0eb8e3c551ceb7e16afc2d6aad36841ed8eb560ef984ee5e00f1ead2c646546b3c145e3700b07fc257551641cf3dcb76a8b3cc75994f2c3eb521cea22d64c8b72b2de506fde8185b70b4707b7f571668a5925ca21e605904d7c896a5d7290b9c4fc75ecc7ddbbd7f6f003a74f53d1a5432e0377a3efce1e7ac61e36dc13aeea57400d4d3986db3fccb6edaf83f86daeb42f416f58c502e74178e013b399d0b155e0df86b40b5f3f2ab0ad61c90870cee340c07977b55622699101e5372677dd4e208fa6b5d4834a2d6f37b2ead107218aa0e702d1f6a60bd4ad3a2e22807237129fdc02993ef1fffe3c285bd4f7b093b2da8d772ce2df7874bf9b7fd0893eb66a4931acc38129bfe4a8fc6b28ea83bcca1220b66c86d4d90914bb9e9a425fce618f11b66f93aa78515eac0f3956cb1e8b6f12d7f6f22c1ca5563e280b15c64732aec2a37d6010cee0fd2263ea3ea2011043153284b4a5fc87cc0dd8c36f084ce715a6e9ba3e8b2586726255d122f2b5677d6590405ae031df8f83840ef3011a7f5d18037407758270d980aa65d5a4aa26a35a61b65178b6183b282771e89a8fe47bd3ea5a23146b924a47c3cc2540a9c8d91d4a8924e010fb6d3e60457e0aa86749cc3444707fda055a0f489aecda68af7f0d7d31cf25641a10bcc0d00996cddf9059121639fa3ff2e5490bae6b702fcf226d8e50f27f0973e5e4cf543445524d0fe3bd55d3f215978bfabcba0d44c076f5b333b2095c70f6a5426338bf0c065ddce27f6730606d84d1ccef8cebcd15085fa8a5d0975dc47eeb09a4ab6da21d01916c97f4e266c4b01f2bfb3b6a08bb5a7cf834e56782d824e7c55b591cd883ed9e806a4f7033bbab49a2b8ab2cb0f6da9d76968208236b35a51f8eba3769a676ad60d69c475706a630f3a078ebaa6ba5bc25719867cb61d48cc3a381b261165c04f3c93f37d72fc15f43df1de34e24e80a46f5d15fb362e71cb4a5365dde04a53dc5e42745fbd601ff148db416244dd76ac16f24138ef9a02491eb5b48d731a8bdcd46040d0ff11a07c040b83db84bfd21ffb1d818203cb7d3f8fca47f1dc510afa8219ab031aaba2147aed7c50228930e895a72abf55ca6997131e231ea92e0059b680735548adf2d572c3540e096a644deb3750e3b341bbeffee70ff22e0b4e56142e4c1965c01a646dd9b5b0055f88f08987ad45adb844b9ffc84792073048c28bcb60f2666802052ee45dcd9a2950d55ecf0234a3dcf67e83cfa0bfb1285eb54e6292d8075c9e1b459e48556f416898557c9c864fc5de459feb53e33dd1a6860a2d1a836ab5ff6efaee123b3715a7137787ee4345efbce38074e262f363a8ff400345c8539d44a7286c7291246810bce063f0877db6585842380b530a4aaef6e36779a95fed220cef6c1fff2fdd5031f83987dc3282d432f322852cc9dc6d00c59d5ed83b386ff97c521e528e59f2df932467ac02d17f8818c2de26d69725f42cecaf186fab7b6e10b1ebd9a9a12ed83cd382d9a6f9a9bed2736cb0ec0260057f5ec704d2e1a64caad59e02ff2022174b23564cb0942e6769b12e0ae4d65dc4c5e6b6ceaf2667e085909c93a9768b7bfdac612801c0bc3848bad51e2367f788cbd1c5091ce0e9c567528c72003712e91247d87f1ff60d3865fc687a35886822079392f8d151b89e09469bef98e59139c460a53805a93245148cbb9a6a010dadc87e9b1a0e0a89e87e433ff1c0ad4b125760858c8badff4d82cbd31cf88f3e2e16a4e960e1e0b5825fc0f2b21d660cf60069d43fb6a8a96c44fa922164f02c9cd5ebb6fad848871224d157777b5a70dc6deb988506bd03aa4ce2200e9ce23641221784250c22d2c8635a3512f45d433cf66e158eb261f48a23d54f5ef4358df3487da471eb5775bdba565ee170be126b2300d0dad050212606f2d77a63fa2ab430e62670e852b89944e611509415bee36bf0961c8918bd8b0eb8af45b1a9d0420c7101a9c5f4a63efb9cc8de7897b5e2b02cb5885ad8d0d8ac7754ba8d4e9d37175e614e3f3a6a7b122bbc6dd9ce78f1b9a4e940a1160bb85650d8932fe1a82d0525630ba017be5129625a45c3cae66c7cdaa33ee704791db81ef2e11a2f528974fa388cd929c934dbdb21425e6117839ab33b2926b036457db3a43083c3ec17231aed4ee5b607a45a5735c9470c03a424b43efcea953c078717344aeb1449c0dfa3a3ec224b542c16cf735466bdaf26b522aef1db547b14f07ebd4f5da34426a46007757be47ed3f643c47f2c4467762cd049d6f4cf8a78d04f8318bdedcee80871e91c0330499d88254555c456d9bde8a892394267eac15c230cf7e7ba19ebc01b1905c80476de3cea8258f6d0820d159f4aa8a37fb378b2685da4e0e89d253187219869f1157bbe4a8a43eabf65e86a6d9b21e25d91c43c3036914427833ed87073886719069148e2e47219bb5da5d9664d64dc5c4ff71c0e808dadbb53a23e41e3c02fd0c9e0704490f3283d1864d15d795882e6522f31445556cab6832f273dac0c7aef4e3f8c09a34d1624fdb087d852f2e827fb2c3105f1afda54b9dc12cfde3cf7747daa5ac70904e82636a13155303f9a1198d6e7f9dc7be394ebc5db9e8380e290e6cae5f320caa56aa94490789fce2e2540b3de8865396f58e14d61d3cb122f7bd1af5a27c6fe733eba3cc39106efc906ea967fb833e2480aa80bd56ccd9e5c25304e2b8135f1453af70059e599cb67bc8eaaa38c39768e74d3da8aba0135f0192d7ddf0149ce62f353b0360251f1f88b272c6e85b4ee4e0563a6de80de83749af6e6aa4d80cab7031aff3f7e8d0c9114940549f828a62be9fd6a16db001369728b4b93d4ecf91563ae03def3ca4e9900a97657c4ff1e41c5742fb3329ba882ed61645aedb22f2543b83cd4007e5d228697a48064acc32ece41f2d5ead3f31a9689249e8b4bb57ac0b136b6c60ec531708235b94db823344aafbb9b79e21959635664b2193c3add0b28767906b7ba4118e6548e9a23b49e9181dc6f7dc7857425c9ab1b1451bc4572fd060190d0b5a76b8368b68e72a212bd0f89d0778d293b1d32f155f30c9aafe7215d2e746ea8f2c73a30bcd8c093a489519b60616b15afe69074ee77fb65caf5faf0aad49106057a91fdcd622a07ac21eb5c221f2e65323228af41b3eb894517c34c4f60ba20fb6f6c4309a7357884c0eeeb0a4874550107f2d0ffdc412f86bdf712f96183b3932cfb4da3f179cde1a288df9af09c243fae8c67b0d208d9cdb7adde8d5e548e0624b19da4818ef656b88280a", 0x1000}, 0x1006) getpeername$packet(0xffffffffffffffff, 0x0, 0x0) r4 = semget(0x3, 0x0, 0x2) semctl$GETVAL(r4, 0x3, 0xc, &(0x7f0000000300)=""/131) recvfrom$packet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) fadvise64(r3, 0x0, 0x0, 0x4) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) 03:43:13 executing program 4: socketpair$unix(0x1, 0x0, 0x0, 0x0) r0 = creat(0x0, 0x0) r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_STATUS(r0, 0xc05c5340, &(0x7f0000000200)={0xff, 0x9, 0xff, {}, 0x0, 0x1}) mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x0, 0x6031, 0xffffffffffffffff, 0x0) fcntl$dupfd(r2, 0x406, r1) 03:43:13 executing program 0: clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x1) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x20000000, 0xd0}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) [ 1286.936582][ T26] audit: type=1804 audit(2000000593.359:2575): pid=9072 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/file0/file0/file0/file0/file0/root/syzkaller-testdir754838547/syzkaller.QfY93s/1467/bus" dev="sda1" ino=17107 res=1 [ 1286.964739][ C1] net_ratelimit: 20 callbacks suppressed [ 1286.964749][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1286.964802][ C1] protocol 88fb is buggy, dev hsr_slave_1 03:43:13 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000180)="0adc1f123c123f3188b070") r1 = socket$inet6(0xa, 0x400000000001, 0x0) bind$inet6(r1, &(0x7f0000000200)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r1, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) syz_genetlink_get_family_id$net_dm(0x0) r2 = perf_event_open$cgroup(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, 0xffffffffffffffff) sendmsg$NET_DM_CMD_STOP(0xffffffffffffffff, 0x0, 0x0) chdir(&(0x7f0000000240)='./file0\x00') openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x26e1, 0x0) r3 = open(&(0x7f0000000140)='./bus\x00', 0x141042, 0x0) fchown(r2, 0x0, 0x0) ioctl$TUNGETSNDBUF(r3, 0x800454d3, &(0x7f00000001c0)) getuid() syz_mount_image$hfsplus(&(0x7f0000000040)='hfsplus\x00', &(0x7f0000000080)='./bus\x00', 0x3, 0x1, &(0x7f0000000700)=[{0x0, 0x3b6}], 0x0, 0x0) msgget(0xffffffffffffffff, 0x0) msgrcv(0x0, 0x0, 0xfffffc46, 0x0, 0x0) lsetxattr$trusted_overlay_origin(0x0, 0x0, 0x0, 0x0, 0x0) write$UHID_INPUT(r3, &(0x7f0000002480)={0x8, "c0c814a55b6300d28afc61ac7dd1ffb869b761e8e53ee36e4be89e9fea175523e4468dec44bf8b5473c7a5062b4ede67dcb24cb9484ccfff2b3a70befc56e8ab2eee3483f5bf78c16beac035b700eb84e2216f268d02b717d2046c273814475b412437f7dc08a13a55d3c02132999dfd9fe80b750eff4d7c1da975b3835602728ae09e72527fcee19377e29c6c19e1ccce0f75e0e54001e3e83e473fa3d37eca8be1b3de565571e0e84f310c11fa8616068113b038aaa5c69967699fc2aa41c6f26fc22cf68e3577242c9b4ca20fab9de5885e0648fbd7af089b05f38f152d2f8144461608733c567b6dc5d2a07022c3764565c85abcfd99dd7a85e58939278235d50e8b321be7dbaa5141e097c28364fad2f713d666ca94f4e429687fcabb72aceeaf8abe5b506d98dc393b6e97492d785ead0ca2953f92c4d2b2c9f616e3d98b36be55a923fc5892413f7a3b615cec89b52e0ecdcee0aa5af72bcbb91b4bade7435dd8b529feaf13f8b48fcaca5952235d2e909f8831d8ca05a0daa3f6c581f388e0c1879b41fe63ef3d122bd0c5acd4fb07b96797918791075ae7383bb1bbdea574b31301ff37ecc45671ee2e7fc55bf6244025d1fd82dca56a42a23aa826a0b1e102bd87893ddc05649304eb1866c796e46e0d57f552bd572891ef892918bb2e7f2c6bcf68f388ea0c50f48c06de1b46b1434cdf25ca1288ebabe2a33d1c6effb77f91ef75471e93952caeda8ac2b2677e46d62b8366922d093832bccb949e177b4417864812d22972d81d89158288b5318d017329d4e8f66273abf74c434f318ebf32c7629342a85336387231b1e579d57cff0b125bef9dddf0fc33f71cb59d5a8972cda06ba6bba4a89cb8d3b465492c431698984998b2979ea61fed3d99b049724f2bdda5a0700ccb28825da1343f41290e569a6d38d4ae3968147cf39b097efd78e058fc71523c12e724bf93dc4ecc02b5cb18d13b59ec8f85368ac1ea93ed0149c60c53569dc69cdb3f37470eab26ef010b03a7e651b9e8e9065da347660836eddb3988c9a0f394aad055f727310f646d6cb35131d02aaf24735792bfce250798bebf0d1a4495fca568b9449e81afef2937b50faf873257d7efa07d31759474d50ca2a7922e79ab47dd59b11dfd1ec43fef3551aed81d01ee4ab997c6cecc39013dcaa442aec803e4cebbc288b4f9e87b30613f0ec88ddc6f60f56787f4040897e6e6bdac317d74b27f97f2efadb031f03c61954fd0232373582b7fa315d3eb9f67053126d2ed0636f04d669c47bdeb078fbda177533902e20b5ce9d8f395ea4c0aaf2cae774fe99bc40105a9ca184bcb598ab2f49c1df62d32d1a6d73a26812cb47a2ccaf0e9b759df89ad1e18238d897b9fd658f6786a92a0c12bd0ee6dad8a430a67962363e5b9afb3329e4f1f6fcd7e63cb8f24872bcf5b8c349d9ce423666ca39f16884219dea338b388e40f4ad996419cb3858637364d8e5af67f846d77b2749115131a3642ef56681315e4a2cbca5e60febabf693570f515e09c2a8994a8e2be3cba28118ef429d4de781118182607dd2c2d5aaba621ea29c140338bd8f1787fd2a3f43bb7fa22a8ce053adb331a4c78eab569af317e14360a6bf1c8b7394f34bfc1a941ac88dab334d5a2d45fc83bee28884698fd82339c972a06efb369220049ca89727513bd4262ad6f94f55f659ec98b684b1d92e1b6a303548a196cc5316e9845baaf01e737ef047d3d1ac4fe13de618e8fd6471c225e688b73b866213f4765c1a1ecf041f66a11177b0425b0423c455dccfa35a34f3b1c4c9850267bd41dcc366f4f8fef6982699e9aee7f3edff90217c84f6865234676e65911e5e99739792161766e959d061d6e86797b595ae3cffc043da0929dce1b4bd27e04532800f14f69398a681d46f00197f547fa138e676a4c84e586e9a2037faad7d7342221c229ff13606688ab70305dc28d01270604fbcb2b5777541e637a10e7d6c2dfa76461b18c8b303234282f31b7ed8afd0cdcc3978c6520a182000ea312296c7d9df08c2a67b944bc519113822014a831c8d6a7f8d26a7a443666b6077bdc1c11cf47001bcbb484d163543445c77a02140191bbb813da818b4dc3ef1ca420f624e5cb67c48024aeb8691b549202750899938067a3ad49da19e9fffc6486b3525fba8b2ff991fb3b4c1a536818f2dad96f713ac264a22136c6a3a9eacb4f69ab08cfe2b971a7d916833c6a0370d4b0bc428db2e4b4013899668b73caf9c983e2f07e46b4b5b4f0d231edee8b1951e1d0e34c881d1fc5c6be05b92b13680398e7109bd18048f0bd980fceb24e59411873e7a8a7f95f4da2ba5c082fdda710361e163a213a3dbb82c08a69020545da4636c09a67cd962182a011cf5eb1c3d999abc7b834ee518bb53afe19941927ca190699abf79c334c52e206fc851deb7398947ad5bd125ef3f51349497142e921c85506c739f6319ae0eb8e3c551ceb7e16afc2d6aad36841ed8eb560ef984ee5e00f1ead2c646546b3c145e3700b07fc257551641cf3dcb76a8b3cc75994f2c3eb521cea22d64c8b72b2de506fde8185b70b4707b7f571668a5925ca21e605904d7c896a5d7290b9c4fc75ecc7ddbbd7f6f003a74f53d1a5432e0377a3efce1e7ac61e36dc13aeea57400d4d3986db3fccb6edaf83f86daeb42f416f58c502e74178e013b399d0b155e0df86b40b5f3f2ab0ad61c90870cee340c07977b55622699101e5372677dd4e208fa6b5d4834a2d6f37b2ead107218aa0e702d1f6a60bd4ad3a2e22807237129fdc02993ef1fffe3c285bd4f7b093b2da8d772ce2df7874bf9b7fd0893eb66a4931acc38129bfe4a8fc6b28ea83bcca1220b66c86d4d90914bb9e9a425fce618f11b66f93aa78515eac0f3956cb1e8b6f12d7f6f22c1ca5563e280b15c64732aec2a37d6010cee0fd2263ea3ea2011043153284b4a5fc87cc0dd8c36f084ce715a6e9ba3e8b2586726255d122f2b5677d6590405ae031df8f83840ef3011a7f5d18037407758270d980aa65d5a4aa26a35a61b65178b6183b282771e89a8fe47bd3ea5a23146b924a47c3cc2540a9c8d91d4a8924e010fb6d3e60457e0aa86749cc3444707fda055a0f489aecda68af7f0d7d31cf25641a10bcc0d00996cddf9059121639fa3ff2e5490bae6b702fcf226d8e50f27f0973e5e4cf543445524d0fe3bd55d3f215978bfabcba0d44c076f5b333b2095c70f6a5426338bf0c065ddce27f6730606d84d1ccef8cebcd15085fa8a5d0975dc47eeb09a4ab6da21d01916c97f4e266c4b01f2bfb3b6a08bb5a7cf834e56782d824e7c55b591cd883ed9e806a4f7033bbab49a2b8ab2cb0f6da9d76968208236b35a51f8eba3769a676ad60d69c475706a630f3a078ebaa6ba5bc25719867cb61d48cc3a381b261165c04f3c93f37d72fc15f43df1de34e24e80a46f5d15fb362e71cb4a5365dde04a53dc5e42745fbd601ff148db416244dd76ac16f24138ef9a02491eb5b48d731a8bdcd46040d0ff11a07c040b83db84bfd21ffb1d818203cb7d3f8fca47f1dc510afa8219ab031aaba2147aed7c50228930e895a72abf55ca6997131e231ea92e0059b680735548adf2d572c3540e096a644deb3750e3b341bbeffee70ff22e0b4e56142e4c1965c01a646dd9b5b0055f88f08987ad45adb844b9ffc84792073048c28bcb60f2666802052ee45dcd9a2950d55ecf0234a3dcf67e83cfa0bfb1285eb54e6292d8075c9e1b459e48556f416898557c9c864fc5de459feb53e33dd1a6860a2d1a836ab5ff6efaee123b3715a7137787ee4345efbce38074e262f363a8ff400345c8539d44a7286c7291246810bce063f0877db6585842380b530a4aaef6e36779a95fed220cef6c1fff2fdd5031f83987dc3282d432f322852cc9dc6d00c59d5ed83b386ff97c521e528e59f2df932467ac02d17f8818c2de26d69725f42cecaf186fab7b6e10b1ebd9a9a12ed83cd382d9a6f9a9bed2736cb0ec0260057f5ec704d2e1a64caad59e02ff2022174b23564cb0942e6769b12e0ae4d65dc4c5e6b6ceaf2667e085909c93a9768b7bfdac612801c0bc3848bad51e2367f788cbd1c5091ce0e9c567528c72003712e91247d87f1ff60d3865fc687a35886822079392f8d151b89e09469bef98e59139c460a53805a93245148cbb9a6a010dadc87e9b1a0e0a89e87e433ff1c0ad4b125760858c8badff4d82cbd31cf88f3e2e16a4e960e1e0b5825fc0f2b21d660cf60069d43fb6a8a96c44fa922164f02c9cd5ebb6fad848871224d157777b5a70dc6deb988506bd03aa4ce2200e9ce23641221784250c22d2c8635a3512f45d433cf66e158eb261f48a23d54f5ef4358df3487da471eb5775bdba565ee170be126b2300d0dad050212606f2d77a63fa2ab430e62670e852b89944e611509415bee36bf0961c8918bd8b0eb8af45b1a9d0420c7101a9c5f4a63efb9cc8de7897b5e2b02cb5885ad8d0d8ac7754ba8d4e9d37175e614e3f3a6a7b122bbc6dd9ce78f1b9a4e940a1160bb85650d8932fe1a82d0525630ba017be5129625a45c3cae66c7cdaa33ee704791db81ef2e11a2f528974fa388cd929c934dbdb21425e6117839ab33b2926b036457db3a43083c3ec17231aed4ee5b607a45a5735c9470c03a424b43efcea953c078717344aeb1449c0dfa3a3ec224b542c16cf735466bdaf26b522aef1db547b14f07ebd4f5da34426a46007757be47ed3f643c47f2c4467762cd049d6f4cf8a78d04f8318bdedcee80871e91c0330499d88254555c456d9bde8a892394267eac15c230cf7e7ba19ebc01b1905c80476de3cea8258f6d0820d159f4aa8a37fb378b2685da4e0e89d253187219869f1157bbe4a8a43eabf65e86a6d9b21e25d91c43c3036914427833ed87073886719069148e2e47219bb5da5d9664d64dc5c4ff71c0e808dadbb53a23e41e3c02fd0c9e0704490f3283d1864d15d795882e6522f31445556cab6832f273dac0c7aef4e3f8c09a34d1624fdb087d852f2e827fb2c3105f1afda54b9dc12cfde3cf7747daa5ac70904e82636a13155303f9a1198d6e7f9dc7be394ebc5db9e8380e290e6cae5f320caa56aa94490789fce2e2540b3de8865396f58e14d61d3cb122f7bd1af5a27c6fe733eba3cc39106efc906ea967fb833e2480aa80bd56ccd9e5c25304e2b8135f1453af70059e599cb67bc8eaaa38c39768e74d3da8aba0135f0192d7ddf0149ce62f353b0360251f1f88b272c6e85b4ee4e0563a6de80de83749af6e6aa4d80cab7031aff3f7e8d0c9114940549f828a62be9fd6a16db001369728b4b93d4ecf91563ae03def3ca4e9900a97657c4ff1e41c5742fb3329ba882ed61645aedb22f2543b83cd4007e5d228697a48064acc32ece41f2d5ead3f31a9689249e8b4bb57ac0b136b6c60ec531708235b94db823344aafbb9b79e21959635664b2193c3add0b28767906b7ba4118e6548e9a23b49e9181dc6f7dc7857425c9ab1b1451bc4572fd060190d0b5a76b8368b68e72a212bd0f89d0778d293b1d32f155f30c9aafe7215d2e746ea8f2c73a30bcd8c093a489519b60616b15afe69074ee77fb65caf5faf0aad49106057a91fdcd622a07ac21eb5c221f2e65323228af41b3eb894517c34c4f60ba20fb6f6c4309a7357884c0eeeb0a4874550107f2d0ffdc412f86bdf712f96183b3932cfb4da3f179cde1a288df9af09c243fae8c67b0d208d9cdb7adde8d5e548e0624b19da4818ef656b88280a", 0x1000}, 0x1006) getpeername$packet(0xffffffffffffffff, 0x0, 0x0) r4 = semget(0x3, 0x0, 0x2) semctl$GETVAL(r4, 0x3, 0xc, &(0x7f0000000300)=""/131) recvfrom$packet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) fadvise64(r3, 0x0, 0x0, 0x4) 03:43:13 executing program 2: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x280, 0x20) ioctl$FS_IOC_GET_ENCRYPTION_PWSALT(r0, 0x40106614, &(0x7f0000000040)={0x0, @aes256}) r1 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r1, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f000080e000)={0x2, 0xe, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0xffffff80, 0x0, @in6}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0x60}}, 0x0) 03:43:13 executing program 0: clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x1) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x20000000, 0xd0}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) [ 1287.040669][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1287.046522][ C0] protocol 88fb is buggy, dev hsr_slave_1 03:43:13 executing program 0: clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0xffffffffffffffff, r0, 0x0, 0x0) tkill(r0, 0x1) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x20000000, 0xd0}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 03:43:13 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000180)="0adc1f123c123f3188b070") r1 = socket$inet6(0xa, 0x400000000001, 0x0) bind$inet6(r1, &(0x7f0000000200)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r1, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) syz_genetlink_get_family_id$net_dm(0x0) r2 = perf_event_open$cgroup(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, 0xffffffffffffffff) sendmsg$NET_DM_CMD_STOP(0xffffffffffffffff, 0x0, 0x0) chdir(&(0x7f0000000240)='./file0\x00') openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x26e1, 0x0) r3 = open(&(0x7f0000000140)='./bus\x00', 0x141042, 0x0) fchown(r2, 0x0, 0x0) ioctl$TUNGETSNDBUF(r3, 0x800454d3, &(0x7f00000001c0)) getuid() syz_mount_image$hfsplus(&(0x7f0000000040)='hfsplus\x00', &(0x7f0000000080)='./bus\x00', 0x3, 0x1, &(0x7f0000000700)=[{0x0, 0x3b6}], 0x0, 0x0) msgget(0xffffffffffffffff, 0x0) msgrcv(0x0, 0x0, 0xfffffc46, 0x0, 0x0) lsetxattr$trusted_overlay_origin(0x0, 0x0, 0x0, 0x0, 0x0) write$UHID_INPUT(r3, &(0x7f0000002480)={0x8, "c0c814a55b6300d28afc61ac7dd1ffb869b761e8e53ee36e4be89e9fea175523e4468dec44bf8b5473c7a5062b4ede67dcb24cb9484ccfff2b3a70befc56e8ab2eee3483f5bf78c16beac035b700eb84e2216f268d02b717d2046c273814475b412437f7dc08a13a55d3c02132999dfd9fe80b750eff4d7c1da975b3835602728ae09e72527fcee19377e29c6c19e1ccce0f75e0e54001e3e83e473fa3d37eca8be1b3de565571e0e84f310c11fa8616068113b038aaa5c69967699fc2aa41c6f26fc22cf68e3577242c9b4ca20fab9de5885e0648fbd7af089b05f38f152d2f8144461608733c567b6dc5d2a07022c3764565c85abcfd99dd7a85e58939278235d50e8b321be7dbaa5141e097c28364fad2f713d666ca94f4e429687fcabb72aceeaf8abe5b506d98dc393b6e97492d785ead0ca2953f92c4d2b2c9f616e3d98b36be55a923fc5892413f7a3b615cec89b52e0ecdcee0aa5af72bcbb91b4bade7435dd8b529feaf13f8b48fcaca5952235d2e909f8831d8ca05a0daa3f6c581f388e0c1879b41fe63ef3d122bd0c5acd4fb07b96797918791075ae7383bb1bbdea574b31301ff37ecc45671ee2e7fc55bf6244025d1fd82dca56a42a23aa826a0b1e102bd87893ddc05649304eb1866c796e46e0d57f552bd572891ef892918bb2e7f2c6bcf68f388ea0c50f48c06de1b46b1434cdf25ca1288ebabe2a33d1c6effb77f91ef75471e93952caeda8ac2b2677e46d62b8366922d093832bccb949e177b4417864812d22972d81d89158288b5318d017329d4e8f66273abf74c434f318ebf32c7629342a85336387231b1e579d57cff0b125bef9dddf0fc33f71cb59d5a8972cda06ba6bba4a89cb8d3b465492c431698984998b2979ea61fed3d99b049724f2bdda5a0700ccb28825da1343f41290e569a6d38d4ae3968147cf39b097efd78e058fc71523c12e724bf93dc4ecc02b5cb18d13b59ec8f85368ac1ea93ed0149c60c53569dc69cdb3f37470eab26ef010b03a7e651b9e8e9065da347660836eddb3988c9a0f394aad055f727310f646d6cb35131d02aaf24735792bfce250798bebf0d1a4495fca568b9449e81afef2937b50faf873257d7efa07d31759474d50ca2a7922e79ab47dd59b11dfd1ec43fef3551aed81d01ee4ab997c6cecc39013dcaa442aec803e4cebbc288b4f9e87b30613f0ec88ddc6f60f56787f4040897e6e6bdac317d74b27f97f2efadb031f03c61954fd0232373582b7fa315d3eb9f67053126d2ed0636f04d669c47bdeb078fbda177533902e20b5ce9d8f395ea4c0aaf2cae774fe99bc40105a9ca184bcb598ab2f49c1df62d32d1a6d73a26812cb47a2ccaf0e9b759df89ad1e18238d897b9fd658f6786a92a0c12bd0ee6dad8a430a67962363e5b9afb3329e4f1f6fcd7e63cb8f24872bcf5b8c349d9ce423666ca39f16884219dea338b388e40f4ad996419cb3858637364d8e5af67f846d77b2749115131a3642ef56681315e4a2cbca5e60febabf693570f515e09c2a8994a8e2be3cba28118ef429d4de781118182607dd2c2d5aaba621ea29c140338bd8f1787fd2a3f43bb7fa22a8ce053adb331a4c78eab569af317e14360a6bf1c8b7394f34bfc1a941ac88dab334d5a2d45fc83bee28884698fd82339c972a06efb369220049ca89727513bd4262ad6f94f55f659ec98b684b1d92e1b6a303548a196cc5316e9845baaf01e737ef047d3d1ac4fe13de618e8fd6471c225e688b73b866213f4765c1a1ecf041f66a11177b0425b0423c455dccfa35a34f3b1c4c9850267bd41dcc366f4f8fef6982699e9aee7f3edff90217c84f6865234676e65911e5e99739792161766e959d061d6e86797b595ae3cffc043da0929dce1b4bd27e04532800f14f69398a681d46f00197f547fa138e676a4c84e586e9a2037faad7d7342221c229ff13606688ab70305dc28d01270604fbcb2b5777541e637a10e7d6c2dfa76461b18c8b303234282f31b7ed8afd0cdcc3978c6520a182000ea312296c7d9df08c2a67b944bc519113822014a831c8d6a7f8d26a7a443666b6077bdc1c11cf47001bcbb484d163543445c77a02140191bbb813da818b4dc3ef1ca420f624e5cb67c48024aeb8691b549202750899938067a3ad49da19e9fffc6486b3525fba8b2ff991fb3b4c1a536818f2dad96f713ac264a22136c6a3a9eacb4f69ab08cfe2b971a7d916833c6a0370d4b0bc428db2e4b4013899668b73caf9c983e2f07e46b4b5b4f0d231edee8b1951e1d0e34c881d1fc5c6be05b92b13680398e7109bd18048f0bd980fceb24e59411873e7a8a7f95f4da2ba5c082fdda710361e163a213a3dbb82c08a69020545da4636c09a67cd962182a011cf5eb1c3d999abc7b834ee518bb53afe19941927ca190699abf79c334c52e206fc851deb7398947ad5bd125ef3f51349497142e921c85506c739f6319ae0eb8e3c551ceb7e16afc2d6aad36841ed8eb560ef984ee5e00f1ead2c646546b3c145e3700b07fc257551641cf3dcb76a8b3cc75994f2c3eb521cea22d64c8b72b2de506fde8185b70b4707b7f571668a5925ca21e605904d7c896a5d7290b9c4fc75ecc7ddbbd7f6f003a74f53d1a5432e0377a3efce1e7ac61e36dc13aeea57400d4d3986db3fccb6edaf83f86daeb42f416f58c502e74178e013b399d0b155e0df86b40b5f3f2ab0ad61c90870cee340c07977b55622699101e5372677dd4e208fa6b5d4834a2d6f37b2ead107218aa0e702d1f6a60bd4ad3a2e22807237129fdc02993ef1fffe3c285bd4f7b093b2da8d772ce2df7874bf9b7fd0893eb66a4931acc38129bfe4a8fc6b28ea83bcca1220b66c86d4d90914bb9e9a425fce618f11b66f93aa78515eac0f3956cb1e8b6f12d7f6f22c1ca5563e280b15c64732aec2a37d6010cee0fd2263ea3ea2011043153284b4a5fc87cc0dd8c36f084ce715a6e9ba3e8b2586726255d122f2b5677d6590405ae031df8f83840ef3011a7f5d18037407758270d980aa65d5a4aa26a35a61b65178b6183b282771e89a8fe47bd3ea5a23146b924a47c3cc2540a9c8d91d4a8924e010fb6d3e60457e0aa86749cc3444707fda055a0f489aecda68af7f0d7d31cf25641a10bcc0d00996cddf9059121639fa3ff2e5490bae6b702fcf226d8e50f27f0973e5e4cf543445524d0fe3bd55d3f215978bfabcba0d44c076f5b333b2095c70f6a5426338bf0c065ddce27f6730606d84d1ccef8cebcd15085fa8a5d0975dc47eeb09a4ab6da21d01916c97f4e266c4b01f2bfb3b6a08bb5a7cf834e56782d824e7c55b591cd883ed9e806a4f7033bbab49a2b8ab2cb0f6da9d76968208236b35a51f8eba3769a676ad60d69c475706a630f3a078ebaa6ba5bc25719867cb61d48cc3a381b261165c04f3c93f37d72fc15f43df1de34e24e80a46f5d15fb362e71cb4a5365dde04a53dc5e42745fbd601ff148db416244dd76ac16f24138ef9a02491eb5b48d731a8bdcd46040d0ff11a07c040b83db84bfd21ffb1d818203cb7d3f8fca47f1dc510afa8219ab031aaba2147aed7c50228930e895a72abf55ca6997131e231ea92e0059b680735548adf2d572c3540e096a644deb3750e3b341bbeffee70ff22e0b4e56142e4c1965c01a646dd9b5b0055f88f08987ad45adb844b9ffc84792073048c28bcb60f2666802052ee45dcd9a2950d55ecf0234a3dcf67e83cfa0bfb1285eb54e6292d8075c9e1b459e48556f416898557c9c864fc5de459feb53e33dd1a6860a2d1a836ab5ff6efaee123b3715a7137787ee4345efbce38074e262f363a8ff400345c8539d44a7286c7291246810bce063f0877db6585842380b530a4aaef6e36779a95fed220cef6c1fff2fdd5031f83987dc3282d432f322852cc9dc6d00c59d5ed83b386ff97c521e528e59f2df932467ac02d17f8818c2de26d69725f42cecaf186fab7b6e10b1ebd9a9a12ed83cd382d9a6f9a9bed2736cb0ec0260057f5ec704d2e1a64caad59e02ff2022174b23564cb0942e6769b12e0ae4d65dc4c5e6b6ceaf2667e085909c93a9768b7bfdac612801c0bc3848bad51e2367f788cbd1c5091ce0e9c567528c72003712e91247d87f1ff60d3865fc687a35886822079392f8d151b89e09469bef98e59139c460a53805a93245148cbb9a6a010dadc87e9b1a0e0a89e87e433ff1c0ad4b125760858c8badff4d82cbd31cf88f3e2e16a4e960e1e0b5825fc0f2b21d660cf60069d43fb6a8a96c44fa922164f02c9cd5ebb6fad848871224d157777b5a70dc6deb988506bd03aa4ce2200e9ce23641221784250c22d2c8635a3512f45d433cf66e158eb261f48a23d54f5ef4358df3487da471eb5775bdba565ee170be126b2300d0dad050212606f2d77a63fa2ab430e62670e852b89944e611509415bee36bf0961c8918bd8b0eb8af45b1a9d0420c7101a9c5f4a63efb9cc8de7897b5e2b02cb5885ad8d0d8ac7754ba8d4e9d37175e614e3f3a6a7b122bbc6dd9ce78f1b9a4e940a1160bb85650d8932fe1a82d0525630ba017be5129625a45c3cae66c7cdaa33ee704791db81ef2e11a2f528974fa388cd929c934dbdb21425e6117839ab33b2926b036457db3a43083c3ec17231aed4ee5b607a45a5735c9470c03a424b43efcea953c078717344aeb1449c0dfa3a3ec224b542c16cf735466bdaf26b522aef1db547b14f07ebd4f5da34426a46007757be47ed3f643c47f2c4467762cd049d6f4cf8a78d04f8318bdedcee80871e91c0330499d88254555c456d9bde8a892394267eac15c230cf7e7ba19ebc01b1905c80476de3cea8258f6d0820d159f4aa8a37fb378b2685da4e0e89d253187219869f1157bbe4a8a43eabf65e86a6d9b21e25d91c43c3036914427833ed87073886719069148e2e47219bb5da5d9664d64dc5c4ff71c0e808dadbb53a23e41e3c02fd0c9e0704490f3283d1864d15d795882e6522f31445556cab6832f273dac0c7aef4e3f8c09a34d1624fdb087d852f2e827fb2c3105f1afda54b9dc12cfde3cf7747daa5ac70904e82636a13155303f9a1198d6e7f9dc7be394ebc5db9e8380e290e6cae5f320caa56aa94490789fce2e2540b3de8865396f58e14d61d3cb122f7bd1af5a27c6fe733eba3cc39106efc906ea967fb833e2480aa80bd56ccd9e5c25304e2b8135f1453af70059e599cb67bc8eaaa38c39768e74d3da8aba0135f0192d7ddf0149ce62f353b0360251f1f88b272c6e85b4ee4e0563a6de80de83749af6e6aa4d80cab7031aff3f7e8d0c9114940549f828a62be9fd6a16db001369728b4b93d4ecf91563ae03def3ca4e9900a97657c4ff1e41c5742fb3329ba882ed61645aedb22f2543b83cd4007e5d228697a48064acc32ece41f2d5ead3f31a9689249e8b4bb57ac0b136b6c60ec531708235b94db823344aafbb9b79e21959635664b2193c3add0b28767906b7ba4118e6548e9a23b49e9181dc6f7dc7857425c9ab1b1451bc4572fd060190d0b5a76b8368b68e72a212bd0f89d0778d293b1d32f155f30c9aafe7215d2e746ea8f2c73a30bcd8c093a489519b60616b15afe69074ee77fb65caf5faf0aad49106057a91fdcd622a07ac21eb5c221f2e65323228af41b3eb894517c34c4f60ba20fb6f6c4309a7357884c0eeeb0a4874550107f2d0ffdc412f86bdf712f96183b3932cfb4da3f179cde1a288df9af09c243fae8c67b0d208d9cdb7adde8d5e548e0624b19da4818ef656b88280a", 0x1000}, 0x1006) getpeername$packet(0xffffffffffffffff, 0x0, 0x0) r4 = semget(0x3, 0x0, 0x2) semctl$GETVAL(r4, 0x3, 0xc, &(0x7f0000000300)=""/131) recvfrom$packet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) [ 1287.301172][ T9076] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 1287.324339][ T9076] CPU: 0 PID: 9076 Comm: syz-executor.4 Not tainted 5.1.0-rc1-next-20190319 #6 [ 1287.333293][ T9076] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1287.343349][ T9076] Call Trace: [ 1287.346649][ T9076] dump_stack+0x172/0x1f0 [ 1287.350996][ T9076] dump_header+0x10f/0xb6c [ 1287.355422][ T9076] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1287.361251][ T9076] ? ___ratelimit+0x60/0x595 [ 1287.365850][ T9076] ? do_raw_spin_unlock+0x57/0x270 [ 1287.370977][ T9076] oom_kill_process.cold+0x10/0x15 [ 1287.376108][ T9076] out_of_memory+0x79a/0x1280 [ 1287.380801][ T9076] ? lock_downgrade+0x880/0x880 [ 1287.385667][ T9076] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1287.391919][ T9076] ? oom_killer_disable+0x280/0x280 [ 1287.397122][ T9076] ? find_held_lock+0x35/0x130 [ 1287.401909][ T9076] mem_cgroup_out_of_memory+0x1ca/0x230 [ 1287.407461][ T9076] ? memcg_event_wake+0x230/0x230 [ 1287.412508][ T9076] ? do_raw_spin_unlock+0x57/0x270 [ 1287.417629][ T9076] ? _raw_spin_unlock+0x2d/0x50 [ 1287.422492][ T9076] try_charge+0x118d/0x1790 [ 1287.427015][ T9076] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1287.432574][ T9076] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1287.438826][ T9076] ? kasan_check_read+0x11/0x20 [ 1287.440715][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1287.443686][ T9076] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1287.443710][ T9076] mem_cgroup_try_charge+0x24d/0x5e0 [ 1287.443737][ T9076] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1287.449512][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1287.454995][ T9076] __handle_mm_fault+0x1e1f/0x3ec0 [ 1287.455017][ T9076] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1287.455033][ T9076] ? find_held_lock+0x35/0x130 [ 1287.455057][ T9076] ? handle_mm_fault+0x322/0xb30 [ 1287.460415][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1287.465955][ T9076] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1287.465978][ T9076] ? kasan_check_read+0x11/0x20 [ 1287.465999][ T9076] handle_mm_fault+0x43f/0xb30 [ 1287.471779][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1287.476804][ T9076] __get_user_pages+0x7b6/0x1a40 [ 1287.482445][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1287.487094][ T9076] ? follow_page_mask+0x19a0/0x19a0 [ 1287.492078][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1287.497714][ T9076] ? perf_trace_lock+0xeb/0x510 [ 1287.545591][ T9076] ? __vma_adjust+0x1840/0x1840 [ 1287.550432][ T9076] ? lock_acquire+0x16f/0x3f0 [ 1287.555093][ T9076] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1287.561332][ T9076] populate_vma_page_range+0x20d/0x2a0 [ 1287.566777][ T9076] __mm_populate+0x204/0x380 [ 1287.571354][ T9076] ? populate_vma_page_range+0x2a0/0x2a0 [ 1287.576974][ T9076] __x64_sys_mlockall+0x35c/0x520 [ 1287.581982][ T9076] do_syscall_64+0x103/0x610 [ 1287.586605][ T9076] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1287.592479][ T9076] RIP: 0033:0x458079 [ 1287.596356][ T9076] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1287.615940][ T9076] RSP: 002b:00007fa3c5772c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 1287.624340][ T9076] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000458079 [ 1287.632307][ T9076] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 1287.640260][ T9076] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1287.648218][ T9076] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa3c57736d4 [ 1287.656173][ T9076] R13: 00000000004c3d3a R14: 00000000004d6f20 R15: 00000000ffffffff [ 1287.667103][ T9076] memory: usage 307200kB, limit 307200kB, failcnt 1332 [ 1287.674193][ T9076] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1287.681940][ T9076] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1287.688914][ T9076] Memory cgroup stats for /syz4: cache:0KB rss:279872KB rss_huge:18432KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:235456KB active_anon:27424KB inactive_file:4KB active_file:0KB unevictable:17116KB [ 1287.711185][ T9076] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=9073,uid=0 [ 1287.726659][ T9076] Memory cgroup out of memory: Killed process 9073 (syz-executor.4) total-vm:72448kB, anon-rss:17072kB, file-rss:37164kB, shmem-rss:0kB [ 1287.727268][ T1043] oom_reaper: reaped process 9073 (syz-executor.4), now anon-rss:17120kB, file-rss:37944kB, shmem-rss:0kB 03:43:16 executing program 0: clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0xffffffffffffffff, r0, 0x0, 0x0) tkill(r0, 0x1) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x20000000, 0xd0}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 03:43:16 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='io.stat\x00', 0x0, 0x0) getpeername(r0, &(0x7f0000000300)=@hci={0x1f, 0x0}, &(0x7f0000000380)=0x80) sendmsg$nl_route(r1, &(0x7f0000000440)={&(0x7f0000000280), 0xc, &(0x7f0000000400)={&(0x7f00000003c0)=@ipv6_getroute={0x38, 0x1a, 0x0, 0x70bd28, 0x25dfdbfd, {0xa, 0x80, 0x90, 0x9, 0xff, 0x1, 0xfd, 0xb, 0x800}, [@RTA_GATEWAY={0x14, 0x5, @rand_addr="7dcc26344f2190544c13538189131e3c"}, @RTA_IIF={0x8, 0x1, r2}]}, 0x38}, 0x1, 0x0, 0x0, 0x80}, 0x4048001) r3 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000000)='/proc/capi/capi20\x00', 0x180, 0x0) sendto$packet(r3, &(0x7f00000001c0)="86b81a770e24dae3c89b4a37f0d6122576aa9a0365401ad75d2a2686d44f2ba680430df253f2d55774097f6f8dcb6fa26a9a5b9f6b9651547e5509a19b0f729acd798e09d52549d493a864427e4d7ef4a62452597ad6ce", 0x57, 0x40000, 0x0, 0x0) recvfrom$ax25(r3, &(0x7f0000000040)=""/184, 0xb8, 0x40002000, &(0x7f0000000100)={{0x3, @default, 0x8}, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @default, @bcast, @null, @default, @bcast, @null]}, 0x48) ioctl$RTC_PLL_SET(r3, 0x40207012, &(0x7f0000000180)={0x20, 0x5, 0xa9, 0x2, 0x6, 0x3ff, 0x9}) sendmsg$key(r0, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000000480)=ANY=[@ANYBLOB="020e00000c000000000000000000000005000600008000000a000000000000000000a800000000000000000000000000000000000000000005000500000000000a00000000000000fe8000000000000000000000000000ff00000000000000000ccb7b89ec861b99556fc4a7e769d83e4f8851ff104879793d763d6693cc03335e2876c9872ce58728a74225b0cc273e5ec15684859c88956171cdda6f410948a65d2c576dfcf14b8c4f73b4f43335e39c42daf2113d71dd84adca163d0265c0946ca922b72595591480e302bac8adf2dd05fb4330acaf6b020bedcf2f3b57c097c945e4367f5a80581fd8df6e5ae8dca7b6a2b62ea5d138ca47edd568a8273fe6e5d0c243e3768fa4983f36c6d44e2f842b5b1b3257f7b2c886c59e8d3d51382dc8b16eeab499119833e8f1bfb05fdb01364517a37877307457e50f96fcce43"], 0x140}}, 0x14) 03:43:16 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000440), 0x132224) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() setsockopt$IPT_SO_SET_REPLACE(r1, 0x0, 0x40, &(0x7f00000000c0)=ANY=[@ANYBLOB="6e61853167377400000100000000000000000000e4dbb77487e90104000000000040800000000000001b2300000503000018030000cc0000ac010000000000001004d1e090e1fe916dd282e0f34f8dfac0dc1695c4d700001004000010030002d3a379b87c5ade6e27a603551ae6543351c2f2d3c00f3f72e011777424c981c41f852110e5d4a50bc78b2aa66b63012812d04b94d660aab341cfe8364422b866cd445d5d0f4d6715baea5900323e00000000000071cf4f04009500"], 0x1) ptrace$setopts(0x4206, r2, 0x0, 0x0) wait4(0x0, 0x0, 0x0, 0x0) tkill(r2, 0x3c) 03:43:16 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000180)="0adc1f123c123f3188b070") r1 = socket$inet6(0xa, 0x400000000001, 0x0) bind$inet6(r1, &(0x7f0000000200)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r1, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) syz_genetlink_get_family_id$net_dm(0x0) r2 = perf_event_open$cgroup(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, 0xffffffffffffffff) sendmsg$NET_DM_CMD_STOP(0xffffffffffffffff, 0x0, 0x0) chdir(&(0x7f0000000240)='./file0\x00') openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x26e1, 0x0) r3 = open(&(0x7f0000000140)='./bus\x00', 0x141042, 0x0) fchown(r2, 0x0, 0x0) ioctl$TUNGETSNDBUF(r3, 0x800454d3, &(0x7f00000001c0)) getuid() syz_mount_image$hfsplus(&(0x7f0000000040)='hfsplus\x00', &(0x7f0000000080)='./bus\x00', 0x3, 0x1, &(0x7f0000000700)=[{0x0, 0x3b6}], 0x0, 0x0) msgget(0xffffffffffffffff, 0x0) msgrcv(0x0, 0x0, 0xfffffc46, 0x0, 0x0) lsetxattr$trusted_overlay_origin(0x0, 0x0, 0x0, 0x0, 0x0) write$UHID_INPUT(r3, &(0x7f0000002480)={0x8, "c0c814a55b6300d28afc61ac7dd1ffb869b761e8e53ee36e4be89e9fea175523e4468dec44bf8b5473c7a5062b4ede67dcb24cb9484ccfff2b3a70befc56e8ab2eee3483f5bf78c16beac035b700eb84e2216f268d02b717d2046c273814475b412437f7dc08a13a55d3c02132999dfd9fe80b750eff4d7c1da975b3835602728ae09e72527fcee19377e29c6c19e1ccce0f75e0e54001e3e83e473fa3d37eca8be1b3de565571e0e84f310c11fa8616068113b038aaa5c69967699fc2aa41c6f26fc22cf68e3577242c9b4ca20fab9de5885e0648fbd7af089b05f38f152d2f8144461608733c567b6dc5d2a07022c3764565c85abcfd99dd7a85e58939278235d50e8b321be7dbaa5141e097c28364fad2f713d666ca94f4e429687fcabb72aceeaf8abe5b506d98dc393b6e97492d785ead0ca2953f92c4d2b2c9f616e3d98b36be55a923fc5892413f7a3b615cec89b52e0ecdcee0aa5af72bcbb91b4bade7435dd8b529feaf13f8b48fcaca5952235d2e909f8831d8ca05a0daa3f6c581f388e0c1879b41fe63ef3d122bd0c5acd4fb07b96797918791075ae7383bb1bbdea574b31301ff37ecc45671ee2e7fc55bf6244025d1fd82dca56a42a23aa826a0b1e102bd87893ddc05649304eb1866c796e46e0d57f552bd572891ef892918bb2e7f2c6bcf68f388ea0c50f48c06de1b46b1434cdf25ca1288ebabe2a33d1c6effb77f91ef75471e93952caeda8ac2b2677e46d62b8366922d093832bccb949e177b4417864812d22972d81d89158288b5318d017329d4e8f66273abf74c434f318ebf32c7629342a85336387231b1e579d57cff0b125bef9dddf0fc33f71cb59d5a8972cda06ba6bba4a89cb8d3b465492c431698984998b2979ea61fed3d99b049724f2bdda5a0700ccb28825da1343f41290e569a6d38d4ae3968147cf39b097efd78e058fc71523c12e724bf93dc4ecc02b5cb18d13b59ec8f85368ac1ea93ed0149c60c53569dc69cdb3f37470eab26ef010b03a7e651b9e8e9065da347660836eddb3988c9a0f394aad055f727310f646d6cb35131d02aaf24735792bfce250798bebf0d1a4495fca568b9449e81afef2937b50faf873257d7efa07d31759474d50ca2a7922e79ab47dd59b11dfd1ec43fef3551aed81d01ee4ab997c6cecc39013dcaa442aec803e4cebbc288b4f9e87b30613f0ec88ddc6f60f56787f4040897e6e6bdac317d74b27f97f2efadb031f03c61954fd0232373582b7fa315d3eb9f67053126d2ed0636f04d669c47bdeb078fbda177533902e20b5ce9d8f395ea4c0aaf2cae774fe99bc40105a9ca184bcb598ab2f49c1df62d32d1a6d73a26812cb47a2ccaf0e9b759df89ad1e18238d897b9fd658f6786a92a0c12bd0ee6dad8a430a67962363e5b9afb3329e4f1f6fcd7e63cb8f24872bcf5b8c349d9ce423666ca39f16884219dea338b388e40f4ad996419cb3858637364d8e5af67f846d77b2749115131a3642ef56681315e4a2cbca5e60febabf693570f515e09c2a8994a8e2be3cba28118ef429d4de781118182607dd2c2d5aaba621ea29c140338bd8f1787fd2a3f43bb7fa22a8ce053adb331a4c78eab569af317e14360a6bf1c8b7394f34bfc1a941ac88dab334d5a2d45fc83bee28884698fd82339c972a06efb369220049ca89727513bd4262ad6f94f55f659ec98b684b1d92e1b6a303548a196cc5316e9845baaf01e737ef047d3d1ac4fe13de618e8fd6471c225e688b73b866213f4765c1a1ecf041f66a11177b0425b0423c455dccfa35a34f3b1c4c9850267bd41dcc366f4f8fef6982699e9aee7f3edff90217c84f6865234676e65911e5e99739792161766e959d061d6e86797b595ae3cffc043da0929dce1b4bd27e04532800f14f69398a681d46f00197f547fa138e676a4c84e586e9a2037faad7d7342221c229ff13606688ab70305dc28d01270604fbcb2b5777541e637a10e7d6c2dfa76461b18c8b303234282f31b7ed8afd0cdcc3978c6520a182000ea312296c7d9df08c2a67b944bc519113822014a831c8d6a7f8d26a7a443666b6077bdc1c11cf47001bcbb484d163543445c77a02140191bbb813da818b4dc3ef1ca420f624e5cb67c48024aeb8691b549202750899938067a3ad49da19e9fffc6486b3525fba8b2ff991fb3b4c1a536818f2dad96f713ac264a22136c6a3a9eacb4f69ab08cfe2b971a7d916833c6a0370d4b0bc428db2e4b4013899668b73caf9c983e2f07e46b4b5b4f0d231edee8b1951e1d0e34c881d1fc5c6be05b92b13680398e7109bd18048f0bd980fceb24e59411873e7a8a7f95f4da2ba5c082fdda710361e163a213a3dbb82c08a69020545da4636c09a67cd962182a011cf5eb1c3d999abc7b834ee518bb53afe19941927ca190699abf79c334c52e206fc851deb7398947ad5bd125ef3f51349497142e921c85506c739f6319ae0eb8e3c551ceb7e16afc2d6aad36841ed8eb560ef984ee5e00f1ead2c646546b3c145e3700b07fc257551641cf3dcb76a8b3cc75994f2c3eb521cea22d64c8b72b2de506fde8185b70b4707b7f571668a5925ca21e605904d7c896a5d7290b9c4fc75ecc7ddbbd7f6f003a74f53d1a5432e0377a3efce1e7ac61e36dc13aeea57400d4d3986db3fccb6edaf83f86daeb42f416f58c502e74178e013b399d0b155e0df86b40b5f3f2ab0ad61c90870cee340c07977b55622699101e5372677dd4e208fa6b5d4834a2d6f37b2ead107218aa0e702d1f6a60bd4ad3a2e22807237129fdc02993ef1fffe3c285bd4f7b093b2da8d772ce2df7874bf9b7fd0893eb66a4931acc38129bfe4a8fc6b28ea83bcca1220b66c86d4d90914bb9e9a425fce618f11b66f93aa78515eac0f3956cb1e8b6f12d7f6f22c1ca5563e280b15c64732aec2a37d6010cee0fd2263ea3ea2011043153284b4a5fc87cc0dd8c36f084ce715a6e9ba3e8b2586726255d122f2b5677d6590405ae031df8f83840ef3011a7f5d18037407758270d980aa65d5a4aa26a35a61b65178b6183b282771e89a8fe47bd3ea5a23146b924a47c3cc2540a9c8d91d4a8924e010fb6d3e60457e0aa86749cc3444707fda055a0f489aecda68af7f0d7d31cf25641a10bcc0d00996cddf9059121639fa3ff2e5490bae6b702fcf226d8e50f27f0973e5e4cf543445524d0fe3bd55d3f215978bfabcba0d44c076f5b333b2095c70f6a5426338bf0c065ddce27f6730606d84d1ccef8cebcd15085fa8a5d0975dc47eeb09a4ab6da21d01916c97f4e266c4b01f2bfb3b6a08bb5a7cf834e56782d824e7c55b591cd883ed9e806a4f7033bbab49a2b8ab2cb0f6da9d76968208236b35a51f8eba3769a676ad60d69c475706a630f3a078ebaa6ba5bc25719867cb61d48cc3a381b261165c04f3c93f37d72fc15f43df1de34e24e80a46f5d15fb362e71cb4a5365dde04a53dc5e42745fbd601ff148db416244dd76ac16f24138ef9a02491eb5b48d731a8bdcd46040d0ff11a07c040b83db84bfd21ffb1d818203cb7d3f8fca47f1dc510afa8219ab031aaba2147aed7c50228930e895a72abf55ca6997131e231ea92e0059b680735548adf2d572c3540e096a644deb3750e3b341bbeffee70ff22e0b4e56142e4c1965c01a646dd9b5b0055f88f08987ad45adb844b9ffc84792073048c28bcb60f2666802052ee45dcd9a2950d55ecf0234a3dcf67e83cfa0bfb1285eb54e6292d8075c9e1b459e48556f416898557c9c864fc5de459feb53e33dd1a6860a2d1a836ab5ff6efaee123b3715a7137787ee4345efbce38074e262f363a8ff400345c8539d44a7286c7291246810bce063f0877db6585842380b530a4aaef6e36779a95fed220cef6c1fff2fdd5031f83987dc3282d432f322852cc9dc6d00c59d5ed83b386ff97c521e528e59f2df932467ac02d17f8818c2de26d69725f42cecaf186fab7b6e10b1ebd9a9a12ed83cd382d9a6f9a9bed2736cb0ec0260057f5ec704d2e1a64caad59e02ff2022174b23564cb0942e6769b12e0ae4d65dc4c5e6b6ceaf2667e085909c93a9768b7bfdac612801c0bc3848bad51e2367f788cbd1c5091ce0e9c567528c72003712e91247d87f1ff60d3865fc687a35886822079392f8d151b89e09469bef98e59139c460a53805a93245148cbb9a6a010dadc87e9b1a0e0a89e87e433ff1c0ad4b125760858c8badff4d82cbd31cf88f3e2e16a4e960e1e0b5825fc0f2b21d660cf60069d43fb6a8a96c44fa922164f02c9cd5ebb6fad848871224d157777b5a70dc6deb988506bd03aa4ce2200e9ce23641221784250c22d2c8635a3512f45d433cf66e158eb261f48a23d54f5ef4358df3487da471eb5775bdba565ee170be126b2300d0dad050212606f2d77a63fa2ab430e62670e852b89944e611509415bee36bf0961c8918bd8b0eb8af45b1a9d0420c7101a9c5f4a63efb9cc8de7897b5e2b02cb5885ad8d0d8ac7754ba8d4e9d37175e614e3f3a6a7b122bbc6dd9ce78f1b9a4e940a1160bb85650d8932fe1a82d0525630ba017be5129625a45c3cae66c7cdaa33ee704791db81ef2e11a2f528974fa388cd929c934dbdb21425e6117839ab33b2926b036457db3a43083c3ec17231aed4ee5b607a45a5735c9470c03a424b43efcea953c078717344aeb1449c0dfa3a3ec224b542c16cf735466bdaf26b522aef1db547b14f07ebd4f5da34426a46007757be47ed3f643c47f2c4467762cd049d6f4cf8a78d04f8318bdedcee80871e91c0330499d88254555c456d9bde8a892394267eac15c230cf7e7ba19ebc01b1905c80476de3cea8258f6d0820d159f4aa8a37fb378b2685da4e0e89d253187219869f1157bbe4a8a43eabf65e86a6d9b21e25d91c43c3036914427833ed87073886719069148e2e47219bb5da5d9664d64dc5c4ff71c0e808dadbb53a23e41e3c02fd0c9e0704490f3283d1864d15d795882e6522f31445556cab6832f273dac0c7aef4e3f8c09a34d1624fdb087d852f2e827fb2c3105f1afda54b9dc12cfde3cf7747daa5ac70904e82636a13155303f9a1198d6e7f9dc7be394ebc5db9e8380e290e6cae5f320caa56aa94490789fce2e2540b3de8865396f58e14d61d3cb122f7bd1af5a27c6fe733eba3cc39106efc906ea967fb833e2480aa80bd56ccd9e5c25304e2b8135f1453af70059e599cb67bc8eaaa38c39768e74d3da8aba0135f0192d7ddf0149ce62f353b0360251f1f88b272c6e85b4ee4e0563a6de80de83749af6e6aa4d80cab7031aff3f7e8d0c9114940549f828a62be9fd6a16db001369728b4b93d4ecf91563ae03def3ca4e9900a97657c4ff1e41c5742fb3329ba882ed61645aedb22f2543b83cd4007e5d228697a48064acc32ece41f2d5ead3f31a9689249e8b4bb57ac0b136b6c60ec531708235b94db823344aafbb9b79e21959635664b2193c3add0b28767906b7ba4118e6548e9a23b49e9181dc6f7dc7857425c9ab1b1451bc4572fd060190d0b5a76b8368b68e72a212bd0f89d0778d293b1d32f155f30c9aafe7215d2e746ea8f2c73a30bcd8c093a489519b60616b15afe69074ee77fb65caf5faf0aad49106057a91fdcd622a07ac21eb5c221f2e65323228af41b3eb894517c34c4f60ba20fb6f6c4309a7357884c0eeeb0a4874550107f2d0ffdc412f86bdf712f96183b3932cfb4da3f179cde1a288df9af09c243fae8c67b0d208d9cdb7adde8d5e548e0624b19da4818ef656b88280a", 0x1000}, 0x1006) getpeername$packet(0xffffffffffffffff, 0x0, 0x0) r4 = semget(0x3, 0x0, 0x2) semctl$GETVAL(r4, 0x3, 0xc, &(0x7f0000000300)=""/131) 03:43:16 executing program 5: socket$inet_sctp(0x2, 0x5, 0x84) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) r1 = socket(0xa, 0x3, 0x5) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'bridge0\x00\x00\x01\x00'}) setsockopt$ARPT_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x0, 0x61, &(0x7f0000000080)={'filter\x00', 0x4}, 0x68) setsockopt$inet6_mtu(r1, 0x29, 0x17, &(0x7f00000001c0)=0x2, 0x4) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8923, &(0x7f0000000040)={'bridge0\x00', 0xfffffffffffffffd}) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) socket$inet(0x2, 0x4000000000000001, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCBRADDBR(r4, 0x89a0, &(0x7f00000000c0)='bcsf0\x00') setsockopt$inet6_mtu(r3, 0x29, 0x17, &(0x7f00000002c0)=0x7, 0x4) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(tnepres)\x00'}, 0x58) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r2, 0x84, 0x7c, &(0x7f0000000680)={0x0, 0x4}, &(0x7f00000006c0)=0x8) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f0000000700)={0x0, 0x0, 0x2, 0x1, r6}, 0x10) r7 = accept4(r5, 0x0, &(0x7f0000000000), 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000100), 0x0) r8 = syz_genetlink_get_family_id$nbd(&(0x7f0000000740)='nbd\x00') sendmsg$NBD_CMD_STATUS(r4, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)={0x20, r8, 0x20, 0x70bd27, 0x25dfdbfd, {}, [@NBD_ATTR_TIMEOUT={0xc, 0x4, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x4000) sendto$unix(r7, &(0x7f0000000400), 0xfffffffffffffef8, 0x0, 0x0, 0x22) bind$bt_l2cap(r2, &(0x7f0000000280)={0x1f, 0x1000, {0x2, 0x8, 0x9, 0xff, 0x40, 0x65f}, 0x5, 0xa1}, 0xe) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000200)={r3, &(0x7f0000000140)="b127e17bb4729bdbe9df3309c28cfe1b0b69a52b7f9659d9f5e15f2d086700eb94d66d46780f09e48850970774d57053aa6f75", 0x0, 0x1}, 0x20) socket$alg(0x26, 0x5, 0x0) recvmmsg(r7, &(0x7f0000009140)=[{{&(0x7f0000001580)=@in={0x2, 0x0, @dev}, 0x80, &(0x7f0000004840)=[{&(0x7f0000003840)=""/4096, 0x6}, {&(0x7f0000001600)=""/129, 0x7fffeffa}], 0x2, &(0x7f00000048c0)=""/58, 0x3a}}], 0x1, 0x0, &(0x7f0000009340)={0x0, 0x989680}) ioctl$sock_SIOCBRDELBR(r4, 0x89a1, &(0x7f0000000180)='bcsf0\x00\x00\x00\x00\x00\x00\x00\x11\x00') getsockopt$bt_rfcomm_RFCOMM_LM(r3, 0x12, 0x3, &(0x7f0000000380), &(0x7f0000000240)=0x293) sendmsg$nl_xfrm(r0, &(0x7f0000000100)={&(0x7f0000f4dff4), 0xc, &(0x7f0000000040)={&(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000c011100"], 0x1}}, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000600)={'bridge0\x00'}) 03:43:16 executing program 4: socketpair$unix(0x1, 0x0, 0x0, 0x0) r0 = creat(0x0, 0x0) r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_STATUS(r0, 0xc05c5340, &(0x7f0000000200)={0xff, 0x9, 0xff, {}, 0x2}) mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x0, 0x6031, 0xffffffffffffffff, 0x0) fcntl$dupfd(r2, 0x406, r1) 03:43:16 executing program 0: clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0xffffffffffffffff, r0, 0x0, 0x0) tkill(r0, 0x1) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x20000000, 0xd0}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 03:43:16 executing program 0: clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(r0, 0x1) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x20000000, 0xd0}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 03:43:16 executing program 2: socket$key(0xf, 0x3, 0x2) 03:43:16 executing program 0: clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(r0, 0x1) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x20000000, 0xd0}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 03:43:16 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000180)="0adc1f123c123f3188b070") r1 = socket$inet6(0xa, 0x400000000001, 0x0) bind$inet6(r1, &(0x7f0000000200)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r1, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) syz_genetlink_get_family_id$net_dm(0x0) r2 = perf_event_open$cgroup(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, 0xffffffffffffffff) sendmsg$NET_DM_CMD_STOP(0xffffffffffffffff, 0x0, 0x0) chdir(&(0x7f0000000240)='./file0\x00') openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x26e1, 0x0) r3 = open(&(0x7f0000000140)='./bus\x00', 0x141042, 0x0) fchown(r2, 0x0, 0x0) ioctl$TUNGETSNDBUF(r3, 0x800454d3, &(0x7f00000001c0)) getuid() syz_mount_image$hfsplus(&(0x7f0000000040)='hfsplus\x00', &(0x7f0000000080)='./bus\x00', 0x3, 0x1, &(0x7f0000000700)=[{0x0, 0x3b6}], 0x0, 0x0) msgget(0xffffffffffffffff, 0x0) msgrcv(0x0, 0x0, 0xfffffc46, 0x0, 0x0) lsetxattr$trusted_overlay_origin(0x0, 0x0, 0x0, 0x0, 0x0) write$UHID_INPUT(r3, &(0x7f0000002480)={0x8, "c0c814a55b6300d28afc61ac7dd1ffb869b761e8e53ee36e4be89e9fea175523e4468dec44bf8b5473c7a5062b4ede67dcb24cb9484ccfff2b3a70befc56e8ab2eee3483f5bf78c16beac035b700eb84e2216f268d02b717d2046c273814475b412437f7dc08a13a55d3c02132999dfd9fe80b750eff4d7c1da975b3835602728ae09e72527fcee19377e29c6c19e1ccce0f75e0e54001e3e83e473fa3d37eca8be1b3de565571e0e84f310c11fa8616068113b038aaa5c69967699fc2aa41c6f26fc22cf68e3577242c9b4ca20fab9de5885e0648fbd7af089b05f38f152d2f8144461608733c567b6dc5d2a07022c3764565c85abcfd99dd7a85e58939278235d50e8b321be7dbaa5141e097c28364fad2f713d666ca94f4e429687fcabb72aceeaf8abe5b506d98dc393b6e97492d785ead0ca2953f92c4d2b2c9f616e3d98b36be55a923fc5892413f7a3b615cec89b52e0ecdcee0aa5af72bcbb91b4bade7435dd8b529feaf13f8b48fcaca5952235d2e909f8831d8ca05a0daa3f6c581f388e0c1879b41fe63ef3d122bd0c5acd4fb07b96797918791075ae7383bb1bbdea574b31301ff37ecc45671ee2e7fc55bf6244025d1fd82dca56a42a23aa826a0b1e102bd87893ddc05649304eb1866c796e46e0d57f552bd572891ef892918bb2e7f2c6bcf68f388ea0c50f48c06de1b46b1434cdf25ca1288ebabe2a33d1c6effb77f91ef75471e93952caeda8ac2b2677e46d62b8366922d093832bccb949e177b4417864812d22972d81d89158288b5318d017329d4e8f66273abf74c434f318ebf32c7629342a85336387231b1e579d57cff0b125bef9dddf0fc33f71cb59d5a8972cda06ba6bba4a89cb8d3b465492c431698984998b2979ea61fed3d99b049724f2bdda5a0700ccb28825da1343f41290e569a6d38d4ae3968147cf39b097efd78e058fc71523c12e724bf93dc4ecc02b5cb18d13b59ec8f85368ac1ea93ed0149c60c53569dc69cdb3f37470eab26ef010b03a7e651b9e8e9065da347660836eddb3988c9a0f394aad055f727310f646d6cb35131d02aaf24735792bfce250798bebf0d1a4495fca568b9449e81afef2937b50faf873257d7efa07d31759474d50ca2a7922e79ab47dd59b11dfd1ec43fef3551aed81d01ee4ab997c6cecc39013dcaa442aec803e4cebbc288b4f9e87b30613f0ec88ddc6f60f56787f4040897e6e6bdac317d74b27f97f2efadb031f03c61954fd0232373582b7fa315d3eb9f67053126d2ed0636f04d669c47bdeb078fbda177533902e20b5ce9d8f395ea4c0aaf2cae774fe99bc40105a9ca184bcb598ab2f49c1df62d32d1a6d73a26812cb47a2ccaf0e9b759df89ad1e18238d897b9fd658f6786a92a0c12bd0ee6dad8a430a67962363e5b9afb3329e4f1f6fcd7e63cb8f24872bcf5b8c349d9ce423666ca39f16884219dea338b388e40f4ad996419cb3858637364d8e5af67f846d77b2749115131a3642ef56681315e4a2cbca5e60febabf693570f515e09c2a8994a8e2be3cba28118ef429d4de781118182607dd2c2d5aaba621ea29c140338bd8f1787fd2a3f43bb7fa22a8ce053adb331a4c78eab569af317e14360a6bf1c8b7394f34bfc1a941ac88dab334d5a2d45fc83bee28884698fd82339c972a06efb369220049ca89727513bd4262ad6f94f55f659ec98b684b1d92e1b6a303548a196cc5316e9845baaf01e737ef047d3d1ac4fe13de618e8fd6471c225e688b73b866213f4765c1a1ecf041f66a11177b0425b0423c455dccfa35a34f3b1c4c9850267bd41dcc366f4f8fef6982699e9aee7f3edff90217c84f6865234676e65911e5e99739792161766e959d061d6e86797b595ae3cffc043da0929dce1b4bd27e04532800f14f69398a681d46f00197f547fa138e676a4c84e586e9a2037faad7d7342221c229ff13606688ab70305dc28d01270604fbcb2b5777541e637a10e7d6c2dfa76461b18c8b303234282f31b7ed8afd0cdcc3978c6520a182000ea312296c7d9df08c2a67b944bc519113822014a831c8d6a7f8d26a7a443666b6077bdc1c11cf47001bcbb484d163543445c77a02140191bbb813da818b4dc3ef1ca420f624e5cb67c48024aeb8691b549202750899938067a3ad49da19e9fffc6486b3525fba8b2ff991fb3b4c1a536818f2dad96f713ac264a22136c6a3a9eacb4f69ab08cfe2b971a7d916833c6a0370d4b0bc428db2e4b4013899668b73caf9c983e2f07e46b4b5b4f0d231edee8b1951e1d0e34c881d1fc5c6be05b92b13680398e7109bd18048f0bd980fceb24e59411873e7a8a7f95f4da2ba5c082fdda710361e163a213a3dbb82c08a69020545da4636c09a67cd962182a011cf5eb1c3d999abc7b834ee518bb53afe19941927ca190699abf79c334c52e206fc851deb7398947ad5bd125ef3f51349497142e921c85506c739f6319ae0eb8e3c551ceb7e16afc2d6aad36841ed8eb560ef984ee5e00f1ead2c646546b3c145e3700b07fc257551641cf3dcb76a8b3cc75994f2c3eb521cea22d64c8b72b2de506fde8185b70b4707b7f571668a5925ca21e605904d7c896a5d7290b9c4fc75ecc7ddbbd7f6f003a74f53d1a5432e0377a3efce1e7ac61e36dc13aeea57400d4d3986db3fccb6edaf83f86daeb42f416f58c502e74178e013b399d0b155e0df86b40b5f3f2ab0ad61c90870cee340c07977b55622699101e5372677dd4e208fa6b5d4834a2d6f37b2ead107218aa0e702d1f6a60bd4ad3a2e22807237129fdc02993ef1fffe3c285bd4f7b093b2da8d772ce2df7874bf9b7fd0893eb66a4931acc38129bfe4a8fc6b28ea83bcca1220b66c86d4d90914bb9e9a425fce618f11b66f93aa78515eac0f3956cb1e8b6f12d7f6f22c1ca5563e280b15c64732aec2a37d6010cee0fd2263ea3ea2011043153284b4a5fc87cc0dd8c36f084ce715a6e9ba3e8b2586726255d122f2b5677d6590405ae031df8f83840ef3011a7f5d18037407758270d980aa65d5a4aa26a35a61b65178b6183b282771e89a8fe47bd3ea5a23146b924a47c3cc2540a9c8d91d4a8924e010fb6d3e60457e0aa86749cc3444707fda055a0f489aecda68af7f0d7d31cf25641a10bcc0d00996cddf9059121639fa3ff2e5490bae6b702fcf226d8e50f27f0973e5e4cf543445524d0fe3bd55d3f215978bfabcba0d44c076f5b333b2095c70f6a5426338bf0c065ddce27f6730606d84d1ccef8cebcd15085fa8a5d0975dc47eeb09a4ab6da21d01916c97f4e266c4b01f2bfb3b6a08bb5a7cf834e56782d824e7c55b591cd883ed9e806a4f7033bbab49a2b8ab2cb0f6da9d76968208236b35a51f8eba3769a676ad60d69c475706a630f3a078ebaa6ba5bc25719867cb61d48cc3a381b261165c04f3c93f37d72fc15f43df1de34e24e80a46f5d15fb362e71cb4a5365dde04a53dc5e42745fbd601ff148db416244dd76ac16f24138ef9a02491eb5b48d731a8bdcd46040d0ff11a07c040b83db84bfd21ffb1d818203cb7d3f8fca47f1dc510afa8219ab031aaba2147aed7c50228930e895a72abf55ca6997131e231ea92e0059b680735548adf2d572c3540e096a644deb3750e3b341bbeffee70ff22e0b4e56142e4c1965c01a646dd9b5b0055f88f08987ad45adb844b9ffc84792073048c28bcb60f2666802052ee45dcd9a2950d55ecf0234a3dcf67e83cfa0bfb1285eb54e6292d8075c9e1b459e48556f416898557c9c864fc5de459feb53e33dd1a6860a2d1a836ab5ff6efaee123b3715a7137787ee4345efbce38074e262f363a8ff400345c8539d44a7286c7291246810bce063f0877db6585842380b530a4aaef6e36779a95fed220cef6c1fff2fdd5031f83987dc3282d432f322852cc9dc6d00c59d5ed83b386ff97c521e528e59f2df932467ac02d17f8818c2de26d69725f42cecaf186fab7b6e10b1ebd9a9a12ed83cd382d9a6f9a9bed2736cb0ec0260057f5ec704d2e1a64caad59e02ff2022174b23564cb0942e6769b12e0ae4d65dc4c5e6b6ceaf2667e085909c93a9768b7bfdac612801c0bc3848bad51e2367f788cbd1c5091ce0e9c567528c72003712e91247d87f1ff60d3865fc687a35886822079392f8d151b89e09469bef98e59139c460a53805a93245148cbb9a6a010dadc87e9b1a0e0a89e87e433ff1c0ad4b125760858c8badff4d82cbd31cf88f3e2e16a4e960e1e0b5825fc0f2b21d660cf60069d43fb6a8a96c44fa922164f02c9cd5ebb6fad848871224d157777b5a70dc6deb988506bd03aa4ce2200e9ce23641221784250c22d2c8635a3512f45d433cf66e158eb261f48a23d54f5ef4358df3487da471eb5775bdba565ee170be126b2300d0dad050212606f2d77a63fa2ab430e62670e852b89944e611509415bee36bf0961c8918bd8b0eb8af45b1a9d0420c7101a9c5f4a63efb9cc8de7897b5e2b02cb5885ad8d0d8ac7754ba8d4e9d37175e614e3f3a6a7b122bbc6dd9ce78f1b9a4e940a1160bb85650d8932fe1a82d0525630ba017be5129625a45c3cae66c7cdaa33ee704791db81ef2e11a2f528974fa388cd929c934dbdb21425e6117839ab33b2926b036457db3a43083c3ec17231aed4ee5b607a45a5735c9470c03a424b43efcea953c078717344aeb1449c0dfa3a3ec224b542c16cf735466bdaf26b522aef1db547b14f07ebd4f5da34426a46007757be47ed3f643c47f2c4467762cd049d6f4cf8a78d04f8318bdedcee80871e91c0330499d88254555c456d9bde8a892394267eac15c230cf7e7ba19ebc01b1905c80476de3cea8258f6d0820d159f4aa8a37fb378b2685da4e0e89d253187219869f1157bbe4a8a43eabf65e86a6d9b21e25d91c43c3036914427833ed87073886719069148e2e47219bb5da5d9664d64dc5c4ff71c0e808dadbb53a23e41e3c02fd0c9e0704490f3283d1864d15d795882e6522f31445556cab6832f273dac0c7aef4e3f8c09a34d1624fdb087d852f2e827fb2c3105f1afda54b9dc12cfde3cf7747daa5ac70904e82636a13155303f9a1198d6e7f9dc7be394ebc5db9e8380e290e6cae5f320caa56aa94490789fce2e2540b3de8865396f58e14d61d3cb122f7bd1af5a27c6fe733eba3cc39106efc906ea967fb833e2480aa80bd56ccd9e5c25304e2b8135f1453af70059e599cb67bc8eaaa38c39768e74d3da8aba0135f0192d7ddf0149ce62f353b0360251f1f88b272c6e85b4ee4e0563a6de80de83749af6e6aa4d80cab7031aff3f7e8d0c9114940549f828a62be9fd6a16db001369728b4b93d4ecf91563ae03def3ca4e9900a97657c4ff1e41c5742fb3329ba882ed61645aedb22f2543b83cd4007e5d228697a48064acc32ece41f2d5ead3f31a9689249e8b4bb57ac0b136b6c60ec531708235b94db823344aafbb9b79e21959635664b2193c3add0b28767906b7ba4118e6548e9a23b49e9181dc6f7dc7857425c9ab1b1451bc4572fd060190d0b5a76b8368b68e72a212bd0f89d0778d293b1d32f155f30c9aafe7215d2e746ea8f2c73a30bcd8c093a489519b60616b15afe69074ee77fb65caf5faf0aad49106057a91fdcd622a07ac21eb5c221f2e65323228af41b3eb894517c34c4f60ba20fb6f6c4309a7357884c0eeeb0a4874550107f2d0ffdc412f86bdf712f96183b3932cfb4da3f179cde1a288df9af09c243fae8c67b0d208d9cdb7adde8d5e548e0624b19da4818ef656b88280a", 0x1000}, 0x1006) getpeername$packet(0xffffffffffffffff, 0x0, 0x0) semget(0x3, 0x0, 0x2) 03:43:16 executing program 0: clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(r0, 0x1) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x20000000, 0xd0}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 03:43:16 executing program 0: clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(0x0, 0x1) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x20000000, 0xd0}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 03:43:16 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000000000)=ANY=[@ANYBLOB="020e00000c000000000000000000000005000600008000000a0000000000000000000000000000000000000000000000000000000000000005000500000000000a00000000000000fe8000000000000000000000000000ff0000000000000000d463c39d0c8e6df55a8aca58364fe2e59d7d4c799dc676429e066e1f6b1c4efcf671aadb274270b6b9084c0c6126229ec3050737f378325bf73df0a1e5e30b3daf4eb62b794c86f427e9890d0cb536bfef233ec8d414d83d5fd3fd65aaf304a3610b818ddccf03fd611254673fbb97b31b6a8d3c5b6a0289c144fc004b6e3d498d054bcd8b433515f91501005b27d3bd088d183f56c8d087fae0dbbb7d298f9e8d7efcc0f1782331f842e6810c4b1dc51a44288a4616bcabd978130b9796d6babcebf3b8aaa4d6076827dd75c8137352bd0fc8b2464e7dc933e9e9da33f1678bcdee78b180227824"], 0x60}}, 0x0) [ 1290.273739][ T9114] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 1290.302462][ T9114] CPU: 1 PID: 9114 Comm: syz-executor.4 Not tainted 5.1.0-rc1-next-20190319 #6 [ 1290.311423][ T9114] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1290.321484][ T9114] Call Trace: [ 1290.324786][ T9114] dump_stack+0x172/0x1f0 [ 1290.329138][ T9114] dump_header+0x10f/0xb6c [ 1290.333571][ T9114] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1290.339386][ T9114] ? ___ratelimit+0x60/0x595 [ 1290.343983][ T9114] ? do_raw_spin_unlock+0x57/0x270 [ 1290.349107][ T9114] oom_kill_process.cold+0x10/0x15 [ 1290.354232][ T9114] out_of_memory+0x79a/0x1280 [ 1290.358924][ T9114] ? lock_downgrade+0x880/0x880 [ 1290.363800][ T9114] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1290.370051][ T9114] ? oom_killer_disable+0x280/0x280 [ 1290.375254][ T9114] ? find_held_lock+0x35/0x130 [ 1290.380034][ T9114] mem_cgroup_out_of_memory+0x1ca/0x230 [ 1290.385593][ T9114] ? memcg_event_wake+0x230/0x230 [ 1290.390637][ T9114] ? do_raw_spin_unlock+0x57/0x270 [ 1290.395760][ T9114] ? _raw_spin_unlock+0x2d/0x50 [ 1290.400627][ T9114] try_charge+0x118d/0x1790 [ 1290.405154][ T9114] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1290.410724][ T9114] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1290.416985][ T9114] ? kasan_check_read+0x11/0x20 [ 1290.421855][ T9114] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1290.427413][ T9114] mem_cgroup_try_charge+0x24d/0x5e0 [ 1290.432723][ T9114] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1290.438376][ T9114] __handle_mm_fault+0x1e1f/0x3ec0 [ 1290.443505][ T9114] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1290.449058][ T9114] ? find_held_lock+0x35/0x130 [ 1290.453832][ T9114] ? handle_mm_fault+0x322/0xb30 [ 1290.458790][ T9114] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1290.465047][ T9114] ? kasan_check_read+0x11/0x20 [ 1290.469908][ T9114] handle_mm_fault+0x43f/0xb30 [ 1290.474688][ T9114] __get_user_pages+0x7b6/0x1a40 [ 1290.479663][ T9114] ? follow_page_mask+0x19a0/0x19a0 [ 1290.484877][ T9114] ? perf_trace_lock+0xeb/0x510 [ 1290.489732][ T9114] ? __vma_adjust+0x1840/0x1840 [ 1290.494589][ T9114] ? lock_acquire+0x16f/0x3f0 [ 1290.499255][ T9114] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1290.505492][ T9114] populate_vma_page_range+0x20d/0x2a0 [ 1290.510956][ T9114] __mm_populate+0x204/0x380 [ 1290.515534][ T9114] ? populate_vma_page_range+0x2a0/0x2a0 [ 1290.521156][ T9114] __x64_sys_mlockall+0x35c/0x520 [ 1290.526170][ T9114] do_syscall_64+0x103/0x610 [ 1290.530758][ T9114] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1290.536643][ T9114] RIP: 0033:0x458079 [ 1290.540544][ T9114] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1290.560139][ T9114] RSP: 002b:00007fa3c5772c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 1290.568545][ T9114] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000458079 [ 1290.576524][ T9114] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 1290.584501][ T9114] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1290.592469][ T9114] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa3c57736d4 [ 1290.600437][ T9114] R13: 00000000004c3d3a R14: 00000000004d6f20 R15: 00000000ffffffff [ 1290.609721][ T9114] memory: usage 307200kB, limit 307200kB, failcnt 1363 [ 1290.616658][ T9114] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1290.624245][ T9114] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1290.631173][ T9114] Memory cgroup stats for /syz4: cache:0KB rss:279952KB rss_huge:18432KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:235456KB active_anon:27424KB inactive_file:4KB active_file:0KB unevictable:17180KB [ 1290.653537][ T9114] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=9111,uid=0 [ 1290.668935][ T9114] Memory cgroup out of memory: Killed process 9111 (syz-executor.4) total-vm:72448kB, anon-rss:17072kB, file-rss:37164kB, shmem-rss:0kB [ 1290.683336][ T1043] oom_reaper: reaped process 9111 (syz-executor.4), now anon-rss:17120kB, file-rss:37940kB, shmem-rss:0kB 03:43:19 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000440), 0x132224) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() setsockopt$IPT_SO_SET_REPLACE(r1, 0x0, 0x40, &(0x7f00000000c0)=ANY=[@ANYBLOB="6e61853167377400000100000000000000000000e4dbb77487e90104000000000040800000000000001b2300000503000018030000cc0000ac010000000000001004d1e090e1fe916dd282e0f34f8dfac0dc1695c4d700001004000010030002d3a379b87c5ade6e27a603551ae6543351c2f2d3c00f3f72e011777424c981c41f852110e5d4a50bc78b2aa66b63012812d04b94d660aab341cfe8364422b866cd445d5d0f4d6715baea5900323e00000000000071cf4f04009500"], 0x1) ptrace$setopts(0x4206, r2, 0x0, 0x0) wait4(0x0, 0x0, 0x0, 0x0) tkill(r2, 0x3c) 03:43:19 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000180)="0adc1f123c123f3188b070") r1 = socket$inet6(0xa, 0x400000000001, 0x0) bind$inet6(r1, &(0x7f0000000200)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r1, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) syz_genetlink_get_family_id$net_dm(0x0) r2 = perf_event_open$cgroup(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, 0xffffffffffffffff) sendmsg$NET_DM_CMD_STOP(0xffffffffffffffff, 0x0, 0x0) chdir(&(0x7f0000000240)='./file0\x00') openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x26e1, 0x0) r3 = open(&(0x7f0000000140)='./bus\x00', 0x141042, 0x0) fchown(r2, 0x0, 0x0) ioctl$TUNGETSNDBUF(r3, 0x800454d3, &(0x7f00000001c0)) getuid() syz_mount_image$hfsplus(&(0x7f0000000040)='hfsplus\x00', &(0x7f0000000080)='./bus\x00', 0x3, 0x1, &(0x7f0000000700)=[{0x0, 0x3b6}], 0x0, 0x0) msgget(0xffffffffffffffff, 0x0) msgrcv(0x0, 0x0, 0xfffffc46, 0x0, 0x0) lsetxattr$trusted_overlay_origin(0x0, 0x0, 0x0, 0x0, 0x0) write$UHID_INPUT(r3, &(0x7f0000002480)={0x8, "c0c814a55b6300d28afc61ac7dd1ffb869b761e8e53ee36e4be89e9fea175523e4468dec44bf8b5473c7a5062b4ede67dcb24cb9484ccfff2b3a70befc56e8ab2eee3483f5bf78c16beac035b700eb84e2216f268d02b717d2046c273814475b412437f7dc08a13a55d3c02132999dfd9fe80b750eff4d7c1da975b3835602728ae09e72527fcee19377e29c6c19e1ccce0f75e0e54001e3e83e473fa3d37eca8be1b3de565571e0e84f310c11fa8616068113b038aaa5c69967699fc2aa41c6f26fc22cf68e3577242c9b4ca20fab9de5885e0648fbd7af089b05f38f152d2f8144461608733c567b6dc5d2a07022c3764565c85abcfd99dd7a85e58939278235d50e8b321be7dbaa5141e097c28364fad2f713d666ca94f4e429687fcabb72aceeaf8abe5b506d98dc393b6e97492d785ead0ca2953f92c4d2b2c9f616e3d98b36be55a923fc5892413f7a3b615cec89b52e0ecdcee0aa5af72bcbb91b4bade7435dd8b529feaf13f8b48fcaca5952235d2e909f8831d8ca05a0daa3f6c581f388e0c1879b41fe63ef3d122bd0c5acd4fb07b96797918791075ae7383bb1bbdea574b31301ff37ecc45671ee2e7fc55bf6244025d1fd82dca56a42a23aa826a0b1e102bd87893ddc05649304eb1866c796e46e0d57f552bd572891ef892918bb2e7f2c6bcf68f388ea0c50f48c06de1b46b1434cdf25ca1288ebabe2a33d1c6effb77f91ef75471e93952caeda8ac2b2677e46d62b8366922d093832bccb949e177b4417864812d22972d81d89158288b5318d017329d4e8f66273abf74c434f318ebf32c7629342a85336387231b1e579d57cff0b125bef9dddf0fc33f71cb59d5a8972cda06ba6bba4a89cb8d3b465492c431698984998b2979ea61fed3d99b049724f2bdda5a0700ccb28825da1343f41290e569a6d38d4ae3968147cf39b097efd78e058fc71523c12e724bf93dc4ecc02b5cb18d13b59ec8f85368ac1ea93ed0149c60c53569dc69cdb3f37470eab26ef010b03a7e651b9e8e9065da347660836eddb3988c9a0f394aad055f727310f646d6cb35131d02aaf24735792bfce250798bebf0d1a4495fca568b9449e81afef2937b50faf873257d7efa07d31759474d50ca2a7922e79ab47dd59b11dfd1ec43fef3551aed81d01ee4ab997c6cecc39013dcaa442aec803e4cebbc288b4f9e87b30613f0ec88ddc6f60f56787f4040897e6e6bdac317d74b27f97f2efadb031f03c61954fd0232373582b7fa315d3eb9f67053126d2ed0636f04d669c47bdeb078fbda177533902e20b5ce9d8f395ea4c0aaf2cae774fe99bc40105a9ca184bcb598ab2f49c1df62d32d1a6d73a26812cb47a2ccaf0e9b759df89ad1e18238d897b9fd658f6786a92a0c12bd0ee6dad8a430a67962363e5b9afb3329e4f1f6fcd7e63cb8f24872bcf5b8c349d9ce423666ca39f16884219dea338b388e40f4ad996419cb3858637364d8e5af67f846d77b2749115131a3642ef56681315e4a2cbca5e60febabf693570f515e09c2a8994a8e2be3cba28118ef429d4de781118182607dd2c2d5aaba621ea29c140338bd8f1787fd2a3f43bb7fa22a8ce053adb331a4c78eab569af317e14360a6bf1c8b7394f34bfc1a941ac88dab334d5a2d45fc83bee28884698fd82339c972a06efb369220049ca89727513bd4262ad6f94f55f659ec98b684b1d92e1b6a303548a196cc5316e9845baaf01e737ef047d3d1ac4fe13de618e8fd6471c225e688b73b866213f4765c1a1ecf041f66a11177b0425b0423c455dccfa35a34f3b1c4c9850267bd41dcc366f4f8fef6982699e9aee7f3edff90217c84f6865234676e65911e5e99739792161766e959d061d6e86797b595ae3cffc043da0929dce1b4bd27e04532800f14f69398a681d46f00197f547fa138e676a4c84e586e9a2037faad7d7342221c229ff13606688ab70305dc28d01270604fbcb2b5777541e637a10e7d6c2dfa76461b18c8b303234282f31b7ed8afd0cdcc3978c6520a182000ea312296c7d9df08c2a67b944bc519113822014a831c8d6a7f8d26a7a443666b6077bdc1c11cf47001bcbb484d163543445c77a02140191bbb813da818b4dc3ef1ca420f624e5cb67c48024aeb8691b549202750899938067a3ad49da19e9fffc6486b3525fba8b2ff991fb3b4c1a536818f2dad96f713ac264a22136c6a3a9eacb4f69ab08cfe2b971a7d916833c6a0370d4b0bc428db2e4b4013899668b73caf9c983e2f07e46b4b5b4f0d231edee8b1951e1d0e34c881d1fc5c6be05b92b13680398e7109bd18048f0bd980fceb24e59411873e7a8a7f95f4da2ba5c082fdda710361e163a213a3dbb82c08a69020545da4636c09a67cd962182a011cf5eb1c3d999abc7b834ee518bb53afe19941927ca190699abf79c334c52e206fc851deb7398947ad5bd125ef3f51349497142e921c85506c739f6319ae0eb8e3c551ceb7e16afc2d6aad36841ed8eb560ef984ee5e00f1ead2c646546b3c145e3700b07fc257551641cf3dcb76a8b3cc75994f2c3eb521cea22d64c8b72b2de506fde8185b70b4707b7f571668a5925ca21e605904d7c896a5d7290b9c4fc75ecc7ddbbd7f6f003a74f53d1a5432e0377a3efce1e7ac61e36dc13aeea57400d4d3986db3fccb6edaf83f86daeb42f416f58c502e74178e013b399d0b155e0df86b40b5f3f2ab0ad61c90870cee340c07977b55622699101e5372677dd4e208fa6b5d4834a2d6f37b2ead107218aa0e702d1f6a60bd4ad3a2e22807237129fdc02993ef1fffe3c285bd4f7b093b2da8d772ce2df7874bf9b7fd0893eb66a4931acc38129bfe4a8fc6b28ea83bcca1220b66c86d4d90914bb9e9a425fce618f11b66f93aa78515eac0f3956cb1e8b6f12d7f6f22c1ca5563e280b15c64732aec2a37d6010cee0fd2263ea3ea2011043153284b4a5fc87cc0dd8c36f084ce715a6e9ba3e8b2586726255d122f2b5677d6590405ae031df8f83840ef3011a7f5d18037407758270d980aa65d5a4aa26a35a61b65178b6183b282771e89a8fe47bd3ea5a23146b924a47c3cc2540a9c8d91d4a8924e010fb6d3e60457e0aa86749cc3444707fda055a0f489aecda68af7f0d7d31cf25641a10bcc0d00996cddf9059121639fa3ff2e5490bae6b702fcf226d8e50f27f0973e5e4cf543445524d0fe3bd55d3f215978bfabcba0d44c076f5b333b2095c70f6a5426338bf0c065ddce27f6730606d84d1ccef8cebcd15085fa8a5d0975dc47eeb09a4ab6da21d01916c97f4e266c4b01f2bfb3b6a08bb5a7cf834e56782d824e7c55b591cd883ed9e806a4f7033bbab49a2b8ab2cb0f6da9d76968208236b35a51f8eba3769a676ad60d69c475706a630f3a078ebaa6ba5bc25719867cb61d48cc3a381b261165c04f3c93f37d72fc15f43df1de34e24e80a46f5d15fb362e71cb4a5365dde04a53dc5e42745fbd601ff148db416244dd76ac16f24138ef9a02491eb5b48d731a8bdcd46040d0ff11a07c040b83db84bfd21ffb1d818203cb7d3f8fca47f1dc510afa8219ab031aaba2147aed7c50228930e895a72abf55ca6997131e231ea92e0059b680735548adf2d572c3540e096a644deb3750e3b341bbeffee70ff22e0b4e56142e4c1965c01a646dd9b5b0055f88f08987ad45adb844b9ffc84792073048c28bcb60f2666802052ee45dcd9a2950d55ecf0234a3dcf67e83cfa0bfb1285eb54e6292d8075c9e1b459e48556f416898557c9c864fc5de459feb53e33dd1a6860a2d1a836ab5ff6efaee123b3715a7137787ee4345efbce38074e262f363a8ff400345c8539d44a7286c7291246810bce063f0877db6585842380b530a4aaef6e36779a95fed220cef6c1fff2fdd5031f83987dc3282d432f322852cc9dc6d00c59d5ed83b386ff97c521e528e59f2df932467ac02d17f8818c2de26d69725f42cecaf186fab7b6e10b1ebd9a9a12ed83cd382d9a6f9a9bed2736cb0ec0260057f5ec704d2e1a64caad59e02ff2022174b23564cb0942e6769b12e0ae4d65dc4c5e6b6ceaf2667e085909c93a9768b7bfdac612801c0bc3848bad51e2367f788cbd1c5091ce0e9c567528c72003712e91247d87f1ff60d3865fc687a35886822079392f8d151b89e09469bef98e59139c460a53805a93245148cbb9a6a010dadc87e9b1a0e0a89e87e433ff1c0ad4b125760858c8badff4d82cbd31cf88f3e2e16a4e960e1e0b5825fc0f2b21d660cf60069d43fb6a8a96c44fa922164f02c9cd5ebb6fad848871224d157777b5a70dc6deb988506bd03aa4ce2200e9ce23641221784250c22d2c8635a3512f45d433cf66e158eb261f48a23d54f5ef4358df3487da471eb5775bdba565ee170be126b2300d0dad050212606f2d77a63fa2ab430e62670e852b89944e611509415bee36bf0961c8918bd8b0eb8af45b1a9d0420c7101a9c5f4a63efb9cc8de7897b5e2b02cb5885ad8d0d8ac7754ba8d4e9d37175e614e3f3a6a7b122bbc6dd9ce78f1b9a4e940a1160bb85650d8932fe1a82d0525630ba017be5129625a45c3cae66c7cdaa33ee704791db81ef2e11a2f528974fa388cd929c934dbdb21425e6117839ab33b2926b036457db3a43083c3ec17231aed4ee5b607a45a5735c9470c03a424b43efcea953c078717344aeb1449c0dfa3a3ec224b542c16cf735466bdaf26b522aef1db547b14f07ebd4f5da34426a46007757be47ed3f643c47f2c4467762cd049d6f4cf8a78d04f8318bdedcee80871e91c0330499d88254555c456d9bde8a892394267eac15c230cf7e7ba19ebc01b1905c80476de3cea8258f6d0820d159f4aa8a37fb378b2685da4e0e89d253187219869f1157bbe4a8a43eabf65e86a6d9b21e25d91c43c3036914427833ed87073886719069148e2e47219bb5da5d9664d64dc5c4ff71c0e808dadbb53a23e41e3c02fd0c9e0704490f3283d1864d15d795882e6522f31445556cab6832f273dac0c7aef4e3f8c09a34d1624fdb087d852f2e827fb2c3105f1afda54b9dc12cfde3cf7747daa5ac70904e82636a13155303f9a1198d6e7f9dc7be394ebc5db9e8380e290e6cae5f320caa56aa94490789fce2e2540b3de8865396f58e14d61d3cb122f7bd1af5a27c6fe733eba3cc39106efc906ea967fb833e2480aa80bd56ccd9e5c25304e2b8135f1453af70059e599cb67bc8eaaa38c39768e74d3da8aba0135f0192d7ddf0149ce62f353b0360251f1f88b272c6e85b4ee4e0563a6de80de83749af6e6aa4d80cab7031aff3f7e8d0c9114940549f828a62be9fd6a16db001369728b4b93d4ecf91563ae03def3ca4e9900a97657c4ff1e41c5742fb3329ba882ed61645aedb22f2543b83cd4007e5d228697a48064acc32ece41f2d5ead3f31a9689249e8b4bb57ac0b136b6c60ec531708235b94db823344aafbb9b79e21959635664b2193c3add0b28767906b7ba4118e6548e9a23b49e9181dc6f7dc7857425c9ab1b1451bc4572fd060190d0b5a76b8368b68e72a212bd0f89d0778d293b1d32f155f30c9aafe7215d2e746ea8f2c73a30bcd8c093a489519b60616b15afe69074ee77fb65caf5faf0aad49106057a91fdcd622a07ac21eb5c221f2e65323228af41b3eb894517c34c4f60ba20fb6f6c4309a7357884c0eeeb0a4874550107f2d0ffdc412f86bdf712f96183b3932cfb4da3f179cde1a288df9af09c243fae8c67b0d208d9cdb7adde8d5e548e0624b19da4818ef656b88280a", 0x1000}, 0x1006) getpeername$packet(0xffffffffffffffff, 0x0, 0x0) 03:43:19 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)={0x2, 0xe, 0x0, 0x0, 0xc, 0x0, 0x70bd26, 0x25dfdbfc}, 0x56}}, 0x8000) 03:43:19 executing program 5: socket$inet_sctp(0x2, 0x5, 0x84) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) r1 = socket(0xa, 0x3, 0x5) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'bridge0\x00\x00\x01\x00'}) setsockopt$ARPT_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x0, 0x61, &(0x7f0000000080)={'filter\x00', 0x4}, 0x68) setsockopt$inet6_mtu(r1, 0x29, 0x17, &(0x7f00000001c0)=0x2, 0x4) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8923, &(0x7f0000000040)={'bridge0\x00', 0xfffffffffffffffd}) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) socket$inet(0x2, 0x4000000000000001, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCBRADDBR(r4, 0x89a0, &(0x7f00000000c0)='bcsf0\x00') setsockopt$inet6_mtu(r3, 0x29, 0x17, &(0x7f00000002c0)=0x7, 0x4) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(tnepres)\x00'}, 0x58) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r2, 0x84, 0x7c, &(0x7f0000000680)={0x0, 0x4}, &(0x7f00000006c0)=0x8) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f0000000700)={0x0, 0x0, 0x2, 0x1, r6}, 0x10) r7 = accept4(r5, 0x0, &(0x7f0000000000), 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000100), 0x0) r8 = syz_genetlink_get_family_id$nbd(&(0x7f0000000740)='nbd\x00') sendmsg$NBD_CMD_STATUS(r4, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)={0x20, r8, 0x20, 0x70bd27, 0x25dfdbfd, {}, [@NBD_ATTR_TIMEOUT={0xc, 0x4, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x4000) sendto$unix(r7, &(0x7f0000000400), 0xfffffffffffffef8, 0x0, 0x0, 0x22) bind$bt_l2cap(r2, &(0x7f0000000280)={0x1f, 0x1000, {0x2, 0x8, 0x9, 0xff, 0x40, 0x65f}, 0x5, 0xa1}, 0xe) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000200)={r3, &(0x7f0000000140)="b127e17bb4729bdbe9df3309c28cfe1b0b69a52b7f9659d9f5e15f2d086700eb94d66d46780f09e48850970774d57053aa6f75", 0x0, 0x1}, 0x20) socket$alg(0x26, 0x5, 0x0) recvmmsg(r7, &(0x7f0000009140)=[{{&(0x7f0000001580)=@in={0x2, 0x0, @dev}, 0x80, &(0x7f0000004840)=[{&(0x7f0000003840)=""/4096, 0x6}, {&(0x7f0000001600)=""/129, 0x7fffeffa}], 0x2, &(0x7f00000048c0)=""/58, 0x3a}}], 0x1, 0x0, &(0x7f0000009340)={0x0, 0x989680}) ioctl$sock_SIOCBRDELBR(r4, 0x89a1, &(0x7f0000000180)='bcsf0\x00\x00\x00\x00\x00\x00\x00\x11\x00') getsockopt$bt_rfcomm_RFCOMM_LM(r3, 0x12, 0x3, &(0x7f0000000380), &(0x7f0000000240)=0x293) sendmsg$nl_xfrm(r0, &(0x7f0000000100)={&(0x7f0000f4dff4), 0xc, &(0x7f0000000040)={&(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000c011100"], 0x1}}, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000600)={'bridge0\x00'}) 03:43:19 executing program 4: socketpair$unix(0x1, 0x0, 0x0, 0x0) r0 = creat(0x0, 0x0) r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_STATUS(r0, 0xc05c5340, &(0x7f0000000200)={0xff, 0x9, 0xff, {}, 0x2}) mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x0, 0x6031, 0xffffffffffffffff, 0x0) fcntl$dupfd(r2, 0x406, r1) 03:43:19 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f00005f5000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)={0x2, 0xe, 0x0, 0x0, 0xc, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0xffffff80, 0x0, @in6}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0x60}}, 0xffffffffffffffff) 03:43:19 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000180)="0adc1f123c123f3188b070") r1 = socket$inet6(0xa, 0x400000000001, 0x0) bind$inet6(r1, &(0x7f0000000200)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r1, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) syz_genetlink_get_family_id$net_dm(0x0) r2 = perf_event_open$cgroup(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, 0xffffffffffffffff) sendmsg$NET_DM_CMD_STOP(0xffffffffffffffff, 0x0, 0x0) chdir(&(0x7f0000000240)='./file0\x00') openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x26e1, 0x0) r3 = open(&(0x7f0000000140)='./bus\x00', 0x141042, 0x0) fchown(r2, 0x0, 0x0) ioctl$TUNGETSNDBUF(r3, 0x800454d3, &(0x7f00000001c0)) getuid() syz_mount_image$hfsplus(&(0x7f0000000040)='hfsplus\x00', &(0x7f0000000080)='./bus\x00', 0x3, 0x1, &(0x7f0000000700)=[{0x0, 0x3b6}], 0x0, 0x0) msgget(0xffffffffffffffff, 0x0) msgrcv(0x0, 0x0, 0xfffffc46, 0x0, 0x0) lsetxattr$trusted_overlay_origin(0x0, 0x0, 0x0, 0x0, 0x0) write$UHID_INPUT(r3, &(0x7f0000002480)={0x8, "c0c814a55b6300d28afc61ac7dd1ffb869b761e8e53ee36e4be89e9fea175523e4468dec44bf8b5473c7a5062b4ede67dcb24cb9484ccfff2b3a70befc56e8ab2eee3483f5bf78c16beac035b700eb84e2216f268d02b717d2046c273814475b412437f7dc08a13a55d3c02132999dfd9fe80b750eff4d7c1da975b3835602728ae09e72527fcee19377e29c6c19e1ccce0f75e0e54001e3e83e473fa3d37eca8be1b3de565571e0e84f310c11fa8616068113b038aaa5c69967699fc2aa41c6f26fc22cf68e3577242c9b4ca20fab9de5885e0648fbd7af089b05f38f152d2f8144461608733c567b6dc5d2a07022c3764565c85abcfd99dd7a85e58939278235d50e8b321be7dbaa5141e097c28364fad2f713d666ca94f4e429687fcabb72aceeaf8abe5b506d98dc393b6e97492d785ead0ca2953f92c4d2b2c9f616e3d98b36be55a923fc5892413f7a3b615cec89b52e0ecdcee0aa5af72bcbb91b4bade7435dd8b529feaf13f8b48fcaca5952235d2e909f8831d8ca05a0daa3f6c581f388e0c1879b41fe63ef3d122bd0c5acd4fb07b96797918791075ae7383bb1bbdea574b31301ff37ecc45671ee2e7fc55bf6244025d1fd82dca56a42a23aa826a0b1e102bd87893ddc05649304eb1866c796e46e0d57f552bd572891ef892918bb2e7f2c6bcf68f388ea0c50f48c06de1b46b1434cdf25ca1288ebabe2a33d1c6effb77f91ef75471e93952caeda8ac2b2677e46d62b8366922d093832bccb949e177b4417864812d22972d81d89158288b5318d017329d4e8f66273abf74c434f318ebf32c7629342a85336387231b1e579d57cff0b125bef9dddf0fc33f71cb59d5a8972cda06ba6bba4a89cb8d3b465492c431698984998b2979ea61fed3d99b049724f2bdda5a0700ccb28825da1343f41290e569a6d38d4ae3968147cf39b097efd78e058fc71523c12e724bf93dc4ecc02b5cb18d13b59ec8f85368ac1ea93ed0149c60c53569dc69cdb3f37470eab26ef010b03a7e651b9e8e9065da347660836eddb3988c9a0f394aad055f727310f646d6cb35131d02aaf24735792bfce250798bebf0d1a4495fca568b9449e81afef2937b50faf873257d7efa07d31759474d50ca2a7922e79ab47dd59b11dfd1ec43fef3551aed81d01ee4ab997c6cecc39013dcaa442aec803e4cebbc288b4f9e87b30613f0ec88ddc6f60f56787f4040897e6e6bdac317d74b27f97f2efadb031f03c61954fd0232373582b7fa315d3eb9f67053126d2ed0636f04d669c47bdeb078fbda177533902e20b5ce9d8f395ea4c0aaf2cae774fe99bc40105a9ca184bcb598ab2f49c1df62d32d1a6d73a26812cb47a2ccaf0e9b759df89ad1e18238d897b9fd658f6786a92a0c12bd0ee6dad8a430a67962363e5b9afb3329e4f1f6fcd7e63cb8f24872bcf5b8c349d9ce423666ca39f16884219dea338b388e40f4ad996419cb3858637364d8e5af67f846d77b2749115131a3642ef56681315e4a2cbca5e60febabf693570f515e09c2a8994a8e2be3cba28118ef429d4de781118182607dd2c2d5aaba621ea29c140338bd8f1787fd2a3f43bb7fa22a8ce053adb331a4c78eab569af317e14360a6bf1c8b7394f34bfc1a941ac88dab334d5a2d45fc83bee28884698fd82339c972a06efb369220049ca89727513bd4262ad6f94f55f659ec98b684b1d92e1b6a303548a196cc5316e9845baaf01e737ef047d3d1ac4fe13de618e8fd6471c225e688b73b866213f4765c1a1ecf041f66a11177b0425b0423c455dccfa35a34f3b1c4c9850267bd41dcc366f4f8fef6982699e9aee7f3edff90217c84f6865234676e65911e5e99739792161766e959d061d6e86797b595ae3cffc043da0929dce1b4bd27e04532800f14f69398a681d46f00197f547fa138e676a4c84e586e9a2037faad7d7342221c229ff13606688ab70305dc28d01270604fbcb2b5777541e637a10e7d6c2dfa76461b18c8b303234282f31b7ed8afd0cdcc3978c6520a182000ea312296c7d9df08c2a67b944bc519113822014a831c8d6a7f8d26a7a443666b6077bdc1c11cf47001bcbb484d163543445c77a02140191bbb813da818b4dc3ef1ca420f624e5cb67c48024aeb8691b549202750899938067a3ad49da19e9fffc6486b3525fba8b2ff991fb3b4c1a536818f2dad96f713ac264a22136c6a3a9eacb4f69ab08cfe2b971a7d916833c6a0370d4b0bc428db2e4b4013899668b73caf9c983e2f07e46b4b5b4f0d231edee8b1951e1d0e34c881d1fc5c6be05b92b13680398e7109bd18048f0bd980fceb24e59411873e7a8a7f95f4da2ba5c082fdda710361e163a213a3dbb82c08a69020545da4636c09a67cd962182a011cf5eb1c3d999abc7b834ee518bb53afe19941927ca190699abf79c334c52e206fc851deb7398947ad5bd125ef3f51349497142e921c85506c739f6319ae0eb8e3c551ceb7e16afc2d6aad36841ed8eb560ef984ee5e00f1ead2c646546b3c145e3700b07fc257551641cf3dcb76a8b3cc75994f2c3eb521cea22d64c8b72b2de506fde8185b70b4707b7f571668a5925ca21e605904d7c896a5d7290b9c4fc75ecc7ddbbd7f6f003a74f53d1a5432e0377a3efce1e7ac61e36dc13aeea57400d4d3986db3fccb6edaf83f86daeb42f416f58c502e74178e013b399d0b155e0df86b40b5f3f2ab0ad61c90870cee340c07977b55622699101e5372677dd4e208fa6b5d4834a2d6f37b2ead107218aa0e702d1f6a60bd4ad3a2e22807237129fdc02993ef1fffe3c285bd4f7b093b2da8d772ce2df7874bf9b7fd0893eb66a4931acc38129bfe4a8fc6b28ea83bcca1220b66c86d4d90914bb9e9a425fce618f11b66f93aa78515eac0f3956cb1e8b6f12d7f6f22c1ca5563e280b15c64732aec2a37d6010cee0fd2263ea3ea2011043153284b4a5fc87cc0dd8c36f084ce715a6e9ba3e8b2586726255d122f2b5677d6590405ae031df8f83840ef3011a7f5d18037407758270d980aa65d5a4aa26a35a61b65178b6183b282771e89a8fe47bd3ea5a23146b924a47c3cc2540a9c8d91d4a8924e010fb6d3e60457e0aa86749cc3444707fda055a0f489aecda68af7f0d7d31cf25641a10bcc0d00996cddf9059121639fa3ff2e5490bae6b702fcf226d8e50f27f0973e5e4cf543445524d0fe3bd55d3f215978bfabcba0d44c076f5b333b2095c70f6a5426338bf0c065ddce27f6730606d84d1ccef8cebcd15085fa8a5d0975dc47eeb09a4ab6da21d01916c97f4e266c4b01f2bfb3b6a08bb5a7cf834e56782d824e7c55b591cd883ed9e806a4f7033bbab49a2b8ab2cb0f6da9d76968208236b35a51f8eba3769a676ad60d69c475706a630f3a078ebaa6ba5bc25719867cb61d48cc3a381b261165c04f3c93f37d72fc15f43df1de34e24e80a46f5d15fb362e71cb4a5365dde04a53dc5e42745fbd601ff148db416244dd76ac16f24138ef9a02491eb5b48d731a8bdcd46040d0ff11a07c040b83db84bfd21ffb1d818203cb7d3f8fca47f1dc510afa8219ab031aaba2147aed7c50228930e895a72abf55ca6997131e231ea92e0059b680735548adf2d572c3540e096a644deb3750e3b341bbeffee70ff22e0b4e56142e4c1965c01a646dd9b5b0055f88f08987ad45adb844b9ffc84792073048c28bcb60f2666802052ee45dcd9a2950d55ecf0234a3dcf67e83cfa0bfb1285eb54e6292d8075c9e1b459e48556f416898557c9c864fc5de459feb53e33dd1a6860a2d1a836ab5ff6efaee123b3715a7137787ee4345efbce38074e262f363a8ff400345c8539d44a7286c7291246810bce063f0877db6585842380b530a4aaef6e36779a95fed220cef6c1fff2fdd5031f83987dc3282d432f322852cc9dc6d00c59d5ed83b386ff97c521e528e59f2df932467ac02d17f8818c2de26d69725f42cecaf186fab7b6e10b1ebd9a9a12ed83cd382d9a6f9a9bed2736cb0ec0260057f5ec704d2e1a64caad59e02ff2022174b23564cb0942e6769b12e0ae4d65dc4c5e6b6ceaf2667e085909c93a9768b7bfdac612801c0bc3848bad51e2367f788cbd1c5091ce0e9c567528c72003712e91247d87f1ff60d3865fc687a35886822079392f8d151b89e09469bef98e59139c460a53805a93245148cbb9a6a010dadc87e9b1a0e0a89e87e433ff1c0ad4b125760858c8badff4d82cbd31cf88f3e2e16a4e960e1e0b5825fc0f2b21d660cf60069d43fb6a8a96c44fa922164f02c9cd5ebb6fad848871224d157777b5a70dc6deb988506bd03aa4ce2200e9ce23641221784250c22d2c8635a3512f45d433cf66e158eb261f48a23d54f5ef4358df3487da471eb5775bdba565ee170be126b2300d0dad050212606f2d77a63fa2ab430e62670e852b89944e611509415bee36bf0961c8918bd8b0eb8af45b1a9d0420c7101a9c5f4a63efb9cc8de7897b5e2b02cb5885ad8d0d8ac7754ba8d4e9d37175e614e3f3a6a7b122bbc6dd9ce78f1b9a4e940a1160bb85650d8932fe1a82d0525630ba017be5129625a45c3cae66c7cdaa33ee704791db81ef2e11a2f528974fa388cd929c934dbdb21425e6117839ab33b2926b036457db3a43083c3ec17231aed4ee5b607a45a5735c9470c03a424b43efcea953c078717344aeb1449c0dfa3a3ec224b542c16cf735466bdaf26b522aef1db547b14f07ebd4f5da34426a46007757be47ed3f643c47f2c4467762cd049d6f4cf8a78d04f8318bdedcee80871e91c0330499d88254555c456d9bde8a892394267eac15c230cf7e7ba19ebc01b1905c80476de3cea8258f6d0820d159f4aa8a37fb378b2685da4e0e89d253187219869f1157bbe4a8a43eabf65e86a6d9b21e25d91c43c3036914427833ed87073886719069148e2e47219bb5da5d9664d64dc5c4ff71c0e808dadbb53a23e41e3c02fd0c9e0704490f3283d1864d15d795882e6522f31445556cab6832f273dac0c7aef4e3f8c09a34d1624fdb087d852f2e827fb2c3105f1afda54b9dc12cfde3cf7747daa5ac70904e82636a13155303f9a1198d6e7f9dc7be394ebc5db9e8380e290e6cae5f320caa56aa94490789fce2e2540b3de8865396f58e14d61d3cb122f7bd1af5a27c6fe733eba3cc39106efc906ea967fb833e2480aa80bd56ccd9e5c25304e2b8135f1453af70059e599cb67bc8eaaa38c39768e74d3da8aba0135f0192d7ddf0149ce62f353b0360251f1f88b272c6e85b4ee4e0563a6de80de83749af6e6aa4d80cab7031aff3f7e8d0c9114940549f828a62be9fd6a16db001369728b4b93d4ecf91563ae03def3ca4e9900a97657c4ff1e41c5742fb3329ba882ed61645aedb22f2543b83cd4007e5d228697a48064acc32ece41f2d5ead3f31a9689249e8b4bb57ac0b136b6c60ec531708235b94db823344aafbb9b79e21959635664b2193c3add0b28767906b7ba4118e6548e9a23b49e9181dc6f7dc7857425c9ab1b1451bc4572fd060190d0b5a76b8368b68e72a212bd0f89d0778d293b1d32f155f30c9aafe7215d2e746ea8f2c73a30bcd8c093a489519b60616b15afe69074ee77fb65caf5faf0aad49106057a91fdcd622a07ac21eb5c221f2e65323228af41b3eb894517c34c4f60ba20fb6f6c4309a7357884c0eeeb0a4874550107f2d0ffdc412f86bdf712f96183b3932cfb4da3f179cde1a288df9af09c243fae8c67b0d208d9cdb7adde8d5e548e0624b19da4818ef656b88280a", 0x1000}, 0x1006) 03:43:19 executing program 2: sendmsg$key(0xffffffffffffffff, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f000080e000)={0x2, 0xe, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0xffffff80, 0x0, @in6}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0x60}}, 0x0) [ 1293.200663][ C1] net_ratelimit: 20 callbacks suppressed [ 1293.200672][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1293.212206][ C1] protocol 88fb is buggy, dev hsr_slave_1 03:43:19 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) r1 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm_plock\x00', 0x480000, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r1, 0x6, 0x1d, &(0x7f0000000040)={0x42, 0xff, 0x5, 0x7ff, 0x10000}, 0x14) sendmsg$key(r0, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f000080e000)={0x2, 0xe, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0xffffff80, 0x0, @in6}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0x60}}, 0x0) [ 1293.280661][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1293.286555][ C0] protocol 88fb is buggy, dev hsr_slave_1 03:43:19 executing program 0: clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(0x0, 0x1) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x20000000, 0xd0}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 03:43:19 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000180)="0adc1f123c123f3188b070") r1 = socket$inet6(0xa, 0x400000000001, 0x0) bind$inet6(r1, &(0x7f0000000200)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r1, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) syz_genetlink_get_family_id$net_dm(0x0) r2 = perf_event_open$cgroup(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, 0xffffffffffffffff) sendmsg$NET_DM_CMD_STOP(0xffffffffffffffff, 0x0, 0x0) chdir(&(0x7f0000000240)='./file0\x00') openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x26e1, 0x0) r3 = open(&(0x7f0000000140)='./bus\x00', 0x141042, 0x0) fchown(r2, 0x0, 0x0) ioctl$TUNGETSNDBUF(r3, 0x800454d3, &(0x7f00000001c0)) getuid() syz_mount_image$hfsplus(&(0x7f0000000040)='hfsplus\x00', &(0x7f0000000080)='./bus\x00', 0x3, 0x1, &(0x7f0000000700)=[{0x0, 0x3b6}], 0x0, 0x0) msgget(0xffffffffffffffff, 0x0) msgrcv(0x0, 0x0, 0xfffffc46, 0x0, 0x0) lsetxattr$trusted_overlay_origin(0x0, 0x0, 0x0, 0x0, 0x0) write$UHID_INPUT(r3, &(0x7f0000002480)={0x8, "c0c814a55b6300d28afc61ac7dd1ffb869b761e8e53ee36e4be89e9fea175523e4468dec44bf8b5473c7a5062b4ede67dcb24cb9484ccfff2b3a70befc56e8ab2eee3483f5bf78c16beac035b700eb84e2216f268d02b717d2046c273814475b412437f7dc08a13a55d3c02132999dfd9fe80b750eff4d7c1da975b3835602728ae09e72527fcee19377e29c6c19e1ccce0f75e0e54001e3e83e473fa3d37eca8be1b3de565571e0e84f310c11fa8616068113b038aaa5c69967699fc2aa41c6f26fc22cf68e3577242c9b4ca20fab9de5885e0648fbd7af089b05f38f152d2f8144461608733c567b6dc5d2a07022c3764565c85abcfd99dd7a85e58939278235d50e8b321be7dbaa5141e097c28364fad2f713d666ca94f4e429687fcabb72aceeaf8abe5b506d98dc393b6e97492d785ead0ca2953f92c4d2b2c9f616e3d98b36be55a923fc5892413f7a3b615cec89b52e0ecdcee0aa5af72bcbb91b4bade7435dd8b529feaf13f8b48fcaca5952235d2e909f8831d8ca05a0daa3f6c581f388e0c1879b41fe63ef3d122bd0c5acd4fb07b96797918791075ae7383bb1bbdea574b31301ff37ecc45671ee2e7fc55bf6244025d1fd82dca56a42a23aa826a0b1e102bd87893ddc05649304eb1866c796e46e0d57f552bd572891ef892918bb2e7f2c6bcf68f388ea0c50f48c06de1b46b1434cdf25ca1288ebabe2a33d1c6effb77f91ef75471e93952caeda8ac2b2677e46d62b8366922d093832bccb949e177b4417864812d22972d81d89158288b5318d017329d4e8f66273abf74c434f318ebf32c7629342a85336387231b1e579d57cff0b125bef9dddf0fc33f71cb59d5a8972cda06ba6bba4a89cb8d3b465492c431698984998b2979ea61fed3d99b049724f2bdda5a0700ccb28825da1343f41290e569a6d38d4ae3968147cf39b097efd78e058fc71523c12e724bf93dc4ecc02b5cb18d13b59ec8f85368ac1ea93ed0149c60c53569dc69cdb3f37470eab26ef010b03a7e651b9e8e9065da347660836eddb3988c9a0f394aad055f727310f646d6cb35131d02aaf24735792bfce250798bebf0d1a4495fca568b9449e81afef2937b50faf873257d7efa07d31759474d50ca2a7922e79ab47dd59b11dfd1ec43fef3551aed81d01ee4ab997c6cecc39013dcaa442aec803e4cebbc288b4f9e87b30613f0ec88ddc6f60f56787f4040897e6e6bdac317d74b27f97f2efadb031f03c61954fd0232373582b7fa315d3eb9f67053126d2ed0636f04d669c47bdeb078fbda177533902e20b5ce9d8f395ea4c0aaf2cae774fe99bc40105a9ca184bcb598ab2f49c1df62d32d1a6d73a26812cb47a2ccaf0e9b759df89ad1e18238d897b9fd658f6786a92a0c12bd0ee6dad8a430a67962363e5b9afb3329e4f1f6fcd7e63cb8f24872bcf5b8c349d9ce423666ca39f16884219dea338b388e40f4ad996419cb3858637364d8e5af67f846d77b2749115131a3642ef56681315e4a2cbca5e60febabf693570f515e09c2a8994a8e2be3cba28118ef429d4de781118182607dd2c2d5aaba621ea29c140338bd8f1787fd2a3f43bb7fa22a8ce053adb331a4c78eab569af317e14360a6bf1c8b7394f34bfc1a941ac88dab334d5a2d45fc83bee28884698fd82339c972a06efb369220049ca89727513bd4262ad6f94f55f659ec98b684b1d92e1b6a303548a196cc5316e9845baaf01e737ef047d3d1ac4fe13de618e8fd6471c225e688b73b866213f4765c1a1ecf041f66a11177b0425b0423c455dccfa35a34f3b1c4c9850267bd41dcc366f4f8fef6982699e9aee7f3edff90217c84f6865234676e65911e5e99739792161766e959d061d6e86797b595ae3cffc043da0929dce1b4bd27e04532800f14f69398a681d46f00197f547fa138e676a4c84e586e9a2037faad7d7342221c229ff13606688ab70305dc28d01270604fbcb2b5777541e637a10e7d6c2dfa76461b18c8b303234282f31b7ed8afd0cdcc3978c6520a182000ea312296c7d9df08c2a67b944bc519113822014a831c8d6a7f8d26a7a443666b6077bdc1c11cf47001bcbb484d163543445c77a02140191bbb813da818b4dc3ef1ca420f624e5cb67c48024aeb8691b549202750899938067a3ad49da19e9fffc6486b3525fba8b2ff991fb3b4c1a536818f2dad96f713ac264a22136c6a3a9eacb4f69ab08cfe2b971a7d916833c6a0370d4b0bc428db2e4b4013899668b73caf9c983e2f07e46b4b5b4f0d231edee8b1951e1d0e34c881d1fc5c6be05b92b13680398e7109bd18048f0bd980fceb24e59411873e7a8a7f95f4da2ba5c082fdda710361e163a213a3dbb82c08a69020545da4636c09a67cd962182a011cf5eb1c3d999abc7b834ee518bb53afe19941927ca190699abf79c334c52e206fc851deb7398947ad5bd125ef3f51349497142e921c85506c739f6319ae0eb8e3c551ceb7e16afc2d6aad36841ed8eb560ef984ee5e00f1ead2c646546b3c145e3700b07fc257551641cf3dcb76a8b3cc75994f2c3eb521cea22d64c8b72b2de506fde8185b70b4707b7f571668a5925ca21e605904d7c896a5d7290b9c4fc75ecc7ddbbd7f6f003a74f53d1a5432e0377a3efce1e7ac61e36dc13aeea57400d4d3986db3fccb6edaf83f86daeb42f416f58c502e74178e013b399d0b155e0df86b40b5f3f2ab0ad61c90870cee340c07977b55622699101e5372677dd4e208fa6b5d4834a2d6f37b2ead107218aa0e702d1f6a60bd4ad3a2e22807237129fdc02993ef1fffe3c285bd4f7b093b2da8d772ce2df7874bf9b7fd0893eb66a4931acc38129bfe4a8fc6b28ea83bcca1220b66c86d4d90914bb9e9a425fce618f11b66f93aa78515eac0f3956cb1e8b6f12d7f6f22c1ca5563e280b15c64732aec2a37d6010cee0fd2263ea3ea2011043153284b4a5fc87cc0dd8c36f084ce715a6e9ba3e8b2586726255d122f2b5677d6590405ae031df8f83840ef3011a7f5d18037407758270d980aa65d5a4aa26a35a61b65178b6183b282771e89a8fe47bd3ea5a23146b924a47c3cc2540a9c8d91d4a8924e010fb6d3e60457e0aa86749cc3444707fda055a0f489aecda68af7f0d7d31cf25641a10bcc0d00996cddf9059121639fa3ff2e5490bae6b702fcf226d8e50f27f0973e5e4cf543445524d0fe3bd55d3f215978bfabcba0d44c076f5b333b2095c70f6a5426338bf0c065ddce27f6730606d84d1ccef8cebcd15085fa8a5d0975dc47eeb09a4ab6da21d01916c97f4e266c4b01f2bfb3b6a08bb5a7cf834e56782d824e7c55b591cd883ed9e806a4f7033bbab49a2b8ab2cb0f6da9d76968208236b35a51f8eba3769a676ad60d69c475706a630f3a078ebaa6ba5bc25719867cb61d48cc3a381b261165c04f3c93f37d72fc15f43df1de34e24e80a46f5d15fb362e71cb4a5365dde04a53dc5e42745fbd601ff148db416244dd76ac16f24138ef9a02491eb5b48d731a8bdcd46040d0ff11a07c040b83db84bfd21ffb1d818203cb7d3f8fca47f1dc510afa8219ab031aaba2147aed7c50228930e895a72abf55ca6997131e231ea92e0059b680735548adf2d572c3540e096a644deb3750e3b341bbeffee70ff22e0b4e56142e4c1965c01a646dd9b5b0055f88f08987ad45adb844b9ffc84792073048c28bcb60f2666802052ee45dcd9a2950d55ecf0234a3dcf67e83cfa0bfb1285eb54e6292d8075c9e1b459e48556f416898557c9c864fc5de459feb53e33dd1a6860a2d1a836ab5ff6efaee123b3715a7137787ee4345efbce38074e262f363a8ff400345c8539d44a7286c7291246810bce063f0877db6585842380b530a4aaef6e36779a95fed220cef6c1fff2fdd5031f83987dc3282d432f322852cc9dc6d00c59d5ed83b386ff97c521e528e59f2df932467ac02d17f8818c2de26d69725f42cecaf186fab7b6e10b1ebd9a9a12ed83cd382d9a6f9a9bed2736cb0ec0260057f5ec704d2e1a64caad59e02ff2022174b23564cb0942e6769b12e0ae4d65dc4c5e6b6ceaf2667e085909c93a9768b7bfdac612801c0bc3848bad51e2367f788cbd1c5091ce0e9c567528c72003712e91247d87f1ff60d3865fc687a35886822079392f8d151b89e09469bef98e59139c460a53805a93245148cbb9a6a010dadc87e9b1a0e0a89e87e433ff1c0ad4b125760858c8badff4d82cbd31cf88f3e2e16a4e960e1e0b5825fc0f2b21d660cf60069d43fb6a8a96c44fa922164f02c9cd5ebb6fad848871224d157777b5a70dc6deb988506bd03aa4ce2200e9ce23641221784250c22d2c8635a3512f45d433cf66e158eb261f48a23d54f5ef4358df3487da471eb5775bdba565ee170be126b2300d0dad050212606f2d77a63fa2ab430e62670e852b89944e611509415bee36bf0961c8918bd8b0eb8af45b1a9d0420c7101a9c5f4a63efb9cc8de7897b5e2b02cb5885ad8d0d8ac7754ba8d4e9d37175e614e3f3a6a7b122bbc6dd9ce78f1b9a4e940a1160bb85650d8932fe1a82d0525630ba017be5129625a45c3cae66c7cdaa33ee704791db81ef2e11a2f528974fa388cd929c934dbdb21425e6117839ab33b2926b036457db3a43083c3ec17231aed4ee5b607a45a5735c9470c03a424b43efcea953c078717344aeb1449c0dfa3a3ec224b542c16cf735466bdaf26b522aef1db547b14f07ebd4f5da34426a46007757be47ed3f643c47f2c4467762cd049d6f4cf8a78d04f8318bdedcee80871e91c0330499d88254555c456d9bde8a892394267eac15c230cf7e7ba19ebc01b1905c80476de3cea8258f6d0820d159f4aa8a37fb378b2685da4e0e89d253187219869f1157bbe4a8a43eabf65e86a6d9b21e25d91c43c3036914427833ed87073886719069148e2e47219bb5da5d9664d64dc5c4ff71c0e808dadbb53a23e41e3c02fd0c9e0704490f3283d1864d15d795882e6522f31445556cab6832f273dac0c7aef4e3f8c09a34d1624fdb087d852f2e827fb2c3105f1afda54b9dc12cfde3cf7747daa5ac70904e82636a13155303f9a1198d6e7f9dc7be394ebc5db9e8380e290e6cae5f320caa56aa94490789fce2e2540b3de8865396f58e14d61d3cb122f7bd1af5a27c6fe733eba3cc39106efc906ea967fb833e2480aa80bd56ccd9e5c25304e2b8135f1453af70059e599cb67bc8eaaa38c39768e74d3da8aba0135f0192d7ddf0149ce62f353b0360251f1f88b272c6e85b4ee4e0563a6de80de83749af6e6aa4d80cab7031aff3f7e8d0c9114940549f828a62be9fd6a16db001369728b4b93d4ecf91563ae03def3ca4e9900a97657c4ff1e41c5742fb3329ba882ed61645aedb22f2543b83cd4007e5d228697a48064acc32ece41f2d5ead3f31a9689249e8b4bb57ac0b136b6c60ec531708235b94db823344aafbb9b79e21959635664b2193c3add0b28767906b7ba4118e6548e9a23b49e9181dc6f7dc7857425c9ab1b1451bc4572fd060190d0b5a76b8368b68e72a212bd0f89d0778d293b1d32f155f30c9aafe7215d2e746ea8f2c73a30bcd8c093a489519b60616b15afe69074ee77fb65caf5faf0aad49106057a91fdcd622a07ac21eb5c221f2e65323228af41b3eb894517c34c4f60ba20fb6f6c4309a7357884c0eeeb0a4874550107f2d0ffdc412f86bdf712f96183b3932cfb4da3f179cde1a288df9af09c243fae8c67b0d208d9cdb7adde8d5e548e0624b19da4818ef656b88280a", 0x1000}, 0x1006) 03:43:19 executing program 2: prctl$PR_SET_CHILD_SUBREAPER(0x24, 0x0) r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f000080e000)={0x2, 0xe, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0xffffff80, 0x0, @in6}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0x60}}, 0x0) r1 = openat$vfio(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vfio/vfio\x00', 0x10000, 0x0) ioctl$SNDRV_TIMER_IOCTL_STOP(r1, 0x54a1) ioctl$DRM_IOCTL_RES_CTX(r1, 0xc0106426, &(0x7f0000000080)={0x8, &(0x7f0000000040)=[{}, {}, {}, {}, {}, {}, {}, {}]}) [ 1293.515453][ T9162] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 1293.546473][ T9162] CPU: 0 PID: 9162 Comm: syz-executor.4 Not tainted 5.1.0-rc1-next-20190319 #6 [ 1293.555427][ T9162] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1293.565485][ T9162] Call Trace: [ 1293.568787][ T9162] dump_stack+0x172/0x1f0 [ 1293.573137][ T9162] dump_header+0x10f/0xb6c [ 1293.577575][ T9162] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1293.583398][ T9162] ? ___ratelimit+0x60/0x595 [ 1293.588001][ T9162] ? do_raw_spin_unlock+0x57/0x270 [ 1293.593126][ T9162] oom_kill_process.cold+0x10/0x15 [ 1293.598252][ T9162] out_of_memory+0x79a/0x1280 [ 1293.602961][ T9162] ? lock_downgrade+0x880/0x880 [ 1293.607827][ T9162] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1293.614082][ T9162] ? oom_killer_disable+0x280/0x280 [ 1293.619290][ T9162] ? find_held_lock+0x35/0x130 [ 1293.624080][ T9162] mem_cgroup_out_of_memory+0x1ca/0x230 [ 1293.629621][ T9162] ? memcg_event_wake+0x230/0x230 [ 1293.634638][ T9162] ? do_raw_spin_unlock+0x57/0x270 [ 1293.639739][ T9162] ? _raw_spin_unlock+0x2d/0x50 [ 1293.644591][ T9162] try_charge+0x118d/0x1790 [ 1293.649113][ T9162] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1293.654670][ T9162] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1293.660912][ T9162] ? kasan_check_read+0x11/0x20 [ 1293.665757][ T9162] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1293.671291][ T9162] mem_cgroup_try_charge+0x24d/0x5e0 [ 1293.676566][ T9162] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1293.680665][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1293.682197][ T9162] __handle_mm_fault+0x1e1f/0x3ec0 [ 1293.682231][ T9162] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1293.682251][ T9162] ? find_held_lock+0x35/0x130 [ 1293.688014][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1293.693074][ T9162] ? handle_mm_fault+0x322/0xb30 [ 1293.693103][ T9162] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1293.693123][ T9162] ? kasan_check_read+0x11/0x20 [ 1293.693145][ T9162] handle_mm_fault+0x43f/0xb30 [ 1293.698749][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1293.703429][ T9162] __get_user_pages+0x7b6/0x1a40 [ 1293.703462][ T9162] ? follow_page_mask+0x19a0/0x19a0 [ 1293.709193][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1293.714091][ T9162] ? perf_trace_lock+0xeb/0x510 [ 1293.714108][ T9162] ? __vma_adjust+0x1840/0x1840 [ 1293.714134][ T9162] ? lock_acquire+0x16f/0x3f0 [ 1293.720428][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1293.725200][ T9162] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1293.725230][ T9162] populate_vma_page_range+0x20d/0x2a0 [ 1293.725253][ T9162] __mm_populate+0x204/0x380 [ 1293.730055][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1293.735724][ T9162] ? populate_vma_page_range+0x2a0/0x2a0 [ 1293.735754][ T9162] __x64_sys_mlockall+0x35c/0x520 [ 1293.735777][ T9162] do_syscall_64+0x103/0x610 [ 1293.808696][ T9162] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1293.814589][ T9162] RIP: 0033:0x458079 [ 1293.818469][ T9162] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1293.838056][ T9162] RSP: 002b:00007fa3c5772c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 1293.846452][ T9162] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000458079 [ 1293.854427][ T9162] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 03:43:20 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000440), 0x132224) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() setsockopt$IPT_SO_SET_REPLACE(r1, 0x0, 0x40, &(0x7f00000000c0)=ANY=[@ANYBLOB="6e61853167377400000100000000000000000000e4dbb77487e90104000000000040800000000000001b2300000503000018030000cc0000ac010000000000001004d1e090e1fe916dd282e0f34f8dfac0dc1695c4d700001004000010030002d3a379b87c5ade6e27a603551ae6543351c2f2d3c00f3f72e011777424c981c41f852110e5d4a50bc78b2aa66b63012812d04b94d660aab341cfe8364422b866cd445d5d0f4d6715baea5900323e00000000000071cf4f040095006f"], 0x1) ptrace$setopts(0xffffffffffffffff, r2, 0x0, 0x0) wait4(0x0, 0x0, 0x0, 0x0) tkill(r2, 0x3c) [ 1293.862403][ T9162] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1293.870383][ T9162] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa3c57736d4 [ 1293.878338][ T9162] R13: 00000000004c3d3a R14: 00000000004d6f20 R15: 00000000ffffffff [ 1293.892053][ T9162] memory: usage 307200kB, limit 307200kB, failcnt 1373 [ 1293.899480][ T9162] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1293.907372][ T9162] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 03:43:20 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="020e00000c000000000000000000000005000600008000000a3f00ffffff00000000000000000000000000fc0000000000000000000000000005000500000000000a00000000000000fe800000000000000000f844000000000000b4b75ef16000"], 0xfffffffffffffee4}}, 0x0) 03:43:20 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000180)="0adc1f123c123f3188b070") r1 = socket$inet6(0xa, 0x400000000001, 0x0) bind$inet6(r1, &(0x7f0000000200)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r1, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) syz_genetlink_get_family_id$net_dm(0x0) r2 = perf_event_open$cgroup(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, 0xffffffffffffffff) sendmsg$NET_DM_CMD_STOP(0xffffffffffffffff, 0x0, 0x0) chdir(&(0x7f0000000240)='./file0\x00') openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x26e1, 0x0) r3 = open(&(0x7f0000000140)='./bus\x00', 0x141042, 0x0) fchown(r2, 0x0, 0x0) ioctl$TUNGETSNDBUF(r3, 0x800454d3, &(0x7f00000001c0)) getuid() syz_mount_image$hfsplus(&(0x7f0000000040)='hfsplus\x00', &(0x7f0000000080)='./bus\x00', 0x3, 0x1, &(0x7f0000000700)=[{0x0, 0x3b6}], 0x0, 0x0) msgget(0xffffffffffffffff, 0x0) msgrcv(0x0, 0x0, 0xfffffc46, 0x0, 0x0) lsetxattr$trusted_overlay_origin(0x0, 0x0, 0x0, 0x0, 0x0) 03:43:20 executing program 5: socket$inet_sctp(0x2, 0x5, 0x84) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) r1 = socket(0xa, 0x3, 0x5) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'bridge0\x00\x00\x01\x00'}) setsockopt$ARPT_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x0, 0x61, &(0x7f0000000080)={'filter\x00', 0x4}, 0x68) setsockopt$inet6_mtu(r1, 0x29, 0x17, &(0x7f00000001c0)=0x2, 0x4) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8923, &(0x7f0000000040)={'bridge0\x00', 0xfffffffffffffffd}) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) socket$inet(0x2, 0x4000000000000001, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCBRADDBR(r4, 0x89a0, &(0x7f00000000c0)='bcsf0\x00') setsockopt$inet6_mtu(r3, 0x29, 0x17, &(0x7f00000002c0)=0x7, 0x4) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(tnepres)\x00'}, 0x58) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r2, 0x84, 0x7c, &(0x7f0000000680)={0x0, 0x4}, &(0x7f00000006c0)=0x8) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f0000000700)={0x0, 0x0, 0x2, 0x1, r6}, 0x10) r7 = accept4(r5, 0x0, &(0x7f0000000000), 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000100), 0x0) r8 = syz_genetlink_get_family_id$nbd(&(0x7f0000000740)='nbd\x00') sendmsg$NBD_CMD_STATUS(r4, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)={0x20, r8, 0x20, 0x70bd27, 0x25dfdbfd, {}, [@NBD_ATTR_TIMEOUT={0xc, 0x4, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x4000) sendto$unix(r7, &(0x7f0000000400), 0xfffffffffffffef8, 0x0, 0x0, 0x22) bind$bt_l2cap(r2, &(0x7f0000000280)={0x1f, 0x1000, {0x2, 0x8, 0x9, 0xff, 0x40, 0x65f}, 0x5, 0xa1}, 0xe) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000200)={r3, &(0x7f0000000140)="b127e17bb4729bdbe9df3309c28cfe1b0b69a52b7f9659d9f5e15f2d086700eb94d66d46780f09e48850970774d57053aa6f75", 0x0, 0x1}, 0x20) socket$alg(0x26, 0x5, 0x0) recvmmsg(r7, &(0x7f0000009140)=[{{&(0x7f0000001580)=@in={0x2, 0x0, @dev}, 0x80, &(0x7f0000004840)=[{&(0x7f0000003840)=""/4096, 0x6}, {&(0x7f0000001600)=""/129, 0x7fffeffa}], 0x2, &(0x7f00000048c0)=""/58, 0x3a}}], 0x1, 0x0, &(0x7f0000009340)={0x0, 0x989680}) ioctl$sock_SIOCBRDELBR(r4, 0x89a1, &(0x7f0000000180)='bcsf0\x00\x00\x00\x00\x00\x00\x00\x11\x00') getsockopt$bt_rfcomm_RFCOMM_LM(r3, 0x12, 0x3, &(0x7f0000000380), &(0x7f0000000240)=0x293) sendmsg$nl_xfrm(r0, &(0x7f0000000100)={&(0x7f0000f4dff4), 0xc, &(0x7f0000000040)={&(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000c011100"], 0x1}}, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000600)={'bridge0\x00'}) [ 1293.914387][ T9162] Memory cgroup stats for /syz4: cache:0KB rss:279920KB rss_huge:18432KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:235456KB active_anon:27424KB inactive_file:4KB active_file:0KB unevictable:17280KB [ 1293.986724][ T9162] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=9157,uid=0 [ 1294.055627][ T9162] Memory cgroup out of memory: Killed process 9157 (syz-executor.4) total-vm:72448kB, anon-rss:17072kB, file-rss:37164kB, shmem-rss:0kB [ 1294.088624][ T1043] oom_reaper: reaped process 9157 (syz-executor.4), now anon-rss:17120kB, file-rss:37944kB, shmem-rss:0kB 03:43:20 executing program 4: socketpair$unix(0x1, 0x0, 0x0, 0x0) r0 = creat(0x0, 0x0) r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_STATUS(r0, 0xc05c5340, &(0x7f0000000200)={0xff, 0x9, 0xff, {}, 0x2}) mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x0, 0x6031, 0xffffffffffffffff, 0x0) fcntl$dupfd(r2, 0x406, r1) 03:43:20 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f000080e000)={0x2, 0xe, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0xffffff80, 0x0, @in6}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0x60}}, 0x0) r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x204c0, 0x0) ioctl$RTC_PIE_OFF(r1, 0x7006) execveat(r1, &(0x7f0000000040)='./file0\x00', &(0x7f00000000c0)=[&(0x7f0000000080)='\x00'], &(0x7f0000000200)=[&(0x7f0000000100)='systemeth0vmnet0cgroupvmnet0%)wlan0#\x00', &(0x7f0000000140)='/proc/self/net/pfkey\x00', &(0x7f0000000180)='\x00', &(0x7f00000001c0)='\x00'], 0x1000) 03:43:20 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000180)="0adc1f123c123f3188b070") r1 = socket$inet6(0xa, 0x400000000001, 0x0) bind$inet6(r1, &(0x7f0000000200)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r1, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) syz_genetlink_get_family_id$net_dm(0x0) r2 = perf_event_open$cgroup(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, 0xffffffffffffffff) sendmsg$NET_DM_CMD_STOP(0xffffffffffffffff, 0x0, 0x0) chdir(&(0x7f0000000240)='./file0\x00') openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x26e1, 0x0) r3 = open(&(0x7f0000000140)='./bus\x00', 0x141042, 0x0) fchown(r2, 0x0, 0x0) ioctl$TUNGETSNDBUF(r3, 0x800454d3, &(0x7f00000001c0)) getuid() syz_mount_image$hfsplus(&(0x7f0000000040)='hfsplus\x00', &(0x7f0000000080)='./bus\x00', 0x3, 0x1, &(0x7f0000000700)=[{0x0, 0x3b6}], 0x0, 0x0) msgget(0xffffffffffffffff, 0x0) msgrcv(0x0, 0x0, 0xfffffc46, 0x0, 0x0) 03:43:20 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000180)="0adc1f123c123f3188b070") r1 = socket$inet6(0xa, 0x400000000001, 0x0) bind$inet6(r1, &(0x7f0000000200)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r1, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) syz_genetlink_get_family_id$net_dm(0x0) r2 = perf_event_open$cgroup(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, 0xffffffffffffffff) sendmsg$NET_DM_CMD_STOP(0xffffffffffffffff, 0x0, 0x0) chdir(&(0x7f0000000240)='./file0\x00') openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x26e1, 0x0) r3 = open(&(0x7f0000000140)='./bus\x00', 0x141042, 0x0) fchown(r2, 0x0, 0x0) ioctl$TUNGETSNDBUF(r3, 0x800454d3, &(0x7f00000001c0)) getuid() syz_mount_image$hfsplus(&(0x7f0000000040)='hfsplus\x00', &(0x7f0000000080)='./bus\x00', 0x3, 0x1, &(0x7f0000000700)=[{0x0, 0x3b6}], 0x0, 0x0) msgget(0xffffffffffffffff, 0x0) 03:43:20 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f000080e000)={0x2, 0xe, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0xffffff80, 0x0, @in6}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0x60}}, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000000)={0x0}, &(0x7f0000000040)=0xc) r2 = openat$vcs(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vcs\x00', 0x600840, 0x0) ioctl$VIDIOC_ENUMSTD(r2, 0xc0485619, &(0x7f0000000100)={0x20000, 0x100000, "268e48297f8bf4200b8d0f45e1919ae93b6862bd216cb015", {0xfffffffffffff800, 0xfffffffffffffffb}, 0x7}) sched_setaffinity(r1, 0x8, &(0x7f0000000080)=0x8) [ 1294.602320][ T9223] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 1294.612411][ T9223] CPU: 0 PID: 9223 Comm: syz-executor.4 Not tainted 5.1.0-rc1-next-20190319 #6 [ 1294.621438][ T9223] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1294.631495][ T9223] Call Trace: [ 1294.634800][ T9223] dump_stack+0x172/0x1f0 [ 1294.639141][ T9223] dump_header+0x10f/0xb6c [ 1294.643562][ T9223] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1294.649377][ T9223] ? ___ratelimit+0x60/0x595 [ 1294.653977][ T9223] ? do_raw_spin_unlock+0x57/0x270 [ 1294.659093][ T9223] oom_kill_process.cold+0x10/0x15 [ 1294.664207][ T9223] out_of_memory+0x79a/0x1280 [ 1294.668892][ T9223] ? lock_downgrade+0x880/0x880 [ 1294.673743][ T9223] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1294.679988][ T9223] ? oom_killer_disable+0x280/0x280 [ 1294.685182][ T9223] ? find_held_lock+0x35/0x130 [ 1294.689968][ T9223] mem_cgroup_out_of_memory+0x1ca/0x230 [ 1294.695516][ T9223] ? memcg_event_wake+0x230/0x230 [ 1294.700552][ T9223] ? do_raw_spin_unlock+0x57/0x270 [ 1294.705844][ T9223] ? _raw_spin_unlock+0x2d/0x50 [ 1294.710698][ T9223] try_charge+0x118d/0x1790 [ 1294.715215][ T9223] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1294.720761][ T9223] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1294.727003][ T9223] ? kasan_check_read+0x11/0x20 [ 1294.731860][ T9223] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1294.737413][ T9223] mem_cgroup_try_charge+0x24d/0x5e0 [ 1294.742709][ T9223] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1294.748348][ T9223] __handle_mm_fault+0x1e1f/0x3ec0 [ 1294.753469][ T9223] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1294.759109][ T9223] ? find_held_lock+0x35/0x130 [ 1294.763871][ T9223] ? handle_mm_fault+0x322/0xb30 [ 1294.768818][ T9223] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1294.775061][ T9223] ? kasan_check_read+0x11/0x20 [ 1294.779921][ T9223] handle_mm_fault+0x43f/0xb30 [ 1294.784703][ T9223] __get_user_pages+0x7b6/0x1a40 [ 1294.789651][ T9223] ? follow_page_mask+0x19a0/0x19a0 [ 1294.794845][ T9223] ? perf_trace_lock+0xeb/0x510 [ 1294.799694][ T9223] ? __vma_adjust+0x1840/0x1840 [ 1294.804554][ T9223] ? lock_acquire+0x16f/0x3f0 [ 1294.809237][ T9223] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1294.815478][ T9223] populate_vma_page_range+0x20d/0x2a0 [ 1294.820948][ T9223] __mm_populate+0x204/0x380 [ 1294.825542][ T9223] ? populate_vma_page_range+0x2a0/0x2a0 [ 1294.831184][ T9223] __x64_sys_mlockall+0x35c/0x520 [ 1294.836225][ T9223] do_syscall_64+0x103/0x610 [ 1294.840825][ T9223] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1294.846711][ T9223] RIP: 0033:0x458079 [ 1294.850602][ T9223] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1294.870290][ T9223] RSP: 002b:00007fa3c5772c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 1294.878700][ T9223] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000458079 [ 1294.889877][ T9223] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 1294.897844][ T9223] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1294.905811][ T9223] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa3c57736d4 [ 1294.913778][ T9223] R13: 00000000004c3d3a R14: 00000000004d6f20 R15: 00000000ffffffff [ 1294.930988][ T9223] memory: usage 307200kB, limit 307200kB, failcnt 1412 [ 1294.941551][ T9223] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1294.949138][ T9223] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1294.956174][ T9223] Memory cgroup stats for /syz4: cache:0KB rss:280048KB rss_huge:18432KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:235456KB active_anon:27424KB inactive_file:4KB active_file:0KB unevictable:17284KB [ 1294.978809][ T9223] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=9222,uid=0 [ 1294.994491][ T9223] Memory cgroup out of memory: Killed process 9222 (syz-executor.4) total-vm:72448kB, anon-rss:17072kB, file-rss:37164kB, shmem-rss:0kB [ 1295.017981][ T1043] oom_reaper: reaped process 9222 (syz-executor.4), now anon-rss:17120kB, file-rss:37944kB, shmem-rss:0kB 03:43:22 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000180)="0adc1f123c123f3188b070") r1 = socket$inet6(0xa, 0x400000000001, 0x0) bind$inet6(r1, &(0x7f0000000200)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r1, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) syz_genetlink_get_family_id$net_dm(0x0) r2 = perf_event_open$cgroup(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, 0xffffffffffffffff) sendmsg$NET_DM_CMD_STOP(0xffffffffffffffff, 0x0, 0x0) chdir(&(0x7f0000000240)='./file0\x00') openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x26e1, 0x0) r3 = open(&(0x7f0000000140)='./bus\x00', 0x141042, 0x0) fchown(r2, 0x0, 0x0) ioctl$TUNGETSNDBUF(r3, 0x800454d3, &(0x7f00000001c0)) getuid() syz_mount_image$hfsplus(&(0x7f0000000040)='hfsplus\x00', &(0x7f0000000080)='./bus\x00', 0x3, 0x1, &(0x7f0000000700)=[{0x0, 0x3b6}], 0x0, 0x0) 03:43:22 executing program 4: socketpair$unix(0x1, 0x0, 0x0, 0x0) r0 = creat(0x0, 0x0) r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_STATUS(r0, 0xc05c5340, &(0x7f0000000200)={0xff, 0x9, 0xff, {}, 0x2, 0x1}) mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x0, 0x10, 0xffffffffffffffff, 0x0) fcntl$dupfd(r2, 0x406, r1) 03:43:22 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000440), 0x132224) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() setsockopt$IPT_SO_SET_REPLACE(r1, 0x0, 0x40, &(0x7f00000000c0)=ANY=[@ANYBLOB="6e61853167377400000100000000000000000000e4dbb77487e90104000000000040800000000000001b2300000503000018030000cc0000ac010000000000001004d1e090e1fe916dd282e0f34f8dfac0dc1695c4d700001004000010030002d3a379b87c5ade6e27a603551ae6543351c2f2d3c00f3f72e011777424c981c41f852110e5d4a50bc78b2aa66b63012812d04b94d660aab341cfe8364422b866cd445d5d0f4d6715baea5900323e00000000000071cf4f040095006f"], 0x1) ptrace$setopts(0xffffffffffffffff, r2, 0x0, 0x0) wait4(0x0, 0x0, 0x0, 0x0) tkill(r2, 0x3c) 03:43:22 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f000080e000)={0x2, 0xe, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0xffffff80, 0x0, @in6}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0x60}}, 0x0) r1 = syz_open_dev$cec(&(0x7f0000000000)='/dev/cec#\x00', 0x1, 0x2) ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f0000000080)=0x0) syz_open_procfs(r2, &(0x7f00000000c0)='ns\x00') ioctl$TIOCGWINSZ(r1, 0x5413, &(0x7f0000000040)) 03:43:22 executing program 0: clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(0x0, 0x1) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x20000000, 0xd0}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 03:43:22 executing program 5: socket$inet_sctp(0x2, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f00000003c0)=ANY=[@ANYBLOB="7cdaf117ad949c33f5436f8e61287af40e63e6559df00e1c92e3892c4c1cde1e61dc755864675bb0084e5e8ed007ed531d2e2cbd9c775f9e6d807d11e9e6c7c13e9b9937"], 0x0) r0 = socket(0xa, 0x3, 0x5) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000000)={'bridge0\x00\x00\x01\x00'}) setsockopt$ARPT_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x0, 0x61, &(0x7f0000000080)={'filter\x00', 0x4}, 0x68) setsockopt$inet6_mtu(r0, 0x29, 0x17, &(0x7f00000001c0)=0x2, 0x4) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8923, &(0x7f0000000040)={'bridge0\x00', 0xfffffffffffffffd}) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) socket$inet(0x2, 0x4000000000000001, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCBRADDBR(r3, 0x89a0, &(0x7f00000000c0)='bcsf0\x00') setsockopt$inet6_mtu(r2, 0x29, 0x17, &(0x7f00000002c0)=0x7, 0x4) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(tnepres)\x00'}, 0x58) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r1, 0x84, 0x7c, &(0x7f0000000680)={0x0, 0x4}, &(0x7f00000006c0)=0x8) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r0, 0x84, 0x22, &(0x7f0000000700)={0x0, 0x0, 0x2, 0x1, r5}, 0x10) r6 = accept4(r4, 0x0, &(0x7f0000000000), 0x0) setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000000100), 0x0) r7 = syz_genetlink_get_family_id$nbd(&(0x7f0000000740)='nbd\x00') sendmsg$NBD_CMD_STATUS(r3, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)={0x20, r7, 0x20, 0x70bd27, 0x25dfdbfd, {}, [@NBD_ATTR_TIMEOUT={0xc, 0x4, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x4000) sendto$unix(r6, &(0x7f0000000400), 0xfffffffffffffef8, 0x0, 0x0, 0x22) bind$bt_l2cap(r1, &(0x7f0000000280)={0x1f, 0x1000, {0x2, 0x8, 0x9, 0xff, 0x40, 0x65f}, 0x5, 0xa1}, 0xe) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000200)={r2, &(0x7f0000000140)="b127e17bb4729bdbe9df3309c28cfe1b0b69a52b7f9659d9f5e15f2d086700eb94d66d46780f09e48850970774d57053aa6f75", 0x0, 0x1}, 0x20) socket$alg(0x26, 0x5, 0x0) recvmmsg(r6, &(0x7f0000009140)=[{{&(0x7f0000001580)=@in={0x2, 0x0, @dev}, 0x80, &(0x7f0000004840)=[{&(0x7f0000003840)=""/4096, 0x6}, {&(0x7f0000001600)=""/129, 0x7fffeffa}], 0x2, &(0x7f00000048c0)=""/58, 0x3a}}], 0x1, 0x0, &(0x7f0000009340)={0x0, 0x989680}) ioctl$sock_SIOCBRDELBR(r3, 0x89a1, &(0x7f0000000180)='bcsf0\x00\x00\x00\x00\x00\x00\x00\x11\x00') getsockopt$bt_rfcomm_RFCOMM_LM(r2, 0x12, 0x3, &(0x7f0000000380), &(0x7f0000000240)=0x293) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000f4dff4), 0xc, &(0x7f0000000040)={&(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000c011100"], 0x1}}, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000600)={'bridge0\x00'}) 03:43:22 executing program 0: clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x0) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x20000000, 0xd0}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 03:43:23 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) socketpair(0x0, 0xa, 0x7, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$inet_sctp_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f0000000040)=""/4096, &(0x7f0000001040)=0x1000) sendmsg$key(r0, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f000080e000)={0x2, 0xe, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0xffffff80, 0x0, @in6}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0x60}}, 0x0) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) 03:43:23 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000180)="0adc1f123c123f3188b070") r1 = socket$inet6(0xa, 0x400000000001, 0x0) bind$inet6(r1, &(0x7f0000000200)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r1, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) syz_genetlink_get_family_id$net_dm(0x0) r2 = perf_event_open$cgroup(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, 0xffffffffffffffff) sendmsg$NET_DM_CMD_STOP(0xffffffffffffffff, 0x0, 0x0) chdir(&(0x7f0000000240)='./file0\x00') openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x26e1, 0x0) r3 = open(&(0x7f0000000140)='./bus\x00', 0x141042, 0x0) fchown(r2, 0x0, 0x0) ioctl$TUNGETSNDBUF(r3, 0x800454d3, &(0x7f00000001c0)) syz_mount_image$hfsplus(&(0x7f0000000040)='hfsplus\x00', &(0x7f0000000080)='./bus\x00', 0x3, 0x1, &(0x7f0000000700)=[{0x0, 0x3b6}], 0x0, 0x0) 03:43:23 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000180)="0adc1f123c123f3188b070") r1 = socket$inet6(0xa, 0x400000000001, 0x0) bind$inet6(r1, &(0x7f0000000200)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r1, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) syz_genetlink_get_family_id$net_dm(0x0) r2 = perf_event_open$cgroup(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, 0xffffffffffffffff) sendmsg$NET_DM_CMD_STOP(0xffffffffffffffff, 0x0, 0x0) chdir(&(0x7f0000000240)='./file0\x00') openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x26e1, 0x0) open(&(0x7f0000000140)='./bus\x00', 0x141042, 0x0) fchown(r2, 0x0, 0x0) syz_mount_image$hfsplus(&(0x7f0000000040)='hfsplus\x00', &(0x7f0000000080)='./bus\x00', 0x3, 0x1, &(0x7f0000000700)=[{0x0, 0x3b6}], 0x0, 0x0) 03:43:23 executing program 2: [ 1296.855695][ T9238] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 1296.885645][ T9238] CPU: 1 PID: 9238 Comm: syz-executor.4 Not tainted 5.1.0-rc1-next-20190319 #6 [ 1296.894599][ T9238] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1296.904659][ T9238] Call Trace: [ 1296.907972][ T9238] dump_stack+0x172/0x1f0 [ 1296.919521][ T9238] dump_header+0x10f/0xb6c [ 1296.923963][ T9238] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1296.929787][ T9238] ? ___ratelimit+0x60/0x595 [ 1296.934390][ T9238] ? do_raw_spin_unlock+0x57/0x270 [ 1296.939526][ T9238] oom_kill_process.cold+0x10/0x15 [ 1296.944656][ T9238] out_of_memory+0x79a/0x1280 [ 1296.949347][ T9238] ? lock_downgrade+0x880/0x880 [ 1296.954205][ T9238] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1296.960460][ T9238] ? oom_killer_disable+0x280/0x280 [ 1296.965663][ T9238] ? find_held_lock+0x35/0x130 [ 1296.970448][ T9238] mem_cgroup_out_of_memory+0x1ca/0x230 [ 1296.976001][ T9238] ? memcg_event_wake+0x230/0x230 [ 1296.981050][ T9238] ? do_raw_spin_unlock+0x57/0x270 [ 1296.986178][ T9238] ? _raw_spin_unlock+0x2d/0x50 [ 1296.991057][ T9238] try_charge+0x118d/0x1790 [ 1296.995585][ T9238] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1297.001153][ T9238] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1297.008944][ T9238] ? kasan_check_read+0x11/0x20 [ 1297.013820][ T9238] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1297.019383][ T9238] mem_cgroup_try_charge+0x24d/0x5e0 [ 1297.024689][ T9238] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1297.030353][ T9238] __handle_mm_fault+0x1e1f/0x3ec0 [ 1297.035492][ T9238] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1297.041059][ T9238] ? find_held_lock+0x35/0x130 [ 1297.045837][ T9238] ? handle_mm_fault+0x322/0xb30 [ 1297.050802][ T9238] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1297.057058][ T9238] ? kasan_check_read+0x11/0x20 [ 1297.061923][ T9238] handle_mm_fault+0x43f/0xb30 [ 1297.066725][ T9238] __get_user_pages+0x7b6/0x1a40 [ 1297.071689][ T9238] ? follow_page_mask+0x19a0/0x19a0 [ 1297.076902][ T9238] ? perf_trace_lock+0xeb/0x510 [ 1297.081777][ T9238] ? __vma_adjust+0x1840/0x1840 [ 1297.086651][ T9238] ? lock_acquire+0x16f/0x3f0 [ 1297.091340][ T9238] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1297.097604][ T9238] populate_vma_page_range+0x20d/0x2a0 [ 1297.103087][ T9238] __mm_populate+0x204/0x380 [ 1297.107692][ T9238] ? populate_vma_page_range+0x2a0/0x2a0 [ 1297.113352][ T9238] __x64_sys_mlockall+0x35c/0x520 [ 1297.118399][ T9238] do_syscall_64+0x103/0x610 [ 1297.123010][ T9238] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1297.128914][ T9238] RIP: 0033:0x458079 [ 1297.132841][ T9238] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 03:43:23 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000180)="0adc1f123c123f3188b070") r1 = socket$inet6(0xa, 0x400000000001, 0x0) bind$inet6(r1, &(0x7f0000000200)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r1, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) syz_genetlink_get_family_id$net_dm(0x0) perf_event_open$cgroup(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, 0xffffffffffffffff) sendmsg$NET_DM_CMD_STOP(0xffffffffffffffff, 0x0, 0x0) chdir(&(0x7f0000000240)='./file0\x00') openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x26e1, 0x0) open(&(0x7f0000000140)='./bus\x00', 0x141042, 0x0) syz_mount_image$hfsplus(&(0x7f0000000040)='hfsplus\x00', &(0x7f0000000080)='./bus\x00', 0x3, 0x1, &(0x7f0000000700)=[{0x0, 0x3b6}], 0x0, 0x0) 03:43:23 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000440), 0x132224) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() setsockopt$IPT_SO_SET_REPLACE(r1, 0x0, 0x40, &(0x7f00000000c0)=ANY=[@ANYBLOB="6e61853167377400000100000000000000000000e4dbb77487e90104000000000040800000000000001b2300000503000018030000cc0000ac010000000000001004d1e090e1fe916dd282e0f34f8dfac0dc1695c4d700001004000010030002d3a379b87c5ade6e27a603551ae6543351c2f2d3c00f3f72e011777424c981c41f852110e5d4a50bc78b2aa66b63012812d04b94d660aab341cfe8364422b866cd445d5d0f4d6715baea5900323e00000000000071cf4f040095006f"], 0x1) ptrace$setopts(0xffffffffffffffff, r2, 0x0, 0x0) wait4(0x0, 0x0, 0x0, 0x0) tkill(r2, 0x3c) 03:43:23 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f000080e000)={0x2, 0xe, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0xffffff80, 0x0, @in6}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0x60}}, 0x0) r1 = dup3(r0, r0, 0x80000) fanotify_init(0x2, 0x8000) r2 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040)='IPVS\x00') sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000180)={&(0x7f0000000080)={0xf0, r2, 0x200, 0x70bd28, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x5}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x5}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0xf0}, @IPVS_CMD_ATTR_DEST={0x2c, 0x2, [@IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x6}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x67}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x3}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x2}, @IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x1b3}]}, @IPVS_CMD_ATTR_SERVICE={0x48, 0x1, [@IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x2}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x4, 0x2}}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@mcast1}, @IPVS_SVC_ATTR_AF={0x8, 0x1, 0xa}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x20, 0x21}}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x13}]}, @IPVS_CMD_ATTR_DEST={0x2c, 0x2, [@IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0xfffffffffffffffe}, @IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x6}, @IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0x9}, @IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0x7}, @IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x1}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x7}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x1}, @IPVS_CMD_ATTR_DEST={0x14, 0x2, [@IPVS_DEST_ATTR_PORT={0x8, 0x2, 0x4e20}, @IPVS_DEST_ATTR_PORT={0x8, 0x2, 0x4e24}]}]}, 0xf0}, 0x1, 0x0, 0x0, 0x8004}, 0x40000) [ 1297.152458][ T9238] RSP: 002b:00007fa3c5772c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 1297.160888][ T9238] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000458079 [ 1297.168913][ T9238] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 1297.176914][ T9238] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1297.184917][ T9238] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa3c57736d4 [ 1297.192927][ T9238] R13: 00000000004c3d3a R14: 00000000004d6f20 R15: 00000000ffffffff [ 1297.209727][ T9238] memory: usage 307200kB, limit 307200kB, failcnt 1452 [ 1297.217549][ T9238] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1297.240726][ T9238] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1297.247726][ T9238] Memory cgroup stats for /syz4: cache:0KB rss:280072KB rss_huge:18432KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:235456KB active_anon:27424KB inactive_file:0KB active_file:0KB unevictable:17304KB [ 1297.277732][ T9238] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=9233,uid=0 [ 1297.293948][ T9238] Memory cgroup out of memory: Killed process 9233 (syz-executor.4) total-vm:72448kB, anon-rss:17072kB, file-rss:37164kB, shmem-rss:0kB [ 1297.309289][ T1043] oom_reaper: reaped process 9233 (syz-executor.4), now anon-rss:17120kB, file-rss:37940kB, shmem-rss:0kB 03:43:23 executing program 4: socketpair$unix(0x1, 0x0, 0x0, 0x0) r0 = creat(0x0, 0x0) r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_STATUS(r0, 0xc05c5340, &(0x7f0000000200)={0xff, 0x9, 0xff, {}, 0x2, 0x1}) mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x0, 0x10, 0xffffffffffffffff, 0x0) fcntl$dupfd(r2, 0x406, r1) 03:43:23 executing program 5: socket$inet_sctp(0x2, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f00000003c0)=ANY=[@ANYBLOB="7cdaf117ad949c33f5436f8e61287af40e63e6559df00e1c92e3892c4c1cde1e61dc755864675bb0084e5e8ed007ed531d2e2cbd9c775f9e6d807d11e9e6c7c13e9b9937"], 0x0) r0 = socket(0xa, 0x3, 0x5) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000000)={'bridge0\x00\x00\x01\x00'}) setsockopt$ARPT_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x0, 0x61, &(0x7f0000000080)={'filter\x00', 0x4}, 0x68) setsockopt$inet6_mtu(r0, 0x29, 0x17, &(0x7f00000001c0)=0x2, 0x4) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8923, &(0x7f0000000040)={'bridge0\x00', 0xfffffffffffffffd}) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) socket$inet(0x2, 0x4000000000000001, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCBRADDBR(r3, 0x89a0, &(0x7f00000000c0)='bcsf0\x00') setsockopt$inet6_mtu(r2, 0x29, 0x17, &(0x7f00000002c0)=0x7, 0x4) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(tnepres)\x00'}, 0x58) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r1, 0x84, 0x7c, &(0x7f0000000680)={0x0, 0x4}, &(0x7f00000006c0)=0x8) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r0, 0x84, 0x22, &(0x7f0000000700)={0x0, 0x0, 0x2, 0x1, r5}, 0x10) r6 = accept4(r4, 0x0, &(0x7f0000000000), 0x0) setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000000100), 0x0) r7 = syz_genetlink_get_family_id$nbd(&(0x7f0000000740)='nbd\x00') sendmsg$NBD_CMD_STATUS(r3, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)={0x20, r7, 0x20, 0x70bd27, 0x25dfdbfd, {}, [@NBD_ATTR_TIMEOUT={0xc, 0x4, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x4000) sendto$unix(r6, &(0x7f0000000400), 0xfffffffffffffef8, 0x0, 0x0, 0x22) bind$bt_l2cap(r1, &(0x7f0000000280)={0x1f, 0x1000, {0x2, 0x8, 0x9, 0xff, 0x40, 0x65f}, 0x5, 0xa1}, 0xe) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000200)={r2, &(0x7f0000000140)="b127e17bb4729bdbe9df3309c28cfe1b0b69a52b7f9659d9f5e15f2d086700eb94d66d46780f09e48850970774d57053aa6f75", 0x0, 0x1}, 0x20) socket$alg(0x26, 0x5, 0x0) recvmmsg(r6, &(0x7f0000009140)=[{{&(0x7f0000001580)=@in={0x2, 0x0, @dev}, 0x80, &(0x7f0000004840)=[{&(0x7f0000003840)=""/4096, 0x6}, {&(0x7f0000001600)=""/129, 0x7fffeffa}], 0x2, &(0x7f00000048c0)=""/58, 0x3a}}], 0x1, 0x0, &(0x7f0000009340)={0x0, 0x989680}) ioctl$sock_SIOCBRDELBR(r3, 0x89a1, &(0x7f0000000180)='bcsf0\x00\x00\x00\x00\x00\x00\x00\x11\x00') getsockopt$bt_rfcomm_RFCOMM_LM(r2, 0x12, 0x3, &(0x7f0000000380), &(0x7f0000000240)=0x293) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000f4dff4), 0xc, &(0x7f0000000040)={&(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000c011100"], 0x1}}, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000600)={'bridge0\x00'}) 03:43:23 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000180)="0adc1f123c123f3188b070") r1 = socket$inet6(0xa, 0x400000000001, 0x0) bind$inet6(r1, &(0x7f0000000200)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r1, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) syz_genetlink_get_family_id$net_dm(0x0) perf_event_open$cgroup(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, 0xffffffffffffffff) sendmsg$NET_DM_CMD_STOP(0xffffffffffffffff, 0x0, 0x0) chdir(&(0x7f0000000240)='./file0\x00') openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x26e1, 0x0) syz_mount_image$hfsplus(&(0x7f0000000040)='hfsplus\x00', &(0x7f0000000080)='./bus\x00', 0x3, 0x1, &(0x7f0000000700)=[{0x0, 0x3b6}], 0x0, 0x0) 03:43:23 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f000080e000)={0x2, 0xe, 0x5, 0x3, 0xc, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0xffffff80, 0x0, @in6}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0x60}}, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_CARD_INFO(r1, 0x81785501, &(0x7f0000000100)=""/47) r2 = syz_open_dev$amidi(&(0x7f0000000040)='/dev/amidi#\x00', 0x100000001, 0xa01) ioctl$IMCLEAR_L2(r2, 0x80044946, &(0x7f0000000080)) [ 1297.725022][ T9292] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 1297.746701][ T9292] CPU: 1 PID: 9292 Comm: syz-executor.4 Not tainted 5.1.0-rc1-next-20190319 #6 [ 1297.755673][ T9292] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1297.765728][ T9292] Call Trace: [ 1297.769021][ T9292] dump_stack+0x172/0x1f0 [ 1297.773356][ T9292] dump_header+0x10f/0xb6c [ 1297.777772][ T9292] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1297.783581][ T9292] ? ___ratelimit+0x60/0x595 [ 1297.788181][ T9292] ? do_raw_spin_unlock+0x57/0x270 [ 1297.793294][ T9292] oom_kill_process.cold+0x10/0x15 [ 1297.798404][ T9292] out_of_memory+0x79a/0x1280 [ 1297.803081][ T9292] ? lock_downgrade+0x880/0x880 [ 1297.807929][ T9292] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1297.814182][ T9292] ? oom_killer_disable+0x280/0x280 [ 1297.819374][ T9292] ? find_held_lock+0x35/0x130 [ 1297.824149][ T9292] mem_cgroup_out_of_memory+0x1ca/0x230 [ 1297.829696][ T9292] ? memcg_event_wake+0x230/0x230 [ 1297.834734][ T9292] ? do_raw_spin_unlock+0x57/0x270 [ 1297.839848][ T9292] ? _raw_spin_unlock+0x2d/0x50 [ 1297.844703][ T9292] try_charge+0x118d/0x1790 [ 1297.849219][ T9292] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1297.854768][ T9292] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1297.861014][ T9292] ? kasan_check_read+0x11/0x20 [ 1297.865871][ T9292] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1297.871420][ T9292] mem_cgroup_try_charge+0x24d/0x5e0 [ 1297.876716][ T9292] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1297.882353][ T9292] __handle_mm_fault+0x1e1f/0x3ec0 [ 1297.887471][ T9292] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1297.893019][ T9292] ? find_held_lock+0x35/0x130 [ 1297.898204][ T9292] ? handle_mm_fault+0x322/0xb30 [ 1297.903161][ T9292] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1297.909404][ T9292] ? kasan_check_read+0x11/0x20 [ 1297.914259][ T9292] handle_mm_fault+0x43f/0xb30 [ 1297.919028][ T9292] __get_user_pages+0x7b6/0x1a40 [ 1297.923980][ T9292] ? follow_page_mask+0x19a0/0x19a0 [ 1297.929174][ T9292] ? perf_trace_lock+0xeb/0x510 [ 1297.934031][ T9292] ? __vma_adjust+0x1840/0x1840 [ 1297.938893][ T9292] ? lock_acquire+0x16f/0x3f0 [ 1297.943570][ T9292] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1297.949817][ T9292] populate_vma_page_range+0x20d/0x2a0 [ 1297.955285][ T9292] __mm_populate+0x204/0x380 [ 1297.959882][ T9292] ? populate_vma_page_range+0x2a0/0x2a0 [ 1297.965538][ T9292] __x64_sys_mlockall+0x35c/0x520 [ 1297.970569][ T9292] do_syscall_64+0x103/0x610 [ 1297.975167][ T9292] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1297.981054][ T9292] RIP: 0033:0x458079 [ 1297.984959][ T9292] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1298.005033][ T9292] RSP: 002b:00007fa3c5772c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 1298.013445][ T9292] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000458079 [ 1298.021411][ T9292] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 1298.029377][ T9292] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1298.037341][ T9292] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa3c57736d4 [ 1298.045305][ T9292] R13: 00000000004c3d3a R14: 00000000004d6f20 R15: 00000000ffffffff [ 1298.055991][ T9292] memory: usage 307200kB, limit 307200kB, failcnt 1485 [ 1298.066421][ T9292] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1298.074084][ T9292] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1298.082279][ T9292] Memory cgroup stats for /syz4: cache:0KB rss:280188KB rss_huge:18432KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:235456KB active_anon:27424KB inactive_file:4KB active_file:0KB unevictable:17336KB [ 1298.104454][ T9292] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=9290,uid=0 [ 1298.120746][ T9292] Memory cgroup out of memory: Killed process 9290 (syz-executor.4) total-vm:72448kB, anon-rss:17072kB, file-rss:37164kB, shmem-rss:0kB [ 1298.135584][ T1043] oom_reaper: reaped process 9290 (syz-executor.4), now anon-rss:17120kB, file-rss:37940kB, shmem-rss:0kB [ 1299.440699][ C1] net_ratelimit: 20 callbacks suppressed [ 1299.440709][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1299.452186][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1299.520671][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1299.526514][ C0] protocol 88fb is buggy, dev hsr_slave_1 03:43:26 executing program 0: clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x0) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x20000000, 0xd0}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 03:43:26 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000440), 0x132224) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() setsockopt$IPT_SO_SET_REPLACE(r1, 0x0, 0x40, &(0x7f00000000c0)=ANY=[@ANYBLOB="6e61853167377400000100000000000000000000e4dbb77487e90104000000000040800000000000001b2300000503000018030000cc0000ac010000000000001004d1e090e1fe916dd282e0f34f8dfac0dc1695c4d700001004000010030002d3a379b87c5ade6e27a603551ae6543351c2f2d3c00f3f72e011777424c981c41f852110e5d4a50bc78b2aa66b63012812d04b94d660aab341cfe8364422b866cd445d5d0f4d6715baea5900323e00000000000071cf4f040095006f"], 0x1) ptrace$setopts(0x4206, 0x0, 0x0, 0x0) wait4(0x0, 0x0, 0x0, 0x0) tkill(r2, 0x3c) 03:43:26 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f00005f5000)={0x0, 0x0, &(0x7f0000000000)={&(0x7f000080e000)={0x2, 0xe, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0xffffff80, 0x0, @in6}, @sadb_lifetime={0x4, 0x7, 0x0, 0x0, 0x96bd, 0x80000001}]}, 0x58}}, 0x0) prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1) sendmsg$key(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)={0x2, 0x12, 0x64, 0x7, 0x1f, 0x0, 0x70bd29, 0x25dfdbfe, [@sadb_x_sec_ctx={0x5, 0x18, 0x5, 0x3, 0x1f, "1cfec3df0fcf2ca7e4d341cc84da233d58affca2fb0da6ea50ce5894e1604a"}, @sadb_sa={0x2, 0x1, 0x4d2, 0xffffffffffff8001, 0x0, 0x24, 0x3, 0x20000000}, @sadb_x_nat_t_type={0x1, 0x14, 0xe4}, @sadb_spirange={0x2, 0x10, 0x4d5, 0x4d3}, @sadb_x_nat_t_type={0x1, 0x14, 0x4c}, @sadb_x_policy={0x8, 0x12, 0x0, 0x4, 0x0, 0x100000001, 0x3, {0x6, 0xff, 0x36, 0x2, 0x0, 0x1, 0x0, @in6=@dev={0xfe, 0x80, [], 0x14}, @in=@broadcast}}, @sadb_spirange={0x2, 0x10, 0x4d5, 0x4d3}, @sadb_x_nat_t_port={0x1, 0x16, 0x4e20}, @sadb_ident={0x2, 0xa, 0x1, 0x0, 0x1}, @sadb_x_filter={0x5, 0x1a, @in6=@remote, @in6=@remote, 0x9, 0x14, 0x14}]}, 0xf8}}, 0x80) 03:43:26 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000180)="0adc1f123c123f3188b070") r1 = socket$inet6(0xa, 0x400000000001, 0x0) bind$inet6(r1, &(0x7f0000000200)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r1, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) syz_genetlink_get_family_id$net_dm(0x0) perf_event_open$cgroup(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, 0xffffffffffffffff) sendmsg$NET_DM_CMD_STOP(0xffffffffffffffff, 0x0, 0x0) chdir(&(0x7f0000000240)='./file0\x00') syz_mount_image$hfsplus(&(0x7f0000000040)='hfsplus\x00', &(0x7f0000000080)='./bus\x00', 0x3, 0x1, &(0x7f0000000700)=[{0x0, 0x3b6}], 0x0, 0x0) 03:43:26 executing program 4: socketpair$unix(0x1, 0x0, 0x0, 0x0) r0 = creat(0x0, 0x0) r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_STATUS(r0, 0xc05c5340, &(0x7f0000000200)={0xff, 0x9, 0xff, {}, 0x2, 0x1}) mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x0, 0x10, 0xffffffffffffffff, 0x0) fcntl$dupfd(r2, 0x406, r1) 03:43:26 executing program 5: socket$inet_sctp(0x2, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f00000003c0)=ANY=[@ANYBLOB="7cdaf117ad949c33f5436f8e61287af40e63e6559df00e1c92e3892c4c1cde1e61dc755864675bb0084e5e8ed007ed531d2e2cbd9c775f9e6d807d11e9e6c7c13e9b9937"], 0x0) r0 = socket(0xa, 0x3, 0x5) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000000)={'bridge0\x00\x00\x01\x00'}) setsockopt$ARPT_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x0, 0x61, &(0x7f0000000080)={'filter\x00', 0x4}, 0x68) setsockopt$inet6_mtu(r0, 0x29, 0x17, &(0x7f00000001c0)=0x2, 0x4) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8923, &(0x7f0000000040)={'bridge0\x00', 0xfffffffffffffffd}) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) socket$inet(0x2, 0x4000000000000001, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCBRADDBR(r3, 0x89a0, &(0x7f00000000c0)='bcsf0\x00') setsockopt$inet6_mtu(r2, 0x29, 0x17, &(0x7f00000002c0)=0x7, 0x4) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(tnepres)\x00'}, 0x58) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r1, 0x84, 0x7c, &(0x7f0000000680)={0x0, 0x4}, &(0x7f00000006c0)=0x8) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r0, 0x84, 0x22, &(0x7f0000000700)={0x0, 0x0, 0x2, 0x1, r5}, 0x10) r6 = accept4(r4, 0x0, &(0x7f0000000000), 0x0) setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000000100), 0x0) r7 = syz_genetlink_get_family_id$nbd(&(0x7f0000000740)='nbd\x00') sendmsg$NBD_CMD_STATUS(r3, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)={0x20, r7, 0x20, 0x70bd27, 0x25dfdbfd, {}, [@NBD_ATTR_TIMEOUT={0xc, 0x4, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x4000) sendto$unix(r6, &(0x7f0000000400), 0xfffffffffffffef8, 0x0, 0x0, 0x22) bind$bt_l2cap(r1, &(0x7f0000000280)={0x1f, 0x1000, {0x2, 0x8, 0x9, 0xff, 0x40, 0x65f}, 0x5, 0xa1}, 0xe) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000200)={r2, &(0x7f0000000140)="b127e17bb4729bdbe9df3309c28cfe1b0b69a52b7f9659d9f5e15f2d086700eb94d66d46780f09e48850970774d57053aa6f75", 0x0, 0x1}, 0x20) socket$alg(0x26, 0x5, 0x0) recvmmsg(r6, &(0x7f0000009140)=[{{&(0x7f0000001580)=@in={0x2, 0x0, @dev}, 0x80, &(0x7f0000004840)=[{&(0x7f0000003840)=""/4096, 0x6}, {&(0x7f0000001600)=""/129, 0x7fffeffa}], 0x2, &(0x7f00000048c0)=""/58, 0x3a}}], 0x1, 0x0, &(0x7f0000009340)={0x0, 0x989680}) ioctl$sock_SIOCBRDELBR(r3, 0x89a1, &(0x7f0000000180)='bcsf0\x00\x00\x00\x00\x00\x00\x00\x11\x00') getsockopt$bt_rfcomm_RFCOMM_LM(r2, 0x12, 0x3, &(0x7f0000000380), &(0x7f0000000240)=0x293) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000f4dff4), 0xc, &(0x7f0000000040)={&(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000c011100"], 0x1}}, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000600)={'bridge0\x00'}) 03:43:26 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000180)="0adc1f123c123f3188b070") r1 = socket$inet6(0xa, 0x400000000001, 0x0) bind$inet6(r1, &(0x7f0000000200)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r1, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) syz_genetlink_get_family_id$net_dm(0x0) perf_event_open$cgroup(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, 0xffffffffffffffff) sendmsg$NET_DM_CMD_STOP(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$hfsplus(&(0x7f0000000040)='hfsplus\x00', &(0x7f0000000080)='./bus\x00', 0x3, 0x1, &(0x7f0000000700)=[{0x0, 0x3b6}], 0x0, 0x0) 03:43:26 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f000080e000)=ANY=[@ANYBLOB="020e00000c00000000000000000000419fc4a600008000000a00000000000000000000000000000000000000003e727f49048abbc56a942dc9000000000000000000000005000500aa1e48c40a00000000000000fe8000000000000000000000"], 0x60}}, 0x0) r1 = accept4(r0, &(0x7f0000000180)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, &(0x7f0000000200)=0x80, 0x800) r2 = syz_open_dev$usbmon(&(0x7f00000000c0)='/dev/usbmon#\x00', 0xc8, 0x200000) write$9p(r2, &(0x7f0000000100)="8cdd7b8d9d2699c37dc2224148e4584bea3ab8b72f897684078e113ac31a4720f1a6967bcd1aefd5b992fe737983805d73b3e7f076938dafef4d879a", 0x3c) getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r1, 0x6, 0x1d, &(0x7f0000000240), &(0x7f0000000280)=0x14) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) recvfrom$ax25(r3, &(0x7f00000002c0)=""/178, 0xb2, 0x21, &(0x7f0000000380)={{0x3, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, 0x7}, [@null, @null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @bcast]}, 0x48) ioctl$VHOST_SET_VRING_ERR(r3, 0x4008af22, &(0x7f0000000080)={0x3, r3}) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000040), 0x0) getpid() 03:43:26 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000180)="0adc1f123c123f3188b070") r1 = socket$inet6(0xa, 0x400000000001, 0x0) bind$inet6(r1, &(0x7f0000000200)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r1, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) syz_genetlink_get_family_id$net_dm(0x0) perf_event_open$cgroup(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, 0xffffffffffffffff) syz_mount_image$hfsplus(&(0x7f0000000040)='hfsplus\x00', &(0x7f0000000080)='./bus\x00', 0x3, 0x1, &(0x7f0000000700)=[{0x0, 0x3b6}], 0x0, 0x0) 03:43:26 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) r1 = accept4(r0, 0x0, &(0x7f0000001300), 0x800) setsockopt$inet6_MRT6_ADD_MFC(r1, 0x29, 0xcc, &(0x7f0000001340)={{0xa, 0x4e20, 0xffff, @rand_addr="ba38e0cade52f2e0c3ca27db46e4e405", 0x643}, {0xa, 0x4e24, 0x9, @dev={0xfe, 0x80, [], 0x16}}, 0x8000, [0x200, 0xdf2f, 0x1, 0x0, 0x6, 0x2, 0x2, 0x2]}, 0x5c) sendmsg$key(r0, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000001cc0)=ANY=[@ANYBLOB="020e00000c000000000000000000000005000600008000000a000000000000dec2424dd92ae1278983ce615d46df0000000000000000000000000000000000000000001d00000005000500000000000a00000000000000fe8000e8f69c8ab292771600000000ff0000000000000000f6ad47d1e4b2fe1b668603850a2ada32afb3e35c0b7ae1efe2b5b63931bf2728e546147de6a444178c42ce9bd89afe0abaedef69ea72532d0c1e42bf3ee47bd8208e308d23379e31ae775b6b58d3cc1f7ce7a8c1eb950a773c0e6517f02dae5608d07898e75c09e2010c6d01f29f864638a52a58c1f67dd3f0031ea47f6513071641af64e0de502a35eff7ec533dcadb9b86ac4eab4852edb6da82b3c2a5c1d0b1343ac99e6984105ee32190ba94d56af58e4c27e26e608bfc67c16cfad695957269e5c287d7b93597c153b235eb5e753de1d37812852bdb3b67bf897d84ae5921cab3f2983a850b6695e018b23108caa9836d51fbec2ea34f08a540616ada4a95591e7097ece85ef3bac0eb46c25a22a4097946e7e296b38e9d7eb7efd9724acda014127b1f136fd39ed8e78b1612c0fc6cc0594ba7701e40be61138af12e4eda8a000bcedf4287573d663879da3f7b071421d5bb1b5edaa1db5080dc4e6ad47b9aabb9ff7273463429"], 0x60}}, 0x0) r2 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mixer\x00', 0x40000, 0x0) arch_prctl$ARCH_SET_CPUID(0x1012, 0x0) setsockopt$inet_icmp_ICMP_FILTER(r2, 0x1, 0x1, &(0x7f00000013c0)={0x8}, 0x4) r3 = syz_genetlink_get_family_id$team(&(0x7f0000001280)='team\x00') ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f00000015c0)={'team0\x00', 0x0}) getsockopt$inet6_mreq(r2, 0x29, 0x1f, &(0x7f0000001600), &(0x7f0000001640)=0x14) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000016c0)={'nlmon0\x00', 0x0}) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000001700)={'ip6tnl0\x00', 0x0}) ioctl$KDENABIO(r2, 0x4b36) getsockopt$inet6_mreq(r2, 0x29, 0x1c, &(0x7f0000001800)={@ipv4={[], [], @initdev}, 0x0}, &(0x7f0000001840)=0x14) getsockopt$inet_mreqn(r2, 0x0, 0x23, &(0x7f00000025c0)={@multicast1, @local, 0x0}, &(0x7f0000002600)=0xc) getsockopt$inet_IP_XFRM_POLICY(r2, 0x0, 0x11, &(0x7f0000002640)={{{@in=@initdev, @in, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@mcast2}, 0x0, @in=@initdev}}, &(0x7f0000002740)=0xe8) getsockopt$inet_mreqn(r2, 0x0, 0x20, &(0x7f0000002880)={@initdev, @rand_addr, 0x0}, &(0x7f00000028c0)=0xc) getsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f0000001400)={{{@in6=@loopback, @in6=@mcast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@multicast2}, 0x0, @in6}}, &(0x7f0000002a00)=0xe8) accept4(r2, &(0x7f0000002ac0)=@hci={0x1f, 0x0}, &(0x7f0000002b40)=0x80, 0x80000) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000002b80)={'team0\x00', 0x0}) getsockname$packet(r2, &(0x7f0000002bc0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f0000002c00)=0x14) accept$packet(r2, &(0x7f0000002f00)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000002f40)=0x14) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1f, &(0x7f0000002f80)={@remote, 0x0}, &(0x7f0000002fc0)=0x14) sendmsg$TEAM_CMD_NOOP(r0, &(0x7f0000003600)={&(0x7f0000001240)={0x10, 0x0, 0x0, 0x4004000}, 0xfffffffffffffdb4, &(0x7f0000001680)={&(0x7f0000001880)=ANY=[@ANYBLOB="bc050000", @ANYRES16=r3, @ANYBLOB="200427bd7000fcdbdf250000000008000100", @ANYRES32=r4, @ANYRESOCT=r14, @ANYRES16=r10, @ANYRESDEC=r8, @ANYRES32=r5, @ANYBLOB="08000100", @ANYRES32=r6, @ANYBLOB="b800020038000100240001006d636173745f72656a6f696e5f636f756e740000000000000000000000000000080003000300000008000400000000803c000100240001006d6f64650000000000000000000000000000000000000000000000000000000008000300050000000c00040072616e646f6d0000400001002400010071756575655f69640000000000000000000000000000000000000000000000000800030003000000080004000300000008000600", @ANYRES32=r7, @ANYBLOB="08000100", @ANYRES32=r8, @ANYBLOB="4400020040000100240001007072696f72697479000000000000000000000000000000000000000000000000080003000e00000008000400a167125d08000600", @ANYRES32=r9, @ANYBLOB="08000100", @ANYRES32=r10, @ANYBLOB="ec00020038000100240001006c625f73746174735f726566726573685f696e74657276616c000000000000000800030003000000080004000000000038000100240001006e6f746966795f70656572735f636f756e740000000000000000000000000000080003000300000008000400008000003c00010024000100757365725f6c696e6b75705f656e61626c65640000000000000000000000000008000300060000000400040008000600", @ANYRES32=r11, @ANYBLOB="3c000100240001006d6f64650000000000000000000000000000000000000000000000000000000008000300050000000c00040072616e646f6d000008000100", @ANYRES32=r12, @ANYBLOB="d00102003800010024000100616374697665706f727400000000000000000000000000000000000000000000080003000300000008000400", @ANYRES32=r13, @ANYBLOB="6c000100240001006270665f686173685f66756e6300000000000000000000000000000000000000080003000b0000003c00040001000000050000000600000104000000ff7f000103000000070002020300000002000602050000008000490709000000090005019761000038000100240001006d636173745f72656a6f696e5f636f756e7400000000000000000000000000000800030003000000080004003d04000040000100240001007072696f72697479000000000000000000000000000000000000000000000000080003000e000000080004000200000008000600", @ANYRES32=r14, @ANYBLOB="38000100240001006d636173745f72656a6f696e5f696e74657276616c0000000000000000000000080003000300000008000400090000003c00010024000100757365725f6c696e6b75705f656e61626c65640000000000000000000000000008000300060000000400040008000600", @ANYRES32=r15, @ANYBLOB="3c00010024000100757365725f6c696e6b75705f656e61626c65640000000000000000000000000008000300060000000400040008000600", @ANYRES32=r16], 0x1e}, 0x1, 0x0, 0x0, 0x4000}, 0x20004004) write$UHID_INPUT(r2, &(0x7f0000000040)={0x8, "73fd81927277a12c63c1ce613e1944e1a0db0d807b2b4d8d4a02f86f54691b426c17120f7e76c97727c01511457234c6e57197d30ac94ccbfaea8706c8cfed2a6f75d70e8ec2531688ea56601b126cadc0493650a6d1dcfdc5545084676cd4db73f329fc64f8ff9fa09aa49c1c66a5af0d9083ed32389979e6b43cec769a83d08a04563a15dd5419b58b520a2d5e3b042df666a7be18e2b779c528b6c4d8157267f0c2bbcab3db40c1262a658de9c88faa94d8242f8f96013b43dacf7935ec084face8e2ff3db7f88216f07f0490c07a7bdc055b159de9aa1c67c724a76520fc426c1b193c70b0735e8feaa63ca4ec6eac534ba1d1d58f7bf04a301a7eb41ae15ac0d2ae6b52bb8af73b9a0df9a460962463a8a6d2b0ea3cc3b2c1010279055c76af15d9321d5667dd77975d53e4a43e5d5824f92301d558027961f277a300aa5cac10391dc7281b0955dd08480c224c29085d0946f76f1006a5105816eaea1a10a18b192a358cfeaf3373ebc671bb959e2df3d6aff5a626d37bc4cadb37883702a5a3fdf87fd3bc3e3268fae638eadda9d5b209be00be5a9cd5dbe09cb7e02d8b81fb3c7615f2e739a598b22a56975882c4b98b9bc05617cc9fa1b703b3828c0d6cb6196d13e8e2ec75fb91ff03ac700fdebd23a61a85d7e928ac6b4d1f7f96330dda79d4991e461ecf4fb89b3af3d0ec90f3b675fc40e00725f34312bdd3c620faf7e9c6f26057f5ef60f776bfdcd7a070bafc4871d3b07567f88ab1133e2cdf4b152154a7cd9dbd43481429221414b8c3ee88597c22e023a2e22b8a1dca4973708b32ffbd9877b9ca1effbd5ad49525d6a1dd888fc8e7f283e69f177a0e9549aa9acf80e724d3d1d4064f725bcc8af51e21064477c2d601a7a3c854e1b327acb13d714d786dcde6e98c093c10fd6da89978aec6454bcea7c63931cad4635a5380e441cc11164744f235f7f20965a077c1d2a10e5213b83c892a001fff310b4babc11e839a5ff6b2703bbe1ea863901d905ae852078dce972962722c82d437756519d200fb333a633b33daca8823ad8c99b59991b651980b46861490b1ac5ac0ae4bbd69503c0106328b802cdb4c7e5af91f26795df49b9bcfbed92d62c72b838953b93aff6955c765e6fd1b728dba08e5a72abe3e51e9058568ef794a1e5781d3dc2af809ef806f0d491fd0778b779dbe115d078f3989c2eae59db4d83b2f56f8840c2f4319bf228d91df43781132f9f2516c806a23e78593d608c977b843390bf754239bdfa04e9805f6acf920117fd1aa617322d16f4748db04ac3cbb5a1ab8d39676ee60552385ce813ded208c62b1892a393b211cec554a4ce2dc24764102dbfdd79a51c3ebaf75f071da94cf393f82701429c13372763a17f5a7e06535c18e536826c4cc01ff2449aa165f7d0d286fd7d2bf55cf0f3e1bd092aab6ae2e87d62baf849e8a3da4f9b06a28092f1f7a39e77ec06809a0a8ea8e34af6859eb11138c3a613fe0119761bdddd9d3d70a40acf9d4bfd7527e74d1331c9b08c0c7e25e7bc4dd8470b9553e032a6c1a0be8758a522739eaf7a663505bdca33eac7194a8d84f68e62e7823e15b5c90afdc9f10f5cc7d02f48f271b1843f382a4f07e0e13a6134e08e12bcea7ff2bde8c7006279451d0457b024331c48f14774393810b04a91e0c9a8b3a6548985e81d2e030bb955b253ed652d90924e6fb4c826a37fd8109115d0ef3f1f3a5bda8ae671a9463081f759a71526a8f77cad22402418176b0cfe981f7a81dff7f7727f31488ffae705598b4f46b923a31ee1d0e71b3fdf1693be9e90799c245350ed9f74b2d700129e47ec23cda1468a419af9b3455dae099bc81deb71a79dc660837973f85ea45f96593c830d60973098d40b111493c2313adf407fa3a8eb24e9cbc4048955a7d7cf032157590b73f69ceb4d7c7dbb93433f3a2643bf02931e47d37292298a590bb2135430381fe37fd0ebd24bc3265f3ca30cce758bbf50e1933b6803cacd52539d2e465380e6693be214a4a360e44e3528d5bc0c6eb108c5094079feee05193680c3857955d751f03fc709ab028d9b5c7c59e3ffef9df6ae9675e0c7e7b5d8869017434459487c7fc6f3460f1a0258cb82cba543bc0eb6f8624c3f23682132bd724f2baf13ef1f8032cb4e34e2f41d244e643f90918f061bc6edc3e9bd364871ba2770a06f4ef0c9217ebfe6e8d304bfe017fcf8528898a5816f3446b6d955c51ade643122990b4f45caf17fd74477998618b579431d62dbdb3a4a02f1e71acfbe66c49d70a78a982e04673ef761d31a92b74d0a0b334b1f0d3f7be06e756f21bb1b40a6ddc9913bf182ca0830da9b81cf5827524141860f5dae891fbc67312ec9eefa33ad72fc74136cebf41038f34a1fdb069d6f163a497e88e64551e83ce3579c645b76c4e60e82d38454b5f75fa6bb8741f860e80567a608c20775039ce8245c792cf2514f8aedcea02fcfd8a712f7d4f7d1670622fc7274dc1d0f8c8badd887236577ef1afff9a9b0786b88d18d5f6308c452ca4399162ad86c37eead72e6a251a4ce2221548b7ba5ea9d2d0e5902cff85fef8e794c93bc6521802f1396b739bf021f0b701542a3bf685ece4452c3b2fdeeb2f28102c1b50c4a0fc22b7ce311580c3276c071cdac215532d10dbe8e5d074e39950aeb85cd892a05f77471627eeb1aab51bd9ca9f6e2b14e1c7efaf9d8f6b24e7b8001bf7af6b266d52a31dafbeb34c2e8821ee368cfada38ea87bfe1a6eaddc8897d63fe7616559c800b24d31325f98e31cc734cbf56400e53b6c1d8dd0135e19e32dd20565adef1f0301ba1fc78a185457d6538844852dc4303ff4e2d204ec4332d2b655d26afd223c34313e3878b7c042050117183cf14db1a4738493821670b4244063a89e7d84bf5240e4ec6eabb4ba83502fc5eaf9d34b29cccaa23132c4d0b7da6c439da065b3ae60561451a85c0e303fe9bb8f23e8fa96525c7d7b00d603d25181d71789917bb6a1ef5201cdc272c3ce0fe9ef3e2cf679e122a1f98b3882876f8195de9b7b42b7d5ff0d768d2a6e3c6a35a461fd1ab754895f674d9343f73efbee3da99a93e199c96e0a295b59bac5ccb0eade06de6eb05a90753e4225b45d593d6bb184ce4e66d2c2b7df556720c5eaa71668d72cd293798a3b4d82e3f21a06b0ac63d96016e6776e24bddcff45e4b0ac0da6788a90d269d16208dbae53b584eca7f0fc6ef30a2eff167f87d8c7563fa249e2a3e06c4c0f47cb979ef219b09df76c6a252e211940e7e01a570c8f3707c4b86e95cd2b7ae992dd4d46a12c608c12273aee86cb6f8645f79492824fce867a9c03664778ab7368377b57cb4880b51c06cb0bbf86d32d75c1f55a2bd60d8c01fa32905b1edb29aab3b4dc115b98eea67c21dddb9fdd1c32c7602bac9d0e03157c22fba9c45587de5eecf4f67701e8cf57249100a16e9e48618649135939e2ab469c77def6a54cb74ccd1bdc5c8c8ad8faea90324b51c1b29ca7a512a782097a829e82827cccb3ea10f1746042a69363c12c505b9e35125494e69f4080ac10e961fa70585b00bf7e1073296cf1055fb76e647ba2bc7bde450624e15dcd471e548a4b7f94daf1148d9ce3082fbef74da11793aab492a97d4197647abbb95e7c935b7d5f509a4e9720fb3e244a3a614c7d72a77d98ded58aa11cf5a1ae877ff8c0a7450f2ec6b042585ad3e7c564f61468d58935a27bb9d9abe0ef4ba9d05997cd48f818cd640a67b107e8661e50267124a077b75fbd5fb006095f698694bbb8a491660519056ca7be640a350c64677a46a31c98bf4834abac2ff7390336b6eb944e8b1d8b96f3cb0bb3626c5cf5bacbc9c2d02df3959894aec91a9f8e902a8c74b8391796bc2c7473ac17e037aa17039f492e19c54a42cbb1509e2bd29cacec37c5be3717a027848992382a968f8c9a5e930c9e51e2247ec9976bcce422cdb63a856542ea63071c4373585aa5bb26747a061f09cdfbbdc3dc6cf24a38e5999e6409eec08d580c33b88f2a587cd5b00f28f734dd663701accbded82d7a2eeb0d4a13fb221e6b38a6fca9e893f5541c6c90c193a40228e5af58d7e2bcaf2ba4a86e4b797991ee8af1a5438fe1656a6e4104376e2649d6a4e247cb6ef4e54557eb29933634d2ca96f28d43500085f720dddfef8fecc0788bb2af52f69c74daead2165a1964015acbacd32787b28183ebc2e26f5a3a946eb4798d011d9e325a71ccb5fc532b3ccebf435853953bfb278ed0f8a69614a763c86f4be3d7c47d45ad2c7fb244c7ee2ad2211aae559492d4757c336c66bed8764e7fe60feb4b83d07237e0eb0adb85072edbbb86a3482960bd96b12525a78e3c34b9a8eb287b0227b491071898a1769abf97d4cdd1529cdf78fd5f806a3a6eb26a60d8af2e6ad928f6a97123778d3876f68fcd3ef8352e7f7ea26bbe9fadde8a398dbd219b46514c7260f6ec41388ef34d634c4bd0026b966955bff1f62e1c4b6bcc9909ce3b9ac3e701ac7186ceb0987dd5ed85ffa92f4681c56dd100cf13a855481f82f4fe8805efe17524feaeb380bad41d733acc017aef53b7af8fbbefcb34778dc2633192db2bb90bea7817ae9ec6758175672bee58cba66d3db3b2e89c7eb55ca7cd2bc0a6d033626eabaf1a141b86c34618d428e4bff3cf9c5af41012c67e5101d768cb49c019bace79f255dc315a23587c38314e9c3bfab108fe612d9bcd94d62631e843fd225eea3cbc53bab0a865c0cb5015192b43ea25226debc95660f862e9b3ef39cbb0c31dc771ea8646e3f310c9b4fa55c3454c8db1d96f5ce5c027290bec67ec35b927d0f17a00e5a68cf1157c30f177b0fc6705f60f343cc719d03e9608f80534cd5f9eb28376288f145bc3623b115ac30ff8d15efd05c23539a4c5b369c81a53dbd958f32f3a4c5f41e1f816fa52a47280b318d8f0d7993013abf03fd9e7a6134daf3119219a7abce9bb0da3d89c012c2fe07a00b1fe53811e40e06a5c714643f5399372968d8f8f0c08acb85312e174b012f25b7c1795d6bae9c9e28dbf13c6c64dd9005c5eebbfa995e8c468ecb71cb27915091e511a45ce5b40f6ae92b30b52385dec45cd1070e4213a0211696724e5c8e4fee4202c19fc9c4d954895c235ab063efd0088cdfa711f4df77c9864a5ff2d39ccaff828f63cf3ee5c5d856c9da420575946e09e38a156da71255d2582e6ee4d788fb645af5f6829908e68a618c8050fa76ca9e3c49be7b19122e870f2945dc9c91135e08957b37a3e3b6408044433705e87740c520268ad0ad1d946bcbf8a68f6c1b973ca1c738d4e7836c505696cf44157f4250c7c6f8c029b7050fbc34f955f357cf64745f379494e9c7302c8a17748c14a6c296e94308989a3030ba1c64a62863ed2c79e8efd9b406902d2f9d511a10efcd269e43e1485e4089e677e75dd94f01793534d7c091a67440860289ce12ca7ad278fd733c27ce5076e69788fec00d4d23bc5cd9bfe55d2b8399a8744748419083bb2ed42a521be2d55b6053751331d235f3c4b82f6b6c2c6687e60bd972c227c3973299560269dac219888653945ba747c6bdd877d1c59794a47e1d12b09cc4a66fe05103379a59783fa02fd377d93360054cd0ec165806ca431c5a2254bb3a78cc48c788d3f2891274d50c1e549cde459cc793b749962ce1effe4907be307b75ff0cb31efce3ffff7b16c6f53037584bb4edcbaf5850a90b52e5b620218d55dfc1a930955b45aa96f82fb9a00644e838fa5ce3447aa51a3f6eee50ac979acc", 0x1000}, 0x1006) getsockopt$EBT_SO_GET_INFO(r2, 0x0, 0x80, &(0x7f0000001500)={'filter\x00'}, &(0x7f0000001580)=0x78) [ 1300.040028][ T9307] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 1300.050524][ T9307] CPU: 1 PID: 9307 Comm: syz-executor.4 Not tainted 5.1.0-rc1-next-20190319 #6 [ 1300.059469][ T9307] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1300.069526][ T9307] Call Trace: [ 1300.072826][ T9307] dump_stack+0x172/0x1f0 [ 1300.077175][ T9307] dump_header+0x10f/0xb6c [ 1300.081606][ T9307] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1300.087432][ T9307] ? ___ratelimit+0x60/0x595 [ 1300.092031][ T9307] ? do_raw_spin_unlock+0x57/0x270 [ 1300.097151][ T9307] oom_kill_process.cold+0x10/0x15 [ 1300.102279][ T9307] out_of_memory+0x79a/0x1280 [ 1300.106975][ T9307] ? lock_downgrade+0x880/0x880 [ 1300.111835][ T9307] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1300.118089][ T9307] ? oom_killer_disable+0x280/0x280 [ 1300.123298][ T9307] ? find_held_lock+0x35/0x130 [ 1300.128081][ T9307] mem_cgroup_out_of_memory+0x1ca/0x230 [ 1300.133637][ T9307] ? memcg_event_wake+0x230/0x230 03:43:26 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000180)="0adc1f123c123f3188b070") r1 = socket$inet6(0xa, 0x400000000001, 0x0) bind$inet6(r1, &(0x7f0000000200)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r1, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) syz_genetlink_get_family_id$net_dm(0x0) perf_event_open$cgroup(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) syz_mount_image$hfsplus(&(0x7f0000000040)='hfsplus\x00', &(0x7f0000000080)='./bus\x00', 0x3, 0x1, &(0x7f0000000700)=[{0x0, 0x3b6}], 0x0, 0x0) [ 1300.138677][ T9307] ? do_raw_spin_unlock+0x57/0x270 [ 1300.143806][ T9307] ? _raw_spin_unlock+0x2d/0x50 [ 1300.148675][ T9307] try_charge+0x118d/0x1790 [ 1300.153205][ T9307] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1300.158770][ T9307] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1300.165024][ T9307] ? kasan_check_read+0x11/0x20 [ 1300.169893][ T9307] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1300.175457][ T9307] mem_cgroup_try_charge+0x24d/0x5e0 [ 1300.180741][ T9307] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1300.186374][ T9307] __handle_mm_fault+0x1e1f/0x3ec0 [ 1300.191488][ T9307] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1300.197030][ T9307] ? find_held_lock+0x35/0x130 [ 1300.201786][ T9307] ? handle_mm_fault+0x322/0xb30 [ 1300.206717][ T9307] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1300.212953][ T9307] ? kasan_check_read+0x11/0x20 [ 1300.217794][ T9307] handle_mm_fault+0x43f/0xb30 [ 1300.222546][ T9307] __get_user_pages+0x7b6/0x1a40 [ 1300.227474][ T9307] ? follow_page_mask+0x19a0/0x19a0 [ 1300.232654][ T9307] ? perf_trace_lock+0xeb/0x510 [ 1300.237486][ T9307] ? __vma_adjust+0x1840/0x1840 [ 1300.242323][ T9307] ? lock_acquire+0x16f/0x3f0 [ 1300.246985][ T9307] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1300.253217][ T9307] populate_vma_page_range+0x20d/0x2a0 [ 1300.258664][ T9307] __mm_populate+0x204/0x380 [ 1300.263243][ T9307] ? populate_vma_page_range+0x2a0/0x2a0 [ 1300.268865][ T9307] __x64_sys_mlockall+0x35c/0x520 [ 1300.273876][ T9307] do_syscall_64+0x103/0x610 [ 1300.278456][ T9307] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1300.284335][ T9307] RIP: 0033:0x458079 [ 1300.288216][ T9307] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1300.307807][ T9307] RSP: 002b:00007fa3c5772c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 1300.316200][ T9307] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000458079 [ 1300.324166][ T9307] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 1300.332141][ T9307] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 03:43:26 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000440), 0x132224) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() setsockopt$IPT_SO_SET_REPLACE(r1, 0x0, 0x40, &(0x7f00000000c0)=ANY=[@ANYBLOB="6e61853167377400000100000000000000000000e4dbb77487e90104000000000040800000000000001b2300000503000018030000cc0000ac010000000000001004d1e090e1fe916dd282e0f34f8dfac0dc1695c4d700001004000010030002d3a379b87c5ade6e27a603551ae6543351c2f2d3c00f3f72e011777424c981c41f852110e5d4a50bc78b2aa66b63012812d04b94d660aab341cfe8364422b866cd445d5d0f4d6715baea5900323e00000000000071cf4f040095006f"], 0x1) ptrace$setopts(0x4206, 0x0, 0x0, 0x0) wait4(0x0, 0x0, 0x0, 0x0) tkill(r2, 0x3c) [ 1300.340121][ T9307] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa3c57736d4 [ 1300.348089][ T9307] R13: 00000000004c3d3a R14: 00000000004d6f20 R15: 00000000ffffffff [ 1300.356400][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1300.362248][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1300.368084][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1300.373927][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1300.379729][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1300.385590][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1300.394325][ T9307] memory: usage 307200kB, limit 307200kB, failcnt 1517 [ 1300.401544][ T9307] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1300.409022][ T9307] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1300.416034][ T9307] Memory cgroup stats for /syz4: cache:0KB rss:280160KB rss_huge:18432KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:235456KB active_anon:27424KB inactive_file:4KB active_file:0KB unevictable:17336KB [ 1300.441861][ T9307] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=9304,uid=0 [ 1300.474755][ T9307] Memory cgroup out of memory: Killed process 9304 (syz-executor.4) total-vm:72448kB, anon-rss:17072kB, file-rss:37164kB, shmem-rss:0kB 03:43:29 executing program 0: clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x0) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x20000000, 0xd0}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 03:43:29 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f00000003c0)=ANY=[@ANYBLOB="7cdaf117ad949c33f5436f8e61287af40e63e6559df00e1c92e3892c4c1cde1e61dc755864675bb0084e5e8ed007ed531d2e2cbd9c775f9e6d807d11e9e6c7c13e9b9937"], 0x0) r1 = socket(0xa, 0x3, 0x5) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'bridge0\x00\x00\x01\x00'}) setsockopt$ARPT_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x0, 0x61, &(0x7f0000000080)={'filter\x00', 0x4}, 0x68) setsockopt$inet6_mtu(r1, 0x29, 0x17, &(0x7f00000001c0)=0x2, 0x4) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8923, &(0x7f0000000040)={'bridge0\x00', 0xfffffffffffffffd}) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) socket$inet(0x2, 0x4000000000000001, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCBRADDBR(r4, 0x89a0, &(0x7f00000000c0)='bcsf0\x00') setsockopt$inet6_mtu(r3, 0x29, 0x17, &(0x7f00000002c0)=0x7, 0x4) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(tnepres)\x00'}, 0x58) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r2, 0x84, 0x7c, &(0x7f0000000680)={0x0, 0x4}, &(0x7f00000006c0)=0x8) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f0000000700)={0x0, 0x0, 0x2, 0x1, r6}, 0x10) r7 = accept4(r5, 0x0, &(0x7f0000000000), 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000100), 0x0) r8 = syz_genetlink_get_family_id$nbd(&(0x7f0000000740)='nbd\x00') sendmsg$NBD_CMD_STATUS(r4, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)={0x20, r8, 0x20, 0x70bd27, 0x25dfdbfd, {}, [@NBD_ATTR_TIMEOUT={0xc, 0x4, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x4000) sendto$unix(r7, &(0x7f0000000400), 0xfffffffffffffef8, 0x0, 0x0, 0x22) bind$bt_l2cap(r2, &(0x7f0000000280)={0x1f, 0x1000, {0x2, 0x8, 0x9, 0xff, 0x40, 0x65f}, 0x5, 0xa1}, 0xe) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000200)={r3, &(0x7f0000000140)="b127e17bb4729bdbe9df3309c28cfe1b0b69a52b7f9659d9f5e15f2d086700eb94d66d46780f09e48850970774d57053aa6f75", 0x0, 0x1}, 0x20) socket$alg(0x26, 0x5, 0x0) recvmmsg(r7, &(0x7f0000009140)=[{{&(0x7f0000001580)=@in={0x2, 0x0, @dev}, 0x80, &(0x7f0000004840)=[{&(0x7f0000003840)=""/4096, 0x6}, {&(0x7f0000001600)=""/129, 0x7fffeffa}], 0x2, &(0x7f00000048c0)=""/58, 0x3a}}], 0x1, 0x0, &(0x7f0000009340)={0x0, 0x989680}) ioctl$sock_SIOCBRDELBR(r4, 0x89a1, &(0x7f0000000180)='bcsf0\x00\x00\x00\x00\x00\x00\x00\x11\x00') getsockopt$bt_rfcomm_RFCOMM_LM(r3, 0x12, 0x3, &(0x7f0000000380), &(0x7f0000000240)=0x293) sendmsg$nl_xfrm(r0, &(0x7f0000000100)={&(0x7f0000f4dff4), 0xc, &(0x7f0000000040)={&(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000c011100"], 0x1}}, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000600)={'bridge0\x00'}) 03:43:29 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000000040)=ANY=[@ANYBLOB="020e00000c000000000000000000000005000600008000000a0000000000000000000000000000000000000000000000000000000000000005000500000000000a00000000000000fe800000000000000000000000006eff000000000000000093d95af5e56838ae17724c993b607b989d9f596d00898cddc886b45ef94768c8828df7cde170e8813281d3df8dc8b0352e7cae10d46d10c61a2f8ff9984666fe"], 0x60}}, 0x0) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000100)=0x0) fcntl$setownex(r0, 0xf, &(0x7f0000000140)={0x0, r1}) 03:43:29 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000180)="0adc1f123c123f3188b070") r1 = socket$inet6(0xa, 0x400000000001, 0x0) bind$inet6(r1, &(0x7f0000000200)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r1, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) syz_genetlink_get_family_id$net_dm(0x0) perf_event_open$cgroup(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$hfsplus(&(0x7f0000000040)='hfsplus\x00', &(0x7f0000000080)='./bus\x00', 0x3, 0x1, &(0x7f0000000700)=[{0x0, 0x3b6}], 0x0, 0x0) 03:43:29 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000440), 0x132224) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() setsockopt$IPT_SO_SET_REPLACE(r1, 0x0, 0x40, &(0x7f00000000c0)=ANY=[@ANYBLOB="6e61853167377400000100000000000000000000e4dbb77487e90104000000000040800000000000001b2300000503000018030000cc0000ac010000000000001004d1e090e1fe916dd282e0f34f8dfac0dc1695c4d700001004000010030002d3a379b87c5ade6e27a603551ae6543351c2f2d3c00f3f72e011777424c981c41f852110e5d4a50bc78b2aa66b63012812d04b94d660aab341cfe8364422b866cd445d5d0f4d6715baea5900323e00000000000071cf4f040095006f"], 0x1) ptrace$setopts(0x4206, 0x0, 0x0, 0x0) wait4(0x0, 0x0, 0x0, 0x0) tkill(r2, 0x3c) 03:43:29 executing program 4: socketpair$unix(0x1, 0x0, 0x0, 0x0) r0 = creat(0x0, 0x0) r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_STATUS(r0, 0xc05c5340, &(0x7f0000000200)={0xff, 0x9, 0xff, {}, 0x2, 0x1}) mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x0, 0x6031, 0xffffffffffffffff, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, r1) 03:43:29 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000180)="0adc1f123c123f3188b070") r1 = socket$inet6(0xa, 0x400000000001, 0x0) bind$inet6(r1, &(0x7f0000000200)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r1, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) syz_genetlink_get_family_id$net_dm(0x0) syz_mount_image$hfsplus(&(0x7f0000000040)='hfsplus\x00', &(0x7f0000000080)='./bus\x00', 0x3, 0x1, &(0x7f0000000700)=[{0x0, 0x3b6}], 0x0, 0x0) 03:43:29 executing program 2: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x20000, 0x9a) ioctl$EVIOCGSW(r0, 0x8040451b, &(0x7f0000000040)=""/27) r1 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r1, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f000080e000)={0x2, 0xe, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0xffffff80, 0x0, @in6}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0x60}}, 0x0) 03:43:29 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000180)="0adc1f123c123f3188b070") r1 = socket$inet6(0xa, 0x400000000001, 0x0) bind$inet6(r1, &(0x7f0000000200)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r1, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) syz_mount_image$hfsplus(&(0x7f0000000040)='hfsplus\x00', &(0x7f0000000080)='./bus\x00', 0x3, 0x1, &(0x7f0000000700)=[{0x0, 0x3b6}], 0x0, 0x0) 03:43:29 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) r1 = openat$vfio(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vfio/vfio\x00', 0x80000, 0x0) clock_gettime(0x0, &(0x7f0000000040)={0x0, 0x0}) write$input_event(r1, &(0x7f0000000080)={{r2, r3/1000+30000}, 0x14, 0x1ff, 0x3}, 0x18) sendmsg$key(r0, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f000080e000)={0x2, 0xe, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0xffffff80, 0x0, @in6}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0x60}}, 0x0) ioctl$KVM_SET_MP_STATE(r1, 0x4004ae99, &(0x7f00000000c0)=0xa) 03:43:29 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000180)="0adc1f123c123f3188b070") r1 = socket$inet6(0xa, 0x400000000001, 0x0) bind$inet6(r1, &(0x7f0000000200)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r1, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) syz_mount_image$hfsplus(&(0x7f0000000040)='hfsplus\x00', &(0x7f0000000080)='./bus\x00', 0x3, 0x1, &(0x7f0000000700)=[{0x0, 0x3b6}], 0x0, 0x0) 03:43:29 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000180)="0adc1f123c123f3188b070") r1 = socket$inet6(0xa, 0x400000000001, 0x0) bind$inet6(r1, &(0x7f0000000200)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) syz_mount_image$hfsplus(&(0x7f0000000040)='hfsplus\x00', &(0x7f0000000080)='./bus\x00', 0x3, 0x1, &(0x7f0000000700)=[{0x0, 0x3b6}], 0x0, 0x0) [ 1303.136662][ T9358] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 1303.150715][ T9358] CPU: 0 PID: 9358 Comm: syz-executor.4 Not tainted 5.1.0-rc1-next-20190319 #6 [ 1303.159667][ T9358] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1303.169722][ T9358] Call Trace: [ 1303.173032][ T9358] dump_stack+0x172/0x1f0 [ 1303.177383][ T9358] dump_header+0x10f/0xb6c [ 1303.181814][ T9358] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1303.187622][ T9358] ? ___ratelimit+0x60/0x595 [ 1303.192211][ T9358] ? do_raw_spin_unlock+0x57/0x270 [ 1303.197334][ T9358] oom_kill_process.cold+0x10/0x15 [ 1303.202446][ T9358] out_of_memory+0x79a/0x1280 [ 1303.207126][ T9358] ? lock_downgrade+0x880/0x880 [ 1303.211974][ T9358] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1303.218223][ T9358] ? oom_killer_disable+0x280/0x280 [ 1303.223416][ T9358] ? find_held_lock+0x35/0x130 [ 1303.228190][ T9358] mem_cgroup_out_of_memory+0x1ca/0x230 [ 1303.233737][ T9358] ? memcg_event_wake+0x230/0x230 [ 1303.238769][ T9358] ? do_raw_spin_unlock+0x57/0x270 [ 1303.243881][ T9358] ? _raw_spin_unlock+0x2d/0x50 [ 1303.248735][ T9358] try_charge+0x118d/0x1790 [ 1303.253249][ T9358] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1303.258793][ T9358] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1303.265034][ T9358] ? kasan_check_read+0x11/0x20 [ 1303.269893][ T9358] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1303.275444][ T9358] mem_cgroup_try_charge+0x24d/0x5e0 [ 1303.280758][ T9358] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1303.286403][ T9358] __handle_mm_fault+0x1e1f/0x3ec0 [ 1303.291538][ T9358] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1303.297827][ T9358] ? find_held_lock+0x35/0x130 [ 1303.303204][ T9358] ? handle_mm_fault+0x322/0xb30 [ 1303.308155][ T9358] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1303.314399][ T9358] ? kasan_check_read+0x11/0x20 [ 1303.319259][ T9358] handle_mm_fault+0x43f/0xb30 [ 1303.324030][ T9358] __get_user_pages+0x7b6/0x1a40 [ 1303.328987][ T9358] ? follow_page_mask+0x19a0/0x19a0 [ 1303.334269][ T9358] ? perf_trace_lock+0xeb/0x510 [ 1303.339116][ T9358] ? __vma_adjust+0x1840/0x1840 [ 1303.343978][ T9358] ? lock_acquire+0x16f/0x3f0 [ 1303.348839][ T9358] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1303.355085][ T9358] populate_vma_page_range+0x20d/0x2a0 [ 1303.360552][ T9358] __mm_populate+0x204/0x380 [ 1303.365149][ T9358] ? populate_vma_page_range+0x2a0/0x2a0 [ 1303.370795][ T9358] __x64_sys_mlockall+0x35c/0x520 [ 1303.375822][ T9358] do_syscall_64+0x103/0x610 [ 1303.380416][ T9358] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1303.386306][ T9358] RIP: 0033:0x458079 [ 1303.390196][ T9358] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1303.409821][ T9358] RSP: 002b:00007fa3c5772c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 1303.418232][ T9358] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000458079 [ 1303.426458][ T9358] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 1303.434422][ T9358] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1303.442391][ T9358] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa3c57736d4 [ 1303.450355][ T9358] R13: 00000000004c3d3a R14: 00000000004d6f20 R15: 00000000ffffffff [ 1303.479665][ T9358] memory: usage 307200kB, limit 307200kB, failcnt 1552 [ 1303.503707][ T9358] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1303.529209][ T9358] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1303.548731][ T9358] Memory cgroup stats for /syz4: cache:0KB rss:280160KB rss_huge:18432KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:235456KB active_anon:27424KB inactive_file:4KB active_file:0KB unevictable:17424KB [ 1303.587501][ T9358] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=9351,uid=0 [ 1303.604521][ T9358] Memory cgroup out of memory: Killed process 9351 (syz-executor.4) total-vm:72448kB, anon-rss:17336kB, file-rss:37164kB, shmem-rss:0kB [ 1303.619417][ T1043] oom_reaper: reaped process 9351 (syz-executor.4), now anon-rss:17384kB, file-rss:37944kB, shmem-rss:0kB [ 1304.480643][ C1] net_ratelimit: 14 callbacks suppressed [ 1304.480653][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1304.492167][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1304.497961][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1304.503772][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1304.509583][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1304.515389][ C1] protocol 88fb is buggy, dev hsr_slave_1 03:43:32 executing program 0: clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x1) ptrace$cont(0xffffffffffffffff, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x20000000, 0xd0}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 03:43:32 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="020e070309000000fdffffff000000000300000033a0000002004e24ac1e0101000000000000000004000400070000000000000000000000e0ffffffffffffff913f0000000000003e0c7077c21a9e11b07e9c1778c8b0c0fb436fc32a1655e2dd2aa2d18acf4fb244e89b9dc840f5b3109f987ff42e87dc1bd7f59c7fbd5716c4be3b45d35e0508f47d26e9c92b0d323a69452df88e1e29b3241ae9cac63ac316e04c415a494d4b98e8b073820e0437d43dbd8e6d0af463e5db86a0a71464c6e9e9226fc39958c7b53f54ce3037b5f3f44e09a98b7ff5d634dcd3a191fa6c5758459d8fdf0e977ced2bd4951322ace168e57289c0c169cc46be9816ccc0d5e6e4ffba3715a1ba64c837ddf502d455c4e1"], 0x48}}, 0x0) 03:43:32 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000440), 0x132224) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() setsockopt$IPT_SO_SET_REPLACE(r1, 0x0, 0x40, &(0x7f00000000c0)=ANY=[@ANYBLOB="6e61853167377400000100000000000000000000e4dbb77487e90104000000000040800000000000001b2300000503000018030000cc0000ac010000000000001004d1e090e1fe916dd282e0f34f8dfac0dc1695c4d700001004000010030002d3a379b87c5ade6e27a603551ae6543351c2f2d3c00f3f72e011777424c981c41f852110e5d4a50bc78b2aa66b63012812d04b94d660aab341cfe8364422b866cd445d5d0f4d6715baea5900323e00000000000071cf4f040095006f"], 0x1) ptrace$setopts(0x4206, r2, 0x0, 0x0) wait4(0x0, 0x0, 0x0, 0x0) tkill(0x0, 0x3c) 03:43:32 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f00000003c0)=ANY=[@ANYBLOB="7cdaf117ad949c33f5436f8e61287af40e63e6559df00e1c92e3892c4c1cde1e61dc755864675bb0084e5e8ed007ed531d2e2cbd9c775f9e6d807d11e9e6c7c13e9b9937"], 0x0) r1 = socket(0xa, 0x3, 0x5) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'bridge0\x00\x00\x01\x00'}) setsockopt$ARPT_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x0, 0x61, &(0x7f0000000080)={'filter\x00', 0x4}, 0x68) setsockopt$inet6_mtu(r1, 0x29, 0x17, &(0x7f00000001c0)=0x2, 0x4) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8923, &(0x7f0000000040)={'bridge0\x00', 0xfffffffffffffffd}) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) socket$inet(0x2, 0x4000000000000001, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCBRADDBR(r4, 0x89a0, &(0x7f00000000c0)='bcsf0\x00') setsockopt$inet6_mtu(r3, 0x29, 0x17, &(0x7f00000002c0)=0x7, 0x4) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(tnepres)\x00'}, 0x58) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r2, 0x84, 0x7c, &(0x7f0000000680)={0x0, 0x4}, &(0x7f00000006c0)=0x8) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f0000000700)={0x0, 0x0, 0x2, 0x1, r6}, 0x10) r7 = accept4(r5, 0x0, &(0x7f0000000000), 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000100), 0x0) r8 = syz_genetlink_get_family_id$nbd(&(0x7f0000000740)='nbd\x00') sendmsg$NBD_CMD_STATUS(r4, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)={0x20, r8, 0x20, 0x70bd27, 0x25dfdbfd, {}, [@NBD_ATTR_TIMEOUT={0xc, 0x4, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x4000) sendto$unix(r7, &(0x7f0000000400), 0xfffffffffffffef8, 0x0, 0x0, 0x22) bind$bt_l2cap(r2, &(0x7f0000000280)={0x1f, 0x1000, {0x2, 0x8, 0x9, 0xff, 0x40, 0x65f}, 0x5, 0xa1}, 0xe) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000200)={r3, &(0x7f0000000140)="b127e17bb4729bdbe9df3309c28cfe1b0b69a52b7f9659d9f5e15f2d086700eb94d66d46780f09e48850970774d57053aa6f75", 0x0, 0x1}, 0x20) socket$alg(0x26, 0x5, 0x0) recvmmsg(r7, &(0x7f0000009140)=[{{&(0x7f0000001580)=@in={0x2, 0x0, @dev}, 0x80, &(0x7f0000004840)=[{&(0x7f0000003840)=""/4096, 0x6}, {&(0x7f0000001600)=""/129, 0x7fffeffa}], 0x2, &(0x7f00000048c0)=""/58, 0x3a}}], 0x1, 0x0, &(0x7f0000009340)={0x0, 0x989680}) ioctl$sock_SIOCBRDELBR(r4, 0x89a1, &(0x7f0000000180)='bcsf0\x00\x00\x00\x00\x00\x00\x00\x11\x00') getsockopt$bt_rfcomm_RFCOMM_LM(r3, 0x12, 0x3, &(0x7f0000000380), &(0x7f0000000240)=0x293) sendmsg$nl_xfrm(r0, &(0x7f0000000100)={&(0x7f0000f4dff4), 0xc, &(0x7f0000000040)={&(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000c011100"], 0x1}}, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000600)={'bridge0\x00'}) 03:43:32 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000180)="0adc1f123c123f3188b070") socket$inet6(0xa, 0x400000000001, 0x0) syz_mount_image$hfsplus(&(0x7f0000000040)='hfsplus\x00', &(0x7f0000000080)='./bus\x00', 0x3, 0x1, &(0x7f0000000700)=[{0x0, 0x3b6}], 0x0, 0x0) 03:43:32 executing program 4: socketpair$unix(0x1, 0x0, 0x0, 0x0) r0 = creat(0x0, 0x0) r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_STATUS(r0, 0xc05c5340, &(0x7f0000000200)={0xff, 0x9, 0xff, {}, 0x2, 0x1}) mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x0, 0x6031, 0xffffffffffffffff, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, r1) [ 1305.680682][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1305.686485][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1305.760669][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1305.766480][ C0] protocol 88fb is buggy, dev hsr_slave_1 03:43:32 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000180)="0adc1f123c123f3188b070") syz_mount_image$hfsplus(&(0x7f0000000040)='hfsplus\x00', &(0x7f0000000080)='./bus\x00', 0x3, 0x1, &(0x7f0000000700)=[{0x0, 0x3b6}], 0x0, 0x0) 03:43:32 executing program 0: clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x1) ptrace$cont(0xffffffffffffffff, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x20000000, 0xd0}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 03:43:32 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f000080e000)={0x2, 0xe, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0xffffff80, 0x0, @in6}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0x60}}, 0x0) r1 = syz_open_dev$amidi(&(0x7f0000000000)='/dev/amidi#\x00', 0xfeda, 0x5a340) getsockopt$inet6_int(r1, 0x29, 0x5a, &(0x7f0000000040), &(0x7f0000000080)=0x4) 03:43:32 executing program 1: socket$inet_icmp_raw(0x2, 0x3, 0x1) syz_mount_image$hfsplus(&(0x7f0000000040)='hfsplus\x00', &(0x7f0000000080)='./bus\x00', 0x3, 0x1, &(0x7f0000000700)=[{0x0, 0x3b6}], 0x0, 0x0) 03:43:32 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='loginuid\x00') setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r1, 0x6, 0x14, &(0x7f00000000c0)=0x2, 0x4) sendmsg$key(r0, &(0x7f00005f5000)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB="020e0000020000001b000000000000002e9bbdacc785e41ef053fc43a119440c024857e65fe8e04257bbd860df7b04928f7d5ee14aec7079e9d81b9f6d8b53c5098d543095ca538ac8813fcf04f8a6c50a133c3ba602b38c679145aa209e291bd077b9825e12e432ff5460b5acaa0e3d177218b7690453c8dbaac131e587d8e5ca3b14ef0aa6472f38e0a7e32e68d999fe9587d54214cbb4c00843dd92c0bbe9e0e238ad38a8206ef44c4d7b19d2f4a9561c0d07f0b94f6fe6e16be43e8911e25da4dfe3334a1e09ffbb6cecd63e48c34be34222027af76a8606eb915cd14964d95c0fa91553f131f75862938bf716efa5ac0d260720b6e960a2abd5b10a41"], 0x10}}, 0x0) 03:43:32 executing program 1: socket$inet_icmp_raw(0x2, 0x3, 0x1) syz_mount_image$hfsplus(&(0x7f0000000040)='hfsplus\x00', &(0x7f0000000080)='./bus\x00', 0x3, 0x1, &(0x7f0000000700)=[{0x0, 0x3b6}], 0x0, 0x0) 03:43:32 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000440), 0x132224) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() setsockopt$IPT_SO_SET_REPLACE(r1, 0x0, 0x40, &(0x7f00000000c0)=ANY=[@ANYBLOB="6e61853167377400000100000000000000000000e4dbb77487e90104000000000040800000000000001b2300000503000018030000cc0000ac010000000000001004d1e090e1fe916dd282e0f34f8dfac0dc1695c4d700001004000010030002d3a379b87c5ade6e27a603551ae6543351c2f2d3c00f3f72e011777424c981c41f852110e5d4a50bc78b2aa66b63012812d04b94d660aab341cfe8364422b866cd445d5d0f4d6715baea5900323e00000000000071cf4f040095006f"], 0x1) ptrace$setopts(0x4206, r2, 0x0, 0x0) wait4(0x0, 0x0, 0x0, 0x0) tkill(0x0, 0x3c) 03:43:32 executing program 1: socket$inet_icmp_raw(0x2, 0x3, 0x1) syz_mount_image$hfsplus(&(0x7f0000000040)='hfsplus\x00', &(0x7f0000000080)='./bus\x00', 0x3, 0x1, &(0x7f0000000700)=[{0x0, 0x3b6}], 0x0, 0x0) [ 1306.251893][ T9389] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 1306.280133][ T9389] CPU: 0 PID: 9389 Comm: syz-executor.4 Not tainted 5.1.0-rc1-next-20190319 #6 [ 1306.289126][ T9389] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1306.299181][ T9389] Call Trace: [ 1306.302479][ T9389] dump_stack+0x172/0x1f0 [ 1306.306813][ T9389] dump_header+0x10f/0xb6c [ 1306.311335][ T9389] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1306.317142][ T9389] ? ___ratelimit+0x60/0x595 [ 1306.321733][ T9389] ? do_raw_spin_unlock+0x57/0x270 [ 1306.326847][ T9389] oom_kill_process.cold+0x10/0x15 [ 1306.331967][ T9389] out_of_memory+0x79a/0x1280 [ 1306.336645][ T9389] ? lock_downgrade+0x880/0x880 [ 1306.341579][ T9389] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1306.347817][ T9389] ? oom_killer_disable+0x280/0x280 [ 1306.353010][ T9389] ? find_held_lock+0x35/0x130 [ 1306.357781][ T9389] mem_cgroup_out_of_memory+0x1ca/0x230 [ 1306.363325][ T9389] ? memcg_event_wake+0x230/0x230 [ 1306.368351][ T9389] ? do_raw_spin_unlock+0x57/0x270 [ 1306.373463][ T9389] ? _raw_spin_unlock+0x2d/0x50 [ 1306.378311][ T9389] try_charge+0x118d/0x1790 [ 1306.382821][ T9389] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1306.388365][ T9389] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1306.394611][ T9389] ? kasan_check_read+0x11/0x20 [ 1306.399465][ T9389] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1306.405014][ T9389] mem_cgroup_try_charge+0x24d/0x5e0 [ 1306.410304][ T9389] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1306.415946][ T9389] __handle_mm_fault+0x1e1f/0x3ec0 [ 1306.421063][ T9389] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1306.426606][ T9389] ? find_held_lock+0x35/0x130 [ 1306.431368][ T9389] ? handle_mm_fault+0x322/0xb30 [ 1306.436315][ T9389] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1306.442563][ T9389] ? kasan_check_read+0x11/0x20 [ 1306.447416][ T9389] handle_mm_fault+0x43f/0xb30 [ 1306.452187][ T9389] __get_user_pages+0x7b6/0x1a40 [ 1306.457150][ T9389] ? follow_page_mask+0x19a0/0x19a0 [ 1306.462345][ T9389] ? perf_trace_lock+0xeb/0x510 [ 1306.467192][ T9389] ? __vma_adjust+0x1840/0x1840 [ 1306.472053][ T9389] ? lock_acquire+0x16f/0x3f0 [ 1306.476727][ T9389] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1306.482975][ T9389] populate_vma_page_range+0x20d/0x2a0 [ 1306.488439][ T9389] __mm_populate+0x204/0x380 [ 1306.493028][ T9389] ? populate_vma_page_range+0x2a0/0x2a0 [ 1306.498667][ T9389] __x64_sys_mlockall+0x35c/0x520 [ 1306.503696][ T9389] do_syscall_64+0x103/0x610 [ 1306.508292][ T9389] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1306.514180][ T9389] RIP: 0033:0x458079 [ 1306.518083][ T9389] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1306.537679][ T9389] RSP: 002b:00007fa3c5772c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 03:43:32 executing program 2: prctl$PR_GET_FP_MODE(0x2e) r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f000080e000)={0x2, 0xe, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0xffffff80, 0x0, @in6}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0x60}}, 0x0) r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x4c0, 0x0) ioctl$UI_SET_FFBIT(r1, 0x4004556b, 0x1f) [ 1306.546085][ T9389] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000458079 [ 1306.554054][ T9389] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 1306.562056][ T9389] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1306.570021][ T9389] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa3c57736d4 [ 1306.577985][ T9389] R13: 00000000004c3d3a R14: 00000000004d6f20 R15: 00000000ffffffff 03:43:33 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f00000003c0)=ANY=[@ANYBLOB="7cdaf117ad949c33f5436f8e61287af40e63e6559df00e1c92e3892c4c1cde1e61dc755864675bb0084e5e8ed007ed531d2e2cbd9c775f9e6d807d11e9e6c7c13e9b9937"], 0x0) r1 = socket(0xa, 0x3, 0x5) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'bridge0\x00\x00\x01\x00'}) setsockopt$ARPT_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x0, 0x61, &(0x7f0000000080)={'filter\x00', 0x4}, 0x68) setsockopt$inet6_mtu(r1, 0x29, 0x17, &(0x7f00000001c0)=0x2, 0x4) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8923, &(0x7f0000000040)={'bridge0\x00', 0xfffffffffffffffd}) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) socket$inet(0x2, 0x4000000000000001, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCBRADDBR(r4, 0x89a0, &(0x7f00000000c0)='bcsf0\x00') setsockopt$inet6_mtu(r3, 0x29, 0x17, &(0x7f00000002c0)=0x7, 0x4) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(tnepres)\x00'}, 0x58) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r2, 0x84, 0x7c, &(0x7f0000000680)={0x0, 0x4}, &(0x7f00000006c0)=0x8) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f0000000700)={0x0, 0x0, 0x2, 0x1, r6}, 0x10) r7 = accept4(r5, 0x0, &(0x7f0000000000), 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000100), 0x0) r8 = syz_genetlink_get_family_id$nbd(&(0x7f0000000740)='nbd\x00') sendmsg$NBD_CMD_STATUS(r4, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)={0x20, r8, 0x20, 0x70bd27, 0x25dfdbfd, {}, [@NBD_ATTR_TIMEOUT={0xc, 0x4, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x4000) sendto$unix(r7, &(0x7f0000000400), 0xfffffffffffffef8, 0x0, 0x0, 0x22) bind$bt_l2cap(r2, &(0x7f0000000280)={0x1f, 0x1000, {0x2, 0x8, 0x9, 0xff, 0x40, 0x65f}, 0x5, 0xa1}, 0xe) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000200)={r3, &(0x7f0000000140)="b127e17bb4729bdbe9df3309c28cfe1b0b69a52b7f9659d9f5e15f2d086700eb94d66d46780f09e48850970774d57053aa6f75", 0x0, 0x1}, 0x20) socket$alg(0x26, 0x5, 0x0) recvmmsg(r7, &(0x7f0000009140)=[{{&(0x7f0000001580)=@in={0x2, 0x0, @dev}, 0x80, &(0x7f0000004840)=[{&(0x7f0000003840)=""/4096, 0x6}, {&(0x7f0000001600)=""/129, 0x7fffeffa}], 0x2, &(0x7f00000048c0)=""/58, 0x3a}}], 0x1, 0x0, &(0x7f0000009340)={0x0, 0x989680}) ioctl$sock_SIOCBRDELBR(r4, 0x89a1, &(0x7f0000000180)='bcsf0\x00\x00\x00\x00\x00\x00\x00\x11\x00') getsockopt$bt_rfcomm_RFCOMM_LM(r3, 0x12, 0x3, &(0x7f0000000380), &(0x7f0000000240)=0x293) sendmsg$nl_xfrm(r0, &(0x7f0000000100)={&(0x7f0000f4dff4), 0xc, &(0x7f0000000040)={&(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000c011100"], 0x1}}, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000600)={'bridge0\x00'}) 03:43:33 executing program 1: ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000180)="0adc1f123c123f3188b070") syz_mount_image$hfsplus(&(0x7f0000000040)='hfsplus\x00', &(0x7f0000000080)='./bus\x00', 0x3, 0x1, &(0x7f0000000700)=[{0x0, 0x3b6}], 0x0, 0x0) [ 1306.610456][ T9389] memory: usage 307196kB, limit 307200kB, failcnt 1570 [ 1306.619924][ T9389] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1306.649853][ T9389] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1306.695393][ T9389] Memory cgroup stats for /syz4: cache:0KB rss:280248KB rss_huge:18432KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:235456KB active_anon:27424KB inactive_file:4KB active_file:0KB unevictable:17480KB [ 1306.731144][ T9389] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=9388,uid=0 [ 1306.748293][ T9389] Memory cgroup out of memory: Killed process 9388 (syz-executor.4) total-vm:72448kB, anon-rss:17336kB, file-rss:37164kB, shmem-rss:0kB 03:43:33 executing program 4: socketpair$unix(0x1, 0x0, 0x0, 0x0) r0 = creat(0x0, 0x0) r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_STATUS(r0, 0xc05c5340, &(0x7f0000000200)={0xff, 0x9, 0xff, {}, 0x2, 0x1}) mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x0, 0x6031, 0xffffffffffffffff, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, r1) 03:43:33 executing program 1: ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000180)="0adc1f123c123f3188b070") syz_mount_image$hfsplus(&(0x7f0000000040)='hfsplus\x00', &(0x7f0000000080)='./bus\x00', 0x3, 0x1, &(0x7f0000000700)=[{0x0, 0x3b6}], 0x0, 0x0) [ 1307.176761][ T9447] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 1307.188459][ T9447] CPU: 0 PID: 9447 Comm: syz-executor.4 Not tainted 5.1.0-rc1-next-20190319 #6 [ 1307.197401][ T9447] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1307.207436][ T9447] Call Trace: [ 1307.210730][ T9447] dump_stack+0x172/0x1f0 [ 1307.215049][ T9447] dump_header+0x10f/0xb6c [ 1307.219447][ T9447] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1307.225243][ T9447] ? ___ratelimit+0x60/0x595 [ 1307.229812][ T9447] ? do_raw_spin_unlock+0x57/0x270 [ 1307.234913][ T9447] oom_kill_process.cold+0x10/0x15 [ 1307.240004][ T9447] out_of_memory+0x79a/0x1280 [ 1307.244664][ T9447] ? lock_downgrade+0x880/0x880 [ 1307.249491][ T9447] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1307.255712][ T9447] ? oom_killer_disable+0x280/0x280 [ 1307.260890][ T9447] ? find_held_lock+0x35/0x130 [ 1307.265663][ T9447] mem_cgroup_out_of_memory+0x1ca/0x230 [ 1307.271291][ T9447] ? memcg_event_wake+0x230/0x230 [ 1307.276300][ T9447] ? do_raw_spin_unlock+0x57/0x270 [ 1307.281392][ T9447] ? _raw_spin_unlock+0x2d/0x50 [ 1307.286246][ T9447] try_charge+0x118d/0x1790 [ 1307.290740][ T9447] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1307.296275][ T9447] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1307.302495][ T9447] ? kasan_check_read+0x11/0x20 [ 1307.307326][ T9447] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1307.312857][ T9447] mem_cgroup_try_charge+0x24d/0x5e0 [ 1307.318125][ T9447] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1307.323753][ T9447] __handle_mm_fault+0x1e1f/0x3ec0 [ 1307.328846][ T9447] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1307.334371][ T9447] ? find_held_lock+0x35/0x130 [ 1307.339111][ T9447] ? handle_mm_fault+0x322/0xb30 [ 1307.344037][ T9447] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1307.350271][ T9447] ? kasan_check_read+0x11/0x20 [ 1307.355112][ T9447] handle_mm_fault+0x43f/0xb30 [ 1307.359857][ T9447] __get_user_pages+0x7b6/0x1a40 [ 1307.364779][ T9447] ? follow_page_mask+0x19a0/0x19a0 [ 1307.369957][ T9447] ? perf_trace_lock+0xeb/0x510 [ 1307.374811][ T9447] ? __vma_adjust+0x1840/0x1840 [ 1307.379644][ T9447] ? lock_acquire+0x16f/0x3f0 [ 1307.384301][ T9447] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1307.390524][ T9447] populate_vma_page_range+0x20d/0x2a0 [ 1307.395988][ T9447] __mm_populate+0x204/0x380 [ 1307.400570][ T9447] ? populate_vma_page_range+0x2a0/0x2a0 [ 1307.406187][ T9447] __x64_sys_mlockall+0x35c/0x520 [ 1307.411196][ T9447] do_syscall_64+0x103/0x610 [ 1307.415781][ T9447] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1307.421650][ T9447] RIP: 0033:0x458079 [ 1307.425525][ T9447] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1307.445133][ T9447] RSP: 002b:00007fa3c5772c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 1307.453528][ T9447] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000458079 [ 1307.461490][ T9447] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 1307.469443][ T9447] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1307.477394][ T9447] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa3c57736d4 [ 1307.485346][ T9447] R13: 00000000004c3d3a R14: 00000000004d6f20 R15: 00000000ffffffff [ 1307.495114][ T9447] memory: usage 307200kB, limit 307200kB, failcnt 1607 [ 1307.502266][ T9447] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1307.509946][ T9447] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1307.517095][ T9447] Memory cgroup stats for /syz4: cache:0KB rss:280304KB rss_huge:20480KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:235456KB active_anon:27424KB inactive_file:4KB active_file:0KB unevictable:17484KB [ 1307.539425][ T9447] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=9446,uid=0 [ 1307.557197][ T9447] Memory cgroup out of memory: Killed process 9446 (syz-executor.4) total-vm:72448kB, anon-rss:17272kB, file-rss:37164kB, shmem-rss:0kB [ 1307.579446][ T1043] oom_reaper: reaped process 9446 (syz-executor.4), now anon-rss:17316kB, file-rss:37944kB, shmem-rss:0kB 03:43:35 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000440), 0x132224) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() setsockopt$IPT_SO_SET_REPLACE(r1, 0x0, 0x40, &(0x7f00000000c0)=ANY=[@ANYBLOB="6e61853167377400000100000000000000000000e4dbb77487e90104000000000040800000000000001b2300000503000018030000cc0000ac010000000000001004d1e090e1fe916dd282e0f34f8dfac0dc1695c4d700001004000010030002d3a379b87c5ade6e27a603551ae6543351c2f2d3c00f3f72e011777424c981c41f852110e5d4a50bc78b2aa66b63012812d04b94d660aab341cfe8364422b866cd445d5d0f4d6715baea5900323e00000000000071cf4f040095006f"], 0x1) ptrace$setopts(0x4206, r2, 0x0, 0x0) wait4(0x0, 0x0, 0x0, 0x0) tkill(0x0, 0x3c) 03:43:35 executing program 0: clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x1) ptrace$cont(0xffffffffffffffff, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x20000000, 0xd0}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 03:43:35 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) r1 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000180)='/dev/cachefiles\x00', 0x8c0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, &(0x7f00000001c0)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, &(0x7f0000000200)=0x10) ioctl$sock_SIOCBRADDBR(r1, 0x89a0, &(0x7f0000000240)='batadv0\x00') ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f0000000000)=0x0) ptrace$setregset(0x4205, r2, 0x2, &(0x7f0000000140)={&(0x7f0000000040)="f379dc62ac179999c05f4d9b137b0d552e23a7a8dc0eb00eb756e0d048cbf690f83fa2cf1729b4f2291b2d62ba0620e3cfda9c9435ec30d3d41c15270980877a891c3a8b44a4b5b9f5876efee3c93d8c54ea4d48e38082a92f92b6053a046ba2044f7ce11377d996a26f7b0ccfbd8365c3b99091df55e2230d61f24ae32eee93ced5f798b5d048a1362427f48609d70efd01eb631b2114ed5167c47d9f7c2ef9241ab4a077b56786a4490f5793b54973bf3786cd470ce1d6895305075108edf3687280c3eead86205e3e7f93a4af6788b51d5b2978569dee19ff37f16ef95f", 0xdf}) sendmsg$key(r0, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f000080e000)={0x2, 0xe, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0xffffff80, 0x0, @in6}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0x60}}, 0x0) ioctl$EXT4_IOC_SWAP_BOOT(r0, 0x6611) 03:43:35 executing program 1: ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000180)="0adc1f123c123f3188b070") syz_mount_image$hfsplus(&(0x7f0000000040)='hfsplus\x00', &(0x7f0000000080)='./bus\x00', 0x3, 0x1, &(0x7f0000000700)=[{0x0, 0x3b6}], 0x0, 0x0) 03:43:35 executing program 4: socketpair$unix(0x1, 0x0, 0x0, 0x0) r0 = creat(0x0, 0x0) r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_STATUS(r0, 0xc05c5340, &(0x7f0000000200)={0xff, 0x9, 0xff, {}, 0x2, 0x1}) mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x0, 0x6031, 0xffffffffffffffff, 0x0) fcntl$dupfd(r2, 0x0, r1) 03:43:35 executing program 5: socket$inet_sctp(0x2, 0x0, 0x84) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f00000003c0)=ANY=[@ANYBLOB="7cdaf117ad949c33f5436f8e61287af40e63e6559df00e1c92e3892c4c1cde1e61dc755864675bb0084e5e8ed007ed531d2e2cbd9c775f9e6d807d11e9e6c7c13e9b9937"], 0x0) r1 = socket(0xa, 0x3, 0x5) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'bridge0\x00\x00\x01\x00'}) setsockopt$ARPT_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x0, 0x61, &(0x7f0000000080)={'filter\x00', 0x4}, 0x68) setsockopt$inet6_mtu(r1, 0x29, 0x17, &(0x7f00000001c0)=0x2, 0x4) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8923, &(0x7f0000000040)={'bridge0\x00', 0xfffffffffffffffd}) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) socket$inet(0x2, 0x4000000000000001, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCBRADDBR(r4, 0x89a0, &(0x7f00000000c0)='bcsf0\x00') setsockopt$inet6_mtu(r3, 0x29, 0x17, &(0x7f00000002c0)=0x7, 0x4) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(tnepres)\x00'}, 0x58) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r2, 0x84, 0x7c, &(0x7f0000000680)={0x0, 0x4}, &(0x7f00000006c0)=0x8) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f0000000700)={0x0, 0x0, 0x2, 0x1, r6}, 0x10) r7 = accept4(r5, 0x0, &(0x7f0000000000), 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000100), 0x0) r8 = syz_genetlink_get_family_id$nbd(&(0x7f0000000740)='nbd\x00') sendmsg$NBD_CMD_STATUS(r4, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)={0x20, r8, 0x20, 0x70bd27, 0x25dfdbfd, {}, [@NBD_ATTR_TIMEOUT={0xc, 0x4, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x4000) sendto$unix(r7, &(0x7f0000000400), 0xfffffffffffffef8, 0x0, 0x0, 0x22) bind$bt_l2cap(r2, &(0x7f0000000280)={0x1f, 0x1000, {0x2, 0x8, 0x9, 0xff, 0x40, 0x65f}, 0x5, 0xa1}, 0xe) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000200)={r3, &(0x7f0000000140)="b127e17bb4729bdbe9df3309c28cfe1b0b69a52b7f9659d9f5e15f2d086700eb94d66d46780f09e48850970774d57053aa6f75", 0x0, 0x1}, 0x20) socket$alg(0x26, 0x5, 0x0) recvmmsg(r7, &(0x7f0000009140)=[{{&(0x7f0000001580)=@in={0x2, 0x0, @dev}, 0x80, &(0x7f0000004840)=[{&(0x7f0000003840)=""/4096, 0x6}, {&(0x7f0000001600)=""/129, 0x7fffeffa}], 0x2, &(0x7f00000048c0)=""/58, 0x3a}}], 0x1, 0x0, &(0x7f0000009340)={0x0, 0x989680}) ioctl$sock_SIOCBRDELBR(r4, 0x89a1, &(0x7f0000000180)='bcsf0\x00\x00\x00\x00\x00\x00\x00\x11\x00') getsockopt$bt_rfcomm_RFCOMM_LM(r3, 0x12, 0x3, &(0x7f0000000380), &(0x7f0000000240)=0x293) sendmsg$nl_xfrm(r0, &(0x7f0000000100)={&(0x7f0000f4dff4), 0xc, &(0x7f0000000040)={&(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000c011100"], 0x1}}, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000600)={'bridge0\x00'}) 03:43:35 executing program 1: socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000180)="0adc1f123c123f3188b070") syz_mount_image$hfsplus(&(0x7f0000000040)='hfsplus\x00', &(0x7f0000000080)='./bus\x00', 0x3, 0x1, &(0x7f0000000700)=[{0x0, 0x3b6}], 0x0, 0x0) 03:43:35 executing program 0: clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x1) ptrace$cont(0x18, 0x0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x20000000, 0xd0}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 03:43:35 executing program 2: r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vcs\x00', 0x210285, 0x0) ioctl$KVM_GET_CLOCK(r0, 0x8030ae7c, &(0x7f00000000c0)) ioctl$KVM_DEASSIGN_DEV_IRQ(r0, 0x4040ae75, &(0x7f0000000000)={0x2, 0x1ff, 0x5, 0x406}) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000040), 0x4) r1 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r1, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f000080e000)=ANY=[@ANYBLOB="020e00000c000000000000000000000005000600008007000a0000000000000000000000000000000000000000000000000000000700000000000000000000000a00000000000000fe8000000000000000000000000000ff0000000000000000"], 0x60}}, 0x0) 03:43:35 executing program 1: socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000180)="0adc1f123c123f3188b070") syz_mount_image$hfsplus(&(0x7f0000000040)='hfsplus\x00', &(0x7f0000000080)='./bus\x00', 0x3, 0x1, &(0x7f0000000700)=[{0x0, 0x3b6}], 0x0, 0x0) 03:43:35 executing program 1: socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000180)="0adc1f123c123f3188b070") syz_mount_image$hfsplus(&(0x7f0000000040)='hfsplus\x00', &(0x7f0000000080)='./bus\x00', 0x3, 0x1, &(0x7f0000000700)=[{0x0, 0x3b6}], 0x0, 0x0) 03:43:35 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f000080e000)=ANY=[@ANYBLOB="020e00000c000000000000000000000005000600008000000a000000000000000000000000000000000000000000000000000000000000009557025a88473e7667dc74e505000500000000000a00000000000000fe8000000000000000000000"], 0x60}}, 0x0) r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/autofs\x00', 0x4000, 0x0) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r1, 0x84, 0x7c, &(0x7f00000001c0)={0x0, 0x500, 0x7}, &(0x7f0000000200)=0x8) setsockopt$inet_sctp_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000000240)={r2, 0x2}, 0x8) ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(r1, 0xc0305602, &(0x7f0000000040)={0x0, 0x1, 0x3016, 0x1}) r3 = semget$private(0x0, 0x0, 0x400) ioctl$PPPIOCSACTIVE(r1, 0x40107446, &(0x7f0000000180)={0x4, &(0x7f0000000140)=[{0x3, 0x2, 0x8, 0x4}, {0x2, 0x7fffffff, 0x9, 0x7}, {0xffffffffffffffff, 0x8, 0xfffffffffffff1dc, 0x17b}, {0xa6, 0x9, 0xa555, 0xff}]}) semctl$IPC_INFO(r3, 0x3, 0x3, &(0x7f0000000080)=""/164) [ 1309.394167][ T9454] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 1309.413252][ T9454] CPU: 0 PID: 9454 Comm: syz-executor.4 Not tainted 5.1.0-rc1-next-20190319 #6 [ 1309.422208][ T9454] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1309.432359][ T9454] Call Trace: [ 1309.435665][ T9454] dump_stack+0x172/0x1f0 [ 1309.440008][ T9454] dump_header+0x10f/0xb6c [ 1309.444461][ T9454] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1309.450281][ T9454] ? ___ratelimit+0x60/0x595 [ 1309.454878][ T9454] ? do_raw_spin_unlock+0x57/0x270 [ 1309.460001][ T9454] oom_kill_process.cold+0x10/0x15 [ 1309.465121][ T9454] out_of_memory+0x79a/0x1280 [ 1309.469817][ T9454] ? lock_downgrade+0x880/0x880 [ 1309.474673][ T9454] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1309.480925][ T9454] ? oom_killer_disable+0x280/0x280 [ 1309.486130][ T9454] ? find_held_lock+0x35/0x130 [ 1309.490929][ T9454] mem_cgroup_out_of_memory+0x1ca/0x230 [ 1309.496474][ T9454] ? memcg_event_wake+0x230/0x230 [ 1309.501496][ T9454] ? do_raw_spin_unlock+0x57/0x270 [ 1309.506612][ T9454] ? _raw_spin_unlock+0x2d/0x50 [ 1309.511448][ T9454] try_charge+0x118d/0x1790 [ 1309.515941][ T9454] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1309.521470][ T9454] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1309.527710][ T9454] ? kasan_check_read+0x11/0x20 [ 1309.532565][ T9454] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1309.538097][ T9454] mem_cgroup_try_charge+0x24d/0x5e0 [ 1309.543370][ T9454] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1309.548989][ T9454] __handle_mm_fault+0x1e1f/0x3ec0 [ 1309.554102][ T9454] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1309.559666][ T9454] ? find_held_lock+0x35/0x130 [ 1309.564433][ T9454] ? handle_mm_fault+0x322/0xb30 [ 1309.569365][ T9454] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1309.575592][ T9454] ? kasan_check_read+0x11/0x20 [ 1309.580453][ T9454] handle_mm_fault+0x43f/0xb30 [ 1309.585213][ T9454] __get_user_pages+0x7b6/0x1a40 [ 1309.590156][ T9454] ? follow_page_mask+0x19a0/0x19a0 [ 1309.595336][ T9454] ? perf_trace_lock+0xeb/0x510 [ 1309.600181][ T9454] ? __vma_adjust+0x1840/0x1840 [ 1309.605044][ T9454] ? lock_acquire+0x16f/0x3f0 [ 1309.609726][ T9454] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1309.615955][ T9454] populate_vma_page_range+0x20d/0x2a0 [ 1309.621399][ T9454] __mm_populate+0x204/0x380 [ 1309.625976][ T9454] ? populate_vma_page_range+0x2a0/0x2a0 [ 1309.631597][ T9454] __x64_sys_mlockall+0x35c/0x520 [ 1309.636623][ T9454] do_syscall_64+0x103/0x610 [ 1309.641236][ T9454] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1309.647114][ T9454] RIP: 0033:0x458079 [ 1309.650995][ T9454] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1309.670591][ T9454] RSP: 002b:00007fa3c5772c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 1309.679001][ T9454] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000458079 [ 1309.686957][ T9454] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 03:43:36 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000440), 0x132224) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() setsockopt$IPT_SO_SET_REPLACE(r1, 0x0, 0x40, &(0x7f00000000c0)=ANY=[@ANYBLOB="6e61853167377400000100000000000000000000e4dbb77487e90104000000000040800000000000001b2300000503000018030000cc0000ac010000000000001004d1e090e1fe916dd282e0f34f8dfac0dc1695c4d700001004000010030002d3a379b87c5ade6e27a603551ae6543351c2f2d3c00f3f72e011777424c981c41f852110e5d4a50bc78b2aa66b63012812d04b94d660aab341cfe8364422b866cd445d5d0f4d6715baea5900323e00000000000071cf4f040095006f"], 0x1) ptrace$setopts(0x4206, r2, 0x0, 0x0) wait4(0x0, 0x0, 0x0, 0x0) tkill(r2, 0x0) 03:43:36 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl(r0, 0x0, &(0x7f0000000180)="0adc1f123c123f3188b070") syz_mount_image$hfsplus(&(0x7f0000000040)='hfsplus\x00', &(0x7f0000000080)='./bus\x00', 0x3, 0x1, &(0x7f0000000700)=[{0x0, 0x3b6}], 0x0, 0x0) [ 1309.694921][ T9454] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1309.702911][ T9454] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa3c57736d4 [ 1309.710882][ T9454] R13: 00000000004c3d3a R14: 00000000004d6f20 R15: 00000000ffffffff 03:43:36 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f000080e000)={0x2, 0xe, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0xffffff80, 0x0, @in6}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0x60}}, 0x0) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcs\x00', 0x200, 0x0) write$FUSE_POLL(r1, &(0x7f0000000040)={0x18, 0x0, 0x5, {0x2}}, 0x18) ioctl$CAPI_GET_FLAGS(r1, 0x80044323, &(0x7f0000000080)) accept$netrom(r1, &(0x7f00000000c0)={{0x3, @null}, [@bcast, @remote, @rose, @rose, @rose, @default, @null, @netrom]}, &(0x7f0000000140)=0x48) [ 1309.748934][ T9454] memory: usage 307188kB, limit 307200kB, failcnt 1630 [ 1309.760822][ T9454] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1309.771769][ T9454] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 03:43:36 executing program 5: socket$inet_sctp(0x2, 0x0, 0x84) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f00000003c0)=ANY=[@ANYBLOB="7cdaf117ad949c33f5436f8e61287af40e63e6559df00e1c92e3892c4c1cde1e61dc755864675bb0084e5e8ed007ed531d2e2cbd9c775f9e6d807d11e9e6c7c13e9b9937"], 0x0) r1 = socket(0xa, 0x3, 0x5) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'bridge0\x00\x00\x01\x00'}) setsockopt$ARPT_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x0, 0x61, &(0x7f0000000080)={'filter\x00', 0x4}, 0x68) setsockopt$inet6_mtu(r1, 0x29, 0x17, &(0x7f00000001c0)=0x2, 0x4) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8923, &(0x7f0000000040)={'bridge0\x00', 0xfffffffffffffffd}) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) socket$inet(0x2, 0x4000000000000001, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCBRADDBR(r4, 0x89a0, &(0x7f00000000c0)='bcsf0\x00') setsockopt$inet6_mtu(r3, 0x29, 0x17, &(0x7f00000002c0)=0x7, 0x4) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(tnepres)\x00'}, 0x58) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r2, 0x84, 0x7c, &(0x7f0000000680)={0x0, 0x4}, &(0x7f00000006c0)=0x8) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f0000000700)={0x0, 0x0, 0x2, 0x1, r6}, 0x10) r7 = accept4(r5, 0x0, &(0x7f0000000000), 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000100), 0x0) r8 = syz_genetlink_get_family_id$nbd(&(0x7f0000000740)='nbd\x00') sendmsg$NBD_CMD_STATUS(r4, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)={0x20, r8, 0x20, 0x70bd27, 0x25dfdbfd, {}, [@NBD_ATTR_TIMEOUT={0xc, 0x4, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x4000) sendto$unix(r7, &(0x7f0000000400), 0xfffffffffffffef8, 0x0, 0x0, 0x22) bind$bt_l2cap(r2, &(0x7f0000000280)={0x1f, 0x1000, {0x2, 0x8, 0x9, 0xff, 0x40, 0x65f}, 0x5, 0xa1}, 0xe) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000200)={r3, &(0x7f0000000140)="b127e17bb4729bdbe9df3309c28cfe1b0b69a52b7f9659d9f5e15f2d086700eb94d66d46780f09e48850970774d57053aa6f75", 0x0, 0x1}, 0x20) socket$alg(0x26, 0x5, 0x0) recvmmsg(r7, &(0x7f0000009140)=[{{&(0x7f0000001580)=@in={0x2, 0x0, @dev}, 0x80, &(0x7f0000004840)=[{&(0x7f0000003840)=""/4096, 0x6}, {&(0x7f0000001600)=""/129, 0x7fffeffa}], 0x2, &(0x7f00000048c0)=""/58, 0x3a}}], 0x1, 0x0, &(0x7f0000009340)={0x0, 0x989680}) ioctl$sock_SIOCBRDELBR(r4, 0x89a1, &(0x7f0000000180)='bcsf0\x00\x00\x00\x00\x00\x00\x00\x11\x00') getsockopt$bt_rfcomm_RFCOMM_LM(r3, 0x12, 0x3, &(0x7f0000000380), &(0x7f0000000240)=0x293) sendmsg$nl_xfrm(r0, &(0x7f0000000100)={&(0x7f0000f4dff4), 0xc, &(0x7f0000000040)={&(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000c011100"], 0x1}}, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000600)={'bridge0\x00'}) [ 1309.779439][ T9454] Memory cgroup stats for /syz4: cache:0KB rss:280260KB rss_huge:18432KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:235456KB active_anon:27424KB inactive_file:4KB active_file:0KB unevictable:17484KB [ 1309.802936][ T9454] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=9453,uid=0 [ 1309.818802][ T9454] Memory cgroup out of memory: Killed process 9453 (syz-executor.4) total-vm:72448kB, anon-rss:17336kB, file-rss:37164kB, shmem-rss:0kB [ 1309.840671][ C1] net_ratelimit: 16 callbacks suppressed 03:43:36 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl(r0, 0x0, &(0x7f0000000180)="0adc1f123c123f3188b070") syz_mount_image$hfsplus(&(0x7f0000000040)='hfsplus\x00', &(0x7f0000000080)='./bus\x00', 0x3, 0x1, &(0x7f0000000700)=[{0x0, 0x3b6}], 0x0, 0x0) [ 1309.840680][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1309.849270][ T1043] oom_reaper: reaped process 9453 (syz-executor.4), now anon-rss:17384kB, file-rss:37944kB, shmem-rss:0kB [ 1309.852127][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1309.920636][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1309.926455][ C0] protocol 88fb is buggy, dev hsr_slave_1 03:43:36 executing program 4: socketpair$unix(0x1, 0x0, 0x0, 0x0) r0 = creat(0x0, 0x0) r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_STATUS(r0, 0xc05c5340, &(0x7f0000000200)={0xff, 0x9, 0xff, {}, 0x2, 0x1}) mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x0, 0x6031, 0xffffffffffffffff, 0x0) fcntl$dupfd(r2, 0x0, r1) 03:43:36 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl(r0, 0x0, &(0x7f0000000180)="0adc1f123c123f3188b070") syz_mount_image$hfsplus(&(0x7f0000000040)='hfsplus\x00', &(0x7f0000000080)='./bus\x00', 0x3, 0x1, &(0x7f0000000700)=[{0x0, 0x3b6}], 0x0, 0x0) [ 1310.392912][ T9515] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 1310.404028][ T9515] CPU: 0 PID: 9515 Comm: syz-executor.4 Not tainted 5.1.0-rc1-next-20190319 #6 [ 1310.412979][ T9515] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1310.423036][ T9515] Call Trace: [ 1310.426334][ T9515] dump_stack+0x172/0x1f0 [ 1310.430677][ T9515] dump_header+0x10f/0xb6c [ 1310.435095][ T9515] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1310.440902][ T9515] ? ___ratelimit+0x60/0x595 [ 1310.445496][ T9515] ? do_raw_spin_unlock+0x57/0x270 [ 1310.450609][ T9515] oom_kill_process.cold+0x10/0x15 [ 1310.455726][ T9515] out_of_memory+0x79a/0x1280 [ 1310.460407][ T9515] ? lock_downgrade+0x880/0x880 [ 1310.465254][ T9515] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1310.471496][ T9515] ? oom_killer_disable+0x280/0x280 [ 1310.476689][ T9515] ? find_held_lock+0x35/0x130 [ 1310.481466][ T9515] mem_cgroup_out_of_memory+0x1ca/0x230 [ 1310.487269][ T9515] ? memcg_event_wake+0x230/0x230 [ 1310.492311][ T9515] ? do_raw_spin_unlock+0x57/0x270 [ 1310.497427][ T9515] ? _raw_spin_unlock+0x2d/0x50 [ 1310.502279][ T9515] try_charge+0x118d/0x1790 [ 1310.506790][ T9515] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1310.512336][ T9515] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1310.518580][ T9515] ? kasan_check_read+0x11/0x20 [ 1310.523436][ T9515] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1310.528982][ T9515] mem_cgroup_try_charge+0x24d/0x5e0 [ 1310.534271][ T9515] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1310.539909][ T9515] __handle_mm_fault+0x1e1f/0x3ec0 [ 1310.545110][ T9515] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1310.550653][ T9515] ? find_held_lock+0x35/0x130 [ 1310.555410][ T9515] ? handle_mm_fault+0x322/0xb30 [ 1310.560356][ T9515] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1310.566600][ T9515] ? kasan_check_read+0x11/0x20 [ 1310.571458][ T9515] handle_mm_fault+0x43f/0xb30 [ 1310.576229][ T9515] __get_user_pages+0x7b6/0x1a40 [ 1310.581174][ T9515] ? follow_page_mask+0x19a0/0x19a0 [ 1310.586365][ T9515] ? perf_trace_lock+0xeb/0x510 [ 1310.591212][ T9515] ? __vma_adjust+0x1840/0x1840 [ 1310.596087][ T9515] ? lock_acquire+0x16f/0x3f0 [ 1310.600761][ T9515] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1310.607007][ T9515] populate_vma_page_range+0x20d/0x2a0 [ 1310.612475][ T9515] __mm_populate+0x204/0x380 [ 1310.617069][ T9515] ? populate_vma_page_range+0x2a0/0x2a0 [ 1310.622718][ T9515] __x64_sys_mlockall+0x35c/0x520 [ 1310.627745][ T9515] do_syscall_64+0x103/0x610 [ 1310.632357][ T9515] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1310.638250][ T9515] RIP: 0033:0x458079 [ 1310.642141][ T9515] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1310.661764][ T9515] RSP: 002b:00007fa3c5772c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 1310.670173][ T9515] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000458079 [ 1310.678139][ T9515] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 1310.686106][ T9515] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1310.694074][ T9515] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa3c57736d4 [ 1310.702038][ T9515] R13: 00000000004c3d3a R14: 00000000004d6f20 R15: 00000000ffffffff [ 1310.716963][ T9515] memory: usage 307200kB, limit 307200kB, failcnt 1663 [ 1310.720686][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1310.729604][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1310.729998][ T9515] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1310.735486][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1310.748748][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1310.750271][ T9515] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1310.754598][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1310.767203][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1310.768677][ T9515] Memory cgroup stats for /syz4: cache:0KB rss:280228KB rss_huge:18432KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:235456KB active_anon:27424KB inactive_file:4KB active_file:0KB unevictable:17488KB [ 1310.806793][ T9515] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=9514,uid=0 [ 1310.822885][ T9515] Memory cgroup out of memory: Killed process 9514 (syz-executor.4) total-vm:72448kB, anon-rss:17336kB, file-rss:37164kB, shmem-rss:0kB [ 1310.838409][ T1043] oom_reaper: reaped process 9514 (syz-executor.4), now anon-rss:17384kB, file-rss:37940kB, shmem-rss:0kB 03:43:38 executing program 0: clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x1) ptrace$cont(0x18, 0x0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x20000000, 0xd0}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 03:43:38 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140)='/dev/net/tun\x00', 0x8111000, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'eql\x00', 0x1000010000806}) r2 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000600)='/dev/autofs\x00', 0x14282, 0x0) getresuid(&(0x7f00000002c0), &(0x7f0000000400), &(0x7f0000000440)) getuid() getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000480), &(0x7f00000004c0)=0xc) getresgid(&(0x7f0000000340), &(0x7f00000005c0), &(0x7f0000000380)) setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f0000000340)=ANY=[], 0x0) setsockopt$IP_VS_SO_SET_STOPDAEMON(0xffffffffffffffff, 0x0, 0x48c, 0x0, 0x0) r3 = getpid() syz_open_procfs$namespace(r3, &(0x7f0000000500)='ns/pid_for_children\x00') openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdir(&(0x7f00000003c0)='./file0\x00', 0x10000000000) r4 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000100)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, 0x0) read$FUSE(r4, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_procfs$namespace(r3, &(0x7f0000000680)='ns/mnt\x00') syz_open_dev$binder(&(0x7f0000001500)='/dev/binder#\x00', 0x0, 0x0) clone(0x4000002102001ffb, 0x0, 0xfffffffffffffffe, &(0x7f00000000c0), 0xffffffffffffffff) r5 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000080)='/proc/capi/capi20ncci\x00', 0x101000, 0x0) getsockopt$inet_sctp6_SCTP_RECVRCVINFO(r5, 0x84, 0x20, &(0x7f00000001c0), &(0x7f0000000240)=0x4) execve(&(0x7f0000000040)='./file0\x00', &(0x7f0000000180), &(0x7f00000003c0)) syz_emit_ethernet(0xa6, &(0x7f0000000140)={@empty=[0x2b], @link_local, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x58, 0x0, 0x0, 0x0, 0x2f, 0x0, @local, @local}, @gre={{0x0, 0x0, 0x1, 0x0, 0x3, 0xb}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x57}}}}}}, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu\x00', 0x200002, 0x0) sendmsg$key(r0, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f000080e000)={0x2, 0xe, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0xffffff80, 0x0, @in6}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0x60}}, 0x0) 03:43:38 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000440), 0x132224) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() setsockopt$IPT_SO_SET_REPLACE(r1, 0x0, 0x40, &(0x7f00000000c0)=ANY=[@ANYBLOB="6e61853167377400000100000000000000000000e4dbb77487e90104000000000040800000000000001b2300000503000018030000cc0000ac010000000000001004d1e090e1fe916dd282e0f34f8dfac0dc1695c4d700001004000010030002d3a379b87c5ade6e27a603551ae6543351c2f2d3c00f3f72e011777424c981c41f852110e5d4a50bc78b2aa66b63012812d04b94d660aab341cfe8364422b866cd445d5d0f4d6715baea5900323e00000000000071cf4f040095006f"], 0x1) ptrace$setopts(0x4206, r2, 0x0, 0x0) wait4(0x0, 0x0, 0x0, 0x0) tkill(r2, 0x0) 03:43:38 executing program 5: socket$inet_sctp(0x2, 0x0, 0x84) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f00000003c0)=ANY=[@ANYBLOB="7cdaf117ad949c33f5436f8e61287af40e63e6559df00e1c92e3892c4c1cde1e61dc755864675bb0084e5e8ed007ed531d2e2cbd9c775f9e6d807d11e9e6c7c13e9b9937"], 0x0) r1 = socket(0xa, 0x3, 0x5) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'bridge0\x00\x00\x01\x00'}) setsockopt$ARPT_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x0, 0x61, &(0x7f0000000080)={'filter\x00', 0x4}, 0x68) setsockopt$inet6_mtu(r1, 0x29, 0x17, &(0x7f00000001c0)=0x2, 0x4) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8923, &(0x7f0000000040)={'bridge0\x00', 0xfffffffffffffffd}) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) socket$inet(0x2, 0x4000000000000001, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCBRADDBR(r4, 0x89a0, &(0x7f00000000c0)='bcsf0\x00') setsockopt$inet6_mtu(r3, 0x29, 0x17, &(0x7f00000002c0)=0x7, 0x4) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(tnepres)\x00'}, 0x58) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r2, 0x84, 0x7c, &(0x7f0000000680)={0x0, 0x4}, &(0x7f00000006c0)=0x8) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f0000000700)={0x0, 0x0, 0x2, 0x1, r6}, 0x10) r7 = accept4(r5, 0x0, &(0x7f0000000000), 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000100), 0x0) r8 = syz_genetlink_get_family_id$nbd(&(0x7f0000000740)='nbd\x00') sendmsg$NBD_CMD_STATUS(r4, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)={0x20, r8, 0x20, 0x70bd27, 0x25dfdbfd, {}, [@NBD_ATTR_TIMEOUT={0xc, 0x4, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x4000) sendto$unix(r7, &(0x7f0000000400), 0xfffffffffffffef8, 0x0, 0x0, 0x22) bind$bt_l2cap(r2, &(0x7f0000000280)={0x1f, 0x1000, {0x2, 0x8, 0x9, 0xff, 0x40, 0x65f}, 0x5, 0xa1}, 0xe) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000200)={r3, &(0x7f0000000140)="b127e17bb4729bdbe9df3309c28cfe1b0b69a52b7f9659d9f5e15f2d086700eb94d66d46780f09e48850970774d57053aa6f75", 0x0, 0x1}, 0x20) socket$alg(0x26, 0x5, 0x0) recvmmsg(r7, &(0x7f0000009140)=[{{&(0x7f0000001580)=@in={0x2, 0x0, @dev}, 0x80, &(0x7f0000004840)=[{&(0x7f0000003840)=""/4096, 0x6}, {&(0x7f0000001600)=""/129, 0x7fffeffa}], 0x2, &(0x7f00000048c0)=""/58, 0x3a}}], 0x1, 0x0, &(0x7f0000009340)={0x0, 0x989680}) ioctl$sock_SIOCBRDELBR(r4, 0x89a1, &(0x7f0000000180)='bcsf0\x00\x00\x00\x00\x00\x00\x00\x11\x00') getsockopt$bt_rfcomm_RFCOMM_LM(r3, 0x12, 0x3, &(0x7f0000000380), &(0x7f0000000240)=0x293) sendmsg$nl_xfrm(r0, &(0x7f0000000100)={&(0x7f0000f4dff4), 0xc, &(0x7f0000000040)={&(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000c011100"], 0x1}}, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000600)={'bridge0\x00'}) 03:43:38 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl(r0, 0x1000008912, 0x0) syz_mount_image$hfsplus(&(0x7f0000000040)='hfsplus\x00', &(0x7f0000000080)='./bus\x00', 0x3, 0x1, &(0x7f0000000700)=[{0x0, 0x3b6}], 0x0, 0x0) 03:43:38 executing program 4: socketpair$unix(0x1, 0x0, 0x0, 0x0) r0 = creat(0x0, 0x0) r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_STATUS(r0, 0xc05c5340, &(0x7f0000000200)={0xff, 0x9, 0xff, {}, 0x2, 0x1}) mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x0, 0x6031, 0xffffffffffffffff, 0x0) fcntl$dupfd(r2, 0x0, r1) 03:43:38 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f000080e000)=ANY=[@ANYBLOB="020e000000000000024a0000000004d3000004d60000000005000500000000000a00000000000000de8000000000000000000ef8991e00000000000000000000"], 0x48}}, 0x0) ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f0000000080)=0x0) r2 = getpgrp(0xffffffffffffffff) prctl$PR_GET_FPEMU(0x9, &(0x7f0000000000)) kcmp(r2, r1, 0x2, r0, r0) r3 = syz_open_dev$adsp(&(0x7f00000014c0)='/dev/adsp#\x00', 0x5, 0x111000) sendmsg$unix(r3, &(0x7f0000001440)={&(0x7f00000000c0)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f00000013c0)=[{&(0x7f0000000140)="479ccc466ff8190d98eafa23e7124ecc7e95020583f5fa1533bae2e299120fe2566f18e1e4c914056eef0ec2ca67db03fc3989a6c0fa815733ba7905a59daeba66e7dd7190a730", 0x47}, {&(0x7f00000001c0)="e8f8ccc649649d49a2272131bc64d3ef782706b3571eb2ad3ed3f37460f9c12aaee3935de0b42b196c046f1d02bab1539be8d6f1029edff86ba2eedcbbf9d79767d7aadb0da51551c833d30504f75d5000acd43c190625b95855d2314077a2bdb100513060808b529682175db90aafb3f8896929096c3d1b3e7f1e587cbadeb11b684130cb8236f1a72c4954a82900820e9ddd4e266c9bdc994e915bc8f7b6bef68464bbd6e6f7354b3f9473481ce1f9795cd4b22d7b5226f6e56d7b032086aa729a8db1bc8007102d9375ab93601e69505aa5fcb4ef81d6a964ce20031b3b933f41ee2a786425cad4428a259b4bbf0d35fe3eef5149394c01a988b0108d801f7005d878ffe8ae11e80f3a242584e8f79e7cced873d5dce82d8bec732013fc98498da62435dd3ae3755166debabf7e8f757560b89c086863a987006bac1288b9ae2b62a4fff0377a5c08ffd43bf7d31ab6c01529d223c5ffd627f4ca8df0f7f55331b4c82cf99173ad7aa44ae9f386d21441002ffe01eb79792a565f858f4d0cf7e4fc43f34cbb058d954911af2084addd33ecfad14a10ddf7062f95667a2bdd6aa78a6bcb8d71e0220c522b408d683644084120325ef0d93c7c1678a9b13f6c836772e76348f590c60c431dbee82b6b7e9087f57b957bb9dc5b3c840480b89be33059e55681a8e40536838825f7665020c7128cec28b231fdbe532fc6f7e7defb6055fd24719c0678415ec1a28121f14a9ef988c047857a5758075432be6ee21a858f1da4f16adeedb080e68854cedf7be2a0b5078b4d52c5591b7be428ae8c5240dc3cbb9841f209698182c3dfcc01be53c8105f66d815ebedaf30daef8dbb1383865f8d706d6826f859b12f60df701c5ae50ce6dea6d046a0ef0543aa1e35b5a79ee1e32a1b577de947581a36e2e8f4ced6fee1d24527a77b71050a86b8eb85870ef99fe69bd811cb0c338dc3ca2b893fe3a471f146c936f53d92a2e24b1a369538a2a0bdb1875c54d9d083586538f5ed907b53a0633410e465c0d89d9a46d4c0c05377b28623e625b0e5ad0502c638c17f8051f25e423297924c7fdbb65dd48583e973e45efd7191329c4ca7f0603ad0128278769793ebe6bd61e1292b948cd74fb608c757b30dcc039bb45027bf3cc082430c25c81343bbd08301c4e70d20690c181a2c562194507eb7c6a436e48b912f2d85f5e5429b911a910f44ff3d0797cbc8f80d77c1252612d4b5c2e72b38e15bfa3469589af3136b7ac52cf929fdc27e1ae921c21b22ad7fa9c4c23a94aa16603ae94b8dc4de7e55f36aa2f090135673d6ee194ca22fa750adfcdea16fac9bb0e11c65e672000595992385b81d5d3e07109d0365f344db3f268629b4605b36c437a48c372ab1b2b35f5fd0645c1df13184c70fa5f1c959f614e05c4b777ac0ba919d878f7d2915bb1660d9e26d6ec32c4b0dc3d2814e84c2d2d9e812fa6516a5b64764bd9a79870adb4d8b1374c7acb775cb6e075ea02f037b4a0d94a92413cdca4b8480330e4a51071c6deb0bf096a5d8c5b509cd4ac644f67b681408d533f6f941cc5e54e0e87f45aead823145e08e539f22fb5e83f952bd1331354adb00208b0f7d87cf192c7a449224a502b1c7feffeb9e48464b73faf4ce930b740c9d7885a5377388753e2964d2734e8cd487521bd22b3e962e600018d337a4afe4dc67d23cc72e388fdfd82a9d8a9ab4f233fa3e528acd0d6a59b6c4fa03f5d578424aeeef44d3ac9433e083d1a45e6a07f918a761bfe3b514f90bcd9641b8592bf4ef13570c364d6c3a5f019b9948d0ff89b95977385fa049354949da2a046cac51689d3d538c09768b1765b5250248909eb84674f8eb19ee53578d34b2c4096158280b162ea2184305efdb18e554696ae566447dd1a76658bf30fe0c1e3424cc7016f7ca24f73b64dc13c3d231c5e98e581c69dd9fcacfe61384cbec9e0ebd01576307ca37b6e744405b34e63ec6c2222bb629526630959c1cc82e94bae4e2c2330b0b24b3b28b011cf7fcb9b6a12cdd19b692b2fc5908d8f4f5f0080858d91e03b5d811b76dd92849f2105cd274ab46afa45fdfb488545ea1b38dec84b6d2954d2d2ea7ab25c020d6d37bf1f32cf298f75d340fb160f55913dca5450c380981673301f3ef83c13469ec767086d2cbb09ecade2ca4ae65f4bde85bdf3c08f46bb06ad6be5eaa5fa6dece6cce934861aab46105a0a246d0e5b5b29e8e69855d7f54d65dd2ab239dcca2b3b75e990fe1fa93dcef1abb1f6c72391ad037635dce29247604cc0d4fd17c14d690d8ef8ba2e8f8bb24ba9da545c027afecace42b2aff330f63ce9a3a4357f0efd2570013d66ab9cd2e75d295561748bca5417be8ebd6eff601aed39a3fdfed24e49c80c6d478670cd0c02d81fd5245137264cdbf775fd412f75f11503af15839a39d8b3a9dbaac5754fa0d16f1d37b060542921c50ac663bb4dd6784a181d9e546b19286679a944d18cdf0f170331acba20ffc673990107c026b8339d6338278af1993980d90d383062d3186b2223482bfad1535b6a7177007a55bdc3d44cce785e57af1fb2766eebc608c6b15b95da3c870c369c0a4f4a2504a744edb03c5398342ecd48d5697fc381cb5613796d77049f916f23ad5eaa633fb51098ca7d13bb66a7f345c57e37eee3c2bae9907c55db1badc5b38f35096f97846a71cd1d88c6411ae2cbbc9b87a835bb9b32897af7e24851c09742e92c4e35d18ead85b0724d58a96e452d03d3373d3553af3ff10ec3103d0a492458f5fd7f5b869e5da6509e5a329b74dd07b3def9629e1364d76232642ab493bf41db3228bb0f55b322fafed4308543f7b62908e1a0efc20be490879019574489ba6a071cc807cf28d2b178459b129455246a32ffec48b12ca297280b8716db71045ab95be9a0baefb1445de9222c17c664c774fbc2daf3bdef859d4099c4d874854959667864c8ceb8dd994bc9db601b80128b202ab6aa8eee06b7e907bf555f48a99ef27a07795a1824de0d0cbe2a2d8a0c8d3d8aab7fd498f2d1bf37274a00cc2ba3d4ce78b5478d6322b44033e05ec5555379bbf178cd284761ace960bac109f154c2f7f567fcb4a67dcbd95fe04070b81df9f7c855d1176d75b39e7640e764741ff802327b607d6a0c4218f728c8b01b419749afe2a0d8952b6c9cf54b681dfdf0b89d06d39273d497b265582b3f5c24b29f421060ca3efd4f1682bf32b2e71643e61b54edc0de22ea4fac76aedb0a776619f4d7dcf38a09d7b5118298819643d02414ffe7c6a03cc100cf20e2763689aa6a2d48cdf2901198770af726de3a20055b740cf3014c43f0b668f03e81c956d628659f680a7b62fe99124d64712350494353c819e2b67908412288886297890c621ae5299ca2342fbf6068289b949a86e2fb4e8fbca31141395e46d9b07fb7e1bc9b8fc45b11b9fa3efadc4e2fa8ea6a0abea9a1b510b08b906a22361430cd8310290b6ec573b9460f3afd0d4eeae3f7d30a8092c2e4d2c42db6e44bcf2f5357e2b2ebc2f7c65875ba07cc766dc21fa2c601bb6d00299ed6464f68b1e6ffb623bc53df904e9a562ce9730cab045b9a5a841dff96213c7c55f874d7ec46861e437949ca84dedf91431749f59af7d107e6b1909335835428541a40966f9045753d42b23854cf38e2a0fbc552e0344178a2656982fbf0ed9ef5c90c5eeedcf73301b63b4608d7a1c3e41a0dbd89e8ebc073ae3034b83abbe3a899aba69288eb5640358c04e4bc79ee748f57fdf99ccd40e4e612c5c4dae0f01d51db783e8d63199649cdeefc7f424051eafe26cb6f09c91e6a11544e8d28bb05b40a6af7ce42341a84c159289fbbd899834fcf818ebddfcffd27a26586fa51c652bd552a974b6811728e7a652bc5b681fb4500f517ead328266b7823405af91cb5fdf82b3bb325896eb77a8895478b4bbfb6fa29cbe844891ba1cbcc44f50821f649534d2bcc7994425c63c0bd9eb23fe47ec5cf50baa61645bbb52af238dbe35c0e72be5b03129f306183341e187f84f11f9bfe7d9e363dda5985cac8a3c0950643e0823c690407f485da4d2aee2cb588883f01d5e33b292d0b1916e70a8c138080bc98946051ea78861d2842448398ca1c343838dccb8a652573db84f94aef33b04a64302667ab122ee0b864fc79772858f24668bd68650a56b0f038b342f6cadb2ca884c5eff183f9895eb9f0274427f16edc1b1e8b776e5cdb3bdf08c419cc1bd8221917ca41ead2414f07cb2a0126bae5e0cf21c25b0cb10e37084d06efd0422ec164cfdc8fb3b63fc3450a452807923c17d4262d304808592fa945c31bb5e1fd1e6a896b64b22710914ffe4b075cf34692280fb45c9ed2ef36b58062dff6d8ca84fea40288d9318eacf14aae85eb2874d0806ab5e890fbde836dacfeb5d469c172ee33b1e281a9f9d4552ec0aa1802fef4edd6b39825e41c0b89a744252a60748597f436b462e78ff7e6884da35d762ba4699c57137b0bcb907c7aa8ade9508bd47dbe1a0e3c9d7a3304779a36b496908eb5a8c8dd14952ad195f3e242738747df4dabbf1e90506f88a20c975d047865159455398e21b8b1c41a9da8b0efde93f7c7716eb0f3733197b5bd7d4371ca0574ef6a0ca064a0a72c2007d88bdcaee96343d8b81c18fbbd7d89589ee1de070d8dcb2dde46a117f4bcfbf0100922728a0a5a0830a1f1a120e8eb71ef466b75738bdc4a59688c649c979b91c49dc4a21ddded901136db19381afc6c025e24f7cdd27fc1cc38f44154cf07ea576473d343b093b5f414901b7463caf8e8be7cce938d5b32ccdd844d763ed96d40b6f37b501ab1576b05f499b4c99a4bd738a3f02fc5304e0a8c7028128230b26b99a1c03476b78c3b8774fe4fd9a8fc0f99bd755f0962a3ebe467c25832d6d50ca08aa518dce7c9b0cd52fee255cfc2b97adab2991db288c4ec19b96746933e1017ddb1110975e63fb2143ed10408ae3672cd2406dcc482fbc3d6675ec690f0acb0f3bc2e459b57151edf45691c18a97f00d4def55210bc3dc262c9fbf620cc5f69cd0abf8253bb1f62402a76bebd133447fa915ea518d57f9f0edced0fe1af8bab5243a79c93968c344addb39452b592eb48aa92ecffbfeb2df7e9504058035be2a043b922924c518fef2414a9d94d026f06bffb27d6b0e63c2cf94b1db99e149e9069ed0e16b6a77f0494eeb63d1464adba3a1d781a75b409e8d3c06a59fd1bde016e752e7932c6d3bdfed513dcef4856c22690c4e17d64dc835381bd86a7a1d4037ef84d3d24966d9e51a6bd51a78f24b37999f6b3ab51d6b17efa6bfd13f7d3db4f382101e93d27d3a9b14dded0d17d9e09657aa5ccf9aabddfdf5d8ea14c1fc35908748ade81386140aa633e3b375147944ae3fe643429a40a270f100afbe2881cae32fddfcade12c2529e02c82963e2321043d78d39411af1fe815c55c424169e89161687966312406492bd6ef2fd6567c886f69046e0e4e1f9e3ac3b317f9a321de6b5b7dbf419a556d998f6f539e9add1845070830297d3e100a9f94634e180ba55201752e7dd5dd2268f98e4701413e5b948701f33e3913c7a57f1a2395fd8080b083bac9f1310feccd66c5b40d5cf30e4e0457bcb2512bddcfe3453cc3a15e7347ad59204e807c74ca66f561ea2970c437ffa022abb0480701aa26e72a003845b5e1eb14660664894a7d44c9bd3fb14686f0c65ad5fe62be2003a7a834dc2802cf6d1546ea90da988499e4af99522527b2866c2f90ac98381384adbb206607132a", 0x1000}, {&(0x7f00000011c0)="718965ff6d1c975c6a5212a60bbb2cbe4877a18e5cc12e00", 0x18}, {&(0x7f0000001200)="b962a074f4d8ffc05f72f82c891582d6b5d99125b6cda6106f5836a2ff6b993bd53ee0bbf26364dfe128d1b4c165e8f843e92e37", 0x34}, {&(0x7f0000001240)="5ab87a5f850c2449930253f7fd2c33d0e929e13ee3140c63025d33a9fb661b4ba5dc3d61b4436c3bba0795fd4a46a0197359f2feaecfad3e2b507baf3599478636146d0324efb948ef1d33141c55aef39bc972a00935a7c253dcde56111befe231570dabb0df6888fa5230a277906bf99cacd948f4018accd8baec112289a2a30d09291c3b24e0a49199dab35e013ac2509f8d148913ca9ee87619a6badd7c23abb202ffb724e788d6f8f9fced4514ab176e528b77f8f3b906724ddff85e30612f25d0ac99d4115dd423c59f8ea9f9e48c7f7c6ad907e008a6de16313b20d2d5", 0xe0}, {&(0x7f0000001340)="86ba29bea50a1e62c2a5abcbd84c44520cabb779af477abc8123553205d5d1e1d790dc4330cb2721e6db19d0120a3ae4fcf5c330454dd17b278b0fdc52b8feee3e80257df5f464c6ac", 0x49}], 0x6, 0x0, 0x0, 0x20004011}, 0x4) setsockopt$RXRPC_MIN_SECURITY_LEVEL(r3, 0x110, 0x4, &(0x7f0000000040), 0x4) 03:43:38 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl(r0, 0x1000008912, 0x0) syz_mount_image$hfsplus(&(0x7f0000000040)='hfsplus\x00', &(0x7f0000000080)='./bus\x00', 0x3, 0x1, &(0x7f0000000700)=[{0x0, 0x3b6}], 0x0, 0x0) 03:43:38 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl(r0, 0x1000008912, 0x0) syz_mount_image$hfsplus(&(0x7f0000000040)='hfsplus\x00', &(0x7f0000000080)='./bus\x00', 0x3, 0x1, &(0x7f0000000700)=[{0x0, 0x3b6}], 0x0, 0x0) 03:43:38 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x200000, 0x0) ioctl$EVIOCSABS2F(r1, 0x401845ef, &(0x7f0000000040)={0x6, 0x1, 0xffff, 0x5, 0x16, 0xff}) sendmsg$key(r0, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020e00000c000000000000000000000005000600008000000a00000000000000c27255b09a95df970442ed7934fa00000010c459534dab719f0000000000000000000000000005000500000000000a00000000000000fe800000000000000000671364ffaf71f01c630e9cb12bf71ac796a754aacdf6eb63ddd39a91ee07562cfb24d6be020a2c8bce"], 0x60}}, 0x0) fstatfs(r0, &(0x7f0000000080)=""/16) 03:43:38 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000180)) syz_mount_image$hfsplus(&(0x7f0000000040)='hfsplus\x00', &(0x7f0000000080)='./bus\x00', 0x3, 0x1, &(0x7f0000000700)=[{0x0, 0x3b6}], 0x0, 0x0) [ 1312.510051][ T9527] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 1312.530602][ T9527] CPU: 1 PID: 9527 Comm: syz-executor.4 Not tainted 5.1.0-rc1-next-20190319 #6 [ 1312.539550][ T9527] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1312.549607][ T9527] Call Trace: [ 1312.552901][ T9527] dump_stack+0x172/0x1f0 [ 1312.557242][ T9527] dump_header+0x10f/0xb6c [ 1312.561662][ T9527] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1312.567467][ T9527] ? ___ratelimit+0x60/0x595 [ 1312.572054][ T9527] ? do_raw_spin_unlock+0x57/0x270 [ 1312.577167][ T9527] oom_kill_process.cold+0x10/0x15 [ 1312.582279][ T9527] out_of_memory+0x79a/0x1280 [ 1312.586955][ T9527] ? lock_downgrade+0x880/0x880 [ 1312.591802][ T9527] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1312.598039][ T9527] ? oom_killer_disable+0x280/0x280 [ 1312.603232][ T9527] ? find_held_lock+0x35/0x130 [ 1312.608004][ T9527] mem_cgroup_out_of_memory+0x1ca/0x230 [ 1312.613549][ T9527] ? memcg_event_wake+0x230/0x230 [ 1312.618579][ T9527] ? do_raw_spin_unlock+0x57/0x270 [ 1312.623689][ T9527] ? _raw_spin_unlock+0x2d/0x50 [ 1312.628546][ T9527] try_charge+0x118d/0x1790 [ 1312.633055][ T9527] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1312.638601][ T9527] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1312.644845][ T9527] ? kasan_check_read+0x11/0x20 [ 1312.649697][ T9527] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1312.655253][ T9527] mem_cgroup_try_charge+0x24d/0x5e0 [ 1312.660544][ T9527] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1312.666186][ T9527] __handle_mm_fault+0x1e1f/0x3ec0 [ 1312.671301][ T9527] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1312.676846][ T9527] ? find_held_lock+0x35/0x130 [ 1312.681606][ T9527] ? handle_mm_fault+0x322/0xb30 [ 1312.686555][ T9527] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1312.692796][ T9527] ? kasan_check_read+0x11/0x20 [ 1312.697652][ T9527] handle_mm_fault+0x43f/0xb30 [ 1312.702444][ T9527] __get_user_pages+0x7b6/0x1a40 [ 1312.707393][ T9527] ? follow_page_mask+0x19a0/0x19a0 [ 1312.712585][ T9527] ? perf_trace_lock+0xeb/0x510 [ 1312.717433][ T9527] ? __vma_adjust+0x1840/0x1840 [ 1312.722292][ T9527] ? lock_acquire+0x16f/0x3f0 [ 1312.726966][ T9527] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1312.733557][ T9527] populate_vma_page_range+0x20d/0x2a0 [ 1312.739018][ T9527] __mm_populate+0x204/0x380 [ 1312.743611][ T9527] ? populate_vma_page_range+0x2a0/0x2a0 [ 1312.749251][ T9527] __x64_sys_mlockall+0x35c/0x520 [ 1312.754281][ T9527] do_syscall_64+0x103/0x610 [ 1312.758897][ T9527] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1312.764785][ T9527] RIP: 0033:0x458079 [ 1312.768678][ T9527] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1312.788276][ T9527] RSP: 002b:00007fa3c5772c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 1312.796681][ T9527] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000458079 03:43:39 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000180)) syz_mount_image$hfsplus(&(0x7f0000000040)='hfsplus\x00', &(0x7f0000000080)='./bus\x00', 0x3, 0x1, &(0x7f0000000700)=[{0x0, 0x3b6}], 0x0, 0x0) [ 1312.804650][ T9527] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 1312.812617][ T9527] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1312.820582][ T9527] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa3c57736d4 [ 1312.828544][ T9527] R13: 00000000004c3d3a R14: 00000000004d6f20 R15: 00000000ffffffff [ 1312.870837][ T9527] memory: usage 307200kB, limit 307200kB, failcnt 1692 [ 1312.879157][ T9527] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1312.893608][ T9527] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1312.906963][ T9527] Memory cgroup stats for /syz4: cache:0KB rss:280152KB rss_huge:18432KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:235456KB active_anon:27424KB inactive_file:4KB active_file:0KB unevictable:17488KB [ 1312.936763][ T9527] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=9521,uid=0 [ 1312.952569][ T9527] Memory cgroup out of memory: Killed process 9521 (syz-executor.4) total-vm:72448kB, anon-rss:17336kB, file-rss:37164kB, shmem-rss:0kB [ 1312.967519][ T1043] oom_reaper: reaped process 9521 (syz-executor.4), now anon-rss:17384kB, file-rss:37944kB, shmem-rss:0kB [ 1314.880645][ C1] net_ratelimit: 14 callbacks suppressed [ 1314.880652][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1314.892114][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1314.897897][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1314.903697][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1314.916029][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1314.921830][ C1] protocol 88fb is buggy, dev hsr_slave_1 03:43:41 executing program 0: clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x1) ptrace$cont(0x18, 0x0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x20000000, 0xd0}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 03:43:41 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f000080e000)={0x2, 0xe, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0xffffff80, 0x0, @in6}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0x60}}, 0x0) r1 = syz_init_net_socket$x25(0x9, 0x5, 0x0) r2 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/capi/capi20\x00', 0x1, 0x0) setsockopt$inet6_int(r2, 0x29, 0xa, &(0x7f0000000100)=0x6, 0x4) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000000000)={0x3ff, 0xe9, 0x4, 0x0, 0x0, [{r0, 0x0, 0x1}, {0xffffffffffffff9c, 0x0, 0x3}, {r0, 0x0, 0xfffffffffffffffe}, {r1, 0x0, 0x7}]}) 03:43:41 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000180)) syz_mount_image$hfsplus(&(0x7f0000000040)='hfsplus\x00', &(0x7f0000000080)='./bus\x00', 0x3, 0x1, &(0x7f0000000700)=[{0x0, 0x3b6}], 0x0, 0x0) 03:43:41 executing program 5: socket$inet_sctp(0x2, 0x5, 0x84) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, 0x0, 0x0) r1 = socket(0xa, 0x3, 0x5) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'bridge0\x00\x00\x01\x00'}) setsockopt$ARPT_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x0, 0x61, &(0x7f0000000080)={'filter\x00', 0x4}, 0x68) setsockopt$inet6_mtu(r1, 0x29, 0x17, &(0x7f00000001c0)=0x2, 0x4) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8923, &(0x7f0000000040)={'bridge0\x00', 0xfffffffffffffffd}) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) socket$inet(0x2, 0x4000000000000001, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCBRADDBR(r4, 0x89a0, &(0x7f00000000c0)='bcsf0\x00') setsockopt$inet6_mtu(r3, 0x29, 0x17, &(0x7f00000002c0)=0x7, 0x4) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(tnepres)\x00'}, 0x58) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r2, 0x84, 0x7c, &(0x7f0000000680)={0x0, 0x4}, &(0x7f00000006c0)=0x8) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f0000000700)={0x0, 0x0, 0x2, 0x1, r6}, 0x10) r7 = accept4(r5, 0x0, &(0x7f0000000000), 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000100), 0x0) r8 = syz_genetlink_get_family_id$nbd(&(0x7f0000000740)='nbd\x00') sendmsg$NBD_CMD_STATUS(r4, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)={0x20, r8, 0x20, 0x70bd27, 0x25dfdbfd, {}, [@NBD_ATTR_TIMEOUT={0xc, 0x4, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x4000) sendto$unix(r7, &(0x7f0000000400), 0xfffffffffffffef8, 0x0, 0x0, 0x22) bind$bt_l2cap(r2, &(0x7f0000000280)={0x1f, 0x1000, {0x2, 0x8, 0x9, 0xff, 0x40, 0x65f}, 0x5, 0xa1}, 0xe) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000200)={r3, &(0x7f0000000140)="b127e17bb4729bdbe9df3309c28cfe1b0b69a52b7f9659d9f5e15f2d086700eb94d66d46780f09e48850970774d57053aa6f75", 0x0, 0x1}, 0x20) socket$alg(0x26, 0x5, 0x0) recvmmsg(r7, &(0x7f0000009140)=[{{&(0x7f0000001580)=@in={0x2, 0x0, @dev}, 0x80, &(0x7f0000004840)=[{&(0x7f0000003840)=""/4096, 0x6}, {&(0x7f0000001600)=""/129, 0x7fffeffa}], 0x2, &(0x7f00000048c0)=""/58, 0x3a}}], 0x1, 0x0, &(0x7f0000009340)={0x0, 0x989680}) ioctl$sock_SIOCBRDELBR(r4, 0x89a1, &(0x7f0000000180)='bcsf0\x00\x00\x00\x00\x00\x00\x00\x11\x00') getsockopt$bt_rfcomm_RFCOMM_LM(r3, 0x12, 0x3, &(0x7f0000000380), &(0x7f0000000240)=0x293) sendmsg$nl_xfrm(r0, &(0x7f0000000100)={&(0x7f0000f4dff4), 0xc, &(0x7f0000000040)={&(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000c011100"], 0x1}}, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000600)={'bridge0\x00'}) 03:43:41 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000440), 0x132224) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() setsockopt$IPT_SO_SET_REPLACE(r1, 0x0, 0x40, &(0x7f00000000c0)=ANY=[@ANYBLOB="6e61853167377400000100000000000000000000e4dbb77487e90104000000000040800000000000001b2300000503000018030000cc0000ac010000000000001004d1e090e1fe916dd282e0f34f8dfac0dc1695c4d700001004000010030002d3a379b87c5ade6e27a603551ae6543351c2f2d3c00f3f72e011777424c981c41f852110e5d4a50bc78b2aa66b63012812d04b94d660aab341cfe8364422b866cd445d5d0f4d6715baea5900323e00000000000071cf4f040095006f"], 0x1) ptrace$setopts(0x4206, r2, 0x0, 0x0) wait4(0x0, 0x0, 0x0, 0x0) tkill(r2, 0x0) 03:43:41 executing program 4: socketpair$unix(0x1, 0x0, 0x0, 0x0) r0 = creat(0x0, 0x0) creat(&(0x7f0000000140)='./bus\x00', 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_STATUS(r0, 0xc05c5340, &(0x7f0000000200)={0xff, 0x9, 0xff, {}, 0x2, 0x1}) mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x0, 0x6031, 0xffffffffffffffff, 0x0) fcntl$dupfd(r1, 0x406, 0xffffffffffffffff) 03:43:41 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000180)="0adc1f123c12") syz_mount_image$hfsplus(&(0x7f0000000040)='hfsplus\x00', &(0x7f0000000080)='./bus\x00', 0x3, 0x1, &(0x7f0000000700)=[{0x0, 0x3b6}], 0x0, 0x0) 03:43:41 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="020e00000c000000000000000000000005000600008000000a0000000000000000000000000000000000000000000000000000000000000005000500000000000a00000000000000fe8000000000000000000000000000ff0000000000220000fca65c7e0f728e3425f8fb30c10c36ddabcd7f251d0709f4495c607078e9521ddc52dcc6b9921405e06fd163eb41f9bb8624f210524e0ecaf60fbdd5ee874de09ac5187e0212e65806bcfda398e310455803d51add70ba4215e0ad10ee380236fb48934f0e036827ba2aafb2b144853cb1720d909b972eb51fdfe4fab20da5ab6c517b842e82bdd4924582b70fadabac5b9234eda009000000c83a6b25ed19c059ee15dcb73244cacfbb042464719905afb5d7485e0544c270675c718c8f7a47b1041f13f77d0df585eaf45a568336e8e6c107c1a7e975be8fc06adb36576920f2a5162239005a0a09949819c3e454ac77ace2430bc57f82f22aa141147bf76f0fd783b14625f40954d467d98b3581cd9600"], 0x60}}, 0x0) r1 = openat$autofs(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/autofs\x00', 0x501541, 0x0) getsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(0xffffffffffffff9c, 0x84, 0x13, &(0x7f0000000100)={0x0, 0x1}, &(0x7f0000000140)=0x8) setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r1, 0x84, 0x10, &(0x7f0000000000)=@sack_info={r2, 0x3, 0x3}, 0xc) write$UHID_SET_REPORT_REPLY(r1, &(0x7f0000000340)={0xe, 0xa, 0x0, 0x5, 0x1000, "e4c27f2b266edea62b1fc36255d9d432fbeb0adc018233758193c58de00ec9c54d698c007dc0096005f81a40e17cfbb21febfb18eeaf7dabc2ab3cd8df535e6eb29d88b45105b40e4c9fc63b82966569c5c2d213a1fbed86eb5e02400314fef094c4b16387baa7d1398bb1181620ef78e435d4a0a5bd12fbbbfdaba0152b3625a6217368d11d8963a7297cf432e107141044e65fa464839296d3c8246e0e912ea2e2f2b82b1c977bb4369d89cfcad7d80b090b67f30bab84d92699fdf73d87f3433ea2b6ea1fa812448b61bf9d6c20ebf7565b51c3cf71acbc0bddb1e7fdf6214023bbda08657a6fffb5a5fa97f5db8b8177c18ecb65a04e954b4d1e1dfc16f3527c05e11245cf27aaf186b15f63296aeadd7e054f187f31f53aeaba7113aec3b9493063e07a1ea9e77831cdaad22b9b9a6747fdbac0d6ea0e15e753421777ad63637137c960bd0d465ad9f2f8be375921c0433320a281393dcf5c9acec7191c79736d7e6f342fdb27e7cb6fa2cc4e6a1581de72bd76d084886ccf7be7d12413dd55cfd94f5a945a5ac1416d117c88a7b1359cbb1ad63d9c5a253771791dd6626b937bcf45656c44397f4887b42f786c64f94b12abd033b9b5b590a7936362f09bf05eb7df9feeef8f9ea51bf021dec908bf3512c6c2a359586a806a1372a1a1b88ed0640c1ef3045346892545360bf98967dde58a8f5f2aee849640c0af74dd9dd962c74ac9093831a6b23b00ef757eccde1e7b0b731a30fed6fce945e94d05c8cdd0668a2f5fc877a2ae499cfb74982898ab395f3f07451abd172b7973476b7e7d652d79eb4f1743e3d683fabe80a1956823db403878998f17496bb877681c1ba0ec69a2ff49ac580031b273a3fa1507844f6f01a2aab16eec74ac7d6b919bd3a2825c32c7d7d67da3acb1f7e38443ffd86dbd89cd055706969921c16fea3b453aeaedc1cfe58a3b2060b908de869b243ea71dcb33ec57a23cc04c9bb21f0c31155dd2cd52a26c4466cda6c883dc46256f900475f29baaec3b3fba47264684eb7b2807304f254b83d45eb24b1b87b2e69fed75c88fb08ad81c6bf733d765addb7b1f0801210b13608b0e660a978780e7a84155d3f64de25fcaa3a97987e2b9bd6f95099ab4855fbb60959a5565d4445c241f9435fbdc1cd455549646921cb4bbe372b39edaae07fbc0b7ae2154fec8e23f0b31931939e4629101f37f10b1d21e9b4a3520105f238b16c9a9cfe2e152fa99a53b8221303ee642bba3c62266b45e38e730e91f4c91299fba1e7ea8062c021a9f3d1c08b1e5ec64f7efc96f90e7a7700f371e46da4bb1df8891e0f9c90bfb886d0b8f4208225a98ba2f8022fb000e92bd1651fb0e133e6eab6318e91c348e0f881a499dd62bd814e2b578ec96b99cf449e05e0a4df56b2ea95037cfcef8ba873742dd6eec7f70bb46d7cf227df246626f33da35d3ea0a20a31f26ac43c9a7278ecad934dbc0c8f033a1ca6d872371456020f5c1e5dc8104e693ca5851ea78f3825bcb3e0edec93bcaa80cf7078dd32d882bb228ff30625d7a99cd518ba61c99c8fc43fd049d8b9201785d95329ca2450755fa9c526b8a15cd01e2f58f7eb13d1655a93b405ef987ff0e921ce8aa20caff2f6be1eaa8e1948c589e3bbb8e4c0971476ff065674f40cb3392c61485a9684818296b20f5c8c2e8f1ad49112650ca4b506f96e06963fb4a41094815e4ace7f2100ad8ee60238c4b2ed27b3703845e01bfb8fcac7cffb31a29cfaa85f0d7106cbae2207353cf85c5d998fd3096920ab1d2ad6461538c05506ac0210a1332a575f911c3f827a0d1744eb656bda231ed7f3a66c78c7626ca6d3ed145b875df04f95c1d7ca11f279697fb25a6b4ac920249d612916bd218c1bf2dba11dd3c66a1fbb2abf18992b227ee16c393aaed2cc0a351bb63b2d74cce55ae7032ff67223ba2ca1d4e10652899f80b0fe5161945e39bda4c487fb2362ebf4689c5af4dee4746b10a2f9bfcbe8e215574666145ce405e352b47febffd352bd2eabaef7771bebd10211ef7612706efec87918ef7c5b49adb3262508387cab668025e1c30c19a006c60cfb96b802ca41923eb9b107e512374323b17d5a3de2f1151382f953b6c8eebde048ed61cb9d299d2d6d6880a764d89c394065fb8c6748e4928e4d706a141cf1988b0133214973063892d069ba0b0053b1ae553bf5b00f571b257cc35ef04d13574dacbe4d22d8628ee7a4785671f43f9f4a77a34094b10e8bc6050a1dce2a8e05f87d701c111f7fc880a98c39ee3d8209770fa4df8ffbe384086f14f9cf47e868f4dbcf8efed7b5ab4fca68eb1067bfff80ed9555c3bc3799608875fa604919b312401b61cc28a9edab0284070a212ef190d643889362e4c7bf33473566c115d2b78611d78cef82476610b103abb000d26bc82f4287f4d82b92d313dcd0a957885cedb9854cb995e92ddcd6dd8f0a9a8a12db2f37f3a37360b95bbdb7e808e561ce4f86a2f37cd4c0cc77c9facb3fedb446cdd16e7ec655fe75b7ff0528f77f5e389cf22a0b721d85a4e34a152f2b166f9f2130f7d56a078796ed9ee8eb1bbdd2a7b08df0b89d270a8b5db2b37aebccde2f1d97efffcfc30adde5157f12202636d477600fae2e40d1852f25a52af900c42b213dc512bd219079b3d3d3997f59b19be11cbc247b614f6e3b7decfd65a4513057487662ebfc1132adcab880d24f8a1183570ed5860692d439b8aa87c172207033cc276497d9b7b1617c93b224e0379abc08c26a0fac1f76920f516a827741002c42f72263f2a23de8347b305d84f1e8be41ced348e3298d37315d8a756ddf837040a579a545e0ddfcb14b489fad9439dec4114d5af9d985064fb3ab3acd654dce22d950221883c83393a5dbdd51dd2a693e405d374f6eede21348b2ec2d945661199d809ba80f48a10cfa1be52802065723fb497798b138aec2b1102e3f7f4001ee70f1cdb0ba03ef048b9228dc15bb80d935199ced20635e9c8a57be6966acd003d74892c0df2f058949c22c819bc56e52873818f5b460d37deed3ed30f816d7e6ccbb8b8696bc318a6e3a00ccf1fdeea46b5ec56ae3b5aaf43cbcb07189f1b4d3fbcfd401cca7ee4776d515d76a9de04fed46e4605a613dab5ad1443e57473f9b98ce4d93b47e8b8bcea942eb6c2cdfbb31ded81f427ca6c344e2e05d15df8e14157b0ae253a2032191969438802f9ee20cce1392e0f351f3bb7c67913e6a8d6757842212a91cdc4bb674b10d74eb5f95afc8d2698e9489474f65dcafbd9559abc6353552e24201bef3e20a747a821ff656572674c5dc2f8e8bf4b67f4aed358f27aebce8521cf656aaca05800dbed6a4e1edd69e7d21cdd9dfbb8fdd22d38cff480b6f8b52e86263c571c70c91f39efa1f49661865c2791ab864e88c20bcf65627e13fa09ca20fcc58fa81cfe8a8a4d89f59e28611e47ee50559f6eefc0f95dea42b11c048d8db2a166cd2f745f161c4721a00b596ebcd93726fd5d9f29bdbb5629a6874da1e351134da3b05ca4853ebc0043f9cf1effc7889345d941bc365461e2ddae941e0376f4417227a6ea9368ce99b81adb68d6abdb95308c4b8c3fbc656a497db54526ff5a5e06caf2bfa735fc1572041994b2c3da638fc021da13e56b813cb84a766c904779cface987be7287f1f185ee019735f49695fd9f7eac2b5600bad1752b28d7ac72b924aa929a146dc7298966d685cb9f1d5877addcbe1aff514065a56b0c573a5ad0d5d078c11dd5c7f4ace79450bbb16b19f6b63031d3c8aaaf1656116cf6336ad9cea9277e0f19faf89f0d93b64b0dc8729f11fea9715ca6d1aac99f0e8fa872e261c9a8ce8cae831184233a7755581c4c639941605390d14eadfd49c750755aef1719f60ee52ed7b902cd5bd9c13e5120b231ca23f10a74b9ac659337a6aa28a014f920a77d094e388beaefcd4742c0498ac6c237d224cbdad4e4594d4d182cf3a7362a913d90d3b04f23c91fdbac6fa1eb3f66b960c1e1eead4b014d6fad6e924682eed5c703590330df15e3a1de767fa00ae168ffca379f17c00f33b04f5eda1d00996dcdf83839e9e0ab4b648f73ebcd0b5368108cb0e9541a349a4133eb2e2fc563d519178d78d94eee00804d9825ccaf26127e80281d22d107af3ff9d212619fd73096383a12fc74190955b57fd1cd7d7c80708905c87dc0ddf821f7ad21727bfe68f8903910b87ce67cac8b6070b48f0277c20d657cc7b2aa61b3ac758d1683d33101482633d40924db72d6c3e3b122e95b716441d1c2ccee579e50e76e1e3dbb17ade7a99d1acaad8187fb4a9790d5f27d91c0bb6a3d1977a16fad0ff0bdeaddde7ff4c5d63443a0328574168992d0f3e5e767365afdf0071a33294f1ffe90c4a4756105dabecc4bc8d503f348d303b94237a9e008974ee28bd7e3519d258b9e4a369982517b7f96ba0e467fea25aa3f55d23741b5ee2e06aaa6c2953ede8cb2886526feb402e8cdf774a4c3ab4f09d949419b5345c24fbb7e47fa1c450e536d989a6f72ad0c24693da4d68fd0b2df4c038796f20b87279df1b6c76ea37b601790ed38b28e2f5446a9983f4f25ce4e3a196849d19eb624893db7075b36402d501f4d8a0112635b0365131fc66b4347b4a6faabf73d8ae6761a0fdcb0928cd9a1f8756b5ce1df5683396567c3877f1de62d7354b85366b9d93c2af9deab6138a37f2c14d13f8e7790cdfa8bfa7389ff4b306e504272d47e0bf1a8df632da388dfd913be20392859c9c95885490251c8b3b6afe91bb13f5103f172fea40841f3aa364b86e26cf2871b29cd982cdc64e7c2716f02745736d4cde3d23a3927214f3b7ce6a5e891d9b74ee2571564817d4445124a4615ac0003353ca5e336092d3ddfa04c9a9e8324d8335c5dbe79bd4fefbb6d62d10f896d1b571a8c02b0add04b4d19fbbfcfdcec327301812ab23caecfc8281c9d2106a964ef87dc836d7eea32245330f5c1aaeda424098b4f2c27e56640cea075a724e36b0b425fe531270a1b774bdf35bef3b2a3f0cbd08ead7e0f085912817a34daa1bc4fa431138835027d86dfbead6471d04c3686c88a6a933a63af668c919099f238d944796f1910f75d314c789584177cf85a7dc86bc215508ce4503d5590e30516b1681a40f368400ddf619e5986357cecd38bedbc9534dd34713cf607f11f856a298bd7dd88eac741c5416634d9a89ad7075258e9c4ccf7143522e31c00e581e1d2810ba735621242e9bb744f21d4784bcc0a40982c0a0de68017492ca335d206630a40ae5b9e48ee3af207e4238a0903d666600cedd6570fa11f513d75be0af3dd19c4166891c961572e4e1b5224ee765c642c9f2ebd88c47b65ee843a84faa8226c04a8943a7b52ffda3e1223b3484ca9af18eeb5e407561efee1d241451b4f95a6923f3229de2798474a3409642ee866e7e3803857833c96ef288f4c1a95598aed8d23c0aac08b83fcf08ea3f4f4f59dec6340da5c57ac042cf870d20efef213695a78fe4eeef1855abc99366f39885016cfddc77286263a53b557adedef5529fd85cc68f66c81b39d50c8467f9716372317d15112e912713492a9a7ae26a6c8af31bb166855d6ee48e10455283f4bab2b0655aa862bc6f999a48f0160267c3d3f08e4a06efeb71ccc9d2b9895bdee3031a36c8bc0860b60a9f57b3c5a5fd6e7a9a19a330e26938b87c539ce4f7658d5342f2898e6d50f74a27464c8522724b3014763a95cfa6764c7008c085f5c2d057f2a7e66e42a36c061ac4e9b91cfa06636b2"}, 0x100c) 03:43:41 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000180)="0adc1f123c12") syz_mount_image$hfsplus(&(0x7f0000000040)='hfsplus\x00', &(0x7f0000000080)='./bus\x00', 0x3, 0x1, &(0x7f0000000700)=[{0x0, 0x3b6}], 0x0, 0x0) [ 1315.474543][ T9564] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 1315.503035][ T9564] CPU: 0 PID: 9564 Comm: syz-executor.4 Not tainted 5.1.0-rc1-next-20190319 #6 [ 1315.511991][ T9564] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1315.522054][ T9564] Call Trace: [ 1315.525349][ T9564] dump_stack+0x172/0x1f0 [ 1315.529686][ T9564] dump_header+0x10f/0xb6c [ 1315.534107][ T9564] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1315.539912][ T9564] ? ___ratelimit+0x60/0x595 [ 1315.544504][ T9564] ? do_raw_spin_unlock+0x57/0x270 [ 1315.549646][ T9564] oom_kill_process.cold+0x10/0x15 [ 1315.554761][ T9564] out_of_memory+0x79a/0x1280 [ 1315.559437][ T9564] ? lock_downgrade+0x880/0x880 [ 1315.564284][ T9564] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1315.570524][ T9564] ? oom_killer_disable+0x280/0x280 [ 1315.575725][ T9564] ? find_held_lock+0x35/0x130 [ 1315.580498][ T9564] mem_cgroup_out_of_memory+0x1ca/0x230 [ 1315.586042][ T9564] ? memcg_event_wake+0x230/0x230 [ 1315.591072][ T9564] ? do_raw_spin_unlock+0x57/0x270 [ 1315.596185][ T9564] ? _raw_spin_unlock+0x2d/0x50 [ 1315.601042][ T9564] try_charge+0x118d/0x1790 [ 1315.605551][ T9564] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1315.611100][ T9564] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1315.617341][ T9564] ? kasan_check_read+0x11/0x20 [ 1315.622196][ T9564] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1315.627747][ T9564] mem_cgroup_try_charge+0x24d/0x5e0 [ 1315.633043][ T9564] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1315.638675][ T9564] __handle_mm_fault+0x1e1f/0x3ec0 [ 1315.643793][ T9564] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1315.649334][ T9564] ? find_held_lock+0x35/0x130 [ 1315.654244][ T9564] ? handle_mm_fault+0x322/0xb30 [ 1315.659190][ T9564] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1315.665437][ T9564] ? kasan_check_read+0x11/0x20 [ 1315.670288][ T9564] handle_mm_fault+0x43f/0xb30 [ 1315.675059][ T9564] __get_user_pages+0x7b6/0x1a40 [ 1315.680010][ T9564] ? follow_page_mask+0x19a0/0x19a0 [ 1315.685202][ T9564] ? perf_trace_lock+0xeb/0x510 [ 1315.690053][ T9564] ? __vma_adjust+0x1840/0x1840 [ 1315.694909][ T9564] ? lock_acquire+0x16f/0x3f0 [ 1315.699584][ T9564] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1315.705825][ T9564] populate_vma_page_range+0x20d/0x2a0 [ 1315.711289][ T9564] __mm_populate+0x204/0x380 [ 1315.715885][ T9564] ? populate_vma_page_range+0x2a0/0x2a0 [ 1315.721525][ T9564] __x64_sys_mlockall+0x35c/0x520 [ 1315.726548][ T9564] do_syscall_64+0x103/0x610 [ 1315.731240][ T9564] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1315.737130][ T9564] RIP: 0033:0x458079 [ 1315.741024][ T9564] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1315.760624][ T9564] RSP: 002b:00007fa3c5772c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 03:43:42 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000180)="0adc1f123c12") syz_mount_image$hfsplus(&(0x7f0000000040)='hfsplus\x00', &(0x7f0000000080)='./bus\x00', 0x3, 0x1, &(0x7f0000000700)=[{0x0, 0x3b6}], 0x0, 0x0) [ 1315.769029][ T9564] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000458079 [ 1315.776994][ T9564] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 1315.784969][ T9564] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1315.792935][ T9564] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa3c57736d4 [ 1315.800918][ T9564] R13: 00000000004c3d3a R14: 00000000004d6f20 R15: 00000000ffffffff 03:43:42 executing program 2: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f00000000c0)=0x5) r1 = socket$key(0xf, 0x3, 0x2) bind(r1, &(0x7f0000000000)=@un=@file={0x1, './file0\x00'}, 0x80) r2 = syz_open_dev$dmmidi(&(0x7f0000000080)='/dev/dmmidi#\x00', 0x9, 0x400000) clock_gettime(0x0, &(0x7f0000000140)={0x0, 0x0}) utimensat(r2, &(0x7f0000000100)='./file0\x00', &(0x7f0000000180)={{}, {r3, r4/1000+30000}}, 0x0) getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, &(0x7f00000003c0)={{{@in6=@initdev, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@multicast1}, 0x0, @in6=@initdev}}, &(0x7f00000004c0)=0xe8) ioctl$HCIINQUIRY(r2, 0x800448f0, &(0x7f0000000500)={r5, 0xff, 0x7fff, 0x1ff, 0x6, 0x2, 0xfffffffffffffff7}) r6 = gettid() fcntl$setown(r2, 0x8, r6) getsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(r2, 0x84, 0x75, &(0x7f00000001c0)={0x0}, &(0x7f0000000200)=0xfffffffffffffd4e) setsockopt$inet_sctp6_SCTP_RESET_ASSOC(r2, 0x84, 0x78, &(0x7f0000000240)=r7, 0x4) sendmsg$key(r1, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f000080e000)=ANY=[@ANYBLOB="020e00000c000000000000000000000005001600008000000a0000000000000000000000000000000000000000000000000000000000000005000500000000000a00000000000000fe8000000000000000000000000000ff0000000000000000"], 0x60}}, 0x0) r8 = syz_genetlink_get_family_id$tipc(&(0x7f00000002c0)='TIPC\x00') sendmsg$TIPC_CMD_DISABLE_BEARER(r2, &(0x7f0000000380)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x8a90200}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x2c, r8, 0x20, 0x70bd25, 0x25dfdbff, {{}, 0x0, 0x4102, 0x0, {0x10, 0x13, @l2={'eth', 0x3a, 'hwsim0\x00'}}}, [""]}, 0x2c}, 0x1, 0x0, 0x0, 0x20000000}, 0x4000000) [ 1315.836954][ T9564] memory: usage 307200kB, limit 307200kB, failcnt 1713 [ 1315.855981][ T9564] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 03:43:42 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000180)="0adc1f123c123f3188") syz_mount_image$hfsplus(&(0x7f0000000040)='hfsplus\x00', &(0x7f0000000080)='./bus\x00', 0x3, 0x1, &(0x7f0000000700)=[{0x0, 0x3b6}], 0x0, 0x0) [ 1315.885340][ T9564] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1315.897585][ T9564] Memory cgroup stats for /syz4: cache:0KB rss:280332KB rss_huge:18432KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:235456KB active_anon:27424KB inactive_file:4KB active_file:0KB unevictable:17560KB [ 1315.930726][ T9564] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=9563,uid=0 [ 1316.003893][ T9564] Memory cgroup out of memory: Killed process 9563 (syz-executor.4) total-vm:72448kB, anon-rss:17336kB, file-rss:37164kB, shmem-rss:0kB [ 1316.045610][ T1043] oom_reaper: reaped process 9563 (syz-executor.4), now anon-rss:17384kB, file-rss:37944kB, shmem-rss:0kB [ 1316.080799][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1316.086601][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1316.170710][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1316.176578][ C0] protocol 88fb is buggy, dev hsr_slave_1 03:43:44 executing program 0: clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x1) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 03:43:44 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000180)="0adc1f123c123f3188") syz_mount_image$hfsplus(&(0x7f0000000040)='hfsplus\x00', &(0x7f0000000080)='./bus\x00', 0x3, 0x1, &(0x7f0000000700)=[{0x0, 0x3b6}], 0x0, 0x0) 03:43:44 executing program 5: socket$inet_sctp(0x2, 0x5, 0x84) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, 0x0, 0x0) r1 = socket(0xa, 0x3, 0x5) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'bridge0\x00\x00\x01\x00'}) setsockopt$ARPT_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x0, 0x61, &(0x7f0000000080)={'filter\x00', 0x4}, 0x68) setsockopt$inet6_mtu(r1, 0x29, 0x17, &(0x7f00000001c0)=0x2, 0x4) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8923, &(0x7f0000000040)={'bridge0\x00', 0xfffffffffffffffd}) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) socket$inet(0x2, 0x4000000000000001, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCBRADDBR(r4, 0x89a0, &(0x7f00000000c0)='bcsf0\x00') setsockopt$inet6_mtu(r3, 0x29, 0x17, &(0x7f00000002c0)=0x7, 0x4) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(tnepres)\x00'}, 0x58) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r2, 0x84, 0x7c, &(0x7f0000000680)={0x0, 0x4}, &(0x7f00000006c0)=0x8) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f0000000700)={0x0, 0x0, 0x2, 0x1, r6}, 0x10) r7 = accept4(r5, 0x0, &(0x7f0000000000), 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000100), 0x0) r8 = syz_genetlink_get_family_id$nbd(&(0x7f0000000740)='nbd\x00') sendmsg$NBD_CMD_STATUS(r4, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)={0x20, r8, 0x20, 0x70bd27, 0x25dfdbfd, {}, [@NBD_ATTR_TIMEOUT={0xc, 0x4, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x4000) sendto$unix(r7, &(0x7f0000000400), 0xfffffffffffffef8, 0x0, 0x0, 0x22) bind$bt_l2cap(r2, &(0x7f0000000280)={0x1f, 0x1000, {0x2, 0x8, 0x9, 0xff, 0x40, 0x65f}, 0x5, 0xa1}, 0xe) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000200)={r3, &(0x7f0000000140)="b127e17bb4729bdbe9df3309c28cfe1b0b69a52b7f9659d9f5e15f2d086700eb94d66d46780f09e48850970774d57053aa6f75", 0x0, 0x1}, 0x20) socket$alg(0x26, 0x5, 0x0) recvmmsg(r7, &(0x7f0000009140)=[{{&(0x7f0000001580)=@in={0x2, 0x0, @dev}, 0x80, &(0x7f0000004840)=[{&(0x7f0000003840)=""/4096, 0x6}, {&(0x7f0000001600)=""/129, 0x7fffeffa}], 0x2, &(0x7f00000048c0)=""/58, 0x3a}}], 0x1, 0x0, &(0x7f0000009340)={0x0, 0x989680}) ioctl$sock_SIOCBRDELBR(r4, 0x89a1, &(0x7f0000000180)='bcsf0\x00\x00\x00\x00\x00\x00\x00\x11\x00') getsockopt$bt_rfcomm_RFCOMM_LM(r3, 0x12, 0x3, &(0x7f0000000380), &(0x7f0000000240)=0x293) sendmsg$nl_xfrm(r0, &(0x7f0000000100)={&(0x7f0000f4dff4), 0xc, &(0x7f0000000040)={&(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000c011100"], 0x1}}, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000600)={'bridge0\x00'}) 03:43:44 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) r1 = timerfd_create(0x0, 0x0) ioctl$UI_SET_KEYBIT(r1, 0x40085400, 0x0) r2 = syz_open_dev$media(&(0x7f0000000040)='/dev/media#\x00', 0x3, 0x800) write$uinput_user_dev(r2, &(0x7f0000000080)={'syz1\x00', {0x81, 0x100000000, 0x357a, 0x9}, 0x1a, [0x5dce, 0x4, 0xffffffff, 0x800, 0x7f, 0x10000, 0x3, 0x1, 0x7ff, 0xfffffffffffffffd, 0x2c35, 0xffffffff, 0x8, 0x3, 0x4, 0x10001, 0x9, 0x12917869, 0x0, 0x6, 0x2, 0x8, 0x20, 0x0, 0x6, 0x6, 0x3f, 0x4, 0x3, 0x6, 0x1c7800000000, 0xfffffffffffffffc, 0x100000001, 0xe0b, 0x8, 0xfffffffffffffff7, 0x1fffffffe0000, 0x5, 0xffffffffffffffff, 0x7, 0x3, 0x8, 0x7, 0x6, 0x7ff, 0x1, 0x2b, 0x5, 0x4, 0x800, 0x230, 0x254, 0x5, 0x6, 0x8, 0x4, 0x54d480000000, 0x1, 0x7, 0x7, 0x2, 0x2, 0x100000001, 0xdb6000], [0x0, 0x3, 0x1b, 0x4, 0xd1, 0x80000001, 0x0, 0x3, 0x5ecc52f0, 0x6, 0xfffffffffffffeff, 0x200, 0x6, 0x400, 0x7, 0x100000001, 0xe, 0x2, 0x80000000, 0x7, 0x7be, 0x8001, 0xffffffffffffe57a, 0x4, 0xc5b, 0x8000, 0xffffffffffffffff, 0x3, 0x7f, 0x9, 0xff, 0x8, 0xff, 0x10000, 0x3, 0x4, 0x0, 0x30, 0x7, 0x3, 0x5, 0xfff, 0x3add, 0x2, 0x8, 0xd2b, 0x8, 0x621, 0x20, 0xa92, 0x100, 0x100000000, 0x2748, 0x3, 0x1, 0x6c5, 0x7, 0xfffffffffffffffd, 0x4, 0xff, 0x44, 0x1, 0x1, 0x100000001], [0xffffffffffff04bc, 0x3, 0x6, 0x4, 0x80000000, 0x5, 0x1, 0x8, 0x62d, 0x81, 0x0, 0x7, 0x1, 0x91d, 0x9, 0x92, 0x2, 0x0, 0x10001, 0x7fff, 0x8, 0xbc, 0x1, 0x7f, 0x80000000, 0x100000001, 0x1000, 0x200, 0x80000001, 0x80, 0x6087c629, 0x0, 0x5, 0xbc2d, 0x1f, 0x0, 0xfffffffffffffffc, 0x0, 0xfffffffffffffff9, 0x40, 0x2, 0x1, 0x3f, 0x80000000, 0x58, 0x200, 0x9, 0x101, 0xc6a, 0x6, 0x9, 0x100000001, 0x9f6, 0x9, 0x0, 0x2, 0x2, 0x3, 0x8001, 0x1f, 0x4, 0x6, 0x672ae564, 0x6], [0x20, 0xfb4d, 0x5db06792, 0x6, 0x7, 0x200, 0x6, 0x3, 0x4fa, 0x8, 0x5, 0x31, 0x1, 0x100000001, 0x3, 0x4, 0x9, 0x800, 0x7f, 0x4, 0x100000001, 0xff, 0x9, 0x6, 0x1, 0x0, 0x0, 0x1, 0x6, 0x3, 0x0, 0xffffffff, 0x3f, 0x3, 0xffffffffffff7fff, 0x100, 0x5, 0x1, 0x43, 0x40, 0x225, 0x58, 0x16, 0x8, 0x0, 0x7, 0x5, 0x8, 0x3, 0x1, 0x0, 0x6, 0x6, 0xffffffff, 0x6, 0x9, 0xffffffffffffc887, 0x8, 0xfd, 0x2000000000000000, 0x7a5, 0x10000, 0x1, 0xf8000000]}, 0x45c) r3 = syz_open_dev$cec(&(0x7f0000000000)='/dev/cec#\x00', 0x1, 0x2) ioctl$NBD_SET_SIZE(r3, 0xab02, 0x501d) sendmsg$key(r0, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f000080e000)={0x2, 0xe, 0x0, 0x0, 0x200000cf, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0xffffff80, 0x0, @in6}, @sadb_x_nat_t_type]}, 0x1c9}}, 0x4004000) 03:43:44 executing program 3: clone(0x4000003102041ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() futex(&(0x7f0000000140)=0x2, 0x0, 0x2, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3f) write$P9_RREAD(0xffffffffffffffff, &(0x7f0000000100)=ANY=[@ANYBLOB="ff2ec731b031a6fa6ffa3e9c9898de24678c28ae560240efb7efff7902ac678fb3c599afcd576bec5dea8f60beaef1ffff0700050074efe561"], 0x39) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f00000000c0)) ptrace$cont(0x7, r0, 0x0, 0x0) 03:43:44 executing program 4: socketpair$unix(0x1, 0x0, 0x0, 0x0) r0 = creat(0x0, 0x0) creat(&(0x7f0000000140)='./bus\x00', 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_STATUS(r0, 0xc05c5340, &(0x7f0000000200)={0xff, 0x9, 0xff, {}, 0x2, 0x1}) mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x0, 0x6031, 0xffffffffffffffff, 0x0) fcntl$dupfd(r1, 0x406, 0xffffffffffffffff) 03:43:44 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000180)="0adc1f123c123f3188") syz_mount_image$hfsplus(&(0x7f0000000040)='hfsplus\x00', &(0x7f0000000080)='./bus\x00', 0x3, 0x1, &(0x7f0000000700)=[{0x0, 0x3b6}], 0x0, 0x0) 03:43:44 executing program 3: clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_inet_SIOCGIFBRDADDR(0xffffffffffffffff, 0x8919, 0x0) r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$packet_buf(0xffffffffffffffff, 0x107, 0x0, &(0x7f0000000080)="df6c51c7bf5f8a4d8643869e4ccb891cdfcdf8426b0192fdaceef8985d539aa3ca359c284afc17", 0x27) ioctl$sock_inet_SIOCSIFBRDADDR(0xffffffffffffffff, 0x891a, &(0x7f00000000c0)={'ip6_vth0\x00', {0x2, 0x0, @multicast2}}) setsockopt$inet6_buf(r0, 0x29, 0x80000000000040, &(0x7f0000000080), 0x0) 03:43:44 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000180)="0adc1f123c123f3188b0") syz_mount_image$hfsplus(&(0x7f0000000040)='hfsplus\x00', &(0x7f0000000080)='./bus\x00', 0x3, 0x1, &(0x7f0000000700)=[{0x0, 0x3b6}], 0x0, 0x0) 03:43:44 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) r1 = syz_open_dev$dmmidi(&(0x7f0000000000)='/dev/dmmidi#\x00', 0x1, 0x40000) ioctl$SNDRV_RAWMIDI_IOCTL_PARAMS(r1, 0xc0305710, &(0x7f0000000040)={0x1, 0x200, 0xfffffffffffeffff, 0x1}) sendmsg$key(r0, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000000300)=ANY=[@ANYBLOB="2aa5fdaefd0d2831719f7373b0d6351835cf770d563d3a80be2b", @ANYBLOB="30a7ffb3b0041d8c8a77a3c044bcafdc39d6af1356b8cc0c31edf52d04dab0b3013c775bb8a52c0afe488053aa628df41594be98fc0eef0ee8606b7133", @ANYRESOCT=r0, @ANYPTR64=&(0x7f00000001c0)=ANY=[@ANYPTR64=&(0x7f0000000080)=ANY=[@ANYBLOB="01a8c69cfac15edebeffcfa1a7ec76a58ac7780add5e2c03da1580fa117e583f4e2715f6c689e8a0715447f12e9cbeeab3d7f838c35bc0083358e51230e03516d52f10836bf1b81478cd1eb43b8cd30798041d965a080c716fe7df68a3aab1de13cf4c45afad75101def4bf4dde14864eacab6dac6c711bb39520d379c62f6959baa847f95ae9f2c5247e0b55a5f161710ccd40c20bf859f496a2c981c3a74f7766b05e8", @ANYRESHEX=r0, @ANYBLOB="6bf065e9dca340746599f4a997b660385df1c7fbbabed959d4944ef794c1f9097591d3a2ea27a462b27ff18983a7e09a37389ae095af07b6627d2d237ff7ac140096639b85f42af66afc7c82212a", @ANYRESDEC=r0], @ANYRESHEX=0x0]], 0x76}}, 0x3) ioctl$KVM_ARM_SET_DEVICE_ADDR(r1, 0x4010aeab, &(0x7f0000000200)={0xff, 0x5000}) getsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r1, 0x84, 0x18, &(0x7f00000002c0)={0x0, 0x8}, &(0x7f0000000380)=0x8) getsockopt$inet_sctp_SCTP_RTOINFO(r1, 0x84, 0x0, &(0x7f00000003c0)={r2, 0x1e, 0x5, 0x2}, &(0x7f0000000400)=0x10) getsockname$tipc(r1, &(0x7f0000000240), &(0x7f0000000280)=0x10) 03:43:44 executing program 3: clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_inet_SIOCGIFBRDADDR(0xffffffffffffffff, 0x8919, 0x0) r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$packet_buf(0xffffffffffffffff, 0x107, 0x0, &(0x7f0000000080)="df6c51c7bf5f8a4d8643869e4ccb891cdfcdf8426b0192fdaceef8985d539aa3ca359c284afc17", 0x27) ioctl$sock_inet_SIOCSIFBRDADDR(0xffffffffffffffff, 0x891a, &(0x7f00000000c0)={'ip6_vth0\x00', {0x2, 0x0, @multicast2}}) setsockopt$inet6_buf(r0, 0x29, 0x80000000000040, &(0x7f0000000080), 0x0) 03:43:44 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000180)="0adc1f123c123f3188b0") syz_mount_image$hfsplus(&(0x7f0000000040)='hfsplus\x00', &(0x7f0000000080)='./bus\x00', 0x3, 0x1, &(0x7f0000000700)=[{0x0, 0x3b6}], 0x0, 0x0) [ 1318.579388][ T9607] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 1318.614466][ T9607] CPU: 1 PID: 9607 Comm: syz-executor.4 Not tainted 5.1.0-rc1-next-20190319 #6 [ 1318.623430][ T9607] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1318.633490][ T9607] Call Trace: [ 1318.636787][ T9607] dump_stack+0x172/0x1f0 [ 1318.641108][ T9607] dump_header+0x10f/0xb6c [ 1318.645511][ T9607] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1318.651325][ T9607] ? ___ratelimit+0x60/0x595 [ 1318.655908][ T9607] ? do_raw_spin_unlock+0x57/0x270 [ 1318.661006][ T9607] oom_kill_process.cold+0x10/0x15 [ 1318.666104][ T9607] out_of_memory+0x79a/0x1280 [ 1318.670773][ T9607] ? lock_downgrade+0x880/0x880 [ 1318.675614][ T9607] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1318.681850][ T9607] ? oom_killer_disable+0x280/0x280 [ 1318.687043][ T9607] ? find_held_lock+0x35/0x130 [ 1318.691796][ T9607] mem_cgroup_out_of_memory+0x1ca/0x230 [ 1318.697324][ T9607] ? memcg_event_wake+0x230/0x230 [ 1318.702335][ T9607] ? do_raw_spin_unlock+0x57/0x270 [ 1318.707432][ T9607] ? _raw_spin_unlock+0x2d/0x50 [ 1318.712269][ T9607] try_charge+0x118d/0x1790 [ 1318.716759][ T9607] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1318.722290][ T9607] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1318.728516][ T9607] ? kasan_check_read+0x11/0x20 [ 1318.733354][ T9607] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1318.738885][ T9607] mem_cgroup_try_charge+0x24d/0x5e0 [ 1318.744159][ T9607] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1318.749777][ T9607] __handle_mm_fault+0x1e1f/0x3ec0 [ 1318.754876][ T9607] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1318.760437][ T9607] ? find_held_lock+0x35/0x130 [ 1318.765184][ T9607] ? handle_mm_fault+0x322/0xb30 [ 1318.770112][ T9607] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1318.776336][ T9607] ? kasan_check_read+0x11/0x20 [ 1318.781174][ T9607] handle_mm_fault+0x43f/0xb30 [ 1318.785923][ T9607] __get_user_pages+0x7b6/0x1a40 [ 1318.790865][ T9607] ? follow_page_mask+0x19a0/0x19a0 [ 1318.796058][ T9607] ? perf_trace_lock+0xeb/0x510 [ 1318.800889][ T9607] ? __vma_adjust+0x1840/0x1840 [ 1318.805733][ T9607] ? lock_acquire+0x16f/0x3f0 [ 1318.810393][ T9607] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1318.816632][ T9607] populate_vma_page_range+0x20d/0x2a0 [ 1318.822084][ T9607] __mm_populate+0x204/0x380 [ 1318.826675][ T9607] ? populate_vma_page_range+0x2a0/0x2a0 [ 1318.832314][ T9607] __x64_sys_mlockall+0x35c/0x520 [ 1318.837343][ T9607] do_syscall_64+0x103/0x610 [ 1318.841923][ T9607] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1318.847803][ T9607] RIP: 0033:0x458079 [ 1318.851683][ T9607] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1318.871317][ T9607] RSP: 002b:00007fa3c5772c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 1318.879735][ T9607] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000458079 [ 1318.887687][ T9607] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 1318.895654][ T9607] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1318.903619][ T9607] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa3c57736d4 [ 1318.911599][ T9607] R13: 00000000004c3d3a R14: 00000000004d6f20 R15: 00000000ffffffff [ 1318.922196][ T9607] memory: usage 307200kB, limit 307200kB, failcnt 1734 [ 1318.930783][ T9607] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1318.938388][ T9607] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1318.950375][ T9607] Memory cgroup stats for /syz4: cache:0KB rss:280264KB rss_huge:18432KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:235456KB active_anon:27424KB inactive_file:4KB active_file:0KB unevictable:17572KB [ 1318.973591][ T9607] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=9602,uid=0 [ 1318.989231][ T9607] Memory cgroup out of memory: Killed process 9602 (syz-executor.4) total-vm:72448kB, anon-rss:17336kB, file-rss:37164kB, shmem-rss:0kB [ 1319.003786][ T1043] oom_reaper: reaped process 9602 (syz-executor.4), now anon-rss:17384kB, file-rss:37940kB, shmem-rss:0kB [ 1320.240762][ C1] net_ratelimit: 16 callbacks suppressed [ 1320.240772][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1320.252440][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1320.320648][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1320.326416][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1321.120617][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1321.126416][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1321.132209][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1321.137939][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1321.143727][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1321.149453][ C1] protocol 88fb is buggy, dev hsr_slave_1 03:43:47 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000180)="0adc1f123c123f3188b0") syz_mount_image$hfsplus(&(0x7f0000000040)='hfsplus\x00', &(0x7f0000000080)='./bus\x00', 0x3, 0x1, &(0x7f0000000700)=[{0x0, 0x3b6}], 0x0, 0x0) 03:43:47 executing program 0: clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x1) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 03:43:47 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f000080e000)={0x2, 0xe, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0xffffff80, 0x0, @in6}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0x60}}, 0x0) setsockopt(r0, 0xd, 0x3f, &(0x7f0000000000)="4cbe51660df7", 0x6) 03:43:47 executing program 3: clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_inet_SIOCGIFBRDADDR(0xffffffffffffffff, 0x8919, 0x0) r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$packet_buf(0xffffffffffffffff, 0x107, 0x0, &(0x7f0000000080)="df6c51c7bf5f8a4d8643869e4ccb891cdfcdf8426b0192fdaceef8985d539aa3ca359c284afc17", 0x27) ioctl$sock_inet_SIOCSIFBRDADDR(0xffffffffffffffff, 0x891a, &(0x7f00000000c0)={'ip6_vth0\x00', {0x2, 0x0, @multicast2}}) setsockopt$inet6_buf(r0, 0x29, 0x80000000000040, &(0x7f0000000080), 0x0) 03:43:47 executing program 4: socketpair$unix(0x1, 0x0, 0x0, 0x0) r0 = creat(0x0, 0x0) creat(&(0x7f0000000140)='./bus\x00', 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_STATUS(r0, 0xc05c5340, &(0x7f0000000200)={0xff, 0x9, 0xff, {}, 0x2, 0x1}) mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x0, 0x6031, 0xffffffffffffffff, 0x0) fcntl$dupfd(r1, 0x406, 0xffffffffffffffff) 03:43:47 executing program 5: socket$inet_sctp(0x2, 0x5, 0x84) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, 0x0, 0x0) r1 = socket(0xa, 0x3, 0x5) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'bridge0\x00\x00\x01\x00'}) setsockopt$ARPT_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x0, 0x61, &(0x7f0000000080)={'filter\x00', 0x4}, 0x68) setsockopt$inet6_mtu(r1, 0x29, 0x17, &(0x7f00000001c0)=0x2, 0x4) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8923, &(0x7f0000000040)={'bridge0\x00', 0xfffffffffffffffd}) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) socket$inet(0x2, 0x4000000000000001, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCBRADDBR(r4, 0x89a0, &(0x7f00000000c0)='bcsf0\x00') setsockopt$inet6_mtu(r3, 0x29, 0x17, &(0x7f00000002c0)=0x7, 0x4) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(tnepres)\x00'}, 0x58) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r2, 0x84, 0x7c, &(0x7f0000000680)={0x0, 0x4}, &(0x7f00000006c0)=0x8) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f0000000700)={0x0, 0x0, 0x2, 0x1, r6}, 0x10) r7 = accept4(r5, 0x0, &(0x7f0000000000), 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000100), 0x0) r8 = syz_genetlink_get_family_id$nbd(&(0x7f0000000740)='nbd\x00') sendmsg$NBD_CMD_STATUS(r4, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)={0x20, r8, 0x20, 0x70bd27, 0x25dfdbfd, {}, [@NBD_ATTR_TIMEOUT={0xc, 0x4, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x4000) sendto$unix(r7, &(0x7f0000000400), 0xfffffffffffffef8, 0x0, 0x0, 0x22) bind$bt_l2cap(r2, &(0x7f0000000280)={0x1f, 0x1000, {0x2, 0x8, 0x9, 0xff, 0x40, 0x65f}, 0x5, 0xa1}, 0xe) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000200)={r3, &(0x7f0000000140)="b127e17bb4729bdbe9df3309c28cfe1b0b69a52b7f9659d9f5e15f2d086700eb94d66d46780f09e48850970774d57053aa6f75", 0x0, 0x1}, 0x20) socket$alg(0x26, 0x5, 0x0) recvmmsg(r7, &(0x7f0000009140)=[{{&(0x7f0000001580)=@in={0x2, 0x0, @dev}, 0x80, &(0x7f0000004840)=[{&(0x7f0000003840)=""/4096, 0x6}, {&(0x7f0000001600)=""/129, 0x7fffeffa}], 0x2, &(0x7f00000048c0)=""/58, 0x3a}}], 0x1, 0x0, &(0x7f0000009340)={0x0, 0x989680}) ioctl$sock_SIOCBRDELBR(r4, 0x89a1, &(0x7f0000000180)='bcsf0\x00\x00\x00\x00\x00\x00\x00\x11\x00') getsockopt$bt_rfcomm_RFCOMM_LM(r3, 0x12, 0x3, &(0x7f0000000380), &(0x7f0000000240)=0x293) sendmsg$nl_xfrm(r0, &(0x7f0000000100)={&(0x7f0000f4dff4), 0xc, &(0x7f0000000040)={&(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000c011100"], 0x1}}, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000600)={'bridge0\x00'}) 03:43:47 executing program 3: clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_inet_SIOCGIFBRDADDR(0xffffffffffffffff, 0x8919, 0x0) r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$packet_buf(0xffffffffffffffff, 0x107, 0x0, &(0x7f0000000080)="df6c51c7bf5f8a4d8643869e4ccb891cdfcdf8426b0192fdaceef8985d539aa3ca359c284afc17", 0x27) ioctl$sock_inet_SIOCSIFBRDADDR(0xffffffffffffffff, 0x891a, &(0x7f00000000c0)={'ip6_vth0\x00', {0x2, 0x0, @multicast2}}) setsockopt$inet6_buf(r0, 0x29, 0x80000000000040, &(0x7f0000000080), 0x0) 03:43:47 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000180)="0adc1f123c123f3188b070") syz_mount_image$hfsplus(0x0, &(0x7f0000000080)='./bus\x00', 0x3, 0x1, &(0x7f0000000700)=[{0x0}], 0x0, 0x0) 03:43:47 executing program 0: clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x1) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 03:43:47 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000000)=0x241, 0x4) sendmsg$key(r0, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f000080e000)={0x2, 0xe, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0xffffff80, 0x0, @in6}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0x60}}, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000000c0)={0xffffffffffffffff, 0x50, &(0x7f0000000040)}, 0x10) ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, {0x2, 0x4e24, @empty}, {0x2, 0x4e23, @local}, {0x2, 0x4e22, @loopback}, 0x80, 0x0, 0x0, 0x0, 0x401, &(0x7f0000000100)='bridge_slave_1\x00', 0x6504, 0x7, 0x6}) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) getsockopt$bt_l2cap_L2CAP_LM(r1, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x4) 03:43:47 executing program 3: clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_inet_SIOCGIFBRDADDR(0xffffffffffffffff, 0x8919, 0x0) r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$packet_buf(0xffffffffffffffff, 0x107, 0x0, &(0x7f0000000080)="df6c51c7bf5f8a4d8643869e4ccb891cdfcdf8426b0192fdaceef8985d539aa3ca359c284afc17", 0x27) setsockopt$inet6_buf(r0, 0x29, 0x80000000000040, &(0x7f0000000080), 0x0) 03:43:47 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000180)="0adc1f123c123f3188b070") syz_mount_image$hfsplus(0x0, &(0x7f0000000080)='./bus\x00', 0x3, 0x1, &(0x7f0000000700)=[{0x0}], 0x0, 0x0) 03:43:47 executing program 3: clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_inet_SIOCGIFBRDADDR(0xffffffffffffffff, 0x8919, 0x0) r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$packet_buf(0xffffffffffffffff, 0x107, 0x0, &(0x7f0000000080)="df6c51c7bf5f8a4d8643869e4ccb891cdfcdf8426b0192fdaceef8985d539aa3ca359c284afc17", 0x27) setsockopt$inet6_buf(r0, 0x29, 0x80000000000040, &(0x7f0000000080), 0x0) 03:43:48 executing program 3: clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_inet_SIOCGIFBRDADDR(0xffffffffffffffff, 0x8919, 0x0) r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$packet_buf(0xffffffffffffffff, 0x107, 0x0, &(0x7f0000000080)="df6c51c7bf5f8a4d8643869e4ccb891cdfcdf8426b0192fdaceef8985d539aa3ca359c284afc17", 0x27) setsockopt$inet6_buf(r0, 0x29, 0x80000000000040, &(0x7f0000000080), 0x0) 03:43:48 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000180)="0adc1f123c123f3188b070") syz_mount_image$hfsplus(0x0, &(0x7f0000000080)='./bus\x00', 0x3, 0x1, &(0x7f0000000700)=[{0x0}], 0x0, 0x0) 03:43:48 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f000080e000)={0x2, 0xe, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0xffffff80, 0x0, @in6}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0x60}}, 0x0) chdir(&(0x7f0000000000)='./file0\x00') [ 1321.708984][ T9645] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 1321.720709][ T9645] CPU: 1 PID: 9645 Comm: syz-executor.4 Not tainted 5.1.0-rc1-next-20190319 #6 [ 1321.729672][ T9645] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1321.739897][ T9645] Call Trace: [ 1321.743183][ T9645] dump_stack+0x172/0x1f0 [ 1321.747544][ T9645] dump_header+0x10f/0xb6c [ 1321.751980][ T9645] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1321.757807][ T9645] ? ___ratelimit+0x60/0x595 [ 1321.762405][ T9645] ? do_raw_spin_unlock+0x57/0x270 [ 1321.767519][ T9645] oom_kill_process.cold+0x10/0x15 [ 1321.772616][ T9645] out_of_memory+0x79a/0x1280 [ 1321.777281][ T9645] ? lock_downgrade+0x880/0x880 [ 1321.782125][ T9645] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1321.788369][ T9645] ? oom_killer_disable+0x280/0x280 [ 1321.793565][ T9645] ? find_held_lock+0x35/0x130 [ 1321.798358][ T9645] mem_cgroup_out_of_memory+0x1ca/0x230 [ 1321.803908][ T9645] ? memcg_event_wake+0x230/0x230 [ 1321.808953][ T9645] ? do_raw_spin_unlock+0x57/0x270 [ 1321.814067][ T9645] ? _raw_spin_unlock+0x2d/0x50 [ 1321.818932][ T9645] try_charge+0x118d/0x1790 [ 1321.823471][ T9645] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1321.829050][ T9645] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1321.835288][ T9645] ? kasan_check_read+0x11/0x20 [ 1321.840128][ T9645] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1321.845660][ T9645] mem_cgroup_try_charge+0x24d/0x5e0 [ 1321.850962][ T9645] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1321.856612][ T9645] __handle_mm_fault+0x1e1f/0x3ec0 [ 1321.861734][ T9645] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1321.867265][ T9645] ? find_held_lock+0x35/0x130 [ 1321.872013][ T9645] ? handle_mm_fault+0x322/0xb30 [ 1321.876970][ T9645] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1321.883223][ T9645] ? kasan_check_read+0x11/0x20 [ 1321.888063][ T9645] handle_mm_fault+0x43f/0xb30 [ 1321.892830][ T9645] __get_user_pages+0x7b6/0x1a40 [ 1321.898109][ T9645] ? follow_page_mask+0x19a0/0x19a0 [ 1321.903294][ T9645] ? perf_trace_lock+0xeb/0x510 [ 1321.908137][ T9645] ? __vma_adjust+0x1840/0x1840 [ 1321.913427][ T9645] ? lock_acquire+0x16f/0x3f0 [ 1321.918090][ T9645] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1321.924357][ T9645] populate_vma_page_range+0x20d/0x2a0 [ 1321.929819][ T9645] __mm_populate+0x204/0x380 [ 1321.934421][ T9645] ? populate_vma_page_range+0x2a0/0x2a0 [ 1321.940060][ T9645] __x64_sys_mlockall+0x35c/0x520 [ 1321.945083][ T9645] do_syscall_64+0x103/0x610 [ 1321.949680][ T9645] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1321.955580][ T9645] RIP: 0033:0x458079 [ 1321.959474][ T9645] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1321.979059][ T9645] RSP: 002b:00007fa3c5772c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 1321.987452][ T9645] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000458079 [ 1321.995405][ T9645] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 1322.003406][ T9645] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1322.011363][ T9645] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa3c57736d4 [ 1322.019319][ T9645] R13: 00000000004c3d3a R14: 00000000004d6f20 R15: 00000000ffffffff [ 1322.029983][ T9645] memory: usage 307200kB, limit 307200kB, failcnt 1769 [ 1322.036906][ T9645] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1322.044693][ T9645] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1322.051915][ T9645] Memory cgroup stats for /syz4: cache:0KB rss:280360KB rss_huge:18432KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:235456KB active_anon:27424KB inactive_file:4KB active_file:0KB unevictable:17560KB [ 1322.074471][ T9645] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=9644,uid=0 03:43:48 executing program 5: socket$inet_sctp(0x2, 0x5, 0x84) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f00000003c0)=ANY=[], 0x0) r1 = socket(0xa, 0x3, 0x5) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'bridge0\x00\x00\x01\x00'}) setsockopt$ARPT_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x0, 0x61, &(0x7f0000000080)={'filter\x00', 0x4}, 0x68) setsockopt$inet6_mtu(r1, 0x29, 0x17, &(0x7f00000001c0)=0x2, 0x4) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8923, &(0x7f0000000040)={'bridge0\x00', 0xfffffffffffffffd}) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) socket$inet(0x2, 0x4000000000000001, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCBRADDBR(r4, 0x89a0, &(0x7f00000000c0)='bcsf0\x00') setsockopt$inet6_mtu(r3, 0x29, 0x17, &(0x7f00000002c0)=0x7, 0x4) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(tnepres)\x00'}, 0x58) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r2, 0x84, 0x7c, &(0x7f0000000680)={0x0, 0x4}, &(0x7f00000006c0)=0x8) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f0000000700)={0x0, 0x0, 0x2, 0x1, r6}, 0x10) r7 = accept4(r5, 0x0, &(0x7f0000000000), 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000100), 0x0) r8 = syz_genetlink_get_family_id$nbd(&(0x7f0000000740)='nbd\x00') sendmsg$NBD_CMD_STATUS(r4, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)={0x20, r8, 0x20, 0x70bd27, 0x25dfdbfd, {}, [@NBD_ATTR_TIMEOUT={0xc, 0x4, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x4000) sendto$unix(r7, &(0x7f0000000400), 0xfffffffffffffef8, 0x0, 0x0, 0x22) bind$bt_l2cap(r2, &(0x7f0000000280)={0x1f, 0x1000, {0x2, 0x8, 0x9, 0xff, 0x40, 0x65f}, 0x5, 0xa1}, 0xe) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000200)={r3, &(0x7f0000000140)="b127e17bb4729bdbe9df3309c28cfe1b0b69a52b7f9659d9f5e15f2d086700eb94d66d46780f09e48850970774d57053aa6f75", 0x0, 0x1}, 0x20) socket$alg(0x26, 0x5, 0x0) recvmmsg(r7, &(0x7f0000009140)=[{{&(0x7f0000001580)=@in={0x2, 0x0, @dev}, 0x80, &(0x7f0000004840)=[{&(0x7f0000003840)=""/4096, 0x6}, {&(0x7f0000001600)=""/129, 0x7fffeffa}], 0x2, &(0x7f00000048c0)=""/58, 0x3a}}], 0x1, 0x0, &(0x7f0000009340)={0x0, 0x989680}) ioctl$sock_SIOCBRDELBR(r4, 0x89a1, &(0x7f0000000180)='bcsf0\x00\x00\x00\x00\x00\x00\x00\x11\x00') getsockopt$bt_rfcomm_RFCOMM_LM(r3, 0x12, 0x3, &(0x7f0000000380), &(0x7f0000000240)=0x293) sendmsg$nl_xfrm(r0, &(0x7f0000000100)={&(0x7f0000f4dff4), 0xc, &(0x7f0000000040)={&(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000c011100"], 0x1}}, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000600)={'bridge0\x00'}) [ 1322.108644][ T9645] Memory cgroup out of memory: Killed process 9644 (syz-executor.4) total-vm:72448kB, anon-rss:17336kB, file-rss:37164kB, shmem-rss:0kB 03:43:48 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) mount$9p_rdma(&(0x7f0000000100)='127.0.0.1\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x200000, &(0x7f00000001c0)={'trans=rdma,', {'port', 0x3d, 0x4e22}, 0x2c, {[{@common=@debug={'debug', 0x3d, 0x5}}], [{@rootcontext={'rootcontext', 0x3d, 'system_u'}}, {@dont_appraise='dont_appraise'}]}}) sendmsg$key(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000000040)={0x2, 0xe, 0x0, 0x0, 0x18, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0xffffff80, 0x0, @in6}, @sadb_x_sec_ctx={0x11, 0x18, 0x473, 0x4, 0x7d, "40390dc687eeeb658c3891886a10c430a440f140a8555222429590bebd9d450e7dcc821c2f6ed9e7827a8991728570058a3b54570be9ded71a71c0d2ba83630110a0f66021ba5c7cf6e429de0358ed32dc57951264d4e8b4a051ce5e798ab81b2ea7a21d817eaf846834448c47ff73396cf3fd5dffecb43c9f92635ed3"}]}, 0xc0}}, 0x0) 03:43:48 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000180)="0adc1f123c123f3188b070") syz_mount_image$hfsplus(&(0x7f0000000040)='hfsplus\x00', 0x0, 0x3, 0x1, &(0x7f0000000700)=[{0x0}], 0x0, 0x0) 03:43:48 executing program 3: clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_inet_SIOCGIFBRDADDR(0xffffffffffffffff, 0x8919, 0x0) r0 = socket$inet6(0xa, 0x1, 0x0) ioctl$sock_inet_SIOCSIFBRDADDR(0xffffffffffffffff, 0x891a, &(0x7f00000000c0)={'ip6_vth0\x00', {0x2, 0x0, @multicast2}}) setsockopt$inet6_buf(r0, 0x29, 0x80000000000040, &(0x7f0000000080), 0x0) 03:43:50 executing program 0: clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x1) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0xd0}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 03:43:50 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) prctl$PR_GET_CHILD_SUBREAPER(0x25) getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000000)={'raw\x00'}, &(0x7f0000000140)=0x54) setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x27, &(0x7f0000000080)={@multicast1, @local}, 0xc) add_key(&(0x7f00000000c0)='cifs.idmap\x00', &(0x7f0000000200)={'syz', 0x2}, &(0x7f0000000300)="a11261f45bc7576fff76c8fbb4803c46539586a6984496fa6f6b929febd5a47d39af5d3b6e9b878ee2d2ace1d2fbf6a55ba5e3299a25f409cdc0ef81bf025e984c76792a8e31c72ad44a5b852bdf7e", 0x4f, 0xfffffffffffffffc) add_key(&(0x7f0000000240)='user\x00', &(0x7f0000000480)={'syz', 0x0}, &(0x7f0000000500)="177ed3f5899e6a51165a8611bf86d0c1dff5826138f0e68d1af11bcabee0a0bca4baf582908f78f1b68285734b5171d58fb75edab5121bd2444d", 0x3a, 0xfffffffffffffffe) fstat(r0, &(0x7f00000006c0)) memfd_create(&(0x7f00000001c0)='\x00', 0x2) clone(0x2102001fff, 0x0, 0xfffffffffffffffe, &(0x7f0000000100), 0xffffffffffffffff) ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0x40086200, &(0x7f0000000380)=0x4) request_key(&(0x7f0000000140)='dns_resolver\x00', &(0x7f0000000680)={'syz', 0x2}, &(0x7f0000000280)='syz', 0x0) shmctl$SHM_STAT(0x0, 0xd, &(0x7f0000000540)=""/153) 03:43:50 executing program 3: clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_inet_SIOCGIFBRDADDR(0xffffffffffffffff, 0x8919, 0x0) r0 = socket$inet6(0xa, 0x1, 0x0) ioctl$sock_inet_SIOCSIFBRDADDR(0xffffffffffffffff, 0x891a, &(0x7f00000000c0)={'ip6_vth0\x00', {0x2, 0x0, @multicast2}}) setsockopt$inet6_buf(r0, 0x29, 0x80000000000040, &(0x7f0000000080), 0x0) 03:43:50 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000180)="0adc1f123c123f3188b070") syz_mount_image$hfsplus(&(0x7f0000000040)='hfsplus\x00', 0x0, 0x3, 0x1, &(0x7f0000000700)=[{0x0}], 0x0, 0x0) 03:43:50 executing program 2: r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dlm_plock\x00', 0x80, 0x0) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f00000027c0)=@req={0x6, 0x8, 0x4c50}, 0x10) r1 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r1, &(0x7f00005f5000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="020e00000c000000000000000000000005000600008000000a0000000000000000000038c10000000000080b9b3754cc3fcbb6685a5d00000000001e000000000000000005000500000000000a00000000000000fe8000000000000000000000"], 0x23}}, 0x0) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f00000013c0)={0x0, @in6={{0xa, 0x4e23, 0x2ab, @mcast2}}, 0x7, 0xddb, 0x7, 0xee4e, 0x2000000000000}, &(0x7f0000000100)=0x98) setsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r0, 0x84, 0xa, &(0x7f0000001480)={0x0, 0x5ae45689, 0x204, 0x1f, 0x1e, 0x1, 0x1, 0x0, r2}, 0x20) ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f0000000140)=0x0) process_vm_readv(r3, &(0x7f0000003800)=[{&(0x7f0000000180)=""/4096, 0x1000}, {&(0x7f0000001180)=""/113, 0x71}, {&(0x7f0000001200)=""/253, 0xfd}, {&(0x7f0000001300)=""/159, 0x9f}, {&(0x7f0000002800)=""/4096, 0x1000}], 0x5, &(0x7f0000002740)=[{&(0x7f0000002440)=""/72, 0x48}, {&(0x7f00000024c0)=""/214, 0x8}, {&(0x7f00000025c0)=""/65, 0x41}, {&(0x7f0000002640)=""/210, 0xd2}], 0x4, 0x0) 03:43:50 executing program 5: socket$inet_sctp(0x2, 0x5, 0x84) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f00000003c0)=ANY=[], 0x0) r1 = socket(0xa, 0x3, 0x5) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'bridge0\x00\x00\x01\x00'}) setsockopt$ARPT_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x0, 0x61, &(0x7f0000000080)={'filter\x00', 0x4}, 0x68) setsockopt$inet6_mtu(r1, 0x29, 0x17, &(0x7f00000001c0)=0x2, 0x4) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8923, &(0x7f0000000040)={'bridge0\x00', 0xfffffffffffffffd}) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) socket$inet(0x2, 0x4000000000000001, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCBRADDBR(r4, 0x89a0, &(0x7f00000000c0)='bcsf0\x00') setsockopt$inet6_mtu(r3, 0x29, 0x17, &(0x7f00000002c0)=0x7, 0x4) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(tnepres)\x00'}, 0x58) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r2, 0x84, 0x7c, &(0x7f0000000680)={0x0, 0x4}, &(0x7f00000006c0)=0x8) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f0000000700)={0x0, 0x0, 0x2, 0x1, r6}, 0x10) r7 = accept4(r5, 0x0, &(0x7f0000000000), 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000100), 0x0) r8 = syz_genetlink_get_family_id$nbd(&(0x7f0000000740)='nbd\x00') sendmsg$NBD_CMD_STATUS(r4, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)={0x20, r8, 0x20, 0x70bd27, 0x25dfdbfd, {}, [@NBD_ATTR_TIMEOUT={0xc, 0x4, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x4000) sendto$unix(r7, &(0x7f0000000400), 0xfffffffffffffef8, 0x0, 0x0, 0x22) bind$bt_l2cap(r2, &(0x7f0000000280)={0x1f, 0x1000, {0x2, 0x8, 0x9, 0xff, 0x40, 0x65f}, 0x5, 0xa1}, 0xe) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000200)={r3, &(0x7f0000000140)="b127e17bb4729bdbe9df3309c28cfe1b0b69a52b7f9659d9f5e15f2d086700eb94d66d46780f09e48850970774d57053aa6f75", 0x0, 0x1}, 0x20) socket$alg(0x26, 0x5, 0x0) recvmmsg(r7, &(0x7f0000009140)=[{{&(0x7f0000001580)=@in={0x2, 0x0, @dev}, 0x80, &(0x7f0000004840)=[{&(0x7f0000003840)=""/4096, 0x6}, {&(0x7f0000001600)=""/129, 0x7fffeffa}], 0x2, &(0x7f00000048c0)=""/58, 0x3a}}], 0x1, 0x0, &(0x7f0000009340)={0x0, 0x989680}) ioctl$sock_SIOCBRDELBR(r4, 0x89a1, &(0x7f0000000180)='bcsf0\x00\x00\x00\x00\x00\x00\x00\x11\x00') getsockopt$bt_rfcomm_RFCOMM_LM(r3, 0x12, 0x3, &(0x7f0000000380), &(0x7f0000000240)=0x293) sendmsg$nl_xfrm(r0, &(0x7f0000000100)={&(0x7f0000f4dff4), 0xc, &(0x7f0000000040)={&(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000c011100"], 0x1}}, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000600)={'bridge0\x00'}) 03:43:50 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) prctl$PR_GET_CHILD_SUBREAPER(0x25) getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000000)={'raw\x00'}, &(0x7f0000000140)=0x54) setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x27, &(0x7f0000000080)={@multicast1, @local}, 0xc) add_key(&(0x7f00000000c0)='cifs.idmap\x00', &(0x7f0000000200)={'syz', 0x2}, &(0x7f0000000300)="a11261f45bc7576fff76c8fbb4803c46539586a6984496fa6f6b929febd5a47d39af5d3b6e9b878ee2d2ace1d2fbf6a55ba5e3299a25f409cdc0ef81bf025e984c76792a8e31c72ad44a5b852bdf7e", 0x4f, 0xfffffffffffffffc) add_key(&(0x7f0000000240)='user\x00', &(0x7f0000000480)={'syz', 0x0}, &(0x7f0000000500)="177ed3f5899e6a51165a8611bf86d0c1dff5826138f0e68d1af11bcabee0a0bca4baf582908f78f1b68285734b5171d58fb75edab5121bd2444d", 0x3a, 0xfffffffffffffffe) fstat(r0, &(0x7f00000006c0)) memfd_create(&(0x7f00000001c0)='\x00', 0x2) clone(0x2102001fff, 0x0, 0xfffffffffffffffe, &(0x7f0000000100), 0xffffffffffffffff) ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0x40086200, &(0x7f0000000380)=0x4) request_key(&(0x7f0000000140)='dns_resolver\x00', &(0x7f0000000680)={'syz', 0x2}, &(0x7f0000000280)='syz', 0x0) shmctl$SHM_STAT(0x0, 0xd, &(0x7f0000000540)=""/153) 03:43:50 executing program 3: clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_inet_SIOCGIFBRDADDR(0xffffffffffffffff, 0x8919, 0x0) r0 = socket$inet6(0xa, 0x1, 0x0) ioctl$sock_inet_SIOCSIFBRDADDR(0xffffffffffffffff, 0x891a, &(0x7f00000000c0)={'ip6_vth0\x00', {0x2, 0x0, @multicast2}}) setsockopt$inet6_buf(r0, 0x29, 0x80000000000040, &(0x7f0000000080), 0x0) 03:43:50 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) prctl$PR_GET_CHILD_SUBREAPER(0x25) getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000000)={'raw\x00'}, &(0x7f0000000140)=0x54) setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x27, &(0x7f0000000080)={@multicast1, @local}, 0xc) add_key(&(0x7f00000000c0)='cifs.idmap\x00', &(0x7f0000000200)={'syz', 0x2}, &(0x7f0000000300)="a11261f45bc7576fff76c8fbb4803c46539586a6984496fa6f6b929febd5a47d39af5d3b6e9b878ee2d2ace1d2fbf6a55ba5e3299a25f409cdc0ef81bf025e984c76792a8e31c72ad44a5b852bdf7e", 0x4f, 0xfffffffffffffffc) add_key(&(0x7f0000000240)='user\x00', &(0x7f0000000480)={'syz', 0x0}, &(0x7f0000000500)="177ed3f5899e6a51165a8611bf86d0c1dff5826138f0e68d1af11bcabee0a0bca4baf582908f78f1b68285734b5171d58fb75edab5121bd2444d", 0x3a, 0xfffffffffffffffe) fstat(r0, &(0x7f00000006c0)) memfd_create(&(0x7f00000001c0)='\x00', 0x2) clone(0x2102001fff, 0x0, 0xfffffffffffffffe, &(0x7f0000000100), 0xffffffffffffffff) ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0x40086200, &(0x7f0000000380)=0x4) request_key(&(0x7f0000000140)='dns_resolver\x00', &(0x7f0000000680)={'syz', 0x2}, &(0x7f0000000280)='syz', 0x0) shmctl$SHM_STAT(0x0, 0xd, &(0x7f0000000540)=""/153) 03:43:50 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000180)="0adc1f123c123f3188b070") syz_mount_image$hfsplus(&(0x7f0000000040)='hfsplus\x00', 0x0, 0x3, 0x1, &(0x7f0000000700)=[{0x0}], 0x0, 0x0) 03:43:51 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) lsetxattr$security_capability(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='security.capability\x00', &(0x7f00000000c0)=@v2={0x2000000, [{0x3, 0x6}, {0x1, 0x800}]}, 0x14, 0x1) sendmsg$key(r0, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f000080e000)={0x2, 0xe, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0xffffff80, 0x0, @in6}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0x60}}, 0x0) fcntl$F_SET_RW_HINT(r0, 0x40c, &(0x7f0000000000)) 03:43:51 executing program 3: clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_inet_SIOCGIFBRDADDR(0xffffffffffffffff, 0x8919, 0x0) setsockopt$packet_buf(0xffffffffffffffff, 0x107, 0x0, &(0x7f0000000080)="df6c51c7bf5f8a4d8643869e4ccb891cdfcdf8426b0192fdaceef8985d539aa3ca359c284afc17", 0x27) ioctl$sock_inet_SIOCSIFBRDADDR(0xffffffffffffffff, 0x891a, &(0x7f00000000c0)={'ip6_vth0\x00', {0x2, 0x0, @multicast2}}) setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x80000000000040, &(0x7f0000000080), 0x0) [ 1325.280654][ C1] net_ratelimit: 14 callbacks suppressed [ 1325.280664][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1325.292190][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1325.298001][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1325.303810][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1325.309587][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1325.315383][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1326.480656][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1326.486455][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1326.560668][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1326.566446][ C0] protocol 88fb is buggy, dev hsr_slave_1 03:43:53 executing program 0: clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x1) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0xd0}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 03:43:53 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) prctl$PR_GET_CHILD_SUBREAPER(0x25) getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000000)={'raw\x00'}, &(0x7f0000000140)=0x54) setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x27, &(0x7f0000000080)={@multicast1, @local}, 0xc) add_key(&(0x7f00000000c0)='cifs.idmap\x00', &(0x7f0000000200)={'syz', 0x2}, &(0x7f0000000300)="a11261f45bc7576fff76c8fbb4803c46539586a6984496fa6f6b929febd5a47d39af5d3b6e9b878ee2d2ace1d2fbf6a55ba5e3299a25f409cdc0ef81bf025e984c76792a8e31c72ad44a5b852bdf7e", 0x4f, 0xfffffffffffffffc) add_key(&(0x7f0000000240)='user\x00', &(0x7f0000000480)={'syz', 0x0}, &(0x7f0000000500)="177ed3f5899e6a51165a8611bf86d0c1dff5826138f0e68d1af11bcabee0a0bca4baf582908f78f1b68285734b5171d58fb75edab5121bd2444d", 0x3a, 0xfffffffffffffffe) fstat(r0, &(0x7f00000006c0)) memfd_create(&(0x7f00000001c0)='\x00', 0x2) clone(0x2102001fff, 0x0, 0xfffffffffffffffe, &(0x7f0000000100), 0xffffffffffffffff) ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0x40086200, &(0x7f0000000380)=0x4) request_key(&(0x7f0000000140)='dns_resolver\x00', &(0x7f0000000680)={'syz', 0x2}, &(0x7f0000000280)='syz', 0x0) shmctl$SHM_STAT(0x0, 0xd, &(0x7f0000000540)=""/153) 03:43:53 executing program 3: clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_inet_SIOCGIFBRDADDR(0xffffffffffffffff, 0x8919, 0x0) setsockopt$packet_buf(0xffffffffffffffff, 0x107, 0x0, &(0x7f0000000080)="df6c51c7bf5f8a4d8643869e4ccb891cdfcdf8426b0192fdaceef8985d539aa3ca359c284afc17", 0x27) ioctl$sock_inet_SIOCSIFBRDADDR(0xffffffffffffffff, 0x891a, &(0x7f00000000c0)={'ip6_vth0\x00', {0x2, 0x0, @multicast2}}) setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x80000000000040, &(0x7f0000000080), 0x0) 03:43:53 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000180)="0adc1f123c123f3188b070") syz_mount_image$hfsplus(&(0x7f0000000040)='hfsplus\x00', &(0x7f0000000080)='./bus\x00', 0x0, 0x1, &(0x7f0000000700)=[{0x0, 0x3b6}], 0x0, 0x0) 03:43:53 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) sendmsg$key(r0, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f000080e000)={0x2, 0xe, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0xffffff80, 0x0, @in6}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0x60}}, 0x0) 03:43:53 executing program 5: socket$inet_sctp(0x2, 0x5, 0x84) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f00000003c0)=ANY=[], 0x0) r1 = socket(0xa, 0x3, 0x5) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'bridge0\x00\x00\x01\x00'}) setsockopt$ARPT_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x0, 0x61, &(0x7f0000000080)={'filter\x00', 0x4}, 0x68) setsockopt$inet6_mtu(r1, 0x29, 0x17, &(0x7f00000001c0)=0x2, 0x4) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8923, &(0x7f0000000040)={'bridge0\x00', 0xfffffffffffffffd}) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) socket$inet(0x2, 0x4000000000000001, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCBRADDBR(r4, 0x89a0, &(0x7f00000000c0)='bcsf0\x00') setsockopt$inet6_mtu(r3, 0x29, 0x17, &(0x7f00000002c0)=0x7, 0x4) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(tnepres)\x00'}, 0x58) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r2, 0x84, 0x7c, &(0x7f0000000680)={0x0, 0x4}, &(0x7f00000006c0)=0x8) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f0000000700)={0x0, 0x0, 0x2, 0x1, r6}, 0x10) r7 = accept4(r5, 0x0, &(0x7f0000000000), 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000100), 0x0) r8 = syz_genetlink_get_family_id$nbd(&(0x7f0000000740)='nbd\x00') sendmsg$NBD_CMD_STATUS(r4, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)={0x20, r8, 0x20, 0x70bd27, 0x25dfdbfd, {}, [@NBD_ATTR_TIMEOUT={0xc, 0x4, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x4000) sendto$unix(r7, &(0x7f0000000400), 0xfffffffffffffef8, 0x0, 0x0, 0x22) bind$bt_l2cap(r2, &(0x7f0000000280)={0x1f, 0x1000, {0x2, 0x8, 0x9, 0xff, 0x40, 0x65f}, 0x5, 0xa1}, 0xe) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000200)={r3, &(0x7f0000000140)="b127e17bb4729bdbe9df3309c28cfe1b0b69a52b7f9659d9f5e15f2d086700eb94d66d46780f09e48850970774d57053aa6f75", 0x0, 0x1}, 0x20) socket$alg(0x26, 0x5, 0x0) recvmmsg(r7, &(0x7f0000009140)=[{{&(0x7f0000001580)=@in={0x2, 0x0, @dev}, 0x80, &(0x7f0000004840)=[{&(0x7f0000003840)=""/4096, 0x6}, {&(0x7f0000001600)=""/129, 0x7fffeffa}], 0x2, &(0x7f00000048c0)=""/58, 0x3a}}], 0x1, 0x0, &(0x7f0000009340)={0x0, 0x989680}) ioctl$sock_SIOCBRDELBR(r4, 0x89a1, &(0x7f0000000180)='bcsf0\x00\x00\x00\x00\x00\x00\x00\x11\x00') getsockopt$bt_rfcomm_RFCOMM_LM(r3, 0x12, 0x3, &(0x7f0000000380), &(0x7f0000000240)=0x293) sendmsg$nl_xfrm(r0, &(0x7f0000000100)={&(0x7f0000f4dff4), 0xc, &(0x7f0000000040)={&(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000c011100"], 0x1}}, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000600)={'bridge0\x00'}) 03:43:54 executing program 3: clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_inet_SIOCGIFBRDADDR(0xffffffffffffffff, 0x8919, 0x0) setsockopt$packet_buf(0xffffffffffffffff, 0x107, 0x0, &(0x7f0000000080)="df6c51c7bf5f8a4d8643869e4ccb891cdfcdf8426b0192fdaceef8985d539aa3ca359c284afc17", 0x27) ioctl$sock_inet_SIOCSIFBRDADDR(0xffffffffffffffff, 0x891a, &(0x7f00000000c0)={'ip6_vth0\x00', {0x2, 0x0, @multicast2}}) setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x80000000000040, &(0x7f0000000080), 0x0) 03:43:54 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000180)="0adc1f123c123f3188b070") syz_mount_image$hfsplus(&(0x7f0000000040)='hfsplus\x00', &(0x7f0000000080)='./bus\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 03:43:54 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000091fa8)={0x26, 'hash\x00', 0x0, 0x0, 'hmac(sha256)\x00'}, 0x58) r1 = accept$alg(r0, 0x0, 0x0) connect(0xffffffffffffffff, 0x0, 0x0) r2 = getpid() ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) sched_setattr(r2, &(0x7f00000002c0)={0x0, 0x2, 0x0, 0x0, 0x3}, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmmsg(r1, &(0x7f0000003040)=[{{0x0, 0x0, &(0x7f0000000100), 0x0, &(0x7f0000001700)}}], 0x40000e5, 0x0) 03:43:54 executing program 3: clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$packet_buf(0xffffffffffffffff, 0x107, 0x0, &(0x7f0000000080)="df6c51c7bf5f8a4d8643869e4ccb891cdfcdf8426b0192fdaceef8985d539aa3ca359c284afc17", 0x27) ioctl$sock_inet_SIOCSIFBRDADDR(0xffffffffffffffff, 0x891a, &(0x7f00000000c0)={'ip6_vth0\x00', {0x2, 0x0, @multicast2}}) setsockopt$inet6_buf(r0, 0x29, 0x80000000000040, &(0x7f0000000080), 0x0) 03:43:54 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f000080e000)={0x2, 0xe, 0x0, 0xf, 0x5, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0xffffff80, 0x0, @in6}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0x60}}, 0x0) r1 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000000)='/dev/cachefiles\x00', 0x20102, 0x0) ioctl$EVIOCSKEYCODE_V2(r1, 0x40284504, &(0x7f0000000080)={0x401, 0x15, 0x800, 0x1fffffffc00, "d5581cc841c2dca6e60232df648c8f9a0d1508830032ca1765e55c0e73533e71"}) setsockopt$RDS_CANCEL_SENT_TO(r1, 0x114, 0x1, &(0x7f0000000040)={0x2, 0x4e22, @remote}, 0x10) 03:43:54 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000180)="0adc1f123c123f3188b070") syz_mount_image$hfsplus(&(0x7f0000000040)='hfsplus\x00', &(0x7f0000000080)='./bus\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 03:43:57 executing program 0: clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x1) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0xd0}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 03:43:57 executing program 2: r0 = getpid() sched_setattr(r0, &(0x7f0000000180)={0x0, 0x2, 0x0, 0x0, 0x1}, 0x0) ioctl(0xffffffffffffffff, 0x1, 0x0) syz_open_dev$dri(0x0, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r2 = syz_open_dev$sndseq(&(0x7f0000000800)='/dev/snd/seq\x00', 0x0, 0x1) r3 = dup2(r2, r1) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r3, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00'}) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_INFO(0xffffffffffffffff, 0xc08c5334, &(0x7f00000001c0)={0xf48b, 0x0, 0x0, 'queue1\x00'}) write$sndseq(r1, &(0x7f0000000000), 0xffd7) setsockopt(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) flistxattr(0xffffffffffffffff, 0x0, 0x0) ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, 0x0) ioctl$sock_netdev_private(0xffffffffffffffff, 0x0, 0x0) write$FUSE_NOTIFY_STORE(r3, &(0x7f0000000000)={0x28}, 0x28) 03:43:57 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000180)="0adc1f123c123f3188b070") syz_mount_image$hfsplus(&(0x7f0000000040)='hfsplus\x00', &(0x7f0000000080)='./bus\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 03:43:57 executing program 3: r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$packet_buf(0xffffffffffffffff, 0x107, 0x0, &(0x7f0000000080)="df6c51c7bf5f8a4d8643869e4ccb891cdfcdf8426b0192fdaceef8985d539aa3ca359c284afc17", 0x27) ioctl$sock_inet_SIOCSIFBRDADDR(0xffffffffffffffff, 0x891a, &(0x7f00000000c0)={'ip6_vth0\x00', {0x2, 0x0, @multicast2}}) setsockopt$inet6_buf(r0, 0x29, 0x80000000000040, &(0x7f0000000080), 0x0) 03:43:57 executing program 4: 03:43:57 executing program 5: socket$inet_sctp(0x2, 0x5, 0x84) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f00000003c0)=ANY=[@ANYBLOB], 0x0) r1 = socket(0xa, 0x3, 0x5) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'bridge0\x00\x00\x01\x00'}) setsockopt$ARPT_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x0, 0x61, &(0x7f0000000080)={'filter\x00', 0x4}, 0x68) setsockopt$inet6_mtu(r1, 0x29, 0x17, &(0x7f00000001c0)=0x2, 0x4) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8923, &(0x7f0000000040)={'bridge0\x00', 0xfffffffffffffffd}) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) socket$inet(0x2, 0x4000000000000001, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCBRADDBR(r4, 0x89a0, &(0x7f00000000c0)='bcsf0\x00') setsockopt$inet6_mtu(r3, 0x29, 0x17, &(0x7f00000002c0)=0x7, 0x4) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(tnepres)\x00'}, 0x58) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r2, 0x84, 0x7c, &(0x7f0000000680)={0x0, 0x4}, &(0x7f00000006c0)=0x8) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f0000000700)={0x0, 0x0, 0x2, 0x1, r6}, 0x10) r7 = accept4(r5, 0x0, &(0x7f0000000000), 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000100), 0x0) r8 = syz_genetlink_get_family_id$nbd(&(0x7f0000000740)='nbd\x00') sendmsg$NBD_CMD_STATUS(r4, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)={0x20, r8, 0x20, 0x70bd27, 0x25dfdbfd, {}, [@NBD_ATTR_TIMEOUT={0xc, 0x4, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x4000) sendto$unix(r7, &(0x7f0000000400), 0xfffffffffffffef8, 0x0, 0x0, 0x22) bind$bt_l2cap(r2, &(0x7f0000000280)={0x1f, 0x1000, {0x2, 0x8, 0x9, 0xff, 0x40, 0x65f}, 0x5, 0xa1}, 0xe) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000200)={r3, &(0x7f0000000140)="b127e17bb4729bdbe9df3309c28cfe1b0b69a52b7f9659d9f5e15f2d086700eb94d66d46780f09e48850970774d57053aa6f75", 0x0, 0x1}, 0x20) socket$alg(0x26, 0x5, 0x0) recvmmsg(r7, &(0x7f0000009140)=[{{&(0x7f0000001580)=@in={0x2, 0x0, @dev}, 0x80, &(0x7f0000004840)=[{&(0x7f0000003840)=""/4096, 0x6}, {&(0x7f0000001600)=""/129, 0x7fffeffa}], 0x2, &(0x7f00000048c0)=""/58, 0x3a}}], 0x1, 0x0, &(0x7f0000009340)={0x0, 0x989680}) ioctl$sock_SIOCBRDELBR(r4, 0x89a1, &(0x7f0000000180)='bcsf0\x00\x00\x00\x00\x00\x00\x00\x11\x00') getsockopt$bt_rfcomm_RFCOMM_LM(r3, 0x12, 0x3, &(0x7f0000000380), &(0x7f0000000240)=0x293) sendmsg$nl_xfrm(r0, &(0x7f0000000100)={&(0x7f0000f4dff4), 0xc, &(0x7f0000000040)={&(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000c011100"], 0x1}}, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000600)={'bridge0\x00'}) 03:43:57 executing program 4: [ 1330.650648][ C1] net_ratelimit: 16 callbacks suppressed [ 1330.650657][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1330.662197][ C1] protocol 88fb is buggy, dev hsr_slave_1 03:43:57 executing program 1: 03:43:57 executing program 2: [ 1330.720634][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1330.726471][ C0] protocol 88fb is buggy, dev hsr_slave_1 03:43:57 executing program 1: 03:43:57 executing program 2: 03:43:57 executing program 4: r0 = syz_open_dev$video(&(0x7f0000000280)='/dev/video#\x00', 0x9, 0x0) ioctl$VIDIOC_G_DV_TIMINGS(r0, 0xc0845658, &(0x7f0000000000)) [ 1331.530665][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1331.536464][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1331.542300][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1331.548068][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1331.553901][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1331.559667][ C1] protocol 88fb is buggy, dev hsr_slave_1 03:44:00 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$vfat(&(0x7f00000001c0)='vfat\x00', &(0x7f0000000080)='./file0\x00', 0x100000000000e002, 0x1, &(0x7f0000000100)=[{&(0x7f0000000140)="f264c86d4f66732e6684740002046a266300077021f0", 0x16}], 0x0, 0x0) 03:44:00 executing program 3: r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$packet_buf(0xffffffffffffffff, 0x107, 0x0, &(0x7f0000000080)="df6c51c7bf5f8a4d8643869e4ccb891cdfcdf8426b0192fdaceef8985d539aa3ca359c284afc17", 0x27) ioctl$sock_inet_SIOCSIFBRDADDR(0xffffffffffffffff, 0x891a, &(0x7f00000000c0)={'ip6_vth0\x00', {0x2, 0x0, @multicast2}}) setsockopt$inet6_buf(r0, 0x29, 0x80000000000040, &(0x7f0000000080), 0x0) 03:44:00 executing program 5: socket$inet_sctp(0x2, 0x5, 0x84) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f00000003c0)=ANY=[@ANYBLOB], 0x0) r1 = socket(0xa, 0x3, 0x5) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'bridge0\x00\x00\x01\x00'}) setsockopt$ARPT_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x0, 0x61, &(0x7f0000000080)={'filter\x00', 0x4}, 0x68) setsockopt$inet6_mtu(r1, 0x29, 0x17, &(0x7f00000001c0)=0x2, 0x4) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8923, &(0x7f0000000040)={'bridge0\x00', 0xfffffffffffffffd}) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) socket$inet(0x2, 0x4000000000000001, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCBRADDBR(r4, 0x89a0, &(0x7f00000000c0)='bcsf0\x00') setsockopt$inet6_mtu(r3, 0x29, 0x17, &(0x7f00000002c0)=0x7, 0x4) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(tnepres)\x00'}, 0x58) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r2, 0x84, 0x7c, &(0x7f0000000680)={0x0, 0x4}, &(0x7f00000006c0)=0x8) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f0000000700)={0x0, 0x0, 0x2, 0x1, r6}, 0x10) r7 = accept4(r5, 0x0, &(0x7f0000000000), 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000100), 0x0) r8 = syz_genetlink_get_family_id$nbd(&(0x7f0000000740)='nbd\x00') sendmsg$NBD_CMD_STATUS(r4, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)={0x20, r8, 0x20, 0x70bd27, 0x25dfdbfd, {}, [@NBD_ATTR_TIMEOUT={0xc, 0x4, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x4000) sendto$unix(r7, &(0x7f0000000400), 0xfffffffffffffef8, 0x0, 0x0, 0x22) bind$bt_l2cap(r2, &(0x7f0000000280)={0x1f, 0x1000, {0x2, 0x8, 0x9, 0xff, 0x40, 0x65f}, 0x5, 0xa1}, 0xe) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000200)={r3, &(0x7f0000000140)="b127e17bb4729bdbe9df3309c28cfe1b0b69a52b7f9659d9f5e15f2d086700eb94d66d46780f09e48850970774d57053aa6f75", 0x0, 0x1}, 0x20) socket$alg(0x26, 0x5, 0x0) recvmmsg(r7, &(0x7f0000009140)=[{{&(0x7f0000001580)=@in={0x2, 0x0, @dev}, 0x80, &(0x7f0000004840)=[{&(0x7f0000003840)=""/4096, 0x6}, {&(0x7f0000001600)=""/129, 0x7fffeffa}], 0x2, &(0x7f00000048c0)=""/58, 0x3a}}], 0x1, 0x0, &(0x7f0000009340)={0x0, 0x989680}) ioctl$sock_SIOCBRDELBR(r4, 0x89a1, &(0x7f0000000180)='bcsf0\x00\x00\x00\x00\x00\x00\x00\x11\x00') getsockopt$bt_rfcomm_RFCOMM_LM(r3, 0x12, 0x3, &(0x7f0000000380), &(0x7f0000000240)=0x293) sendmsg$nl_xfrm(r0, &(0x7f0000000100)={&(0x7f0000f4dff4), 0xc, &(0x7f0000000040)={&(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000c011100"], 0x1}}, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000600)={'bridge0\x00'}) 03:44:00 executing program 0: clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x1) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x20000000}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 03:44:00 executing program 1: r0 = syz_open_dev$evdev(&(0x7f00000009c0)='/dev/input/event#\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$EVIOCGSND(r0, 0x8040451a, &(0x7f00000001c0)=""/251) 03:44:00 executing program 4: r0 = syz_open_dev$evdev(&(0x7f0000000100)='/dev/input/event#\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$EVIOCGSW(r0, 0x8040451b, &(0x7f0000000140)=""/35) 03:44:00 executing program 1: r0 = syz_open_dev$evdev(&(0x7f00000009c0)='/dev/input/event#\x00', 0x0, 0x0) ioctl$EVIOCSMASK(r0, 0x40104593, &(0x7f0000000080)={0x0, 0x0, 0x0}) ioctl$EVIOCGMASK(r0, 0x80104592, &(0x7f0000000000)={0x0, 0xfd1b, &(0x7f00000000c0)}) 03:44:00 executing program 4: r0 = syz_open_dev$evdev(&(0x7f00000009c0)='/dev/input/event#\x00', 0x0, 0x0) ioctl$EVIOCSMASK(r0, 0x40104593, &(0x7f00000000c0)={0x0, 0x0, 0x0}) 03:44:00 executing program 2: r0 = creat(0x0, 0x0) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, 0x0, 0x0) r1 = creat(0x0, 0x0) fallocate(r1, 0x0, 0x0, 0x0) ioctl$FS_IOC_FIEMAP(r1, 0xc020660b, &(0x7f0000000080)=ANY=[@ANYBLOB="40da2304f4a6eae0acfbfa8739141714a7395e63cf6400d56df9b73525f0341aa9e8e6bb46d5a380c1936f050000"]) recvmsg(r1, &(0x7f00000004c0)={&(0x7f0000000200)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0x80, &(0x7f0000000480)=[{&(0x7f00000010c0)=""/4096, 0x1000}, {&(0x7f0000000340)}], 0x2, &(0x7f0000000580)=""/190, 0xbe}, 0x60) bind$unix(r0, &(0x7f0000000640)=@abs={0x1, 0x0, 0x4e21}, 0x6e) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000001080)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setxattr$security_smack_transmute(0x0, &(0x7f00000003c0)='security.SMACK64TRANSMUTE\x00', &(0x7f0000000400)='TRUE', 0x4, 0x3) close(0xffffffffffffffff) ioctl$TCSETSW(0xffffffffffffffff, 0x5403, 0x0) sched_setaffinity(0x0, 0x7, &(0x7f00000000c0)=0x9) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$bt_BT_CHANNEL_POLICY(0xffffffffffffffff, 0x112, 0xa, 0x0, 0x0) getpid() ioctl$KVM_ASSIGN_DEV_IRQ(r1, 0x4040ae70, &(0x7f0000000000)={0x24, 0x0, 0x3, 0x4}) r2 = creat(&(0x7f0000000280)='./file0\x00', 0x0) getpeername$inet(r2, &(0x7f0000000100)={0x2, 0x0, @remote}, &(0x7f0000000180)=0x10) fallocate(r2, 0x0, 0x0, 0x8200003) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c90", 0x3}], 0x0, 0x0) open(0x0, 0x0, 0x0) fchdir(0xffffffffffffffff) 03:44:00 executing program 0: clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x1) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x20000000}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 03:44:00 executing program 3: r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$packet_buf(0xffffffffffffffff, 0x107, 0x0, &(0x7f0000000080)="df6c51c7bf5f8a4d8643869e4ccb891cdfcdf8426b0192fdaceef8985d539aa3ca359c284afc17", 0x27) ioctl$sock_inet_SIOCSIFBRDADDR(0xffffffffffffffff, 0x891a, &(0x7f00000000c0)={'ip6_vth0\x00', {0x2, 0x0, @multicast2}}) setsockopt$inet6_buf(r0, 0x29, 0x80000000000040, &(0x7f0000000080), 0x0) 03:44:00 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) pipe(0x0) write$binfmt_misc(r0, 0x0, 0x0) sendmsg$TIPC_CMD_SHOW_NAME_TABLE(0xffffffffffffffff, 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$EXT4_IOC_MIGRATE(0xffffffffffffffff, 0x6609) r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f0000000300)={{0x3000, 0x2001, 0xe, 0x5, 0x9, 0x6, 0x2, 0x5, 0x4000, 0x8, 0x1ff}, {0x6005, 0x0, 0x0, 0x9, 0x7fffffff, 0x40, 0x40, 0xeef, 0x5, 0xd5, 0x9, 0x4}, {0x2, 0x103000, 0xf, 0x5, 0x4, 0x200, 0x80, 0x3584f303, 0x5, 0x0, 0xf7, 0x2}, {0x0, 0xf001, 0x0, 0x3a, 0x9, 0x7, 0x0, 0x0, 0x8000, 0x7, 0x0, 0x1f}, {0x4000, 0x6000, 0x1f, 0x911c, 0x0, 0x9, 0x6, 0x80000001, 0x3, 0x101, 0xa47, 0x3}, {0x2000, 0x107000, 0x18, 0xfffffffffffffffb, 0x2d, 0x0, 0x6, 0x5, 0x0, 0x8000, 0x914, 0x7}, {0x0, 0xd000, 0xc, 0x800, 0x34, 0x0, 0x7fff, 0x6, 0x2, 0x1f, 0x80, 0x340d1866}, {0x4, 0x0, 0x3, 0x4, 0x0, 0x5, 0x100000001, 0xa2, 0x8000, 0x4, 0x1, 0x1}, {0x10000}, {0x1, 0x2}, 0x10000, 0x0, 0x6000, 0x120, 0xa, 0x0, 0x5004, [0x3f, 0x10000, 0xffffffff, 0x6ee0600d]}) r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_CLOCK(r2, 0x4030ae7b, &(0x7f0000000080)={0x0, 0x1000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f0000000140)="66b9810000400f322ed30cbad104ec660f38df2b0fe21526660ff85e503ede1b0f20c06635000000800f22c0b800088ec00fae470b", 0x35}], 0x1, 0x51, &(0x7f00000001c0), 0x0) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) openat$rfkill(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/rfkill\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) shmget(0xffffffffffffffff, 0x1000, 0x0, &(0x7f0000ffe000/0x1000)=nil) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_GET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee2, &(0x7f0000000100)={0x0, 0x5, 0x17a, &(0x7f00000000c0)=0x7fff}) getresuid(&(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000080)) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x40, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shutdown(r0, 0x0) 03:44:00 executing program 4: creat(0x0, 0x0) r0 = creat(0x0, 0x0) fallocate(r0, 0x0, 0x0, 0x0) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000080)=ANY=[@ANYBLOB="40da2304f4a6eae0acfbfa8739141714a7395e63cf6400d56d"]) recvmsg(r0, 0x0, 0x60) bind$unix(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setxattr$security_smack_transmute(0x0, 0x0, &(0x7f0000000400)='TRUE', 0x4, 0x3) close(0xffffffffffffffff) ioctl$TCSETSW(0xffffffffffffffff, 0x5403, 0x0) sched_setaffinity(0x0, 0x7, &(0x7f00000000c0)=0x9) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$bt_BT_CHANNEL_POLICY(0xffffffffffffffff, 0x112, 0xa, 0x0, 0x0) getpid() ioctl$KVM_ASSIGN_DEV_IRQ(r0, 0x4040ae70, &(0x7f0000000000)={0x24, 0x5, 0x3}) r1 = creat(&(0x7f0000000280)='./file0\x00', 0x0) getpeername$inet(r1, 0x0, &(0x7f0000000180)) fallocate(r1, 0x0, 0x0, 0x8200003) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', 0x0, 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)}], 0x0, 0x0) open(0x0, 0x0, 0x0) fchdir(0xffffffffffffffff) 03:44:00 executing program 3: clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$packet_buf(0xffffffffffffffff, 0x107, 0x0, &(0x7f0000000080)="df6c51c7bf5f8a4d8643869e4ccb891cdfcdf8426b0192fdaceef8985d539aa3ca359c284afc17", 0x27) ioctl$sock_inet_SIOCSIFBRDADDR(0xffffffffffffffff, 0x891a, &(0x7f00000000c0)={'ip6_vth0\x00', {0x2, 0x0, @multicast2}}) setsockopt$inet6_buf(r0, 0x29, 0x80000000000040, &(0x7f0000000080), 0x0) 03:44:00 executing program 5: socket$inet_sctp(0x2, 0x5, 0x84) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f00000003c0)=ANY=[@ANYBLOB], 0x0) r1 = socket(0xa, 0x3, 0x5) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'bridge0\x00\x00\x01\x00'}) setsockopt$ARPT_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x0, 0x61, &(0x7f0000000080)={'filter\x00', 0x4}, 0x68) setsockopt$inet6_mtu(r1, 0x29, 0x17, &(0x7f00000001c0)=0x2, 0x4) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8923, &(0x7f0000000040)={'bridge0\x00', 0xfffffffffffffffd}) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) socket$inet(0x2, 0x4000000000000001, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCBRADDBR(r4, 0x89a0, &(0x7f00000000c0)='bcsf0\x00') setsockopt$inet6_mtu(r3, 0x29, 0x17, &(0x7f00000002c0)=0x7, 0x4) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(tnepres)\x00'}, 0x58) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r2, 0x84, 0x7c, &(0x7f0000000680)={0x0, 0x4}, &(0x7f00000006c0)=0x8) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f0000000700)={0x0, 0x0, 0x2, 0x1, r6}, 0x10) r7 = accept4(r5, 0x0, &(0x7f0000000000), 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000100), 0x0) r8 = syz_genetlink_get_family_id$nbd(&(0x7f0000000740)='nbd\x00') sendmsg$NBD_CMD_STATUS(r4, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)={0x20, r8, 0x20, 0x70bd27, 0x25dfdbfd, {}, [@NBD_ATTR_TIMEOUT={0xc, 0x4, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x4000) sendto$unix(r7, &(0x7f0000000400), 0xfffffffffffffef8, 0x0, 0x0, 0x22) bind$bt_l2cap(r2, &(0x7f0000000280)={0x1f, 0x1000, {0x2, 0x8, 0x9, 0xff, 0x40, 0x65f}, 0x5, 0xa1}, 0xe) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000200)={r3, &(0x7f0000000140)="b127e17bb4729bdbe9df3309c28cfe1b0b69a52b7f9659d9f5e15f2d086700eb94d66d46780f09e48850970774d57053aa6f75", 0x0, 0x1}, 0x20) socket$alg(0x26, 0x5, 0x0) recvmmsg(r7, &(0x7f0000009140)=[{{&(0x7f0000001580)=@in={0x2, 0x0, @dev}, 0x80, &(0x7f0000004840)=[{&(0x7f0000003840)=""/4096, 0x6}, {&(0x7f0000001600)=""/129, 0x7fffeffa}], 0x2, &(0x7f00000048c0)=""/58, 0x3a}}], 0x1, 0x0, &(0x7f0000009340)={0x0, 0x989680}) ioctl$sock_SIOCBRDELBR(r4, 0x89a1, &(0x7f0000000180)='bcsf0\x00\x00\x00\x00\x00\x00\x00\x11\x00') getsockopt$bt_rfcomm_RFCOMM_LM(r3, 0x12, 0x3, &(0x7f0000000380), &(0x7f0000000240)=0x293) sendmsg$nl_xfrm(r0, &(0x7f0000000100)={&(0x7f0000f4dff4), 0xc, &(0x7f0000000040)={&(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000c011100"], 0x1}}, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000600)={'bridge0\x00'}) 03:44:00 executing program 2: r0 = creat(0x0, 0x0) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, 0x0, 0x0) r1 = creat(0x0, 0x0) fallocate(r1, 0x0, 0x0, 0x0) ioctl$FS_IOC_FIEMAP(r1, 0xc020660b, &(0x7f0000000080)=ANY=[@ANYBLOB="40da2304f4a6eae0acfbfa8739141714a7395e63cf6400d56df9b73525f0341aa9e8e6bb46d5a380c1936f050000"]) recvmsg(r1, &(0x7f00000004c0)={&(0x7f0000000200)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0x80, &(0x7f0000000480)=[{&(0x7f00000010c0)=""/4096, 0x1000}, {&(0x7f0000000340)}], 0x2, &(0x7f0000000580)=""/190, 0xbe}, 0x60) bind$unix(r0, &(0x7f0000000640)=@abs={0x1, 0x0, 0x4e21}, 0x6e) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000001080)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setxattr$security_smack_transmute(0x0, &(0x7f00000003c0)='security.SMACK64TRANSMUTE\x00', &(0x7f0000000400)='TRUE', 0x4, 0x3) close(0xffffffffffffffff) ioctl$TCSETSW(0xffffffffffffffff, 0x5403, 0x0) sched_setaffinity(0x0, 0x7, &(0x7f00000000c0)=0x9) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$bt_BT_CHANNEL_POLICY(0xffffffffffffffff, 0x112, 0xa, 0x0, 0x0) getpid() ioctl$KVM_ASSIGN_DEV_IRQ(r1, 0x4040ae70, &(0x7f0000000000)={0x24, 0x0, 0x3, 0x4}) r2 = creat(&(0x7f0000000280)='./file0\x00', 0x0) getpeername$inet(r2, &(0x7f0000000100)={0x2, 0x0, @remote}, &(0x7f0000000180)=0x10) fallocate(r2, 0x0, 0x0, 0x8200003) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c90", 0x3}], 0x0, 0x0) open(0x0, 0x0, 0x0) fchdir(0xffffffffffffffff) 03:44:00 executing program 3: clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$packet_buf(0xffffffffffffffff, 0x107, 0x0, &(0x7f0000000080)="df6c51c7bf5f8a4d8643869e4ccb891cdfcdf8426b0192fdaceef8985d539aa3ca359c284afc17", 0x27) ioctl$sock_inet_SIOCSIFBRDADDR(0xffffffffffffffff, 0x891a, &(0x7f00000000c0)={'ip6_vth0\x00', {0x2, 0x0, @multicast2}}) setsockopt$inet6_buf(r0, 0x29, 0x80000000000040, &(0x7f0000000080), 0x0) 03:44:00 executing program 1: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) setsockopt$bt_BT_FLUSHABLE(r0, 0x112, 0x8, &(0x7f0000003a80), 0x4) 03:44:00 executing program 4: mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) read$FUSE(r0, &(0x7f0000000480), 0x1000) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0) write$FUSE_INTERRUPT(r0, &(0x7f00000000c0)={0x10, 0x0, 0x1}, 0x10) 03:44:01 executing program 4: ioctl(0xffffffffffffffff, 0x0, 0x0) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpgrp(0x0) r1 = gettid() rt_sigprocmask(0x0, &(0x7f0000000100)={0xffffffffffffff7c}, 0x0, 0x8) rt_tgsigqueueinfo(r0, r1, 0x11, &(0x7f0000000000)) rt_sigsuspend(&(0x7f0000000080), 0x8) 03:44:01 executing program 1: syslog(0x4, &(0x7f0000000000)=""/210, 0xd2) [ 1335.680687][ C1] net_ratelimit: 14 callbacks suppressed [ 1335.680693][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1335.692166][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1335.697941][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1335.703750][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1335.709524][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1335.715335][ C1] protocol 88fb is buggy, dev hsr_slave_1 03:44:03 executing program 0: clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x1) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x20000000}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 03:44:03 executing program 4: r0 = socket$inet6(0xa, 0x3, 0x100000400000003a) setsockopt$inet6_opts(r0, 0x29, 0x36, &(0x7f0000000240)=@fragment, 0x338) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @mcast2, 0x4}, 0x1c) write$binfmt_misc(r0, &(0x7f0000000280)=ANY=[@ANYBLOB="838bae96c70d65ffe78869cb3156a88b97729171894c4774"], 0x18) 03:44:03 executing program 3: clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$packet_buf(0xffffffffffffffff, 0x107, 0x0, &(0x7f0000000080)="df6c51c7bf5f8a4d8643869e4ccb891cdfcdf8426b0192fdaceef8985d539aa3ca359c284afc17", 0x27) ioctl$sock_inet_SIOCSIFBRDADDR(0xffffffffffffffff, 0x891a, &(0x7f00000000c0)={'ip6_vth0\x00', {0x2, 0x0, @multicast2}}) setsockopt$inet6_buf(r0, 0x29, 0x80000000000040, &(0x7f0000000080), 0x0) 03:44:03 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'sha224-generic\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000001bc0), 0xfe, 0x0, &(0x7f0000001d00)={0x77359400}) 03:44:03 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) r1 = syz_open_pts(r0, 0x0) ioctl$TCSETSF(r1, 0x5437, 0x0) close(r0) 03:44:03 executing program 5: socket$inet_sctp(0x2, 0x5, 0x84) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f00000003c0)=ANY=[@ANYBLOB="7cdaf117ad949c33f5436f8e61287af40e63e6559df00e1c92e3892c4c1cde1e61dc"], 0x0) r1 = socket(0xa, 0x3, 0x5) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'bridge0\x00\x00\x01\x00'}) setsockopt$ARPT_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x0, 0x61, &(0x7f0000000080)={'filter\x00', 0x4}, 0x68) setsockopt$inet6_mtu(r1, 0x29, 0x17, &(0x7f00000001c0)=0x2, 0x4) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8923, &(0x7f0000000040)={'bridge0\x00', 0xfffffffffffffffd}) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) socket$inet(0x2, 0x4000000000000001, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCBRADDBR(r4, 0x89a0, &(0x7f00000000c0)='bcsf0\x00') setsockopt$inet6_mtu(r3, 0x29, 0x17, &(0x7f00000002c0)=0x7, 0x4) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(tnepres)\x00'}, 0x58) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r2, 0x84, 0x7c, &(0x7f0000000680)={0x0, 0x4}, &(0x7f00000006c0)=0x8) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f0000000700)={0x0, 0x0, 0x2, 0x1, r6}, 0x10) r7 = accept4(r5, 0x0, &(0x7f0000000000), 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000100), 0x0) r8 = syz_genetlink_get_family_id$nbd(&(0x7f0000000740)='nbd\x00') sendmsg$NBD_CMD_STATUS(r4, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)={0x20, r8, 0x20, 0x70bd27, 0x25dfdbfd, {}, [@NBD_ATTR_TIMEOUT={0xc, 0x4, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x4000) sendto$unix(r7, &(0x7f0000000400), 0xfffffffffffffef8, 0x0, 0x0, 0x22) bind$bt_l2cap(r2, &(0x7f0000000280)={0x1f, 0x1000, {0x2, 0x8, 0x9, 0xff, 0x40, 0x65f}, 0x5, 0xa1}, 0xe) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000200)={r3, &(0x7f0000000140)="b127e17bb4729bdbe9df3309c28cfe1b0b69a52b7f9659d9f5e15f2d086700eb94d66d46780f09e48850970774d57053aa6f75", 0x0, 0x1}, 0x20) socket$alg(0x26, 0x5, 0x0) recvmmsg(r7, &(0x7f0000009140)=[{{&(0x7f0000001580)=@in={0x2, 0x0, @dev}, 0x80, &(0x7f0000004840)=[{&(0x7f0000003840)=""/4096, 0x6}, {&(0x7f0000001600)=""/129, 0x7fffeffa}], 0x2, &(0x7f00000048c0)=""/58, 0x3a}}], 0x1, 0x0, &(0x7f0000009340)={0x0, 0x989680}) ioctl$sock_SIOCBRDELBR(r4, 0x89a1, &(0x7f0000000180)='bcsf0\x00\x00\x00\x00\x00\x00\x00\x11\x00') getsockopt$bt_rfcomm_RFCOMM_LM(r3, 0x12, 0x3, &(0x7f0000000380), &(0x7f0000000240)=0x293) sendmsg$nl_xfrm(r0, &(0x7f0000000100)={&(0x7f0000f4dff4), 0xc, &(0x7f0000000040)={&(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000c011100"], 0x1}}, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000600)={'bridge0\x00'}) [ 1336.880665][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1336.886482][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1336.960632][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1336.966532][ C0] protocol 88fb is buggy, dev hsr_slave_1 03:44:03 executing program 0: clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x1) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x20000000, 0xd0}) ptrace$setregs(0xffffffffffffffff, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 03:44:03 executing program 2: sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x5) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f00000004c0)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 03:44:03 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$vfat(&(0x7f0000000180)='vfat\x00', &(0x7f00000000c0)='./file0\x00', 0x100000000000e001, 0x1, &(0x7f0000000100)=[{&(0x7f0000000140)="f264c86d4f66732e66847400100441006300077021f0", 0x16}], 0x0, 0x0) 03:44:03 executing program 2: 03:44:03 executing program 3: clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6(0xa, 0x0, 0x0) setsockopt$packet_buf(0xffffffffffffffff, 0x107, 0x0, &(0x7f0000000080)="df6c51c7bf5f8a4d8643869e4ccb891cdfcdf8426b0192fdaceef8985d539aa3ca359c284afc17", 0x27) ioctl$sock_inet_SIOCSIFBRDADDR(0xffffffffffffffff, 0x891a, &(0x7f00000000c0)={'ip6_vth0\x00', {0x2, 0x0, @multicast2}}) setsockopt$inet6_buf(r0, 0x29, 0x80000000000040, &(0x7f0000000080), 0x0) 03:44:03 executing program 3: clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6(0xa, 0x0, 0x0) setsockopt$packet_buf(0xffffffffffffffff, 0x107, 0x0, &(0x7f0000000080)="df6c51c7bf5f8a4d8643869e4ccb891cdfcdf8426b0192fdaceef8985d539aa3ca359c284afc17", 0x27) ioctl$sock_inet_SIOCSIFBRDADDR(0xffffffffffffffff, 0x891a, &(0x7f00000000c0)={'ip6_vth0\x00', {0x2, 0x0, @multicast2}}) setsockopt$inet6_buf(r0, 0x29, 0x80000000000040, &(0x7f0000000080), 0x0) 03:44:03 executing program 4: 03:44:03 executing program 1: 03:44:03 executing program 2: 03:44:03 executing program 4: 03:44:03 executing program 3: clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6(0xa, 0x0, 0x0) setsockopt$packet_buf(0xffffffffffffffff, 0x107, 0x0, &(0x7f0000000080)="df6c51c7bf5f8a4d8643869e4ccb891cdfcdf8426b0192fdaceef8985d539aa3ca359c284afc17", 0x27) ioctl$sock_inet_SIOCSIFBRDADDR(0xffffffffffffffff, 0x891a, &(0x7f00000000c0)={'ip6_vth0\x00', {0x2, 0x0, @multicast2}}) setsockopt$inet6_buf(r0, 0x29, 0x80000000000040, &(0x7f0000000080), 0x0) 03:44:04 executing program 5: socket$inet_sctp(0x2, 0x5, 0x84) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f00000003c0)=ANY=[@ANYBLOB="7cdaf117ad949c33f5436f8e61287af40e63e6559df00e1c92e3892c4c1cde1e61dc"], 0x0) r1 = socket(0xa, 0x3, 0x5) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'bridge0\x00\x00\x01\x00'}) setsockopt$ARPT_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x0, 0x61, &(0x7f0000000080)={'filter\x00', 0x4}, 0x68) setsockopt$inet6_mtu(r1, 0x29, 0x17, &(0x7f00000001c0)=0x2, 0x4) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8923, &(0x7f0000000040)={'bridge0\x00', 0xfffffffffffffffd}) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) socket$inet(0x2, 0x4000000000000001, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCBRADDBR(r4, 0x89a0, &(0x7f00000000c0)='bcsf0\x00') setsockopt$inet6_mtu(r3, 0x29, 0x17, &(0x7f00000002c0)=0x7, 0x4) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(tnepres)\x00'}, 0x58) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r2, 0x84, 0x7c, &(0x7f0000000680)={0x0, 0x4}, &(0x7f00000006c0)=0x8) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f0000000700)={0x0, 0x0, 0x2, 0x1, r6}, 0x10) r7 = accept4(r5, 0x0, &(0x7f0000000000), 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000100), 0x0) r8 = syz_genetlink_get_family_id$nbd(&(0x7f0000000740)='nbd\x00') sendmsg$NBD_CMD_STATUS(r4, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)={0x20, r8, 0x20, 0x70bd27, 0x25dfdbfd, {}, [@NBD_ATTR_TIMEOUT={0xc, 0x4, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x4000) sendto$unix(r7, &(0x7f0000000400), 0xfffffffffffffef8, 0x0, 0x0, 0x22) bind$bt_l2cap(r2, &(0x7f0000000280)={0x1f, 0x1000, {0x2, 0x8, 0x9, 0xff, 0x40, 0x65f}, 0x5, 0xa1}, 0xe) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000200)={r3, &(0x7f0000000140)="b127e17bb4729bdbe9df3309c28cfe1b0b69a52b7f9659d9f5e15f2d086700eb94d66d46780f09e48850970774d57053aa6f75", 0x0, 0x1}, 0x20) socket$alg(0x26, 0x5, 0x0) recvmmsg(r7, &(0x7f0000009140)=[{{&(0x7f0000001580)=@in={0x2, 0x0, @dev}, 0x80, &(0x7f0000004840)=[{&(0x7f0000003840)=""/4096, 0x6}, {&(0x7f0000001600)=""/129, 0x7fffeffa}], 0x2, &(0x7f00000048c0)=""/58, 0x3a}}], 0x1, 0x0, &(0x7f0000009340)={0x0, 0x989680}) ioctl$sock_SIOCBRDELBR(r4, 0x89a1, &(0x7f0000000180)='bcsf0\x00\x00\x00\x00\x00\x00\x00\x11\x00') getsockopt$bt_rfcomm_RFCOMM_LM(r3, 0x12, 0x3, &(0x7f0000000380), &(0x7f0000000240)=0x293) sendmsg$nl_xfrm(r0, &(0x7f0000000100)={&(0x7f0000f4dff4), 0xc, &(0x7f0000000040)={&(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000c011100"], 0x1}}, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000600)={'bridge0\x00'}) 03:44:06 executing program 0: clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x1) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x20000000, 0xd0}) ptrace$setregs(0xffffffffffffffff, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 03:44:06 executing program 1: 03:44:06 executing program 3: clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$packet_buf(0xffffffffffffffff, 0x107, 0x0, 0x0, 0x0) ioctl$sock_inet_SIOCSIFBRDADDR(0xffffffffffffffff, 0x891a, &(0x7f00000000c0)={'ip6_vth0\x00', {0x2, 0x0, @multicast2}}) setsockopt$inet6_buf(r0, 0x29, 0x80000000000040, &(0x7f0000000080), 0x0) 03:44:06 executing program 2: 03:44:06 executing program 4: 03:44:06 executing program 5: socket$inet_sctp(0x2, 0x5, 0x84) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f00000003c0)=ANY=[@ANYBLOB="7cdaf117ad949c33f5436f8e61287af40e63e6559df00e1c92e3892c4c1cde1e61dc"], 0x0) r1 = socket(0xa, 0x3, 0x5) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'bridge0\x00\x00\x01\x00'}) setsockopt$ARPT_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x0, 0x61, &(0x7f0000000080)={'filter\x00', 0x4}, 0x68) setsockopt$inet6_mtu(r1, 0x29, 0x17, &(0x7f00000001c0)=0x2, 0x4) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8923, &(0x7f0000000040)={'bridge0\x00', 0xfffffffffffffffd}) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) socket$inet(0x2, 0x4000000000000001, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCBRADDBR(r4, 0x89a0, &(0x7f00000000c0)='bcsf0\x00') setsockopt$inet6_mtu(r3, 0x29, 0x17, &(0x7f00000002c0)=0x7, 0x4) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(tnepres)\x00'}, 0x58) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r2, 0x84, 0x7c, &(0x7f0000000680)={0x0, 0x4}, &(0x7f00000006c0)=0x8) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f0000000700)={0x0, 0x0, 0x2, 0x1, r6}, 0x10) r7 = accept4(r5, 0x0, &(0x7f0000000000), 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000100), 0x0) r8 = syz_genetlink_get_family_id$nbd(&(0x7f0000000740)='nbd\x00') sendmsg$NBD_CMD_STATUS(r4, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)={0x20, r8, 0x20, 0x70bd27, 0x25dfdbfd, {}, [@NBD_ATTR_TIMEOUT={0xc, 0x4, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x4000) sendto$unix(r7, &(0x7f0000000400), 0xfffffffffffffef8, 0x0, 0x0, 0x22) bind$bt_l2cap(r2, &(0x7f0000000280)={0x1f, 0x1000, {0x2, 0x8, 0x9, 0xff, 0x40, 0x65f}, 0x5, 0xa1}, 0xe) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000200)={r3, &(0x7f0000000140)="b127e17bb4729bdbe9df3309c28cfe1b0b69a52b7f9659d9f5e15f2d086700eb94d66d46780f09e48850970774d57053aa6f75", 0x0, 0x1}, 0x20) socket$alg(0x26, 0x5, 0x0) recvmmsg(r7, &(0x7f0000009140)=[{{&(0x7f0000001580)=@in={0x2, 0x0, @dev}, 0x80, &(0x7f0000004840)=[{&(0x7f0000003840)=""/4096, 0x6}, {&(0x7f0000001600)=""/129, 0x7fffeffa}], 0x2, &(0x7f00000048c0)=""/58, 0x3a}}], 0x1, 0x0, &(0x7f0000009340)={0x0, 0x989680}) ioctl$sock_SIOCBRDELBR(r4, 0x89a1, &(0x7f0000000180)='bcsf0\x00\x00\x00\x00\x00\x00\x00\x11\x00') getsockopt$bt_rfcomm_RFCOMM_LM(r3, 0x12, 0x3, &(0x7f0000000380), &(0x7f0000000240)=0x293) sendmsg$nl_xfrm(r0, &(0x7f0000000100)={&(0x7f0000f4dff4), 0xc, &(0x7f0000000040)={&(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000c011100"], 0x1}}, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000600)={'bridge0\x00'}) 03:44:06 executing program 3: clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$packet_buf(0xffffffffffffffff, 0x107, 0x0, 0x0, 0x0) ioctl$sock_inet_SIOCSIFBRDADDR(0xffffffffffffffff, 0x891a, &(0x7f00000000c0)={'ip6_vth0\x00', {0x2, 0x0, @multicast2}}) setsockopt$inet6_buf(r0, 0x29, 0x80000000000040, &(0x7f0000000080), 0x0) 03:44:06 executing program 4: 03:44:06 executing program 2: 03:44:06 executing program 1: 03:44:06 executing program 3: clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$packet_buf(0xffffffffffffffff, 0x107, 0x0, 0x0, 0x0) ioctl$sock_inet_SIOCSIFBRDADDR(0xffffffffffffffff, 0x891a, &(0x7f00000000c0)={'ip6_vth0\x00', {0x2, 0x0, @multicast2}}) setsockopt$inet6_buf(r0, 0x29, 0x80000000000040, &(0x7f0000000080), 0x0) 03:44:06 executing program 0: clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x1) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x20000000, 0xd0}) ptrace$setregs(0xffffffffffffffff, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 03:44:06 executing program 4: 03:44:06 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCFLSH(r0, 0x5406, 0x71dffd) 03:44:06 executing program 2: r0 = socket$kcm(0x2, 0x2, 0x84) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8914, &(0x7f0000000600)='.\x00') bpf$BPF_BTF_LOAD(0x12, &(0x7f00000006c0)={&(0x7f00000017c0)=ANY=[@ANYBLOB="9feb01101800000000000000f00000000801000000000000e492a0443f6ff6190f563fef2c03fa46e0e18763d9190d115cde67f6a8f22b3189b846aa778dfd24c2868adbc772b4b44dc88e02b30eab2c5fac33034a178a7b2c74cfed0bd0f69653a35b8cc3be3be8c6d8a8788a8ae9c794bebb643bdaa69a378aa55576fd23021e05ca6fad37cdea57c7f8e96f7effe3f45d71d77f1829122b8b1fedf28228d417ef3eef4efc47e084fe8768aed5e79131a6969855274b88da50404328279445870358353e8614c07ce21e6b92691afe190267c75cc9321ed28c675632ac95b268c7e14c40a9491f6de5a0000097e9435c2f98c9872224a0dc87591a535e168c010aa7bd9763e3d2d09b2960e52477710c0cb44f3847209ece4b66d31b178741a94aa64532a7bfcb66f00dde9f4fa0ab77008154d95d284fb2b389ee9081645fbe42cdf918251b0b4ad7de46cb9f3e371e15a4d7f45775a4fbe20bbbc6ccf7cfc8a43c210fa802048e5aeda38dbf1c9b602aea8a9bdc516d666cd41815b0b9ece63ddb87ce28af9e45dd3844d4270e6853ec591e76764c83bf89a44ec45efda77fce17784d6a3c2c9906000000000000000000000000"], 0x0, 0x1b6, 0x0, 0xfffffffffffffffa}, 0x20) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x89e2, &(0x7f0000000200)={r0}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$kcm(0x2, 0x200000000000001, 0x0) sendmsg(r2, &(0x7f0000000080)={&(0x7f0000000000)=@in={0x2, 0x0, @loopback}, 0x80, 0x0}, 0x20000000) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000b7a000)={0x1, 0x3, &(0x7f0000346fc8)=@framed, &(0x7f0000f6bffb)='GPL\x00', 0x1, 0x3b4, &(0x7f00000001c0)=""/251}, 0x48) r4 = socket$kcm(0x29, 0x2, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(r4, 0x89e0, &(0x7f0000000180)={r2, r3}) close(r4) r5 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x9) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)='./cgroup.net/syz1\x00', 0x200002, 0x0) r6 = getpid() bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000780)={r6, 0xffffffffffffffff, 0x0, 0x3, &(0x7f0000000700)='#&\x00', 0x0}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x18, &(0x7f0000000140)='vboxnet0wlan0-vboxnet0$\x00', r7}, 0x30) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, &(0x7f0000000440)=ANY=[]) close(r5) r9 = perf_event_open(&(0x7f00000002c0)={0x0, 0x70, 0x6, 0xfffffffffffffff7, 0x101, 0x34, 0x0, 0x1, 0x1e006, 0x0, 0x9, 0x101, 0x0, 0x7fff, 0x8001, 0x843a, 0x8, 0x8001, 0x1000, 0x9, 0x7, 0x81, 0x76, 0x6, 0x800000000004, 0xca93, 0x800, 0xffffffffffffffff, 0x5f, 0x8001, 0x6, 0x10000, 0x1ff, 0x6, 0xffffffffffffff00, 0x1, 0x7d8, 0xffffffffffffeff7, 0x0, 0x8, 0x0, @perf_config_ext={0x0, 0x10001}, 0x0, 0x1, 0x9b1, 0x7, 0x100000001, 0xa, 0x7}, r8, 0xb, r5, 0x8) socket$kcm(0x2, 0x802, 0x0) socketpair(0x1b, 0x8080e, 0x3, &(0x7f0000000080)) openat$tun(0xffffffffffffff9c, &(0x7f0000000580)='/dev/net/tun\x00', 0x20000, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000640)='/dev/net/tun\x00', 0x20000, 0x0) perf_event_open(&(0x7f00000004c0)={0x5, 0x70, 0x80000001, 0xffffffffffffffc0, 0x1, 0x8, 0x0, 0x7, 0x10000, 0x9, 0x9, 0x885d, 0x8, 0xea1, 0x12, 0x15, 0x1000000000000, 0x5, 0x2, 0x0, 0x8000, 0x0, 0x2, 0x81, 0xfffffffffffffff7, 0x1705, 0x6, 0x2, 0x81, 0x0, 0x2, 0xbf, 0x9, 0xffffffff, 0x400, 0x800, 0x4, 0x28, 0x0, 0xff, 0x1, @perf_bp={&(0x7f0000000480), 0x8}, 0x0, 0x3, 0x800, 0x3, 0x10001, 0x8000, 0x43}, r8, 0xb, r9, 0xa) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000740)='./cgroup/syz0\x00', 0x200002, 0x0) 03:44:06 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000380)=@nat={'nat\x00', 0x19, 0x1, 0x168, [0x20000140, 0x0, 0x0, 0x20000170, 0x200001a0], 0x0, 0x0, &(0x7f0000000140)=[{0x0, '\x00', 0x0, 0xffffffffffffffff}, {0x0, '\x00', 0x0, 0xfffffffffffffffe}, {0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x13, 0x0, 0x0, 'syzkaller1\x00', 'yam0\x00', 'bcsf0\x00', 'erspan0\x00', @local, [], @remote, [], 0xa0, 0xa0, 0xd8, [@cgroup0={'cgroup\x00', 0x8}]}}, @snat={'snat\x00', 0x10, {{@remote}}}}]}]}, 0x1e0) 03:44:06 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) [ 1340.475348][ T9992] x_tables: eb_tables: cgroup match: used from hooks POSTROUTING, but only valid from INPUT/OUTPUT/POSTROUTING 03:44:07 executing program 5: socket$inet_sctp(0x2, 0x5, 0x84) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f00000003c0)=ANY=[@ANYBLOB="7cdaf117ad949c33f5436f8e61287af40e63e6559df00e1c92e3892c4c1cde1e61dc755864675bb0084e5e8ed007ed531d2e2c"], 0x0) r1 = socket(0xa, 0x3, 0x5) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'bridge0\x00\x00\x01\x00'}) setsockopt$ARPT_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x0, 0x61, &(0x7f0000000080)={'filter\x00', 0x4}, 0x68) setsockopt$inet6_mtu(r1, 0x29, 0x17, &(0x7f00000001c0)=0x2, 0x4) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8923, &(0x7f0000000040)={'bridge0\x00', 0xfffffffffffffffd}) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) socket$inet(0x2, 0x4000000000000001, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCBRADDBR(r4, 0x89a0, &(0x7f00000000c0)='bcsf0\x00') setsockopt$inet6_mtu(r3, 0x29, 0x17, &(0x7f00000002c0)=0x7, 0x4) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(tnepres)\x00'}, 0x58) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r2, 0x84, 0x7c, &(0x7f0000000680)={0x0, 0x4}, &(0x7f00000006c0)=0x8) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f0000000700)={0x0, 0x0, 0x2, 0x1, r6}, 0x10) r7 = accept4(r5, 0x0, &(0x7f0000000000), 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000100), 0x0) r8 = syz_genetlink_get_family_id$nbd(&(0x7f0000000740)='nbd\x00') sendmsg$NBD_CMD_STATUS(r4, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)={0x20, r8, 0x20, 0x70bd27, 0x25dfdbfd, {}, [@NBD_ATTR_TIMEOUT={0xc, 0x4, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x4000) sendto$unix(r7, &(0x7f0000000400), 0xfffffffffffffef8, 0x0, 0x0, 0x22) bind$bt_l2cap(r2, &(0x7f0000000280)={0x1f, 0x1000, {0x2, 0x8, 0x9, 0xff, 0x40, 0x65f}, 0x5, 0xa1}, 0xe) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000200)={r3, &(0x7f0000000140)="b127e17bb4729bdbe9df3309c28cfe1b0b69a52b7f9659d9f5e15f2d086700eb94d66d46780f09e48850970774d57053aa6f75", 0x0, 0x1}, 0x20) socket$alg(0x26, 0x5, 0x0) recvmmsg(r7, &(0x7f0000009140)=[{{&(0x7f0000001580)=@in={0x2, 0x0, @dev}, 0x80, &(0x7f0000004840)=[{&(0x7f0000003840)=""/4096, 0x6}, {&(0x7f0000001600)=""/129, 0x7fffeffa}], 0x2, &(0x7f00000048c0)=""/58, 0x3a}}], 0x1, 0x0, &(0x7f0000009340)={0x0, 0x989680}) ioctl$sock_SIOCBRDELBR(r4, 0x89a1, &(0x7f0000000180)='bcsf0\x00\x00\x00\x00\x00\x00\x00\x11\x00') getsockopt$bt_rfcomm_RFCOMM_LM(r3, 0x12, 0x3, &(0x7f0000000380), &(0x7f0000000240)=0x293) sendmsg$nl_xfrm(r0, &(0x7f0000000100)={&(0x7f0000f4dff4), 0xc, &(0x7f0000000040)={&(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000c011100"], 0x1}}, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000600)={'bridge0\x00'}) 03:44:07 executing program 4: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_sys\x00', 0x0, 0x0) syz_mount_image$msdos(&(0x7f0000000180)='msdos\x00', &(0x7f0000000200)='./file0\x00', 0xe800, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) write(0xffffffffffffffff, 0x0, 0x0) sendto$rose(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = open(&(0x7f0000000800)='./file0\x00', 0x0, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f0000000340)='IPVS\x00') fchdir(r0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r1, &(0x7f0000000980)={0x8, "7c70ee3800d5ab5f2036f872e0ac57cbd592bca0d671633f50a3102066d6e765f5a64731e3fb8d90d250eda2cc33b60a7ff98074cdc3f1dd1a2df26a381d95974e0925d521c6b48c3dee0d430d398884316091aff6adb6153dc3c92549957d3488efc02d6f6fb172524b095c30c1bd35aae04236bdd42694d613eb54c0b65a338c48dc4c8bad70754fc81d9928e4a1b81f9c77075258a0805b4494867247966b24a023311fd91ef3754b98d3acde6f2ef0617f123c22fccb81c11389fdfa2e21c2365aabfc8916e02151d8643ae21cab7fcbec6142186d3bb57546c106484bc4c28a48da2b75dd82aabe99464558e60cd101f6b65856fabee614d271741a68dd550c8772f06a93cf8e5c0de549c3b75a72f8a590bd50b2af5f64009c969ed7596f0192b0f98b1afac0e8c5f4c653f611b4a71776400a9ae3f18e75f856788c97195749042510735880b9bb0ccb23210832a4f1c6f134d68f8e299837c426e0c9a45d5d2c959446cc363f370c67cd01a063c91254d692fe35abee92fabda4f66d93228c979ebe036c5c2e0028ec76562d67d0919ca28258fec0ed60603142b5c57c4cfb1ea1e892d0fd2f33970142b179c415d6bea344fbcc82d133052e848a885160737c69eb02ca9f544831c8e3ffcf40cb7b415d24795fc8aaeb8e76bec262aea5e28fe5d6495c4b5895a612b1cc2122286add66356f3ecd309f970634f1b09da1507964d35575167317f13c7fd9f11af27ceea86e9a5b3494a27ba98ba38dd1fb72ef2c6163664fd8f7c946935cd4833121f505ff277c03d959d9a12f3389e9eb6701a8b29f72c20c6abb7bd8349dd2e120bdd59dca9f1a2a877f1677b59d7920ddf29b9d94f7c6879b78e31cf1b65b60fe349ef9d4976f46609ee34e33f647aafbf64f6323d18598905f2e73af75661397595b8f9c1e9a4e993946820da5378ca5b363560e95edce316e99bac6e6250efcf1cb58fdcf94c7557c2d7f763a688543462d54b64e178c2e64c6ebba356894973051907fd8de8ba908e822168b171c1707efcd9ac827e64313721876e2ff26ac34e88557a4a0dfde08eda81cf0c1465a89b68429e48966044c767563e1121db48c9b619fd7362afd15ec6aa19b28759d7977be4fbcad0cf8dd5dc5362259bd5cb5089a9d18db969afe1192571f5fcc0c4d6be281d23b9c1f9f32873c058adfa1bf57a3718686957edfd6e4b58aa959541127696d59fb2810d042ced227961eb19a424e4cf45bc6243217bb7561b7ee11f8c0b8f39480343a26f2da5fe79d5e213c01ea47155ffa91e7d7ba0bc8ccb018bd69cfe71dd8565a645d678b404a295397e83ae69dbf8505f6947a836b44823a92861124330fccd4bc4a2e20d9047bd919d82c89623caa87eb09bd584d58f42b35ef55fddc06dfb3957f3f507e5ca9b8b98947cc5bb68846755527ddf32ffa444e1c7a5654d4d377e04a9f22e1069804fdcdb251acb6bd6b32d100feb44286991d779d2b3e2b7f5cc5f8eb3ae166a3b6fb9df11e1867989a6f9b2028e4c73b4d418b51f6e870713cadafddb47a48c9a97283da214f02db3326d42438d9a7db580693ad1887f99d86bb5fafd6d07c2647fc80c2c5a1ed9ea3b95be65ca422080ddefca5b49ccd538f6bc67390f892d9e416f7e835f76dd90edc56256348d20560caeea05c0922cab60dbf0b57ddaaed6ded5a336e01485fd571dc12050461271cee347c31ac245bfee9128630dfcc43b6d88b5ba9937a6f6ab70b7d256784ff72297cfcfd0ffacd09b55fb832bf60f04d87c48c74972b9f18fa178ce4880b025d1c1097ddb929e8f7e02f1c0e03012bec0fa61a49eb1c2a50a45fc0d98b6649de325184006938e421321e8b366649d9b6ebadf77509c9d48844e80f7752fd7daaa5c938b946feaaac0d871203270a747035c7e2f697c84e792a55cbce76c0a25360f7acbeaab60627aa9c37064af75b67f46732844eb2f6b37226004afe451a9fbfbbcf7e72ade67b017e9209b5627fbe16789abd90326751a1fd1d93efc59f2650f979ba71938d784064922bee2874c4b76d5f26e39ea0a98cf175950137feff9456c88c6a295830183fae3a9c2312c25f3d81708d73488d15a587e7e7cdde3b77917eef29c8b5965c916a65c3c5a53b7313c3115d0a8bb4e16f6b80ff6f78adb756aba94ced86047562a2cd2fb25e9a4656f6359c3f2fde8b5ab38852853cbd7221cb4d59b7f0e79bd37f9ade073f62b75edbe63c13c0d02bf076d88f5b750ea640aad47ce97d6a0783398dd3fbb63734ed969470cf45200235650532224fc28caf1e36ca6b402ec4c978add40fc59f2113485875682139f8aa9aeb48d09178de919370b0cd0ebcab5e60e1b0a2fc153db0dae8e50b48561622a677d0f1afc149676f832e016e14007fb298dcb96f11a92a1ac8bd4cc7b34d659d6cd2c9817b586585e72080255b083bc84512277ffb7f561c6a7a08cd128bfe9b525da531f0bf04f11d3de102b3538835807ac0b2f4325fc6765d02d692ec82f5b338c8257029136fcd3427c09874ecc7492becdd6608eac4adf1abc3f7e08868a72e57ce4dcfc288a25af73d19f1118a9254963c1548cdca5fc7c921a7f218f8e71edd7969dfb35beae1091d7530e32236397fa9fcd232b441ff1b0177829468c198d659d247ccca4fbd58c625501e4368075d0e5e69a6f90952f5bbe48e85a303131dedf7f1a513b291598a545784e1013521877c25d6069d3a855652a4bad5b2df2e4da2de756a20e790b756dd2925ce824561e5892b5e064c7c7b996acc4e29597e0cd00956e9c57ec374714f846be7632d3075e38bead499163498810886c78a2cc73fb64fd48e186083ce911e0751b4dc63476859c2824fa532a4b1711c244619e702eeab19380aeb7b17f67fade3dcad8ddddd893a526cd5d04d8ae982c88029ec71bdd0772fd74adbdb378fc204ca411a2d8a50331516a28552be78f9725f32d1b3a6c7bdf3277c5f7e385c7ebbacc419ec7ca3c5b8f46dbefee59b6422a6b22d60527edc012f852077d925619874f7709f283e01678fed36528003a696ee431a817f34f453c143dc56b70e1f810a5380a555cc8c4fc6522ab544ce5d715caa302ebdd0aa8286b7ef5dd6dd48a8ad9566818f7509daf02db0b98b432f57f1d107ee95a86228728cab4062e27922381e1e2ee351af5e2ea0fd6d1cea70b3b8f4a50f0776fc9aa2a7d2dff6e1ea3769864104f09137b99960b69af13895d842649eacaed8ddf183beba3323640af8deb52b902c0974d685d19fc87c93eb80ad5d28e54363705ad39231d989522e94f000256bc8d93af138a45d67dad3e21fa9fb31d9327c6e71f61956d9daf4f97333112704136d3d1bf6fe0e4c002e10b684d2344300ec70fae0b50532ebace58f0e8318354a172cceacf27d01ff41cc8fef42443f62b0e15b5fcc0728630b96fb2c2b59634f4993bb1ce2eace6fb0f53e5f84bc5f58b1b66d59e3c75a98670496f105a703607211aa9e882e72f13e9fe07f0767ad4e5ac5c732b65301d8ceab36b5ff2f71958fb1b51d2e703ac506e68d4026160fd3f60440b8b8f554f1feeba5d53f71cbe60d143620f8fa779acb94c965b729207a5ab11f4a51b694c31606171da44a28d80cde296dff5724ff718d6377eb8534e616cff39af943ee4ce87b4fadded30c702d370a71072ab3e20f19b8c1b73fdbbb9c675352bb73ee85e22597fc0c439a33f5febe1629bd084af7193f8d1a1415b02ca54706711505cbae11ec6411b012cc3a3eddcfb002901b6e7565b9fbf4d605c147031888ceb590c14697d00970ce9095c6f7fee41ec6a15d7ef52dfedfff2a0d3dbb387b61232aee6ca202787038021e6aabda18e2adf6fd89aa491e65f9813d73412fbfff089752d713d7efa690ec4fc254b56908d3057f65997acf81aea589e272f8fa852849e488f1e0c0cb6cdb5f46ca92e36d39224e704850056d2e9b91909aed0f55d054e274415ecc39b8958335a14cfb0a42d7f26ef8e82592dfd03b3550b5193fba077994c682951968869574fd94976760d9bd9b334353eeda836cc8dab244e72095cc46833f02bb2f6df35601b3085664261abb67fc9ab9f27210e6827cd15ce16c55f0f7f5b8ab401f24032b19a53a9299b62ebf4a8cf7f4753d95126f008a8ce349036666de66bcaf40b27fa875efa98873e1ef9302e2a24bfe07bd1054bdf9ba9ad1b1075402f26d682833b947c762513ba5f07537bb712473184a60e04ace5adb8d982d6153b011ae0b2034adc0ff4a64e2c6561c2e0840cdab2120bc916cde9b7a92c4d332d0f83945fe55e3c8f4d93f22e7759c20241d92cca0ae5a3d06a127e5614df708cea1ad3b2f231c81460ff4c3f349c67a87135a4b67589ffce311832923f71796276e81f0537e265404c0ee06d5ed98a5ec5f8ad62db589eb585fc4627173b51fd4e897a3e8d2acbb82ec2996ac3a6823368a1e12a0536a9d1a7b2d31d80c46c292ff51395481d4f65c53fab867e27bec9156ee189d245d94877a1405dc9e1e996822ad47071a9ab36c9bfd02c41ea5ba21591793053b1b64758bae0addfcd69d169849bc1ee6ce5c08f0d3da5ecc1b6ab31e13af2fa5ce4d921163270901264a88ac6350e8fb6371663dd04146932238597258b123a8036250c190fbb3cfc6ebbf9e06c4a9053e8332c95c91a890a3d35ddd35f47e7ab606f3e345e12560e6d52243883da7b8910834042ad12e7fb3f08a0b14ef6aee22251999e6079be2ef5666d7d5ae00d161720262761da3f378c63cb151f4e94d034e9de949dfe796b905804ca555691023c30ea7cf0cb276e1e3ba65793291f8287d1064606bf5787421b9b9bfc05e9c5eac750de92519fe9e2592cd34a2ef6ec18efed5e7c13bfcfce47327cbecac358bbe6d44164849308cf91cd5ea87fa4b02ba4939e28141c7dad42714b019470d91808a8f46150677b6c90f267ecb39ef42afc95de0cbd016775c89d8213ec9d4e061e6493f237296f91abfc64176c0e885ef54af4136a724fadfe89a25d7599998acebc4a27f8fb5b26936bda5c3d5fec3373dcd9a0e99fc939641c50669adc54119582e8835575d1c57fa955cd29d870360620f91c3ff90d264013816352317ae226f7d7bad5db711f8973382f6cebd63cd519ddd08e1772649be75f64f4acc15f828dc0b305584b6dd2213194603c44e2964358d305aa97fb08568a0a955ad7a6f8d042754b4bbf2fb3414052719fd9841bef8360d1d3195c69414be882115c2c64fecdcbdaed3a2e943fdfef9a13520e41d32a787bcfe4f61e2b378d35aa70784a772cf8ebcaaeb105e4627516db2ababfcb8c11f224c3a48c86160d34d0ee59f02c31648ae4b0309b378f0bf63266967dcfb4f1cc1902f613c6d0d48915a9cf28a52b106544cde1b38ff2e2a1275fd0d3899ce7f7c6653c9017f7ac4aaa35bcb2811a8f9dbb56746b45475350e7c13d42abb5692377da7a4045ee644ce00f8699e3251d75621c82cd659ea3add277affe3ff792f7d24a3d0979ef82cfc0d409697ae2e8598854a8327f46974c901d309dc6dbe31913c59d821aa50c0fe95cc822e8f07bbb00e9a09bc9a570b9778d29308740bc336a41258d209c206f87a709aa43415da0096f7d177e509a7d625645fb098ccc45367d82235e952670ac5f82f8ced3f59fd9ee20ac75be609cc832417e807ddc40630cba4c91e0785edcb5f20b9e6dedb1ec172cd16fc034f410e9ce375ea855144aa3076317f649cf4efe4d7abf244984c4e", 0xfffffffffffffd14}, 0x10a9) getresuid(0x0, 0x0, 0x0) truncate(0x0, 0x200) sendmsg(0xffffffffffffffff, 0x0, 0x0) ioctl$VHOST_VSOCK_SET_GUEST_CID(0xffffffffffffffff, 0x4008af60, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) unlink(&(0x7f00000002c0)='./bus\x00') sendfile(r1, r1, &(0x7f00000000c0), 0x808100000000) 03:44:07 executing program 3: clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$packet_buf(0xffffffffffffffff, 0x107, 0x0, &(0x7f0000000080), 0x0) ioctl$sock_inet_SIOCSIFBRDADDR(0xffffffffffffffff, 0x891a, &(0x7f00000000c0)={'ip6_vth0\x00', {0x2, 0x0, @multicast2}}) setsockopt$inet6_buf(r0, 0x29, 0x80000000000040, &(0x7f0000000080), 0x0) 03:44:07 executing program 1: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_sys\x00', 0x0, 0x0) syz_mount_image$msdos(&(0x7f0000000180)='msdos\x00', &(0x7f0000000200)='./file0\x00', 0xe800, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) write(0xffffffffffffffff, 0x0, 0x0) sendto$rose(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = open(&(0x7f0000000800)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r1, &(0x7f0000000980)={0x8, "7c70ee3800d5ab5f2036f872e0ac57cbd592bca0d671633f50a3102066d6e765f5a64731e3fb8d90d250eda2cc33b60a7ff98074cdc3f1dd1a2df26a381d95974e0925d521c6b48c3dee0d430d398884316091aff6adb6153dc3c92549957d3488efc02d6f6fb172524b095c30c1bd35aae04236bdd42694d613eb54c0b65a338c48dc4c8bad70754fc81d9928e4a1b81f9c77075258a0805b4494867247966b24a023311fd91ef3754b98d3acde6f2ef0617f123c22fccb81c11389fdfa2e21c2365aabfc8916e02151d8643ae21cab7fcbec6142186d3bb57546c106484bc4c28a48da2b75dd82aabe99464558e60cd101f6b65856fabee614d271741a68dd550c8772f06a93cf8e5c0de549c3b75a72f8a590bd50b2af5f64009c969ed7596f0192b0f98b1afac0e8c5f4c653f611b4a71776400a9ae3f18e75f856788c97195749042510735880b9bb0ccb23210832a4f1c6f134d68f8e299837c426e0c9a45d5d2c959446cc363f370c67cd01a063c91254d692fe35abee92fabda4f66d93228c979ebe036c5c2e0028ec76562d67d0919ca28258fec0ed60603142b5c57c4cfb1ea1e892d0fd2f33970142b179c415d6bea344fbcc82d133052e848a885160737c69eb02ca9f544831c8e3ffcf40cb7b415d24795fc8aaeb8e76bec262aea5e28fe5d6495c4b5895a612b1cc2122286add66356f3ecd309f970634f1b09da1507964d35575167317f13c7fd9f11af27ceea86e9a5b3494a27ba98ba38dd1fb72ef2c6163664fd8f7c946935cd4833121f505ff277c03d959d9a12f3389e9eb6701a8b29f72c20c6abb7bd8349dd2e120bdd59dca9f1a2a877f1677b59d7920ddf29b9d94f7c6879b78e31cf1b65b60fe349ef9d4976f46609ee34e33f647aafbf64f6323d18598905f2e73af75661397595b8f9c1e9a4e993946820da5378ca5b363560e95edce316e99bac6e6250efcf1cb58fdcf94c7557c2d7f763a688543462d54b64e178c2e64c6ebba356894973051907fd8de8ba908e822168b171c1707efcd9ac827e64313721876e2ff26ac34e88557a4a0dfde08eda81cf0c1465a89b68429e48966044c767563e1121db48c9b619fd7362afd15ec6aa19b28759d7977be4fbcad0cf8dd5dc5362259bd5cb5089a9d18db969afe1192571f5fcc0c4d6be281d23b9c1f9f32873c058adfa1bf57a3718686957edfd6e4b58aa959541127696d59fb2810d042ced227961eb19a424e4cf45bc6243217bb7561b7ee11f8c0b8f39480343a26f2da5fe79d5e213c01ea47155ffa91e7d7ba0bc8ccb018bd69cfe71dd8565a645d678b404a295397e83ae69dbf8505f6947a836b44823a92861124330fccd4bc4a2e20d9047bd919d82c89623caa87eb09bd584d58f42b35ef55fddc06dfb3957f3f507e5ca9b8b98947cc5bb68846755527ddf32ffa444e1c7a5654d4d377e04a9f22e1069804fdcdb251acb6bd6b32d100feb44286991d779d2b3e2b7f5cc5f8eb3ae166a3b6fb9df11e1867989a6f9b2028e4c73b4d418b51f6e870713cadafddb47a48c9a97283da214f02db3326d42438d9a7db580693ad1887f99d86bb5fafd6d07c2647fc80c2c5a1ed9ea3b95be65ca422080ddefca5b49ccd538f6bc67390f892d9e416f7e835f76dd90edc56256348d20560caeea05c0922cab60dbf0b57ddaaed6ded5a336e01485fd571dc12050461271cee347c31ac245bfee9128630dfcc43b6d88b5ba9937a6f6ab70b7d256784ff72297cfcfd0ffacd09b55fb832bf60f04d87c48c74972b9f18fa178ce4880b025d1c1097ddb929e8f7e02f1c0e03012bec0fa61a49eb1c2a50a45fc0d98b6649de325184006938e421321e8b366649d9b6ebadf77509c9d48844e80f7752fd7daaa5c938b946feaaac0d871203270a747035c7e2f697c84e792a55cbce76c0a25360f7acbeaab60627aa9c37064af75b67f46732844eb2f6b37226004afe451a9fbfbbcf7e72ade67b017e9209b5627fbe16789abd90326751a1fd1d93efc59f2650f979ba71938d784064922bee2874c4b76d5f26e39ea0a98cf175950137feff9456c88c6a295830183fae3a9c2312c25f3d81708d73488d15a587e7e7cdde3b77917eef29c8b5965c916a65c3c5a53b7313c3115d0a8bb4e16f6b80ff6f78adb756aba94ced86047562a2cd2fb25e9a4656f6359c3f2fde8b5ab38852853cbd7221cb4d59b7f0e79bd37f9ade073f62b75edbe63c13c0d02bf076d88f5b750ea640aad47ce97d6a0783398dd3fbb63734ed969470cf45200235650532224fc28caf1e36ca6b402ec4c978add40fc59f2113485875682139f8aa9aeb48d09178de919370b0cd0ebcab5e60e1b0a2fc153db0dae8e50b48561622a677d0f1afc149676f832e016e14007fb298dcb96f11a92a1ac8bd4cc7b34d659d6cd2c9817b586585e72080255b083bc84512277ffb7f561c6a7a08cd128bfe9b525da531f0bf04f11d3de102b3538835807ac0b2f4325fc6765d02d692ec82f5b338c8257029136fcd3427c09874ecc7492becdd6608eac4adf1abc3f7e08868a72e57ce4dcfc288a25af73d19f1118a9254963c1548cdca5fc7c921a7f218f8e71edd7969dfb35beae1091d7530e32236397fa9fcd232b441ff1b0177829468c198d659d247ccca4fbd58c625501e4368075d0e5e69a6f90952f5bbe48e85a303131dedf7f1a513b291598a545784e1013521877c25d6069d3a855652a4bad5b2df2e4da2de756a20e790b756dd2925ce824561e5892b5e064c7c7b996acc4e29597e0cd00956e9c57ec374714f846be7632d3075e38bead499163498810886c78a2cc73fb64fd48e186083ce911e0751b4dc63476859c2824fa532a4b1711c244619e702eeab19380aeb7b17f67fade3dcad8ddddd893a526cd5d04d8ae982c88029ec71bdd0772fd74adbdb378fc204ca411a2d8a50331516a28552be78f9725f32d1b3a6c7bdf3277c5f7e385c7ebbacc419ec7ca3c5b8f46dbefee59b6422a6b22d60527edc012f852077d925619874f7709f283e01678fed36528003a696ee431a817f34f453c143dc56b70e1f810a5380a555cc8c4fc6522ab544ce5d715caa302ebdd0aa8286b7ef5dd6dd48a8ad9566818f7509daf02db0b98b432f57f1d107ee95a86228728cab4062e27922381e1e2ee351af5e2ea0fd6d1cea70b3b8f4a50f0776fc9aa2a7d2dff6e1ea3769864104f09137b99960b69af13895d842649eacaed8ddf183beba3323640af8deb52b902c0974d685d19fc87c93eb80ad5d28e54363705ad39231d989522e94f000256bc8d93af138a45d67dad3e21fa9fb31d9327c6e71f61956d9daf4f97333112704136d3d1bf6fe0e4c002e10b684d2344300ec70fae0b50532ebace58f0e8318354a172cceacf27d01ff41cc8fef42443f62b0e15b5fcc0728630b96fb2c2b59634f4993bb1ce2eace6fb0f53e5f84bc5f58b1b66d59e3c75a98670496f105a703607211aa9e882e72f13e9fe07f0767ad4e5ac5c732b65301d8ceab36b5ff2f71958fb1b51d2e703ac506e68d4026160fd3f60440b8b8f554f1feeba5d53f71cbe60d143620f8fa779acb94c965b729207a5ab11f4a51b694c31606171da44a28d80cde296dff5724ff718d6377eb8534e616cff39af943ee4ce87b4fadded30c702d370a71072ab3e20f19b8c1b73fdbbb9c675352bb73ee85e22597fc0c439a33f5febe1629bd084af7193f8d1a1415b02ca54706711505cbae11ec6411b012cc3a3eddcfb002901b6e7565b9fbf4d605c147031888ceb590c14697d00970ce9095c6f7fee41ec6a15d7ef52dfedfff2a0d3dbb387b61232aee6ca202787038021e6aabda18e2adf6fd89aa491e65f9813d73412fbfff089752d713d7efa690ec4fc254b56908d3057f65997acf81aea589e272f8fa852849e488f1e0c0cb6cdb5f46ca92e36d39224e704850056d2e9b91909aed0f55d054e274415ecc39b8958335a14cfb0a42d7f26ef8e82592dfd03b3550b5193fba077994c682951968869574fd94976760d9bd9b334353eeda836cc8dab244e72095cc46833f02bb2f6df35601b3085664261abb67fc9ab9f27210e6827cd15ce16c55f0f7f5b8ab401f24032b19a53a9299b62ebf4a8cf7f4753d95126f008a8ce349036666de66bcaf40b27fa875efa98873e1ef9302e2a24bfe07bd1054bdf9ba9ad1b1075402f26d682833b947c762513ba5f07537bb712473184a60e04ace5adb8d982d6153b011ae0b2034adc0ff4a64e2c6561c2e0840cdab2120bc916cde9b7a92c4d332d0f83945fe55e3c8f4d93f22e7759c20241d92cca0ae5a3d06a127e5614df708cea1ad3b2f231c81460ff4c3f349c67a87135a4b67589ffce311832923f71796276e81f0537e265404c0ee06d5ed98a5ec5f8ad62db589eb585fc4627173b51fd4e897a3e8d2acbb82ec2996ac3a6823368a1e12a0536a9d1a7b2d31d80c46c292ff51395481d4f65c53fab867e27bec9156ee189d245d94877a1405dc9e1e996822ad47071a9ab36c9bfd02c41ea5ba21591793053b1b64758bae0addfcd69d169849bc1ee6ce5c08f0d3da5ecc1b6ab31e13af2fa5ce4d921163270901264a88ac6350e8fb6371663dd04146932238597258b123a8036250c190fbb3cfc6ebbf9e06c4a9053e8332c95c91a890a3d35ddd35f47e7ab606f3e345e12560e6d52243883da7b8910834042ad12e7fb3f08a0b14ef6aee22251999e6079be2ef5666d7d5ae00d161720262761da3f378c63cb151f4e94d034e9de949dfe796b905804ca555691023c30ea7cf0cb276e1e3ba65793291f8287d1064606bf5787421b9b9bfc05e9c5eac750de92519fe9e2592cd34a2ef6ec18efed5e7c13bfcfce47327cbecac358bbe6d44164849308cf91cd5ea87fa4b02ba4939e28141c7dad42714b019470d91808a8f46150677b6c90f267ecb39ef42afc95de0cbd016775c89d8213ec9d4e061e6493f237296f91abfc64176c0e885ef54af4136a724fadfe89a25d7599998acebc4a27f8fb5b26936bda5c3d5fec3373dcd9a0e99fc939641c50669adc54119582e8835575d1c57fa955cd29d870360620f91c3ff90d264013816352317ae226f7d7bad5db711f8973382f6cebd63cd519ddd08e1772649be75f64f4acc15f828dc0b305584b6dd2213194603c44e2964358d305aa97fb08568a0a955ad7a6f8d042754b4bbf2fb3414052719fd9841bef8360d1d3195c69414be882115c2c64fecdcbdaed3a2e943fdfef9a13520e41d32a787bcfe4f61e2b378d35aa70784a772cf8ebcaaeb105e4627516db2ababfcb8c11f224c3a48c86160d34d0ee59f02c31648ae4b0309b378f0bf63266967dcfb4f1cc1902f613c6d0d48915a9cf28a52b106544cde1b38ff2e2a1275fd0d3899ce7f7c6653c9017f7ac4aaa35bcb2811a8f9dbb56746b45475350e7c13d42abb5692377da7a4045ee644ce00f8699e3251d75621c82cd659ea3add277affe3ff792f7d24a3d0979ef82cfc0d409697ae2e8598854a8327f46974c901d309dc6dbe31913c59d821aa50c0fe95cc822e8f07bbb00e9a09bc9a570b9778d29308740bc336a41258d209c206f87a709aa43415da0096f7d177e509a7d625645fb098ccc45367d82235e952670ac5f82f8ced3f59fd9ee20ac75be609cc832417e807ddc40630cba4c91e0785edcb5f20b9e6dedb1ec172cd16fc034f410e9ce375ea855144aa3076317f649cf4efe4d7abf244984c4e", 0xfffffffffffffd14}, 0x10a9) getresuid(0x0, 0x0, 0x0) truncate(0x0, 0x200) sendmsg(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) unlink(&(0x7f00000002c0)='./bus\x00') sendfile(r1, r1, &(0x7f00000000c0), 0x808100000000) 03:44:07 executing program 2: r0 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000000)='/dev/video36\x00', 0x2, 0x0) ioctl$VIDIOC_REQBUFS(r0, 0xc0585611, &(0x7f0000000040)={0x0, 0x1}) 03:44:07 executing program 3: clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$packet_buf(0xffffffffffffffff, 0x107, 0x0, &(0x7f0000000080), 0x0) ioctl$sock_inet_SIOCSIFBRDADDR(0xffffffffffffffff, 0x891a, &(0x7f00000000c0)={'ip6_vth0\x00', {0x2, 0x0, @multicast2}}) setsockopt$inet6_buf(r0, 0x29, 0x80000000000040, &(0x7f0000000080), 0x0) [ 1341.040644][ C1] net_ratelimit: 16 callbacks suppressed [ 1341.040653][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1341.052246][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1341.120651][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1341.126554][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1341.920637][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1341.926444][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1341.932250][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1341.937982][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1341.943761][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1341.949490][ C1] protocol 88fb is buggy, dev hsr_slave_1 03:44:09 executing program 0: clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x1) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x20000000, 0xd0}) ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 03:44:09 executing program 3: clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$packet_buf(0xffffffffffffffff, 0x107, 0x0, &(0x7f0000000080), 0x0) ioctl$sock_inet_SIOCSIFBRDADDR(0xffffffffffffffff, 0x891a, &(0x7f00000000c0)={'ip6_vth0\x00', {0x2, 0x0, @multicast2}}) setsockopt$inet6_buf(r0, 0x29, 0x80000000000040, &(0x7f0000000080), 0x0) 03:44:09 executing program 2: r0 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000000)='/dev/video36\x00', 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x5, 0x8, 0xf93, 0x2, 0x0, 0x1}, 0x2c) r1 = openat$vfio(0xffffffffffffff9c, 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, 0x0, &(0x7f00000001c0)) ioctl$sock_TIOCOUTQ(0xffffffffffffffff, 0x5411, &(0x7f0000000100)) clone(0x4000002102001ffb, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) fstat(r1, &(0x7f0000000240)) ioctl$sock_inet6_tcp_SIOCOUTQ(0xffffffffffffffff, 0x5411, 0x0) bpf$MAP_CREATE(0x4, &(0x7f0000000080)={0x3, 0x0, 0x73fffe}, 0x2c) ioctl$VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000040)={0x5, 0x1, 0x4}) setsockopt$bt_l2cap_L2CAP_LM(0xffffffffffffffff, 0x6, 0x3, &(0x7f00000000c0), 0x4) 03:44:09 executing program 4: r0 = syz_open_dev$video(&(0x7f0000000280)='/dev/video#\x00', 0x9, 0x0) ioctl$VIDIOC_S_INPUT(r0, 0xc0045627, &(0x7f00000000c0)=0x1) 03:44:09 executing program 1: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_sys\x00', 0x0, 0x0) syz_mount_image$msdos(&(0x7f0000000180)='msdos\x00', &(0x7f0000000200)='./file0\x00', 0xe800, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) write(0xffffffffffffffff, 0x0, 0x0) sendto$rose(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = open(&(0x7f0000000800)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r1, &(0x7f0000000980)={0x8, "7c70ee3800d5ab5f2036f872e0ac57cbd592bca0d671633f50a3102066d6e765f5a64731e3fb8d90d250eda2cc33b60a7ff98074cdc3f1dd1a2df26a381d95974e0925d521c6b48c3dee0d430d398884316091aff6adb6153dc3c92549957d3488efc02d6f6fb172524b095c30c1bd35aae04236bdd42694d613eb54c0b65a338c48dc4c8bad70754fc81d9928e4a1b81f9c77075258a0805b4494867247966b24a023311fd91ef3754b98d3acde6f2ef0617f123c22fccb81c11389fdfa2e21c2365aabfc8916e02151d8643ae21cab7fcbec6142186d3bb57546c106484bc4c28a48da2b75dd82aabe99464558e60cd101f6b65856fabee614d271741a68dd550c8772f06a93cf8e5c0de549c3b75a72f8a590bd50b2af5f64009c969ed7596f0192b0f98b1afac0e8c5f4c653f611b4a71776400a9ae3f18e75f856788c97195749042510735880b9bb0ccb23210832a4f1c6f134d68f8e299837c426e0c9a45d5d2c959446cc363f370c67cd01a063c91254d692fe35abee92fabda4f66d93228c979ebe036c5c2e0028ec76562d67d0919ca28258fec0ed60603142b5c57c4cfb1ea1e892d0fd2f33970142b179c415d6bea344fbcc82d133052e848a885160737c69eb02ca9f544831c8e3ffcf40cb7b415d24795fc8aaeb8e76bec262aea5e28fe5d6495c4b5895a612b1cc2122286add66356f3ecd309f970634f1b09da1507964d35575167317f13c7fd9f11af27ceea86e9a5b3494a27ba98ba38dd1fb72ef2c6163664fd8f7c946935cd4833121f505ff277c03d959d9a12f3389e9eb6701a8b29f72c20c6abb7bd8349dd2e120bdd59dca9f1a2a877f1677b59d7920ddf29b9d94f7c6879b78e31cf1b65b60fe349ef9d4976f46609ee34e33f647aafbf64f6323d18598905f2e73af75661397595b8f9c1e9a4e993946820da5378ca5b363560e95edce316e99bac6e6250efcf1cb58fdcf94c7557c2d7f763a688543462d54b64e178c2e64c6ebba356894973051907fd8de8ba908e822168b171c1707efcd9ac827e64313721876e2ff26ac34e88557a4a0dfde08eda81cf0c1465a89b68429e48966044c767563e1121db48c9b619fd7362afd15ec6aa19b28759d7977be4fbcad0cf8dd5dc5362259bd5cb5089a9d18db969afe1192571f5fcc0c4d6be281d23b9c1f9f32873c058adfa1bf57a3718686957edfd6e4b58aa959541127696d59fb2810d042ced227961eb19a424e4cf45bc6243217bb7561b7ee11f8c0b8f39480343a26f2da5fe79d5e213c01ea47155ffa91e7d7ba0bc8ccb018bd69cfe71dd8565a645d678b404a295397e83ae69dbf8505f6947a836b44823a92861124330fccd4bc4a2e20d9047bd919d82c89623caa87eb09bd584d58f42b35ef55fddc06dfb3957f3f507e5ca9b8b98947cc5bb68846755527ddf32ffa444e1c7a5654d4d377e04a9f22e1069804fdcdb251acb6bd6b32d100feb44286991d779d2b3e2b7f5cc5f8eb3ae166a3b6fb9df11e1867989a6f9b2028e4c73b4d418b51f6e870713cadafddb47a48c9a97283da214f02db3326d42438d9a7db580693ad1887f99d86bb5fafd6d07c2647fc80c2c5a1ed9ea3b95be65ca422080ddefca5b49ccd538f6bc67390f892d9e416f7e835f76dd90edc56256348d20560caeea05c0922cab60dbf0b57ddaaed6ded5a336e01485fd571dc12050461271cee347c31ac245bfee9128630dfcc43b6d88b5ba9937a6f6ab70b7d256784ff72297cfcfd0ffacd09b55fb832bf60f04d87c48c74972b9f18fa178ce4880b025d1c1097ddb929e8f7e02f1c0e03012bec0fa61a49eb1c2a50a45fc0d98b6649de325184006938e421321e8b366649d9b6ebadf77509c9d48844e80f7752fd7daaa5c938b946feaaac0d871203270a747035c7e2f697c84e792a55cbce76c0a25360f7acbeaab60627aa9c37064af75b67f46732844eb2f6b37226004afe451a9fbfbbcf7e72ade67b017e9209b5627fbe16789abd90326751a1fd1d93efc59f2650f979ba71938d784064922bee2874c4b76d5f26e39ea0a98cf175950137feff9456c88c6a295830183fae3a9c2312c25f3d81708d73488d15a587e7e7cdde3b77917eef29c8b5965c916a65c3c5a53b7313c3115d0a8bb4e16f6b80ff6f78adb756aba94ced86047562a2cd2fb25e9a4656f6359c3f2fde8b5ab38852853cbd7221cb4d59b7f0e79bd37f9ade073f62b75edbe63c13c0d02bf076d88f5b750ea640aad47ce97d6a0783398dd3fbb63734ed969470cf45200235650532224fc28caf1e36ca6b402ec4c978add40fc59f2113485875682139f8aa9aeb48d09178de919370b0cd0ebcab5e60e1b0a2fc153db0dae8e50b48561622a677d0f1afc149676f832e016e14007fb298dcb96f11a92a1ac8bd4cc7b34d659d6cd2c9817b586585e72080255b083bc84512277ffb7f561c6a7a08cd128bfe9b525da531f0bf04f11d3de102b3538835807ac0b2f4325fc6765d02d692ec82f5b338c8257029136fcd3427c09874ecc7492becdd6608eac4adf1abc3f7e08868a72e57ce4dcfc288a25af73d19f1118a9254963c1548cdca5fc7c921a7f218f8e71edd7969dfb35beae1091d7530e32236397fa9fcd232b441ff1b0177829468c198d659d247ccca4fbd58c625501e4368075d0e5e69a6f90952f5bbe48e85a303131dedf7f1a513b291598a545784e1013521877c25d6069d3a855652a4bad5b2df2e4da2de756a20e790b756dd2925ce824561e5892b5e064c7c7b996acc4e29597e0cd00956e9c57ec374714f846be7632d3075e38bead499163498810886c78a2cc73fb64fd48e186083ce911e0751b4dc63476859c2824fa532a4b1711c244619e702eeab19380aeb7b17f67fade3dcad8ddddd893a526cd5d04d8ae982c88029ec71bdd0772fd74adbdb378fc204ca411a2d8a50331516a28552be78f9725f32d1b3a6c7bdf3277c5f7e385c7ebbacc419ec7ca3c5b8f46dbefee59b6422a6b22d60527edc012f852077d925619874f7709f283e01678fed36528003a696ee431a817f34f453c143dc56b70e1f810a5380a555cc8c4fc6522ab544ce5d715caa302ebdd0aa8286b7ef5dd6dd48a8ad9566818f7509daf02db0b98b432f57f1d107ee95a86228728cab4062e27922381e1e2ee351af5e2ea0fd6d1cea70b3b8f4a50f0776fc9aa2a7d2dff6e1ea3769864104f09137b99960b69af13895d842649eacaed8ddf183beba3323640af8deb52b902c0974d685d19fc87c93eb80ad5d28e54363705ad39231d989522e94f000256bc8d93af138a45d67dad3e21fa9fb31d9327c6e71f61956d9daf4f97333112704136d3d1bf6fe0e4c002e10b684d2344300ec70fae0b50532ebace58f0e8318354a172cceacf27d01ff41cc8fef42443f62b0e15b5fcc0728630b96fb2c2b59634f4993bb1ce2eace6fb0f53e5f84bc5f58b1b66d59e3c75a98670496f105a703607211aa9e882e72f13e9fe07f0767ad4e5ac5c732b65301d8ceab36b5ff2f71958fb1b51d2e703ac506e68d4026160fd3f60440b8b8f554f1feeba5d53f71cbe60d143620f8fa779acb94c965b729207a5ab11f4a51b694c31606171da44a28d80cde296dff5724ff718d6377eb8534e616cff39af943ee4ce87b4fadded30c702d370a71072ab3e20f19b8c1b73fdbbb9c675352bb73ee85e22597fc0c439a33f5febe1629bd084af7193f8d1a1415b02ca54706711505cbae11ec6411b012cc3a3eddcfb002901b6e7565b9fbf4d605c147031888ceb590c14697d00970ce9095c6f7fee41ec6a15d7ef52dfedfff2a0d3dbb387b61232aee6ca202787038021e6aabda18e2adf6fd89aa491e65f9813d73412fbfff089752d713d7efa690ec4fc254b56908d3057f65997acf81aea589e272f8fa852849e488f1e0c0cb6cdb5f46ca92e36d39224e704850056d2e9b91909aed0f55d054e274415ecc39b8958335a14cfb0a42d7f26ef8e82592dfd03b3550b5193fba077994c682951968869574fd94976760d9bd9b334353eeda836cc8dab244e72095cc46833f02bb2f6df35601b3085664261abb67fc9ab9f27210e6827cd15ce16c55f0f7f5b8ab401f24032b19a53a9299b62ebf4a8cf7f4753d95126f008a8ce349036666de66bcaf40b27fa875efa98873e1ef9302e2a24bfe07bd1054bdf9ba9ad1b1075402f26d682833b947c762513ba5f07537bb712473184a60e04ace5adb8d982d6153b011ae0b2034adc0ff4a64e2c6561c2e0840cdab2120bc916cde9b7a92c4d332d0f83945fe55e3c8f4d93f22e7759c20241d92cca0ae5a3d06a127e5614df708cea1ad3b2f231c81460ff4c3f349c67a87135a4b67589ffce311832923f71796276e81f0537e265404c0ee06d5ed98a5ec5f8ad62db589eb585fc4627173b51fd4e897a3e8d2acbb82ec2996ac3a6823368a1e12a0536a9d1a7b2d31d80c46c292ff51395481d4f65c53fab867e27bec9156ee189d245d94877a1405dc9e1e996822ad47071a9ab36c9bfd02c41ea5ba21591793053b1b64758bae0addfcd69d169849bc1ee6ce5c08f0d3da5ecc1b6ab31e13af2fa5ce4d921163270901264a88ac6350e8fb6371663dd04146932238597258b123a8036250c190fbb3cfc6ebbf9e06c4a9053e8332c95c91a890a3d35ddd35f47e7ab606f3e345e12560e6d52243883da7b8910834042ad12e7fb3f08a0b14ef6aee22251999e6079be2ef5666d7d5ae00d161720262761da3f378c63cb151f4e94d034e9de949dfe796b905804ca555691023c30ea7cf0cb276e1e3ba65793291f8287d1064606bf5787421b9b9bfc05e9c5eac750de92519fe9e2592cd34a2ef6ec18efed5e7c13bfcfce47327cbecac358bbe6d44164849308cf91cd5ea87fa4b02ba4939e28141c7dad42714b019470d91808a8f46150677b6c90f267ecb39ef42afc95de0cbd016775c89d8213ec9d4e061e6493f237296f91abfc64176c0e885ef54af4136a724fadfe89a25d7599998acebc4a27f8fb5b26936bda5c3d5fec3373dcd9a0e99fc939641c50669adc54119582e8835575d1c57fa955cd29d870360620f91c3ff90d264013816352317ae226f7d7bad5db711f8973382f6cebd63cd519ddd08e1772649be75f64f4acc15f828dc0b305584b6dd2213194603c44e2964358d305aa97fb08568a0a955ad7a6f8d042754b4bbf2fb3414052719fd9841bef8360d1d3195c69414be882115c2c64fecdcbdaed3a2e943fdfef9a13520e41d32a787bcfe4f61e2b378d35aa70784a772cf8ebcaaeb105e4627516db2ababfcb8c11f224c3a48c86160d34d0ee59f02c31648ae4b0309b378f0bf63266967dcfb4f1cc1902f613c6d0d48915a9cf28a52b106544cde1b38ff2e2a1275fd0d3899ce7f7c6653c9017f7ac4aaa35bcb2811a8f9dbb56746b45475350e7c13d42abb5692377da7a4045ee644ce00f8699e3251d75621c82cd659ea3add277affe3ff792f7d24a3d0979ef82cfc0d409697ae2e8598854a8327f46974c901d309dc6dbe31913c59d821aa50c0fe95cc822e8f07bbb00e9a09bc9a570b9778d29308740bc336a41258d209c206f87a709aa43415da0096f7d177e509a7d625645fb098ccc45367d82235e952670ac5f82f8ced3f59fd9ee20ac75be609cc832417e807ddc40630cba4c91e0785edcb5f20b9e6dedb1ec172cd16fc034f410e9ce375ea855144aa3076317f649cf4efe4d7abf244984c4e", 0xfffffffffffffd14}, 0x10a9) getresuid(0x0, 0x0, 0x0) truncate(0x0, 0x200) sendmsg(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) unlink(&(0x7f00000002c0)='./bus\x00') sendfile(r1, r1, &(0x7f00000000c0), 0x808100000000) 03:44:09 executing program 5: socket$inet_sctp(0x2, 0x5, 0x84) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f00000003c0)=ANY=[@ANYBLOB="7cdaf117ad949c33f5436f8e61287af40e63e6559df00e1c92e3892c4c1cde1e61dc755864675bb0084e5e8ed007ed531d2e2c"], 0x0) r1 = socket(0xa, 0x3, 0x5) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'bridge0\x00\x00\x01\x00'}) setsockopt$ARPT_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x0, 0x61, &(0x7f0000000080)={'filter\x00', 0x4}, 0x68) setsockopt$inet6_mtu(r1, 0x29, 0x17, &(0x7f00000001c0)=0x2, 0x4) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8923, &(0x7f0000000040)={'bridge0\x00', 0xfffffffffffffffd}) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) socket$inet(0x2, 0x4000000000000001, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCBRADDBR(r4, 0x89a0, &(0x7f00000000c0)='bcsf0\x00') setsockopt$inet6_mtu(r3, 0x29, 0x17, &(0x7f00000002c0)=0x7, 0x4) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(tnepres)\x00'}, 0x58) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r2, 0x84, 0x7c, &(0x7f0000000680)={0x0, 0x4}, &(0x7f00000006c0)=0x8) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f0000000700)={0x0, 0x0, 0x2, 0x1, r6}, 0x10) r7 = accept4(r5, 0x0, &(0x7f0000000000), 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000100), 0x0) r8 = syz_genetlink_get_family_id$nbd(&(0x7f0000000740)='nbd\x00') sendmsg$NBD_CMD_STATUS(r4, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)={0x20, r8, 0x20, 0x70bd27, 0x25dfdbfd, {}, [@NBD_ATTR_TIMEOUT={0xc, 0x4, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x4000) sendto$unix(r7, &(0x7f0000000400), 0xfffffffffffffef8, 0x0, 0x0, 0x22) bind$bt_l2cap(r2, &(0x7f0000000280)={0x1f, 0x1000, {0x2, 0x8, 0x9, 0xff, 0x40, 0x65f}, 0x5, 0xa1}, 0xe) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000200)={r3, &(0x7f0000000140)="b127e17bb4729bdbe9df3309c28cfe1b0b69a52b7f9659d9f5e15f2d086700eb94d66d46780f09e48850970774d57053aa6f75", 0x0, 0x1}, 0x20) socket$alg(0x26, 0x5, 0x0) recvmmsg(r7, &(0x7f0000009140)=[{{&(0x7f0000001580)=@in={0x2, 0x0, @dev}, 0x80, &(0x7f0000004840)=[{&(0x7f0000003840)=""/4096, 0x6}, {&(0x7f0000001600)=""/129, 0x7fffeffa}], 0x2, &(0x7f00000048c0)=""/58, 0x3a}}], 0x1, 0x0, &(0x7f0000009340)={0x0, 0x989680}) ioctl$sock_SIOCBRDELBR(r4, 0x89a1, &(0x7f0000000180)='bcsf0\x00\x00\x00\x00\x00\x00\x00\x11\x00') getsockopt$bt_rfcomm_RFCOMM_LM(r3, 0x12, 0x3, &(0x7f0000000380), &(0x7f0000000240)=0x293) sendmsg$nl_xfrm(r0, &(0x7f0000000100)={&(0x7f0000f4dff4), 0xc, &(0x7f0000000040)={&(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000c011100"], 0x1}}, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000600)={'bridge0\x00'}) 03:44:09 executing program 2: sched_setscheduler(0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f00000004c0)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) r0 = creat(&(0x7f0000000180)='./file0/file0\x00', 0x0) write$binfmt_elf64(r0, 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mknod(&(0x7f0000000440)='./file0/file1\x00', 0x60000000000000, 0x0) 03:44:09 executing program 0: clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x1) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x20000000, 0xd0}) ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 03:44:09 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$video(&(0x7f0000000280)='/dev/video#\x00', 0x9, 0x0) ioctl$VIDIOC_S_INPUT(r0, 0xc0045627, &(0x7f00000000c0)) ioctl$VIDIOC_S_INPUT(r0, 0xc0045627, &(0x7f0000000040)=0x3) 03:44:09 executing program 3: clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$packet_buf(0xffffffffffffffff, 0x107, 0x0, &(0x7f0000000080)="df6c51c7bf5f8a4d8643869e4ccb891cdfcdf842", 0x14) ioctl$sock_inet_SIOCSIFBRDADDR(0xffffffffffffffff, 0x891a, &(0x7f00000000c0)={'ip6_vth0\x00', {0x2, 0x0, @multicast2}}) setsockopt$inet6_buf(r0, 0x29, 0x80000000000040, &(0x7f0000000080), 0x0) 03:44:10 executing program 3: clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$packet_buf(0xffffffffffffffff, 0x107, 0x0, &(0x7f0000000080)="df6c51c7bf5f8a4d8643869e4ccb891cdfcdf842", 0x14) ioctl$sock_inet_SIOCSIFBRDADDR(0xffffffffffffffff, 0x891a, &(0x7f00000000c0)={'ip6_vth0\x00', {0x2, 0x0, @multicast2}}) setsockopt$inet6_buf(r0, 0x29, 0x80000000000040, &(0x7f0000000080), 0x0) 03:44:10 executing program 2: r0 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000000)='/dev/video36\x00', 0x2, 0x0) ioctl$VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000040)={0x0, 0x9, 0x4}) 03:44:10 executing program 3: clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$packet_buf(0xffffffffffffffff, 0x107, 0x0, &(0x7f0000000080)="df6c51c7bf5f8a4d8643869e4ccb891cdfcdf842", 0x14) ioctl$sock_inet_SIOCSIFBRDADDR(0xffffffffffffffff, 0x891a, &(0x7f00000000c0)={'ip6_vth0\x00', {0x2, 0x0, @multicast2}}) setsockopt$inet6_buf(r0, 0x29, 0x80000000000040, &(0x7f0000000080), 0x0) 03:44:10 executing program 4: 03:44:10 executing program 3: clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$packet_buf(0xffffffffffffffff, 0x107, 0x0, &(0x7f0000000080)="df6c51c7bf5f8a4d8643869e4ccb891cdfcdf8426b0192fdaceef8985d53", 0x1e) ioctl$sock_inet_SIOCSIFBRDADDR(0xffffffffffffffff, 0x891a, &(0x7f00000000c0)={'ip6_vth0\x00', {0x2, 0x0, @multicast2}}) setsockopt$inet6_buf(r0, 0x29, 0x80000000000040, &(0x7f0000000080), 0x0) 03:44:10 executing program 4: 03:44:10 executing program 1: 03:44:10 executing program 2: 03:44:10 executing program 4: [ 1346.080610][ C1] net_ratelimit: 14 callbacks suppressed [ 1346.080617][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1346.092068][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1346.097841][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1346.103631][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1346.109400][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1346.115196][ C1] protocol 88fb is buggy, dev hsr_slave_1 03:44:12 executing program 0: clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x1) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x20000000, 0xd0}) ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 03:44:12 executing program 3: clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$packet_buf(0xffffffffffffffff, 0x107, 0x0, &(0x7f0000000080)="df6c51c7bf5f8a4d8643869e4ccb891cdfcdf8426b0192fdaceef8985d53", 0x1e) ioctl$sock_inet_SIOCSIFBRDADDR(0xffffffffffffffff, 0x891a, &(0x7f00000000c0)={'ip6_vth0\x00', {0x2, 0x0, @multicast2}}) setsockopt$inet6_buf(r0, 0x29, 0x80000000000040, &(0x7f0000000080), 0x0) 03:44:12 executing program 5: socket$inet_sctp(0x2, 0x5, 0x84) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f00000003c0)=ANY=[@ANYBLOB="7cdaf117ad949c33f5436f8e61287af40e63e6559df00e1c92e3892c4c1cde1e61dc755864675bb0084e5e8ed007ed531d2e2c"], 0x0) r1 = socket(0xa, 0x3, 0x5) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'bridge0\x00\x00\x01\x00'}) setsockopt$ARPT_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x0, 0x61, &(0x7f0000000080)={'filter\x00', 0x4}, 0x68) setsockopt$inet6_mtu(r1, 0x29, 0x17, &(0x7f00000001c0)=0x2, 0x4) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8923, &(0x7f0000000040)={'bridge0\x00', 0xfffffffffffffffd}) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) socket$inet(0x2, 0x4000000000000001, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCBRADDBR(r4, 0x89a0, &(0x7f00000000c0)='bcsf0\x00') setsockopt$inet6_mtu(r3, 0x29, 0x17, &(0x7f00000002c0)=0x7, 0x4) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(tnepres)\x00'}, 0x58) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r2, 0x84, 0x7c, &(0x7f0000000680)={0x0, 0x4}, &(0x7f00000006c0)=0x8) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f0000000700)={0x0, 0x0, 0x2, 0x1, r6}, 0x10) r7 = accept4(r5, 0x0, &(0x7f0000000000), 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000100), 0x0) r8 = syz_genetlink_get_family_id$nbd(&(0x7f0000000740)='nbd\x00') sendmsg$NBD_CMD_STATUS(r4, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)={0x20, r8, 0x20, 0x70bd27, 0x25dfdbfd, {}, [@NBD_ATTR_TIMEOUT={0xc, 0x4, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x4000) sendto$unix(r7, &(0x7f0000000400), 0xfffffffffffffef8, 0x0, 0x0, 0x22) bind$bt_l2cap(r2, &(0x7f0000000280)={0x1f, 0x1000, {0x2, 0x8, 0x9, 0xff, 0x40, 0x65f}, 0x5, 0xa1}, 0xe) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000200)={r3, &(0x7f0000000140)="b127e17bb4729bdbe9df3309c28cfe1b0b69a52b7f9659d9f5e15f2d086700eb94d66d46780f09e48850970774d57053aa6f75", 0x0, 0x1}, 0x20) socket$alg(0x26, 0x5, 0x0) recvmmsg(r7, &(0x7f0000009140)=[{{&(0x7f0000001580)=@in={0x2, 0x0, @dev}, 0x80, &(0x7f0000004840)=[{&(0x7f0000003840)=""/4096, 0x6}, {&(0x7f0000001600)=""/129, 0x7fffeffa}], 0x2, &(0x7f00000048c0)=""/58, 0x3a}}], 0x1, 0x0, &(0x7f0000009340)={0x0, 0x989680}) ioctl$sock_SIOCBRDELBR(r4, 0x89a1, &(0x7f0000000180)='bcsf0\x00\x00\x00\x00\x00\x00\x00\x11\x00') getsockopt$bt_rfcomm_RFCOMM_LM(r3, 0x12, 0x3, &(0x7f0000000380), &(0x7f0000000240)=0x293) sendmsg$nl_xfrm(r0, &(0x7f0000000100)={&(0x7f0000f4dff4), 0xc, &(0x7f0000000040)={&(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000c011100"], 0x1}}, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000600)={'bridge0\x00'}) 03:44:12 executing program 4: 03:44:12 executing program 1: 03:44:12 executing program 2: 03:44:12 executing program 3: clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$packet_buf(0xffffffffffffffff, 0x107, 0x0, &(0x7f0000000080)="df6c51c7bf5f8a4d8643869e4ccb891cdfcdf8426b0192fdaceef8985d53", 0x1e) ioctl$sock_inet_SIOCSIFBRDADDR(0xffffffffffffffff, 0x891a, &(0x7f00000000c0)={'ip6_vth0\x00', {0x2, 0x0, @multicast2}}) setsockopt$inet6_buf(r0, 0x29, 0x80000000000040, &(0x7f0000000080), 0x0) 03:44:13 executing program 4: 03:44:13 executing program 2: 03:44:13 executing program 3: clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$packet_buf(0xffffffffffffffff, 0x107, 0x0, &(0x7f0000000080)="df6c51c7bf5f8a4d8643869e4ccb891cdfcdf8426b0192fdaceef8985d539aa3ca359c", 0x23) ioctl$sock_inet_SIOCSIFBRDADDR(0xffffffffffffffff, 0x891a, &(0x7f00000000c0)={'ip6_vth0\x00', {0x2, 0x0, @multicast2}}) setsockopt$inet6_buf(r0, 0x29, 0x80000000000040, &(0x7f0000000080), 0x0) 03:44:13 executing program 1: 03:44:13 executing program 0: clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x1) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x20000000, 0xd0}) ptrace$setregs(0xd, r0, 0x0, 0x0) ptrace$cont(0x1f, r0, 0x0, 0x0) 03:44:13 executing program 4: 03:44:13 executing program 2: syz_mount_image$vfat(&(0x7f00000001c0)='vfat\x00', &(0x7f0000000080)='./file0\x00', 0x100000000000e002, 0x1, &(0x7f0000000100)=[{&(0x7f0000000140)="f264c86d4f66732e6684740002046a266300077021f0", 0x16}], 0x0, 0x0) [ 1347.280662][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1347.286459][ C1] protocol 88fb is buggy, dev hsr_slave_1 03:44:13 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x200000000000011, 0x3, 0x8) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000002c0)={'ip_vti0\x00', 0x0}) bind$packet(r0, &(0x7f0000000040)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @broadcast}, 0x14) sendmmsg(r0, &(0x7f0000000d00), 0x400004e, 0x0) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000180)={0x0, 0x0, 0x3, 0x0, [], [{0x0, 0x1, 0x51a, 0x0, 0x0, 0x400000}, {0x0, 0x7, 0x0, 0x0, 0x8}], [[], [], []]}) 03:44:13 executing program 3: clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$packet_buf(0xffffffffffffffff, 0x107, 0x0, &(0x7f0000000080)="df6c51c7bf5f8a4d8643869e4ccb891cdfcdf8426b0192fdaceef8985d539aa3ca359c", 0x23) ioctl$sock_inet_SIOCSIFBRDADDR(0xffffffffffffffff, 0x891a, &(0x7f00000000c0)={'ip6_vth0\x00', {0x2, 0x0, @multicast2}}) setsockopt$inet6_buf(r0, 0x29, 0x80000000000040, &(0x7f0000000080), 0x0) 03:44:13 executing program 4: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) clock_adjtime(0x0, &(0x7f0000000000)) 03:44:13 executing program 2: perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) mmap$perf(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r0 = semget(0x0, 0x0, 0x0) io_setup(0x0, 0x0) semctl$GETZCNT(r0, 0x0, 0x10, 0x0) 03:44:13 executing program 5: socket$inet_sctp(0x2, 0x5, 0x84) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f00000003c0)=ANY=[@ANYBLOB="7cdaf117ad949c33f5436f8e61287af40e63e6559df00e1c92e3892c4c1cde1e61dc755864675bb0084e5e8ed007ed531d2e2cbd9c775f9e6d807d11"], 0x0) r1 = socket(0xa, 0x3, 0x5) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'bridge0\x00\x00\x01\x00'}) setsockopt$ARPT_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x0, 0x61, &(0x7f0000000080)={'filter\x00', 0x4}, 0x68) setsockopt$inet6_mtu(r1, 0x29, 0x17, &(0x7f00000001c0)=0x2, 0x4) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8923, &(0x7f0000000040)={'bridge0\x00', 0xfffffffffffffffd}) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) socket$inet(0x2, 0x4000000000000001, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCBRADDBR(r4, 0x89a0, &(0x7f00000000c0)='bcsf0\x00') setsockopt$inet6_mtu(r3, 0x29, 0x17, &(0x7f00000002c0)=0x7, 0x4) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(tnepres)\x00'}, 0x58) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r2, 0x84, 0x7c, &(0x7f0000000680)={0x0, 0x4}, &(0x7f00000006c0)=0x8) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f0000000700)={0x0, 0x0, 0x2, 0x1, r6}, 0x10) r7 = accept4(r5, 0x0, &(0x7f0000000000), 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000100), 0x0) r8 = syz_genetlink_get_family_id$nbd(&(0x7f0000000740)='nbd\x00') sendmsg$NBD_CMD_STATUS(r4, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)={0x20, r8, 0x20, 0x70bd27, 0x25dfdbfd, {}, [@NBD_ATTR_TIMEOUT={0xc, 0x4, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x4000) sendto$unix(r7, &(0x7f0000000400), 0xfffffffffffffef8, 0x0, 0x0, 0x22) bind$bt_l2cap(r2, &(0x7f0000000280)={0x1f, 0x1000, {0x2, 0x8, 0x9, 0xff, 0x40, 0x65f}, 0x5, 0xa1}, 0xe) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000200)={r3, &(0x7f0000000140)="b127e17bb4729bdbe9df3309c28cfe1b0b69a52b7f9659d9f5e15f2d086700eb94d66d46780f09e48850970774d57053aa6f75", 0x0, 0x1}, 0x20) socket$alg(0x26, 0x5, 0x0) recvmmsg(r7, &(0x7f0000009140)=[{{&(0x7f0000001580)=@in={0x2, 0x0, @dev}, 0x80, &(0x7f0000004840)=[{&(0x7f0000003840)=""/4096, 0x6}, {&(0x7f0000001600)=""/129, 0x7fffeffa}], 0x2, &(0x7f00000048c0)=""/58, 0x3a}}], 0x1, 0x0, &(0x7f0000009340)={0x0, 0x989680}) ioctl$sock_SIOCBRDELBR(r4, 0x89a1, &(0x7f0000000180)='bcsf0\x00\x00\x00\x00\x00\x00\x00\x11\x00') getsockopt$bt_rfcomm_RFCOMM_LM(r3, 0x12, 0x3, &(0x7f0000000380), &(0x7f0000000240)=0x293) sendmsg$nl_xfrm(r0, &(0x7f0000000100)={&(0x7f0000f4dff4), 0xc, &(0x7f0000000040)={&(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000c011100"], 0x1}}, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000600)={'bridge0\x00'}) 03:44:13 executing program 3: clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$packet_buf(0xffffffffffffffff, 0x107, 0x0, &(0x7f0000000080)="df6c51c7bf5f8a4d8643869e4ccb891cdfcdf8426b0192fdaceef8985d539aa3ca359c", 0x23) ioctl$sock_inet_SIOCSIFBRDADDR(0xffffffffffffffff, 0x891a, &(0x7f00000000c0)={'ip6_vth0\x00', {0x2, 0x0, @multicast2}}) setsockopt$inet6_buf(r0, 0x29, 0x80000000000040, &(0x7f0000000080), 0x0) [ 1347.360676][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1347.366486][ C0] protocol 88fb is buggy, dev hsr_slave_1 03:44:13 executing program 4: r0 = openat(0xffffffffffffff9c, &(0x7f0000001fc0)='./file0\x00', 0x40, 0x0) ioctl$sock_inet_SIOCDELRT(0xffffffffffffffff, 0x890c, 0x0) ioctl$EXT4_IOC_SWAP_BOOT(0xffffffffffffffff, 0x6611) sendto(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) close(r0) ioctl$sock_inet6_tcp_SIOCINQ(0xffffffffffffffff, 0x541b, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)) setsockopt$inet_opts(r0, 0x0, 0xd, &(0x7f0000000040)="58f6dbe3c83bc294aca4e8fc0bd13226bf57cefd49fcaae882854cc2c745bde5eb2ff82f3aa09187653cb3c2619688866a30e8f4244d536de98804fd31f5116b1d1e1129f220cd4bd59cc58cce9e9b36d99bcd5ca56cbf76ceb053cfe737863883bacb0238ab73ead3cb6752b049c43c0e5f8677080b379c8f82054d58447fa7ca66d789869b1a75d170da1f0b28dc83d0a98622cdb591200bd5795be5d37036b736eb13781867cb5bf8f4e9f97c74b3ae945527e1183d371ff8f9219efe588e6c9e165bfe29820f8bfa12bdbcb8e407170f841158ea2b5975afef6a8ceea620a728b1fb9f5e551ff520b32fa87c7a819af1b9", 0xf3) ioctl$FIONREAD(0xffffffffffffffff, 0x541b, 0x0) setsockopt$inet_group_source_req(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) 03:44:13 executing program 2: r0 = syz_open_dev$video(&(0x7f0000000280)='/dev/video#\x00', 0x9, 0x0) ioctl$VIDIOC_S_INPUT(r0, 0xc0045627, &(0x7f00000000c0)) ioctl$VIDIOC_S_INPUT(r0, 0xc0045627, &(0x7f0000000040)=0x3) 03:44:13 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$EBT_SO_SET_ENTRIES(r0, 0xffffffff00000000, 0x80, &(0x7f0000000100)=@nat={'n\nt\x00', 0x19, 0x3, 0x270, [0x20000540, 0x0, 0x0, 0x20000640, 0x20000780], 0x0, 0x0, &(0x7f0000000540)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0xb, 0x0, 0x0, 'bridge_slave_0\x00', 'sit0\x00', 'ip6gretap0\x00', 'ipddp0\x00', @broadcast, [], @dev, [], 0xa0, 0xa0, 0xd0, [@connlabel={'connlabel\x00', 0x8, {{0x0, 0xc882e99a8a6c1b2e}}}]}}, @common=@AUDIT={'AUDIT\x00', 0x8}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff, 0x1, [{{{0x3, 0x0, 0x0, 'vlan0\x00', 'bpq0\x00', 'ip_vti0\x00', 'veth1\x00\x00\x00\x00\x00\x1c\x00', @link_local, [], @dev, [], 0x70, 0xd8, 0x110}, [@common=@STANDARD={'\x00', 0x8}, @common=@mark={'mark\x00', 0x10}]}, @snat={'snat\x00', 0x10, {{@dev}}}}]}, {0x0, '\x00', 0x2}]}, 0x2e8) 03:44:16 executing program 0: clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x1) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x20000000, 0xd0}) ptrace$setregs(0xd, r0, 0x0, 0x0) ptrace$cont(0x1f, r0, 0x0, 0x0) 03:44:16 executing program 3: clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$packet_buf(0xffffffffffffffff, 0x107, 0x0, &(0x7f0000000080)="df6c51c7bf5f8a4d8643869e4ccb891cdfcdf8426b0192fdaceef8985d539aa3ca359c284a", 0x25) ioctl$sock_inet_SIOCSIFBRDADDR(0xffffffffffffffff, 0x891a, &(0x7f00000000c0)={'ip6_vth0\x00', {0x2, 0x0, @multicast2}}) setsockopt$inet6_buf(r0, 0x29, 0x80000000000040, &(0x7f0000000080), 0x0) 03:44:16 executing program 2: syz_mount_image$msdos(&(0x7f0000000500)='msdos\x00', &(0x7f0000000340)='./file0\x00', 0xe800, 0x1, &(0x7f0000000540)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x18, 0x0) r0 = syz_open_dev$amidi(0x0, 0x1, 0x492440) ioctl$DRM_IOCTL_ADD_MAP(r0, 0xc0286415, &(0x7f00000001c0)={0x0, 0x80000000, 0x5, 0x81, &(0x7f0000012000/0x3000)=nil, 0x1}) mkdirat$cgroup(r0, &(0x7f0000000180)='syz1\x00', 0x1ff) open(&(0x7f0000000380)='./file0\x00', 0x40, 0x0) execve(0x0, 0x0, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = open(&(0x7f0000000800)='./file0\x00', 0x0, 0x0) fchdir(r2) r3 = open(&(0x7f0000000100)='./file0\x00', 0x141042, 0x10) write$UHID_INPUT(r3, &(0x7f00000019c0)={0x8, "7c70ee3800d5ab5f2036f872e0ac57cbd592bca0d671633f50a3102066d6e765f5a64731e3fb8d90d250eda2cc33b60a7ff98074cdc3f1dd1a2df26a381d95974e0925d521c6b48c3dee0d430d398884316091aff6adb6153dc3c92549957d3488efc02d6f6fb172524b095c30c1bd35aae04236bdd42694d613eb54c0b65a338c48dc4c8bad70754fc81d9928e4a1b81f9c77075258a0805b4494867247966b24a023311fd91ef3754b98d3acde6f2ef0617f123c22fccb81c11389fdfa2e21c2365aabfc8916e02151d8643ae21cab7fcbec6142186d3bb57546c106484bc4c28a48da2b75dd82aabe99464558e60cd101f6b65856fabee614d271741a68dd550c8772f06a93cf8e5c0de549c3b75a72f8a590bd50b2af5f64009c969ed7596f0192b0f98b1afac0e8c5f4c653f611b4a71776400a9ae3f18e75f856788c97195749042510735880b9bb0ccb23210832a4f1c6f134d68f8e299837c426e0c9a45d5d2c959446cc363f370c67cd01a063c91254d692fe35abee92fabda4f66d93228c979ebe036c5c2e0028ec76562d67d0919ca28258fec0ed60603142b5c57c4cfb1ea1e892d0fd2f33970142b179c415d6bea344fbcc82d133052e848a885160737c69eb02ca9f544831c8e3ffcf40cb7b415d24795fc8aaeb8e76bec262aea5e28fe5d6495c4b5895a612b1cc2122286add66356f3ecd309f970634f1b09da1507964d35575167317f13c7fd9f11af27ceea86e9a5b3494a27ba98ba38dd1fb72ef2c6163664fd8f7c946935cd4833121f505ff277c03d959d9a12f3389e9eb6701a8b29f72c20c6abb7bd8349dd2e120bdd59dca9f1a2a877f1677b59d7920ddf29b9d94f7c6879b78e31cf1b65b60fe349ef9d4976f46609ee34e33f647aafbf64f6323d18598905f2e73af75661397595b8f9c1e9a4e993946820da5378ca5b363560e95edce316e99bac6e6250efcf1cb58fdcf94c7557c2d7f763a688543462d54b64e178c2e64c6ebba356894973051907fd8de8ba908e822168b171c1707efcd9ac827e64313721876e2ff26ac34e88557a4a0dfde08eda81cf0c1465a89b68429e48966044c767563e1121db48c9b619fd7362afd15ec6aa19b28759d7977be4fbcad0cf8dd5dc5362259bd5cb5089a9d18db969afe1192571f5fcc0c4d6be281d23b9c1f9f32873c058adfa1bf57a3718686957edfd6e4b58aa959541127696d59fb2810d042ced227961eb19a424e4cf45bc6243217bb7561b7ee11f8c0b8f39480343a26f2da5fe79d5e213c01ea47155ffa91e7d7ba0bc8ccb018bd69cfe71dd8565a645d678b404a295397e83ae69dbf8505f6947a836b44823a92861124330fccd4bc4a2e20d9047bd919d82c89623caa87eb09bd584d58f42b35ef55fddc06dfb3957f3f507e5ca9b8b98947cc5bb68846755527ddf32ffa444e1c7a5654d4d377e04a9f22e1069804fdcdb251acb6bd6b32d100feb44286991d779d2b3e2b7f5cc5f8eb3ae166a3b6fb9df11e1867989a6f9b2028e4c73b4d418b51f6e870713cadafddb47a48c9a97283da214f02db3326d42438d9a7db580693ad1887f99d86bb5fafd6d07c2647fc80c2c5a1ed9ea3b95be65ca422080ddefca5b49ccd538f6bc67390f892d9e416f7e835f76dd90edc56256348d20560caeea05c0922cab60dbf0b57ddaaed6ded5a336e01485fd571dc12050461271cee347c31ac245bfee9128630dfcc43b6d88b5ba9937a6f6ab70b7d256784ff72297cfcfd0ffacd09b55fb832bf60f04d87c48c74972b9f18fa178ce4880b025d1c1097ddb929e8f7e02f1c0e03012bec0fa61a49eb1c2a50a45fc0d98b6649de325184006938e421321e8b366649d9b6ebadf77509c9d48844e80f7752fd7daaa5c938b946feaaac0d871203270a747035c7e2f697c84e792a55cbce76c0a25360f7acbeaab60627aa9c37064af75b67f46732844eb2f6b37226004afe451a9fbfbbcf7e72ade67b017e9209b5627fbe16789abd90326751a1fd1d93efc59f2650f979ba71938d784064922bee2874c4b76d5f26e39ea0a98cf175950137feff9456c88c6a295830183fae3a9c2312c25f3d81708d73488d15a587e7e7cdde3b77917eef29c8b5965c916a65c3c5a53b7313c3115d0a8bb4e16f6b80ff6f78adb756aba94ced86047562a2cd2fb25e9a4656f6359c3f2fde8b5ab38852853cbd7221cb4d59b7f0e79bd37f9ade073f62b75edbe63c13c0d02bf076d88f5b750ea640aad47ce97d6a0783398dd3fbb63734ed969470cf45200235650532224fc28caf1e36ca6b402ec4c978add40fc59f2113485875682139f8aa9aeb48d09178de919370b0cd0ebcab5e60e1b0a2fc153db0dae8e50b48561622a677d0f1afc149676f832e016e14007fb298dcb96f11a92a1ac8bd4cc7b34d659d6cd2c9817b586585e72080255b083bc84512277ffb7f561c6a7a08cd128bfe9b525da531f0bf04f11d3de102b3538835807ac0b2f4325fc6765d02d692ec82f5b338c8257029136fcd3427c09874ecc7492becdd6608eac4adf1abc3f7e08868a72e57ce4dcfc288a25af73d19f1118a9254963c1548cdca5fc7c921a7f218f8e71edd7969dfb35beae1091d7530e32236397fa9fcd232b441ff1b0177829468c198d659d247ccca4fbd58c625501e4368075d0e5e69a6f90952f5bbe48e85a303131dedf7f1a513b291598a545784e1013521877c25d6069d3a855652a4bad5b2df2e4da2de756a20e790b756dd2925ce824561e5892b5e064c7c7b996acc4e29597e0cd00956e9c57ec374714f846be7632d3075e38bead499163498810886c78a2cc73fb64fd48e186083ce911e0751b4dc63476859c2824fa532a4b1711c244619e702eeab19380aeb7b17f67fade3dcad8ddddd893a526cd5d04d8ae982c88029ec71bdd0772fd74adbdb378fc204ca411a2d8a50331516a28552be78f9725f32d1b3a6c7bdf3277c5f7e385c7ebbacc419ec7ca3c5b8f46dbefee59b6422a6b22d60527edc012f852077d925619874f7709f283e01678fed36528003a696ee431a817f34f453c143dc56b70e1f810a5380a555cc8c4fc6522ab544ce5d715caa302ebdd0aa8286b7ef5dd6dd48a8ad9566818f7509daf02db0b98b432f57f1d107ee95a86228728cab4062e27922381e1e2ee351af5e2ea0fd6d1cea70b3b8f4a50f0776fc9aa2a7d2dff6e1ea3769864104f09137b99960b69af13895d842649eacaed8ddf183beba3323640af8deb52b902c0974d685d19fc87c93eb80ad5d28e54363705ad39231d989522e94f000256bc8d93af138a45d67dad3e21fa9fb31d9327c6e71f61956d9daf4f97333112704136d3d1bf6fe0e4c002e10b684d2344300ec70fae0b50532ebace58f0e8318354a172cceacf27d01ff41cc8fef42443f62b0e15b5fcc0728630b96fb2c2b59634f4993bb1ce2eace6fb0f53e5f84bc5f58b1b66d59e3c75a98670496f105a703607211aa9e882e72f13e9fe07f0767ad4e5ac5c732b65301d8ceab36b5ff2f71958fb1b51d2e703ac506e68d4026160fd3f60440b8b8f554f1feeba5d53f71cbe60d143620f8fa779acb94c965b729207a5ab11f4a51b694c31606171da44a28d80cde296dff5724ff718d6377eb8534e616cff39af943ee4ce87b4fadded30c702d370a71072ab3e20f19b8c1b73fdbbb9c675352bb73ee85e22597fc0c439a33f5febe1629bd084af7193f8d1a1415b02ca54706711505cbae11ec6411b012cc3a3eddcfb002901b6e7565b9fbf4d605c147031888ceb590c14697d00970ce9095c6f7fee41ec6a15d7ef52dfedfff2a0d3dbb387b61232aee6ca202787038021e6aabda18e2adf6fd89aa491e65f9813d73412fbfff089752d713d7efa690ec4fc254b56908d3057f65997acf81aea589e272f8fa852849e488f1e0c0cb6cdb5f46ca92e36d39224e704850056d2e9b91909aed0f55d054e274415ecc39b8958335a14cfb0a42d7f26ef8e82592dfd03b3550b5193fba077994c682951968869574fd94976760d9bd9b334353eeda836cc8dab244e72095cc46833f02bb2f6df35601b3085664261abb67fc9ab9f27210e6827cd15ce16c55f0f7f5b8ab401f24032b19a53a9299b62ebf4a8cf7f4753d95126f008a8ce349036666de66bcaf40b27fa875efa98873e1ef9302e2a24bfe07bd1054bdf9ba9ad1b1075402f26d682833b947c762513ba5f07537bb712473184a60e04ace5adb8d982d6153b011ae0b2034adc0ff4a64e2c6561c2e0840cdab2120bc916cde9b7a92c4d332d0f83945fe55e3c8f4d93f22e7759c20241d92cca0ae5a3d06a127e5614df708cea1ad3b2f231c81460ff4c3f349c67a87135a4b67589ffce311832923f71796276e81f0537e265404c0ee06d5ed98a5ec5f8ad62db589eb585fc4627173b51fd4e897a3e8d2acbb82ec2996ac3a6823368a1e12a0536a9d1a7b2d31d80c46c292ff51395481d4f65c53fab867e27bec9156ee189d245d94877a1405dc9e1e996822ad47071a9ab36c9bfd02c41ea5ba21591793053b1b64758bae0addfcd69d169849bc1ee6ce5c08f0d3da5ecc1b6ab31e13af2fa5ce4d921163270901264a88ac6350e8fb6371663dd04146932238597258b123a8036250c190fbb3cfc6ebbf9e06c4a9053e8332c95c91a890a3d35ddd35f47e7ab606f3e345e12560e6d52243883da7b8910834042ad12e7fb3f08a0b14ef6aee22251999e6079be2ef5666d7d5ae00d161720262761da3f378c63cb151f4e94d034e9de949dfe796b905804ca555691023c30ea7cf0cb276e1e3ba65793291f8287d1064606bf5787421b9b9bfc05e9c5eac750de92519fe9e2592cd34a2ef6ec18efed5e7c13bfcfce47327cbecac358bbe6d44164849308cf91cd5ea87fa4b02ba4939e28141c7dad42714b019470d91808a8f46150677b6c90f267ecb39ef42afc95de0cbd016775c89d8213ec9d4e061e6493f237296f91abfc64176c0e885ef54af4136a724fadfe89a25d7599998acebc4a27f8fb5b26936bda5c3d5fec3373dcd9a0e99fc939641c50669adc54119582e8835575d1c57fa955cd29d870360620f91c3ff90d264013816352317ae226f7d7bad5db711f8973382f6cebd63cd519ddd08e1772649be75f64f4acc15f828dc0b305584b6dd2213194603c44e2964358d305aa97fb08568a0a955ad7a6f8d042754b4bbf2fb3414052719fd9841bef8360d1d3195c69414be882115c2c64fecdcbdaed3a2e943fdfef9a13520e41d32a787bcfe4f61e2b378d35aa70784a772cf8ebcaaeb105e4627516db2ababfcb8c11f224c3a48c86160d34d0ee59f02c31648ae4b0309b378f0bf63266967dcfb4f1cc1902f613c6d0d48915a9cf28a52b106544cde1b38ff2e2a1275fd0d3899ce7f7c6653c9017f7ac4aaa35bcb2811a8f9dbb56746b45475350e7c13d42abb5692377da7a4045ee644ce00f8699e3251d75621c82cd659ea3add277affe3ff792f7d24a3d0979ef82cfc0d409697ae2e8598854a8327f46974c901d309dc6dbe31913c59d821aa50c0fe95cc822e8f07bbb00e9a09bc9a570b9778d29308740bc336a41258d209c206f87a709aa43415da0096f7d177e509a7d625645fb098ccc45367d82235e952670ac5f82f8ced3f59fd9ee20ac75be609cc832417e807ddc40630cba4c91e0785edcb5f20b9e6dedb1ec172cd16fc034f410e9ce375ea855144aa3076317f649cf4efe4d7abf244984c4e", 0x1006f}, 0x1006) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r3, r3, &(0x7f00000000c0)=0xec, 0x8080ffffff06) 03:44:16 executing program 4: r0 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000000)='/dev/video36\x00', 0x2, 0x0) ioctl$VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000040)={0x5, 0x1, 0x4}) 03:44:16 executing program 1: r0 = syz_open_dev$video(&(0x7f0000000280)='/dev/video#\x00', 0x9, 0x0) ioctl$VIDIOC_S_INPUT(r0, 0xc0045627, &(0x7f00000000c0)) 03:44:16 executing program 5: socket$inet_sctp(0x2, 0x5, 0x84) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f00000003c0)=ANY=[@ANYBLOB="7cdaf117ad949c33f5436f8e61287af40e63e6559df00e1c92e3892c4c1cde1e61dc755864675bb0084e5e8ed007ed531d2e2cbd9c775f9e6d807d11"], 0x0) r1 = socket(0xa, 0x3, 0x5) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'bridge0\x00\x00\x01\x00'}) setsockopt$ARPT_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x0, 0x61, &(0x7f0000000080)={'filter\x00', 0x4}, 0x68) setsockopt$inet6_mtu(r1, 0x29, 0x17, &(0x7f00000001c0)=0x2, 0x4) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8923, &(0x7f0000000040)={'bridge0\x00', 0xfffffffffffffffd}) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) socket$inet(0x2, 0x4000000000000001, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCBRADDBR(r4, 0x89a0, &(0x7f00000000c0)='bcsf0\x00') setsockopt$inet6_mtu(r3, 0x29, 0x17, &(0x7f00000002c0)=0x7, 0x4) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(tnepres)\x00'}, 0x58) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r2, 0x84, 0x7c, &(0x7f0000000680)={0x0, 0x4}, &(0x7f00000006c0)=0x8) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f0000000700)={0x0, 0x0, 0x2, 0x1, r6}, 0x10) r7 = accept4(r5, 0x0, &(0x7f0000000000), 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000100), 0x0) r8 = syz_genetlink_get_family_id$nbd(&(0x7f0000000740)='nbd\x00') sendmsg$NBD_CMD_STATUS(r4, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)={0x20, r8, 0x20, 0x70bd27, 0x25dfdbfd, {}, [@NBD_ATTR_TIMEOUT={0xc, 0x4, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x4000) sendto$unix(r7, &(0x7f0000000400), 0xfffffffffffffef8, 0x0, 0x0, 0x22) bind$bt_l2cap(r2, &(0x7f0000000280)={0x1f, 0x1000, {0x2, 0x8, 0x9, 0xff, 0x40, 0x65f}, 0x5, 0xa1}, 0xe) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000200)={r3, &(0x7f0000000140)="b127e17bb4729bdbe9df3309c28cfe1b0b69a52b7f9659d9f5e15f2d086700eb94d66d46780f09e48850970774d57053aa6f75", 0x0, 0x1}, 0x20) socket$alg(0x26, 0x5, 0x0) recvmmsg(r7, &(0x7f0000009140)=[{{&(0x7f0000001580)=@in={0x2, 0x0, @dev}, 0x80, &(0x7f0000004840)=[{&(0x7f0000003840)=""/4096, 0x6}, {&(0x7f0000001600)=""/129, 0x7fffeffa}], 0x2, &(0x7f00000048c0)=""/58, 0x3a}}], 0x1, 0x0, &(0x7f0000009340)={0x0, 0x989680}) ioctl$sock_SIOCBRDELBR(r4, 0x89a1, &(0x7f0000000180)='bcsf0\x00\x00\x00\x00\x00\x00\x00\x11\x00') getsockopt$bt_rfcomm_RFCOMM_LM(r3, 0x12, 0x3, &(0x7f0000000380), &(0x7f0000000240)=0x293) sendmsg$nl_xfrm(r0, &(0x7f0000000100)={&(0x7f0000f4dff4), 0xc, &(0x7f0000000040)={&(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000c011100"], 0x1}}, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000600)={'bridge0\x00'}) [ 1349.793203][ T26] audit: type=1804 audit(2000000656.219:2576): pid=10160 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/file0/root/syzkaller-testdir076744696/syzkaller.QvoDtN/2431/file0" dev="sda1" ino=17656 res=1 03:44:16 executing program 3: clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$packet_buf(0xffffffffffffffff, 0x107, 0x0, &(0x7f0000000080)="df6c51c7bf5f8a4d8643869e4ccb891cdfcdf8426b0192fdaceef8985d539aa3ca359c284a", 0x25) ioctl$sock_inet_SIOCSIFBRDADDR(0xffffffffffffffff, 0x891a, &(0x7f00000000c0)={'ip6_vth0\x00', {0x2, 0x0, @multicast2}}) setsockopt$inet6_buf(r0, 0x29, 0x80000000000040, &(0x7f0000000080), 0x0) 03:44:16 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000480)=ANY=[@ANYBLOB="140000000301ffff808fdb003d88c8f00010ae1b"], 0x14}}, 0x0) recvmmsg(r0, &(0x7f00000013c0), 0x4a5, 0x0, &(0x7f0000000c40)={0x77359400}) 03:44:16 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) r1 = socket$packet(0x11, 0x400000000a, 0x300) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) getsockopt$sock_buf(r0, 0x1, 0x2e, 0x0, &(0x7f0000000040)=0x10) 03:44:16 executing program 0: clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x1) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x20000000, 0xd0}) ptrace$setregs(0xd, r0, 0x0, 0x0) ptrace$cont(0x1f, r0, 0x0, 0x0) 03:44:16 executing program 3: clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$packet_buf(0xffffffffffffffff, 0x107, 0x0, &(0x7f0000000080)="df6c51c7bf5f8a4d8643869e4ccb891cdfcdf8426b0192fdaceef8985d539aa3ca359c284a", 0x25) ioctl$sock_inet_SIOCSIFBRDADDR(0xffffffffffffffff, 0x891a, &(0x7f00000000c0)={'ip6_vth0\x00', {0x2, 0x0, @multicast2}}) setsockopt$inet6_buf(r0, 0x29, 0x80000000000040, &(0x7f0000000080), 0x0) 03:44:16 executing program 0: clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x1) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x20000000, 0xd0}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0xffffffffffffffff, r0, 0x0, 0x0) 03:44:16 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000002640)={0x26, 'aead\x00', 0x0, 0x0, 'rfc7539(cfb(twofish),rmd128-generic)\x00'}, 0x58) bind$alg(r0, &(0x7f0000000000)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_ctr_aes256\x00'}, 0x58) 03:44:16 executing program 3: clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$packet_buf(0xffffffffffffffff, 0x107, 0x0, &(0x7f0000000080)="df6c51c7bf5f8a4d8643869e4ccb891cdfcdf8426b0192fdaceef8985d539aa3ca359c284afc", 0x26) ioctl$sock_inet_SIOCSIFBRDADDR(0xffffffffffffffff, 0x891a, &(0x7f00000000c0)={'ip6_vth0\x00', {0x2, 0x0, @multicast2}}) setsockopt$inet6_buf(r0, 0x29, 0x80000000000040, &(0x7f0000000080), 0x0) 03:44:17 executing program 0: clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x1) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x20000000, 0xd0}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0xffffffffffffffff, r0, 0x0, 0x0) 03:44:17 executing program 3: clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$packet_buf(0xffffffffffffffff, 0x107, 0x0, &(0x7f0000000080)="df6c51c7bf5f8a4d8643869e4ccb891cdfcdf8426b0192fdaceef8985d539aa3ca359c284afc", 0x26) ioctl$sock_inet_SIOCSIFBRDADDR(0xffffffffffffffff, 0x891a, &(0x7f00000000c0)={'ip6_vth0\x00', {0x2, 0x0, @multicast2}}) setsockopt$inet6_buf(r0, 0x29, 0x80000000000040, &(0x7f0000000080), 0x0) 03:44:17 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000002640)={0x26, 'aead\x00', 0x0, 0x0, 'rfc7539(cfb(twofish),rmd128-generic)\x00'}, 0x58) bind$alg(r0, &(0x7f0000000000)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_ctr_aes256\x00'}, 0x58) 03:44:17 executing program 5: socket$inet_sctp(0x2, 0x5, 0x84) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f00000003c0)=ANY=[@ANYBLOB="7cdaf117ad949c33f5436f8e61287af40e63e6559df00e1c92e3892c4c1cde1e61dc755864675bb0084e5e8ed007ed531d2e2cbd9c775f9e6d807d11"], 0x0) r1 = socket(0xa, 0x3, 0x5) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'bridge0\x00\x00\x01\x00'}) setsockopt$ARPT_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x0, 0x61, &(0x7f0000000080)={'filter\x00', 0x4}, 0x68) setsockopt$inet6_mtu(r1, 0x29, 0x17, &(0x7f00000001c0)=0x2, 0x4) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8923, &(0x7f0000000040)={'bridge0\x00', 0xfffffffffffffffd}) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) socket$inet(0x2, 0x4000000000000001, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCBRADDBR(r4, 0x89a0, &(0x7f00000000c0)='bcsf0\x00') setsockopt$inet6_mtu(r3, 0x29, 0x17, &(0x7f00000002c0)=0x7, 0x4) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(tnepres)\x00'}, 0x58) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r2, 0x84, 0x7c, &(0x7f0000000680)={0x0, 0x4}, &(0x7f00000006c0)=0x8) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f0000000700)={0x0, 0x0, 0x2, 0x1, r6}, 0x10) r7 = accept4(r5, 0x0, &(0x7f0000000000), 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000100), 0x0) r8 = syz_genetlink_get_family_id$nbd(&(0x7f0000000740)='nbd\x00') sendmsg$NBD_CMD_STATUS(r4, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)={0x20, r8, 0x20, 0x70bd27, 0x25dfdbfd, {}, [@NBD_ATTR_TIMEOUT={0xc, 0x4, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x4000) sendto$unix(r7, &(0x7f0000000400), 0xfffffffffffffef8, 0x0, 0x0, 0x22) bind$bt_l2cap(r2, &(0x7f0000000280)={0x1f, 0x1000, {0x2, 0x8, 0x9, 0xff, 0x40, 0x65f}, 0x5, 0xa1}, 0xe) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000200)={r3, &(0x7f0000000140)="b127e17bb4729bdbe9df3309c28cfe1b0b69a52b7f9659d9f5e15f2d086700eb94d66d46780f09e48850970774d57053aa6f75", 0x0, 0x1}, 0x20) socket$alg(0x26, 0x5, 0x0) recvmmsg(r7, &(0x7f0000009140)=[{{&(0x7f0000001580)=@in={0x2, 0x0, @dev}, 0x80, &(0x7f0000004840)=[{&(0x7f0000003840)=""/4096, 0x6}, {&(0x7f0000001600)=""/129, 0x7fffeffa}], 0x2, &(0x7f00000048c0)=""/58, 0x3a}}], 0x1, 0x0, &(0x7f0000009340)={0x0, 0x989680}) ioctl$sock_SIOCBRDELBR(r4, 0x89a1, &(0x7f0000000180)='bcsf0\x00\x00\x00\x00\x00\x00\x00\x11\x00') getsockopt$bt_rfcomm_RFCOMM_LM(r3, 0x12, 0x3, &(0x7f0000000380), &(0x7f0000000240)=0x293) sendmsg$nl_xfrm(r0, &(0x7f0000000100)={&(0x7f0000f4dff4), 0xc, &(0x7f0000000040)={&(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000c011100"], 0x1}}, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000600)={'bridge0\x00'}) 03:44:17 executing program 1: pipe(&(0x7f0000000480)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = socket$inet6(0xa, 0x3, 0x3c) write$binfmt_elf64(r1, &(0x7f00000000c0)=ANY=[@ANYBLOB='{'], 0x1) connect$inet6(r3, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast2, 0xa}, 0x1c) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, 0x0, 0x0) splice(r0, 0x0, r2, 0x0, 0xe212, 0x0) 03:44:17 executing program 2: syz_mount_image$msdos(&(0x7f0000000500)='msdos\x00', &(0x7f0000000340)='./file0\x00', 0xe800, 0x1, &(0x7f0000000540)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x18, 0x0) r0 = syz_open_dev$amidi(0x0, 0x1, 0x492440) ioctl$DRM_IOCTL_ADD_MAP(r0, 0xc0286415, &(0x7f00000001c0)={0x0, 0x80000000, 0x5, 0x81, &(0x7f0000012000/0x3000)=nil, 0x1}) mkdirat$cgroup(r0, &(0x7f0000000180)='syz1\x00', 0x1ff) open(&(0x7f0000000380)='./file0\x00', 0x40, 0x0) execve(0x0, 0x0, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = open(&(0x7f0000000800)='./file0\x00', 0x0, 0x0) fchdir(r2) r3 = open(&(0x7f0000000100)='./file0\x00', 0x141042, 0x10) write$UHID_INPUT(r3, &(0x7f00000019c0)={0x8, "7c70ee3800d5ab5f2036f872e0ac57cbd592bca0d671633f50a3102066d6e765f5a64731e3fb8d90d250eda2cc33b60a7ff98074cdc3f1dd1a2df26a381d95974e0925d521c6b48c3dee0d430d398884316091aff6adb6153dc3c92549957d3488efc02d6f6fb172524b095c30c1bd35aae04236bdd42694d613eb54c0b65a338c48dc4c8bad70754fc81d9928e4a1b81f9c77075258a0805b4494867247966b24a023311fd91ef3754b98d3acde6f2ef0617f123c22fccb81c11389fdfa2e21c2365aabfc8916e02151d8643ae21cab7fcbec6142186d3bb57546c106484bc4c28a48da2b75dd82aabe99464558e60cd101f6b65856fabee614d271741a68dd550c8772f06a93cf8e5c0de549c3b75a72f8a590bd50b2af5f64009c969ed7596f0192b0f98b1afac0e8c5f4c653f611b4a71776400a9ae3f18e75f856788c97195749042510735880b9bb0ccb23210832a4f1c6f134d68f8e299837c426e0c9a45d5d2c959446cc363f370c67cd01a063c91254d692fe35abee92fabda4f66d93228c979ebe036c5c2e0028ec76562d67d0919ca28258fec0ed60603142b5c57c4cfb1ea1e892d0fd2f33970142b179c415d6bea344fbcc82d133052e848a885160737c69eb02ca9f544831c8e3ffcf40cb7b415d24795fc8aaeb8e76bec262aea5e28fe5d6495c4b5895a612b1cc2122286add66356f3ecd309f970634f1b09da1507964d35575167317f13c7fd9f11af27ceea86e9a5b3494a27ba98ba38dd1fb72ef2c6163664fd8f7c946935cd4833121f505ff277c03d959d9a12f3389e9eb6701a8b29f72c20c6abb7bd8349dd2e120bdd59dca9f1a2a877f1677b59d7920ddf29b9d94f7c6879b78e31cf1b65b60fe349ef9d4976f46609ee34e33f647aafbf64f6323d18598905f2e73af75661397595b8f9c1e9a4e993946820da5378ca5b363560e95edce316e99bac6e6250efcf1cb58fdcf94c7557c2d7f763a688543462d54b64e178c2e64c6ebba356894973051907fd8de8ba908e822168b171c1707efcd9ac827e64313721876e2ff26ac34e88557a4a0dfde08eda81cf0c1465a89b68429e48966044c767563e1121db48c9b619fd7362afd15ec6aa19b28759d7977be4fbcad0cf8dd5dc5362259bd5cb5089a9d18db969afe1192571f5fcc0c4d6be281d23b9c1f9f32873c058adfa1bf57a3718686957edfd6e4b58aa959541127696d59fb2810d042ced227961eb19a424e4cf45bc6243217bb7561b7ee11f8c0b8f39480343a26f2da5fe79d5e213c01ea47155ffa91e7d7ba0bc8ccb018bd69cfe71dd8565a645d678b404a295397e83ae69dbf8505f6947a836b44823a92861124330fccd4bc4a2e20d9047bd919d82c89623caa87eb09bd584d58f42b35ef55fddc06dfb3957f3f507e5ca9b8b98947cc5bb68846755527ddf32ffa444e1c7a5654d4d377e04a9f22e1069804fdcdb251acb6bd6b32d100feb44286991d779d2b3e2b7f5cc5f8eb3ae166a3b6fb9df11e1867989a6f9b2028e4c73b4d418b51f6e870713cadafddb47a48c9a97283da214f02db3326d42438d9a7db580693ad1887f99d86bb5fafd6d07c2647fc80c2c5a1ed9ea3b95be65ca422080ddefca5b49ccd538f6bc67390f892d9e416f7e835f76dd90edc56256348d20560caeea05c0922cab60dbf0b57ddaaed6ded5a336e01485fd571dc12050461271cee347c31ac245bfee9128630dfcc43b6d88b5ba9937a6f6ab70b7d256784ff72297cfcfd0ffacd09b55fb832bf60f04d87c48c74972b9f18fa178ce4880b025d1c1097ddb929e8f7e02f1c0e03012bec0fa61a49eb1c2a50a45fc0d98b6649de325184006938e421321e8b366649d9b6ebadf77509c9d48844e80f7752fd7daaa5c938b946feaaac0d871203270a747035c7e2f697c84e792a55cbce76c0a25360f7acbeaab60627aa9c37064af75b67f46732844eb2f6b37226004afe451a9fbfbbcf7e72ade67b017e9209b5627fbe16789abd90326751a1fd1d93efc59f2650f979ba71938d784064922bee2874c4b76d5f26e39ea0a98cf175950137feff9456c88c6a295830183fae3a9c2312c25f3d81708d73488d15a587e7e7cdde3b77917eef29c8b5965c916a65c3c5a53b7313c3115d0a8bb4e16f6b80ff6f78adb756aba94ced86047562a2cd2fb25e9a4656f6359c3f2fde8b5ab38852853cbd7221cb4d59b7f0e79bd37f9ade073f62b75edbe63c13c0d02bf076d88f5b750ea640aad47ce97d6a0783398dd3fbb63734ed969470cf45200235650532224fc28caf1e36ca6b402ec4c978add40fc59f2113485875682139f8aa9aeb48d09178de919370b0cd0ebcab5e60e1b0a2fc153db0dae8e50b48561622a677d0f1afc149676f832e016e14007fb298dcb96f11a92a1ac8bd4cc7b34d659d6cd2c9817b586585e72080255b083bc84512277ffb7f561c6a7a08cd128bfe9b525da531f0bf04f11d3de102b3538835807ac0b2f4325fc6765d02d692ec82f5b338c8257029136fcd3427c09874ecc7492becdd6608eac4adf1abc3f7e08868a72e57ce4dcfc288a25af73d19f1118a9254963c1548cdca5fc7c921a7f218f8e71edd7969dfb35beae1091d7530e32236397fa9fcd232b441ff1b0177829468c198d659d247ccca4fbd58c625501e4368075d0e5e69a6f90952f5bbe48e85a303131dedf7f1a513b291598a545784e1013521877c25d6069d3a855652a4bad5b2df2e4da2de756a20e790b756dd2925ce824561e5892b5e064c7c7b996acc4e29597e0cd00956e9c57ec374714f846be7632d3075e38bead499163498810886c78a2cc73fb64fd48e186083ce911e0751b4dc63476859c2824fa532a4b1711c244619e702eeab19380aeb7b17f67fade3dcad8ddddd893a526cd5d04d8ae982c88029ec71bdd0772fd74adbdb378fc204ca411a2d8a50331516a28552be78f9725f32d1b3a6c7bdf3277c5f7e385c7ebbacc419ec7ca3c5b8f46dbefee59b6422a6b22d60527edc012f852077d925619874f7709f283e01678fed36528003a696ee431a817f34f453c143dc56b70e1f810a5380a555cc8c4fc6522ab544ce5d715caa302ebdd0aa8286b7ef5dd6dd48a8ad9566818f7509daf02db0b98b432f57f1d107ee95a86228728cab4062e27922381e1e2ee351af5e2ea0fd6d1cea70b3b8f4a50f0776fc9aa2a7d2dff6e1ea3769864104f09137b99960b69af13895d842649eacaed8ddf183beba3323640af8deb52b902c0974d685d19fc87c93eb80ad5d28e54363705ad39231d989522e94f000256bc8d93af138a45d67dad3e21fa9fb31d9327c6e71f61956d9daf4f97333112704136d3d1bf6fe0e4c002e10b684d2344300ec70fae0b50532ebace58f0e8318354a172cceacf27d01ff41cc8fef42443f62b0e15b5fcc0728630b96fb2c2b59634f4993bb1ce2eace6fb0f53e5f84bc5f58b1b66d59e3c75a98670496f105a703607211aa9e882e72f13e9fe07f0767ad4e5ac5c732b65301d8ceab36b5ff2f71958fb1b51d2e703ac506e68d4026160fd3f60440b8b8f554f1feeba5d53f71cbe60d143620f8fa779acb94c965b729207a5ab11f4a51b694c31606171da44a28d80cde296dff5724ff718d6377eb8534e616cff39af943ee4ce87b4fadded30c702d370a71072ab3e20f19b8c1b73fdbbb9c675352bb73ee85e22597fc0c439a33f5febe1629bd084af7193f8d1a1415b02ca54706711505cbae11ec6411b012cc3a3eddcfb002901b6e7565b9fbf4d605c147031888ceb590c14697d00970ce9095c6f7fee41ec6a15d7ef52dfedfff2a0d3dbb387b61232aee6ca202787038021e6aabda18e2adf6fd89aa491e65f9813d73412fbfff089752d713d7efa690ec4fc254b56908d3057f65997acf81aea589e272f8fa852849e488f1e0c0cb6cdb5f46ca92e36d39224e704850056d2e9b91909aed0f55d054e274415ecc39b8958335a14cfb0a42d7f26ef8e82592dfd03b3550b5193fba077994c682951968869574fd94976760d9bd9b334353eeda836cc8dab244e72095cc46833f02bb2f6df35601b3085664261abb67fc9ab9f27210e6827cd15ce16c55f0f7f5b8ab401f24032b19a53a9299b62ebf4a8cf7f4753d95126f008a8ce349036666de66bcaf40b27fa875efa98873e1ef9302e2a24bfe07bd1054bdf9ba9ad1b1075402f26d682833b947c762513ba5f07537bb712473184a60e04ace5adb8d982d6153b011ae0b2034adc0ff4a64e2c6561c2e0840cdab2120bc916cde9b7a92c4d332d0f83945fe55e3c8f4d93f22e7759c20241d92cca0ae5a3d06a127e5614df708cea1ad3b2f231c81460ff4c3f349c67a87135a4b67589ffce311832923f71796276e81f0537e265404c0ee06d5ed98a5ec5f8ad62db589eb585fc4627173b51fd4e897a3e8d2acbb82ec2996ac3a6823368a1e12a0536a9d1a7b2d31d80c46c292ff51395481d4f65c53fab867e27bec9156ee189d245d94877a1405dc9e1e996822ad47071a9ab36c9bfd02c41ea5ba21591793053b1b64758bae0addfcd69d169849bc1ee6ce5c08f0d3da5ecc1b6ab31e13af2fa5ce4d921163270901264a88ac6350e8fb6371663dd04146932238597258b123a8036250c190fbb3cfc6ebbf9e06c4a9053e8332c95c91a890a3d35ddd35f47e7ab606f3e345e12560e6d52243883da7b8910834042ad12e7fb3f08a0b14ef6aee22251999e6079be2ef5666d7d5ae00d161720262761da3f378c63cb151f4e94d034e9de949dfe796b905804ca555691023c30ea7cf0cb276e1e3ba65793291f8287d1064606bf5787421b9b9bfc05e9c5eac750de92519fe9e2592cd34a2ef6ec18efed5e7c13bfcfce47327cbecac358bbe6d44164849308cf91cd5ea87fa4b02ba4939e28141c7dad42714b019470d91808a8f46150677b6c90f267ecb39ef42afc95de0cbd016775c89d8213ec9d4e061e6493f237296f91abfc64176c0e885ef54af4136a724fadfe89a25d7599998acebc4a27f8fb5b26936bda5c3d5fec3373dcd9a0e99fc939641c50669adc54119582e8835575d1c57fa955cd29d870360620f91c3ff90d264013816352317ae226f7d7bad5db711f8973382f6cebd63cd519ddd08e1772649be75f64f4acc15f828dc0b305584b6dd2213194603c44e2964358d305aa97fb08568a0a955ad7a6f8d042754b4bbf2fb3414052719fd9841bef8360d1d3195c69414be882115c2c64fecdcbdaed3a2e943fdfef9a13520e41d32a787bcfe4f61e2b378d35aa70784a772cf8ebcaaeb105e4627516db2ababfcb8c11f224c3a48c86160d34d0ee59f02c31648ae4b0309b378f0bf63266967dcfb4f1cc1902f613c6d0d48915a9cf28a52b106544cde1b38ff2e2a1275fd0d3899ce7f7c6653c9017f7ac4aaa35bcb2811a8f9dbb56746b45475350e7c13d42abb5692377da7a4045ee644ce00f8699e3251d75621c82cd659ea3add277affe3ff792f7d24a3d0979ef82cfc0d409697ae2e8598854a8327f46974c901d309dc6dbe31913c59d821aa50c0fe95cc822e8f07bbb00e9a09bc9a570b9778d29308740bc336a41258d209c206f87a709aa43415da0096f7d177e509a7d625645fb098ccc45367d82235e952670ac5f82f8ced3f59fd9ee20ac75be609cc832417e807ddc40630cba4c91e0785edcb5f20b9e6dedb1ec172cd16fc034f410e9ce375ea855144aa3076317f649cf4efe4d7abf244984c4e", 0x1006f}, 0x1006) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r3, r3, &(0x7f00000000c0)=0xec, 0x8080ffffff06) 03:44:17 executing program 0: clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x1) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x20000000, 0xd0}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0xffffffffffffffff, r0, 0x0, 0x0) 03:44:17 executing program 3: clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$packet_buf(0xffffffffffffffff, 0x107, 0x0, &(0x7f0000000080)="df6c51c7bf5f8a4d8643869e4ccb891cdfcdf8426b0192fdaceef8985d539aa3ca359c284afc", 0x26) ioctl$sock_inet_SIOCSIFBRDADDR(0xffffffffffffffff, 0x891a, &(0x7f00000000c0)={'ip6_vth0\x00', {0x2, 0x0, @multicast2}}) setsockopt$inet6_buf(r0, 0x29, 0x80000000000040, &(0x7f0000000080), 0x0) 03:44:17 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000002640)={0x26, 'aead\x00', 0x0, 0x0, 'rfc7539(cfb(twofish),rmd128-generic)\x00'}, 0x58) bind$alg(r0, &(0x7f0000000000)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_ctr_aes256\x00'}, 0x58) [ 1351.022873][ T26] audit: type=1804 audit(2000000657.449:2577): pid=10217 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/file0/root/syzkaller-testdir076744696/syzkaller.QvoDtN/2432/file0" dev="sda1" ino=17668 res=1 03:44:17 executing program 1: r0 = socket$inet(0x2, 0x80001, 0x84) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000000)={0x0, 0xfffffffffffffffc}, 0x8) sendmsg(r0, &(0x7f000001afc8)={&(0x7f0000006000)=@in={0x2, 0x4e20, @loopback}, 0x80, &(0x7f0000007f80)=[{&(0x7f00000001c0)='*', 0x1}], 0x1}, 0x0) 03:44:17 executing program 3: clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$packet_buf(0xffffffffffffffff, 0x107, 0x0, &(0x7f0000000080)="df6c51c7bf5f8a4d8643869e4ccb891cdfcdf8426b0192fdaceef8985d539aa3ca359c284afc17", 0x27) ioctl$sock_inet_SIOCSIFBRDADDR(0xffffffffffffffff, 0x891a, 0x0) setsockopt$inet6_buf(r0, 0x29, 0x80000000000040, &(0x7f0000000080), 0x0) 03:44:17 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000002640)={0x26, 'aead\x00', 0x0, 0x0, 'rfc7539(cfb(twofish),rmd128-generic)\x00'}, 0x58) bind$alg(r0, &(0x7f0000000000)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_ctr_aes256\x00'}, 0x58) 03:44:17 executing program 3: clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$packet_buf(0xffffffffffffffff, 0x107, 0x0, &(0x7f0000000080)="df6c51c7bf5f8a4d8643869e4ccb891cdfcdf8426b0192fdaceef8985d539aa3ca359c284afc17", 0x27) ioctl$sock_inet_SIOCSIFBRDADDR(0xffffffffffffffff, 0x891a, 0x0) setsockopt$inet6_buf(r0, 0x29, 0x80000000000040, &(0x7f0000000080), 0x0) 03:44:17 executing program 3: clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$packet_buf(0xffffffffffffffff, 0x107, 0x0, &(0x7f0000000080)="df6c51c7bf5f8a4d8643869e4ccb891cdfcdf8426b0192fdaceef8985d539aa3ca359c284afc17", 0x27) ioctl$sock_inet_SIOCSIFBRDADDR(0xffffffffffffffff, 0x891a, 0x0) setsockopt$inet6_buf(r0, 0x29, 0x80000000000040, &(0x7f0000000080), 0x0) 03:44:17 executing program 1: r0 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e23}, 0x1c) listen(r0, 0x1fff) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6b, &(0x7f000055bfe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r1, 0x84, 0x1f, &(0x7f0000000040)={0x0, @in6={{0xa, 0x4e23, 0x0, @local, 0x1}}}, 0x0) [ 1351.441438][ C1] net_ratelimit: 16 callbacks suppressed [ 1351.441447][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1351.453363][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1351.530657][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1351.536494][ C0] protocol 88fb is buggy, dev hsr_slave_1 03:44:18 executing program 5: socket$inet_sctp(0x2, 0x5, 0x84) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f00000003c0)=ANY=[@ANYBLOB="7cdaf117ad949c33f5436f8e61287af40e63e6559df00e1c92e3892c4c1cde1e61dc755864675bb0084e5e8ed007ed531d2e2cbd9c775f9e6d807d11e9e6c7c1"], 0x0) r1 = socket(0xa, 0x3, 0x5) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'bridge0\x00\x00\x01\x00'}) setsockopt$ARPT_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x0, 0x61, &(0x7f0000000080)={'filter\x00', 0x4}, 0x68) setsockopt$inet6_mtu(r1, 0x29, 0x17, &(0x7f00000001c0)=0x2, 0x4) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8923, &(0x7f0000000040)={'bridge0\x00', 0xfffffffffffffffd}) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) socket$inet(0x2, 0x4000000000000001, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCBRADDBR(r4, 0x89a0, &(0x7f00000000c0)='bcsf0\x00') setsockopt$inet6_mtu(r3, 0x29, 0x17, &(0x7f00000002c0)=0x7, 0x4) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(tnepres)\x00'}, 0x58) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r2, 0x84, 0x7c, &(0x7f0000000680)={0x0, 0x4}, &(0x7f00000006c0)=0x8) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f0000000700)={0x0, 0x0, 0x2, 0x1, r6}, 0x10) r7 = accept4(r5, 0x0, &(0x7f0000000000), 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000100), 0x0) r8 = syz_genetlink_get_family_id$nbd(&(0x7f0000000740)='nbd\x00') sendmsg$NBD_CMD_STATUS(r4, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)={0x20, r8, 0x20, 0x70bd27, 0x25dfdbfd, {}, [@NBD_ATTR_TIMEOUT={0xc, 0x4, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x4000) sendto$unix(r7, &(0x7f0000000400), 0xfffffffffffffef8, 0x0, 0x0, 0x22) bind$bt_l2cap(r2, &(0x7f0000000280)={0x1f, 0x1000, {0x2, 0x8, 0x9, 0xff, 0x40, 0x65f}, 0x5, 0xa1}, 0xe) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000200)={r3, &(0x7f0000000140)="b127e17bb4729bdbe9df3309c28cfe1b0b69a52b7f9659d9f5e15f2d086700eb94d66d46780f09e48850970774d57053aa6f75", 0x0, 0x1}, 0x20) socket$alg(0x26, 0x5, 0x0) recvmmsg(r7, &(0x7f0000009140)=[{{&(0x7f0000001580)=@in={0x2, 0x0, @dev}, 0x80, &(0x7f0000004840)=[{&(0x7f0000003840)=""/4096, 0x6}, {&(0x7f0000001600)=""/129, 0x7fffeffa}], 0x2, &(0x7f00000048c0)=""/58, 0x3a}}], 0x1, 0x0, &(0x7f0000009340)={0x0, 0x989680}) ioctl$sock_SIOCBRDELBR(r4, 0x89a1, &(0x7f0000000180)='bcsf0\x00\x00\x00\x00\x00\x00\x00\x11\x00') getsockopt$bt_rfcomm_RFCOMM_LM(r3, 0x12, 0x3, &(0x7f0000000380), &(0x7f0000000240)=0x293) sendmsg$nl_xfrm(r0, &(0x7f0000000100)={&(0x7f0000f4dff4), 0xc, &(0x7f0000000040)={&(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000c011100"], 0x1}}, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000600)={'bridge0\x00'}) 03:44:18 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c12a41d88b070") r1 = socket$inet(0x10, 0x20000000000002, 0x0) pipe(0x0) sendmsg(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000140)="240000001e00075a1dfffd946f610500070000001f00000000000400080005000400ff7e280000001100ffffba16a0aa1c0900000000000012000000000000eff24d8238cfa47e23f7efbf54", 0x4c}], 0x1}, 0x0) 03:44:18 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151) connect$inet6(r1, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000140)=[@sack_perm, @sack_perm={0x2}, @timestamp], 0x11cc51) getsockopt$inet6_tcp_buf(r1, 0x6, 0x1c, 0x0, &(0x7f00000001c0)) accept(r1, 0x0, 0x0) [ 1351.797581][T10251] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 1351.833421][T10251] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 1352.320676][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1352.326566][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1352.332435][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1352.338180][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1352.344020][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1352.349771][ C1] protocol 88fb is buggy, dev hsr_slave_1 03:44:20 executing program 0: clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x1) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x20000000, 0xd0}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, 0x0, 0x0, 0x0) 03:44:20 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_ctr_aes256\x00'}, 0x58) 03:44:20 executing program 3: clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socket$inet6(0xa, 0x1, 0x0) setsockopt$packet_buf(0xffffffffffffffff, 0x107, 0x0, &(0x7f0000000080)="df6c51c7bf5f8a4d8643869e4ccb891cdfcdf8426b0192fdaceef8985d539aa3ca359c284afc17", 0x27) ioctl$sock_inet_SIOCSIFBRDADDR(0xffffffffffffffff, 0x891a, &(0x7f00000000c0)={'ip6_vth0\x00', {0x2, 0x0, @multicast2}}) setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x80000000000040, &(0x7f0000000080), 0x0) 03:44:20 executing program 1: perf_event_open(&(0x7f0000000580)={0x2, 0x70, 0x5c62, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x7ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit(0x0) ioprio_set$pid(0x2, 0x0, 0x0) 03:44:20 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151) connect$inet6(r1, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000140)=[@sack_perm, @sack_perm={0x2}, @timestamp], 0x11cc51) getsockopt$inet6_tcp_buf(r1, 0x6, 0x1c, 0x0, &(0x7f00000001c0)) accept(r1, 0x0, 0x0) 03:44:20 executing program 5: socket$inet_sctp(0x2, 0x5, 0x84) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f00000003c0)=ANY=[@ANYBLOB="7cdaf117ad949c33f5436f8e61287af40e63e6559df00e1c92e3892c4c1cde1e61dc755864675bb0084e5e8ed007ed531d2e2cbd9c775f9e6d807d11e9e6c7c1"], 0x0) r1 = socket(0xa, 0x3, 0x5) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'bridge0\x00\x00\x01\x00'}) setsockopt$ARPT_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x0, 0x61, &(0x7f0000000080)={'filter\x00', 0x4}, 0x68) setsockopt$inet6_mtu(r1, 0x29, 0x17, &(0x7f00000001c0)=0x2, 0x4) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8923, &(0x7f0000000040)={'bridge0\x00', 0xfffffffffffffffd}) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) socket$inet(0x2, 0x4000000000000001, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCBRADDBR(r4, 0x89a0, &(0x7f00000000c0)='bcsf0\x00') setsockopt$inet6_mtu(r3, 0x29, 0x17, &(0x7f00000002c0)=0x7, 0x4) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(tnepres)\x00'}, 0x58) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r2, 0x84, 0x7c, &(0x7f0000000680)={0x0, 0x4}, &(0x7f00000006c0)=0x8) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f0000000700)={0x0, 0x0, 0x2, 0x1, r6}, 0x10) r7 = accept4(r5, 0x0, &(0x7f0000000000), 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000100), 0x0) r8 = syz_genetlink_get_family_id$nbd(&(0x7f0000000740)='nbd\x00') sendmsg$NBD_CMD_STATUS(r4, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)={0x20, r8, 0x20, 0x70bd27, 0x25dfdbfd, {}, [@NBD_ATTR_TIMEOUT={0xc, 0x4, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x4000) sendto$unix(r7, &(0x7f0000000400), 0xfffffffffffffef8, 0x0, 0x0, 0x22) bind$bt_l2cap(r2, &(0x7f0000000280)={0x1f, 0x1000, {0x2, 0x8, 0x9, 0xff, 0x40, 0x65f}, 0x5, 0xa1}, 0xe) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000200)={r3, &(0x7f0000000140)="b127e17bb4729bdbe9df3309c28cfe1b0b69a52b7f9659d9f5e15f2d086700eb94d66d46780f09e48850970774d57053aa6f75", 0x0, 0x1}, 0x20) socket$alg(0x26, 0x5, 0x0) recvmmsg(r7, &(0x7f0000009140)=[{{&(0x7f0000001580)=@in={0x2, 0x0, @dev}, 0x80, &(0x7f0000004840)=[{&(0x7f0000003840)=""/4096, 0x6}, {&(0x7f0000001600)=""/129, 0x7fffeffa}], 0x2, &(0x7f00000048c0)=""/58, 0x3a}}], 0x1, 0x0, &(0x7f0000009340)={0x0, 0x989680}) ioctl$sock_SIOCBRDELBR(r4, 0x89a1, &(0x7f0000000180)='bcsf0\x00\x00\x00\x00\x00\x00\x00\x11\x00') getsockopt$bt_rfcomm_RFCOMM_LM(r3, 0x12, 0x3, &(0x7f0000000380), &(0x7f0000000240)=0x293) sendmsg$nl_xfrm(r0, &(0x7f0000000100)={&(0x7f0000f4dff4), 0xc, &(0x7f0000000040)={&(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000c011100"], 0x1}}, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000600)={'bridge0\x00'}) 03:44:20 executing program 3: clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socket$inet6(0xa, 0x1, 0x0) setsockopt$packet_buf(0xffffffffffffffff, 0x107, 0x0, &(0x7f0000000080)="df6c51c7bf5f8a4d8643869e4ccb891cdfcdf8426b0192fdaceef8985d539aa3ca359c284afc17", 0x27) ioctl$sock_inet_SIOCSIFBRDADDR(0xffffffffffffffff, 0x891a, &(0x7f00000000c0)={'ip6_vth0\x00', {0x2, 0x0, @multicast2}}) setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x80000000000040, &(0x7f0000000080), 0x0) 03:44:20 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_ctr_aes256\x00'}, 0x58) 03:44:20 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151) connect$inet6(r1, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000140)=[@sack_perm, @sack_perm={0x2}, @timestamp], 0x11cc51) getsockopt$inet6_tcp_buf(r1, 0x6, 0x1c, 0x0, &(0x7f00000001c0)) accept(r1, 0x0, 0x0) 03:44:20 executing program 3: clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socket$inet6(0xa, 0x1, 0x0) setsockopt$packet_buf(0xffffffffffffffff, 0x107, 0x0, &(0x7f0000000080)="df6c51c7bf5f8a4d8643869e4ccb891cdfcdf8426b0192fdaceef8985d539aa3ca359c284afc17", 0x27) ioctl$sock_inet_SIOCSIFBRDADDR(0xffffffffffffffff, 0x891a, &(0x7f00000000c0)={'ip6_vth0\x00', {0x2, 0x0, @multicast2}}) setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x80000000000040, &(0x7f0000000080), 0x0) 03:44:20 executing program 3: clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$packet_buf(0xffffffffffffffff, 0x107, 0x0, &(0x7f0000000080)="df6c51c7bf5f8a4d8643869e4ccb891cdfcdf8426b0192fdaceef8985d539aa3ca359c284afc17", 0x27) ioctl$sock_inet_SIOCSIFBRDADDR(0xffffffffffffffff, 0x891a, &(0x7f00000000c0)={'ip6_vth0\x00', {0x2, 0x0, @multicast2}}) setsockopt$inet6_buf(r0, 0x29, 0x0, &(0x7f0000000080), 0x0) 03:44:20 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_ctr_aes256\x00'}, 0x58) [ 1356.480681][ C1] net_ratelimit: 14 callbacks suppressed [ 1356.480691][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1356.492189][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1356.497991][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1356.503787][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1356.509652][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1356.515453][ C1] protocol 88fb is buggy, dev hsr_slave_1 03:44:23 executing program 0: clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x1) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x20000000, 0xd0}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, 0x0, 0x0, 0x0) 03:44:23 executing program 3: clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$packet_buf(0xffffffffffffffff, 0x107, 0x0, &(0x7f0000000080)="df6c51c7bf5f8a4d8643869e4ccb891cdfcdf8426b0192fdaceef8985d539aa3ca359c284afc17", 0x27) ioctl$sock_inet_SIOCSIFBRDADDR(0xffffffffffffffff, 0x891a, &(0x7f00000000c0)={'ip6_vth0\x00', {0x2, 0x0, @multicast2}}) setsockopt$inet6_buf(r0, 0x29, 0x0, &(0x7f0000000080), 0x0) 03:44:23 executing program 4: bind$alg(0xffffffffffffffff, &(0x7f0000002640)={0x26, 'aead\x00', 0x0, 0x0, 'rfc7539(cfb(twofish),rmd128-generic)\x00'}, 0x58) bind$alg(0xffffffffffffffff, &(0x7f0000000000)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_ctr_aes256\x00'}, 0x58) 03:44:23 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151) connect$inet6(r1, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000140)=[@sack_perm, @sack_perm={0x2}, @timestamp], 0x11cc51) getsockopt$inet6_tcp_buf(r1, 0x6, 0x1c, 0x0, &(0x7f00000001c0)) accept(r1, 0x0, 0x0) 03:44:23 executing program 1: r0 = syz_open_dev$vbi(&(0x7f00000000c0)='/dev/vbi#\x00', 0x1, 0x2) ioctl$VIDIOC_ENUMOUTPUT(r0, 0xc0485630, &(0x7f0000000ec0)={0x1, "af44c73af6cc075436523540a7d22845bf271b1f6b6d266f1511db6b7a8fdeba"}) 03:44:23 executing program 5: socket$inet_sctp(0x2, 0x5, 0x84) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f00000003c0)=ANY=[@ANYBLOB="7cdaf117ad949c33f5436f8e61287af40e63e6559df00e1c92e3892c4c1cde1e61dc755864675bb0084e5e8ed007ed531d2e2cbd9c775f9e6d807d11e9e6c7c1"], 0x0) r1 = socket(0xa, 0x3, 0x5) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'bridge0\x00\x00\x01\x00'}) setsockopt$ARPT_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x0, 0x61, &(0x7f0000000080)={'filter\x00', 0x4}, 0x68) setsockopt$inet6_mtu(r1, 0x29, 0x17, &(0x7f00000001c0)=0x2, 0x4) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8923, &(0x7f0000000040)={'bridge0\x00', 0xfffffffffffffffd}) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) socket$inet(0x2, 0x4000000000000001, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCBRADDBR(r4, 0x89a0, &(0x7f00000000c0)='bcsf0\x00') setsockopt$inet6_mtu(r3, 0x29, 0x17, &(0x7f00000002c0)=0x7, 0x4) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(tnepres)\x00'}, 0x58) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r2, 0x84, 0x7c, &(0x7f0000000680)={0x0, 0x4}, &(0x7f00000006c0)=0x8) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f0000000700)={0x0, 0x0, 0x2, 0x1, r6}, 0x10) r7 = accept4(r5, 0x0, &(0x7f0000000000), 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000100), 0x0) r8 = syz_genetlink_get_family_id$nbd(&(0x7f0000000740)='nbd\x00') sendmsg$NBD_CMD_STATUS(r4, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)={0x20, r8, 0x20, 0x70bd27, 0x25dfdbfd, {}, [@NBD_ATTR_TIMEOUT={0xc, 0x4, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x4000) sendto$unix(r7, &(0x7f0000000400), 0xfffffffffffffef8, 0x0, 0x0, 0x22) bind$bt_l2cap(r2, &(0x7f0000000280)={0x1f, 0x1000, {0x2, 0x8, 0x9, 0xff, 0x40, 0x65f}, 0x5, 0xa1}, 0xe) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000200)={r3, &(0x7f0000000140)="b127e17bb4729bdbe9df3309c28cfe1b0b69a52b7f9659d9f5e15f2d086700eb94d66d46780f09e48850970774d57053aa6f75", 0x0, 0x1}, 0x20) socket$alg(0x26, 0x5, 0x0) recvmmsg(r7, &(0x7f0000009140)=[{{&(0x7f0000001580)=@in={0x2, 0x0, @dev}, 0x80, &(0x7f0000004840)=[{&(0x7f0000003840)=""/4096, 0x6}, {&(0x7f0000001600)=""/129, 0x7fffeffa}], 0x2, &(0x7f00000048c0)=""/58, 0x3a}}], 0x1, 0x0, &(0x7f0000009340)={0x0, 0x989680}) ioctl$sock_SIOCBRDELBR(r4, 0x89a1, &(0x7f0000000180)='bcsf0\x00\x00\x00\x00\x00\x00\x00\x11\x00') getsockopt$bt_rfcomm_RFCOMM_LM(r3, 0x12, 0x3, &(0x7f0000000380), &(0x7f0000000240)=0x293) sendmsg$nl_xfrm(r0, &(0x7f0000000100)={&(0x7f0000f4dff4), 0xc, &(0x7f0000000040)={&(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000c011100"], 0x1}}, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000600)={'bridge0\x00'}) 03:44:23 executing program 4: bind$alg(0xffffffffffffffff, &(0x7f0000002640)={0x26, 'aead\x00', 0x0, 0x0, 'rfc7539(cfb(twofish),rmd128-generic)\x00'}, 0x58) bind$alg(0xffffffffffffffff, &(0x7f0000000000)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_ctr_aes256\x00'}, 0x58) 03:44:23 executing program 3: clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$packet_buf(0xffffffffffffffff, 0x107, 0x0, &(0x7f0000000080)="df6c51c7bf5f8a4d8643869e4ccb891cdfcdf8426b0192fdaceef8985d539aa3ca359c284afc17", 0x27) ioctl$sock_inet_SIOCSIFBRDADDR(0xffffffffffffffff, 0x891a, &(0x7f00000000c0)={'ip6_vth0\x00', {0x2, 0x0, @multicast2}}) setsockopt$inet6_buf(r0, 0x29, 0x0, &(0x7f0000000080), 0x0) 03:44:23 executing program 0: clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x1) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x20000000, 0xd0}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, 0x0, 0x0, 0x0) 03:44:23 executing program 1: perf_event_open(&(0x7f0000000580)={0x2, 0x70, 0x5c61, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_opts(r0, 0x29, 0x37, &(0x7f0000000180)=@fragment, 0x8) connect$inet6(r0, &(0x7f000000cfe4)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendmsg(r0, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) 03:44:23 executing program 3: clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$packet_buf(0xffffffffffffffff, 0x107, 0x0, &(0x7f0000000080)="df6c51c7bf5f8a4d8643869e4ccb891cdfcdf8426b0192fdaceef8985d539aa3ca359c284afc17", 0x27) ioctl$sock_inet_SIOCSIFBRDADDR(0xffffffffffffffff, 0x891a, &(0x7f00000000c0)={'ip6_vth0\x00', {0x2, 0x0, @multicast2}}) setsockopt$inet6_buf(r0, 0x29, 0x80000000000040, 0x0, 0x0) 03:44:23 executing program 4: bind$alg(0xffffffffffffffff, &(0x7f0000002640)={0x26, 'aead\x00', 0x0, 0x0, 'rfc7539(cfb(twofish),rmd128-generic)\x00'}, 0x58) bind$alg(0xffffffffffffffff, &(0x7f0000000000)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_ctr_aes256\x00'}, 0x58) 03:44:23 executing program 1: setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=@allocspi={0xf8, 0x16, 0x31d, 0x0, 0x0, {{{@in6, @in6=@ipv4={[], [], @multicast2}}, {@in6, 0x0, 0x33}, @in, {}, {}, {}, 0x70bd26}, 0x0, 0xfff}}, 0xf8}}, 0x0) 03:44:23 executing program 3: clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$packet_buf(0xffffffffffffffff, 0x107, 0x0, &(0x7f0000000080)="df6c51c7bf5f8a4d8643869e4ccb891cdfcdf8426b0192fdaceef8985d539aa3ca359c284afc17", 0x27) ioctl$sock_inet_SIOCSIFBRDADDR(0xffffffffffffffff, 0x891a, &(0x7f00000000c0)={'ip6_vth0\x00', {0x2, 0x0, @multicast2}}) setsockopt$inet6_buf(r0, 0x29, 0x80000000000040, 0x0, 0x0) 03:44:23 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000002640)={0x26, 'aead\x00', 0x0, 0x0, 'rfc7539(cfb(twofish),rmd128-generic)\x00'}, 0x58) bind$alg(r0, &(0x7f0000000000)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_ctr_aes256\x00'}, 0x58) [ 1357.563988][T10349] [ 1357.566460][T10349] ============================= [ 1357.591756][T10349] WARNING: suspicious RCU usage [ 1357.596899][T10349] 5.1.0-rc1-next-20190319 #6 Not tainted [ 1357.617760][T10349] ----------------------------- [ 1357.649389][T10349] net/xfrm/xfrm_user.c:1080 suspicious rcu_dereference_check() usage! [ 1357.657857][T10349] [ 1357.657857][T10349] other info that might help us debug this: [ 1357.657857][T10349] [ 1357.676772][T10349] [ 1357.676772][T10349] rcu_scheduler_active = 2, debug_locks = 1 [ 1357.685272][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1357.685430][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1357.698432][T10349] 1 lock held by syz-executor.1/10349: [ 1357.704613][T10349] #0: 0000000057c62ef8 (&net->xfrm.xfrm_cfg_mutex){+.+.}, at: xfrm_netlink_rcv+0x61/0x90 [ 1357.715127][T10349] [ 1357.715127][T10349] stack backtrace: [ 1357.722172][T10349] CPU: 1 PID: 10349 Comm: syz-executor.1 Not tainted 5.1.0-rc1-next-20190319 #6 [ 1357.731284][T10349] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1357.741339][T10349] Call Trace: [ 1357.744644][T10349] dump_stack+0x172/0x1f0 [ 1357.749007][T10349] lockdep_rcu_suspicious+0x153/0x15d [ 1357.754424][T10349] xfrm_alloc_userspi+0x7d5/0xa80 [ 1357.759477][T10349] ? xfrm_state_netlink+0x140/0x140 [ 1357.764803][T10349] ? nla_parse+0x45/0x60 [ 1357.769067][T10349] ? xfrm_state_netlink+0x140/0x140 [ 1357.774275][T10349] xfrm_user_rcv_msg+0x458/0x770 [ 1357.779225][T10349] ? xfrm_dump_sa_done+0xf0/0xf0 [ 1357.784182][T10349] ? mark_held_locks+0xf0/0xf0 [ 1357.788967][T10349] ? perf_trace_lock+0x510/0x510 [ 1357.793953][T10349] ? __mutex_lock+0x3cd/0x1310 [ 1357.798750][T10349] ? xfrm_netlink_rcv+0x61/0x90 [ 1357.803696][T10349] netlink_rcv_skb+0x17a/0x460 [ 1357.808482][T10349] ? xfrm_dump_sa_done+0xf0/0xf0 [ 1357.813436][T10349] ? netlink_ack+0xb50/0xb50 [ 1357.818067][T10349] xfrm_netlink_rcv+0x70/0x90 [ 1357.822773][T10349] netlink_unicast+0x536/0x720 [ 1357.827556][T10349] ? netlink_attachskb+0x770/0x770 [ 1357.832685][T10349] netlink_sendmsg+0x8ae/0xd70 [ 1357.837472][T10349] ? netlink_unicast+0x720/0x720 [ 1357.842470][T10349] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 1357.848038][T10349] ? apparmor_socket_sendmsg+0x2a/0x30 [ 1357.853505][T10349] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1357.859805][T10349] ? security_socket_sendmsg+0x93/0xc0 [ 1357.865280][T10349] ? netlink_unicast+0x720/0x720 [ 1357.870283][T10349] sock_sendmsg+0xdd/0x130 [ 1357.874719][T10349] ___sys_sendmsg+0x806/0x930 [ 1357.879413][T10349] ? copy_msghdr_from_user+0x430/0x430 [ 1357.884894][T10349] ? kasan_check_read+0x11/0x20 [ 1357.889791][T10349] ? __fget+0x381/0x550 [ 1357.893977][T10349] ? ksys_dup3+0x3e0/0x3e0 [ 1357.898748][T10349] ? lock_downgrade+0x880/0x880 [ 1357.903627][T10349] ? __fget_light+0x1a9/0x230 [ 1357.908312][T10349] ? __fdget+0x1b/0x20 [ 1357.912391][T10349] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1357.918644][T10349] __sys_sendmsg+0x105/0x1d0 [ 1357.923240][T10349] ? __ia32_sys_shutdown+0x80/0x80 [ 1357.928398][T10349] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1357.933903][T10349] ? do_syscall_64+0x26/0x610 [ 1357.938588][T10349] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1357.944665][T10349] ? do_syscall_64+0x26/0x610 [ 1357.949360][T10349] __x64_sys_sendmsg+0x78/0xb0 [ 1357.954135][T10349] do_syscall_64+0x103/0x610 [ 1357.958754][T10349] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1357.964650][T10349] RIP: 0033:0x458079 [ 1357.968549][T10349] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1357.988166][T10349] RSP: 002b:00007f82ed754c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e 03:44:24 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151) connect$inet6(r1, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000140)=[@sack_perm, @sack_perm={0x2}, @timestamp], 0x11cc51) getsockopt$inet6_tcp_buf(r1, 0x6, 0x1c, 0x0, &(0x7f00000001c0)) accept(r1, 0x0, 0x0) 03:44:24 executing program 3: clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$packet_buf(0xffffffffffffffff, 0x107, 0x0, &(0x7f0000000080)="df6c51c7bf5f8a4d8643869e4ccb891cdfcdf8426b0192fdaceef8985d539aa3ca359c284afc17", 0x27) ioctl$sock_inet_SIOCSIFBRDADDR(0xffffffffffffffff, 0x891a, &(0x7f00000000c0)={'ip6_vth0\x00', {0x2, 0x0, @multicast2}}) setsockopt$inet6_buf(r0, 0x29, 0x80000000000040, 0x0, 0x0) 03:44:24 executing program 5: socket$inet_sctp(0x2, 0x5, 0x84) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f00000003c0)=ANY=[@ANYBLOB="7cdaf117ad949c33f5436f8e61287af40e63e6559df00e1c92e3892c4c1cde1e61dc755864675bb0084e5e8ed007ed531d2e2cbd9c775f9e6d807d11e9e6c7c13e9b"], 0x0) r1 = socket(0xa, 0x3, 0x5) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'bridge0\x00\x00\x01\x00'}) setsockopt$ARPT_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x0, 0x61, &(0x7f0000000080)={'filter\x00', 0x4}, 0x68) setsockopt$inet6_mtu(r1, 0x29, 0x17, &(0x7f00000001c0)=0x2, 0x4) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8923, &(0x7f0000000040)={'bridge0\x00', 0xfffffffffffffffd}) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) socket$inet(0x2, 0x4000000000000001, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCBRADDBR(r4, 0x89a0, &(0x7f00000000c0)='bcsf0\x00') setsockopt$inet6_mtu(r3, 0x29, 0x17, &(0x7f00000002c0)=0x7, 0x4) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(tnepres)\x00'}, 0x58) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r2, 0x84, 0x7c, &(0x7f0000000680)={0x0, 0x4}, &(0x7f00000006c0)=0x8) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f0000000700)={0x0, 0x0, 0x2, 0x1, r6}, 0x10) r7 = accept4(r5, 0x0, &(0x7f0000000000), 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000100), 0x0) r8 = syz_genetlink_get_family_id$nbd(&(0x7f0000000740)='nbd\x00') sendmsg$NBD_CMD_STATUS(r4, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)={0x20, r8, 0x20, 0x70bd27, 0x25dfdbfd, {}, [@NBD_ATTR_TIMEOUT={0xc, 0x4, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x4000) sendto$unix(r7, &(0x7f0000000400), 0xfffffffffffffef8, 0x0, 0x0, 0x22) bind$bt_l2cap(r2, &(0x7f0000000280)={0x1f, 0x1000, {0x2, 0x8, 0x9, 0xff, 0x40, 0x65f}, 0x5, 0xa1}, 0xe) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000200)={r3, &(0x7f0000000140)="b127e17bb4729bdbe9df3309c28cfe1b0b69a52b7f9659d9f5e15f2d086700eb94d66d46780f09e48850970774d57053aa6f75", 0x0, 0x1}, 0x20) socket$alg(0x26, 0x5, 0x0) recvmmsg(r7, &(0x7f0000009140)=[{{&(0x7f0000001580)=@in={0x2, 0x0, @dev}, 0x80, &(0x7f0000004840)=[{&(0x7f0000003840)=""/4096, 0x6}, {&(0x7f0000001600)=""/129, 0x7fffeffa}], 0x2, &(0x7f00000048c0)=""/58, 0x3a}}], 0x1, 0x0, &(0x7f0000009340)={0x0, 0x989680}) ioctl$sock_SIOCBRDELBR(r4, 0x89a1, &(0x7f0000000180)='bcsf0\x00\x00\x00\x00\x00\x00\x00\x11\x00') getsockopt$bt_rfcomm_RFCOMM_LM(r3, 0x12, 0x3, &(0x7f0000000380), &(0x7f0000000240)=0x293) sendmsg$nl_xfrm(r0, &(0x7f0000000100)={&(0x7f0000f4dff4), 0xc, &(0x7f0000000040)={&(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000c011100"], 0x1}}, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000600)={'bridge0\x00'}) 03:44:24 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000002640)={0x26, 'aead\x00', 0x0, 0x0, 'rfc7539(cfb(twofish),rmd128-generic)\x00'}, 0x58) bind$alg(r0, &(0x7f0000000000)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_ctr_aes256\x00'}, 0x58) 03:44:24 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151) connect$inet6(r1, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000140)=[@sack_perm, @sack_perm={0x2}, @timestamp], 0x11cc51) getsockopt$inet6_tcp_buf(r1, 0x6, 0x1c, 0x0, &(0x7f00000001c0)) [ 1357.996586][T10349] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458079 [ 1358.005067][T10349] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000006 [ 1358.013042][T10349] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1358.021017][T10349] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f82ed7556d4 [ 1358.028997][T10349] R13: 00000000004c56c3 R14: 00000000004d95f0 R15: 00000000ffffffff [ 1358.040700][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1358.046482][ C0] protocol 88fb is buggy, dev hsr_slave_1 03:44:26 executing program 3: mknod$loop(&(0x7f0000000200)='./file0\x00', 0x0, 0xffffffffffffffff) lsetxattr$security_ima(&(0x7f0000000080)='./file0\x00', &(0x7f0000000100)='security.ima\x00', &(0x7f0000000140)=@md5={0x1, "a31571e2d8b8cc3ce2289f23297b57b1"}, 0x11, 0x0) open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) 03:44:26 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000002640)={0x26, 'aead\x00', 0x0, 0x0, 'rfc7539(cfb(twofish),rmd128-generic)\x00'}, 0x58) bind$alg(r0, &(0x7f0000000000)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_ctr_aes256\x00'}, 0x58) 03:44:26 executing program 1: setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=@allocspi={0xf8, 0x16, 0x31d, 0x0, 0x0, {{{@in6, @in6=@ipv4={[], [], @multicast2}}, {@in6, 0x0, 0x33}, @in, {}, {}, {}, 0x70bd26}, 0x0, 0xfff}}, 0xf8}}, 0x0) 03:44:26 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151) connect$inet6(r1, &(0x7f0000000080), 0x1c) getsockopt$inet6_tcp_buf(r1, 0x6, 0x1c, 0x0, &(0x7f00000001c0)) 03:44:26 executing program 5: socket$inet_sctp(0x2, 0x5, 0x84) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f00000003c0)=ANY=[@ANYBLOB="7cdaf117ad949c33f5436f8e61287af40e63e6559df00e1c92e3892c4c1cde1e61dc755864675bb0084e5e8ed007ed531d2e2cbd9c775f9e6d807d11e9e6c7c13e9b"], 0x0) r1 = socket(0xa, 0x3, 0x5) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'bridge0\x00\x00\x01\x00'}) setsockopt$ARPT_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x0, 0x61, &(0x7f0000000080)={'filter\x00', 0x4}, 0x68) setsockopt$inet6_mtu(r1, 0x29, 0x17, &(0x7f00000001c0)=0x2, 0x4) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8923, &(0x7f0000000040)={'bridge0\x00', 0xfffffffffffffffd}) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) socket$inet(0x2, 0x4000000000000001, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCBRADDBR(r4, 0x89a0, &(0x7f00000000c0)='bcsf0\x00') setsockopt$inet6_mtu(r3, 0x29, 0x17, &(0x7f00000002c0)=0x7, 0x4) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(tnepres)\x00'}, 0x58) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r2, 0x84, 0x7c, &(0x7f0000000680)={0x0, 0x4}, &(0x7f00000006c0)=0x8) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f0000000700)={0x0, 0x0, 0x2, 0x1, r6}, 0x10) r7 = accept4(r5, 0x0, &(0x7f0000000000), 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000100), 0x0) r8 = syz_genetlink_get_family_id$nbd(&(0x7f0000000740)='nbd\x00') sendmsg$NBD_CMD_STATUS(r4, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)={0x20, r8, 0x20, 0x70bd27, 0x25dfdbfd, {}, [@NBD_ATTR_TIMEOUT={0xc, 0x4, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x4000) sendto$unix(r7, &(0x7f0000000400), 0xfffffffffffffef8, 0x0, 0x0, 0x22) bind$bt_l2cap(r2, &(0x7f0000000280)={0x1f, 0x1000, {0x2, 0x8, 0x9, 0xff, 0x40, 0x65f}, 0x5, 0xa1}, 0xe) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000200)={r3, &(0x7f0000000140)="b127e17bb4729bdbe9df3309c28cfe1b0b69a52b7f9659d9f5e15f2d086700eb94d66d46780f09e48850970774d57053aa6f75", 0x0, 0x1}, 0x20) socket$alg(0x26, 0x5, 0x0) recvmmsg(r7, &(0x7f0000009140)=[{{&(0x7f0000001580)=@in={0x2, 0x0, @dev}, 0x80, &(0x7f0000004840)=[{&(0x7f0000003840)=""/4096, 0x6}, {&(0x7f0000001600)=""/129, 0x7fffeffa}], 0x2, &(0x7f00000048c0)=""/58, 0x3a}}], 0x1, 0x0, &(0x7f0000009340)={0x0, 0x989680}) ioctl$sock_SIOCBRDELBR(r4, 0x89a1, &(0x7f0000000180)='bcsf0\x00\x00\x00\x00\x00\x00\x00\x11\x00') getsockopt$bt_rfcomm_RFCOMM_LM(r3, 0x12, 0x3, &(0x7f0000000380), &(0x7f0000000240)=0x293) sendmsg$nl_xfrm(r0, &(0x7f0000000100)={&(0x7f0000f4dff4), 0xc, &(0x7f0000000040)={&(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000c011100"], 0x1}}, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000600)={'bridge0\x00'}) 03:44:26 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) close(r0) io_setup(0x8, &(0x7f0000000240)=0x0) r2 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r2, &(0x7f000000cfe4)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendmsg(r2, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) io_submit(r1, 0x1400, &(0x7f0000000600)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, r0, &(0x7f0000000140), 0x7}]) 03:44:26 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_ctr_aes256\x00'}, 0x58) 03:44:26 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151) connect$inet6(r1, &(0x7f0000000080), 0x1c) getsockopt$inet6_tcp_buf(r1, 0x6, 0x1c, 0x0, &(0x7f00000001c0)) 03:44:26 executing program 3: 03:44:27 executing program 1: setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=@allocspi={0xf8, 0x16, 0x31d, 0x0, 0x0, {{{@in6, @in6=@ipv4={[], [], @multicast2}}, {@in6, 0x0, 0x33}, @in, {}, {}, {}, 0x70bd26}, 0x0, 0xfff}}, 0xf8}}, 0x0) 03:44:27 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_ctr_aes256\x00'}, 0x58) 03:44:27 executing program 3: 03:44:27 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151) connect$inet6(r1, &(0x7f0000000080), 0x1c) getsockopt$inet6_tcp_buf(r1, 0x6, 0x1c, 0x0, &(0x7f00000001c0)) 03:44:27 executing program 1: setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=@allocspi={0xf8, 0x16, 0x31d, 0x0, 0x0, {{{@in6, @in6=@ipv4={[], [], @multicast2}}, {@in6, 0x0, 0x33}, @in, {}, {}, {}, 0x70bd26}, 0x0, 0xfff}}, 0xf8}}, 0x0) 03:44:27 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_ctr_aes256\x00'}, 0x58) 03:44:27 executing program 3: 03:44:27 executing program 5: socket$inet_sctp(0x2, 0x5, 0x84) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f00000003c0)=ANY=[@ANYBLOB="7cdaf117ad949c33f5436f8e61287af40e63e6559df00e1c92e3892c4c1cde1e61dc755864675bb0084e5e8ed007ed531d2e2cbd9c775f9e6d807d11e9e6c7c13e9b"], 0x0) r1 = socket(0xa, 0x3, 0x5) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'bridge0\x00\x00\x01\x00'}) setsockopt$ARPT_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x0, 0x61, &(0x7f0000000080)={'filter\x00', 0x4}, 0x68) setsockopt$inet6_mtu(r1, 0x29, 0x17, &(0x7f00000001c0)=0x2, 0x4) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8923, &(0x7f0000000040)={'bridge0\x00', 0xfffffffffffffffd}) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) socket$inet(0x2, 0x4000000000000001, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCBRADDBR(r4, 0x89a0, &(0x7f00000000c0)='bcsf0\x00') setsockopt$inet6_mtu(r3, 0x29, 0x17, &(0x7f00000002c0)=0x7, 0x4) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(tnepres)\x00'}, 0x58) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r2, 0x84, 0x7c, &(0x7f0000000680)={0x0, 0x4}, &(0x7f00000006c0)=0x8) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f0000000700)={0x0, 0x0, 0x2, 0x1, r6}, 0x10) r7 = accept4(r5, 0x0, &(0x7f0000000000), 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000100), 0x0) r8 = syz_genetlink_get_family_id$nbd(&(0x7f0000000740)='nbd\x00') sendmsg$NBD_CMD_STATUS(r4, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)={0x20, r8, 0x20, 0x70bd27, 0x25dfdbfd, {}, [@NBD_ATTR_TIMEOUT={0xc, 0x4, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x4000) sendto$unix(r7, &(0x7f0000000400), 0xfffffffffffffef8, 0x0, 0x0, 0x22) bind$bt_l2cap(r2, &(0x7f0000000280)={0x1f, 0x1000, {0x2, 0x8, 0x9, 0xff, 0x40, 0x65f}, 0x5, 0xa1}, 0xe) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000200)={r3, &(0x7f0000000140)="b127e17bb4729bdbe9df3309c28cfe1b0b69a52b7f9659d9f5e15f2d086700eb94d66d46780f09e48850970774d57053aa6f75", 0x0, 0x1}, 0x20) socket$alg(0x26, 0x5, 0x0) recvmmsg(r7, &(0x7f0000009140)=[{{&(0x7f0000001580)=@in={0x2, 0x0, @dev}, 0x80, &(0x7f0000004840)=[{&(0x7f0000003840)=""/4096, 0x6}, {&(0x7f0000001600)=""/129, 0x7fffeffa}], 0x2, &(0x7f00000048c0)=""/58, 0x3a}}], 0x1, 0x0, &(0x7f0000009340)={0x0, 0x989680}) ioctl$sock_SIOCBRDELBR(r4, 0x89a1, &(0x7f0000000180)='bcsf0\x00\x00\x00\x00\x00\x00\x00\x11\x00') getsockopt$bt_rfcomm_RFCOMM_LM(r3, 0x12, 0x3, &(0x7f0000000380), &(0x7f0000000240)=0x293) sendmsg$nl_xfrm(r0, &(0x7f0000000100)={&(0x7f0000f4dff4), 0xc, &(0x7f0000000040)={&(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000c011100"], 0x1}}, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000600)={'bridge0\x00'}) 03:44:27 executing program 0: 03:44:27 executing program 3: 03:44:27 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000002640)={0x26, 'aead\x00', 0x0, 0x0, 'rfc7539(cfb(twofish),rmd128-generic)\x00'}, 0x58) bind$alg(0xffffffffffffffff, &(0x7f0000000000)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_ctr_aes256\x00'}, 0x58) 03:44:27 executing program 1: 03:44:27 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000140)=[@sack_perm, @sack_perm={0x2}, @timestamp], 0x11cc51) getsockopt$inet6_tcp_buf(r1, 0x6, 0x1c, 0x0, &(0x7f00000001c0)) 03:44:27 executing program 3: 03:44:27 executing program 1: 03:44:27 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000140)=[@sack_perm, @sack_perm={0x2}, @timestamp], 0x11cc51) getsockopt$inet6_tcp_buf(r1, 0x6, 0x1c, 0x0, &(0x7f00000001c0)) 03:44:27 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000002640)={0x26, 'aead\x00', 0x0, 0x0, 'rfc7539(cfb(twofish),rmd128-generic)\x00'}, 0x58) bind$alg(0xffffffffffffffff, &(0x7f0000000000)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_ctr_aes256\x00'}, 0x58) 03:44:27 executing program 0: 03:44:27 executing program 3: [ 1361.840675][ C1] net_ratelimit: 16 callbacks suppressed [ 1361.840684][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1361.852259][ C1] protocol 88fb is buggy, dev hsr_slave_1 03:44:28 executing program 5: socket$inet_sctp(0x2, 0x5, 0x84) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f00000003c0)=ANY=[@ANYBLOB="7cdaf117ad949c33f5436f8e61287af40e63e6559df00e1c92e3892c4c1cde1e61dc755864675bb0084e5e8ed007ed531d2e2cbd9c775f9e6d807d11e9e6c7c13e9b99"], 0x0) r1 = socket(0xa, 0x3, 0x5) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'bridge0\x00\x00\x01\x00'}) setsockopt$ARPT_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x0, 0x61, &(0x7f0000000080)={'filter\x00', 0x4}, 0x68) setsockopt$inet6_mtu(r1, 0x29, 0x17, &(0x7f00000001c0)=0x2, 0x4) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8923, &(0x7f0000000040)={'bridge0\x00', 0xfffffffffffffffd}) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) socket$inet(0x2, 0x4000000000000001, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCBRADDBR(r4, 0x89a0, &(0x7f00000000c0)='bcsf0\x00') setsockopt$inet6_mtu(r3, 0x29, 0x17, &(0x7f00000002c0)=0x7, 0x4) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(tnepres)\x00'}, 0x58) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r2, 0x84, 0x7c, &(0x7f0000000680)={0x0, 0x4}, &(0x7f00000006c0)=0x8) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f0000000700)={0x0, 0x0, 0x2, 0x1, r6}, 0x10) r7 = accept4(r5, 0x0, &(0x7f0000000000), 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000100), 0x0) r8 = syz_genetlink_get_family_id$nbd(&(0x7f0000000740)='nbd\x00') sendmsg$NBD_CMD_STATUS(r4, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)={0x20, r8, 0x20, 0x70bd27, 0x25dfdbfd, {}, [@NBD_ATTR_TIMEOUT={0xc, 0x4, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x4000) sendto$unix(r7, &(0x7f0000000400), 0xfffffffffffffef8, 0x0, 0x0, 0x22) bind$bt_l2cap(r2, &(0x7f0000000280)={0x1f, 0x1000, {0x2, 0x8, 0x9, 0xff, 0x40, 0x65f}, 0x5, 0xa1}, 0xe) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000200)={r3, &(0x7f0000000140)="b127e17bb4729bdbe9df3309c28cfe1b0b69a52b7f9659d9f5e15f2d086700eb94d66d46780f09e48850970774d57053aa6f75", 0x0, 0x1}, 0x20) socket$alg(0x26, 0x5, 0x0) recvmmsg(r7, &(0x7f0000009140)=[{{&(0x7f0000001580)=@in={0x2, 0x0, @dev}, 0x80, &(0x7f0000004840)=[{&(0x7f0000003840)=""/4096, 0x6}, {&(0x7f0000001600)=""/129, 0x7fffeffa}], 0x2, &(0x7f00000048c0)=""/58, 0x3a}}], 0x1, 0x0, &(0x7f0000009340)={0x0, 0x989680}) ioctl$sock_SIOCBRDELBR(r4, 0x89a1, &(0x7f0000000180)='bcsf0\x00\x00\x00\x00\x00\x00\x00\x11\x00') getsockopt$bt_rfcomm_RFCOMM_LM(r3, 0x12, 0x3, &(0x7f0000000380), &(0x7f0000000240)=0x293) sendmsg$nl_xfrm(r0, &(0x7f0000000100)={&(0x7f0000f4dff4), 0xc, &(0x7f0000000040)={&(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000c011100"], 0x1}}, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000600)={'bridge0\x00'}) 03:44:28 executing program 1: 03:44:28 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000002640)={0x26, 'aead\x00', 0x0, 0x0, 'rfc7539(cfb(twofish),rmd128-generic)\x00'}, 0x58) bind$alg(0xffffffffffffffff, &(0x7f0000000000)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_ctr_aes256\x00'}, 0x58) 03:44:28 executing program 0: 03:44:28 executing program 3: 03:44:28 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000140)=[@sack_perm, @sack_perm={0x2}, @timestamp], 0x11cc51) getsockopt$inet6_tcp_buf(r1, 0x6, 0x1c, 0x0, &(0x7f00000001c0)) 03:44:28 executing program 3: 03:44:28 executing program 0: [ 1362.160667][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1362.166523][ C0] protocol 88fb is buggy, dev hsr_slave_1 03:44:28 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000002640)={0x26, 'aead\x00', 0x0, 0x0, 'rfc7539(cfb(twofish),rmd128-generic)\x00'}, 0x58) bind$alg(r0, 0x0, 0x0) 03:44:28 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") r1 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(r1, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000140)=[@sack_perm, @sack_perm={0x2}, @timestamp], 0x11cc51) getsockopt$inet6_tcp_buf(r1, 0x6, 0x1c, 0x0, &(0x7f00000001c0)) 03:44:28 executing program 1: 03:44:28 executing program 3: [ 1362.720596][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1362.726448][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1362.732299][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1362.738043][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1362.743893][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1362.749641][ C1] protocol 88fb is buggy, dev hsr_slave_1 03:44:29 executing program 5: socket$inet_sctp(0x2, 0x5, 0x84) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f00000003c0)=ANY=[@ANYBLOB="7cdaf117ad949c33f5436f8e61287af40e63e6559df00e1c92e3892c4c1cde1e61dc755864675bb0084e5e8ed007ed531d2e2cbd9c775f9e6d807d11e9e6c7c13e9b99"], 0x0) r1 = socket(0xa, 0x3, 0x5) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'bridge0\x00\x00\x01\x00'}) setsockopt$ARPT_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x0, 0x61, &(0x7f0000000080)={'filter\x00', 0x4}, 0x68) setsockopt$inet6_mtu(r1, 0x29, 0x17, &(0x7f00000001c0)=0x2, 0x4) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8923, &(0x7f0000000040)={'bridge0\x00', 0xfffffffffffffffd}) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) socket$inet(0x2, 0x4000000000000001, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCBRADDBR(r4, 0x89a0, &(0x7f00000000c0)='bcsf0\x00') setsockopt$inet6_mtu(r3, 0x29, 0x17, &(0x7f00000002c0)=0x7, 0x4) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(tnepres)\x00'}, 0x58) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r2, 0x84, 0x7c, &(0x7f0000000680)={0x0, 0x4}, &(0x7f00000006c0)=0x8) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f0000000700)={0x0, 0x0, 0x2, 0x1, r6}, 0x10) r7 = accept4(r5, 0x0, &(0x7f0000000000), 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000100), 0x0) r8 = syz_genetlink_get_family_id$nbd(&(0x7f0000000740)='nbd\x00') sendmsg$NBD_CMD_STATUS(r4, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)={0x20, r8, 0x20, 0x70bd27, 0x25dfdbfd, {}, [@NBD_ATTR_TIMEOUT={0xc, 0x4, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x4000) sendto$unix(r7, &(0x7f0000000400), 0xfffffffffffffef8, 0x0, 0x0, 0x22) bind$bt_l2cap(r2, &(0x7f0000000280)={0x1f, 0x1000, {0x2, 0x8, 0x9, 0xff, 0x40, 0x65f}, 0x5, 0xa1}, 0xe) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000200)={r3, &(0x7f0000000140)="b127e17bb4729bdbe9df3309c28cfe1b0b69a52b7f9659d9f5e15f2d086700eb94d66d46780f09e48850970774d57053aa6f75", 0x0, 0x1}, 0x20) socket$alg(0x26, 0x5, 0x0) recvmmsg(r7, &(0x7f0000009140)=[{{&(0x7f0000001580)=@in={0x2, 0x0, @dev}, 0x80, &(0x7f0000004840)=[{&(0x7f0000003840)=""/4096, 0x6}, {&(0x7f0000001600)=""/129, 0x7fffeffa}], 0x2, &(0x7f00000048c0)=""/58, 0x3a}}], 0x1, 0x0, &(0x7f0000009340)={0x0, 0x989680}) ioctl$sock_SIOCBRDELBR(r4, 0x89a1, &(0x7f0000000180)='bcsf0\x00\x00\x00\x00\x00\x00\x00\x11\x00') getsockopt$bt_rfcomm_RFCOMM_LM(r3, 0x12, 0x3, &(0x7f0000000380), &(0x7f0000000240)=0x293) sendmsg$nl_xfrm(r0, &(0x7f0000000100)={&(0x7f0000f4dff4), 0xc, &(0x7f0000000040)={&(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000c011100"], 0x1}}, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000600)={'bridge0\x00'}) 03:44:29 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000002640)={0x26, 'aead\x00', 0x0, 0x0, 'rfc7539(cfb(twofish),rmd128-generic)\x00'}, 0x58) bind$alg(r0, 0x0, 0x0) 03:44:29 executing program 1: 03:44:29 executing program 0: 03:44:29 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") r1 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(r1, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000140)=[@sack_perm, @sack_perm={0x2}, @timestamp], 0x11cc51) getsockopt$inet6_tcp_buf(r1, 0x6, 0x1c, 0x0, &(0x7f00000001c0)) 03:44:29 executing program 3: 03:44:29 executing program 3: 03:44:29 executing program 0: 03:44:29 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") r1 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(r1, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000140)=[@sack_perm, @sack_perm={0x2}, @timestamp], 0x11cc51) getsockopt$inet6_tcp_buf(r1, 0x6, 0x1c, 0x0, &(0x7f00000001c0)) 03:44:29 executing program 1: 03:44:29 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000002640)={0x26, 'aead\x00', 0x0, 0x0, 'rfc7539(cfb(twofish),rmd128-generic)\x00'}, 0x58) bind$alg(r0, 0x0, 0x0) 03:44:29 executing program 0: 03:44:30 executing program 5: socket$inet_sctp(0x2, 0x5, 0x84) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f00000003c0)=ANY=[@ANYBLOB="7cdaf117ad949c33f5436f8e61287af40e63e6559df00e1c92e3892c4c1cde1e61dc755864675bb0084e5e8ed007ed531d2e2cbd9c775f9e6d807d11e9e6c7c13e9b99"], 0x0) r1 = socket(0xa, 0x3, 0x5) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'bridge0\x00\x00\x01\x00'}) setsockopt$ARPT_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x0, 0x61, &(0x7f0000000080)={'filter\x00', 0x4}, 0x68) setsockopt$inet6_mtu(r1, 0x29, 0x17, &(0x7f00000001c0)=0x2, 0x4) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8923, &(0x7f0000000040)={'bridge0\x00', 0xfffffffffffffffd}) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) socket$inet(0x2, 0x4000000000000001, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCBRADDBR(r4, 0x89a0, &(0x7f00000000c0)='bcsf0\x00') setsockopt$inet6_mtu(r3, 0x29, 0x17, &(0x7f00000002c0)=0x7, 0x4) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(tnepres)\x00'}, 0x58) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r2, 0x84, 0x7c, &(0x7f0000000680)={0x0, 0x4}, &(0x7f00000006c0)=0x8) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f0000000700)={0x0, 0x0, 0x2, 0x1, r6}, 0x10) r7 = accept4(r5, 0x0, &(0x7f0000000000), 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000100), 0x0) r8 = syz_genetlink_get_family_id$nbd(&(0x7f0000000740)='nbd\x00') sendmsg$NBD_CMD_STATUS(r4, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)={0x20, r8, 0x20, 0x70bd27, 0x25dfdbfd, {}, [@NBD_ATTR_TIMEOUT={0xc, 0x4, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x4000) sendto$unix(r7, &(0x7f0000000400), 0xfffffffffffffef8, 0x0, 0x0, 0x22) bind$bt_l2cap(r2, &(0x7f0000000280)={0x1f, 0x1000, {0x2, 0x8, 0x9, 0xff, 0x40, 0x65f}, 0x5, 0xa1}, 0xe) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000200)={r3, &(0x7f0000000140)="b127e17bb4729bdbe9df3309c28cfe1b0b69a52b7f9659d9f5e15f2d086700eb94d66d46780f09e48850970774d57053aa6f75", 0x0, 0x1}, 0x20) socket$alg(0x26, 0x5, 0x0) recvmmsg(r7, &(0x7f0000009140)=[{{&(0x7f0000001580)=@in={0x2, 0x0, @dev}, 0x80, &(0x7f0000004840)=[{&(0x7f0000003840)=""/4096, 0x6}, {&(0x7f0000001600)=""/129, 0x7fffeffa}], 0x2, &(0x7f00000048c0)=""/58, 0x3a}}], 0x1, 0x0, &(0x7f0000009340)={0x0, 0x989680}) ioctl$sock_SIOCBRDELBR(r4, 0x89a1, &(0x7f0000000180)='bcsf0\x00\x00\x00\x00\x00\x00\x00\x11\x00') getsockopt$bt_rfcomm_RFCOMM_LM(r3, 0x12, 0x3, &(0x7f0000000380), &(0x7f0000000240)=0x293) sendmsg$nl_xfrm(r0, &(0x7f0000000100)={&(0x7f0000f4dff4), 0xc, &(0x7f0000000040)={&(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000c011100"], 0x1}}, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000600)={'bridge0\x00'}) 03:44:30 executing program 3: 03:44:30 executing program 4: 03:44:30 executing program 1: 03:44:30 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151) connect$inet6(0xffffffffffffffff, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, &(0x7f0000000140)=[@sack_perm, @sack_perm={0x2}, @timestamp], 0x11cc51) getsockopt$inet6_tcp_buf(0xffffffffffffffff, 0x6, 0x1c, 0x0, &(0x7f00000001c0)) 03:44:30 executing program 0: 03:44:30 executing program 4: 03:44:30 executing program 0: 03:44:30 executing program 1: 03:44:30 executing program 3: 03:44:30 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151) connect$inet6(0xffffffffffffffff, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, &(0x7f0000000140)=[@sack_perm, @sack_perm={0x2}, @timestamp], 0x11cc51) getsockopt$inet6_tcp_buf(0xffffffffffffffff, 0x6, 0x1c, 0x0, &(0x7f00000001c0)) 03:44:30 executing program 1: 03:44:31 executing program 5: socket$inet_sctp(0x2, 0x5, 0x84) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f00000003c0)=ANY=[@ANYBLOB="7cdaf117ad949c33f5436f8e61287af40e63e6559df00e1c92e3892c4c1cde1e61dc755864675bb0084e5e8ed007ed531d2e2cbd9c775f9e6d807d11e9e6c7c13e9b9937"], 0x0) r1 = socket(0x0, 0x3, 0x5) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'bridge0\x00\x00\x01\x00'}) setsockopt$ARPT_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x0, 0x61, &(0x7f0000000080)={'filter\x00', 0x4}, 0x68) setsockopt$inet6_mtu(r1, 0x29, 0x17, &(0x7f00000001c0)=0x2, 0x4) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8923, &(0x7f0000000040)={'bridge0\x00', 0xfffffffffffffffd}) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) socket$inet(0x2, 0x4000000000000001, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCBRADDBR(r4, 0x89a0, &(0x7f00000000c0)='bcsf0\x00') setsockopt$inet6_mtu(r3, 0x29, 0x17, &(0x7f00000002c0)=0x7, 0x4) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(tnepres)\x00'}, 0x58) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r2, 0x84, 0x7c, &(0x7f0000000680)={0x0, 0x4}, &(0x7f00000006c0)=0x8) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f0000000700)={0x0, 0x0, 0x2, 0x1, r6}, 0x10) r7 = accept4(r5, 0x0, &(0x7f0000000000), 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000100), 0x0) r8 = syz_genetlink_get_family_id$nbd(&(0x7f0000000740)='nbd\x00') sendmsg$NBD_CMD_STATUS(r4, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)={0x20, r8, 0x20, 0x70bd27, 0x25dfdbfd, {}, [@NBD_ATTR_TIMEOUT={0xc, 0x4, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x4000) sendto$unix(r7, &(0x7f0000000400), 0xfffffffffffffef8, 0x0, 0x0, 0x22) bind$bt_l2cap(r2, &(0x7f0000000280)={0x1f, 0x1000, {0x2, 0x8, 0x9, 0xff, 0x40, 0x65f}, 0x5, 0xa1}, 0xe) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000200)={r3, &(0x7f0000000140)="b127e17bb4729bdbe9df3309c28cfe1b0b69a52b7f9659d9f5e15f2d086700eb94d66d46780f09e48850970774d57053aa6f75", 0x0, 0x1}, 0x20) socket$alg(0x26, 0x5, 0x0) recvmmsg(r7, &(0x7f0000009140)=[{{&(0x7f0000001580)=@in={0x2, 0x0, @dev}, 0x80, &(0x7f0000004840)=[{&(0x7f0000003840)=""/4096, 0x6}, {&(0x7f0000001600)=""/129, 0x7fffeffa}], 0x2, &(0x7f00000048c0)=""/58, 0x3a}}], 0x1, 0x0, &(0x7f0000009340)={0x0, 0x989680}) ioctl$sock_SIOCBRDELBR(r4, 0x89a1, &(0x7f0000000180)='bcsf0\x00\x00\x00\x00\x00\x00\x00\x11\x00') getsockopt$bt_rfcomm_RFCOMM_LM(r3, 0x12, 0x3, &(0x7f0000000380), &(0x7f0000000240)=0x293) sendmsg$nl_xfrm(r0, &(0x7f0000000100)={&(0x7f0000f4dff4), 0xc, &(0x7f0000000040)={&(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000c011100"], 0x1}}, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000600)={'bridge0\x00'}) 03:44:31 executing program 0: 03:44:31 executing program 4: 03:44:31 executing program 3: 03:44:31 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151) connect$inet6(0xffffffffffffffff, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, &(0x7f0000000140)=[@sack_perm, @sack_perm={0x2}, @timestamp], 0x11cc51) getsockopt$inet6_tcp_buf(0xffffffffffffffff, 0x6, 0x1c, 0x0, &(0x7f00000001c0)) 03:44:31 executing program 1: 03:44:31 executing program 1: 03:44:31 executing program 3: 03:44:31 executing program 4: 03:44:31 executing program 0: 03:44:31 executing program 2: socket$inet_udplite(0x2, 0x2, 0x88) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000140)=[@sack_perm, @sack_perm={0x2}, @timestamp], 0x11cc51) getsockopt$inet6_tcp_buf(r0, 0x6, 0x1c, 0x0, &(0x7f00000001c0)) 03:44:31 executing program 4: 03:44:32 executing program 5: socket$inet_sctp(0x2, 0x5, 0x84) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f00000003c0)=ANY=[@ANYBLOB="7cdaf117ad949c33f5436f8e61287af40e63e6559df00e1c92e3892c4c1cde1e61dc755864675bb0084e5e8ed007ed531d2e2cbd9c775f9e6d807d11e9e6c7c13e9b9937"], 0x0) r1 = socket(0x0, 0x3, 0x5) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'bridge0\x00\x00\x01\x00'}) setsockopt$ARPT_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x0, 0x61, &(0x7f0000000080)={'filter\x00', 0x4}, 0x68) setsockopt$inet6_mtu(r1, 0x29, 0x17, &(0x7f00000001c0)=0x2, 0x4) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8923, &(0x7f0000000040)={'bridge0\x00', 0xfffffffffffffffd}) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) socket$inet(0x2, 0x4000000000000001, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCBRADDBR(r4, 0x89a0, &(0x7f00000000c0)='bcsf0\x00') setsockopt$inet6_mtu(r3, 0x29, 0x17, &(0x7f00000002c0)=0x7, 0x4) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(tnepres)\x00'}, 0x58) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r2, 0x84, 0x7c, &(0x7f0000000680)={0x0, 0x4}, &(0x7f00000006c0)=0x8) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f0000000700)={0x0, 0x0, 0x2, 0x1, r6}, 0x10) r7 = accept4(r5, 0x0, &(0x7f0000000000), 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000100), 0x0) r8 = syz_genetlink_get_family_id$nbd(&(0x7f0000000740)='nbd\x00') sendmsg$NBD_CMD_STATUS(r4, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)={0x20, r8, 0x20, 0x70bd27, 0x25dfdbfd, {}, [@NBD_ATTR_TIMEOUT={0xc, 0x4, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x4000) sendto$unix(r7, &(0x7f0000000400), 0xfffffffffffffef8, 0x0, 0x0, 0x22) bind$bt_l2cap(r2, &(0x7f0000000280)={0x1f, 0x1000, {0x2, 0x8, 0x9, 0xff, 0x40, 0x65f}, 0x5, 0xa1}, 0xe) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000200)={r3, &(0x7f0000000140)="b127e17bb4729bdbe9df3309c28cfe1b0b69a52b7f9659d9f5e15f2d086700eb94d66d46780f09e48850970774d57053aa6f75", 0x0, 0x1}, 0x20) socket$alg(0x26, 0x5, 0x0) recvmmsg(r7, &(0x7f0000009140)=[{{&(0x7f0000001580)=@in={0x2, 0x0, @dev}, 0x80, &(0x7f0000004840)=[{&(0x7f0000003840)=""/4096, 0x6}, {&(0x7f0000001600)=""/129, 0x7fffeffa}], 0x2, &(0x7f00000048c0)=""/58, 0x3a}}], 0x1, 0x0, &(0x7f0000009340)={0x0, 0x989680}) ioctl$sock_SIOCBRDELBR(r4, 0x89a1, &(0x7f0000000180)='bcsf0\x00\x00\x00\x00\x00\x00\x00\x11\x00') getsockopt$bt_rfcomm_RFCOMM_LM(r3, 0x12, 0x3, &(0x7f0000000380), &(0x7f0000000240)=0x293) sendmsg$nl_xfrm(r0, &(0x7f0000000100)={&(0x7f0000f4dff4), 0xc, &(0x7f0000000040)={&(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000c011100"], 0x1}}, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000600)={'bridge0\x00'}) 03:44:32 executing program 3: 03:44:32 executing program 0: 03:44:32 executing program 1: 03:44:32 executing program 4: 03:44:32 executing program 2: socket$inet_udplite(0x2, 0x2, 0x88) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000140)=[@sack_perm, @sack_perm={0x2}, @timestamp], 0x11cc51) getsockopt$inet6_tcp_buf(r0, 0x6, 0x1c, 0x0, &(0x7f00000001c0)) 03:44:32 executing program 3: 03:44:32 executing program 1: 03:44:32 executing program 0: 03:44:32 executing program 4: 03:44:32 executing program 3: 03:44:32 executing program 1: 03:44:32 executing program 5: socket$inet_sctp(0x2, 0x5, 0x84) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f00000003c0)=ANY=[@ANYBLOB="7cdaf117ad949c33f5436f8e61287af40e63e6559df00e1c92e3892c4c1cde1e61dc755864675bb0084e5e8ed007ed531d2e2cbd9c775f9e6d807d11e9e6c7c13e9b9937"], 0x0) r1 = socket(0x0, 0x3, 0x5) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'bridge0\x00\x00\x01\x00'}) setsockopt$ARPT_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x0, 0x61, &(0x7f0000000080)={'filter\x00', 0x4}, 0x68) setsockopt$inet6_mtu(r1, 0x29, 0x17, &(0x7f00000001c0)=0x2, 0x4) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8923, &(0x7f0000000040)={'bridge0\x00', 0xfffffffffffffffd}) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) socket$inet(0x2, 0x4000000000000001, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCBRADDBR(r4, 0x89a0, &(0x7f00000000c0)='bcsf0\x00') setsockopt$inet6_mtu(r3, 0x29, 0x17, &(0x7f00000002c0)=0x7, 0x4) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(tnepres)\x00'}, 0x58) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r2, 0x84, 0x7c, &(0x7f0000000680)={0x0, 0x4}, &(0x7f00000006c0)=0x8) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f0000000700)={0x0, 0x0, 0x2, 0x1, r6}, 0x10) r7 = accept4(r5, 0x0, &(0x7f0000000000), 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000100), 0x0) r8 = syz_genetlink_get_family_id$nbd(&(0x7f0000000740)='nbd\x00') sendmsg$NBD_CMD_STATUS(r4, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)={0x20, r8, 0x20, 0x70bd27, 0x25dfdbfd, {}, [@NBD_ATTR_TIMEOUT={0xc, 0x4, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x4000) sendto$unix(r7, &(0x7f0000000400), 0xfffffffffffffef8, 0x0, 0x0, 0x22) bind$bt_l2cap(r2, &(0x7f0000000280)={0x1f, 0x1000, {0x2, 0x8, 0x9, 0xff, 0x40, 0x65f}, 0x5, 0xa1}, 0xe) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000200)={r3, &(0x7f0000000140)="b127e17bb4729bdbe9df3309c28cfe1b0b69a52b7f9659d9f5e15f2d086700eb94d66d46780f09e48850970774d57053aa6f75", 0x0, 0x1}, 0x20) socket$alg(0x26, 0x5, 0x0) recvmmsg(r7, &(0x7f0000009140)=[{{&(0x7f0000001580)=@in={0x2, 0x0, @dev}, 0x80, &(0x7f0000004840)=[{&(0x7f0000003840)=""/4096, 0x6}, {&(0x7f0000001600)=""/129, 0x7fffeffa}], 0x2, &(0x7f00000048c0)=""/58, 0x3a}}], 0x1, 0x0, &(0x7f0000009340)={0x0, 0x989680}) ioctl$sock_SIOCBRDELBR(r4, 0x89a1, &(0x7f0000000180)='bcsf0\x00\x00\x00\x00\x00\x00\x00\x11\x00') getsockopt$bt_rfcomm_RFCOMM_LM(r3, 0x12, 0x3, &(0x7f0000000380), &(0x7f0000000240)=0x293) sendmsg$nl_xfrm(r0, &(0x7f0000000100)={&(0x7f0000f4dff4), 0xc, &(0x7f0000000040)={&(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000c011100"], 0x1}}, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000600)={'bridge0\x00'}) 03:44:32 executing program 4: 03:44:32 executing program 1: 03:44:32 executing program 0: 03:44:32 executing program 3: 03:44:32 executing program 2: socket$inet_udplite(0x2, 0x2, 0x88) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000140)=[@sack_perm, @sack_perm={0x2}, @timestamp], 0x11cc51) getsockopt$inet6_tcp_buf(r0, 0x6, 0x1c, 0x0, &(0x7f00000001c0)) 03:44:33 executing program 0: 03:44:33 executing program 4: 03:44:33 executing program 3: 03:44:33 executing program 1: 03:44:33 executing program 4: 03:44:33 executing program 0: [ 1366.880632][ C1] net_ratelimit: 14 callbacks suppressed [ 1366.880641][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1366.892184][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1366.897975][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1366.903790][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1366.909557][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1366.915314][ C1] protocol 88fb is buggy, dev hsr_slave_1 03:44:33 executing program 5: socket$inet_sctp(0x2, 0x5, 0x84) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f00000003c0)=ANY=[@ANYBLOB="7cdaf117ad949c33f5436f8e61287af40e63e6559df00e1c92e3892c4c1cde1e61dc755864675bb0084e5e8ed007ed531d2e2cbd9c775f9e6d807d11e9e6c7c13e9b9937"], 0x0) r1 = socket(0xa, 0x0, 0x5) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'bridge0\x00\x00\x01\x00'}) setsockopt$ARPT_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x0, 0x61, &(0x7f0000000080)={'filter\x00', 0x4}, 0x68) setsockopt$inet6_mtu(r1, 0x29, 0x17, &(0x7f00000001c0)=0x2, 0x4) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8923, &(0x7f0000000040)={'bridge0\x00', 0xfffffffffffffffd}) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) socket$inet(0x2, 0x4000000000000001, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCBRADDBR(r4, 0x89a0, &(0x7f00000000c0)='bcsf0\x00') setsockopt$inet6_mtu(r3, 0x29, 0x17, &(0x7f00000002c0)=0x7, 0x4) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(tnepres)\x00'}, 0x58) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r2, 0x84, 0x7c, &(0x7f0000000680)={0x0, 0x4}, &(0x7f00000006c0)=0x8) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f0000000700)={0x0, 0x0, 0x2, 0x1, r6}, 0x10) r7 = accept4(r5, 0x0, &(0x7f0000000000), 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000100), 0x0) r8 = syz_genetlink_get_family_id$nbd(&(0x7f0000000740)='nbd\x00') sendmsg$NBD_CMD_STATUS(r4, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)={0x20, r8, 0x20, 0x70bd27, 0x25dfdbfd, {}, [@NBD_ATTR_TIMEOUT={0xc, 0x4, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x4000) sendto$unix(r7, &(0x7f0000000400), 0xfffffffffffffef8, 0x0, 0x0, 0x22) bind$bt_l2cap(r2, &(0x7f0000000280)={0x1f, 0x1000, {0x2, 0x8, 0x9, 0xff, 0x40, 0x65f}, 0x5, 0xa1}, 0xe) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000200)={r3, &(0x7f0000000140)="b127e17bb4729bdbe9df3309c28cfe1b0b69a52b7f9659d9f5e15f2d086700eb94d66d46780f09e48850970774d57053aa6f75", 0x0, 0x1}, 0x20) socket$alg(0x26, 0x5, 0x0) recvmmsg(r7, &(0x7f0000009140)=[{{&(0x7f0000001580)=@in={0x2, 0x0, @dev}, 0x80, &(0x7f0000004840)=[{&(0x7f0000003840)=""/4096, 0x6}, {&(0x7f0000001600)=""/129, 0x7fffeffa}], 0x2, &(0x7f00000048c0)=""/58, 0x3a}}], 0x1, 0x0, &(0x7f0000009340)={0x0, 0x989680}) ioctl$sock_SIOCBRDELBR(r4, 0x89a1, &(0x7f0000000180)='bcsf0\x00\x00\x00\x00\x00\x00\x00\x11\x00') getsockopt$bt_rfcomm_RFCOMM_LM(r3, 0x12, 0x3, &(0x7f0000000380), &(0x7f0000000240)=0x293) sendmsg$nl_xfrm(r0, &(0x7f0000000100)={&(0x7f0000f4dff4), 0xc, &(0x7f0000000040)={&(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000c011100"], 0x1}}, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000600)={'bridge0\x00'}) 03:44:33 executing program 3: 03:44:33 executing program 1: 03:44:33 executing program 4: 03:44:33 executing program 0: 03:44:33 executing program 2: ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000140)=[@sack_perm, @sack_perm={0x2}, @timestamp], 0x11cc51) getsockopt$inet6_tcp_buf(r0, 0x6, 0x1c, 0x0, &(0x7f00000001c0)) 03:44:33 executing program 4: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f00000002c0)='cgroup.max.depth\x00\x04S7I5\xdf\xc7U,\xcd\xaa\x19D\xf9~b\xb0\x8a\x8e\x19u\xc0\x03\xd0\xdb]\xfc\xdf\x95hW\xcb\xe8]\x95\xd0\xe3~w\xb0\x8f8\xb8\x8f\xc7\f\xdab\xe7\xa5\x00L', 0x2, 0x0) write$cgroup_int(r1, 0x0, 0x0) 03:44:33 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x5c831, 0xffffffffffffffff, 0x0) mprotect(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x7) 03:44:33 executing program 0: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup.net\x00', 0x200002, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000700)='./bus\x00', 0x0) ftruncate(r1, 0x2008200) r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x8000fffffffe) r3 = open(&(0x7f0000000440)='./bus\x00', 0x141042, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) fallocate(r3, 0x20, 0x0, 0x10000) 03:44:33 executing program 3: r0 = open(&(0x7f0000000240)='./bus\x00', 0x141042, 0x0) fadvise64(r0, 0x0, 0x6, 0x4) 03:44:34 executing program 4: syz_open_dev$audion(&(0x7f0000000180)='/dev/audio#\x00', 0x0, 0x80000) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x44b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shmget$private(0x0, 0x3000, 0x0, &(0x7f0000ffd000/0x3000)=nil) shmget$private(0x0, 0x2000, 0xa2, &(0x7f0000ffd000/0x2000)=nil) r0 = shmget$private(0x0, 0x3000, 0x0, &(0x7f0000ffd000/0x3000)=nil) shmat(r0, &(0x7f0000ffc000/0x4000)=nil, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0xfffffffffffffffe) perf_event_open(&(0x7f000000a000)={0x4, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0xa000000200000000, 0x800007f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x80a102001ff8, 0x0, 0xfffffffffffffffe, &(0x7f00000000c0), 0xffffffffffffffff) mount(0x0, &(0x7f0000343ff8)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000)) [ 1367.536513][ T26] audit: type=1804 audit(2000000673.959:2578): pid=10604 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/file0/file0/file0/file0/file0/root/syzkaller-testdir547748866/syzkaller.elhPLe/1904/bus" dev="sda1" ino=17618 res=1