0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) [ 2154.799401][ T212] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2154.833788][ T212] lowmem_reserve[]: 0 2912 6416 6416 21:32:42 executing program 4: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x0, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x0) 21:32:42 executing program 0: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) 21:32:42 executing program 3: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r3, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:32:42 executing program 5: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) [ 2154.840850][ T212] DMA32 free:28556kB min:4644kB low:7624kB high:10604kB active_anon:2835700kB inactive_anon:5352kB active_file:120kB inactive_file:604kB unevictable:48kB writepending:92kB present:3129332kB managed:2983768kB mlocked:48kB kernel_stack:14592kB pagetables:17084kB bounce:0kB free_pcp:960kB local_pcp:424kB free_cma:0kB [ 2154.881528][ T212] lowmem_reserve[]: 0 0 3504 3504 [ 2154.910938][ T212] Normal free:9148kB min:5592kB low:9180kB high:12768kB active_anon:2822744kB inactive_anon:33476kB active_file:1284kB inactive_file:4296kB unevictable:1576kB writepending:64kB present:4718592kB managed:3588928kB mlocked:1576kB kernel_stack:28384kB pagetables:123984kB bounce:0kB free_pcp:1728kB local_pcp:856kB free_cma:0kB [ 2154.941575][ T212] lowmem_reserve[]: 0 0 0 0 [ 2154.946369][ T212] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB 21:32:42 executing program 1: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x0, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) [ 2154.960311][ T212] DMA32: 686*4kB (UMEH) 316*8kB (ME) 99*16kB (UMEH) 52*32kB (UMEH) 41*64kB (UMEH) 36*128kB (UME) 10*256kB (UME) 4*512kB (M) 4*1024kB (M) 2*2048kB (ME) 0*4096kB = 28552kB [ 2154.977810][ T212] Normal: 1*4kB (E) 53*8kB (UME) 95*16kB (UME) 45*32kB (UMEH) 18*64kB (ME) 6*128kB (UM) 3*256kB (UM) 0*512kB 1*1024kB (U) 1*2048kB (U) 0*4096kB = 9148kB [ 2154.993550][ T212] 11809 total pagecache pages [ 2154.998511][ T212] 0 pages in swap cache [ 2155.002670][ T212] Swap cache stats: add 0, delete 0, find 0/0 [ 2155.096326][ T212] Free swap = 0kB [ 2155.102471][ T212] Total swap = 0kB [ 2155.110163][ T212] 1965979 pages RAM [ 2155.115432][ T212] 0 pages HighMem/MovableOnly [ 2155.120980][ T212] 318829 pages reserved [ 2155.126615][ T212] 0 pages cma reserved [ 2155.131477][ T212] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.0,pid=26021,uid=0 [ 2155.146630][ T212] Out of memory: Killed process 26021 (syz-executor.0) total-vm:75372kB, anon-rss:16572kB, file-rss:35840kB, shmem-rss:0kB, UID:0 pgtables:160kB oom_score_adj:1000 [ 2155.193855][ T23] oom_reaper: reaped process 26021 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 21:32:43 executing program 4: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x0, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x0) 21:32:43 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/netlink\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x3000000) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) 21:32:43 executing program 0: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) 21:32:43 executing program 5: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:32:43 executing program 3: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r3, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:32:43 executing program 2: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:32:43 executing program 0: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) [ 2155.516742][T25680] syz-executor.3 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 2155.536280][T25680] CPU: 1 PID: 25680 Comm: syz-executor.3 Not tainted 5.4.56-syzkaller-00005-g8555f0d9d303 #0 [ 2155.546463][T25680] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2155.556548][T25680] Call Trace: [ 2155.559845][T25680] dump_stack+0x14a/0x1ce [ 2155.564173][T25680] ? devkmsg_release+0x11c/0x11c [ 2155.569104][T25680] ? show_regs_print_info+0x12/0x12 [ 2155.574300][T25680] ? radix_tree_cpu_dead+0x160/0x160 [ 2155.579578][T25680] ? _raw_spin_lock+0xa1/0x170 [ 2155.584342][T25680] ? _raw_spin_trylock_bh+0x190/0x190 [ 2155.589740][T25680] dump_header+0xdb/0x700 [ 2155.594072][T25680] oom_kill_process+0xd3/0x280 [ 2155.598836][T25680] out_of_memory+0x5b6/0x890 [ 2155.603439][T25680] ? unregister_oom_notifier+0x20/0x20 [ 2155.608896][T25680] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2155.614457][T25680] ? get_page_from_freelist+0x7c0/0x7c0 [ 2155.619992][T25680] ? __zone_watermark_ok+0x91/0x280 [ 2155.625185][T25680] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2155.630561][T25680] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2155.636123][T25680] ? vma_link+0x17a/0x290 [ 2155.640456][T25680] pte_alloc_one+0x1b/0xb0 [ 2155.644857][T25680] __pte_alloc+0x1d/0x1d0 [ 2155.649176][T25680] handle_mm_fault+0x38ce/0x41e0 [ 2155.654090][T25680] ? find_vma+0x150/0x150 [ 2155.658395][T25680] ? finish_fault+0x230/0x230 [ 2155.663063][T25680] ? up_write+0xa1/0x190 [ 2155.667295][T25680] ? down_read_trylock+0x17a/0x1d0 [ 2155.672381][T25680] ? vmacache_update+0x9f/0xf0 [ 2155.677126][T25680] do_user_addr_fault+0x48a/0x9f0 [ 2155.682155][T25680] page_fault+0x2f/0x40 [ 2155.686301][T25680] RIP: 0033:0x4142bf [ 2155.690169][T25680] Code: 0f 84 c8 02 00 00 48 83 bd 78 ff ff ff 00 0f 84 f9 04 00 00 48 8b 95 68 ff ff ff 44 89 95 38 ff ff ff 4c 8d ac 10 00 f7 ff ff <49> 89 85 90 06 00 00 49 8d 85 10 03 00 00 49 89 95 98 06 00 00 41 [ 2155.709752][T25680] RSP: 002b:00007ffd7c796570 EFLAGS: 00010206 [ 2155.715815][T25680] RAX: 00007fbf5a9d2000 RBX: 0000000000020000 RCX: 000000000045cd2a [ 2155.723781][T25680] RDX: 0000000000021000 RSI: 0000000000021000 RDI: 0000000000000000 [ 2155.731732][T25680] RBP: 00007ffd7c796650 R08: ffffffffffffffff R09: 0000000000000000 [ 2155.739694][T25680] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd7c796750 [ 2155.747647][T25680] R13: 00007fbf5a9f2700 R14: 0000000000000992 R15: 000000000078c04c [ 2155.756049][T25680] Mem-Info: [ 2155.759293][T25680] active_anon:1415974 inactive_anon:9707 isolated_anon:15 21:32:43 executing program 2: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:32:43 executing program 5: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:32:43 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/netlink\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x3000000) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) 21:32:43 executing program 4: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x0) [ 2155.759293][T25680] active_file:475 inactive_file:608 isolated_file:0 [ 2155.759293][T25680] unevictable:363 dirty:21 writeback:25 unstable:0 [ 2155.759293][T25680] slab_reclaimable:11814 slab_unreclaimable:74961 [ 2155.759293][T25680] mapped:58571 shmem:9776 pagetables:35297 bounce:0 [ 2155.759293][T25680] free:12589 free_pcp:575 free_cma:0 [ 2155.824374][T25680] Node 0 active_anon:5664128kB inactive_anon:38828kB active_file:1644kB inactive_file:1308kB unevictable:1452kB isolated(anon):0kB isolated(file):0kB mapped:233020kB dirty:196kB writeback:60kB shmem:39104kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2155.851089][T25680] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2155.878251][T25680] lowmem_reserve[]: 0 2912 6416 6416 [ 2155.883929][T25680] DMA32 free:25540kB min:4644kB low:7624kB high:10604kB active_anon:2836844kB inactive_anon:5352kB active_file:108kB inactive_file:32kB unevictable:0kB writepending:212kB present:3129332kB managed:2983768kB mlocked:0kB kernel_stack:14336kB pagetables:17076kB bounce:0kB free_pcp:1524kB local_pcp:1348kB free_cma:0kB [ 2155.914016][T25680] lowmem_reserve[]: 0 0 3504 3504 [ 2155.919366][T25680] Normal free:8704kB min:5592kB low:9180kB high:12768kB active_anon:2827056kB inactive_anon:33476kB active_file:124kB inactive_file:1096kB unevictable:1452kB writepending:156kB present:4718592kB managed:3588928kB mlocked:1452kB kernel_stack:28288kB pagetables:124236kB bounce:0kB free_pcp:1700kB local_pcp:1364kB free_cma:0kB [ 2155.995369][T25680] lowmem_reserve[]: 0 0 0 0 [ 2156.026969][T25680] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2156.040479][T25680] DMA32: 21*4kB (UMEH) 3*8kB (ME) 28*16kB (UMEH) 16*32kB (MEH) 7*64kB (E) 29*128kB (UME) 8*256kB (UE) 0*512kB 0*1024kB 3*2048kB (ME) 1*4096kB (M) = 17516kB [ 2156.056294][T25680] Normal: 70*4kB (UME) 86*8kB (ME) 37*16kB (ME) 10*32kB (UME) 5*64kB (UME) 1*128kB (M) 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (U) 0*4096kB = 5400kB [ 2156.071213][T25680] 10102 total pagecache pages [ 2156.075954][T25680] 0 pages in swap cache [ 2156.080321][T25680] Swap cache stats: add 0, delete 0, find 0/0 [ 2156.086582][T25680] Free swap = 0kB [ 2156.090299][T25680] Total swap = 0kB [ 2156.094075][T25680] 1965979 pages RAM [ 2156.097911][T25680] 0 pages HighMem/MovableOnly [ 2156.102579][T25680] 318829 pages reserved [ 2156.106996][T25680] 0 pages cma reserved [ 2156.111368][T25680] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.0,pid=16756,uid=0 [ 2156.129015][T25680] Out of memory: Killed process 16756 (syz-executor.0) total-vm:75372kB, anon-rss:16572kB, file-rss:35840kB, shmem-rss:0kB, UID:0 pgtables:160kB oom_score_adj:1000 [ 2156.156087][ T23] oom_reaper: reaped process 16756 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 21:32:44 executing program 2: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x0, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:32:44 executing program 4: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x0) 21:32:44 executing program 1: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/netlink\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0xc000000, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) 21:32:44 executing program 5: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:32:44 executing program 0: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) 21:32:44 executing program 3: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) [ 2156.778666][T25744] syz-executor.3 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 2156.792422][T25744] CPU: 1 PID: 25744 Comm: syz-executor.3 Not tainted 5.4.56-syzkaller-00005-g8555f0d9d303 #0 [ 2156.802612][T25744] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2156.812669][T25744] Call Trace: [ 2156.815942][T25744] dump_stack+0x14a/0x1ce [ 2156.820245][T25744] ? devkmsg_release+0x11c/0x11c [ 2156.825151][T25744] ? show_regs_print_info+0x12/0x12 [ 2156.830320][T25744] ? radix_tree_cpu_dead+0x160/0x160 [ 2156.835577][T25744] ? _raw_spin_lock+0xa1/0x170 [ 2156.840320][T25744] ? _raw_spin_trylock_bh+0x190/0x190 [ 2156.845669][T25744] dump_header+0xdb/0x700 [ 2156.850076][T25744] oom_kill_process+0xd3/0x280 [ 2156.855251][T25744] out_of_memory+0x5b6/0x890 [ 2156.859812][T25744] ? unregister_oom_notifier+0x20/0x20 [ 2156.865268][T25744] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2156.870798][T25744] ? get_page_from_freelist+0x7c0/0x7c0 [ 2156.876314][T25744] ? __zone_watermark_ok+0x91/0x280 [ 2156.881491][T25744] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2156.887106][T25744] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2156.892643][T25744] ? copy_process+0x5a4/0x5110 [ 2156.897419][T25744] ? kmem_cache_alloc+0x1d5/0x260 [ 2156.902439][T25744] copy_process+0x5f3/0x5110 [ 2156.907028][T25744] ? mem_cgroup_commit_charge+0x1cc/0x2a0 [ 2156.912718][T25744] ? _raw_spin_lock+0xa1/0x170 [ 2156.917452][T25744] ? mem_cgroup_try_charge_delay+0x10/0x10 [ 2156.923232][T25744] ? __lru_cache_add+0x1a1/0x1f0 [ 2156.928139][T25744] ? fork_idle+0x290/0x290 [ 2156.932522][T25744] _do_fork+0x196/0x920 [ 2156.936659][T25744] ? finish_fault+0x230/0x230 [ 2156.941331][T25744] ? up_write+0xa1/0x190 [ 2156.945547][T25744] ? dup_mm+0x300/0x300 [ 2156.949701][T25744] __x64_sys_clone+0x25e/0x2c0 [ 2156.954463][T25744] ? __ia32_sys_vfork+0x110/0x110 [ 2156.959481][T25744] ? do_user_addr_fault+0x55c/0x9f0 [ 2156.964659][T25744] do_syscall_64+0xcb/0x150 [ 2156.969145][T25744] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2156.975028][T25744] RIP: 0033:0x45f6a9 [ 2156.978896][T25744] Code: ff 48 85 f6 0f 84 57 8c fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c 2e 8c fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 2156.998496][T25744] RSP: 002b:00007ffd7c796528 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 2157.007323][T25744] RAX: ffffffffffffffda RBX: 00007fbf5a9f2700 RCX: 000000000045f6a9 [ 2157.015715][T25744] RDX: 00007fbf5a9f29d0 RSI: 00007fbf5a9f1db0 RDI: 00000000003d0f00 [ 2157.023684][T25744] RBP: 00007ffd7c796750 R08: 00007fbf5a9f2700 R09: 00007fbf5a9f2700 [ 2157.031650][T25744] R10: 00007fbf5a9f29d0 R11: 0000000000000202 R12: 0000000000000000 [ 2157.039775][T25744] R13: 00007ffd7c7965df R14: 00007fbf5a9f29c0 R15: 000000000078c04c [ 2157.049047][T25744] Mem-Info: [ 2157.053010][T25744] active_anon:1415580 inactive_anon:9707 isolated_anon:0 [ 2157.053010][T25744] active_file:92 inactive_file:222 isolated_file:0 [ 2157.053010][T25744] unevictable:363 dirty:9 writeback:0 unstable:0 [ 2157.053010][T25744] slab_reclaimable:11298 slab_unreclaimable:75692 21:32:45 executing program 5: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:32:45 executing program 2: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x0, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:32:45 executing program 4: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x0) 21:32:45 executing program 0: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) [ 2157.053010][T25744] mapped:57776 shmem:9776 pagetables:35419 bounce:0 [ 2157.053010][T25744] free:13117 free_pcp:754 free_cma:0 [ 2157.180572][T25744] Node 0 active_anon:5662620kB inactive_anon:38828kB active_file:0kB inactive_file:640kB unevictable:1452kB isolated(anon):0kB isolated(file):0kB mapped:230804kB dirty:36kB writeback:0kB shmem:39104kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2157.205722][T25744] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2157.231872][T25744] lowmem_reserve[]: 0 2912 6416 6416 [ 2157.237407][T25744] DMA32 free:21564kB min:4644kB low:7624kB high:10604kB active_anon:2841052kB inactive_anon:5352kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2983768kB mlocked:0kB kernel_stack:13984kB pagetables:17124kB bounce:0kB free_pcp:1852kB local_pcp:1308kB free_cma:0kB [ 2157.266648][T25744] lowmem_reserve[]: 0 0 3504 3504 [ 2157.271759][T25744] Normal free:13712kB min:5592kB low:9180kB high:12768kB active_anon:2821236kB inactive_anon:33476kB active_file:104kB inactive_file:332kB unevictable:1452kB writepending:36kB present:4718592kB managed:3588928kB mlocked:1452kB kernel_stack:28864kB pagetables:124552kB bounce:0kB free_pcp:1932kB local_pcp:1500kB free_cma:0kB [ 2157.302221][T25744] lowmem_reserve[]: 0 0 0 0 [ 2157.306826][T25744] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2157.358638][T25744] DMA32: 37*4kB (UMEH) 9*8kB (UME) 36*16kB (UMEH) 28*32kB (UMEH) 11*64kB (UME) 28*128kB (UME) 8*256kB (UE) 0*512kB 0*1024kB 3*2048kB (ME) 1*4096kB (M) = 18268kB [ 2157.378380][T25744] Normal: 287*4kB (UME) 35*8kB (UME) 46*16kB (UME) 24*32kB (ME) 11*64kB (UME) 4*128kB (UME) 1*256kB (M) 1*512kB (U) 1*1024kB (M) 0*2048kB 0*4096kB = 5940kB [ 2157.394855][T25744] 10127 total pagecache pages [ 2157.399532][T25744] 0 pages in swap cache [ 2157.403669][T25744] Swap cache stats: add 0, delete 0, find 0/0 [ 2157.409747][T25744] Free swap = 0kB [ 2157.413452][T25744] Total swap = 0kB [ 2157.417224][T25744] 1965979 pages RAM [ 2157.421004][T25744] 0 pages HighMem/MovableOnly [ 2157.425682][T25744] 318829 pages reserved [ 2157.429838][T25744] 0 pages cma reserved [ 2157.433881][T25744] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.3,pid=4142,uid=0 [ 2157.447885][T25744] Out of memory: Killed process 4142 (syz-executor.3) total-vm:75240kB, anon-rss:16568kB, file-rss:35840kB, shmem-rss:0kB, UID:0 pgtables:160kB oom_score_adj:1000 [ 2157.468365][T25744] syz-executor.3 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 2157.471748][ T23] oom_reaper: reaped process 4142 (syz-executor.3), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 2157.494367][T25744] CPU: 0 PID: 25744 Comm: syz-executor.3 Not tainted 5.4.56-syzkaller-00005-g8555f0d9d303 #0 [ 2157.504561][T25744] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2157.514610][T25744] Call Trace: [ 2157.517906][T25744] dump_stack+0x14a/0x1ce [ 2157.522238][T25744] ? devkmsg_release+0x11c/0x11c [ 2157.527190][T25744] ? show_regs_print_info+0x12/0x12 [ 2157.532393][T25744] ? radix_tree_cpu_dead+0x160/0x160 [ 2157.537687][T25744] ? _raw_spin_lock+0xa1/0x170 [ 2157.542459][T25744] ? _raw_spin_trylock_bh+0x190/0x190 [ 2157.547849][T25744] dump_header+0xdb/0x700 [ 2157.552190][T25744] oom_kill_process+0xd3/0x280 [ 2157.556963][T25744] out_of_memory+0x5b6/0x890 [ 2157.561588][T25744] ? unregister_oom_notifier+0x20/0x20 [ 2157.567068][T25744] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2157.572631][T25744] ? get_page_from_freelist+0x7c0/0x7c0 [ 2157.578185][T25744] ? __zone_watermark_ok+0x91/0x280 [ 2157.583395][T25744] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2157.588777][T25744] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2157.594331][T25744] ? copy_process+0x5a4/0x5110 [ 2157.599097][T25744] ? kmem_cache_alloc+0x1d5/0x260 [ 2157.604119][T25744] copy_process+0x5f3/0x5110 [ 2157.608712][T25744] ? mem_cgroup_commit_charge+0x1cc/0x2a0 [ 2157.614424][T25744] ? _raw_spin_lock+0xa1/0x170 [ 2157.619184][T25744] ? mem_cgroup_try_charge_delay+0x10/0x10 [ 2157.624986][T25744] ? __lru_cache_add+0x1a1/0x1f0 [ 2157.629916][T25744] ? fork_idle+0x290/0x290 [ 2157.634326][T25744] _do_fork+0x196/0x920 [ 2157.638909][T25744] ? finish_fault+0x230/0x230 [ 2157.643573][T25744] ? up_write+0xa1/0x190 [ 2157.647836][T25744] ? dup_mm+0x300/0x300 [ 2157.651990][T25744] __x64_sys_clone+0x25e/0x2c0 [ 2157.656750][T25744] ? __ia32_sys_vfork+0x110/0x110 [ 2157.661765][T25744] ? do_user_addr_fault+0x55c/0x9f0 [ 2157.666953][T25744] do_syscall_64+0xcb/0x150 [ 2157.671451][T25744] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2157.677339][T25744] RIP: 0033:0x45f6a9 [ 2157.681230][T25744] Code: ff 48 85 f6 0f 84 57 8c fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c 2e 8c fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 2157.700835][T25744] RSP: 002b:00007ffd7c796528 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 2157.709260][T25744] RAX: ffffffffffffffda RBX: 00007fbf5a9f2700 RCX: 000000000045f6a9 [ 2157.717265][T25744] RDX: 00007fbf5a9f29d0 RSI: 00007fbf5a9f1db0 RDI: 00000000003d0f00 [ 2157.725289][T25744] RBP: 00007ffd7c796750 R08: 00007fbf5a9f2700 R09: 00007fbf5a9f2700 [ 2157.733260][T25744] R10: 00007fbf5a9f29d0 R11: 0000000000000202 R12: 0000000000000000 [ 2157.741224][T25744] R13: 00007ffd7c7965df R14: 00007fbf5a9f29c0 R15: 000000000078c04c [ 2157.757021][T25744] Mem-Info: [ 2157.760175][T25744] active_anon:1415334 inactive_anon:9707 isolated_anon:0 [ 2157.760175][T25744] active_file:99 inactive_file:199 isolated_file:0 [ 2157.760175][T25744] unevictable:363 dirty:3 writeback:0 unstable:0 [ 2157.760175][T25744] slab_reclaimable:11297 slab_unreclaimable:75738 [ 2157.760175][T25744] mapped:57782 shmem:9776 pagetables:35370 bounce:0 [ 2157.760175][T25744] free:12728 free_pcp:1386 free_cma:0 [ 2157.798225][T25744] Node 0 active_anon:5645736kB inactive_anon:38828kB active_file:396kB inactive_file:796kB unevictable:1452kB isolated(anon):0kB isolated(file):0kB mapped:231128kB dirty:12kB writeback:0kB shmem:39104kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 2157.822815][T25744] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2157.849822][T25744] lowmem_reserve[]: 0 2912 6416 6416 [ 2157.855120][T25744] DMA32 free:21100kB min:4644kB low:7624kB high:10604kB active_anon:2841060kB inactive_anon:5352kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2983768kB mlocked:0kB kernel_stack:14016kB pagetables:17156kB bounce:0kB free_pcp:2856kB local_pcp:1492kB free_cma:0kB [ 2157.884218][T25744] lowmem_reserve[]: 0 0 3504 3504 [ 2157.889324][T25744] Normal free:27968kB min:5592kB low:9180kB high:12768kB active_anon:2804676kB inactive_anon:33476kB active_file:896kB inactive_file:3696kB unevictable:1452kB writepending:12kB present:4718592kB managed:3588928kB mlocked:1452kB kernel_stack:28448kB pagetables:124172kB bounce:0kB free_pcp:1756kB local_pcp:1448kB free_cma:0kB [ 2157.919735][T25744] lowmem_reserve[]: 0 0 0 0 [ 2157.925063][T25744] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2157.938438][T25744] DMA32: 187*4kB (UMEH) 54*8kB (UME) 51*16kB (UMEH) 49*32kB (UMEH) 22*64kB (UME) 30*128kB (UME) 8*256kB (UE) 0*512kB 0*1024kB 3*2048kB (ME) 1*4096kB (M) = 21100kB [ 2157.954739][T25744] Normal: 249*4kB (UME) 348*8kB (UME) 221*16kB (ME) 138*32kB (UMEH) 88*64kB (UME) 45*128kB (UME) 7*256kB (M) 1*512kB (U) 1*1024kB (M) 0*2048kB 0*4096kB = 26452kB [ 2157.970929][T25744] 11825 total pagecache pages [ 2157.975648][T25744] 0 pages in swap cache [ 2157.979780][T25744] Swap cache stats: add 0, delete 0, find 0/0 [ 2157.985853][T25744] Free swap = 0kB [ 2157.989559][T25744] Total swap = 0kB [ 2157.993307][T25744] 1965979 pages RAM [ 2157.997143][T25744] 0 pages HighMem/MovableOnly [ 2158.002595][T25744] 318829 pages reserved [ 2158.006766][T25744] 0 pages cma reserved [ 2158.010826][T25744] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.1,pid=3703,uid=0 [ 2158.024901][T25744] Out of memory: Killed process 3703 (syz-executor.1) total-vm:75372kB, anon-rss:16564kB, file-rss:35840kB, shmem-rss:0kB, UID:0 pgtables:164kB oom_score_adj:1000 [ 2158.052261][ T23] oom_reaper: reaped process 3703 (syz-executor.1), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 21:32:46 executing program 2: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x0, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:32:46 executing program 0: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) 21:32:46 executing program 5: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:32:46 executing program 1: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/netlink\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0xc000000, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) 21:32:46 executing program 4: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x0) 21:32:46 executing program 3: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:32:46 executing program 5: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:32:46 executing program 0: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) 21:32:46 executing program 4: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x0) 21:32:46 executing program 3: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) [ 2158.706791][ T361] syz-executor.0 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 2158.717909][ T361] CPU: 0 PID: 361 Comm: syz-executor.0 Not tainted 5.4.56-syzkaller-00005-g8555f0d9d303 #0 [ 2158.727871][ T361] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2158.737906][ T361] Call Trace: [ 2158.741180][ T361] dump_stack+0x14a/0x1ce [ 2158.745499][ T361] ? devkmsg_release+0x11c/0x11c [ 2158.750426][ T361] ? show_regs_print_info+0x12/0x12 [ 2158.755616][ T361] ? radix_tree_cpu_dead+0x160/0x160 [ 2158.760889][ T361] ? _raw_spin_lock+0xa1/0x170 [ 2158.765640][ T361] ? _raw_spin_trylock_bh+0x190/0x190 [ 2158.771005][ T361] dump_header+0xdb/0x700 [ 2158.775325][ T361] oom_kill_process+0xd3/0x280 [ 2158.780097][ T361] out_of_memory+0x5b6/0x890 [ 2158.784668][ T361] ? unregister_oom_notifier+0x20/0x20 [ 2158.790112][ T361] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2158.795642][ T361] ? get_page_from_freelist+0x7c0/0x7c0 [ 2158.801185][ T361] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2158.806652][ T361] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2158.813088][ T361] pagecache_get_page+0x50f/0x880 [ 2158.818099][ T361] filemap_fault+0x14cb/0x1a30 [ 2158.822852][ T361] ? __down_read+0xf1/0x210 [ 2158.827377][ T361] ? generic_file_read_iter+0x20b0/0x20b0 [ 2158.833080][ T361] ? handle_mm_fault+0xf4a/0x41e0 [ 2158.838110][ T361] ext4_filemap_fault+0x7b/0x90 [ 2158.842964][ T361] handle_mm_fault+0x29ca/0x41e0 [ 2158.847899][ T361] ? finish_fault+0x230/0x230 [ 2158.852555][ T361] ? get_timespec64+0x11f/0x1d0 [ 2158.857393][ T361] ? down_read_trylock+0x17a/0x1d0 [ 2158.862493][ T361] ? vmacache_find+0x205/0x4b0 [ 2158.867239][ T361] do_user_addr_fault+0x48a/0x9f0 [ 2158.872259][ T361] page_fault+0x2f/0x40 [ 2158.876400][ T361] RIP: 0033:0x4105de [ 2158.880288][ T361] Code: 89 c6 48 8b 05 c3 35 89 00 4c 89 f3 44 8b 20 eb 48 0f 1f 00 bf e8 03 00 00 e8 8e c6 04 00 e8 79 2d ff ff 48 8b 15 a2 35 89 00 <8b> 0a 48 89 c2 41 39 cc 48 0f 45 d8 4c 29 f2 48 81 fa 87 13 00 00 [ 2158.899869][ T361] RSP: 002b:00007ffc21977cb0 EFLAGS: 00010202 [ 2158.905908][ T361] RAX: 000000000020eff2 RBX: 000000000020ef9f RCX: 000000000020edb0 [ 2158.913854][ T361] RDX: 0000001b31e20000 RSI: 0000000000000000 RDI: 0000000000000001 [ 2158.921799][ T361] RBP: 0000000000003188 R08: 0000000000000001 R09: 000000000124f940 [ 2158.929743][ T361] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000000a [ 2158.937704][ T361] R13: 00007ffc21977ce0 R14: 000000000020eea3 R15: 00007ffc21977cf0 [ 2158.948171][ T361] Mem-Info: [ 2158.951432][ T361] active_anon:1419412 inactive_anon:9707 isolated_anon:0 [ 2158.951432][ T361] active_file:37 inactive_file:29 isolated_file:0 [ 2158.951432][ T361] unevictable:363 dirty:7 writeback:1 unstable:0 [ 2158.951432][ T361] slab_reclaimable:11266 slab_unreclaimable:76031 [ 2158.951432][ T361] mapped:57712 shmem:9776 pagetables:35516 bounce:0 [ 2158.951432][ T361] free:9845 free_pcp:61 free_cma:0 [ 2158.989116][ T361] Node 0 active_anon:5677648kB inactive_anon:38828kB active_file:148kB inactive_file:100kB unevictable:1452kB isolated(anon):0kB isolated(file):0kB mapped:230848kB dirty:28kB writeback:4kB shmem:39104kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2159.013584][ T361] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2159.039699][ T361] lowmem_reserve[]: 0 2912 6416 6416 [ 2159.047022][ T361] DMA32 free:18088kB min:4644kB low:7624kB high:10604kB active_anon:2847132kB inactive_anon:5352kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2983768kB mlocked:0kB kernel_stack:14080kB pagetables:17152kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2159.075861][ T361] lowmem_reserve[]: 0 0 3504 3504 [ 2159.081125][ T361] Normal free:5388kB min:5592kB low:9180kB high:12768kB active_anon:2830316kB inactive_anon:33476kB active_file:48kB inactive_file:128kB unevictable:1452kB writepending:32kB present:4718592kB managed:3588928kB mlocked:1452kB kernel_stack:28896kB pagetables:124912kB bounce:0kB free_pcp:236kB local_pcp:236kB free_cma:0kB [ 2159.112054][ T361] lowmem_reserve[]: 0 0 0 0 [ 2159.117409][ T361] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2159.131265][ T361] DMA32: 112*4kB (UMEH) 15*8kB (UME) 47*16kB (UEH) 34*32kB (UMEH) 12*64kB (UME) 23*128kB (UE) 9*256kB (UME) 1*512kB (M) 1*1024kB (M) 2*2048kB (ME) 1*4096kB (M) = 18152kB [ 2159.148938][ T361] Normal: 58*4kB (UME) 31*8kB (UME) 56*16kB (UME) 32*32kB (UME) 10*64kB (UME) 7*128kB (ME) 4*256kB (M) 1*512kB (M) 0*1024kB 0*2048kB 0*4096kB = 5472kB [ 2159.164207][ T361] 10127 total pagecache pages [ 2159.169325][ T361] 0 pages in swap cache [ 2159.173466][ T361] Swap cache stats: add 0, delete 0, find 0/0 [ 2159.179559][ T361] Free swap = 0kB [ 2159.183278][ T361] Total swap = 0kB [ 2159.187584][ T361] 1965979 pages RAM [ 2159.191395][ T361] 0 pages HighMem/MovableOnly [ 2159.196082][ T361] 318829 pages reserved [ 2159.200232][ T361] 0 pages cma reserved [ 2159.204296][ T361] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.0,pid=24929,uid=0 [ 2159.218941][ T361] Out of memory: Killed process 24929 (syz-executor.0) total-vm:75240kB, anon-rss:16564kB, file-rss:35840kB, shmem-rss:0kB, UID:0 pgtables:160kB oom_score_adj:1000 [ 2159.242073][ T23] oom_reaper: reaped process 24929 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 21:32:47 executing program 2: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:32:47 executing program 0: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) 21:32:47 executing program 4: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x0) 21:32:47 executing program 1: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/netlink\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0xc000000, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) 21:32:47 executing program 5: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) [ 2159.480917][T25889] syz-executor.5 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 2159.493082][T25889] CPU: 0 PID: 25889 Comm: syz-executor.5 Not tainted 5.4.56-syzkaller-00005-g8555f0d9d303 #0 [ 2159.503211][T25889] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2159.513251][T25889] Call Trace: [ 2159.516536][T25889] dump_stack+0x14a/0x1ce [ 2159.520880][T25889] ? devkmsg_release+0x11c/0x11c [ 2159.525812][T25889] ? show_regs_print_info+0x12/0x12 [ 2159.531002][T25889] ? radix_tree_cpu_dead+0x160/0x160 [ 2159.536278][T25889] ? _raw_spin_lock+0xa1/0x170 [ 2159.541034][T25889] ? _raw_spin_trylock_bh+0x190/0x190 [ 2159.546403][T25889] dump_header+0xdb/0x700 [ 2159.550728][T25889] oom_kill_process+0xd3/0x280 [ 2159.555486][T25889] out_of_memory+0x5b6/0x890 [ 2159.560062][T25889] ? unregister_oom_notifier+0x20/0x20 [ 2159.565518][T25889] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2159.571066][T25889] ? get_page_from_freelist+0x7c0/0x7c0 [ 2159.576609][T25889] ? __zone_watermark_ok+0x91/0x280 [ 2159.581797][T25889] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2159.587159][T25889] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2159.592708][T25889] ? _raw_spin_trylock_bh+0x190/0x190 [ 2159.598073][T25889] __pmd_alloc+0x3a/0x1f0 [ 2159.602391][T25889] copy_page_range+0x1568/0x1710 [ 2159.608194][T25889] ? up_read+0x10/0x10 [ 2159.612270][T25889] ? apic_timer_interrupt+0xa/0x20 [ 2159.618062][T25889] ? print_bad_pte+0x650/0x650 [ 2159.622815][T25889] ? init_admin_reserve+0xc0/0xc0 [ 2159.627831][T25889] ? __rb_insert_augmented+0x728/0x740 [ 2159.633286][T25889] dup_mmap+0x870/0xc00 [ 2159.637436][T25889] ? __delayed_free_task+0x20/0x20 [ 2159.642537][T25889] ? mm_init+0x5c6/0x720 [ 2159.646761][T25889] dup_mm+0x98/0x300 [ 2159.650646][T25889] copy_process+0x2052/0x5110 [ 2159.655319][T25889] ? fork_idle+0x290/0x290 [ 2159.659730][T25889] ? irq_work_queue_on+0x289/0x2d0 [ 2159.664835][T25889] _do_fork+0x196/0x920 [ 2159.668984][T25889] ? dup_mm+0x300/0x300 [ 2159.673127][T25889] ? ktime_get_raw+0x130/0x130 [ 2159.677886][T25889] __x64_sys_clone+0x25e/0x2c0 [ 2159.682653][T25889] ? __ia32_sys_vfork+0x110/0x110 [ 2159.687674][T25889] ? __x64_sys_clock_gettime+0x20d/0x260 [ 2159.693314][T25889] do_syscall_64+0xcb/0x150 [ 2159.703380][T25889] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2159.709270][T25889] RIP: 0033:0x45ccd9 [ 2159.713152][T25889] Code: 2d b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb b5 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2159.732742][T25889] RSP: 002b:00007f2dca048c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2159.741146][T25889] RAX: ffffffffffffffda RBX: 0000000000001f00 RCX: 000000000045ccd9 [ 2159.749121][T25889] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 2159.757681][T25889] RBP: 000000000078c130 R08: ffffffffffffffff R09: 0000000000000000 [ 2159.765640][T25889] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078c0ec [ 2159.773609][T25889] R13: 00007ffc5a445d3f R14: 00007f2dca0499c0 R15: 000000000078c0ec [ 2159.782337][T25889] Mem-Info: [ 2159.785526][T25889] active_anon:1418296 inactive_anon:9707 isolated_anon:0 [ 2159.785526][T25889] active_file:53 inactive_file:25 isolated_file:0 [ 2159.785526][T25889] unevictable:363 dirty:22 writeback:21 unstable:0 [ 2159.785526][T25889] slab_reclaimable:11261 slab_unreclaimable:76185 [ 2159.785526][T25889] mapped:57727 shmem:9776 pagetables:35528 bounce:0 [ 2159.785526][T25889] free:10298 free_pcp:341 free_cma:0 [ 2159.823519][T25889] Node 0 active_anon:5676716kB inactive_anon:38828kB active_file:180kB inactive_file:88kB unevictable:1452kB isolated(anon):0kB isolated(file):16kB mapped:230848kB dirty:96kB writeback:4kB shmem:39104kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2159.848493][T25889] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2159.874520][T25889] lowmem_reserve[]: 0 2912 6416 6416 [ 2159.879804][T25889] DMA32 free:17488kB min:4644kB low:7624kB high:10604kB active_anon:2845928kB inactive_anon:5352kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2983768kB mlocked:0kB kernel_stack:14464kB pagetables:17040kB bounce:0kB free_pcp:1448kB local_pcp:0kB free_cma:0kB [ 2159.908712][T25889] lowmem_reserve[]: 0 0 3504 3504 [ 2159.913728][T25889] Normal free:6700kB min:5592kB low:9180kB high:12768kB active_anon:2826776kB inactive_anon:33476kB active_file:88kB inactive_file:140kB unevictable:1452kB writepending:100kB present:4718592kB managed:3588928kB mlocked:1452kB kernel_stack:28768kB pagetables:125188kB bounce:0kB free_pcp:1700kB local_pcp:492kB free_cma:0kB [ 2159.943852][T25889] lowmem_reserve[]: 0 0 0 0 [ 2159.948371][T25889] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2159.961673][T25889] DMA32: 109*4kB (UME) 17*8kB (UE) 45*16kB (UE) 22*32kB (UE) 11*64kB (UE) 24*128kB (UME) 9*256kB (UME) 1*512kB (M) 1*1024kB (M) 2*2048kB (ME) 1*4096kB (M) = 17804kB [ 2159.978905][T25889] Normal: 688*4kB (UME) 50*8kB (UME) 48*16kB (UME) 24*32kB (UME) 10*64kB (UME) 2*128kB (E) 4*256kB (UM) 1*512kB (U) 0*1024kB 0*2048kB 0*4096kB = 7120kB [ 2159.994236][T25889] 10203 total pagecache pages [ 2159.998919][T25889] 0 pages in swap cache [ 2160.003064][T25889] Swap cache stats: add 0, delete 0, find 0/0 [ 2160.009139][T25889] Free swap = 0kB [ 2160.012849][T25889] Total swap = 0kB [ 2160.016582][T25889] 1965979 pages RAM [ 2160.020383][T25889] 0 pages HighMem/MovableOnly [ 2160.025063][T25889] 318829 pages reserved [ 2160.029233][T25889] 0 pages cma reserved [ 2160.033295][T25889] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.0,pid=26985,uid=0 [ 2160.047420][T25889] Out of memory: Killed process 26985 (syz-executor.0) total-vm:75240kB, anon-rss:16564kB, file-rss:35840kB, shmem-rss:0kB, UID:0 pgtables:160kB oom_score_adj:1000 [ 2160.122922][ T23] oom_reaper: reaped process 26985 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 21:32:48 executing program 4: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x0) 21:32:48 executing program 3: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:32:48 executing program 1: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) 21:32:48 executing program 2: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:32:48 executing program 0: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) 21:32:48 executing program 5: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) [ 2160.618729][T25902] syz-executor.3 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 2160.631566][T25902] CPU: 1 PID: 25902 Comm: syz-executor.3 Not tainted 5.4.56-syzkaller-00005-g8555f0d9d303 #0 [ 2160.641739][T25902] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2160.651766][T25902] Call Trace: [ 2160.655047][T25902] dump_stack+0x14a/0x1ce [ 2160.659347][T25902] ? devkmsg_release+0x11c/0x11c [ 2160.664255][T25902] ? show_regs_print_info+0x12/0x12 [ 2160.669772][T25902] ? radix_tree_cpu_dead+0x160/0x160 [ 2160.675048][T25902] ? _raw_spin_lock+0xa1/0x170 [ 2160.679799][T25902] ? _raw_spin_trylock_bh+0x190/0x190 [ 2160.685151][T25902] dump_header+0xdb/0x700 [ 2160.690254][T25902] oom_kill_process+0xd3/0x280 [ 2160.695074][T25902] out_of_memory+0x5b6/0x890 [ 2160.699667][T25902] ? unregister_oom_notifier+0x20/0x20 [ 2160.705102][T25902] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2160.710737][T25902] ? get_page_from_freelist+0x7c0/0x7c0 [ 2160.716292][T25902] ? __zone_watermark_ok+0x91/0x280 [ 2160.721474][T25902] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2160.726831][T25902] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2160.732357][T25902] ? copy_process+0x5a4/0x5110 [ 2160.737131][T25902] ? kmem_cache_alloc+0x1d5/0x260 [ 2160.742154][T25902] copy_process+0x5f3/0x5110 [ 2160.746730][T25902] ? mem_cgroup_commit_charge+0x1cc/0x2a0 [ 2160.752459][T25902] ? _raw_spin_lock+0xa1/0x170 [ 2160.757210][T25902] ? mem_cgroup_try_charge_delay+0x10/0x10 [ 2160.762993][T25902] ? __lru_cache_add+0x1a1/0x1f0 [ 2160.767900][T25902] ? fork_idle+0x290/0x290 [ 2160.772286][T25902] _do_fork+0x196/0x920 [ 2160.776414][T25902] ? finish_fault+0x230/0x230 [ 2160.781066][T25902] ? up_write+0xa1/0x190 [ 2160.785288][T25902] ? dup_mm+0x300/0x300 [ 2160.789437][T25902] __x64_sys_clone+0x25e/0x2c0 [ 2160.794172][T25902] ? __ia32_sys_vfork+0x110/0x110 [ 2160.799179][T25902] ? do_user_addr_fault+0x55c/0x9f0 [ 2160.804374][T25902] do_syscall_64+0xcb/0x150 [ 2160.808855][T25902] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2160.814723][T25902] RIP: 0033:0x45f6a9 [ 2160.818623][T25902] Code: ff 48 85 f6 0f 84 57 8c fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c 2e 8c fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 2160.838216][T25902] RSP: 002b:00007ffd7c796528 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 2160.846618][T25902] RAX: ffffffffffffffda RBX: 00007fbf5a9f2700 RCX: 000000000045f6a9 [ 2160.854569][T25902] RDX: 00007fbf5a9f29d0 RSI: 00007fbf5a9f1db0 RDI: 00000000003d0f00 [ 2160.862584][T25902] RBP: 00007ffd7c796750 R08: 00007fbf5a9f2700 R09: 00007fbf5a9f2700 [ 2160.870557][T25902] R10: 00007fbf5a9f29d0 R11: 0000000000000202 R12: 0000000000000000 [ 2160.878525][T25902] R13: 00007ffd7c7965df R14: 00007fbf5a9f29c0 R15: 000000000078c04c [ 2160.898164][T25902] Mem-Info: [ 2160.901359][T25902] active_anon:1418642 inactive_anon:9707 isolated_anon:0 [ 2160.901359][T25902] active_file:16 inactive_file:7 isolated_file:32 [ 2160.901359][T25902] unevictable:363 dirty:34 writeback:10 unstable:0 [ 2160.901359][T25902] slab_reclaimable:11189 slab_unreclaimable:76726 [ 2160.901359][T25902] mapped:57743 shmem:9776 pagetables:35635 bounce:0 [ 2160.901359][T25902] free:9625 free_pcp:0 free_cma:0 [ 2160.939103][T25902] Node 0 active_anon:5674568kB inactive_anon:38828kB active_file:64kB inactive_file:88kB unevictable:1452kB isolated(anon):0kB isolated(file):0kB mapped:230968kB dirty:72kB writeback:0kB shmem:39104kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 2160.964687][T25902] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2160.990751][T25902] lowmem_reserve[]: 0 2912 6416 6416 [ 2160.996097][T25902] DMA32 free:18028kB min:4644kB low:7624kB high:10604kB active_anon:2841240kB inactive_anon:5352kB active_file:0kB inactive_file:120kB unevictable:0kB writepending:40kB present:3129332kB managed:2983768kB mlocked:0kB kernel_stack:14880kB pagetables:17772kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2161.037598][T25902] lowmem_reserve[]: 0 0 3504 3504 [ 2161.042897][T25902] Normal free:4000kB min:5592kB low:9180kB high:12768kB active_anon:2832732kB inactive_anon:33476kB active_file:8kB inactive_file:48kB unevictable:1452kB writepending:28kB present:4718592kB managed:3588928kB mlocked:1452kB kernel_stack:28640kB pagetables:124768kB bounce:0kB free_pcp:4kB local_pcp:0kB free_cma:0kB [ 2161.072537][T25902] lowmem_reserve[]: 0 0 0 0 [ 2161.077055][T25902] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2161.090350][T25902] DMA32: 7*4kB (UMH) 5*8kB (UME) 12*16kB (UEH) 29*32kB (UME) 38*64kB (MEH) 19*128kB (UMEH) 6*256kB (UMEH) 2*512kB (UM) 2*1024kB (UM) 3*2048kB (UME) 0*4096kB = 16804kB [ 2161.106980][T25902] Normal: 136*4kB (UME) 30*8kB (UE) 71*16kB (UME) 35*32kB (UME) 8*64kB (ME) 2*128kB (E) 1*256kB (M) 1*512kB (M) 0*1024kB 0*2048kB 0*4096kB = 4576kB [ 2161.122879][T25902] 10138 total pagecache pages [ 2161.127561][T25902] 0 pages in swap cache [ 2161.132127][T25902] Swap cache stats: add 0, delete 0, find 0/0 [ 2161.138211][T25902] Free swap = 0kB [ 2161.141922][T25902] Total swap = 0kB [ 2161.147179][T25902] 1965979 pages RAM [ 2161.151859][T25902] 0 pages HighMem/MovableOnly [ 2161.165669][T25902] 318829 pages reserved [ 2161.170684][T25902] 0 pages cma reserved [ 2161.174842][T25902] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.5,pid=21648,uid=0 [ 2161.190011][T25902] Out of memory: Killed process 21648 (syz-executor.5) total-vm:75240kB, anon-rss:16564kB, file-rss:35840kB, shmem-rss:0kB, UID:0 pgtables:160kB oom_score_adj:1000 [ 2161.223649][T25902] syz-executor.3 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 2161.235869][T25902] CPU: 0 PID: 25902 Comm: syz-executor.3 Not tainted 5.4.56-syzkaller-00005-g8555f0d9d303 #0 [ 2161.246015][T25902] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2161.256052][T25902] Call Trace: [ 2161.259437][T25902] dump_stack+0x14a/0x1ce [ 2161.263757][T25902] ? devkmsg_release+0x11c/0x11c [ 2161.268694][T25902] ? show_regs_print_info+0x12/0x12 [ 2161.273887][T25902] ? radix_tree_cpu_dead+0x160/0x160 [ 2161.279153][T25902] ? _raw_spin_lock+0xa1/0x170 [ 2161.283898][T25902] ? _raw_spin_trylock_bh+0x190/0x190 [ 2161.289367][T25902] dump_header+0xdb/0x700 [ 2161.293705][T25902] oom_kill_process+0xd3/0x280 [ 2161.298651][T25902] out_of_memory+0x5b6/0x890 [ 2161.303248][T25902] ? unregister_oom_notifier+0x20/0x20 [ 2161.308704][T25902] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2161.314255][T25902] ? get_page_from_freelist+0x7c0/0x7c0 [ 2161.319800][T25902] ? __zone_watermark_ok+0x91/0x280 [ 2161.325462][T25902] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2161.330826][T25902] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2161.336359][T25902] ? copy_process+0x5a4/0x5110 [ 2161.341110][T25902] ? kmem_cache_alloc+0x1d5/0x260 [ 2161.346124][T25902] copy_process+0x5f3/0x5110 [ 2161.350705][T25902] ? mem_cgroup_commit_charge+0x1cc/0x2a0 [ 2161.356414][T25902] ? _raw_spin_lock+0xa1/0x170 [ 2161.361197][T25902] ? mem_cgroup_try_charge_delay+0x10/0x10 [ 2161.367608][T25902] ? __lru_cache_add+0x1a1/0x1f0 [ 2161.372634][T25902] ? fork_idle+0x290/0x290 [ 2161.377045][T25902] _do_fork+0x196/0x920 [ 2161.381234][T25902] ? finish_fault+0x230/0x230 [ 2161.385903][T25902] ? up_write+0xa1/0x190 [ 2161.390143][T25902] ? dup_mm+0x300/0x300 [ 2161.394560][T25902] __x64_sys_clone+0x25e/0x2c0 [ 2161.399337][T25902] ? __ia32_sys_vfork+0x110/0x110 [ 2161.404398][T25902] ? do_user_addr_fault+0x55c/0x9f0 [ 2161.410685][T25902] do_syscall_64+0xcb/0x150 [ 2161.415196][T25902] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2161.421091][T25902] RIP: 0033:0x45f6a9 [ 2161.424982][T25902] Code: ff 48 85 f6 0f 84 57 8c fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c 2e 8c fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 2161.444614][T25902] RSP: 002b:00007ffd7c796528 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 2161.453020][T25902] RAX: ffffffffffffffda RBX: 00007fbf5a9f2700 RCX: 000000000045f6a9 [ 2161.460981][T25902] RDX: 00007fbf5a9f29d0 RSI: 00007fbf5a9f1db0 RDI: 00000000003d0f00 [ 2161.468947][T25902] RBP: 00007ffd7c796750 R08: 00007fbf5a9f2700 R09: 00007fbf5a9f2700 [ 2161.476908][T25902] R10: 00007fbf5a9f29d0 R11: 0000000000000202 R12: 0000000000000000 [ 2161.484871][T25902] R13: 00007ffd7c7965df R14: 00007fbf5a9f29c0 R15: 000000000078c04c [ 2161.600526][T25902] Mem-Info: [ 2161.603771][T25902] active_anon:1415447 inactive_anon:9707 isolated_anon:0 [ 2161.603771][T25902] active_file:9 inactive_file:16 isolated_file:0 [ 2161.603771][T25902] unevictable:363 dirty:18 writeback:2 unstable:0 [ 2161.603771][T25902] slab_reclaimable:11189 slab_unreclaimable:76844 [ 2161.603771][T25902] mapped:57738 shmem:9776 pagetables:35646 bounce:0 [ 2161.603771][T25902] free:11914 free_pcp:1013 free_cma:0 [ 2161.642389][T25902] Node 0 active_anon:5661788kB inactive_anon:38828kB active_file:36kB inactive_file:864kB unevictable:1452kB isolated(anon):0kB isolated(file):0kB mapped:231452kB dirty:72kB writeback:8kB shmem:39104kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2161.715391][T25902] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2161.793783][T25902] lowmem_reserve[]: 0 2912 6416 6416 [ 2161.800410][T25902] DMA32 free:20284kB min:4644kB low:7624kB high:10604kB active_anon:2840976kB inactive_anon:5352kB active_file:0kB inactive_file:16kB unevictable:0kB writepending:4kB present:3129332kB managed:2983768kB mlocked:0kB kernel_stack:14496kB pagetables:17564kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2161.831204][T25902] lowmem_reserve[]: 0 0 3504 3504 [ 2161.836711][T25902] Normal free:13592kB min:5592kB low:9180kB high:12768kB active_anon:2822172kB inactive_anon:33476kB active_file:8kB inactive_file:224kB unevictable:1452kB writepending:40kB present:4718592kB managed:3588928kB mlocked:1452kB kernel_stack:28608kB pagetables:124904kB bounce:0kB free_pcp:804kB local_pcp:36kB free_cma:0kB [ 2161.870475][T25902] lowmem_reserve[]: 0 0 0 0 [ 2161.875975][T25902] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2161.889359][T25902] DMA32: 419*4kB (UMH) 79*8kB (UME) 35*16kB (UMEH) 60*32kB (UMEH) 39*64kB (UMEH) 20*128kB (UMEH) 6*256kB (UMEH) 2*512kB (UM) 2*1024kB (UM) 3*2048kB (UME) 0*4096kB = 20596kB [ 2161.906624][T25902] Normal: 913*4kB (ME) 142*8kB (ME) 211*16kB (ME) 160*32kB (UME) 71*64kB (UME) 19*128kB (ME) 0*256kB 2*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 21284kB [ 2161.921926][T25902] 10250 total pagecache pages [ 2161.926603][T25902] 0 pages in swap cache [ 2161.930737][T25902] Swap cache stats: add 0, delete 0, find 0/0 [ 2161.936793][T25902] Free swap = 0kB [ 2161.940502][T25902] Total swap = 0kB [ 2161.944201][T25902] 1965979 pages RAM [ 2161.947997][T25902] 0 pages HighMem/MovableOnly [ 2161.952716][T25902] 318829 pages reserved [ 2161.956872][T25902] 0 pages cma reserved [ 2161.960922][T25902] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.0,pid=17122,uid=0 [ 2161.975012][T25902] Out of memory: Killed process 17122 (syz-executor.0) total-vm:75240kB, anon-rss:16564kB, file-rss:35840kB, shmem-rss:0kB, UID:0 pgtables:160kB oom_score_adj:1000 [ 2161.993690][ T23] oom_reaper: reaped process 17122 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 2162.052933][T25911] syz-executor.2 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 2162.067916][T25911] CPU: 1 PID: 25911 Comm: syz-executor.2 Not tainted 5.4.56-syzkaller-00005-g8555f0d9d303 #0 [ 2162.078075][T25911] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2162.088141][T25911] Call Trace: [ 2162.091445][T25911] dump_stack+0x14a/0x1ce [ 2162.095772][T25911] ? devkmsg_release+0x11c/0x11c [ 2162.100703][T25911] ? show_regs_print_info+0x12/0x12 [ 2162.105907][T25911] ? radix_tree_cpu_dead+0x160/0x160 [ 2162.111196][T25911] ? _raw_spin_lock+0xa1/0x170 [ 2162.115956][T25911] ? _raw_spin_trylock_bh+0x190/0x190 [ 2162.121319][T25911] dump_header+0xdb/0x700 [ 2162.125639][T25911] oom_kill_process+0xd3/0x280 [ 2162.130907][T25911] out_of_memory+0x5b6/0x890 [ 2162.135484][T25911] ? unregister_oom_notifier+0x20/0x20 [ 2162.140952][T25911] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2162.146501][T25911] ? get_page_from_freelist+0x7c0/0x7c0 [ 2162.152063][T25911] ? __zone_watermark_ok+0x91/0x280 [ 2162.157264][T25911] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2162.162639][T25911] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2162.168173][T25911] ? copy_process+0x5a4/0x5110 [ 2162.172914][T25911] ? copy_process+0x5a4/0x5110 [ 2162.177676][T25911] ? kmem_cache_alloc+0x1d5/0x260 [ 2162.182683][T25911] copy_process+0x5f3/0x5110 [ 2162.187258][T25911] ? mem_cgroup_commit_charge+0x1cc/0x2a0 [ 2162.192962][T25911] ? _raw_spin_lock+0xa1/0x170 [ 2162.197708][T25911] ? mem_cgroup_try_charge_delay+0x10/0x10 [ 2162.203500][T25911] ? __lru_cache_add+0x1a1/0x1f0 [ 2162.208424][T25911] ? fork_idle+0x290/0x290 [ 2162.212823][T25911] ? cpus_share_cache+0xd0/0xd0 [ 2162.217654][T25911] _do_fork+0x196/0x920 [ 2162.221791][T25911] ? finish_fault+0x230/0x230 [ 2162.226461][T25911] ? up_write+0x180/0x190 [ 2162.230789][T25911] ? dup_mm+0x300/0x300 [ 2162.234928][T25911] __x64_sys_clone+0x25e/0x2c0 [ 2162.239671][T25911] ? __ia32_sys_vfork+0x110/0x110 [ 2162.244676][T25911] ? do_user_addr_fault+0x55c/0x9f0 [ 2162.249853][T25911] do_syscall_64+0xcb/0x150 [ 2162.255305][T25911] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2162.261191][T25911] RIP: 0033:0x45f6a9 [ 2162.265072][T25911] Code: ff 48 85 f6 0f 84 57 8c fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c 2e 8c fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 2162.284662][T25911] RSP: 002b:00007ffdfaf6b118 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 2162.293070][T25911] RAX: ffffffffffffffda RBX: 00007fddb5d67700 RCX: 000000000045f6a9 [ 2162.301025][T25911] RDX: 00007fddb5d679d0 RSI: 00007fddb5d66db0 RDI: 00000000003d0f00 [ 2162.308976][T25911] RBP: 00007ffdfaf6b340 R08: 00007fddb5d67700 R09: 00007fddb5d67700 [ 2162.316928][T25911] R10: 00007fddb5d679d0 R11: 0000000000000202 R12: 0000000000000000 [ 2162.324895][T25911] R13: 00007ffdfaf6b1cf R14: 00007fddb5d679c0 R15: 000000000078c0ec [ 2162.335094][T25911] Mem-Info: [ 2162.338268][T25911] active_anon:1414925 inactive_anon:9707 isolated_anon:0 [ 2162.338268][T25911] active_file:160 inactive_file:295 isolated_file:0 21:32:50 executing program 4: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x0) 21:32:50 executing program 5: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, 0x0) preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:32:50 executing program 0: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, 0x0) preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) 21:32:50 executing program 1: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) [ 2162.338268][T25911] unevictable:363 dirty:29 writeback:0 unstable:0 [ 2162.338268][T25911] slab_reclaimable:11189 slab_unreclaimable:76863 [ 2162.338268][T25911] mapped:57966 shmem:9776 pagetables:35585 bounce:0 [ 2162.338268][T25911] free:12978 free_pcp:93 free_cma:0 [ 2162.377402][T25911] Node 0 active_anon:5659700kB inactive_anon:38828kB active_file:1640kB inactive_file:4768kB unevictable:1452kB isolated(anon):0kB isolated(file):0kB mapped:235264kB dirty:116kB writeback:0kB shmem:39104kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2162.403144][T25911] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2162.430190][T25911] lowmem_reserve[]: 0 2912 6416 6416 [ 2162.435592][T25911] DMA32 free:20528kB min:4644kB low:7624kB high:10604kB active_anon:2840976kB inactive_anon:5352kB active_file:0kB inactive_file:8kB unevictable:0kB writepending:0kB present:3129332kB managed:2983768kB mlocked:0kB kernel_stack:14272kB pagetables:17456kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2162.465025][T25911] lowmem_reserve[]: 0 0 3504 3504 [ 2162.470442][T25911] Normal free:17068kB min:5592kB low:9180kB high:12768kB active_anon:2818924kB inactive_anon:33476kB active_file:156kB inactive_file:372kB unevictable:1452kB writepending:0kB present:4718592kB managed:3588928kB mlocked:1452kB kernel_stack:28640kB pagetables:124884kB bounce:0kB free_pcp:620kB local_pcp:248kB free_cma:0kB [ 2162.500580][T25911] lowmem_reserve[]: 0 0 0 0 [ 2162.505129][T25911] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2162.518609][T25911] DMA32: 424*4kB (UMH) 78*8kB (UME) 42*16kB (UMEH) 62*32kB (UMEH) 39*64kB (UMEH) 20*128kB (UMEH) 6*256kB (UMEH) 2*512kB (UM) 2*1024kB (UM) 3*2048kB (UME) 0*4096kB = 20784kB [ 2162.536327][T25911] Normal: 104*4kB (UE) 93*8kB (UME) 97*16kB (UME) 54*32kB (UME) 62*64kB (UME) 56*128kB (ME) 3*256kB (UM) 1*512kB (M) 0*1024kB 0*2048kB 0*4096kB = 16856kB [ 2162.553153][T25911] 10166 total pagecache pages [ 2162.558022][T25911] 0 pages in swap cache [ 2162.562817][T25911] Swap cache stats: add 0, delete 0, find 0/0 [ 2162.569061][T25911] Free swap = 0kB [ 2162.573084][T25911] Total swap = 0kB [ 2162.576956][T25911] 1965979 pages RAM [ 2162.580964][T25911] 0 pages HighMem/MovableOnly [ 2162.585817][T25911] 318829 pages reserved [ 2162.590960][T25911] 0 pages cma reserved [ 2162.595225][T25911] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.5,pid=14387,uid=0 [ 2162.609532][T25911] Out of memory: Killed process 14387 (syz-executor.5) total-vm:75240kB, anon-rss:16564kB, file-rss:35840kB, shmem-rss:0kB, UID:0 pgtables:160kB oom_score_adj:1000 [ 2162.640361][ T23] oom_reaper: reaped process 14387 (syz-executor.5), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 2162.708737][ T351] syz-executor.3 invoked oom-killer: gfp_mask=0x40cc0(GFP_KERNEL|__GFP_COMP), order=1, oom_score_adj=0 [ 2162.723907][ T351] CPU: 1 PID: 351 Comm: syz-executor.3 Not tainted 5.4.56-syzkaller-00005-g8555f0d9d303 #0 [ 2162.734001][ T351] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2162.746298][ T351] Call Trace: [ 2162.749583][ T351] dump_stack+0x14a/0x1ce [ 2162.753884][ T351] ? devkmsg_release+0x11c/0x11c [ 2162.758796][ T351] ? show_regs_print_info+0x12/0x12 [ 2162.763977][ T351] ? radix_tree_cpu_dead+0x160/0x160 [ 2162.769246][ T351] ? _raw_spin_lock+0xa1/0x170 [ 2162.774001][ T351] ? _raw_spin_trylock_bh+0x190/0x190 [ 2162.779347][ T351] dump_header+0xdb/0x700 [ 2162.783660][ T351] oom_kill_process+0xd3/0x280 [ 2162.788407][ T351] out_of_memory+0x5b6/0x890 [ 2162.792974][ T351] ? unregister_oom_notifier+0x20/0x20 [ 2162.798447][ T351] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2162.803966][ T351] ? get_page_from_freelist+0x7c0/0x7c0 [ 2162.809480][ T351] ? _raw_spin_lock_irqsave+0xfc/0x1e0 [ 2162.814908][ T351] ? __zone_watermark_ok+0x91/0x280 [ 2162.820090][ T351] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2162.825968][ T351] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2162.831781][ T351] ? avc_has_perm_noaudit+0x30c/0x400 [ 2162.837143][ T351] ? avc_denied+0x1c0/0x1c0 [ 2162.841620][ T351] alloc_slab_page+0x3a/0x3a0 [ 2162.846278][ T351] new_slab+0x408/0x450 [ 2162.850422][ T351] ? should_fail+0x18e/0x860 [ 2162.855013][ T351] ? getname_flags+0xb8/0x610 [ 2162.859674][ T351] ___slab_alloc+0x2e0/0x450 [ 2162.864252][ T351] ? getname_flags+0xb8/0x610 [ 2162.868929][ T351] ? getname_flags+0xb8/0x610 [ 2162.873575][ T351] kmem_cache_alloc+0x23f/0x260 [ 2162.878398][ T351] getname_flags+0xb8/0x610 [ 2162.882870][ T351] user_path_mountpoint_at+0x22/0x40 [ 2162.888150][ T351] ksys_umount+0x167/0xff0 [ 2162.892554][ T351] ? __down_read+0x210/0x210 [ 2162.897119][ T351] ? ksys_write+0x24c/0x2c0 [ 2162.901608][ T351] ? namespace_unlock+0x4e0/0x4e0 [ 2162.906621][ T351] ? do_user_addr_fault+0x55c/0x9f0 [ 2162.911809][ T351] __x64_sys_umount+0x56/0x60 [ 2162.916460][ T351] do_syscall_64+0xcb/0x150 [ 2162.920948][ T351] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2162.926817][ T351] RIP: 0033:0x45f707 [ 2162.930689][ T351] Code: 64 89 04 25 d0 02 00 00 58 5f ff d0 48 89 c7 e8 2f be ff ff 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 cd 8b fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2162.950277][ T351] RSP: 002b:00007ffd7c795728 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 2162.962836][ T351] RAX: ffffffffffffffda RBX: 000000000020fff6 RCX: 000000000045f707 [ 2162.970788][ T351] RDX: 000000000000000c RSI: 0000000000000002 RDI: 00007ffd7c796860 [ 2162.978740][ T351] RBP: 0000000000004025 R08: 0000000000000001 R09: 0000000001852940 [ 2162.986691][ T351] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd7c796860 [ 2162.994646][ T351] R13: 00007ffd7c796850 R14: 0000000000000000 R15: 00007ffd7c796860 [ 2163.005626][ T351] Mem-Info: [ 2163.010122][ T351] active_anon:1411620 inactive_anon:9707 isolated_anon:0 [ 2163.010122][ T351] active_file:142 inactive_file:525 isolated_file:0 [ 2163.010122][ T351] unevictable:363 dirty:0 writeback:6 unstable:0 [ 2163.010122][ T351] slab_reclaimable:10938 slab_unreclaimable:77192 [ 2163.010122][ T351] mapped:58009 shmem:9776 pagetables:35543 bounce:0 [ 2163.010122][ T351] free:15777 free_pcp:190 free_cma:0 [ 2163.148860][ T351] Node 0 active_anon:5671780kB inactive_anon:38828kB active_file:180kB inactive_file:76kB unevictable:1452kB isolated(anon):0kB isolated(file):0kB mapped:230936kB dirty:0kB writeback:24kB shmem:39104kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2163.173332][ T351] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2163.208040][ T351] lowmem_reserve[]: 0 2912 6416 6416 [ 2163.215602][ T351] DMA32 free:17604kB min:4644kB low:7624kB high:10604kB active_anon:2843628kB inactive_anon:5352kB active_file:0kB inactive_file:4kB unevictable:0kB writepending:0kB present:3129332kB managed:2983768kB mlocked:0kB kernel_stack:14144kB pagetables:17344kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2163.244502][ T351] lowmem_reserve[]: 0 0 3504 3504 [ 2163.249630][ T351] Normal free:6140kB min:5592kB low:9180kB high:12768kB active_anon:2829052kB inactive_anon:33476kB active_file:80kB inactive_file:128kB unevictable:1452kB writepending:172kB present:4718592kB managed:3588928kB mlocked:1452kB kernel_stack:29280kB pagetables:125220kB bounce:0kB free_pcp:184kB local_pcp:0kB free_cma:0kB [ 2163.290614][ T351] lowmem_reserve[]: 0 0 0 0 [ 2163.295268][ T351] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2163.308623][ T351] DMA32: 31*4kB (UMH) 28*8kB (UME) 42*16kB (UMEH) 28*32kB (UME) 23*64kB (MEH) 20*128kB (UMEH) 5*256kB (MEH) 1*512kB (M) 1*1024kB (M) 2*2048kB (ME) 1*4096kB (U) = 16956kB [ 2163.325511][ T351] Normal: 110*4kB (UME) 25*8kB (UME) 35*16kB (UME) 15*32kB (UME) 8*64kB (UM) 18*128kB (UM) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 4496kB [ 2163.340249][ T351] 10136 total pagecache pages [ 2163.344965][ T351] 0 pages in swap cache [ 2163.349111][ T351] Swap cache stats: add 0, delete 0, find 0/0 [ 2163.355192][ T351] Free swap = 0kB [ 2163.359523][ T351] Total swap = 0kB [ 2163.363235][ T351] 1965979 pages RAM [ 2163.367095][ T351] 0 pages HighMem/MovableOnly [ 2163.371755][ T351] 318829 pages reserved [ 2163.375935][ T351] 0 pages cma reserved [ 2163.379986][ T351] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.2,pid=12617,uid=0 [ 2163.394089][ T351] Out of memory: Killed process 12617 (syz-executor.2) total-vm:75372kB, anon-rss:16560kB, file-rss:35848kB, shmem-rss:0kB, UID:0 pgtables:156kB oom_score_adj:1000 [ 2163.412728][ T23] oom_reaper: reaped process 12617 (syz-executor.2), now anon-rss:0kB, file-rss:34824kB, shmem-rss:0kB [ 2163.706161][T25954] syz-executor.0 invoked oom-killer: gfp_mask=0x1100dca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO|0x1000000), order=0, oom_score_adj=1000 [ 2163.719657][T25954] CPU: 0 PID: 25954 Comm: syz-executor.0 Not tainted 5.4.56-syzkaller-00005-g8555f0d9d303 #0 [ 2163.729784][T25954] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2163.739826][T25954] Call Trace: [ 2163.743109][T25954] dump_stack+0x14a/0x1ce [ 2163.747789][T25954] ? devkmsg_release+0x11c/0x11c [ 2163.752717][T25954] ? show_regs_print_info+0x12/0x12 [ 2163.757898][T25954] ? radix_tree_cpu_dead+0x160/0x160 [ 2163.763210][T25954] ? _raw_spin_lock+0xa1/0x170 [ 2163.767963][T25954] ? _raw_spin_trylock_bh+0x190/0x190 [ 2163.773323][T25954] dump_header+0xdb/0x700 [ 2163.777674][T25954] oom_kill_process+0xd3/0x280 [ 2163.782462][T25954] out_of_memory+0x5b6/0x890 [ 2163.787077][T25954] ? unregister_oom_notifier+0x20/0x20 [ 2163.792557][T25954] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2163.798084][T25954] ? get_page_from_freelist+0x7c0/0x7c0 [ 2163.803640][T25954] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2163.808991][T25954] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2163.814590][T25954] ? mem_cgroup_commit_charge+0x1cc/0x2a0 [ 2163.820293][T25954] ? mem_cgroup_try_charge_delay+0x10/0x10 [ 2163.826124][T25954] ? __lru_cache_add+0x1a1/0x1f0 [ 2163.831042][T25954] wp_page_copy+0x1cb/0x1120 [ 2163.835624][T25954] ? add_mm_rss_vec+0x270/0x270 [ 2163.840481][T25954] ? vm_normal_page+0x1c9/0x1d0 [ 2163.845334][T25954] do_wp_page+0x4c1/0x1530 [ 2163.849729][T25954] ? push_rt_tasks+0x4f8/0x670 [ 2163.854484][T25954] ? _raw_spin_lock+0xa1/0x170 [ 2163.859246][T25954] ? do_swap_page+0x1560/0x1560 [ 2163.864080][T25954] handle_mm_fault+0xfa5/0x41e0 [ 2163.868919][T25954] ? finish_fault+0x230/0x230 [ 2163.873593][T25954] ? down_read_trylock+0x17a/0x1d0 [ 2163.878697][T25954] ? vmacache_find+0x2d2/0x4b0 [ 2163.883456][T25954] do_user_addr_fault+0x48a/0x9f0 [ 2163.888468][T25954] page_fault+0x2f/0x40 [ 2163.892600][T25954] RIP: 0010:copy_user_enhanced_fast_string+0xe/0x30 [ 2163.903804][T25954] Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 89 d1 f3 a4 [ 2163.924080][T25954] RSP: 0018:ffff8881d3e7f888 EFLAGS: 00010206 [ 2163.930122][T25954] RAX: ffffffff81f80e01 RBX: 0000000020e91500 RCX: 0000000000000500 [ 2163.938088][T25954] RDX: 0000000000001000 RSI: ffff8881d3ec0b00 RDI: 0000000020e91000 [ 2163.946171][T25954] RBP: ffff8881d3e7fda8 R08: dffffc0000000000 R09: ffffed103a7d8200 [ 2163.954169][T25954] R10: 0000000000000000 R11: 0000000000000000 R12: 00007ffffffff000 [ 2163.962156][T25954] R13: 0000000000001000 R14: ffff8881d3ec0000 R15: 0000000020e90500 [ 2163.970117][T25954] ? _copy_to_iter+0x1021/0x1060 [ 2163.975041][T25954] copyout+0x8e/0xb0 [ 2163.978905][T25954] copy_page_to_iter+0x393/0xbd0 [ 2163.983819][T25954] pipe_to_user+0xa3/0x130 [ 2163.988210][T25954] __splice_from_pipe+0x2d3/0x870 [ 2163.993230][T25954] ? user_page_pipe_buf_steal+0xc0/0xc0 [ 2163.998747][T25954] do_vmsplice+0x252/0xee0 [ 2164.003137][T25954] ? avc_ss_reset+0x3a0/0x3a0 [ 2164.007795][T25954] ? write_pipe_buf+0x1d0/0x1d0 [ 2164.012638][T25954] ? __rcu_read_lock+0x50/0x50 [ 2164.017435][T25954] ? check_stack_object+0x5a/0x90 [ 2164.022475][T25954] ? _copy_from_user+0xa4/0xe0 [ 2164.027413][T25954] ? rw_copy_check_uvector+0x2b3/0x310 [ 2164.034022][T25954] ? import_iovec+0x1c2/0x380 [ 2164.038685][T25954] ? dup_iter+0x110/0x110 [ 2164.043002][T25954] ? do_vfs_ioctl+0x780/0x1750 [ 2164.047749][T25954] __se_sys_vmsplice+0x1fb/0x300 [ 2164.052666][T25954] ? __x64_sys_vmsplice+0xa0/0xa0 [ 2164.057663][T25954] ? put_timespec64+0x109/0x150 [ 2164.062507][T25954] ? __x64_sys_clock_gettime+0x20d/0x260 [ 2164.068144][T25954] ? __ia32_sys_clock_settime+0x2a0/0x2a0 [ 2164.073864][T25954] do_syscall_64+0xcb/0x150 [ 2164.078378][T25954] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2164.084281][T25954] RIP: 0033:0x45ccd9 [ 2164.088167][T25954] Code: 2d b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb b5 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2164.107748][T25954] RSP: 002b:00007fde41c07c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000116 [ 2164.116134][T25954] RAX: ffffffffffffffda RBX: 0000000000035780 RCX: 000000000045ccd9 [ 2164.124119][T25954] RDX: 0000000000000001 RSI: 0000000020000000 RDI: 0000000000000004 [ 2164.132068][T25954] RBP: 000000000078c088 R08: 0000000000000000 R09: 0000000000000000 [ 2164.140060][T25954] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078c04c [ 2164.148359][T25954] R13: 00007ffc21977a6f R14: 00007fde41c089c0 R15: 000000000078c04c [ 2164.156385][T25954] Mem-Info: [ 2164.159518][T25954] active_anon:1418766 inactive_anon:9707 isolated_anon:0 [ 2164.159518][T25954] active_file:35 inactive_file:25 isolated_file:0 [ 2164.159518][T25954] unevictable:363 dirty:5 writeback:0 unstable:0 [ 2164.159518][T25954] slab_reclaimable:10902 slab_unreclaimable:77236 [ 2164.159518][T25954] mapped:57731 shmem:9776 pagetables:35603 bounce:0 [ 2164.159518][T25954] free:9389 free_pcp:211 free_cma:0 [ 2164.197182][T25954] Node 0 active_anon:5675064kB inactive_anon:38828kB active_file:140kB inactive_file:0kB unevictable:1452kB isolated(anon):0kB isolated(file):128kB mapped:230924kB dirty:20kB writeback:0kB shmem:39104kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2164.221623][T25954] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2164.247753][T25954] lowmem_reserve[]: 0 2912 6416 6416 [ 2164.253063][T25954] DMA32 free:16956kB min:4644kB low:7624kB high:10604kB active_anon:2844144kB inactive_anon:5352kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2983768kB mlocked:0kB kernel_stack:14080kB pagetables:17344kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2164.287345][T25954] lowmem_reserve[]: 0 0 3504 3504 [ 2164.292639][T25954] Normal free:4004kB min:5592kB low:9180kB high:12768kB active_anon:2830920kB inactive_anon:33476kB active_file:140kB inactive_file:0kB unevictable:1452kB writepending:20kB present:4718592kB managed:3588928kB mlocked:1452kB kernel_stack:29120kB pagetables:125068kB bounce:0kB free_pcp:496kB local_pcp:496kB free_cma:0kB [ 2164.322917][T25954] lowmem_reserve[]: 0 0 0 0 [ 2164.327447][T25954] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2164.340844][T25954] DMA32: 64*4kB (UM) 41*8kB (UME) 45*16kB (UME) 29*32kB (UME) 24*64kB (ME) 20*128kB (UME) 5*256kB (ME) 1*512kB (M) 1*1024kB (M) 2*2048kB (ME) 1*4096kB (U) = 17336kB [ 2164.357335][T25954] Normal: 42*4kB (UM) 21*8kB (UE) 21*16kB (UME) 15*32kB (UME) 8*64kB (UM) 2*128kB (UM) 1*256kB (M) 0*512kB 2*1024kB (M) 0*2048kB 0*4096kB = 4224kB [ 2164.372269][T25954] 10119 total pagecache pages [ 2164.376943][T25954] 0 pages in swap cache [ 2164.381082][T25954] Swap cache stats: add 0, delete 0, find 0/0 [ 2164.387165][T25954] Free swap = 0kB [ 2164.390901][T25954] Total swap = 0kB [ 2164.394627][T25954] 1965979 pages RAM [ 2164.398414][T25954] 0 pages HighMem/MovableOnly [ 2164.403177][T25954] 318829 pages reserved [ 2164.407342][T25954] 0 pages cma reserved [ 2164.411440][T25954] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.5,pid=4226,uid=0 [ 2164.425506][T25954] Out of memory: Killed process 4226 (syz-executor.5) total-vm:75240kB, anon-rss:16564kB, file-rss:35840kB, shmem-rss:0kB, UID:0 pgtables:160kB oom_score_adj:1000 [ 2164.446589][ T23] oom_reaper: reaped process 4226 (syz-executor.5), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 21:32:52 executing program 2: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:32:52 executing program 1: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:32:52 executing program 3: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:32:52 executing program 5: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, 0x0) preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:32:52 executing program 4: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x0) 21:32:52 executing program 0: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, 0x0) preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) [ 2165.022669][T25986] syz-executor.1 invoked oom-killer: gfp_mask=0x1100dca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO|0x1000000), order=0, oom_score_adj=1000 [ 2165.035963][T25986] CPU: 0 PID: 25986 Comm: syz-executor.1 Not tainted 5.4.56-syzkaller-00005-g8555f0d9d303 #0 [ 2165.046107][T25986] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2165.056157][T25986] Call Trace: [ 2165.059451][T25986] dump_stack+0x14a/0x1ce [ 2165.063777][T25986] ? devkmsg_release+0x11c/0x11c [ 2165.068713][T25986] ? show_regs_print_info+0x12/0x12 [ 2165.073905][T25986] ? radix_tree_cpu_dead+0x160/0x160 [ 2165.079191][T25986] ? _raw_spin_lock+0xa1/0x170 [ 2165.083958][T25986] ? _raw_spin_trylock_bh+0x190/0x190 [ 2165.089327][T25986] dump_header+0xdb/0x700 [ 2165.093657][T25986] oom_kill_process+0xd3/0x280 [ 2165.098789][T25986] out_of_memory+0x5b6/0x890 [ 2165.103375][T25986] ? unregister_oom_notifier+0x20/0x20 [ 2165.108830][T25986] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2165.114381][T25986] ? get_page_from_freelist+0x7c0/0x7c0 [ 2165.119924][T25986] ? flush_tlb_func_common+0x45/0x580 [ 2165.125289][T25986] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2165.130653][T25986] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2165.136212][T25986] ? mem_cgroup_commit_charge+0x1cc/0x2a0 [ 2165.141926][T25986] ? mem_cgroup_try_charge_delay+0x10/0x10 [ 2165.147718][T25986] ? __lru_cache_add+0x1a1/0x1f0 [ 2165.152644][T25986] wp_page_copy+0x1cb/0x1120 [ 2165.157239][T25986] ? add_mm_rss_vec+0x270/0x270 [ 2165.162090][T25986] ? vm_normal_page+0x1c9/0x1d0 [ 2165.168336][T25986] do_wp_page+0x4c1/0x1530 [ 2165.172739][T25986] ? push_rt_tasks+0x4f8/0x670 [ 2165.177493][T25986] ? _raw_spin_lock+0xa1/0x170 [ 2165.182274][T25986] ? do_swap_page+0x1560/0x1560 [ 2165.187117][T25986] handle_mm_fault+0xfa5/0x41e0 [ 2165.191963][T25986] ? finish_fault+0x230/0x230 [ 2165.196631][T25986] ? push_rt_tasks+0x4f8/0x670 [ 2165.201385][T25986] ? down_read_trylock+0x17a/0x1d0 [ 2165.206484][T25986] ? vmacache_find+0x205/0x4b0 [ 2165.211243][T25986] do_user_addr_fault+0x48a/0x9f0 [ 2165.216260][T25986] page_fault+0x2f/0x40 [ 2165.220423][T25986] RIP: 0010:copy_user_enhanced_fast_string+0xe/0x30 [ 2165.227006][T25986] Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 89 d1 f3 a4 [ 2165.246614][T25986] RSP: 0000:ffff8881023cf888 EFLAGS: 00010206 [ 2165.252668][T25986] RAX: ffffffff81f80e01 RBX: 00000000209ef500 RCX: 0000000000000500 [ 2165.260627][T25986] RDX: 0000000000001000 RSI: ffff8881022e8b00 RDI: 00000000209ef000 [ 2165.268590][T25986] RBP: ffff8881023cfda8 R08: dffffc0000000000 R09: ffffed102045d200 [ 2165.276556][T25986] R10: 0000000000000000 R11: 0000000000000000 R12: 00007ffffffff000 [ 2165.284545][T25986] R13: 0000000000001000 R14: ffff8881022e8000 R15: 00000000209ee500 [ 2165.292531][T25986] ? _copy_to_iter+0x1021/0x1060 [ 2165.297479][T25986] copyout+0x8e/0xb0 [ 2165.301365][T25986] copy_page_to_iter+0x393/0xbd0 [ 2165.306309][T25986] pipe_to_user+0xa3/0x130 [ 2165.310714][T25986] __splice_from_pipe+0x2d3/0x870 [ 2165.315743][T25986] ? user_page_pipe_buf_steal+0xc0/0xc0 [ 2165.321292][T25986] do_vmsplice+0x252/0xee0 [ 2165.325703][T25986] ? avc_ss_reset+0x3a0/0x3a0 [ 2165.330387][T25986] ? write_pipe_buf+0x1d0/0x1d0 [ 2165.335231][T25986] ? __rcu_read_lock+0x50/0x50 [ 2165.339985][T25986] ? check_stack_object+0x5a/0x90 [ 2165.344997][T25986] ? _copy_from_user+0xa4/0xe0 [ 2165.349750][T25986] ? rw_copy_check_uvector+0x2b3/0x310 [ 2165.355199][T25986] ? import_iovec+0x1c2/0x380 [ 2165.359883][T25986] ? dup_iter+0x110/0x110 [ 2165.364234][T25986] ? do_vfs_ioctl+0x780/0x1750 [ 2165.368996][T25986] __se_sys_vmsplice+0x1fb/0x300 [ 2165.373923][T25986] ? __x64_sys_vmsplice+0xa0/0xa0 [ 2165.378944][T25986] ? put_timespec64+0x109/0x150 [ 2165.383791][T25986] ? __x64_sys_clock_gettime+0x20d/0x260 [ 2165.389436][T25986] ? __ia32_sys_clock_settime+0x2a0/0x2a0 [ 2165.395167][T25986] do_syscall_64+0xcb/0x150 [ 2165.399663][T25986] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2165.405555][T25986] RIP: 0033:0x45ccd9 [ 2165.409435][T25986] Code: 2d b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb b5 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2165.429038][T25986] RSP: 002b:00007f08e95a3c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000116 [ 2165.437443][T25986] RAX: ffffffffffffffda RBX: 0000000000035780 RCX: 000000000045ccd9 [ 2165.445421][T25986] RDX: 0000000000000001 RSI: 0000000020000000 RDI: 0000000000000004 [ 2165.453398][T25986] RBP: 000000000078c088 R08: 0000000000000000 R09: 0000000000000000 [ 2165.461369][T25986] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078c04c [ 2165.469334][T25986] R13: 00007ffee81ce42f R14: 00007f08e95a49c0 R15: 000000000078c04c [ 2165.477392][T25986] Mem-Info: [ 2165.480519][T25986] active_anon:1415605 inactive_anon:9707 isolated_anon:0 [ 2165.480519][T25986] active_file:52 inactive_file:123 isolated_file:0 [ 2165.480519][T25986] unevictable:363 dirty:53 writeback:25 unstable:0 [ 2165.480519][T25986] slab_reclaimable:10837 slab_unreclaimable:77996 [ 2165.480519][T25986] mapped:57824 shmem:9776 pagetables:35697 bounce:0 [ 2165.480519][T25986] free:11269 free_pcp:348 free_cma:0 [ 2165.518502][T25986] Node 0 active_anon:5662420kB inactive_anon:38828kB active_file:208kB inactive_file:492kB unevictable:1452kB isolated(anon):0kB isolated(file):0kB mapped:231296kB dirty:212kB writeback:100kB shmem:39104kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2165.543113][T25986] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2165.569175][T25986] lowmem_reserve[]: 0 2912 6416 6416 [ 2165.574547][T25986] DMA32 free:17596kB min:4644kB low:7624kB high:10604kB active_anon:2843992kB inactive_anon:5352kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2983768kB mlocked:0kB kernel_stack:14080kB pagetables:17344kB bounce:0kB free_pcp:904kB local_pcp:524kB free_cma:0kB [ 2165.603927][T25986] lowmem_reserve[]: 0 0 3504 3504 [ 2165.609019][T25986] Normal free:11576kB min:5592kB low:9180kB high:12768kB active_anon:2818264kB inactive_anon:33476kB active_file:312kB inactive_file:380kB unevictable:1452kB writepending:312kB present:4718592kB managed:3588928kB mlocked:1452kB kernel_stack:29408kB pagetables:125444kB bounce:0kB free_pcp:580kB local_pcp:192kB free_cma:0kB [ 2165.639274][T25986] lowmem_reserve[]: 0 0 0 0 [ 2165.643776][T25986] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2165.657112][T25986] DMA32: 26*4kB (UH) 21*8kB (UE) 61*16kB (UEH) 43*32kB (UMEH) 28*64kB (UME) 20*128kB (UME) 5*256kB (ME) 1*512kB (M) 1*1024kB (M) 2*2048kB (ME) 1*4096kB (U) = 17984kB [ 2165.673684][T25986] Normal: 64*4kB (UE) 12*8kB (UE) 8*16kB (UE) 30*32kB (UMEH) 7*64kB (UM) 68*128kB (M) 3*256kB (UM) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 11360kB [ 2165.688339][T25986] 10401 total pagecache pages [ 2165.692999][T25986] 0 pages in swap cache [ 2165.697155][T25986] Swap cache stats: add 0, delete 0, find 0/0 [ 2165.703205][T25986] Free swap = 0kB [ 2165.706927][T25986] Total swap = 0kB [ 2165.710630][T25986] 1965979 pages RAM [ 2165.714437][T25986] 0 pages HighMem/MovableOnly [ 2165.719089][T25986] 318829 pages reserved [ 2165.723223][T25986] 0 pages cma reserved [ 2165.727403][T25986] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.0,pid=10603,uid=0 [ 2165.741562][T25986] Out of memory: Killed process 10603 (syz-executor.0) total-vm:75240kB, anon-rss:16556kB, file-rss:35836kB, shmem-rss:0kB, UID:0 pgtables:160kB oom_score_adj:1000 [ 2165.771718][ T23] oom_reaper: reaped process 10603 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 21:32:53 executing program 5: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, 0x0) preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:32:53 executing program 1: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, 0x0) preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:32:53 executing program 4: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, 0x0) preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x0) 21:32:53 executing program 3: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:32:53 executing program 0: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, 0x0) preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) 21:32:54 executing program 2: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r3, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) [ 2166.577590][T26025] syz-executor.2 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 2166.591734][T26025] CPU: 1 PID: 26025 Comm: syz-executor.2 Not tainted 5.4.56-syzkaller-00005-g8555f0d9d303 #0 [ 2166.601875][T26025] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2166.611925][T26025] Call Trace: [ 2166.615194][T26025] dump_stack+0x14a/0x1ce [ 2166.619516][T26025] ? devkmsg_release+0x11c/0x11c [ 2166.624859][T26025] ? show_regs_print_info+0x12/0x12 [ 2166.630026][T26025] ? radix_tree_cpu_dead+0x160/0x160 [ 2166.635282][T26025] ? _raw_spin_lock+0xa1/0x170 [ 2166.640024][T26025] ? _raw_spin_trylock_bh+0x190/0x190 [ 2166.645378][T26025] dump_header+0xdb/0x700 [ 2166.649678][T26025] oom_kill_process+0xd3/0x280 [ 2166.654410][T26025] out_of_memory+0x5b6/0x890 [ 2166.658969][T26025] ? unregister_oom_notifier+0x20/0x20 [ 2166.664399][T26025] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2166.669918][T26025] ? get_page_from_freelist+0x7c0/0x7c0 [ 2166.675445][T26025] ? __zone_watermark_ok+0x91/0x280 [ 2166.680635][T26025] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2166.686001][T26025] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2166.691531][T26025] ? copy_process+0x5a4/0x5110 [ 2166.696325][T26025] ? copy_process+0x5a4/0x5110 [ 2166.701116][T26025] ? kmem_cache_alloc+0x1d5/0x260 [ 2166.706127][T26025] copy_process+0x5f3/0x5110 [ 2166.710697][T26025] ? mem_cgroup_commit_charge+0x1cc/0x2a0 [ 2166.716452][T26025] ? _raw_spin_lock+0xa1/0x170 [ 2166.721197][T26025] ? mem_cgroup_try_charge_delay+0x10/0x10 [ 2166.726978][T26025] ? __lru_cache_add+0x1a1/0x1f0 [ 2166.731889][T26025] ? fork_idle+0x290/0x290 [ 2166.736284][T26025] _do_fork+0x196/0x920 [ 2166.740409][T26025] ? finish_fault+0x230/0x230 [ 2166.745154][T26025] ? up_write+0xa1/0x190 [ 2166.749371][T26025] ? dup_mm+0x300/0x300 [ 2166.753499][T26025] __x64_sys_clone+0x25e/0x2c0 [ 2166.758232][T26025] ? __ia32_sys_vfork+0x110/0x110 [ 2166.763226][T26025] ? do_user_addr_fault+0x55c/0x9f0 [ 2166.768391][T26025] do_syscall_64+0xcb/0x150 [ 2166.772865][T26025] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2166.778739][T26025] RIP: 0033:0x45f6a9 [ 2166.782605][T26025] Code: ff 48 85 f6 0f 84 57 8c fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c 2e 8c fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 2166.802194][T26025] RSP: 002b:00007ffdfaf6b118 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 2166.810594][T26025] RAX: ffffffffffffffda RBX: 00007fddb5da9700 RCX: 000000000045f6a9 [ 2166.818566][T26025] RDX: 00007fddb5da99d0 RSI: 00007fddb5da8db0 RDI: 00000000003d0f00 [ 2166.826546][T26025] RBP: 00007ffdfaf6b340 R08: 00007fddb5da9700 R09: 00007fddb5da9700 [ 2166.834496][T26025] R10: 00007fddb5da99d0 R11: 0000000000000202 R12: 0000000000000000 [ 2166.842487][T26025] R13: 00007ffdfaf6b1cf R14: 00007fddb5da99c0 R15: 000000000078bfac [ 2166.855835][T26025] Mem-Info: [ 2166.860233][T26025] active_anon:1412810 inactive_anon:9707 isolated_anon:0 [ 2166.860233][T26025] active_file:73 inactive_file:80 isolated_file:0 21:32:54 executing program 5: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x375, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:32:54 executing program 0: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x375, 0x0, 0x0) [ 2166.860233][T26025] unevictable:363 dirty:2 writeback:0 unstable:0 [ 2166.860233][T26025] slab_reclaimable:10815 slab_unreclaimable:78054 [ 2166.860233][T26025] mapped:57819 shmem:9776 pagetables:35697 bounce:0 [ 2166.860233][T26025] free:13954 free_pcp:451 free_cma:0 [ 2166.898723][T26025] Node 0 active_anon:5651540kB inactive_anon:38828kB active_file:692kB inactive_file:5020kB unevictable:1452kB isolated(anon):0kB isolated(file):0kB mapped:234976kB dirty:108kB writeback:0kB shmem:39104kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2166.980439][T26025] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2167.009699][T26025] lowmem_reserve[]: 0 2912 6416 6416 [ 2167.015146][T26025] DMA32 free:18904kB min:4644kB low:7624kB high:10604kB active_anon:2844172kB inactive_anon:5352kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2983768kB mlocked:0kB kernel_stack:14080kB pagetables:17344kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2167.045510][T26025] lowmem_reserve[]: 0 0 3504 3504 [ 2167.051339][T26025] Normal free:5880kB min:5592kB low:9180kB high:12768kB active_anon:2822444kB inactive_anon:33476kB active_file:236kB inactive_file:592kB unevictable:1452kB writepending:100kB present:4718592kB managed:3588928kB mlocked:1452kB kernel_stack:28928kB pagetables:125472kB bounce:0kB free_pcp:556kB local_pcp:340kB free_cma:0kB [ 2167.081767][T26025] lowmem_reserve[]: 0 0 0 0 [ 2167.086491][T26025] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2167.100239][T26025] DMA32: 216*4kB (UMH) 33*8kB (UME) 77*16kB (UMEH) 41*32kB (UEH) 30*64kB (UME) 20*128kB (UME) 5*256kB (ME) 1*512kB (M) 1*1024kB (M) 2*2048kB (ME) 1*4096kB (U) = 19160kB [ 2167.118360][T26025] Normal: 166*4kB (UME) 30*8kB (UME) 17*16kB (UME) 9*32kB (UME) 1*64kB (U) 1*128kB (M) 0*256kB 1*512kB (M) 2*1024kB (UM) 1*2048kB (M) 0*4096kB = 6264kB [ 2167.134016][T26025] 10283 total pagecache pages [ 2167.138705][T26025] 0 pages in swap cache [ 2167.142989][T26025] Swap cache stats: add 0, delete 0, find 0/0 [ 2167.149192][T26025] Free swap = 0kB [ 2167.153912][T26025] Total swap = 0kB [ 2167.157727][T26025] 1965979 pages RAM [ 2167.161523][T26025] 0 pages HighMem/MovableOnly [ 2167.166796][T26025] 318829 pages reserved [ 2167.170965][T26025] 0 pages cma reserved [ 2167.176138][T26025] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.1,pid=25064,uid=0 [ 2167.190904][T26025] Out of memory: Killed process 25064 (syz-executor.1) total-vm:75240kB, anon-rss:16572kB, file-rss:35776kB, shmem-rss:0kB, UID:0 pgtables:164kB oom_score_adj:1000 [ 2167.210310][ T23] oom_reaper: reaped process 25064 (syz-executor.1), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 2167.356013][T26044] syz-executor.3 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 2167.368902][T26044] CPU: 1 PID: 26044 Comm: syz-executor.3 Not tainted 5.4.56-syzkaller-00005-g8555f0d9d303 #0 [ 2167.379050][T26044] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2167.389132][T26044] Call Trace: [ 2167.392448][T26044] dump_stack+0x14a/0x1ce [ 2167.396758][T26044] ? devkmsg_release+0x11c/0x11c [ 2167.401667][T26044] ? show_regs_print_info+0x12/0x12 [ 2167.406833][T26044] ? radix_tree_cpu_dead+0x160/0x160 [ 2167.412086][T26044] ? _raw_spin_lock+0xa1/0x170 [ 2167.416834][T26044] ? _raw_spin_trylock_bh+0x190/0x190 [ 2167.422189][T26044] dump_header+0xdb/0x700 [ 2167.426507][T26044] oom_kill_process+0xd3/0x280 [ 2167.431250][T26044] out_of_memory+0x5b6/0x890 [ 2167.435822][T26044] ? unregister_oom_notifier+0x20/0x20 [ 2167.441261][T26044] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2167.446812][T26044] ? get_page_from_freelist+0x7c0/0x7c0 [ 2167.452334][T26044] ? __zone_watermark_ok+0x91/0x280 [ 2167.457516][T26044] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2167.462874][T26044] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2167.468408][T26044] ? copy_process+0x5a4/0x5110 [ 2167.473162][T26044] ? kmem_cache_alloc+0x1d5/0x260 [ 2167.478201][T26044] copy_process+0x5f3/0x5110 [ 2167.482787][T26044] ? _raw_spin_lock+0xa1/0x170 [ 2167.487541][T26044] ? _raw_spin_trylock_bh+0x190/0x190 [ 2167.492904][T26044] ? cap_capable+0x23f/0x280 [ 2167.497487][T26044] ? fork_idle+0x290/0x290 [ 2167.501913][T26044] ? capable+0x79/0xe0 [ 2167.505972][T26044] _do_fork+0x196/0x920 [ 2167.510118][T26044] ? dup_mm+0x300/0x300 [ 2167.514282][T26044] ? ktime_get_raw+0x130/0x130 [ 2167.519033][T26044] __x64_sys_clone+0x25e/0x2c0 [ 2167.523780][T26044] ? __ia32_sys_vfork+0x110/0x110 [ 2167.528801][T26044] ? __x64_sys_clock_gettime+0x20d/0x260 [ 2167.534419][T26044] do_syscall_64+0xcb/0x150 [ 2167.538905][T26044] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2167.544793][T26044] RIP: 0033:0x45ccd9 [ 2167.548666][T26044] Code: 2d b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb b5 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2167.568252][T26044] RSP: 002b:00007fbf5a9d0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2167.576657][T26044] RAX: ffffffffffffffda RBX: 0000000000001f00 RCX: 000000000045ccd9 [ 2167.584617][T26044] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000103 [ 2167.592581][T26044] RBP: 000000000078c130 R08: ffffffffffffffff R09: 0000000000000000 [ 2167.600558][T26044] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078c0ec [ 2167.608537][T26044] R13: 00007ffd7c7965df R14: 00007fbf5a9d19c0 R15: 000000000078c0ec [ 2167.617503][T26044] Mem-Info: [ 2167.622062][T26044] active_anon:1412626 inactive_anon:9707 isolated_anon:0 [ 2167.622062][T26044] active_file:128 inactive_file:295 isolated_file:10 [ 2167.622062][T26044] unevictable:363 dirty:8 writeback:1 unstable:0 [ 2167.622062][T26044] slab_reclaimable:10812 slab_unreclaimable:78059 [ 2167.622062][T26044] mapped:58015 shmem:9776 pagetables:35640 bounce:0 [ 2167.622062][T26044] free:14175 free_pcp:456 free_cma:0 [ 2167.660895][T26044] Node 0 active_anon:5650504kB inactive_anon:38828kB active_file:612kB inactive_file:1380kB unevictable:1452kB isolated(anon):0kB isolated(file):40kB mapped:232160kB dirty:32kB writeback:4kB shmem:39104kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2167.687175][T26044] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2167.714358][T26044] lowmem_reserve[]: 0 2912 6416 6416 [ 2167.719861][T26044] DMA32 free:22472kB min:4644kB low:7624kB high:10604kB active_anon:2841444kB inactive_anon:5352kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2983768kB mlocked:0kB kernel_stack:14048kB pagetables:17244kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2167.749623][T26044] lowmem_reserve[]: 0 0 3504 3504 [ 2167.757074][T26044] Normal free:18212kB min:5592kB low:9180kB high:12768kB active_anon:2809060kB inactive_anon:33476kB active_file:648kB inactive_file:532kB unevictable:1452kB writepending:36kB present:4718592kB managed:3588928kB mlocked:1452kB kernel_stack:28800kB pagetables:125316kB bounce:0kB free_pcp:1024kB local_pcp:380kB free_cma:0kB [ 2167.788715][T26044] lowmem_reserve[]: 0 0 0 0 [ 2167.793711][T26044] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2167.810703][T26044] DMA32: 552*4kB (UMH) 207*8kB (UME) 97*16kB (UMEH) 45*32kB (UEH) 32*64kB (UME) 20*128kB (UME) 5*256kB (ME) 1*512kB (M) 1*1024kB (M) 2*2048kB (ME) 1*4096kB (U) = 22472kB [ 2167.828066][T26044] Normal: 1156*4kB (ME) 351*8kB (UME) 151*16kB (UME) 54*32kB (UME) 7*64kB (UM) 7*128kB (M) 0*256kB 1*512kB (M) 2*1024kB (UM) 1*2048kB (M) 0*4096kB = 17528kB [ 2167.844454][T26044] 10605 total pagecache pages [ 2167.849343][T26044] 0 pages in swap cache [ 2167.853624][T26044] Swap cache stats: add 0, delete 0, find 0/0 [ 2167.859837][T26044] Free swap = 0kB [ 2167.863682][T26044] Total swap = 0kB [ 2167.867635][T26044] 1965979 pages RAM [ 2167.871607][T26044] 0 pages HighMem/MovableOnly [ 2167.876457][T26044] 318829 pages reserved [ 2167.880666][T26044] 0 pages cma reserved [ 2167.884881][T26044] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.1,pid=23500,uid=0 21:32:55 executing program 1: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:32:55 executing program 5: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x375, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:32:55 executing program 4: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, 0x0) preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x0) 21:32:55 executing program 3: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r2, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) [ 2167.899219][T26044] Out of memory: Killed process 23500 (syz-executor.1) total-vm:75240kB, anon-rss:16572kB, file-rss:35776kB, shmem-rss:0kB, UID:0 pgtables:164kB oom_score_adj:1000 [ 2167.921690][ T23] oom_reaper: reaped process 23500 (syz-executor.1), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 21:32:55 executing program 2: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r3, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:32:56 executing program 3: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r2, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:32:56 executing program 2: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r3, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:32:56 executing program 5: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x375, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:32:56 executing program 3: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r2, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:32:56 executing program 0: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x375, 0x0, 0x0) 21:32:56 executing program 1: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:32:56 executing program 3: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x2, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r3, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) [ 2168.519208][T26101] syz-executor.2 invoked oom-killer: gfp_mask=0x1100dca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO|0x1000000), order=0, oom_score_adj=1000 [ 2168.534369][T26101] CPU: 0 PID: 26101 Comm: syz-executor.2 Not tainted 5.4.56-syzkaller-00005-g8555f0d9d303 #0 [ 2168.544527][T26101] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2168.554574][T26101] Call Trace: [ 2168.557884][T26101] dump_stack+0x14a/0x1ce [ 2168.562204][T26101] ? devkmsg_release+0x11c/0x11c [ 2168.567161][T26101] ? show_regs_print_info+0x12/0x12 [ 2168.572337][T26101] ? radix_tree_cpu_dead+0x160/0x160 [ 2168.577605][T26101] ? _raw_spin_lock+0xa1/0x170 [ 2168.582360][T26101] ? _raw_spin_trylock_bh+0x190/0x190 [ 2168.587702][T26101] dump_header+0xdb/0x700 [ 2168.592000][T26101] oom_kill_process+0xd3/0x280 [ 2168.596744][T26101] out_of_memory+0x5b6/0x890 [ 2168.601330][T26101] ? unregister_oom_notifier+0x20/0x20 [ 2168.606757][T26101] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2168.612307][T26101] ? get_page_from_freelist+0x7c0/0x7c0 [ 2168.617823][T26101] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2168.623163][T26101] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2168.628700][T26101] handle_mm_fault+0x18e6/0x41e0 [ 2168.633608][T26101] ? find_vma+0x150/0x150 [ 2168.637908][T26101] ? finish_fault+0x230/0x230 [ 2168.642563][T26101] ? up_write+0xa1/0x190 [ 2168.646785][T26101] ? down_read_trylock+0x17a/0x1d0 [ 2168.651868][T26101] ? vmacache_update+0x9f/0xf0 [ 2168.656604][T26101] do_user_addr_fault+0x48a/0x9f0 [ 2168.661599][T26101] page_fault+0x2f/0x40 [ 2168.665744][T26101] RIP: 0033:0x4142bf [ 2168.669608][T26101] Code: 0f 84 c8 02 00 00 48 83 bd 78 ff ff ff 00 0f 84 f9 04 00 00 48 8b 95 68 ff ff ff 44 89 95 38 ff ff ff 4c 8d ac 10 00 f7 ff ff <49> 89 85 90 06 00 00 49 8d 85 10 03 00 00 49 89 95 98 06 00 00 41 [ 2168.689197][T26101] RSP: 002b:00007ffdfaf6b160 EFLAGS: 00010206 [ 2168.695254][T26101] RAX: 00007fddb5d47000 RBX: 0000000000020000 RCX: 000000000045cd2a [ 2168.703292][T26101] RDX: 0000000000021000 RSI: 0000000000021000 RDI: 0000000000000000 [ 2168.711345][T26101] RBP: 00007ffdfaf6b240 R08: ffffffffffffffff R09: 0000000000000000 [ 2168.719316][T26101] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffdfaf6b340 [ 2168.727278][T26101] R13: 00007fddb5d67700 R14: 0000000000000992 R15: 000000000078c0ec [ 2168.736117][T26101] Mem-Info: [ 2168.769447][T26101] active_anon:1411028 inactive_anon:9707 isolated_anon:0 [ 2168.769447][T26101] active_file:407 inactive_file:903 isolated_file:10 [ 2168.769447][T26101] unevictable:363 dirty:15 writeback:4 unstable:0 [ 2168.769447][T26101] slab_reclaimable:10787 slab_unreclaimable:78181 [ 2168.769447][T26101] mapped:58608 shmem:9776 pagetables:35886 bounce:0 [ 2168.769447][T26101] free:13733 free_pcp:1013 free_cma:0 [ 2168.834499][T26101] Node 0 active_anon:5638212kB inactive_anon:38828kB active_file:1928kB inactive_file:5112kB unevictable:1452kB isolated(anon):0kB isolated(file):40kB mapped:235532kB dirty:60kB writeback:16kB shmem:39104kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2168.859811][T26101] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2168.886771][T26101] lowmem_reserve[]: 0 2912 6416 6416 [ 2168.893005][T26101] DMA32 free:20924kB min:4644kB low:7624kB high:10604kB active_anon:2841684kB inactive_anon:5352kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2983768kB mlocked:0kB kernel_stack:14080kB pagetables:17268kB bounce:0kB free_pcp:2904kB local_pcp:1456kB free_cma:0kB [ 2168.934452][T26101] lowmem_reserve[]: 0 0 3504 3504 [ 2168.941350][T26101] Normal free:19904kB min:5592kB low:9180kB high:12768kB active_anon:2799632kB inactive_anon:33476kB active_file:1544kB inactive_file:5700kB unevictable:1452kB writepending:324kB present:4718592kB managed:3588928kB mlocked:1452kB kernel_stack:29088kB pagetables:126084kB bounce:0kB free_pcp:584kB local_pcp:332kB free_cma:0kB [ 2168.973349][T26101] lowmem_reserve[]: 0 0 0 0 21:32:56 executing program 3: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x2, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r3, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:32:56 executing program 0: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x375, 0x0, 0x0) 21:32:56 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) 21:32:56 executing program 5: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, 0x0, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:32:57 executing program 4: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, 0x0) preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x0) [ 2168.980090][T26101] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2168.994935][T26101] DMA32: 296*4kB (UMH) 174*8kB (UME) 134*16kB (UMEH) 69*32kB (UMEH) 27*64kB (UME) 10*128kB (UME) 6*256kB (ME) 1*512kB (M) 1*1024kB (M) 2*2048kB (ME) 1*4096kB (U) = 21200kB [ 2169.015103][T26101] Normal: 90*4kB (UMEH) 273*8kB (UMEH) 216*16kB (UMEH) 98*32kB (UME) 31*64kB (M) 8*128kB (M) 2*256kB (M) 4*512kB (UM) 0*1024kB 1*2048kB (U) 0*4096kB = 16752kB [ 2169.047345][T26101] 12618 total pagecache pages [ 2169.053203][T26101] 0 pages in swap cache [ 2169.058192][T26101] Swap cache stats: add 0, delete 0, find 0/0 [ 2169.065243][T26101] Free swap = 0kB [ 2169.069954][T26101] Total swap = 0kB [ 2169.075067][T26101] 1965979 pages RAM [ 2169.079675][T26101] 0 pages HighMem/MovableOnly [ 2169.085172][T26101] 318829 pages reserved [ 2169.090365][T26101] 0 pages cma reserved [ 2169.096057][T26101] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.4,pid=26059,uid=0 [ 2169.249265][ T144] systemd-journal invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 2169.271660][ T144] CPU: 1 PID: 144 Comm: systemd-journal Not tainted 5.4.56-syzkaller-00005-g8555f0d9d303 #0 [ 2169.282811][ T144] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2169.293460][ T144] Call Trace: [ 2169.296751][ T144] dump_stack+0x14a/0x1ce [ 2169.301081][ T144] ? devkmsg_release+0x11c/0x11c [ 2169.306033][ T144] ? show_regs_print_info+0x12/0x12 [ 2169.311229][ T144] ? radix_tree_cpu_dead+0x160/0x160 [ 2169.316518][ T144] ? _raw_spin_lock+0xa1/0x170 [ 2169.321278][ T144] ? _raw_spin_trylock_bh+0x190/0x190 [ 2169.326676][ T144] dump_header+0xdb/0x700 [ 2169.330998][ T144] oom_kill_process+0xd3/0x280 [ 2169.335749][ T144] out_of_memory+0x5b6/0x890 [ 2169.340324][ T144] ? unregister_oom_notifier+0x20/0x20 [ 2169.345766][ T144] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2169.351320][ T144] ? get_page_from_freelist+0x7c0/0x7c0 [ 2169.356846][ T144] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2169.362243][ T144] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2169.368570][ T144] pagecache_get_page+0x50f/0x880 [ 2169.373609][ T144] filemap_fault+0x14cb/0x1a30 [ 2169.378361][ T144] ? __down_read+0xf1/0x210 [ 2169.382874][ T144] ? generic_file_read_iter+0x20b0/0x20b0 [ 2169.388601][ T144] ? ___preempt_schedule+0x16/0x20 [ 2169.393707][ T144] ext4_filemap_fault+0x7b/0x90 [ 2169.398580][ T144] handle_mm_fault+0x29ca/0x41e0 [ 2169.403631][ T144] ? finish_fault+0x230/0x230 [ 2169.408513][ T144] ? down_read_trylock+0x17a/0x1d0 [ 2169.413633][ T144] ? vmacache_find+0x205/0x4b0 [ 2169.418520][ T144] do_user_addr_fault+0x48a/0x9f0 [ 2169.423561][ T144] page_fault+0x2f/0x40 [ 2169.427718][ T144] RIP: 0033:0x7ff88fdaaa60 [ 2169.432242][ T144] Code: Bad RIP value. [ 2169.436284][ T144] RSP: 002b:00007fff7a623e08 EFLAGS: 00010202 [ 2169.442331][ T144] RAX: 0000000000000001 RBX: 0000560bc4db9200 RCX: 00007ff88f469303 [ 2169.450302][ T144] RDX: 0000000000000001 RSI: 00007fff7a623e10 RDI: 0000560bc4db9330 [ 2169.458267][ T144] RBP: 00007fff7a624000 R08: 00007fff7a628080 R09: 00007fff7a6280a8 [ 2169.466383][ T144] R10: 00000000ffffffff R11: 0000000000000000 R12: 00007fff7a623e10 [ 2169.474451][ T144] R13: 0000000000000001 R14: 0000000000000001 R15: 0005ac3c3b563805 [ 2169.485308][ T144] Mem-Info: [ 2169.490688][ T144] active_anon:1417461 inactive_anon:9707 isolated_anon:0 [ 2169.490688][ T144] active_file:22 inactive_file:27 isolated_file:0 [ 2169.490688][ T144] unevictable:363 dirty:14 writeback:14 unstable:0 [ 2169.490688][ T144] slab_reclaimable:10787 slab_unreclaimable:78218 [ 2169.490688][ T144] mapped:57822 shmem:9776 pagetables:35891 bounce:0 [ 2169.490688][ T144] free:9249 free_pcp:186 free_cma:0 [ 2169.553281][ T144] Node 0 active_anon:5669844kB inactive_anon:38828kB active_file:40kB inactive_file:56kB unevictable:1452kB isolated(anon):0kB isolated(file):0kB mapped:231288kB dirty:56kB writeback:56kB shmem:39104kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2169.589918][ T144] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2169.618827][ T144] lowmem_reserve[]: 0 2912 6416 6416 [ 2169.624681][ T144] DMA32 free:17356kB min:4644kB low:7624kB high:10604kB active_anon:2847832kB inactive_anon:5352kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2983768kB mlocked:0kB kernel_stack:14144kB pagetables:17256kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2169.653734][ T144] lowmem_reserve[]: 0 0 3504 3504 [ 2169.659254][ T144] Normal free:3712kB min:5592kB low:9180kB high:12768kB active_anon:2822328kB inactive_anon:33476kB active_file:68kB inactive_file:60kB unevictable:1452kB writepending:16kB present:4718592kB managed:3588928kB mlocked:1452kB kernel_stack:29696kB pagetables:126268kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2169.689370][ T144] lowmem_reserve[]: 0 0 0 0 [ 2169.693911][ T144] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2169.707653][ T144] DMA32: 51*4kB (UM) 24*8kB (UME) 136*16kB (UME) 58*32kB (UME) 20*64kB (UME) 5*128kB (UME) 5*256kB (ME) 1*512kB (M) 1*1024kB (M) 2*2048kB (ME) 1*4096kB (U) = 17356kB [ 2169.724851][ T144] Normal: 86*4kB (UME) 26*8kB (UME) 24*16kB (UE) 3*32kB (E) 0*64kB 1*128kB (M) 2*256kB (UM) 2*512kB (M) 1*1024kB (M) 0*2048kB 0*4096kB = 3720kB [ 2169.740811][ T144] 10103 total pagecache pages [ 2169.746492][ T144] 0 pages in swap cache [ 2169.751232][ T144] Swap cache stats: add 0, delete 0, find 0/0 [ 2169.759120][ T144] Free swap = 0kB [ 2169.763048][ T144] Total swap = 0kB [ 2169.767324][ T144] 1965979 pages RAM [ 2169.771181][ T144] 0 pages HighMem/MovableOnly [ 2169.778220][ T144] 318829 pages reserved [ 2169.782415][ T144] 0 pages cma reserved [ 2169.787280][ T144] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.1,pid=20043,uid=0 [ 2169.802421][ T144] Out of memory: Killed process 20043 (syz-executor.1) total-vm:75240kB, anon-rss:16572kB, file-rss:35776kB, shmem-rss:0kB, UID:0 pgtables:164kB oom_score_adj:1000 [ 2169.823420][ T23] oom_reaper: reaped process 20043 (syz-executor.1), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 2169.887383][T26157] syz-executor.1 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 2169.899519][T26157] CPU: 0 PID: 26157 Comm: syz-executor.1 Not tainted 5.4.56-syzkaller-00005-g8555f0d9d303 #0 [ 2169.909666][T26157] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2169.919715][T26157] Call Trace: [ 2169.923009][T26157] dump_stack+0x14a/0x1ce [ 2169.927355][T26157] ? devkmsg_release+0x11c/0x11c [ 2169.932294][T26157] ? show_regs_print_info+0x12/0x12 [ 2169.937474][T26157] ? radix_tree_cpu_dead+0x160/0x160 [ 2169.942738][T26157] ? _raw_spin_lock+0xa1/0x170 [ 2169.947510][T26157] ? _raw_spin_trylock_bh+0x190/0x190 [ 2169.952875][T26157] dump_header+0xdb/0x700 [ 2169.957213][T26157] oom_kill_process+0xd3/0x280 [ 2169.961982][T26157] out_of_memory+0x5b6/0x890 [ 2169.966618][T26157] ? unregister_oom_notifier+0x20/0x20 [ 2169.972071][T26157] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2169.977625][T26157] ? get_page_from_freelist+0x7c0/0x7c0 [ 2169.983175][T26157] ? __zone_watermark_ok+0x91/0x280 [ 2169.988351][T26157] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2169.993719][T26157] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2169.999262][T26157] ? copy_process+0x5a4/0x5110 [ 2170.004151][T26157] ? copy_process+0x5a4/0x5110 [ 2170.008907][T26157] ? kmem_cache_alloc+0x1d5/0x260 [ 2170.013916][T26157] copy_process+0x5f3/0x5110 [ 2170.018505][T26157] ? is_mmconf_reserved+0x420/0x420 [ 2170.023694][T26157] ? preempt_schedule+0x110/0x130 [ 2170.028720][T26157] ? schedule_preempt_disabled+0x20/0x20 [ 2170.034357][T26157] ? native_apic_mem_read+0x40/0x40 [ 2170.039559][T26157] ? fork_idle+0x290/0x290 [ 2170.043979][T26157] ? dequeue_rt_stack+0xea0/0xea0 [ 2170.049006][T26157] ? irq_work_queue_on+0x289/0x2d0 [ 2170.054122][T26157] _do_fork+0x196/0x920 [ 2170.058302][T26157] ? dup_mm+0x300/0x300 [ 2170.062456][T26157] ? ktime_get_raw+0x130/0x130 [ 2170.067240][T26157] __x64_sys_clone+0x25e/0x2c0 [ 2170.072003][T26157] ? __ia32_sys_vfork+0x110/0x110 [ 2170.077033][T26157] ? __x64_sys_clock_gettime+0x20d/0x260 [ 2170.082665][T26157] do_syscall_64+0xcb/0x150 [ 2170.087158][T26157] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2170.093057][T26157] RIP: 0033:0x45ccd9 [ 2170.097137][T26157] Code: 2d b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb b5 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2170.116742][T26157] RSP: 002b:00007f08e9582c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2170.125593][T26157] RAX: ffffffffffffffda RBX: 0000000000001f00 RCX: 000000000045ccd9 [ 2170.133586][T26157] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000103 [ 2170.141550][T26157] RBP: 000000000078c130 R08: ffffffffffffffff R09: 0000000000000000 [ 2170.149523][T26157] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078c0ec [ 2170.157511][T26157] R13: 00007ffee81ce42f R14: 00007f08e95839c0 R15: 000000000078c0ec [ 2170.166491][T26157] Mem-Info: [ 2170.169808][T26157] active_anon:1417275 inactive_anon:9707 isolated_anon:0 [ 2170.169808][T26157] active_file:32 inactive_file:0 isolated_file:0 [ 2170.169808][T26157] unevictable:363 dirty:5 writeback:0 unstable:0 [ 2170.169808][T26157] slab_reclaimable:10780 slab_unreclaimable:78237 [ 2170.169808][T26157] mapped:57782 shmem:9776 pagetables:35886 bounce:0 [ 2170.169808][T26157] free:9530 free_pcp:138 free_cma:0 [ 2170.209130][T26157] Node 0 active_anon:5669100kB inactive_anon:38828kB active_file:128kB inactive_file:0kB unevictable:1452kB isolated(anon):0kB isolated(file):0kB mapped:231128kB dirty:20kB writeback:0kB shmem:39104kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2170.233473][T26157] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2170.266961][T26157] lowmem_reserve[]: 0 2912 6416 6416 [ 2170.319996][T26157] DMA32 free:17284kB min:4644kB low:7624kB high:10604kB active_anon:2846756kB inactive_anon:5352kB active_file:0kB inactive_file:88kB unevictable:0kB writepending:4kB present:3129332kB managed:2983768kB mlocked:0kB kernel_stack:14208kB pagetables:17276kB bounce:0kB free_pcp:560kB local_pcp:64kB free_cma:0kB [ 2170.349030][T26157] lowmem_reserve[]: 0 0 3504 3504 [ 2170.354138][T26157] Normal free:4496kB min:5592kB low:9180kB high:12768kB active_anon:2821312kB inactive_anon:33476kB active_file:8kB inactive_file:112kB unevictable:1452kB writepending:16kB present:4718592kB managed:3588928kB mlocked:1452kB kernel_stack:29440kB pagetables:126268kB bounce:0kB free_pcp:448kB local_pcp:448kB free_cma:0kB [ 2170.384041][T26157] lowmem_reserve[]: 0 0 0 0 [ 2170.388674][T26157] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2170.402575][T26157] DMA32: 45*4kB (UM) 20*8kB (UME) 130*16kB (UMEH) 55*32kB (UMEH) 19*64kB (UMEH) 12*128kB (UME) 6*256kB (ME) 1*512kB (M) 1*1024kB (M) 2*2048kB (ME) 1*4096kB (U) = 18196kB [ 2170.420274][T26157] Normal: 345*4kB (UME) 58*8kB (UME) 41*16kB (UME) 12*32kB (UME) 5*64kB (M) 2*128kB (M) 2*256kB (M) 2*512kB (M) 1*1024kB (M) 0*2048kB 0*4096kB = 6020kB [ 2170.456457][T26157] 10154 total pagecache pages [ 2170.461142][T26157] 0 pages in swap cache [ 2170.465315][T26157] Swap cache stats: add 0, delete 0, find 0/0 [ 2170.471496][T26157] Free swap = 0kB [ 2170.475245][T26157] Total swap = 0kB [ 2170.478972][T26157] 1965979 pages RAM [ 2170.482776][T26157] 0 pages HighMem/MovableOnly [ 2170.487487][T26157] 318829 pages reserved [ 2170.491637][T26157] 0 pages cma reserved [ 2170.495730][T26157] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.1,pid=16359,uid=0 [ 2170.509888][T26157] Out of memory: Killed process 16359 (syz-executor.1) total-vm:75240kB, anon-rss:16572kB, file-rss:35776kB, shmem-rss:0kB, UID:0 pgtables:164kB oom_score_adj:1000 [ 2170.532099][ T23] oom_reaper: reaped process 16359 (syz-executor.1), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 21:32:58 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) 21:32:58 executing program 2: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:32:58 executing program 0: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, 0x0, 0x0, 0x0, 0x0) 21:32:58 executing program 3: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x2, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r3, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:32:58 executing program 4: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x0) 21:32:58 executing program 5: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, 0x0, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:32:58 executing program 0: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, 0x0, 0x0, 0x0, 0x0) 21:32:58 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) 21:32:58 executing program 5: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, 0x0, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:32:59 executing program 3: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r3, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:32:59 executing program 2: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:32:59 executing program 0: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, 0x0, 0x0, 0x0, 0x0) 21:32:59 executing program 5: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) 21:32:59 executing program 3: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r3, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:32:59 executing program 1: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, 0x0, 0x0, 0x0, 0x0) 21:32:59 executing program 4: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x0) 21:32:59 executing program 0: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, 0x0, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) [ 2171.799002][ T356] syz-executor.2 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=0 [ 2171.812097][ T356] CPU: 1 PID: 356 Comm: syz-executor.2 Not tainted 5.4.56-syzkaller-00005-g8555f0d9d303 #0 [ 2171.822111][ T356] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2171.832187][ T356] Call Trace: [ 2171.835463][ T356] dump_stack+0x14a/0x1ce [ 2171.839769][ T356] ? devkmsg_release+0x11c/0x11c [ 2171.845571][ T356] ? show_regs_print_info+0x12/0x12 [ 2171.850757][ T356] ? radix_tree_cpu_dead+0x160/0x160 [ 2171.856021][ T356] ? _raw_spin_lock+0xa1/0x170 [ 2171.860762][ T356] ? _raw_spin_trylock_bh+0x190/0x190 [ 2171.866131][ T356] dump_header+0xdb/0x700 [ 2171.870439][ T356] oom_kill_process+0xd3/0x280 [ 2171.875222][ T356] out_of_memory+0x5b6/0x890 [ 2171.879816][ T356] ? unregister_oom_notifier+0x20/0x20 [ 2171.885295][ T356] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2171.890856][ T356] ? get_page_from_freelist+0x7c0/0x7c0 [ 2171.896378][ T356] ? __zone_watermark_ok+0x91/0x280 [ 2171.901562][ T356] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2171.906968][ T356] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2171.912493][ T356] ? copy_process+0x5a4/0x5110 [ 2171.917231][ T356] ? kmem_cache_alloc+0x1d5/0x260 [ 2171.922243][ T356] copy_process+0x5f3/0x5110 [ 2171.926821][ T356] ? _raw_spin_unlock+0x5/0x20 [ 2171.931557][ T356] ? do_swap_page+0x1560/0x1560 [ 2171.936381][ T356] ? fork_idle+0x290/0x290 [ 2171.940769][ T356] _do_fork+0x196/0x920 [ 2171.944902][ T356] ? finish_fault+0x230/0x230 [ 2171.949557][ T356] ? dup_mm+0x300/0x300 [ 2171.953696][ T356] ? ktime_get_raw+0x130/0x130 [ 2171.958431][ T356] __x64_sys_clone+0x25e/0x2c0 [ 2171.963180][ T356] ? __ia32_sys_vfork+0x110/0x110 [ 2171.968190][ T356] ? __x64_sys_clock_gettime+0x20d/0x260 [ 2171.973820][ T356] ? do_user_addr_fault+0x55c/0x9f0 [ 2171.978996][ T356] do_syscall_64+0xcb/0x150 [ 2171.983483][ T356] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2171.989366][ T356] RIP: 0033:0x45b2aa [ 2171.993253][ T356] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 2172.012847][ T356] RSP: 002b:00007ffdfaf6b3c0 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2172.021343][ T356] RAX: ffffffffffffffda RBX: 00007ffdfaf6b3c0 RCX: 000000000045b2aa [ 2172.029300][ T356] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 2172.037251][ T356] RBP: 00007ffdfaf6b400 R08: 0000000000000001 R09: 0000000001b3d940 [ 2172.045217][ T356] R10: 0000000001b3dc10 R11: 0000000000000246 R12: 0000000000000001 [ 2172.053177][ T356] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffdfaf6b450 [ 2172.068104][ T356] Mem-Info: 21:32:59 executing program 2: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) [ 2172.111966][ T356] active_anon:1414867 inactive_anon:9707 isolated_anon:0 [ 2172.111966][ T356] active_file:193 inactive_file:238 isolated_file:0 [ 2172.111966][ T356] unevictable:363 dirty:12 writeback:0 unstable:0 [ 2172.111966][ T356] slab_reclaimable:10733 slab_unreclaimable:78389 [ 2172.111966][ T356] mapped:58071 shmem:9776 pagetables:35873 bounce:0 [ 2172.111966][ T356] free:10671 free_pcp:840 free_cma:0 21:33:00 executing program 3: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r3, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:33:00 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/netlink\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0xc000000, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) 21:33:00 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r2, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) [ 2172.155422][ T356] Node 0 active_anon:5659568kB inactive_anon:38828kB active_file:64kB inactive_file:192kB unevictable:1452kB isolated(anon):0kB isolated(file):0kB mapped:231484kB dirty:48kB writeback:0kB shmem:39104kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2172.180461][ T356] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2172.232901][ T356] lowmem_reserve[]: 0 2912 6416 6416 [ 2172.241376][ T356] DMA32 free:22612kB min:4644kB low:7624kB high:10604kB active_anon:2834148kB inactive_anon:5352kB active_file:1088kB inactive_file:1740kB unevictable:0kB writepending:0kB present:3129332kB managed:2983768kB mlocked:0kB kernel_stack:14304kB pagetables:17712kB bounce:0kB free_pcp:1176kB local_pcp:844kB free_cma:0kB [ 2172.287722][ T356] lowmem_reserve[]: 0 0 3504 3504 [ 2172.293100][ T356] Normal free:8696kB min:5592kB low:9180kB high:12768kB active_anon:2817888kB inactive_anon:33476kB active_file:108kB inactive_file:764kB unevictable:1452kB writepending:0kB present:4718592kB managed:3588928kB mlocked:1452kB kernel_stack:29056kB pagetables:125788kB bounce:0kB free_pcp:2704kB local_pcp:1408kB free_cma:0kB [ 2172.326706][ T356] lowmem_reserve[]: 0 0 0 0 [ 2172.331209][ T356] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2172.344619][ T356] DMA32: 977*4kB (UME) 367*8kB (UME) 69*16kB (UMEH) 37*32kB (UMEH) 15*64kB (UMEH) 4*128kB (UME) 23*256kB (UME) 3*512kB (UM) 1*1024kB (M) 3*2048kB (UME) 0*4096kB = 25196kB [ 2172.361653][ T356] Normal: 637*4kB (UME) 131*8kB (UME) 18*16kB (UME) 37*32kB (UMEH) 11*64kB (UM) 8*128kB (UM) 2*256kB (UM) 2*512kB (U) 1*1024kB (U) 0*2048kB 0*4096kB = 9356kB [ 2172.377541][ T356] 10998 total pagecache pages [ 2172.382217][ T356] 0 pages in swap cache [ 2172.386372][ T356] Swap cache stats: add 0, delete 0, find 0/0 [ 2172.392433][ T356] Free swap = 0kB [ 2172.396162][ T356] Total swap = 0kB [ 2172.399860][ T356] 1965979 pages RAM [ 2172.403647][ T356] 0 pages HighMem/MovableOnly [ 2172.408340][ T356] 318829 pages reserved [ 2172.412502][ T356] 0 pages cma reserved [ 2172.416754][ T356] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.1,pid=20077,uid=0 [ 2172.431006][ T356] Out of memory: Killed process 20077 (syz-executor.1) total-vm:75240kB, anon-rss:16572kB, file-rss:35772kB, shmem-rss:0kB, UID:0 pgtables:164kB oom_score_adj:1000 21:33:00 executing program 4: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x0) 21:33:00 executing program 3: prlimit64(0x0, 0xe, 0x0, 0x0) getpid() r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r3, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:33:00 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r2, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:33:00 executing program 5: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) 21:33:00 executing program 2: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x0, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:33:00 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/netlink\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0xc000000, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) [ 2173.172236][T26306] syz-executor.3 invoked oom-killer: gfp_mask=0x1100dca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO|0x1000000), order=0, oom_score_adj=1000 [ 2173.188118][T26306] CPU: 1 PID: 26306 Comm: syz-executor.3 Not tainted 5.4.56-syzkaller-00005-g8555f0d9d303 #0 [ 2173.198281][T26306] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2173.208327][T26306] Call Trace: [ 2173.211599][T26306] dump_stack+0x14a/0x1ce [ 2173.215904][T26306] ? devkmsg_release+0x11c/0x11c [ 2173.221075][T26306] ? show_regs_print_info+0x12/0x12 [ 2173.226246][T26306] ? radix_tree_cpu_dead+0x160/0x160 [ 2173.231523][T26306] ? _raw_spin_lock+0xa1/0x170 [ 2173.236269][T26306] ? _raw_spin_trylock_bh+0x190/0x190 [ 2173.241613][T26306] dump_header+0xdb/0x700 [ 2173.245918][T26306] oom_kill_process+0xd3/0x280 [ 2173.250657][T26306] out_of_memory+0x5b6/0x890 [ 2173.255240][T26306] ? unregister_oom_notifier+0x20/0x20 [ 2173.260675][T26306] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2173.266195][T26306] ? get_page_from_freelist+0x7c0/0x7c0 [ 2173.271721][T26306] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2173.277865][T26306] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2173.283393][T26306] handle_mm_fault+0x18e6/0x41e0 [ 2173.288320][T26306] ? find_vma+0x150/0x150 [ 2173.292650][T26306] ? finish_fault+0x230/0x230 [ 2173.297330][T26306] ? up_write+0xa1/0x190 [ 2173.301546][T26306] ? down_read_trylock+0x17a/0x1d0 [ 2173.306635][T26306] ? vmacache_update+0x9f/0xf0 [ 2173.311390][T26306] do_user_addr_fault+0x48a/0x9f0 [ 2173.316411][T26306] page_fault+0x2f/0x40 [ 2173.320537][T26306] RIP: 0033:0x4142bf [ 2173.324406][T26306] Code: 0f 84 c8 02 00 00 48 83 bd 78 ff ff ff 00 0f 84 f9 04 00 00 48 8b 95 68 ff ff ff 44 89 95 38 ff ff ff 4c 8d ac 10 00 f7 ff ff <49> 89 85 90 06 00 00 49 8d 85 10 03 00 00 49 89 95 98 06 00 00 41 [ 2173.344030][T26306] RSP: 002b:00007ffd7c796570 EFLAGS: 00010206 [ 2173.350083][T26306] RAX: 00007fbf5a9b1000 RBX: 0000000000020000 RCX: 000000000045cd2a [ 2173.358060][T26306] RDX: 0000000000021000 RSI: 0000000000021000 RDI: 0000000000000000 [ 2173.366017][T26306] RBP: 00007ffd7c796650 R08: ffffffffffffffff R09: 0000000000000000 [ 2173.373978][T26306] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd7c796750 [ 2173.381941][T26306] R13: 00007fbf5a9d1700 R14: 0000000000000992 R15: 000000000078c0ec [ 2173.390141][T26306] Mem-Info: [ 2173.407226][T26306] active_anon:1417100 inactive_anon:9707 isolated_anon:0 [ 2173.407226][T26306] active_file:11 inactive_file:7 isolated_file:0 [ 2173.407226][T26306] unevictable:363 dirty:7 writeback:0 unstable:0 [ 2173.407226][T26306] slab_reclaimable:10638 slab_unreclaimable:78562 [ 2173.407226][T26306] mapped:57831 shmem:9776 pagetables:36039 bounce:0 [ 2173.407226][T26306] free:9077 free_pcp:136 free_cma:0 [ 2173.447851][T26306] Node 0 active_anon:5668400kB inactive_anon:38828kB active_file:40kB inactive_file:32kB unevictable:1452kB isolated(anon):0kB isolated(file):0kB mapped:231320kB dirty:36kB writeback:0kB shmem:39104kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2173.473737][T26306] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2173.501070][T26306] lowmem_reserve[]: 0 2912 6416 6416 [ 2173.506426][T26306] DMA32 free:16812kB min:4644kB low:7624kB high:10604kB active_anon:2842308kB inactive_anon:5352kB active_file:344kB inactive_file:388kB unevictable:0kB writepending:0kB present:3129332kB managed:2983768kB mlocked:0kB kernel_stack:14848kB pagetables:18560kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2173.538773][T26306] lowmem_reserve[]: 0 0 3504 3504 [ 2173.543833][T26306] Normal free:4140kB min:5592kB low:9180kB high:12768kB active_anon:2825592kB inactive_anon:33476kB active_file:0kB inactive_file:156kB unevictable:1452kB writepending:0kB present:4718592kB managed:3588928kB mlocked:1452kB kernel_stack:29024kB pagetables:125596kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2173.582692][T26306] lowmem_reserve[]: 0 0 0 0 [ 2173.587433][T26306] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2173.604197][T26306] DMA32: 46*4kB (UM) 31*8kB (UME) 53*16kB (UME) 23*32kB (UME) 13*64kB (UME) 3*128kB (UE) 3*256kB (UE) 4*512kB (M) 3*1024kB (UM) 2*2048kB (ME) 1*4096kB (M) = 17312kB [ 2173.622619][T26306] Normal: 124*4kB (UME) 27*8kB (UME) 13*16kB (UME) 14*32kB (UME) 5*64kB (UM) 3*128kB (UM) 1*256kB (M) 2*512kB (UM) 1*1024kB (M) 0*2048kB 0*4096kB = 4376kB [ 2173.641029][T26306] 10096 total pagecache pages [ 2173.645780][T26306] 0 pages in swap cache [ 2173.649941][T26306] Swap cache stats: add 0, delete 0, find 0/0 [ 2173.657345][T26306] Free swap = 0kB [ 2173.661161][T26306] Total swap = 0kB [ 2173.664911][T26306] 1965979 pages RAM [ 2173.668729][T26306] 0 pages HighMem/MovableOnly [ 2173.673411][T26306] 318829 pages reserved [ 2173.678319][T26306] 0 pages cma reserved [ 2173.682417][T26306] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.3,pid=25943,uid=0 [ 2173.697096][T26306] Out of memory: Killed process 25943 (syz-executor.3) total-vm:75240kB, anon-rss:16568kB, file-rss:35776kB, shmem-rss:0kB, UID:0 pgtables:160kB oom_score_adj:1000 [ 2173.720873][ T23] oom_reaper: reaped process 25943 (syz-executor.3), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 21:33:01 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r2, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:33:01 executing program 4: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, 0x0, 0x0, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x0) 21:33:01 executing program 5: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) 21:33:01 executing program 2: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x0, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:33:01 executing program 3: prlimit64(0x0, 0xe, 0x0, 0x0) getpid() r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r3, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:33:01 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:33:01 executing program 1: mlockall(0x7) ioctl$HIDIOCSFEATURE(0xffffffffffffffff, 0xc0404806, 0x0) open(&(0x7f0000000140)='./bus\x00', 0x0, 0x0) getsockopt$IP_SET_OP_GET_FNAME(0xffffffffffffffff, 0x1, 0x53, &(0x7f00000001c0)={0x8, 0x7, 0x0, 'syz1\x00'}, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='pagemap\x00') read$char_usb(r0, 0x0, 0x7ffff000) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000040)={r0, &(0x7f0000000000)="a009bb4d0acf4a7408d6615d29462cb1c0e0263c47f5565a14f4e2d08dee182e"}, 0x20) ioctl$KDFONTOP_SET(0xffffffffffffffff, 0x4b72, 0x0) perf_event_open(&(0x7f00000000c0)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0xffffffffffffffff}, 0x8940, 0x0, 0x0, 0x7, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000000)='pagemap\x00') read$char_usb(r1, 0x0, 0x7ffff000) setxattr$security_selinux(&(0x7f0000000080)='./bus\x00', &(0x7f0000000200)='security.selinux\x00', &(0x7f0000000240)='system_u:object_r:hald_keymap_exec_t:s0\x00', 0x28, 0x1) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x2400, 0x71) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) munlockall() r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NFNL_MSG_CTHELPER_DEL(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000500)={&(0x7f0000000440)={0xbc, 0x2, 0x9, 0x401, 0x0, 0x0, {0x5, 0x0, 0xa}, [@NFCTH_STATUS={0x8, 0x6, 0x1, 0x0, 0x1}, @NFCTH_QUEUE_NUM={0x8, 0x3, 0x1, 0x0, 0x101}, @NFCTH_POLICY={0xc, 0x4, 0x0, 0x1, {0x8, 0x1, 0x1, 0x0, 0x6}}, @NFCTH_TUPLE={0x3c, 0x2, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, {0x8, 0x2, @local}}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast2}, {0x8, 0x2, @dev={0xac, 0x14, 0x14, 0xd}}}}]}, @NFCTH_QUEUE_NUM={0x8, 0x3, 0x1, 0x0, 0x20}, @NFCTH_PRIV_DATA_LEN={0x8, 0x5, 0x1, 0x0, 0xa}, @NFCTH_TUPLE={0x40, 0x2, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast2}, {0x8, 0x2, @private=0xa010101}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x11}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x8, 0x2, @local}}}]}]}, 0xbc}, 0x1, 0x0, 0x0, 0x8004}, 0x8084) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0xfffffffffffffdc1, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x4000850}, 0x0) sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=@newlink={0x158, 0x10, 0x401, 0x400000, 0x0, {0x0, 0x0, 0x0, 0x0, 0x42df58543c8380db}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @ipip6={{0xb, 0x1, 'ip6tnl\x00'}, {0x20, 0x2, 0x0, 0x1, [@IFLA_IPTUN_ENCAP_FLAGS={0x6}, @IFLA_IPTUN_LOCAL={0x14, 0x3, @rand_addr=' \x01\x00'}]}}}, @IFLA_MTU={0xfffffe65, 0x4, 0x10001}, @IFLA_MASTER={0x8}, @IFLA_PHYS_SWITCH_ID={0xa, 0x24, "52e9e867cc93"}, @IFLA_WEIGHT={0x8, 0xf, 0x5}, @IFLA_VFINFO_LIST={0xe4, 0x16, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, [@IFLA_VF_TX_RATE={0xc, 0x3, {0x6006, 0x4}}, @IFLA_VF_RATE={0x10, 0x6, {0xa4, 0x9, 0x1f}}]}, {0x88, 0x1, 0x0, 0x1, [@IFLA_VF_TX_RATE={0xc, 0x3, {0x7, 0x9}}, @IFLA_VF_SPOOFCHK={0xc, 0x4, {0x4, 0x7}}, @IFLA_VF_VLAN={0x10, 0x2, {0x7c, 0xa34, 0x200}}, @IFLA_VF_MAC={0x28, 0x1, {0x6, @broadcast}}, @IFLA_VF_MAC={0x28, 0x1, {0x69, @dev={[], 0x1e}}}, @IFLA_VF_TX_RATE={0xc, 0x3, {0x7fff, 0xfbb}}]}, {0x28, 0x1, 0x0, 0x1, [@IFLA_VF_IB_NODE_GUID={0x14, 0xa, {0x7, 0x40}}, @IFLA_VF_RATE={0x10, 0x6, {0x1, 0x80000000, 0x20}}]}, {0x10, 0x1, 0x0, 0x1, [@IFLA_VF_SPOOFCHK={0xc, 0x4, {0x7, 0x1}}]}]}]}, 0x158}}, 0x0) [ 2174.023580][T26365] syz-executor.0 invoked oom-killer: gfp_mask=0x1100dca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO|0x1000000), order=0, oom_score_adj=1000 [ 2174.037716][T26365] CPU: 1 PID: 26365 Comm: syz-executor.0 Not tainted 5.4.56-syzkaller-00005-g8555f0d9d303 #0 [ 2174.047871][T26365] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2174.057939][T26365] Call Trace: [ 2174.061229][T26365] dump_stack+0x14a/0x1ce [ 2174.065564][T26365] ? devkmsg_release+0x11c/0x11c [ 2174.070497][T26365] ? show_regs_print_info+0x12/0x12 [ 2174.075697][T26365] ? radix_tree_cpu_dead+0x160/0x160 [ 2174.080985][T26365] ? _raw_spin_lock+0xa1/0x170 [ 2174.085744][T26365] ? _raw_spin_trylock_bh+0x190/0x190 [ 2174.091117][T26365] dump_header+0xdb/0x700 [ 2174.095440][T26365] oom_kill_process+0xd3/0x280 [ 2174.100349][T26365] out_of_memory+0x5b6/0x890 [ 2174.104938][T26365] ? unregister_oom_notifier+0x20/0x20 [ 2174.110413][T26365] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2174.115954][T26365] ? get_page_from_freelist+0x7c0/0x7c0 [ 2174.121492][T26365] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2174.126872][T26365] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2174.132409][T26365] ? mem_cgroup_commit_charge+0x1cc/0x2a0 [ 2174.138123][T26365] ? mem_cgroup_try_charge_delay+0x10/0x10 [ 2174.143918][T26365] ? __lru_cache_add+0x1a1/0x1f0 [ 2174.148845][T26365] wp_page_copy+0x1cb/0x1120 [ 2174.153426][T26365] ? add_mm_rss_vec+0x270/0x270 [ 2174.158262][T26365] ? vm_normal_page+0x1c9/0x1d0 [ 2174.163102][T26365] do_wp_page+0x4c1/0x1530 [ 2174.167509][T26365] ? push_rt_tasks+0x4f8/0x670 [ 2174.172276][T26365] ? _raw_spin_lock+0xa1/0x170 [ 2174.177043][T26365] ? do_swap_page+0x1560/0x1560 [ 2174.181878][T26365] handle_mm_fault+0xfa5/0x41e0 [ 2174.186716][T26365] ? finish_fault+0x230/0x230 [ 2174.191390][T26365] ? push_rt_tasks+0x4f8/0x670 [ 2174.196146][T26365] ? down_read_trylock+0x17a/0x1d0 [ 2174.201253][T26365] ? vmacache_find+0x205/0x4b0 [ 2174.206040][T26365] do_user_addr_fault+0x48a/0x9f0 [ 2174.211075][T26365] page_fault+0x2f/0x40 [ 2174.215267][T26365] RIP: 0010:copy_user_enhanced_fast_string+0xe/0x30 [ 2174.221848][T26365] Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 89 d1 f3 a4 [ 2174.241448][T26365] RSP: 0018:ffff888103a47888 EFLAGS: 00010206 [ 2174.247528][T26365] RAX: ffffffff81f80e01 RBX: 00000000201d7500 RCX: 0000000000000500 [ 2174.255505][T26365] RDX: 0000000000001000 RSI: ffff888045550b00 RDI: 00000000201d7000 [ 2174.263468][T26365] RBP: ffff888103a47da8 R08: dffffc0000000000 R09: ffffed1008aaa200 [ 2174.271426][T26365] R10: 0000000000000000 R11: 0000000000000000 R12: 00007ffffffff000 [ 2174.279381][T26365] R13: 0000000000001000 R14: ffff888045550000 R15: 00000000201d6500 [ 2174.287354][T26365] ? _copy_to_iter+0x1021/0x1060 [ 2174.292294][T26365] copyout+0x8e/0xb0 [ 2174.296192][T26365] copy_page_to_iter+0x393/0xbd0 [ 2174.301135][T26365] pipe_to_user+0xa3/0x130 [ 2174.306422][T26365] __splice_from_pipe+0x2d3/0x870 [ 2174.311446][T26365] ? user_page_pipe_buf_steal+0xc0/0xc0 [ 2174.317006][T26365] do_vmsplice+0x252/0xee0 [ 2174.321423][T26365] ? avc_ss_reset+0x3a0/0x3a0 [ 2174.326115][T26365] ? write_pipe_buf+0x1d0/0x1d0 [ 2174.330964][T26365] ? __rcu_read_lock+0x50/0x50 [ 2174.335725][T26365] ? check_stack_object+0x5a/0x90 [ 2174.340745][T26365] ? _copy_from_user+0xa4/0xe0 [ 2174.345506][T26365] ? rw_copy_check_uvector+0x2b3/0x310 [ 2174.350958][T26365] ? import_iovec+0x1c2/0x380 [ 2174.355629][T26365] ? dup_iter+0x110/0x110 [ 2174.360068][T26365] ? do_vfs_ioctl+0x780/0x1750 [ 2174.364834][T26365] __se_sys_vmsplice+0x1fb/0x300 [ 2174.369771][T26365] ? __x64_sys_vmsplice+0xa0/0xa0 [ 2174.374806][T26365] ? put_timespec64+0x109/0x150 [ 2174.379661][T26365] ? __x64_sys_clock_gettime+0x20d/0x260 [ 2174.385308][T26365] ? __ia32_sys_clock_settime+0x2a0/0x2a0 [ 2174.391041][T26365] do_syscall_64+0xcb/0x150 [ 2174.395540][T26365] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2174.401420][T26365] RIP: 0033:0x45ccd9 [ 2174.405306][T26365] Code: 2d b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb b5 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2174.424934][T26365] RSP: 002b:00007fde41c07c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000116 [ 2174.433341][T26365] RAX: ffffffffffffffda RBX: 0000000000035780 RCX: 000000000045ccd9 [ 2174.441326][T26365] RDX: 0000000000000001 RSI: 0000000020000000 RDI: 0000000000000004 [ 2174.449724][T26365] RBP: 000000000078c088 R08: 0000000000000000 R09: 0000000000000000 [ 2174.458412][T26365] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078c04c [ 2174.466376][T26365] R13: 00007ffc21977a6f R14: 00007fde41c089c0 R15: 000000000078c04c [ 2174.474551][T26365] Mem-Info: [ 2174.477802][T26365] active_anon:1414385 inactive_anon:9707 isolated_anon:0 [ 2174.477802][T26365] active_file:96 inactive_file:131 isolated_file:25 [ 2174.477802][T26365] unevictable:388 dirty:54 writeback:1 unstable:0 [ 2174.477802][T26365] slab_reclaimable:10638 slab_unreclaimable:78651 [ 2174.477802][T26365] mapped:58022 shmem:9776 pagetables:36008 bounce:0 [ 2174.477802][T26365] free:10766 free_pcp:757 free_cma:0 [ 2174.515825][T26365] Node 0 active_anon:5657540kB inactive_anon:38828kB active_file:384kB inactive_file:524kB unevictable:1552kB isolated(anon):0kB isolated(file):200kB mapped:232088kB dirty:216kB writeback:4kB shmem:39104kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2174.540445][T26365] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2174.568313][T26365] lowmem_reserve[]: 0 2912 6416 6416 [ 2174.575024][T26365] DMA32 free:17448kB min:4644kB low:7624kB high:10604kB active_anon:2839888kB inactive_anon:5352kB active_file:0kB inactive_file:528kB unevictable:0kB writepending:8kB present:3129332kB managed:2983768kB mlocked:0kB kernel_stack:14688kB pagetables:18428kB bounce:0kB free_pcp:1584kB local_pcp:1152kB free_cma:0kB [ 2174.605024][T26365] lowmem_reserve[]: 0 0 3504 3504 [ 2174.610764][T26365] Normal free:9712kB min:5592kB low:9180kB high:12768kB active_anon:2817160kB inactive_anon:33476kB active_file:836kB inactive_file:416kB unevictable:1452kB writepending:12kB present:4718592kB managed:3588928kB mlocked:1452kB kernel_stack:29024kB pagetables:125604kB bounce:0kB free_pcp:2532kB local_pcp:1032kB free_cma:0kB [ 2174.647364][T26365] lowmem_reserve[]: 0 0 0 0 [ 2174.651876][T26365] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2174.665220][T26365] DMA32: 34*4kB (UH) 1*8kB (E) 72*16kB (UEH) 11*32kB (UE) 9*64kB (MEH) 13*128kB (MEH) 3*256kB (ME) 5*512kB (MH) 2*1024kB (M) 2*2048kB (ME) 1*4096kB (M) = 17456kB [ 2174.681448][T26365] Normal: 31*4kB (UME) 21*8kB (UME) 7*16kB (UME) 70*32kB (UME) 26*64kB (UM) 3*128kB (M) 0*256kB 1*512kB (M) 1*1024kB (M) 0*2048kB 0*4096kB = 6228kB [ 2174.696490][T26365] 10204 total pagecache pages [ 2174.701174][T26365] 0 pages in swap cache [ 2174.705348][T26365] Swap cache stats: add 0, delete 0, find 0/0 [ 2174.711407][T26365] Free swap = 0kB [ 2174.715146][T26365] Total swap = 0kB [ 2174.718856][T26365] 1965979 pages RAM [ 2174.722650][T26365] 0 pages HighMem/MovableOnly [ 2174.727363][T26365] 318829 pages reserved [ 2174.731509][T26365] 0 pages cma reserved [ 2174.735592][T26365] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.3,pid=25063,uid=0 [ 2174.750692][T26365] Out of memory: Killed process 25063 (syz-executor.3) total-vm:75240kB, anon-rss:16568kB, file-rss:35776kB, shmem-rss:0kB, UID:0 pgtables:160kB oom_score_adj:1000 [ 2174.785972][ T23] oom_reaper: reaped process 25063 (syz-executor.3), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 2174.802081][ T359] syz-executor.1 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 2174.824247][ T359] CPU: 0 PID: 359 Comm: syz-executor.1 Not tainted 5.4.56-syzkaller-00005-g8555f0d9d303 #0 [ 2174.834253][ T359] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2174.844319][ T359] Call Trace: [ 2174.847610][ T359] dump_stack+0x14a/0x1ce [ 2174.851919][ T359] ? devkmsg_release+0x11c/0x11c [ 2174.856840][ T359] ? show_regs_print_info+0x12/0x12 [ 2174.862079][ T359] ? radix_tree_cpu_dead+0x160/0x160 [ 2174.867393][ T359] ? _raw_spin_lock+0xa1/0x170 [ 2174.872247][ T359] ? _raw_spin_trylock_bh+0x190/0x190 [ 2174.878321][ T359] dump_header+0xdb/0x700 [ 2174.882653][ T359] oom_kill_process+0xd3/0x280 [ 2174.887423][ T359] out_of_memory+0x5b6/0x890 [ 2174.892022][ T359] ? unregister_oom_notifier+0x20/0x20 [ 2174.897493][ T359] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2174.903028][ T359] ? get_page_from_freelist+0x7c0/0x7c0 [ 2174.908578][ T359] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2174.913945][ T359] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2174.919654][ T359] pagecache_get_page+0x50f/0x880 [ 2174.924686][ T359] filemap_fault+0x14cb/0x1a30 [ 2174.929430][ T359] ? __down_read+0xf1/0x210 [ 2174.933918][ T359] ? generic_file_read_iter+0x20b0/0x20b0 [ 2174.939646][ T359] ? is_mmconf_reserved+0x420/0x420 [ 2174.945542][ T359] ext4_filemap_fault+0x7b/0x90 [ 2174.950370][ T359] handle_mm_fault+0x29ca/0x41e0 [ 2174.955298][ T359] ? finish_fault+0x230/0x230 [ 2174.959964][ T359] ? get_timespec64+0x11f/0x1d0 [ 2174.964800][ T359] ? down_read_trylock+0x17a/0x1d0 [ 2174.969909][ T359] ? vmacache_update+0x9f/0xf0 [ 2174.974661][ T359] do_user_addr_fault+0x48a/0x9f0 [ 2174.979671][ T359] page_fault+0x2f/0x40 [ 2174.983796][ T359] RIP: 0033:0x4105de [ 2174.987661][ T359] Code: 89 c6 48 8b 05 c3 35 89 00 4c 89 f3 44 8b 20 eb 48 0f 1f 00 bf e8 03 00 00 e8 8e c6 04 00 e8 79 2d ff ff 48 8b 15 a2 35 89 00 <8b> 0a 48 89 c2 41 39 cc 48 0f 45 d8 4c 29 f2 48 81 fa 87 13 00 00 [ 2175.007588][ T359] RSP: 002b:00007ffee81ce670 EFLAGS: 00010202 [ 2175.013626][ T359] RAX: 0000000000212ee4 RBX: 0000000000212be5 RCX: 0000000000212c30 [ 2175.021588][ T359] RDX: 0000001b31d20000 RSI: 0000000000000000 RDI: 0000000000000001 [ 2175.029548][ T359] RBP: 000000000000300b R08: 0000000000000001 R09: 00000000023ef940 [ 2175.037503][ T359] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000000e [ 2175.045455][ T359] R13: 00007ffee81ce6a0 R14: 0000000000212bd4 R15: 00007ffee81ce6b0 [ 2175.064925][ T359] Mem-Info: [ 2175.068693][ T359] active_anon:1406135 inactive_anon:9733 isolated_anon:0 [ 2175.068693][ T359] active_file:125 inactive_file:325 isolated_file:0 [ 2175.068693][ T359] unevictable:363 dirty:6 writeback:0 unstable:0 [ 2175.068693][ T359] slab_reclaimable:10631 slab_unreclaimable:78520 [ 2175.068693][ T359] mapped:58041 shmem:9776 pagetables:36084 bounce:0 [ 2175.068693][ T359] free:18460 free_pcp:1428 free_cma:0 [ 2175.117014][ T359] Node 0 active_anon:5624540kB inactive_anon:38932kB active_file:384kB inactive_file:1148kB unevictable:1452kB isolated(anon):0kB isolated(file):0kB mapped:231764kB dirty:24kB writeback:0kB shmem:39104kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2175.142932][ T359] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2175.163347][T26359] netlink: 264 bytes leftover after parsing attributes in process `syz-executor.1'. 21:33:03 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:33:03 executing program 4: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, 0x0, 0x0, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x0) 21:33:03 executing program 5: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, 0x0, 0x0, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x0) [ 2175.187984][ T359] lowmem_reserve[]: 0 2912 6416 6416 [ 2175.223956][ T359] DMA32 free:33744kB min:4644kB low:7624kB high:10604kB active_anon:2823912kB inactive_anon:5456kB active_file:112kB inactive_file:0kB unevictable:0kB writepending:4kB present:3129332kB managed:2983768kB mlocked:0kB kernel_stack:14720kB pagetables:18412kB bounce:0kB free_pcp:2668kB local_pcp:1380kB free_cma:0kB 21:33:03 executing program 3: prlimit64(0x0, 0xe, 0x0, 0x0) getpid() r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r3, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:33:03 executing program 2: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x0, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) [ 2175.278607][ T359] lowmem_reserve[]: 0 0 3504 3504 [ 2175.284661][ T359] Normal free:14184kB min:9688kB low:13276kB high:16864kB active_anon:2804300kB inactive_anon:33476kB active_file:896kB inactive_file:9868kB unevictable:1452kB writepending:184kB present:4718592kB managed:3588928kB mlocked:1452kB kernel_stack:29056kB pagetables:125836kB bounce:0kB free_pcp:248kB local_pcp:112kB free_cma:0kB [ 2175.316670][ T359] lowmem_reserve[]: 0 0 0 0 [ 2175.321458][ T359] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2175.335569][ T359] DMA32: 463*4kB (UM) 342*8kB (UME) 236*16kB (UMEH) 109*32kB (UMEH) 67*64kB (ME) 46*128kB (ME) 3*256kB (ME) 5*512kB (M) 2*1024kB (M) 3*2048kB (UME) 0*4096kB = 33548kB [ 2175.352867][ T359] Normal: 261*4kB (MEH) 52*8kB (MEH) 145*16kB (MEH) 216*32kB (MEH) 33*64kB (MH) 4*128kB (M) 0*256kB 0*512kB 1*1024kB (H) 0*2048kB 0*4096kB = 14340kB [ 2175.369009][ T359] 12823 total pagecache pages [ 2175.373742][ T359] 0 pages in swap cache [ 2175.379264][ T359] Swap cache stats: add 0, delete 0, find 0/0 [ 2175.385459][ T359] Free swap = 0kB [ 2175.514410][ T359] Total swap = 0kB [ 2175.530779][ T359] 1965979 pages RAM [ 2175.535535][ T359] 0 pages HighMem/MovableOnly [ 2175.557589][ T359] 318829 pages reserved [ 2175.565904][ T359] 0 pages cma reserved [ 2175.573732][ T359] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.3,pid=20217,uid=0 [ 2175.589618][ T359] Out of memory: Killed process 20217 (syz-executor.3) total-vm:75240kB, anon-rss:16568kB, file-rss:35776kB, shmem-rss:0kB, UID:0 pgtables:160kB oom_score_adj:1000 21:33:03 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:33:03 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/netlink\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x3000000, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) [ 2175.616536][ T23] oom_reaper: reaped process 20217 (syz-executor.3), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 21:33:03 executing program 2: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) [ 2175.909059][T26406] syz-executor.3 invoked oom-killer: gfp_mask=0x500cc2(GFP_HIGHUSER|__GFP_ACCOUNT), order=0, oom_score_adj=1000 [ 2175.931975][T26406] CPU: 0 PID: 26406 Comm: syz-executor.3 Not tainted 5.4.56-syzkaller-00005-g8555f0d9d303 #0 [ 2175.942227][T26406] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2175.952286][T26406] Call Trace: [ 2175.955555][T26406] dump_stack+0x14a/0x1ce [ 2175.959861][T26406] ? devkmsg_release+0x11c/0x11c [ 2175.964783][T26406] ? show_regs_print_info+0x12/0x12 [ 2175.969967][T26406] ? radix_tree_cpu_dead+0x160/0x160 [ 2175.975254][T26406] ? _raw_spin_lock+0xa1/0x170 [ 2175.980024][T26406] ? _raw_spin_trylock_bh+0x190/0x190 [ 2175.985401][T26406] dump_header+0xdb/0x700 [ 2175.989731][T26406] oom_kill_process+0xd3/0x280 [ 2175.994517][T26406] out_of_memory+0x5b6/0x890 [ 2175.999097][T26406] ? unregister_oom_notifier+0x20/0x20 [ 2176.004552][T26406] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2176.010098][T26406] ? get_page_from_freelist+0x7c0/0x7c0 [ 2176.015647][T26406] ? __zone_watermark_ok+0x91/0x280 [ 2176.020850][T26406] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2176.026228][T26406] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2176.031804][T26406] ? copy_page_from_iter+0x3f3/0x660 [ 2176.037093][T26406] pipe_write+0x4da/0xe40 [ 2176.041430][T26406] __vfs_write+0x59d/0x720 [ 2176.045847][T26406] ? __kernel_write+0x340/0x340 [ 2176.050730][T26406] ? security_file_permission+0x128/0x300 [ 2176.056449][T26406] vfs_write+0x217/0x4f0 [ 2176.060702][T26406] ksys_write+0x18c/0x2c0 [ 2176.065054][T26406] ? __ia32_sys_read+0x80/0x80 [ 2176.069813][T26406] do_syscall_64+0xcb/0x150 [ 2176.074321][T26406] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2176.080203][T26406] RIP: 0033:0x45ccd9 [ 2176.084122][T26406] Code: 2d b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb b5 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2176.104679][T26406] RSP: 002b:00007fbf5aa12c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2176.113097][T26406] RAX: ffffffffffffffda RBX: 00000000000358c0 RCX: 000000000045ccd9 [ 2176.121070][T26406] RDX: 0000000041395527 RSI: 0000000020000340 RDI: 0000000000000005 [ 2176.129313][T26406] RBP: 000000000078bfe0 R08: 0000000000000000 R09: 0000000000000000 [ 2176.137279][T26406] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bfac [ 2176.145291][T26406] R13: 00007ffd7c7965df R14: 00007fbf5aa139c0 R15: 000000000078bfac [ 2176.160233][T26406] Mem-Info: [ 2176.164121][T26406] active_anon:1414928 inactive_anon:9707 isolated_anon:0 [ 2176.164121][T26406] active_file:37 inactive_file:272 isolated_file:0 [ 2176.164121][T26406] unevictable:363 dirty:15 writeback:6 unstable:0 [ 2176.164121][T26406] slab_reclaimable:10633 slab_unreclaimable:78945 [ 2176.164121][T26406] mapped:57975 shmem:9776 pagetables:36078 bounce:0 [ 2176.164121][T26406] free:10387 free_pcp:483 free_cma:0 [ 2176.205326][T26406] Node 0 active_anon:5659712kB inactive_anon:38828kB active_file:244kB inactive_file:780kB unevictable:1452kB isolated(anon):0kB isolated(file):0kB mapped:231800kB dirty:60kB writeback:24kB shmem:39104kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2176.230938][T26406] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2176.257434][T26406] lowmem_reserve[]: 0 2912 6416 6416 [ 2176.263199][T26406] DMA32 free:18720kB min:4644kB low:7624kB high:10604kB active_anon:2838112kB inactive_anon:5352kB active_file:428kB inactive_file:1472kB unevictable:0kB writepending:16kB present:3129332kB managed:2983768kB mlocked:0kB kernel_stack:14592kB pagetables:18584kB bounce:0kB free_pcp:404kB local_pcp:0kB free_cma:0kB [ 2176.293164][T26406] lowmem_reserve[]: 0 0 3504 3504 [ 2176.329096][T26406] Normal free:9244kB min:5592kB low:9180kB high:12768kB active_anon:2812768kB inactive_anon:33476kB active_file:492kB inactive_file:5280kB unevictable:1452kB writepending:316kB present:4718592kB managed:3588928kB mlocked:1452kB kernel_stack:29120kB pagetables:125728kB bounce:0kB free_pcp:888kB local_pcp:256kB free_cma:0kB [ 2176.363300][T26406] lowmem_reserve[]: 0 0 0 0 21:33:04 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/netlink\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x1000000, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) 21:33:04 executing program 4: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, 0x0, 0x0, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x0) 21:33:04 executing program 2: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:33:04 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/netlink\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x3000000, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) 21:33:04 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) [ 2176.368523][T26406] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2176.383285][T26406] DMA32: 923*4kB (UME) 400*8kB (UM) 240*16kB (UME) 67*32kB (UMEH) 25*64kB (MEH) 41*128kB (ME) 4*256kB (ME) 7*512kB (M) 2*1024kB (M) 3*2048kB (MEH) 0*4096kB = 32524kB [ 2176.402909][T26406] Normal: 1031*4kB (ME) 85*8kB (ME) 31*16kB (ME) 158*32kB (UME) 32*64kB (UM) 3*128kB (M) 0*256kB 0*512kB 1*1024kB (U) 0*2048kB 0*4096kB = 13812kB [ 2176.429942][T26406] 12484 total pagecache pages [ 2176.436035][T26406] 0 pages in swap cache [ 2176.441258][T26406] Swap cache stats: add 0, delete 0, find 0/0 [ 2176.447623][T26406] Free swap = 0kB [ 2176.451891][T26406] Total swap = 0kB [ 2176.456155][T26406] 1965979 pages RAM [ 2176.460380][T26406] 0 pages HighMem/MovableOnly [ 2176.465558][T26406] 318829 pages reserved [ 2176.469786][T26406] 0 pages cma reserved 21:33:04 executing program 3: prlimit64(0x0, 0xe, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r3, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) [ 2176.473836][T26406] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.4,pid=26379,uid=0 21:33:04 executing program 2: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:33:04 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:33:04 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/netlink\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x1000000, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) 21:33:04 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/netlink\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x3000000, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) 21:33:04 executing program 3: prlimit64(0x0, 0xe, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r3, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) [ 2176.958661][T26483] syz-executor.3 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 2177.037923][T26483] CPU: 0 PID: 26483 Comm: syz-executor.3 Not tainted 5.4.56-syzkaller-00005-g8555f0d9d303 #0 [ 2177.048116][T26483] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2177.058166][T26483] Call Trace: [ 2177.061487][T26483] dump_stack+0x14a/0x1ce [ 2177.065810][T26483] ? devkmsg_release+0x11c/0x11c [ 2177.070737][T26483] ? show_regs_print_info+0x12/0x12 [ 2177.075966][T26483] ? radix_tree_cpu_dead+0x160/0x160 [ 2177.081240][T26483] ? _raw_spin_lock+0xa1/0x170 [ 2177.086001][T26483] ? _raw_spin_trylock_bh+0x190/0x190 [ 2177.092084][T26483] dump_header+0xdb/0x700 [ 2177.096434][T26483] oom_kill_process+0xd3/0x280 [ 2177.101182][T26483] out_of_memory+0x5b6/0x890 [ 2177.105786][T26483] ? unregister_oom_notifier+0x20/0x20 [ 2177.111245][T26483] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2177.116798][T26483] ? get_page_from_freelist+0x7c0/0x7c0 [ 2177.122447][T26483] ? __zone_watermark_ok+0x91/0x280 [ 2177.127636][T26483] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2177.142542][T26483] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2177.148068][T26483] ? copy_process+0x5a4/0x5110 [ 2177.152823][T26483] ? copy_process+0x5a4/0x5110 [ 2177.157576][T26483] ? kmem_cache_alloc+0x1d5/0x260 [ 2177.162594][T26483] copy_process+0x5f3/0x5110 [ 2177.167172][T26483] ? mem_cgroup_commit_charge+0x1cc/0x2a0 [ 2177.172891][T26483] ? _raw_spin_lock+0xa1/0x170 [ 2177.178374][T26483] ? mem_cgroup_try_charge_delay+0x10/0x10 [ 2177.184190][T26483] ? __lru_cache_add+0x1a1/0x1f0 [ 2177.189117][T26483] ? fork_idle+0x290/0x290 [ 2177.193512][T26483] _do_fork+0x196/0x920 [ 2177.197654][T26483] ? finish_fault+0x230/0x230 [ 2177.202314][T26483] ? up_write+0xa1/0x190 [ 2177.206539][T26483] ? dup_mm+0x300/0x300 [ 2177.210665][T26483] __x64_sys_clone+0x25e/0x2c0 [ 2177.215420][T26483] ? __ia32_sys_vfork+0x110/0x110 [ 2177.220430][T26483] ? __fpregs_load_activate+0x2d3/0x390 [ 2177.225972][T26483] ? do_user_addr_fault+0x55c/0x9f0 [ 2177.231177][T26483] do_syscall_64+0xcb/0x150 [ 2177.235682][T26483] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2177.241578][T26483] RIP: 0033:0x45f6a9 [ 2177.245455][T26483] Code: ff 48 85 f6 0f 84 57 8c fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c 2e 8c fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 2177.265040][T26483] RSP: 002b:00007ffd7c796528 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 2177.274594][T26483] RAX: ffffffffffffffda RBX: 00007fbf5aa13700 RCX: 000000000045f6a9 [ 2177.282568][T26483] RDX: 00007fbf5aa139d0 RSI: 00007fbf5aa12db0 RDI: 00000000003d0f00 [ 2177.290514][T26483] RBP: 00007ffd7c796750 R08: 00007fbf5aa13700 R09: 00007fbf5aa13700 [ 2177.298461][T26483] R10: 00007fbf5aa139d0 R11: 0000000000000202 R12: 0000000000000000 [ 2177.306410][T26483] R13: 00007ffd7c7965df R14: 00007fbf5aa139c0 R15: 000000000078bfac [ 2177.341957][T26483] Mem-Info: [ 2177.349596][T26483] active_anon:1415316 inactive_anon:9707 isolated_anon:0 [ 2177.349596][T26483] active_file:126 inactive_file:187 isolated_file:0 [ 2177.349596][T26483] unevictable:363 dirty:0 writeback:0 unstable:0 [ 2177.349596][T26483] slab_reclaimable:10609 slab_unreclaimable:79077 [ 2177.349596][T26483] mapped:58015 shmem:9776 pagetables:36183 bounce:0 [ 2177.349596][T26483] free:10177 free_pcp:120 free_cma:0 [ 2177.389800][T26483] Node 0 active_anon:5661264kB inactive_anon:38828kB active_file:100kB inactive_file:116kB unevictable:1452kB isolated(anon):0kB isolated(file):0kB mapped:231460kB dirty:0kB writeback:0kB shmem:39104kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2177.414588][T26483] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2177.449784][T26483] lowmem_reserve[]: 0 2912 6416 6416 [ 2177.455165][T26483] DMA32 free:18364kB min:4644kB low:7624kB high:10604kB active_anon:2840060kB inactive_anon:5352kB active_file:0kB inactive_file:268kB unevictable:0kB writepending:0kB present:3129332kB managed:2983768kB mlocked:0kB kernel_stack:14752kB pagetables:18564kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2177.485230][T26483] lowmem_reserve[]: 0 0 3504 3504 [ 2177.490285][T26483] Normal free:5472kB min:5592kB low:9180kB high:12768kB active_anon:2821132kB inactive_anon:33476kB active_file:180kB inactive_file:188kB unevictable:1452kB writepending:0kB present:4718592kB managed:3588928kB mlocked:1452kB kernel_stack:29216kB pagetables:126168kB bounce:0kB free_pcp:1360kB local_pcp:0kB free_cma:0kB [ 2177.520492][T26483] lowmem_reserve[]: 0 0 0 0 [ 2177.525034][T26483] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2177.540926][T26483] DMA32: 26*4kB (UM) 26*8kB (UM) 54*16kB (UM) 17*32kB (UMH) 9*64kB (UMH) 29*128kB (UM) 3*256kB (UM) 7*512kB (M) 2*1024kB (M) 3*2048kB (UMH) 0*4096kB = 18552kB [ 2177.562835][T26483] Normal: 100*4kB (UME) 26*8kB (UME) 8*16kB (UME) 68*32kB (UME) 31*64kB (UM) 1*128kB (M) 0*256kB 1*512kB (U) 0*1024kB 0*2048kB 0*4096kB = 5536kB [ 2177.577680][T26483] 10107 total pagecache pages [ 2177.582346][T26483] 0 pages in swap cache [ 2177.586516][T26483] Swap cache stats: add 0, delete 0, find 0/0 [ 2177.592562][T26483] Free swap = 0kB [ 2177.596302][T26483] Total swap = 0kB [ 2177.600008][T26483] 1965979 pages RAM [ 2177.603815][T26483] 0 pages HighMem/MovableOnly [ 2177.608487][T26483] 318829 pages reserved [ 2177.612616][T26483] 0 pages cma reserved [ 2177.616674][T26483] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.4,pid=26434,uid=0 [ 2177.631990][T26483] syz-executor.3 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 2177.644081][T26483] CPU: 0 PID: 26483 Comm: syz-executor.3 Not tainted 5.4.56-syzkaller-00005-g8555f0d9d303 #0 [ 2177.654246][T26483] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2177.664287][T26483] Call Trace: [ 2177.667579][T26483] dump_stack+0x14a/0x1ce [ 2177.671891][T26483] ? devkmsg_release+0x11c/0x11c [ 2177.676805][T26483] ? show_regs_print_info+0x12/0x12 [ 2177.681982][T26483] ? radix_tree_cpu_dead+0x160/0x160 [ 2177.687264][T26483] ? _raw_spin_lock+0xa1/0x170 [ 2177.692010][T26483] ? _raw_spin_trylock_bh+0x190/0x190 [ 2177.697361][T26483] dump_header+0xdb/0x700 [ 2177.701684][T26483] oom_kill_process+0xd3/0x280 [ 2177.706433][T26483] out_of_memory+0x5b6/0x890 [ 2177.711051][T26483] ? unregister_oom_notifier+0x20/0x20 [ 2177.716505][T26483] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2177.722049][T26483] ? get_page_from_freelist+0x7c0/0x7c0 [ 2177.727586][T26483] ? __zone_watermark_ok+0x91/0x280 [ 2177.732782][T26483] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2177.738153][T26483] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2177.743674][T26483] ? copy_process+0x5a4/0x5110 [ 2177.748457][T26483] ? copy_process+0x5a4/0x5110 [ 2177.753196][T26483] ? kmem_cache_alloc+0x1d5/0x260 [ 2177.758191][T26483] copy_process+0x5f3/0x5110 [ 2177.762766][T26483] ? mem_cgroup_commit_charge+0x1cc/0x2a0 [ 2177.768460][T26483] ? _raw_spin_lock+0xa1/0x170 [ 2177.773196][T26483] ? mem_cgroup_try_charge_delay+0x10/0x10 [ 2177.778977][T26483] ? __lru_cache_add+0x1a1/0x1f0 [ 2177.783884][T26483] ? fork_idle+0x290/0x290 [ 2177.788297][T26483] _do_fork+0x196/0x920 [ 2177.792441][T26483] ? finish_fault+0x230/0x230 [ 2177.797121][T26483] ? up_write+0xa1/0x190 [ 2177.801362][T26483] ? dup_mm+0x300/0x300 [ 2177.805518][T26483] __x64_sys_clone+0x25e/0x2c0 [ 2177.810279][T26483] ? __ia32_sys_vfork+0x110/0x110 [ 2177.816153][T26483] ? __fpregs_load_activate+0x2d3/0x390 [ 2177.821694][T26483] ? do_user_addr_fault+0x55c/0x9f0 [ 2177.826892][T26483] do_syscall_64+0xcb/0x150 [ 2177.831502][T26483] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2177.837412][T26483] RIP: 0033:0x45f6a9 [ 2177.841823][T26483] Code: ff 48 85 f6 0f 84 57 8c fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c 2e 8c fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 2177.861404][T26483] RSP: 002b:00007ffd7c796528 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 2177.869806][T26483] RAX: ffffffffffffffda RBX: 00007fbf5aa13700 RCX: 000000000045f6a9 [ 2177.877758][T26483] RDX: 00007fbf5aa139d0 RSI: 00007fbf5aa12db0 RDI: 00000000003d0f00 [ 2177.885724][T26483] RBP: 00007ffd7c796750 R08: 00007fbf5aa13700 R09: 00007fbf5aa13700 [ 2177.894232][T26483] R10: 00007fbf5aa139d0 R11: 0000000000000202 R12: 0000000000000000 [ 2177.902185][T26483] R13: 00007ffd7c7965df R14: 00007fbf5aa139c0 R15: 000000000078bfac [ 2177.910377][T26483] Mem-Info: [ 2177.913489][T26483] active_anon:1415788 inactive_anon:9707 isolated_anon:0 [ 2177.913489][T26483] active_file:17 inactive_file:18 isolated_file:0 [ 2177.913489][T26483] unevictable:363 dirty:0 writeback:0 unstable:0 [ 2177.913489][T26483] slab_reclaimable:10607 slab_unreclaimable:79157 [ 2177.913489][T26483] mapped:57850 shmem:9776 pagetables:36186 bounce:0 [ 2177.913489][T26483] free:9981 free_pcp:0 free_cma:0 [ 2177.957463][T26483] Node 0 active_anon:5663152kB inactive_anon:38828kB active_file:68kB inactive_file:72kB unevictable:1452kB isolated(anon):0kB isolated(file):0kB mapped:231400kB dirty:0kB writeback:0kB shmem:39104kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 2177.982585][T26483] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2178.008643][T26483] lowmem_reserve[]: 0 2912 6416 6416 [ 2178.013946][T26483] DMA32 free:18552kB min:4644kB low:7624kB high:10604kB active_anon:2840168kB inactive_anon:5352kB active_file:48kB inactive_file:12kB unevictable:0kB writepending:0kB present:3129332kB managed:2983768kB mlocked:0kB kernel_stack:14624kB pagetables:18840kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2178.042711][T26483] lowmem_reserve[]: 0 0 3504 3504 [ 2178.047763][T26483] Normal free:5468kB min:5592kB low:9180kB high:12768kB active_anon:2822988kB inactive_anon:33476kB active_file:20kB inactive_file:60kB unevictable:1452kB writepending:0kB present:4718592kB managed:3588928kB mlocked:1452kB kernel_stack:29152kB pagetables:125904kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2178.078395][T26483] lowmem_reserve[]: 0 0 0 0 [ 2178.082876][T26483] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2178.096156][T26483] DMA32: 26*4kB (UM) 26*8kB (UM) 54*16kB (UM) 17*32kB (UMH) 9*64kB (UMH) 29*128kB (UM) 3*256kB (UM) 7*512kB (M) 2*1024kB (M) 3*2048kB (UMH) 0*4096kB = 18552kB [ 2178.112048][T26483] Normal: 91*4kB (UE) 26*8kB (UME) 6*16kB (UE) 68*32kB (UME) 31*64kB (UM) 1*128kB (M) 0*256kB 1*512kB (U) 0*1024kB 0*2048kB 0*4096kB = 5468kB [ 2178.126477][T26483] 10107 total pagecache pages [ 2178.131149][T26483] 0 pages in swap cache [ 2178.142772][T26483] Swap cache stats: add 0, delete 0, find 0/0 [ 2178.148818][T26483] Free swap = 0kB [ 2178.152506][T26483] Total swap = 0kB [ 2178.156221][T26483] 1965979 pages RAM [ 2178.160001][T26483] 0 pages HighMem/MovableOnly [ 2178.164713][T26483] 318829 pages reserved [ 2178.168847][T26483] 0 pages cma reserved [ 2178.172880][T26483] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.3,pid=15980,uid=0 [ 2178.186976][T26483] Out of memory: Killed process 15980 (syz-executor.3) total-vm:75240kB, anon-rss:16568kB, file-rss:35776kB, shmem-rss:0kB, UID:0 pgtables:160kB oom_score_adj:1000 [ 2178.211961][ T23] oom_reaper: reaped process 15980 (syz-executor.3), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 2178.279359][T26477] syz-executor.2 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 2178.311078][T26477] CPU: 0 PID: 26477 Comm: syz-executor.2 Not tainted 5.4.56-syzkaller-00005-g8555f0d9d303 #0 [ 2178.321275][T26477] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2178.331335][T26477] Call Trace: [ 2178.334629][T26477] dump_stack+0x14a/0x1ce [ 2178.338966][T26477] ? devkmsg_release+0x11c/0x11c [ 2178.343910][T26477] ? show_regs_print_info+0x12/0x12 [ 2178.349110][T26477] ? radix_tree_cpu_dead+0x160/0x160 [ 2178.354408][T26477] ? _raw_spin_lock+0xa1/0x170 [ 2178.359172][T26477] ? _raw_spin_trylock_bh+0x190/0x190 [ 2178.364553][T26477] dump_header+0xdb/0x700 [ 2178.368886][T26477] oom_kill_process+0xd3/0x280 [ 2178.373663][T26477] out_of_memory+0x5b6/0x890 [ 2178.378336][T26477] ? unregister_oom_notifier+0x20/0x20 [ 2178.384336][T26477] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2178.389895][T26477] ? get_page_from_freelist+0x7c0/0x7c0 [ 2178.395464][T26477] ? __zone_watermark_ok+0x91/0x280 [ 2178.400680][T26477] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2178.406075][T26477] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2178.411662][T26477] ? copy_process+0x5a4/0x5110 [ 2178.416469][T26477] ? copy_process+0x5a4/0x5110 [ 2178.421244][T26477] ? kmem_cache_alloc+0x1d5/0x260 [ 2178.426285][T26477] copy_process+0x5f3/0x5110 [ 2178.430885][T26477] ? mem_cgroup_commit_charge+0x1cc/0x2a0 [ 2178.436618][T26477] ? _raw_spin_lock+0xa1/0x170 [ 2178.441388][T26477] ? mem_cgroup_try_charge_delay+0x10/0x10 [ 2178.447207][T26477] ? __lru_cache_add+0x1a1/0x1f0 [ 2178.452153][T26477] ? fork_idle+0x290/0x290 [ 2178.456579][T26477] _do_fork+0x196/0x920 [ 2178.460746][T26477] ? finish_fault+0x230/0x230 [ 2178.465424][T26477] ? dup_mm+0x300/0x300 [ 2178.469584][T26477] __x64_sys_clone+0x25e/0x2c0 [ 2178.474352][T26477] ? __ia32_sys_vfork+0x110/0x110 [ 2178.479375][T26477] ? do_user_addr_fault+0x55c/0x9f0 [ 2178.484571][T26477] do_syscall_64+0xcb/0x150 [ 2178.489083][T26477] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2178.494973][T26477] RIP: 0033:0x45f6a9 [ 2178.498864][T26477] Code: ff 48 85 f6 0f 84 57 8c fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c 2e 8c fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 2178.518466][T26477] RSP: 002b:00007ffdfaf6b118 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 2178.527016][T26477] RAX: ffffffffffffffda RBX: 00007fddb5d88700 RCX: 000000000045f6a9 [ 2178.534982][T26477] RDX: 00007fddb5d889d0 RSI: 00007fddb5d87db0 RDI: 00000000003d0f00 [ 2178.543901][T26477] RBP: 00007ffdfaf6b340 R08: 00007fddb5d88700 R09: 00007fddb5d88700 [ 2178.551859][T26477] R10: 00007fddb5d889d0 R11: 0000000000000202 R12: 0000000000000000 [ 2178.559815][T26477] R13: 00007ffdfaf6b1cf R14: 00007fddb5d889c0 R15: 000000000078c04c [ 2178.569413][T26477] Mem-Info: [ 2178.573673][T26477] active_anon:1412912 inactive_anon:9707 isolated_anon:0 [ 2178.573673][T26477] active_file:40 inactive_file:0 isolated_file:0 [ 2178.573673][T26477] unevictable:363 dirty:0 writeback:0 unstable:0 [ 2178.573673][T26477] slab_reclaimable:10600 slab_unreclaimable:79156 [ 2178.573673][T26477] mapped:57849 shmem:9776 pagetables:36237 bounce:0 [ 2178.573673][T26477] free:11688 free_pcp:1090 free_cma:0 21:33:06 executing program 4: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0x0, 0x0) 21:33:06 executing program 0: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) fsetxattr$security_capability(0xffffffffffffffff, &(0x7f00000002c0)='security.capability\x00', &(0x7f0000000340)=@v1={0x1000000, [{0x0, 0x7}]}, 0xc, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0), 0x0, 0x40010120, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f0000000240)='status\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x11) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) execveat(r5, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000300)=[&(0x7f00000001c0)='\x00', &(0x7f0000000200)='status\x00'], &(0x7f0000000340), 0x1000) openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) [ 2178.614255][T26477] Node 0 active_anon:5647048kB inactive_anon:38828kB active_file:60kB inactive_file:12kB unevictable:1452kB isolated(anon):0kB isolated(file):0kB mapped:231396kB dirty:0kB writeback:0kB shmem:39104kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no 21:33:06 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/netlink\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x1000000, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) 21:33:06 executing program 1: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f0000000240)='status\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x11) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='cgroup.events\x00', 0x275a, 0x0) ioctl$sock_inet6_tcp_SIOCINQ(r3, 0x541b, &(0x7f0000000140)) execveat(r5, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000300)=[&(0x7f00000001c0)='\x00', &(0x7f0000000200)='status\x00'], &(0x7f0000000340), 0x1000) openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) [ 2178.665368][T26477] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2178.691868][T26477] lowmem_reserve[]: 0 2912 6416 6416 [ 2178.698698][T26477] DMA32 free:20116kB min:4644kB low:7624kB high:10604kB active_anon:2839224kB inactive_anon:5352kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2983768kB mlocked:0kB kernel_stack:14400kB pagetables:18664kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2178.730669][T26477] lowmem_reserve[]: 0 0 3504 3504 [ 2178.788446][T26477] Normal free:16380kB min:24744kB low:28332kB high:31920kB active_anon:2805752kB inactive_anon:33476kB active_file:1504kB inactive_file:700kB unevictable:1452kB writepending:0kB present:4718592kB managed:3588928kB mlocked:1452kB kernel_stack:29440kB pagetables:125932kB bounce:0kB free_pcp:88kB local_pcp:76kB free_cma:0kB [ 2178.820285][T26477] lowmem_reserve[]: 0 0 0 0 [ 2178.824906][T26477] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2178.847866][T26477] DMA32: 79*4kB (UM) 27*8kB (UM) 70*16kB (UM) 36*32kB (UM) 8*64kB (UH) 18*128kB (UM) 3*256kB (UM) 7*512kB (M) 2*1024kB (M) 3*2048kB (UMH) 0*4096kB = 18164kB [ 2178.864121][T26477] Normal: 1021*4kB (UME) 419*8kB (UME) 273*16kB (UME) 223*32kB (UME) 16*64kB (UM) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 19964kB [ 2178.878788][T26477] 10151 total pagecache pages [ 2178.883501][T26477] 0 pages in swap cache [ 2178.887695][T26477] Swap cache stats: add 0, delete 0, find 0/0 [ 2178.893774][T26477] Free swap = 0kB [ 2178.897890][T26477] Total swap = 0kB [ 2178.901657][T26477] 1965979 pages RAM [ 2178.912138][T26477] 0 pages HighMem/MovableOnly [ 2178.990011][T26477] 318829 pages reserved [ 2178.996567][T26477] 0 pages cma reserved [ 2179.000920][T26477] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.5,pid=20047,uid=0 [ 2179.015953][T26477] Out of memory: Killed process 20047 (syz-executor.5) total-vm:75240kB, anon-rss:16564kB, file-rss:35776kB, shmem-rss:0kB, UID:0 pgtables:160kB oom_score_adj:1000 21:33:07 executing program 3: prlimit64(0x0, 0xe, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r3, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:33:07 executing program 0: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) r4 = syz_open_procfs(0x0, &(0x7f0000000000)='pagemap\x00') read$char_usb(r4, 0x0, 0x7ffff000) ioctl$KDSETLED(r4, 0x4b32, 0x4) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/netlink\x00') preadv(r5, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) r6 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) setsockopt$SO_BINDTODEVICE_wg(r6, 0x1, 0x19, &(0x7f00000000c0)='wg0\x00', 0x4) 21:33:07 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r2 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/netlink\x00') preadv(r2, &(0x7f00000017c0), 0x375, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) read$char_usb(0xffffffffffffffff, 0x0, 0x7ffff000) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0xfffffffffffffdc1, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x4000850}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@newlink={0x60, 0x10, 0x401, 0x400000, 0x0, {0x0, 0x0, 0x0, 0x0, 0x42df58543c8380db}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @ipip6={{0xb, 0x1, 'ip6tnl\x00'}, {0x20, 0x2, 0x0, 0x1, [@IFLA_IPTUN_ENCAP_FLAGS={0x6}, @IFLA_IPTUN_LOCAL={0x14, 0x3, @dev}]}}}, @IFLA_MTU={0x8, 0x4, 0x10001}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x60}}, 0x0) ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={@local, 0x17, r5}) openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:33:07 executing program 2: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x0, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:33:07 executing program 0: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r3, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:33:07 executing program 3: r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:33:07 executing program 4: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0x0, 0x0) 21:33:07 executing program 5: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r3, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) [ 2179.768547][T26551] syz-executor.3 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 2179.786273][T26551] CPU: 1 PID: 26551 Comm: syz-executor.3 Not tainted 5.4.56-syzkaller-00005-g8555f0d9d303 #0 [ 2179.796425][T26551] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2179.806495][T26551] Call Trace: [ 2179.809786][T26551] dump_stack+0x14a/0x1ce [ 2179.814362][T26551] ? devkmsg_release+0x11c/0x11c [ 2179.819293][T26551] ? show_regs_print_info+0x12/0x12 [ 2179.824487][T26551] ? radix_tree_cpu_dead+0x160/0x160 [ 2179.829786][T26551] ? _raw_spin_lock+0xa1/0x170 [ 2179.834574][T26551] ? _raw_spin_trylock_bh+0x190/0x190 [ 2179.839952][T26551] dump_header+0xdb/0x700 [ 2179.844279][T26551] oom_kill_process+0xd3/0x280 [ 2179.849186][T26551] out_of_memory+0x5b6/0x890 [ 2179.853767][T26551] ? unregister_oom_notifier+0x20/0x20 [ 2179.859226][T26551] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2179.864781][T26551] ? get_page_from_freelist+0x7c0/0x7c0 [ 2179.870673][T26551] ? __zone_watermark_ok+0x91/0x280 [ 2179.875879][T26551] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2179.881274][T26551] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2179.886829][T26551] ? vma_link+0x17a/0x290 [ 2179.891149][T26551] pte_alloc_one+0x1b/0xb0 [ 2179.895558][T26551] __pte_alloc+0x1d/0x1d0 [ 2179.900401][T26551] handle_mm_fault+0x38ce/0x41e0 [ 2179.905326][T26551] ? find_vma+0x150/0x150 [ 2179.909637][T26551] ? finish_fault+0x230/0x230 [ 2179.914297][T26551] ? up_write+0xa1/0x190 [ 2179.918616][T26551] ? down_read_trylock+0x17a/0x1d0 [ 2179.923724][T26551] ? vmacache_update+0x9f/0xf0 [ 2179.928484][T26551] do_user_addr_fault+0x48a/0x9f0 [ 2179.935669][T26551] page_fault+0x2f/0x40 [ 2179.939805][T26551] RIP: 0033:0x4142bf [ 2179.943686][T26551] Code: 0f 84 c8 02 00 00 48 83 bd 78 ff ff ff 00 0f 84 f9 04 00 00 48 8b 95 68 ff ff ff 44 89 95 38 ff ff ff 4c 8d ac 10 00 f7 ff ff <49> 89 85 90 06 00 00 49 8d 85 10 03 00 00 49 89 95 98 06 00 00 41 [ 2179.963972][T26551] RSP: 002b:00007ffd7c796570 EFLAGS: 00010206 [ 2179.970030][T26551] RAX: 00007fbf5a9d2000 RBX: 0000000000020000 RCX: 000000000045cd2a [ 2179.978013][T26551] RDX: 0000000000021000 RSI: 0000000000021000 RDI: 0000000000000000 [ 2179.994578][T26551] RBP: 00007ffd7c796650 R08: ffffffffffffffff R09: 0000000000000000 [ 2180.002547][T26551] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd7c796750 [ 2180.010529][T26551] R13: 00007fbf5a9f2700 R14: 0000000000000d5e R15: 000000000078c04c [ 2180.036625][T26551] Mem-Info: [ 2180.043904][T26551] active_anon:1411833 inactive_anon:9707 isolated_anon:0 [ 2180.043904][T26551] active_file:165 inactive_file:644 isolated_file:26 [ 2180.043904][T26551] unevictable:363 dirty:15 writeback:0 unstable:0 [ 2180.043904][T26551] slab_reclaimable:10513 slab_unreclaimable:79719 [ 2180.043904][T26551] mapped:58262 shmem:9776 pagetables:36198 bounce:0 [ 2180.043904][T26551] free:12202 free_pcp:395 free_cma:0 [ 2180.082892][T26551] Node 0 active_anon:5647332kB inactive_anon:38828kB active_file:292kB inactive_file:560kB unevictable:1452kB isolated(anon):0kB isolated(file):4kB mapped:231548kB dirty:60kB writeback:0kB shmem:39104kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2180.134427][T26551] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2180.161708][T26551] lowmem_reserve[]: 0 2912 6416 6416 [ 2180.167697][T26551] DMA32 free:17896kB min:4644kB low:7624kB high:10604kB active_anon:2839356kB inactive_anon:5352kB active_file:144kB inactive_file:108kB unevictable:0kB writepending:68kB present:3129332kB managed:2983768kB mlocked:0kB kernel_stack:14816kB pagetables:18496kB bounce:0kB free_pcp:1264kB local_pcp:832kB free_cma:0kB [ 2180.198698][T26551] lowmem_reserve[]: 0 0 3504 3504 [ 2180.203800][T26551] Normal free:14848kB min:9688kB low:13276kB high:16864kB active_anon:2808572kB inactive_anon:33476kB active_file:188kB inactive_file:1052kB unevictable:1452kB writepending:192kB present:4718592kB managed:3588928kB mlocked:1452kB kernel_stack:29184kB pagetables:126296kB bounce:0kB free_pcp:1552kB local_pcp:1196kB free_cma:0kB [ 2180.235746][T26551] lowmem_reserve[]: 0 0 0 0 [ 2180.240305][T26551] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2180.253761][T26551] DMA32: 59*4kB (UM) 20*8kB (UM) 105*16kB (UM) 24*32kB (UM) 1*64kB (H) 9*128kB (M) 15*256kB (MH) 8*512kB (MH) 4*1024kB (UMH) 1*2048kB (M) 0*4096kB = 18140kB [ 2180.269761][T26551] Normal: 377*4kB (UMEH) 234*8kB (UME) 210*16kB (UME) 225*32kB (UM) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 13940kB [ 2180.327928][T26551] 10377 total pagecache pages [ 2180.335395][T26551] 0 pages in swap cache [ 2180.339655][T26551] Swap cache stats: add 0, delete 0, find 0/0 [ 2180.346751][T26551] Free swap = 0kB [ 2180.351204][T26551] Total swap = 0kB [ 2180.360858][T26551] 1965979 pages RAM [ 2180.371255][T26551] 0 pages HighMem/MovableOnly [ 2180.376017][T26551] 318829 pages reserved [ 2180.380297][T26551] 0 pages cma reserved [ 2180.384637][T26551] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.5,pid=19194,uid=0 [ 2180.399242][T26551] Out of memory: Killed process 19194 (syz-executor.5) total-vm:75240kB, anon-rss:16564kB, file-rss:35776kB, shmem-rss:0kB, UID:0 pgtables:160kB oom_score_adj:1000 [ 2180.421990][ T23] oom_reaper: reaped process 19194 (syz-executor.5), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 21:33:08 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/netlink\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x4000, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) 21:33:08 executing program 1: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f0000000240)='status\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x11) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) ioctl$BLKALIGNOFF(0xffffffffffffffff, 0x127a, &(0x7f0000000140)) execveat(r5, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000300)=[&(0x7f00000001c0)='\x00', &(0x7f0000000200)='status\x00'], &(0x7f0000000340), 0x1000) openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:33:08 executing program 2: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x0, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:33:08 executing program 4: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0x0, 0x0) 21:33:08 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/netlink\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x2500, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) 21:33:08 executing program 1: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f0000000240)='status\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x11) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) ioctl$BLKALIGNOFF(0xffffffffffffffff, 0x127a, &(0x7f0000000140)) execveat(r5, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000300)=[&(0x7f00000001c0)='\x00', &(0x7f0000000200)='status\x00'], &(0x7f0000000340), 0x1000) openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:33:08 executing program 3: r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:33:08 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/netlink\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x4000, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) [ 2181.144351][T26602] syz-executor.5 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000 [ 2181.156371][T26602] CPU: 1 PID: 26602 Comm: syz-executor.5 Not tainted 5.4.56-syzkaller-00005-g8555f0d9d303 #0 [ 2181.166694][T26602] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2181.176742][T26602] Call Trace: [ 2181.180052][T26602] dump_stack+0x14a/0x1ce [ 2181.184389][T26602] ? devkmsg_release+0x11c/0x11c [ 2181.189316][T26602] ? show_regs_print_info+0x12/0x12 [ 2181.194493][T26602] ? radix_tree_cpu_dead+0x160/0x160 [ 2181.200639][T26602] ? _raw_spin_lock+0xa1/0x170 [ 2181.205405][T26602] ? _raw_spin_trylock_bh+0x190/0x190 [ 2181.210763][T26602] dump_header+0xdb/0x700 [ 2181.215090][T26602] oom_kill_process+0xd3/0x280 [ 2181.219867][T26602] out_of_memory+0x5b6/0x890 [ 2181.224445][T26602] ? unregister_oom_notifier+0x20/0x20 [ 2181.229900][T26602] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2181.235464][T26602] ? get_page_from_freelist+0x7c0/0x7c0 [ 2181.241000][T26602] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2181.246364][T26602] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2181.251896][T26602] pagecache_get_page+0x50f/0x880 [ 2181.256903][T26602] filemap_fault+0x14cb/0x1a30 [ 2181.261656][T26602] ? __down_read+0xf1/0x210 [ 2181.266145][T26602] ? generic_file_read_iter+0x20b0/0x20b0 [ 2181.271842][T26602] ? __rcu_read_lock+0x50/0x50 [ 2181.276586][T26602] ext4_filemap_fault+0x7b/0x90 [ 2181.281428][T26602] handle_mm_fault+0x1fcc/0x41e0 [ 2181.286355][T26602] ? _raw_spin_unlock+0x5/0x20 [ 2181.291102][T26602] ? wake_up_new_task+0x9d3/0xb60 [ 2181.296127][T26602] ? put_pid+0x7e/0xe0 [ 2181.300206][T26602] ? finish_fault+0x230/0x230 [ 2181.304880][T26602] ? get_timespec64+0x11f/0x1d0 [ 2181.309723][T26602] ? __down_read+0xf1/0x210 [ 2181.314211][T26602] ? vmacache_find+0x205/0x4b0 [ 2181.320610][T26602] do_user_addr_fault+0x48a/0x9f0 [ 2181.325626][T26602] page_fault+0x2f/0x40 [ 2181.329767][T26602] RIP: 0033:0x4034b7 [ 2181.333653][T26602] Code: 00 00 00 48 83 ec 08 48 8b 15 e5 06 8a 00 48 8b 05 d6 06 8a 00 48 39 d0 48 8d 8a 00 00 00 01 72 17 48 39 c8 73 12 48 8d 50 04 <89> 38 48 89 15 b8 06 8a 00 48 83 c4 08 c3 48 89 c6 bf f0 0d 4d 00 [ 2181.353257][T26602] RSP: 002b:00007ffc5a445ce0 EFLAGS: 00010287 [ 2181.359296][T26602] RAX: 0000001b31721000 RBX: 0000000084b245ee RCX: 0000001b32720000 [ 2181.367243][T26602] RDX: 0000001b31721004 RSI: 0000000000000dbd RDI: ffffffff21ca2dbd [ 2181.375193][T26602] RBP: 0000000000000014 R08: 0000000021ca2dbd R09: 0000000021ca2dc1 [ 2181.383145][T26602] R10: 00007ffc5a445ea0 R11: 0000000000000246 R12: 000000000078c028 [ 2181.391106][T26602] R13: 0000000080000000 R14: 00007f2dcbead008 R15: 0000000000000016 [ 2181.402036][T26602] Mem-Info: [ 2181.405890][T26602] active_anon:1415766 inactive_anon:9707 isolated_anon:0 [ 2181.405890][T26602] active_file:31 inactive_file:24 isolated_file:16 [ 2181.405890][T26602] unevictable:363 dirty:48 writeback:0 unstable:0 [ 2181.405890][T26602] slab_reclaimable:10498 slab_unreclaimable:79444 [ 2181.405890][T26602] mapped:57907 shmem:9776 pagetables:36252 bounce:0 [ 2181.405890][T26602] free:9279 free_pcp:23 free_cma:0 [ 2181.443629][T26602] Node 0 active_anon:5663152kB inactive_anon:38828kB active_file:96kB inactive_file:88kB unevictable:1452kB isolated(anon):0kB isolated(file):64kB mapped:231556kB dirty:136kB writeback:0kB shmem:39104kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2181.468014][T26602] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2181.493979][T26602] lowmem_reserve[]: 0 2912 6416 6416 [ 2181.499402][T26602] DMA32 free:17596kB min:4644kB low:7624kB high:10604kB active_anon:2840244kB inactive_anon:5352kB active_file:80kB inactive_file:212kB unevictable:0kB writepending:8kB present:3129332kB managed:2983768kB mlocked:0kB kernel_stack:15104kB pagetables:19196kB bounce:0kB free_pcp:4kB local_pcp:0kB free_cma:0kB [ 2181.528507][T26602] lowmem_reserve[]: 0 0 3504 3504 [ 2181.533557][T26602] Normal free:4288kB min:5592kB low:9180kB high:12768kB active_anon:2822784kB inactive_anon:33476kB active_file:384kB inactive_file:432kB unevictable:1452kB writepending:48kB present:4718592kB managed:3588928kB mlocked:1452kB kernel_stack:29024kB pagetables:125840kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2181.563413][T26602] lowmem_reserve[]: 0 0 0 0 [ 2181.567923][T26602] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2181.581318][T26602] DMA32: 18*4kB (UM) 19*8kB (UM) 51*16kB (UMH) 27*32kB (UH) 2*64kB (U) 3*128kB (M) 19*256kB (MH) 8*512kB (MH) 4*1024kB (UMH) 1*2048kB (M) 0*4096kB = 17520kB [ 2181.597080][T26602] Normal: 188*4kB (UMEH) 35*8kB (UME) 30*16kB (UME) 100*32kB (UM) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 4712kB [ 2181.610736][T26602] 10110 total pagecache pages [ 2181.615443][T26602] 0 pages in swap cache [ 2181.619607][T26602] Swap cache stats: add 0, delete 0, find 0/0 [ 2181.625810][T26602] Free swap = 0kB [ 2181.629515][T26602] Total swap = 0kB [ 2181.633225][T26602] 1965979 pages RAM [ 2181.637049][T26602] 0 pages HighMem/MovableOnly [ 2181.641702][T26602] 318829 pages reserved [ 2181.646903][T26602] 0 pages cma reserved [ 2181.651162][T26602] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.5,pid=17227,uid=0 [ 2181.667837][T26602] Out of memory: Killed process 17227 (syz-executor.5) total-vm:75240kB, anon-rss:16564kB, file-rss:35776kB, shmem-rss:0kB, UID:0 pgtables:160kB oom_score_adj:1000 [ 2181.692753][ T23] oom_reaper: reaped process 17227 (syz-executor.5), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 21:33:09 executing program 1: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f0000000240)='status\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x11) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) ioctl$BLKALIGNOFF(0xffffffffffffffff, 0x127a, &(0x7f0000000140)) execveat(r5, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000300)=[&(0x7f00000001c0)='\x00', &(0x7f0000000200)='status\x00'], &(0x7f0000000340), 0x1000) openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:33:09 executing program 2: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x0, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:33:09 executing program 4: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0x0, 0x0) 21:33:10 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/netlink\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x4000, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) [ 2182.260478][T26600] syz-executor.0 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000 [ 2182.277398][T26600] CPU: 0 PID: 26600 Comm: syz-executor.0 Not tainted 5.4.56-syzkaller-00005-g8555f0d9d303 #0 [ 2182.287585][T26600] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2182.297646][T26600] Call Trace: [ 2182.300939][T26600] dump_stack+0x14a/0x1ce [ 2182.305272][T26600] ? devkmsg_release+0x11c/0x11c [ 2182.310216][T26600] ? show_regs_print_info+0x12/0x12 [ 2182.315852][T26600] ? radix_tree_cpu_dead+0x160/0x160 [ 2182.321145][T26600] ? _raw_spin_lock+0xa1/0x170 [ 2182.325921][T26600] ? _raw_spin_trylock_bh+0x190/0x190 [ 2182.331340][T26600] dump_header+0xdb/0x700 [ 2182.335800][T26600] oom_kill_process+0xd3/0x280 [ 2182.340609][T26600] out_of_memory+0x5b6/0x890 [ 2182.345213][T26600] ? unregister_oom_notifier+0x20/0x20 [ 2182.350711][T26600] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2182.356273][T26600] ? get_page_from_freelist+0x7c0/0x7c0 [ 2182.361828][T26600] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2182.367248][T26600] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2182.372838][T26600] pagecache_get_page+0x50f/0x880 [ 2182.377874][T26600] filemap_fault+0x14cb/0x1a30 [ 2182.382669][T26600] ? __down_read+0xf1/0x210 [ 2182.387217][T26600] ? generic_file_read_iter+0x20b0/0x20b0 [ 2182.392952][T26600] ext4_filemap_fault+0x7b/0x90 [ 2182.397813][T26600] handle_mm_fault+0x29ca/0x41e0 [ 2182.402763][T26600] ? _raw_spin_unlock+0x5/0x20 [ 2182.407532][T26600] ? wake_up_new_task+0x9d3/0xb60 [ 2182.412586][T26600] ? finish_fault+0x230/0x230 [ 2182.417273][T26600] ? down_read_trylock+0x17a/0x1d0 [ 2182.422393][T26600] ? vmacache_update+0x9f/0xf0 [ 2182.427169][T26600] do_user_addr_fault+0x48a/0x9f0 [ 2182.432208][T26600] page_fault+0x2f/0x40 [ 2182.436370][T26600] RIP: 0033:0x40f62e [ 2182.440298][T26600] Code: 0f 1f 40 00 48 c7 44 24 10 00 00 00 00 c7 44 24 0c 00 00 00 00 48 8b ac 24 88 00 00 00 48 81 fd 00 00 b9 00 0f 83 48 06 00 00 <4c> 8b 75 00 4c 8d 65 08 4c 89 a4 24 88 00 00 00 49 83 fe ff 0f 84 [ 2182.459913][T26600] RSP: 002b:00007ffc21977af0 EFLAGS: 00010287 [ 2182.465983][T26600] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000214b70 [ 2182.473958][T26600] RDX: 00000000000000a5 RSI: 0000000000000000 RDI: 0000000000000001 [ 2182.482023][T26600] RBP: 0000000000790500 R08: 0000000000000000 R09: 0000000000000000 [ 2182.489999][T26600] R10: 00007ffc21977bd0 R11: 0000000000000246 R12: 00000000000003e8 [ 2182.498408][T26600] R13: 0000000000214be5 R14: 0000000000214bb8 R15: 000000000078bfac [ 2182.507082][T26600] Mem-Info: [ 2182.510245][T26600] active_anon:1413510 inactive_anon:9707 isolated_anon:0 [ 2182.510245][T26600] active_file:43 inactive_file:188 isolated_file:12 [ 2182.510245][T26600] unevictable:363 dirty:0 writeback:0 unstable:0 [ 2182.510245][T26600] slab_reclaimable:10498 slab_unreclaimable:79569 [ 2182.510245][T26600] mapped:57956 shmem:9776 pagetables:36275 bounce:0 [ 2182.510245][T26600] free:10924 free_pcp:473 free_cma:0 [ 2182.554200][T26600] Node 0 active_anon:5651440kB inactive_anon:38828kB active_file:456kB inactive_file:760kB unevictable:1452kB isolated(anon):0kB isolated(file):128kB mapped:232424kB dirty:0kB writeback:0kB shmem:39104kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2182.579416][T26600] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2182.605733][T26600] lowmem_reserve[]: 0 2912 6416 6416 [ 2182.611230][T26600] DMA32 free:22168kB min:4644kB low:7624kB high:10604kB active_anon:2830656kB inactive_anon:5352kB active_file:864kB inactive_file:788kB unevictable:0kB writepending:84kB present:3129332kB managed:2983768kB mlocked:0kB kernel_stack:14912kB pagetables:19112kB bounce:0kB free_pcp:2692kB local_pcp:1496kB free_cma:0kB [ 2182.641934][T26600] lowmem_reserve[]: 0 0 3504 3504 [ 2182.647316][T26600] Normal free:7324kB min:5592kB low:9180kB high:12768kB active_anon:2820784kB inactive_anon:33476kB active_file:20kB inactive_file:28kB unevictable:1452kB writepending:8kB present:4718592kB managed:3588928kB mlocked:1452kB kernel_stack:29024kB pagetables:125860kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2182.677075][T26600] lowmem_reserve[]: 0 0 0 0 [ 2182.681654][T26600] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2182.695125][T26600] DMA32: 1*4kB (E) 154*8kB (UME) 105*16kB (UMEH) 88*32kB (UMEH) 24*64kB (UMEH) 9*128kB (ME) 19*256kB (MEH) 11*512kB (UME) 5*1024kB (MEH) 0*2048kB 0*4096kB = 24036kB [ 2182.712838][T26600] Normal: 574*4kB (UMEH) 110*8kB (UME) 72*16kB (UME) 112*32kB (UM) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 7912kB [ 2182.727550][T26600] 10544 total pagecache pages [ 2182.732357][T26600] 0 pages in swap cache [ 2182.736578][T26600] Swap cache stats: add 0, delete 0, find 0/0 [ 2182.742696][T26600] Free swap = 0kB [ 2182.746487][T26600] Total swap = 0kB [ 2182.750280][T26600] 1965979 pages RAM [ 2182.754171][T26600] 0 pages HighMem/MovableOnly [ 2182.759040][T26600] 318829 pages reserved [ 2182.763390][T26600] 0 pages cma reserved [ 2182.767748][T26600] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.5,pid=16505,uid=0 [ 2182.782133][T26600] Out of memory: Killed process 16505 (syz-executor.5) total-vm:75240kB, anon-rss:16564kB, file-rss:35772kB, shmem-rss:0kB, UID:0 pgtables:160kB oom_score_adj:1000 [ 2182.846209][ T23] oom_reaper: reaped process 16505 (syz-executor.5), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 21:33:11 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/netlink\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x1f00, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) 21:33:11 executing program 5: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/netlink\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) r5 = syz_open_procfs(0x0, &(0x7f0000000000)='pagemap\x00') read$char_usb(r5, 0x0, 0x7ffff000) ioctl$FS_IOC_SETFLAGS(r5, 0x40086602, &(0x7f00000000c0)=0x40000) 21:33:11 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/netlink\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x2500, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) 21:33:11 executing program 3: r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:33:11 executing program 1: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r2, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:33:11 executing program 2: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r3, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:33:11 executing program 2: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r3, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:33:11 executing program 1: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r2, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:33:11 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/netlink\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0xd00, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) 21:33:11 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/netlink\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x1f00, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) 21:33:11 executing program 1: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r2, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:33:11 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/netlink\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x2500, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) 21:33:11 executing program 3: prlimit64(0x0, 0x0, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) [ 2183.554156][T26717] syz-executor.3 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 2183.592057][T26717] CPU: 0 PID: 26717 Comm: syz-executor.3 Not tainted 5.4.56-syzkaller-00005-g8555f0d9d303 #0 [ 2183.602849][T26717] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2183.612904][T26717] Call Trace: [ 2183.616195][T26717] dump_stack+0x14a/0x1ce [ 2183.621397][T26717] ? devkmsg_release+0x11c/0x11c [ 2183.626329][T26717] ? show_regs_print_info+0x12/0x12 [ 2183.631526][T26717] ? radix_tree_cpu_dead+0x160/0x160 [ 2183.636842][T26717] ? _raw_spin_lock+0xa1/0x170 [ 2183.641622][T26717] ? _raw_spin_trylock_bh+0x190/0x190 [ 2183.646989][T26717] dump_header+0xdb/0x700 [ 2183.651329][T26717] oom_kill_process+0xd3/0x280 [ 2183.656081][T26717] out_of_memory+0x5b6/0x890 [ 2183.660677][T26717] ? unregister_oom_notifier+0x20/0x20 [ 2183.666191][T26717] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2183.671789][T26717] ? get_page_from_freelist+0x7c0/0x7c0 [ 2183.677326][T26717] ? __zone_watermark_ok+0x91/0x280 [ 2183.682641][T26717] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2183.688012][T26717] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2183.693738][T26717] ? copy_process+0x5a4/0x5110 [ 2183.698496][T26717] ? kmem_cache_alloc+0x1d5/0x260 [ 2183.703508][T26717] copy_process+0x5f3/0x5110 [ 2183.708091][T26717] ? mem_cgroup_commit_charge+0x1cc/0x2a0 [ 2183.713800][T26717] ? _raw_spin_lock+0xa1/0x170 [ 2183.718567][T26717] ? mem_cgroup_try_charge_delay+0x10/0x10 [ 2183.724379][T26717] ? __lru_cache_add+0x1a1/0x1f0 [ 2183.729311][T26717] ? fork_idle+0x290/0x290 [ 2183.733889][T26717] _do_fork+0x196/0x920 [ 2183.738059][T26717] ? finish_fault+0x230/0x230 [ 2183.742735][T26717] ? up_write+0xa1/0x190 [ 2183.747092][T26717] ? dup_mm+0x300/0x300 [ 2183.751275][T26717] __x64_sys_clone+0x25e/0x2c0 [ 2183.756034][T26717] ? __ia32_sys_vfork+0x110/0x110 [ 2183.761063][T26717] ? do_user_addr_fault+0x55c/0x9f0 [ 2183.766360][T26717] do_syscall_64+0xcb/0x150 [ 2183.770870][T26717] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2183.776752][T26717] RIP: 0033:0x45f6a9 [ 2183.780618][T26717] Code: ff 48 85 f6 0f 84 57 8c fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c 2e 8c fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 2183.800203][T26717] RSP: 002b:00007ffd7c796528 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 2183.808611][T26717] RAX: ffffffffffffffda RBX: 00007fbf5aa13700 RCX: 000000000045f6a9 [ 2183.817273][T26717] RDX: 00007fbf5aa139d0 RSI: 00007fbf5aa12db0 RDI: 00000000003d0f00 [ 2183.825229][T26717] RBP: 00007ffd7c796750 R08: 00007fbf5aa13700 R09: 00007fbf5aa13700 [ 2183.833186][T26717] R10: 00007fbf5aa139d0 R11: 0000000000000202 R12: 0000000000000000 [ 2183.841142][T26717] R13: 00007ffd7c7965df R14: 00007fbf5aa139c0 R15: 000000000078bfac [ 2183.851128][T26717] Mem-Info: [ 2183.854299][T26717] active_anon:1414099 inactive_anon:9707 isolated_anon:0 [ 2183.854299][T26717] active_file:29 inactive_file:1 isolated_file:0 [ 2183.854299][T26717] unevictable:363 dirty:6 writeback:0 unstable:0 [ 2183.854299][T26717] slab_reclaimable:10485 slab_unreclaimable:79382 [ 2183.854299][T26717] mapped:57895 shmem:9776 pagetables:36386 bounce:0 [ 2183.854299][T26717] free:10757 free_pcp:332 free_cma:0 [ 2183.894080][T26717] Node 0 active_anon:5656484kB inactive_anon:38828kB active_file:164kB inactive_file:12kB unevictable:1452kB isolated(anon):0kB isolated(file):0kB mapped:231580kB dirty:24kB writeback:0kB shmem:39104kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2183.919271][T26717] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2183.946628][T26717] lowmem_reserve[]: 0 2912 6416 6416 [ 2183.952968][T26717] DMA32 free:18944kB min:4644kB low:7624kB high:10604kB active_anon:2837108kB inactive_anon:5352kB active_file:148kB inactive_file:300kB unevictable:0kB writepending:16kB present:3129332kB managed:2983768kB mlocked:0kB kernel_stack:14912kB pagetables:19892kB bounce:0kB free_pcp:300kB local_pcp:132kB free_cma:0kB [ 2183.985336][T26717] lowmem_reserve[]: 0 0 3504 3504 [ 2183.990636][T26717] Normal free:5304kB min:5592kB low:9180kB high:12768kB active_anon:2823200kB inactive_anon:33476kB active_file:8kB inactive_file:0kB unevictable:1452kB writepending:8kB present:4718592kB managed:3588928kB mlocked:1452kB kernel_stack:29120kB pagetables:125660kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2184.020842][T26717] lowmem_reserve[]: 0 0 0 0 [ 2184.025407][T26717] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2184.038800][T26717] DMA32: 52*4kB (UME) 22*8kB (UME) 37*16kB (UMEH) 16*32kB (UMEH) 9*64kB (UMEH) 8*128kB (ME) 20*256kB (MEH) 10*512kB (UM) 5*1024kB (MEH) 0*2048kB 0*4096kB = 18448kB [ 2184.055167][T26717] Normal: 158*4kB (UME) 38*8kB (UME) 54*16kB (UME) 117*32kB (UM) 0*64kB 2*128kB (U) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 5800kB [ 2184.069105][T26717] 10104 total pagecache pages [ 2184.073757][T26717] 0 pages in swap cache [ 2184.077922][T26717] Swap cache stats: add 0, delete 0, find 0/0 [ 2184.084167][T26717] Free swap = 0kB [ 2184.087908][T26717] Total swap = 0kB [ 2184.091627][T26717] 1965979 pages RAM [ 2184.095431][T26717] 0 pages HighMem/MovableOnly [ 2184.100119][T26717] 318829 pages reserved [ 2184.104258][T26717] 0 pages cma reserved [ 2184.108341][T26717] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.0,pid=23485,uid=0 [ 2184.122469][T26717] Out of memory: Killed process 23485 (syz-executor.0) total-vm:75108kB, anon-rss:16560kB, file-rss:35776kB, shmem-rss:0kB, UID:0 pgtables:156kB oom_score_adj:1000 [ 2184.146331][ T23] oom_reaper: reaped process 23485 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 2184.187791][ T361] syz-executor.0 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 2184.226959][ T361] CPU: 0 PID: 361 Comm: syz-executor.0 Not tainted 5.4.56-syzkaller-00005-g8555f0d9d303 #0 [ 2184.236979][ T361] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2184.247039][ T361] Call Trace: [ 2184.250339][ T361] dump_stack+0x14a/0x1ce [ 2184.254680][ T361] ? devkmsg_release+0x11c/0x11c [ 2184.259628][ T361] ? show_regs_print_info+0x12/0x12 [ 2184.264828][ T361] ? radix_tree_cpu_dead+0x160/0x160 [ 2184.270552][ T361] ? _raw_spin_lock+0xa1/0x170 [ 2184.275359][ T361] ? _raw_spin_trylock_bh+0x190/0x190 [ 2184.280740][ T361] dump_header+0xdb/0x700 [ 2184.285098][ T361] oom_kill_process+0xd3/0x280 [ 2184.289867][ T361] out_of_memory+0x5b6/0x890 [ 2184.294461][ T361] ? unregister_oom_notifier+0x20/0x20 [ 2184.299929][ T361] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2184.305495][ T361] ? get_page_from_freelist+0x7c0/0x7c0 [ 2184.311089][ T361] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2184.316480][ T361] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2184.322042][ T361] pagecache_get_page+0x50f/0x880 [ 2184.327117][ T361] filemap_fault+0x14cb/0x1a30 [ 2184.332001][ T361] ? __down_read+0xf1/0x210 [ 2184.336509][ T361] ? generic_file_read_iter+0x20b0/0x20b0 [ 2184.342224][ T361] ? is_mmconf_reserved+0x420/0x420 [ 2184.347448][ T361] ext4_filemap_fault+0x7b/0x90 [ 2184.352306][ T361] handle_mm_fault+0x29ca/0x41e0 [ 2184.357276][ T361] ? finish_fault+0x230/0x230 [ 2184.361959][ T361] ? get_timespec64+0x11f/0x1d0 [ 2184.366820][ T361] ? down_read_trylock+0x17a/0x1d0 [ 2184.371940][ T361] ? vmacache_find+0x205/0x4b0 [ 2184.376720][ T361] do_user_addr_fault+0x48a/0x9f0 [ 2184.381761][ T361] page_fault+0x2f/0x40 21:33:12 executing program 2: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r3, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:33:12 executing program 1: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r2, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) [ 2184.385953][ T361] RIP: 0033:0x4105de [ 2184.389851][ T361] Code: 89 c6 48 8b 05 c3 35 89 00 4c 89 f3 44 8b 20 eb 48 0f 1f 00 bf e8 03 00 00 e8 8e c6 04 00 e8 79 2d ff ff 48 8b 15 a2 35 89 00 <8b> 0a 48 89 c2 41 39 cc 48 0f 45 d8 4c 29 f2 48 81 fa 87 13 00 00 [ 2184.409465][ T361] RSP: 002b:00007ffc21977cb0 EFLAGS: 00010202 [ 2184.415541][ T361] RAX: 000000000021532a RBX: 0000000000215148 RCX: 0000000000214f58 [ 2184.423518][ T361] RDX: 0000001b31e20000 RSI: 0000000000000000 RDI: 0000000000000001 [ 2184.431536][ T361] RBP: 0000000000003227 R08: 0000000000000001 R09: 000000000124f940 [ 2184.439515][ T361] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 2184.447493][ T361] R13: 00007ffc21977ce0 R14: 0000000000215145 R15: 00007ffc21977cf0 [ 2184.465062][ T361] Mem-Info: [ 2184.468314][ T361] active_anon:1414853 inactive_anon:9707 isolated_anon:0 [ 2184.468314][ T361] active_file:58 inactive_file:39 isolated_file:11 [ 2184.468314][ T361] unevictable:363 dirty:6 writeback:0 unstable:0 [ 2184.468314][ T361] slab_reclaimable:10485 slab_unreclaimable:79321 [ 2184.468314][ T361] mapped:57939 shmem:9776 pagetables:36388 bounce:0 [ 2184.468314][ T361] free:9960 free_pcp:398 free_cma:0 [ 2184.507209][ T361] Node 0 active_anon:5659412kB inactive_anon:38828kB active_file:232kB inactive_file:156kB unevictable:1452kB isolated(anon):0kB isolated(file):44kB mapped:231856kB dirty:24kB writeback:0kB shmem:39104kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2184.531857][ T361] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2184.557871][ T361] lowmem_reserve[]: 0 2912 6416 6416 [ 2184.563162][ T361] DMA32 free:18780kB min:4644kB low:7624kB high:10604kB active_anon:2838280kB inactive_anon:5352kB active_file:176kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2983768kB mlocked:0kB kernel_stack:14848kB pagetables:19788kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2184.591911][ T361] lowmem_reserve[]: 0 0 3504 3504 [ 2184.596984][ T361] Normal free:5536kB min:5592kB low:9180kB high:12768kB active_anon:2821328kB inactive_anon:33476kB active_file:384kB inactive_file:408kB unevictable:1452kB writepending:0kB present:4718592kB managed:3588928kB mlocked:1452kB kernel_stack:29120kB pagetables:125684kB bounce:0kB free_pcp:1972kB local_pcp:496kB free_cma:0kB [ 2184.627707][ T361] lowmem_reserve[]: 0 0 0 0 [ 2184.632477][ T361] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2184.649626][ T361] DMA32: 59*4kB (UME) 23*8kB (UME) 44*16kB (UMEH) 22*32kB (UMEH) 10*64kB (UMEH) 8*128kB (ME) 20*256kB (MEH) 10*512kB (UM) 5*1024kB (MEH) 0*2048kB 0*4096kB = 18852kB [ 2184.669333][ T361] Normal: 60*4kB (E) 11*8kB (E) 3*16kB (ME) 5*32kB (UM) 18*64kB (UM) 13*128kB (M) 4*256kB (M) 3*512kB (M) 0*1024kB 0*2048kB 0*4096kB = 5912kB [ 2184.684607][ T361] 10251 total pagecache pages [ 2184.689499][ T361] 0 pages in swap cache [ 2184.693813][ T361] Swap cache stats: add 0, delete 0, find 0/0 [ 2184.700095][ T361] Free swap = 0kB [ 2184.704009][ T361] Total swap = 0kB [ 2184.707887][ T361] 1965979 pages RAM [ 2184.711844][ T361] 0 pages HighMem/MovableOnly [ 2184.716734][ T361] 318829 pages reserved [ 2184.721062][ T361] 0 pages cma reserved [ 2184.725303][ T361] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.0,pid=22425,uid=0 [ 2184.739675][ T361] Out of memory: Killed process 22425 (syz-executor.0) total-vm:75240kB, anon-rss:16556kB, file-rss:35776kB, shmem-rss:0kB, UID:0 pgtables:160kB oom_score_adj:1000 [ 2184.768613][ T23] oom_reaper: reaped process 22425 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 2185.046286][T26715] syz-executor.0 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 2185.059200][T26715] CPU: 0 PID: 26715 Comm: syz-executor.0 Not tainted 5.4.56-syzkaller-00005-g8555f0d9d303 #0 [ 2185.069384][T26715] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2185.079967][T26715] Call Trace: [ 2185.083275][T26715] dump_stack+0x14a/0x1ce [ 2185.087740][T26715] ? devkmsg_release+0x11c/0x11c [ 2185.092688][T26715] ? show_regs_print_info+0x12/0x12 [ 2185.097925][T26715] ? radix_tree_cpu_dead+0x160/0x160 [ 2185.103208][T26715] ? _raw_spin_lock+0xa1/0x170 [ 2185.107958][T26715] ? _raw_spin_trylock_bh+0x190/0x190 [ 2185.113307][T26715] dump_header+0xdb/0x700 [ 2185.117621][T26715] oom_kill_process+0xd3/0x280 [ 2185.122406][T26715] out_of_memory+0x5b6/0x890 [ 2185.126974][T26715] ? unregister_oom_notifier+0x20/0x20 [ 2185.132424][T26715] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2185.137974][T26715] ? get_page_from_freelist+0x7c0/0x7c0 [ 2185.143528][T26715] ? __zone_watermark_ok+0x91/0x280 [ 2185.148732][T26715] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2185.154130][T26715] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2185.159670][T26715] ? copy_process+0x5a4/0x5110 [ 2185.164435][T26715] ? copy_process+0x5a4/0x5110 [ 2185.169325][T26715] ? kmem_cache_alloc+0x1d5/0x260 [ 2185.174378][T26715] copy_process+0x5f3/0x5110 [ 2185.179009][T26715] ? lru_add_drain_per_cpu+0x50/0x50 [ 2185.184340][T26715] ? __pagevec_lru_add_fn+0x5cc/0x760 [ 2185.189713][T26715] ? pagevec_lru_move_fn+0x193/0x210 [ 2185.195104][T26715] ? __pagevec_release+0x130/0x130 [ 2185.200266][T26715] ? __lru_cache_add+0x1a1/0x1f0 [ 2185.205189][T26715] ? fork_idle+0x290/0x290 [ 2185.209711][T26715] _do_fork+0x196/0x920 [ 2185.213843][T26715] ? finish_fault+0x230/0x230 [ 2185.218504][T26715] ? up_write+0xa1/0x190 [ 2185.222743][T26715] ? dup_mm+0x300/0x300 [ 2185.226925][T26715] __x64_sys_clone+0x25e/0x2c0 [ 2185.231663][T26715] ? __ia32_sys_vfork+0x110/0x110 [ 2185.237399][T26715] ? do_user_addr_fault+0x55c/0x9f0 [ 2185.242719][T26715] do_syscall_64+0xcb/0x150 [ 2185.247418][T26715] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2185.253315][T26715] RIP: 0033:0x45f6a9 [ 2185.257205][T26715] Code: ff 48 85 f6 0f 84 57 8c fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c 2e 8c fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 2185.276986][T26715] RSP: 002b:00007ffc219779b8 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 2185.285389][T26715] RAX: ffffffffffffffda RBX: 00007fde41c29700 RCX: 000000000045f6a9 [ 2185.293385][T26715] RDX: 00007fde41c299d0 RSI: 00007fde41c28db0 RDI: 00000000003d0f00 [ 2185.301348][T26715] RBP: 00007ffc21977be0 R08: 00007fde41c29700 R09: 00007fde41c29700 [ 2185.309300][T26715] R10: 00007fde41c299d0 R11: 0000000000000202 R12: 0000000000000000 [ 2185.317272][T26715] R13: 00007ffc21977a6f R14: 00007fde41c299c0 R15: 000000000078bfac [ 2185.326020][T26715] Mem-Info: [ 2185.329862][T26715] active_anon:1412366 inactive_anon:9707 isolated_anon:0 [ 2185.329862][T26715] active_file:88 inactive_file:926 isolated_file:32 [ 2185.329862][T26715] unevictable:363 dirty:11 writeback:0 unstable:0 [ 2185.329862][T26715] slab_reclaimable:10480 slab_unreclaimable:79394 [ 2185.329862][T26715] mapped:58747 shmem:9776 pagetables:36305 bounce:0 [ 2185.329862][T26715] free:11760 free_pcp:294 free_cma:0 [ 2185.368855][T26715] Node 0 active_anon:5649464kB inactive_anon:38828kB active_file:0kB inactive_file:804kB unevictable:1452kB isolated(anon):0kB isolated(file):0kB mapped:231588kB dirty:44kB writeback:0kB shmem:39104kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2185.396236][T26715] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2185.426909][T26715] lowmem_reserve[]: 0 2912 6416 6416 [ 2185.432355][T26715] DMA32 free:19716kB min:4644kB low:7624kB high:10604kB active_anon:2838280kB inactive_anon:5352kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2983768kB mlocked:0kB kernel_stack:14848kB pagetables:19788kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2185.463416][T26715] lowmem_reserve[]: 0 0 3504 3504 [ 2185.468790][T26715] Normal free:16336kB min:5592kB low:9180kB high:12768kB active_anon:2811184kB inactive_anon:33476kB active_file:200kB inactive_file:128kB unevictable:1452kB writepending:60kB present:4718592kB managed:3588928kB mlocked:1452kB kernel_stack:29056kB pagetables:125432kB bounce:0kB free_pcp:364kB local_pcp:0kB free_cma:0kB [ 2185.499810][T26715] lowmem_reserve[]: 0 0 0 0 [ 2185.505216][T26715] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2185.518817][T26715] DMA32: 61*4kB (UME) 23*8kB (UME) 44*16kB (UMEH) 49*32kB (UMEH) 10*64kB (UMEH) 8*128kB (ME) 20*256kB (MEH) 10*512kB (UM) 5*1024kB (MEH) 0*2048kB 0*4096kB = 19724kB [ 2185.536089][T26715] Normal: 61*4kB (UE) 38*8kB (UME) 35*16kB (ME) 15*32kB (M) 3*64kB (UM) 30*128kB (M) 11*256kB (M) 7*512kB (UM) 3*1024kB (UM) 0*2048kB 0*4096kB = 15092kB [ 2185.553502][T26715] 10326 total pagecache pages [ 2185.558688][T26715] 0 pages in swap cache [ 2185.564453][T26715] Swap cache stats: add 0, delete 0, find 0/0 [ 2185.570514][T26715] Free swap = 0kB [ 2185.574565][T26715] Total swap = 0kB [ 2185.578283][T26715] 1965979 pages RAM [ 2185.582424][T26715] 0 pages HighMem/MovableOnly [ 2185.587147][T26715] 318829 pages reserved [ 2185.591327][T26715] 0 pages cma reserved [ 2185.595949][T26715] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.0,pid=15945,uid=0 [ 2185.610219][T26715] Out of memory: Killed process 15945 (syz-executor.0) total-vm:75240kB, anon-rss:16556kB, file-rss:35776kB, shmem-rss:0kB, UID:0 pgtables:160kB oom_score_adj:1000 [ 2185.639863][ T23] oom_reaper: reaped process 15945 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 2185.761148][T26717] syz-executor.3 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 2185.782882][T26717] CPU: 1 PID: 26717 Comm: syz-executor.3 Not tainted 5.4.56-syzkaller-00005-g8555f0d9d303 #0 [ 2185.793360][T26717] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2185.804025][T26717] Call Trace: [ 2185.807730][T26717] dump_stack+0x14a/0x1ce [ 2185.813435][T26717] ? devkmsg_release+0x11c/0x11c [ 2185.824563][T26717] ? show_regs_print_info+0x12/0x12 [ 2185.830656][T26717] ? radix_tree_cpu_dead+0x160/0x160 [ 2185.835938][T26717] ? _raw_spin_lock+0xa1/0x170 [ 2185.840735][T26717] ? _raw_spin_trylock_bh+0x190/0x190 [ 2185.846111][T26717] dump_header+0xdb/0x700 [ 2185.850435][T26717] oom_kill_process+0xd3/0x280 [ 2185.855234][T26717] out_of_memory+0x5b6/0x890 [ 2185.859861][T26717] ? unregister_oom_notifier+0x20/0x20 [ 2185.865355][T26717] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2185.870927][T26717] ? get_page_from_freelist+0x7c0/0x7c0 [ 2185.876481][T26717] ? __zone_watermark_ok+0x91/0x280 [ 2185.881681][T26717] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2185.887081][T26717] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2185.892634][T26717] ? copy_process+0x5a4/0x5110 [ 2185.897402][T26717] ? kmem_cache_alloc+0x1d5/0x260 [ 2185.902441][T26717] copy_process+0x5f3/0x5110 [ 2185.907079][T26717] ? mem_cgroup_commit_charge+0x1cc/0x2a0 [ 2185.912810][T26717] ? _raw_spin_lock+0xa1/0x170 [ 2185.917566][T26717] ? mem_cgroup_try_charge_delay+0x10/0x10 [ 2185.923371][T26717] ? __lru_cache_add+0x1a1/0x1f0 [ 2185.928326][T26717] ? fork_idle+0x290/0x290 [ 2185.932761][T26717] _do_fork+0x196/0x920 [ 2185.936915][T26717] ? finish_fault+0x230/0x230 [ 2185.942158][T26717] ? up_write+0xa1/0x190 [ 2185.946414][T26717] ? dup_mm+0x300/0x300 [ 2185.950571][T26717] __x64_sys_clone+0x25e/0x2c0 [ 2185.955357][T26717] ? __ia32_sys_vfork+0x110/0x110 [ 2185.960384][T26717] ? do_user_addr_fault+0x55c/0x9f0 [ 2185.966301][T26717] do_syscall_64+0xcb/0x150 [ 2185.970790][T26717] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2185.976682][T26717] RIP: 0033:0x45f6a9 [ 2185.980555][T26717] Code: ff 48 85 f6 0f 84 57 8c fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c 2e 8c fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 2186.000242][T26717] RSP: 002b:00007ffd7c796528 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 2186.009693][T26717] RAX: ffffffffffffffda RBX: 00007fbf5aa13700 RCX: 000000000045f6a9 [ 2186.017648][T26717] RDX: 00007fbf5aa139d0 RSI: 00007fbf5aa12db0 RDI: 00000000003d0f00 [ 2186.026152][T26717] RBP: 00007ffd7c796750 R08: 00007fbf5aa13700 R09: 00007fbf5aa13700 [ 2186.035143][T26717] R10: 00007fbf5aa139d0 R11: 0000000000000202 R12: 0000000000000000 [ 2186.043117][T26717] R13: 00007ffd7c7965df R14: 00007fbf5aa139c0 R15: 000000000078bfac [ 2186.059426][T26717] Mem-Info: [ 2186.063027][T26717] active_anon:1404132 inactive_anon:9707 isolated_anon:0 [ 2186.063027][T26717] active_file:137 inactive_file:272 isolated_file:0 [ 2186.063027][T26717] unevictable:363 dirty:3 writeback:0 unstable:0 [ 2186.063027][T26717] slab_reclaimable:10480 slab_unreclaimable:79339 [ 2186.063027][T26717] mapped:58077 shmem:9776 pagetables:36352 bounce:0 [ 2186.063027][T26717] free:19872 free_pcp:956 free_cma:0 21:33:14 executing program 4: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/netlink\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) r5 = syz_open_procfs(0x0, &(0x7f0000000000)='pagemap\x00') read$char_usb(r5, 0x0, 0x7ffff000) lseek(r5, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) prctl$PR_SET_MM_AUXV(0x23, 0xc, &(0x7f00000000c0)="c0b204f24f064380f516dc64b7ed9ad3398c1cb81d8b92574a7411f7db7c82bc5b50ead2b473d58cd9b103fc", 0x2c) 21:33:14 executing program 0: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r3, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) [ 2186.105342][T26717] Node 0 active_anon:5616528kB inactive_anon:38828kB active_file:948kB inactive_file:8088kB unevictable:1452kB isolated(anon):0kB isolated(file):0kB mapped:237808kB dirty:12kB writeback:0kB shmem:39104kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no 21:33:14 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/netlink\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0xd00, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) [ 2186.148118][T26717] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2186.176167][T26717] lowmem_reserve[]: 0 2912 6416 6416 [ 2186.183995][T26717] DMA32 free:28600kB min:4644kB low:7624kB high:10604kB active_anon:2830216kB inactive_anon:5352kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2983768kB mlocked:0kB kernel_stack:14592kB pagetables:19788kB bounce:0kB free_pcp:1500kB local_pcp:0kB free_cma:0kB 21:33:14 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/netlink\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x900, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) [ 2186.213765][T26717] lowmem_reserve[]: 0 0 3504 3504 [ 2186.219227][T26717] Normal free:42724kB min:13784kB low:17372kB high:20960kB active_anon:2770556kB inactive_anon:33476kB active_file:996kB inactive_file:8700kB unevictable:1452kB writepending:12kB present:4718592kB managed:3588928kB mlocked:1452kB kernel_stack:29344kB pagetables:125620kB bounce:0kB free_pcp:1424kB local_pcp:516kB free_cma:0kB [ 2186.250856][T26717] lowmem_reserve[]: 0 0 0 0 [ 2186.255586][T26717] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2186.269650][T26717] DMA32: 648*4kB (UME) 186*8kB (UME) 157*16kB (UMEH) 78*32kB (UMEH) 20*64kB (UMEH) 27*128kB (UME) 20*256kB (MEH) 10*512kB (UM) 5*1024kB (MEH) 0*2048kB 0*4096kB = 29184kB [ 2186.411892][T26717] Normal: 306*4kB (UMEH) 97*8kB (MEH) 327*16kB (UME) 299*32kB (UM) 138*64kB (UM) 52*128kB (UM) 10*256kB (UM) 3*512kB (M) 2*1024kB (UM) 0*2048kB 0*4096kB = 38432kB [ 2186.429269][T26717] 11604 total pagecache pages [ 2186.434211][T26717] 0 pages in swap cache [ 2186.438658][T26717] Swap cache stats: add 0, delete 0, find 0/0 [ 2186.447591][T26717] Free swap = 0kB 21:33:14 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/netlink\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0xd00, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) 21:33:14 executing program 4: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:33:14 executing program 0: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) fcntl$addseals(r1, 0x409, 0x3) r3 = syz_open_procfs(0x0, &(0x7f0000000240)='status\x00') ioctl$BINDER_GET_NODE_INFO_FOR_REF(0xffffffffffffffff, 0xc018620c, &(0x7f0000000040)={0x3}) preadv(r3, &(0x7f00000017c0), 0x0, 0x3, 0x11) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) execveat(r4, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000300)=[&(0x7f00000001c0)='\x00', &(0x7f0000000200)='status\x00'], &(0x7f0000000340), 0x1000) openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:33:14 executing program 2: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) [ 2186.462266][T26717] Total swap = 0kB [ 2186.473322][T26717] 1965979 pages RAM [ 2186.482138][T26717] 0 pages HighMem/MovableOnly [ 2186.490631][T26717] 318829 pages reserved [ 2186.495949][T26717] 0 pages cma reserved 21:33:14 executing program 3: prlimit64(0x0, 0x0, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:33:14 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/netlink\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x900, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) [ 2186.504681][T26717] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.4,pid=26729,uid=0 21:33:14 executing program 0: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000000)='pagemap\x00') read$char_usb(r1, 0x0, 0x7ffff000) setsockopt$inet6_MRT6_ADD_MFC_PROXY(r1, 0x29, 0xd2, &(0x7f0000000200)={{0xa, 0x4e23, 0x5, @dev={0xfe, 0x80, [], 0x2f}, 0x1}, {0xa, 0x4e21, 0x1, @dev={0xfe, 0x80, [], 0x3c}, 0x7fff}, 0x5, [0x2, 0xce9f, 0x8000, 0x3, 0x1000, 0x0, 0x467, 0x8e32]}, 0x5c) r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/self/net/pfkey\x00', 0x4000, 0x0) getsockopt$inet_int(r2, 0x0, 0x3, &(0x7f0000000140), &(0x7f00000001c0)=0x4) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/netlink\x00') preadv(r5, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='io.stat\x00', 0x0, 0x0) 21:33:14 executing program 2: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:33:14 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/netlink\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x900, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) 21:33:14 executing program 5: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) sendmsg$AUDIT_MAKE_EQUIV(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000340)={&(0x7f00000002c0)={0x28, 0x3f7, 0x2, 0x70bd2d, 0x25dfdbfb, {0x7, 0x7, './file0', './file1'}, ["", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x4000000}, 0x4) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f0000000240)='status\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x11) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) execveat(r5, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000300)=[&(0x7f00000001c0)='\x00', &(0x7f0000000200)='status\x00'], &(0x7f0000000340), 0x1000) openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:33:14 executing program 3: prlimit64(0x0, 0x0, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:33:14 executing program 2: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:33:15 executing program 5: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) sendmsg$AUDIT_MAKE_EQUIV(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000340)={&(0x7f00000002c0)={0x28, 0x3f7, 0x2, 0x70bd2d, 0x25dfdbfb, {0x7, 0x7, './file0', './file1'}, ["", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x4000000}, 0x4) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f0000000240)='status\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x11) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) execveat(r5, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000300)=[&(0x7f00000001c0)='\x00', &(0x7f0000000200)='status\x00'], &(0x7f0000000340), 0x1000) openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:33:15 executing program 4: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x60, 0x0, 0x2, 0x0, 0x0, 0x800000, 0x7ff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f0000000240)='status\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x11) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) execveat(r5, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000300)=[&(0x7f00000001c0)='\x00', &(0x7f0000000200)='status\x00'], &(0x7f0000000340), 0x1000) openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0) sendmsg$IPVS_CMD_SET_CONFIG(r5, &(0x7f0000000540)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000500)={&(0x7f0000000340)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="1bd827bd7000fddbdf250c000000038005000800060000000500080005000000050008000900000014000600fc02000000000000000000000000000114000600fe800000000000000000006852000000002f14000200626f6e645f736c6176655f3000000000080005007f0000015c0003801400060000000000000000000000000000000000140006002001000000000000000000000000000005000800050000000800010000000000060007004e2400000700000002000001000000060004003f000000300003800800030004000000060007004e23000014000600ff02000000000000000000000000000108000100020000000800050000010000280003800800030003000000060007004e230000140002007465616d5f736c6176655f30000000002400018008000b0073697000060004004e20000008000800050000000800050001000000140001800600020002000000060002003c000000140003800800030001000000080800040000010000000000"], 0x18c}, 0x1, 0x0, 0x0, 0x4000000}, 0x4) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:33:15 executing program 0: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000000)='pagemap\x00') read$char_usb(r1, 0x0, 0x7ffff000) setsockopt$inet6_MRT6_ADD_MFC_PROXY(r1, 0x29, 0xd2, &(0x7f0000000200)={{0xa, 0x4e23, 0x5, @dev={0xfe, 0x80, [], 0x2f}, 0x1}, {0xa, 0x4e21, 0x1, @dev={0xfe, 0x80, [], 0x3c}, 0x7fff}, 0x5, [0x2, 0xce9f, 0x8000, 0x3, 0x1000, 0x0, 0x467, 0x8e32]}, 0x5c) r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/self/net/pfkey\x00', 0x4000, 0x0) getsockopt$inet_int(r2, 0x0, 0x3, &(0x7f0000000140), &(0x7f00000001c0)=0x4) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/netlink\x00') preadv(r5, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='io.stat\x00', 0x0, 0x0) 21:33:15 executing program 3: prlimit64(0x0, 0xe, 0x0, 0x0) getpid() sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r3, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:33:15 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/netlink\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x900, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) 21:33:15 executing program 2: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0), 0x0, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:33:15 executing program 5: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) sendmsg$AUDIT_MAKE_EQUIV(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000340)={&(0x7f00000002c0)={0x28, 0x3f7, 0x2, 0x70bd2d, 0x25dfdbfb, {0x7, 0x7, './file0', './file1'}, ["", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x4000000}, 0x4) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f0000000240)='status\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x11) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) execveat(r5, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000300)=[&(0x7f00000001c0)='\x00', &(0x7f0000000200)='status\x00'], &(0x7f0000000340), 0x1000) openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:33:15 executing program 4: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x60, 0x0, 0x2, 0x0, 0x0, 0x800000, 0x7ff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f0000000240)='status\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x11) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) execveat(r5, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000300)=[&(0x7f00000001c0)='\x00', &(0x7f0000000200)='status\x00'], &(0x7f0000000340), 0x1000) openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0) sendmsg$IPVS_CMD_SET_CONFIG(r5, &(0x7f0000000540)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000500)={&(0x7f0000000340)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="1bd827bd7000fddbdf250c000000038005000800060000000500080005000000050008000900000014000600fc02000000000000000000000000000114000600fe800000000000000000006852000000002f14000200626f6e645f736c6176655f3000000000080005007f0000015c0003801400060000000000000000000000000000000000140006002001000000000000000000000000000005000800050000000800010000000000060007004e2400000700000002000001000000060004003f000000300003800800030004000000060007004e23000014000600ff02000000000000000000000000000108000100020000000800050000010000280003800800030003000000060007004e230000140002007465616d5f736c6176655f30000000002400018008000b0073697000060004004e20000008000800050000000800050001000000140001800600020002000000060002003c000000140003800800030001000000080800040000010000000000"], 0x18c}, 0x1, 0x0, 0x0, 0x4000000}, 0x4) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:33:15 executing program 2: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0), 0x0, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:33:15 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/netlink\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x900, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) 21:33:15 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000000)='pagemap\x00') read$char_usb(r3, 0x0, 0x7ffff000) ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r3, 0x400c6615, &(0x7f0000000040)={0x0, @adiantum}) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0x5f20, 0x0, 0x40000000}, 0x0) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/netlink\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:33:15 executing program 5: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:33:15 executing program 3: prlimit64(0x0, 0xe, 0x0, 0x0) getpid() sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r3, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:33:16 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/netlink\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x900, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) 21:33:16 executing program 4: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x60, 0x0, 0x2, 0x0, 0x0, 0x800000, 0x7ff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f0000000240)='status\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x11) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) execveat(r5, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000300)=[&(0x7f00000001c0)='\x00', &(0x7f0000000200)='status\x00'], &(0x7f0000000340), 0x1000) openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0) sendmsg$IPVS_CMD_SET_CONFIG(r5, &(0x7f0000000540)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000500)={&(0x7f0000000340)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="1bd827bd7000fddbdf250c000000038005000800060000000500080005000000050008000900000014000600fc02000000000000000000000000000114000600fe800000000000000000006852000000002f14000200626f6e645f736c6176655f3000000000080005007f0000015c0003801400060000000000000000000000000000000000140006002001000000000000000000000000000005000800050000000800010000000000060007004e2400000700000002000001000000060004003f000000300003800800030004000000060007004e23000014000600ff02000000000000000000000000000108000100020000000800050000010000280003800800030003000000060007004e230000140002007465616d5f736c6176655f30000000002400018008000b0073697000060004004e20000008000800050000000800050001000000140001800600020002000000060002003c000000140003800800030001000000080800040000010000000000"], 0x18c}, 0x1, 0x0, 0x0, 0x4000000}, 0x4) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:33:16 executing program 2: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0), 0x0, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:33:16 executing program 3: prlimit64(0x0, 0xe, 0x0, 0x0) getpid() sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r3, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:33:16 executing program 2: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:33:16 executing program 3: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:33:16 executing program 4: prlimit64(0x0, 0xe, 0x0, 0x0) getpid() sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r3, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:33:16 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/netlink\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x900, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) [ 2188.478442][T26960] syz-executor.3 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 2188.499493][T26960] CPU: 1 PID: 26960 Comm: syz-executor.3 Not tainted 5.4.56-syzkaller-00005-g8555f0d9d303 #0 [ 2188.509651][T26960] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2188.519715][T26960] Call Trace: [ 2188.523008][T26960] dump_stack+0x14a/0x1ce [ 2188.527337][T26960] ? devkmsg_release+0x11c/0x11c [ 2188.532272][T26960] ? show_regs_print_info+0x12/0x12 [ 2188.537463][T26960] ? radix_tree_cpu_dead+0x160/0x160 [ 2188.542734][T26960] ? _raw_spin_lock+0xa1/0x170 [ 2188.547506][T26960] ? _raw_spin_trylock_bh+0x190/0x190 [ 2188.552862][T26960] dump_header+0xdb/0x700 [ 2188.557176][T26960] oom_kill_process+0xd3/0x280 [ 2188.561938][T26960] out_of_memory+0x5b6/0x890 [ 2188.566531][T26960] ? unregister_oom_notifier+0x20/0x20 [ 2188.571982][T26960] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2188.577539][T26960] ? get_page_from_freelist+0x7c0/0x7c0 [ 2188.583071][T26960] ? __zone_watermark_ok+0x91/0x280 [ 2188.588258][T26960] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2188.593621][T26960] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2188.599174][T26960] ? copy_process+0x5a4/0x5110 [ 2188.603927][T26960] ? kmem_cache_alloc+0x1d5/0x260 [ 2188.608940][T26960] copy_process+0x5f3/0x5110 [ 2188.613545][T26960] ? mem_cgroup_commit_charge+0x1cc/0x2a0 [ 2188.619267][T26960] ? _raw_spin_lock+0xa1/0x170 [ 2188.624027][T26960] ? mem_cgroup_try_charge_delay+0x10/0x10 [ 2188.629849][T26960] ? __lru_cache_add+0x1a1/0x1f0 [ 2188.635486][T26960] ? fork_idle+0x290/0x290 [ 2188.639896][T26960] _do_fork+0x196/0x920 [ 2188.644067][T26960] ? finish_fault+0x230/0x230 [ 2188.648774][T26960] ? up_write+0xa1/0x190 [ 2188.653019][T26960] ? dup_mm+0x300/0x300 [ 2188.657175][T26960] __x64_sys_clone+0x25e/0x2c0 [ 2188.661952][T26960] ? __ia32_sys_vfork+0x110/0x110 [ 2188.666971][T26960] ? __fpregs_load_activate+0x2d3/0x390 [ 2188.672519][T26960] ? do_user_addr_fault+0x55c/0x9f0 [ 2188.677721][T26960] do_syscall_64+0xcb/0x150 [ 2188.682215][T26960] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2188.688124][T26960] RIP: 0033:0x45f6a9 [ 2188.692011][T26960] Code: ff 48 85 f6 0f 84 57 8c fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c 2e 8c fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 2188.711618][T26960] RSP: 002b:00007ffd7c796528 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 2188.720026][T26960] RAX: ffffffffffffffda RBX: 00007fbf5aa13700 RCX: 000000000045f6a9 [ 2188.727985][T26960] RDX: 00007fbf5aa139d0 RSI: 00007fbf5aa12db0 RDI: 00000000003d0f00 [ 2188.735958][T26960] RBP: 00007ffd7c796750 R08: 00007fbf5aa13700 R09: 00007fbf5aa13700 [ 2188.743917][T26960] R10: 00007fbf5aa139d0 R11: 0000000000000202 R12: 0000000000000000 [ 2188.752829][T26960] R13: 00007ffd7c7965df R14: 00007fbf5aa139c0 R15: 000000000078bfac [ 2188.761692][T26960] Mem-Info: [ 2188.766272][T26960] active_anon:1406561 inactive_anon:9707 isolated_anon:771 [ 2188.766272][T26960] active_file:141 inactive_file:476 isolated_file:5 [ 2188.766272][T26960] unevictable:363 dirty:12 writeback:0 unstable:0 [ 2188.766272][T26960] slab_reclaimable:10462 slab_unreclaimable:79124 [ 2188.766272][T26960] mapped:58147 shmem:9776 pagetables:36479 bounce:0 [ 2188.766272][T26960] free:16840 free_pcp:702 free_cma:0 21:33:16 executing program 2: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:33:16 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/netlink\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x900, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) 21:33:16 executing program 0: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f0000000240)='status\x00') preadv(r2, &(0x7f00000017c0), 0x375, 0x0, 0x11) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) execveat(r3, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000300)=[&(0x7f00000001c0)='\x00', &(0x7f0000000200)='status\x00'], &(0x7f0000000340), 0x1000) openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) [ 2188.806078][T26960] Node 0 active_anon:5625744kB inactive_anon:38828kB active_file:664kB inactive_file:3804kB unevictable:1452kB isolated(anon):3584kB isolated(file):20kB mapped:234288kB dirty:48kB writeback:0kB shmem:39104kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2188.873910][T26960] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2188.965100][T26960] lowmem_reserve[]: 0 2912 6416 6416 [ 2188.979572][T26960] DMA32 free:25152kB min:4644kB low:7624kB high:10604kB active_anon:2833632kB inactive_anon:5352kB active_file:32kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2983768kB mlocked:0kB kernel_stack:15136kB pagetables:19640kB bounce:0kB free_pcp:1776kB local_pcp:1440kB free_cma:0kB [ 2189.086176][T26960] lowmem_reserve[]: 0 0 3504 3504 [ 2189.091276][T26960] Normal free:13144kB min:5592kB low:9180kB high:12768kB active_anon:2806928kB inactive_anon:33476kB active_file:228kB inactive_file:2012kB unevictable:1452kB writepending:196kB present:4718592kB managed:3588928kB mlocked:1452kB kernel_stack:29216kB pagetables:126572kB bounce:0kB free_pcp:1648kB local_pcp:1300kB free_cma:0kB 21:33:17 executing program 4: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvmmsg(0xffffffffffffffff, &(0x7f0000000f40)=[{{&(0x7f0000000340)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x80, &(0x7f0000000a00)=[{&(0x7f00000003c0)=""/175, 0xaf}, {&(0x7f0000000480)=""/211, 0xd3}, {&(0x7f0000000580)=""/255, 0xff}, {&(0x7f0000000680)=""/125, 0x7d}, {&(0x7f0000000700)=""/184, 0xb8}, {&(0x7f00000007c0)=""/74, 0x4a}, {&(0x7f0000000840)=""/254, 0xfe}, {&(0x7f0000000940)=""/153, 0x99}], 0x8, &(0x7f0000000a80)=""/178, 0xb2}, 0x8}, {{&(0x7f0000000b40)=@l2, 0x80, &(0x7f0000000ec0)=[{&(0x7f0000000bc0)=""/68, 0x44}, {&(0x7f0000000c40)=""/73, 0x49}, {&(0x7f0000000cc0)=""/198, 0xc6}, {&(0x7f0000000140)}, {&(0x7f0000000dc0)=""/254, 0xfe}], 0x5}, 0xffff}], 0x2, 0x40, &(0x7f00000002c0)={0x77359400}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f0000000240)='status\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x11) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) execveat(r5, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000300)=[&(0x7f00000001c0)='\x00', &(0x7f0000000200)='status\x00'], &(0x7f0000000340), 0x1000) openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) [ 2189.136022][T26960] lowmem_reserve[]: 0 0 0 0 [ 2189.141560][T26960] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2189.161344][T26960] DMA32: 12*4kB (UME) 17*8kB (ME) 33*16kB (UEH) 129*32kB (UMEH) 31*64kB (UMEH) 18*128kB (UME) 20*256kB (MEH) 10*512kB (UM) 5*1024kB (MEH) 0*2048kB 0*4096kB = 24488kB [ 2189.179021][T26960] Normal: 514*4kB (UMEH) 55*8kB (UMEH) 10*16kB (UMEH) 4*32kB (UMH) 1*64kB (H) 2*128kB (MH) 4*256kB (MH) 6*512kB (MH) 2*1024kB (M) 1*2048kB (M) 0*4096kB = 11296kB [ 2189.195596][T26960] 11264 total pagecache pages [ 2189.200267][T26960] 0 pages in swap cache [ 2189.204648][T26960] Swap cache stats: add 0, delete 0, find 0/0 [ 2189.211295][T26960] Free swap = 0kB [ 2189.215046][T26960] Total swap = 0kB [ 2189.218758][T26960] 1965979 pages RAM [ 2189.222590][T26960] 0 pages HighMem/MovableOnly [ 2189.227387][T26960] 318829 pages reserved [ 2189.231531][T26960] 0 pages cma reserved [ 2189.235678][T26960] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.5,pid=26902,uid=0 21:33:17 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/netlink\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x900, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) [ 2189.866148][ T326] sshd invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 2189.878775][ T326] CPU: 0 PID: 326 Comm: sshd Not tainted 5.4.56-syzkaller-00005-g8555f0d9d303 #0 [ 2189.888751][ T326] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2189.898814][ T326] Call Trace: [ 2189.902100][ T326] dump_stack+0x14a/0x1ce [ 2189.906417][ T326] ? devkmsg_release+0x11c/0x11c [ 2189.911339][ T326] ? show_regs_print_info+0x12/0x12 [ 2189.916517][ T326] ? radix_tree_cpu_dead+0x160/0x160 [ 2189.921781][ T326] ? _raw_spin_lock+0xa1/0x170 [ 2189.926527][ T326] ? _raw_spin_trylock_bh+0x190/0x190 [ 2189.931878][ T326] dump_header+0xdb/0x700 [ 2189.936191][ T326] oom_kill_process+0xd3/0x280 [ 2189.940939][ T326] out_of_memory+0x5b6/0x890 [ 2189.945516][ T326] ? unregister_oom_notifier+0x20/0x20 [ 2189.950972][ T326] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2189.956550][ T326] ? get_page_from_freelist+0x7c0/0x7c0 [ 2189.962103][ T326] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2189.967470][ T326] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2189.974071][ T326] pagecache_get_page+0x50f/0x880 [ 2189.979095][ T326] filemap_fault+0x14cb/0x1a30 [ 2189.983853][ T326] ? __down_read+0xf1/0x210 [ 2189.988355][ T326] ? generic_file_read_iter+0x20b0/0x20b0 [ 2189.994069][ T326] ext4_filemap_fault+0x7b/0x90 [ 2189.998934][ T326] handle_mm_fault+0x29ca/0x41e0 [ 2190.003890][ T326] ? finish_fault+0x230/0x230 [ 2190.008561][ T326] ? __set_current_blocked+0x2dd/0x330 [ 2190.014019][ T326] ? down_read_trylock+0x17a/0x1d0 [ 2190.019121][ T326] ? vmacache_update+0x9f/0xf0 [ 2190.023873][ T326] do_user_addr_fault+0x48a/0x9f0 [ 2190.029768][ T326] page_fault+0x2f/0x40 [ 2190.034865][ T326] RIP: 0033:0x564e8daa7f70 [ 2190.039449][ T326] Code: Bad RIP value. [ 2190.043499][ T326] RSP: 002b:00007ffd3ff52a08 EFLAGS: 00010206 [ 2190.049549][ T326] RAX: 0000000000000000 RBX: 0000564e8edbc3f0 RCX: 00007f3452a802e0 [ 2190.058664][ T326] RDX: 0000000000000000 RSI: 00007ffd3ff528e0 RDI: 0000564e8edc0e80 [ 2190.066760][ T326] RBP: 0000564e8dd1aa88 R08: 00007ffd3ff52a90 R09: 0000000000006000 [ 2190.075165][ T326] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000001 [ 2190.083129][ T326] R13: 00007ffd3ff52a6f R14: 0000564e8dad5be7 R15: 0000000000000003 [ 2190.107232][ T326] Mem-Info: [ 2190.112512][ T326] active_anon:1411578 inactive_anon:9707 isolated_anon:0 [ 2190.112512][ T326] active_file:36 inactive_file:304 isolated_file:0 [ 2190.112512][ T326] unevictable:363 dirty:13 writeback:0 unstable:0 [ 2190.112512][ T326] slab_reclaimable:10450 slab_unreclaimable:79273 [ 2190.112512][ T326] mapped:58036 shmem:9776 pagetables:36539 bounce:0 [ 2190.112512][ T326] free:12423 free_pcp:1079 free_cma:0 [ 2190.153852][ T326] Node 0 active_anon:5646312kB inactive_anon:38828kB active_file:144kB inactive_file:1416kB unevictable:1452kB isolated(anon):0kB isolated(file):0kB mapped:232244kB dirty:52kB writeback:0kB shmem:39104kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2190.178989][ T326] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2190.205238][ T326] lowmem_reserve[]: 0 2912 6416 6416 [ 2190.210762][ T326] DMA32 free:22384kB min:4644kB low:7624kB high:10604kB active_anon:2835868kB inactive_anon:5352kB active_file:76kB inactive_file:524kB unevictable:0kB writepending:4kB present:3129332kB managed:2983768kB mlocked:0kB kernel_stack:14752kB pagetables:19652kB bounce:0kB free_pcp:2616kB local_pcp:1384kB free_cma:0kB [ 2190.240899][ T326] lowmem_reserve[]: 0 0 3504 3504 [ 2190.246179][ T326] Normal free:10696kB min:5592kB low:9180kB high:12768kB active_anon:2810232kB inactive_anon:33476kB active_file:996kB inactive_file:556kB unevictable:1452kB writepending:48kB present:4718592kB managed:3588928kB mlocked:1452kB kernel_stack:29280kB pagetables:126504kB bounce:0kB free_pcp:2108kB local_pcp:1420kB free_cma:0kB [ 2190.276656][ T326] lowmem_reserve[]: 0 0 0 0 [ 2190.281358][ T326] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2190.294873][ T326] DMA32: 165*4kB (UME) 111*8kB (UME) 68*16kB (UMEH) 121*32kB (UMEH) 33*64kB (UMEH) 10*128kB (UME) 10*256kB (MEH) 10*512kB (UM) 5*1024kB (MEH) 0*2048kB 0*4096kB = 22700kB [ 2190.314649][ T326] Normal: 342*4kB (UME) 132*8kB (UME) 45*16kB (UME) 34*32kB (UM) 10*64kB (UM) 8*128kB (UM) 4*256kB (UM) 3*512kB (UM) 2*1024kB (UM) 0*2048kB 0*4096kB = 10504kB [ 2190.345191][ T326] 10480 total pagecache pages [ 2190.352824][ T326] 0 pages in swap cache [ 2190.357192][ T326] Swap cache stats: add 0, delete 0, find 0/0 [ 2190.363386][ T326] Free swap = 0kB [ 2190.367299][ T326] Total swap = 0kB [ 2190.371378][ T326] 1965979 pages RAM [ 2190.375405][ T326] 0 pages HighMem/MovableOnly [ 2190.380491][ T326] 318829 pages reserved [ 2190.384917][ T326] 0 pages cma reserved [ 2190.389120][ T326] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.0,pid=12102,uid=0 [ 2190.404511][ T326] Out of memory: Killed process 12102 (syz-executor.0) total-vm:75240kB, anon-rss:16556kB, file-rss:35772kB, shmem-rss:0kB, UID:0 pgtables:160kB oom_score_adj:1000 21:33:17 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/netlink\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x4c, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) 21:33:17 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/netlink\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x900, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) 21:33:17 executing program 3: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:33:17 executing program 2: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:33:18 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/netlink\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x900, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) 21:33:18 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/netlink\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x4c, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) 21:33:19 executing program 0: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x1, 0x4, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) r4 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000200)='IPVS\x00') sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="02002dbd7000ffdbdf2507000000088a4018bb00000008000600feffffff7be5dcaaba4cb08c"], 0x2c}, 0x1, 0x0, 0x0, 0x20008001}, 0x4000004) sendmsg$IPVS_CMD_SET_DEST(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000140)={&(0x7f00000001c0)={0x28, r4, 0x300, 0x70bd2d, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_DAEMON={0x4}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x2}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8}]}, 0x28}}, 0x4000000) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ptrace$cont(0x7, r0, 0x8, 0x1) r5 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/netlink\x00') preadv(r5, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:33:19 executing program 2: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r2, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:33:19 executing program 4: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x1, 0x4, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) r4 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000200)='IPVS\x00') sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="02002dbd7000ffdbdf2507000000088a4018bb00000008000600feffffff7be5dcaaba4cb08c"], 0x2c}, 0x1, 0x0, 0x0, 0x20008001}, 0x4000004) sendmsg$IPVS_CMD_SET_DEST(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000140)={&(0x7f00000001c0)={0x28, r4, 0x300, 0x70bd2d, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_DAEMON={0x4}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x2}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8}]}, 0x28}}, 0x4000000) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ptrace$cont(0x7, r0, 0x8, 0x1) r5 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/netlink\x00') preadv(r5, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:33:19 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/netlink\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x900, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) 21:33:19 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x375, 0x900, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) 21:33:19 executing program 3: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:33:19 executing program 2: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r2, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) [ 2191.402166][T27056] syz-executor.1 invoked oom-killer: gfp_mask=0x1100dca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO|0x1000000), order=0, oom_score_adj=1000 [ 2191.440347][T27056] CPU: 0 PID: 27056 Comm: syz-executor.1 Not tainted 5.4.56-syzkaller-00005-g8555f0d9d303 #0 [ 2191.450526][T27056] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2191.460583][T27056] Call Trace: [ 2191.463875][T27056] dump_stack+0x14a/0x1ce [ 2191.468238][T27056] ? devkmsg_release+0x11c/0x11c [ 2191.473179][T27056] ? show_regs_print_info+0x12/0x12 [ 2191.479065][T27056] ? radix_tree_cpu_dead+0x160/0x160 [ 2191.484342][T27056] ? _raw_spin_lock+0xa1/0x170 [ 2191.489096][T27056] ? _raw_spin_trylock_bh+0x190/0x190 [ 2191.494466][T27056] dump_header+0xdb/0x700 21:33:19 executing program 2: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r2, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:33:19 executing program 4: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x1, 0x4, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) r4 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000200)='IPVS\x00') sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="02002dbd7000ffdbdf2507000000088a4018bb00000008000600feffffff7be5dcaaba4cb08c"], 0x2c}, 0x1, 0x0, 0x0, 0x20008001}, 0x4000004) sendmsg$IPVS_CMD_SET_DEST(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000140)={&(0x7f00000001c0)={0x28, r4, 0x300, 0x70bd2d, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_DAEMON={0x4}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x2}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8}]}, 0x28}}, 0x4000000) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ptrace$cont(0x7, r0, 0x8, 0x1) r5 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/netlink\x00') preadv(r5, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) [ 2191.498786][T27056] oom_kill_process+0xd3/0x280 [ 2191.503543][T27056] out_of_memory+0x5b6/0x890 [ 2191.508127][T27056] ? unregister_oom_notifier+0x20/0x20 [ 2191.513588][T27056] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2191.519136][T27056] ? get_page_from_freelist+0x7c0/0x7c0 [ 2191.524693][T27056] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2191.530141][T27056] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2191.535703][T27056] handle_mm_fault+0x18e6/0x41e0 [ 2191.540644][T27056] ? find_vma+0x150/0x150 [ 2191.544969][T27056] ? finish_fault+0x230/0x230 [ 2191.549636][T27056] ? up_write+0xa1/0x190 [ 2191.553869][T27056] ? down_read_trylock+0x17a/0x1d0 [ 2191.558967][T27056] ? vmacache_update+0x9f/0xf0 [ 2191.563710][T27056] do_user_addr_fault+0x48a/0x9f0 [ 2191.568712][T27056] page_fault+0x2f/0x40 [ 2191.572967][T27056] RIP: 0033:0x4142bf [ 2191.576852][T27056] Code: 0f 84 c8 02 00 00 48 83 bd 78 ff ff ff 00 0f 84 f9 04 00 00 48 8b 95 68 ff ff ff 44 89 95 38 ff ff ff 4c 8d ac 10 00 f7 ff ff <49> 89 85 90 06 00 00 49 8d 85 10 03 00 00 49 89 95 98 06 00 00 41 [ 2191.596650][T27056] RSP: 002b:00007ffee81ce3c0 EFLAGS: 00010206 [ 2191.602712][T27056] RAX: 00007f08e9584000 RBX: 0000000000020000 RCX: 000000000045cd2a [ 2191.610695][T27056] RDX: 0000000000021000 RSI: 0000000000021000 RDI: 0000000000000000 [ 2191.618657][T27056] RBP: 00007ffee81ce4a0 R08: ffffffffffffffff R09: 0000000000000000 [ 2191.626624][T27056] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffee81ce5a0 [ 2191.634587][T27056] R13: 00007f08e95a4700 R14: 0000000000000d5e R15: 000000000078c04c [ 2191.643658][T27056] Mem-Info: [ 2191.681202][T27056] active_anon:1408080 inactive_anon:9707 isolated_anon:0 [ 2191.681202][T27056] active_file:381 inactive_file:331 isolated_file:32 [ 2191.681202][T27056] unevictable:363 dirty:4 writeback:0 unstable:0 [ 2191.681202][T27056] slab_reclaimable:10448 slab_unreclaimable:79052 [ 2191.681202][T27056] mapped:58460 shmem:9776 pagetables:36671 bounce:0 [ 2191.681202][T27056] free:15461 free_pcp:1003 free_cma:0 [ 2191.775928][T27056] Node 0 active_anon:5643420kB inactive_anon:38828kB active_file:1080kB inactive_file:908kB unevictable:1452kB isolated(anon):0kB isolated(file):0kB mapped:233140kB dirty:16kB writeback:0kB shmem:39104kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2191.802683][T27056] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2191.830690][T27056] lowmem_reserve[]: 0 2912 6416 6416 [ 2191.848691][T27056] DMA32 free:21164kB min:4644kB low:7624kB high:10604kB active_anon:2839652kB inactive_anon:5352kB active_file:500kB inactive_file:352kB unevictable:0kB writepending:0kB present:3129332kB managed:2983768kB mlocked:0kB kernel_stack:14752kB pagetables:19668kB bounce:0kB free_pcp:1704kB local_pcp:1456kB free_cma:0kB [ 2191.887815][T27056] lowmem_reserve[]: 0 0 3504 3504 [ 2191.893135][T27056] Normal free:18224kB min:5592kB low:9180kB high:12768kB active_anon:2800820kB inactive_anon:33476kB active_file:836kB inactive_file:1756kB unevictable:1452kB writepending:16kB present:4718592kB managed:3588928kB mlocked:1452kB kernel_stack:29600kB pagetables:127016kB bounce:0kB free_pcp:476kB local_pcp:264kB free_cma:0kB [ 2191.925728][T27056] lowmem_reserve[]: 0 0 0 0 [ 2191.930857][T27056] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2191.944288][T27056] DMA32: 213*4kB (UME) 88*8kB (UME) 145*16kB (UMEH) 149*32kB (UMEH) 43*64kB (UMEH) 15*128kB (UME) 18*256kB (MEH) 6*512kB (UM) 5*1024kB (MEH) 0*2048kB 0*4096kB = 26116kB [ 2191.961864][T27056] Normal: 494*4kB (UME) 298*8kB (MEH) 167*16kB (ME) 109*32kB (UM) 60*64kB (UM) 15*128kB (UM) 13*256kB (UM) 5*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 22168kB [ 2191.977623][T27056] 11307 total pagecache pages [ 2191.982291][T27056] 0 pages in swap cache [ 2191.986495][T27056] Swap cache stats: add 0, delete 0, find 0/0 [ 2191.992532][T27056] Free swap = 0kB [ 2191.996251][T27056] Total swap = 0kB [ 2191.999944][T27056] 1965979 pages RAM [ 2192.003717][T27056] 0 pages HighMem/MovableOnly [ 2192.008380][T27056] 318829 pages reserved [ 2192.012552][T27056] 0 pages cma reserved [ 2192.016618][T27056] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.1,pid=12497,uid=0 [ 2192.030750][T27056] Out of memory: Killed process 12497 (syz-executor.1) total-vm:75372kB, anon-rss:16196kB, file-rss:35776kB, shmem-rss:0kB, UID:0 pgtables:164kB oom_score_adj:1000 [ 2192.057081][ T23] oom_reaper: reaped process 12497 (syz-executor.1), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 21:33:19 executing program 4: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x1, 0x4, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) r4 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000200)='IPVS\x00') sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="02002dbd7000ffdbdf2507000000088a4018bb00000008000600feffffff7be5dcaaba4cb08c"], 0x2c}, 0x1, 0x0, 0x0, 0x20008001}, 0x4000004) sendmsg$IPVS_CMD_SET_DEST(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000140)={&(0x7f00000001c0)={0x28, r4, 0x300, 0x70bd2d, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_DAEMON={0x4}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x2}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8}]}, 0x28}}, 0x4000000) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ptrace$cont(0x7, r0, 0x8, 0x1) r5 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/netlink\x00') preadv(r5, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:33:20 executing program 3: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x0, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:33:19 executing program 0: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x1, 0x4, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) r4 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000200)='IPVS\x00') sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="02002dbd7000ffdbdf2507000000088a4018bb00000008000600feffffff7be5dcaaba4cb08c"], 0x2c}, 0x1, 0x0, 0x0, 0x20008001}, 0x4000004) sendmsg$IPVS_CMD_SET_DEST(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000140)={&(0x7f00000001c0)={0x28, r4, 0x300, 0x70bd2d, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_DAEMON={0x4}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x2}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8}]}, 0x28}}, 0x4000000) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ptrace$cont(0x7, r0, 0x8, 0x1) r5 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/netlink\x00') preadv(r5, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:33:20 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x375, 0x900, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) 21:33:20 executing program 5: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x5, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/netlink\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:33:20 executing program 2: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) [ 2192.422077][T27122] syz-executor.4 invoked oom-killer: gfp_mask=0x1100dca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO|0x1000000), order=0, oom_score_adj=1000 [ 2192.435363][T27122] CPU: 0 PID: 27122 Comm: syz-executor.4 Not tainted 5.4.56-syzkaller-00005-g8555f0d9d303 #0 [ 2192.445506][T27122] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2192.455556][T27122] Call Trace: [ 2192.458844][T27122] dump_stack+0x14a/0x1ce [ 2192.463167][T27122] ? devkmsg_release+0x11c/0x11c [ 2192.468129][T27122] ? show_regs_print_info+0x12/0x12 [ 2192.473346][T27122] ? radix_tree_cpu_dead+0x160/0x160 [ 2192.478636][T27122] ? _raw_spin_lock+0xa1/0x170 [ 2192.483397][T27122] ? _raw_spin_trylock_bh+0x190/0x190 [ 2192.488780][T27122] dump_header+0xdb/0x700 [ 2192.493118][T27122] oom_kill_process+0xd3/0x280 [ 2192.497884][T27122] out_of_memory+0x5b6/0x890 [ 2192.502533][T27122] ? unregister_oom_notifier+0x20/0x20 [ 2192.507992][T27122] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2192.513651][T27122] ? get_page_from_freelist+0x7c0/0x7c0 [ 2192.519209][T27122] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2192.524568][T27122] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2192.530127][T27122] ? pagevec_lru_move_fn+0x193/0x210 [ 2192.535395][T27122] ? __pagevec_release+0x130/0x130 [ 2192.540487][T27122] ? __lru_cache_add+0x1a1/0x1f0 [ 2192.545503][T27122] wp_page_copy+0x1cb/0x1120 [ 2192.550357][T27122] ? add_mm_rss_vec+0x270/0x270 [ 2192.555201][T27122] ? kvm_sched_clock_read+0x15/0x40 [ 2192.560407][T27122] ? sched_clock_cpu+0x18/0x380 [ 2192.565256][T27122] ? vm_normal_page+0x1c9/0x1d0 [ 2192.570090][T27122] do_wp_page+0x4c1/0x1530 [ 2192.574495][T27122] ? psi_task_change+0x92d/0xe30 [ 2192.579420][T27122] ? _raw_spin_lock+0xa1/0x170 [ 2192.584199][T27122] ? do_swap_page+0x1560/0x1560 [ 2192.589043][T27122] ? task_woken_rt+0x69/0x210 [ 2192.593707][T27122] handle_mm_fault+0xfa5/0x41e0 [ 2192.598554][T27122] ? finish_fault+0x230/0x230 [ 2192.603216][T27122] ? push_rt_tasks+0x4f8/0x670 [ 2192.607987][T27122] ? down_read_trylock+0x17a/0x1d0 [ 2192.613082][T27122] ? vmacache_find+0x2d2/0x4b0 [ 2192.617832][T27122] do_user_addr_fault+0x48a/0x9f0 [ 2192.622865][T27122] page_fault+0x2f/0x40 [ 2192.627015][T27122] RIP: 0010:copy_user_enhanced_fast_string+0xe/0x30 [ 2192.633596][T27122] Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 89 d1 f3 a4 [ 2192.653196][T27122] RSP: 0018:ffff888084e97888 EFLAGS: 00010206 [ 2192.659251][T27122] RAX: ffffffff81f80e01 RBX: 0000000020711500 RCX: 0000000000000500 [ 2192.667226][T27122] RDX: 0000000000001000 RSI: ffff888162b2eb00 RDI: 0000000020711000 [ 2192.675212][T27122] RBP: ffff888084e97da8 R08: dffffc0000000000 R09: ffffed102c565e00 [ 2192.683187][T27122] R10: 0000000000000000 R11: 0000000000000000 R12: 00007ffffffff000 [ 2192.691329][T27122] R13: 0000000000001000 R14: ffff888162b2e000 R15: 0000000020710500 [ 2192.699339][T27122] ? _copy_to_iter+0x1021/0x1060 [ 2192.704288][T27122] copyout+0x8e/0xb0 [ 2192.708190][T27122] copy_page_to_iter+0x393/0xbd0 [ 2192.713126][T27122] pipe_to_user+0xa3/0x130 [ 2192.717549][T27122] __splice_from_pipe+0x2d3/0x870 [ 2192.722574][T27122] ? user_page_pipe_buf_steal+0xc0/0xc0 [ 2192.728118][T27122] do_vmsplice+0x252/0xee0 [ 2192.732520][T27122] ? avc_ss_reset+0x3a0/0x3a0 [ 2192.737179][T27122] ? write_pipe_buf+0x1d0/0x1d0 [ 2192.742010][T27122] ? __rcu_read_lock+0x50/0x50 [ 2192.746757][T27122] ? check_stack_object+0x5a/0x90 [ 2192.751763][T27122] ? _copy_from_user+0xa4/0xe0 [ 2192.756511][T27122] ? rw_copy_check_uvector+0x2b3/0x310 [ 2192.762305][T27122] ? import_iovec+0x1c2/0x380 [ 2192.766965][T27122] ? dup_iter+0x110/0x110 [ 2192.771300][T27122] ? do_vfs_ioctl+0x780/0x1750 [ 2192.776047][T27122] __se_sys_vmsplice+0x1fb/0x300 [ 2192.780981][T27122] ? __x64_sys_vmsplice+0xa0/0xa0 [ 2192.786005][T27122] ? put_timespec64+0x109/0x150 [ 2192.790849][T27122] ? __x64_sys_clock_gettime+0x20d/0x260 [ 2192.796469][T27122] ? __ia32_sys_clock_settime+0x2a0/0x2a0 [ 2192.802180][T27122] do_syscall_64+0xcb/0x150 [ 2192.806671][T27122] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2192.812557][T27122] RIP: 0033:0x45ccd9 [ 2192.816438][T27122] Code: 2d b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb b5 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2192.836166][T27122] RSP: 002b:00007f147e963c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000116 [ 2192.844570][T27122] RAX: ffffffffffffffda RBX: 0000000000035780 RCX: 000000000045ccd9 [ 2192.852535][T27122] RDX: 0000000000000001 RSI: 0000000020000000 RDI: 0000000000000004 [ 2192.860508][T27122] RBP: 000000000078c088 R08: 0000000000000000 R09: 0000000000000000 [ 2192.868471][T27122] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078c04c [ 2192.876436][T27122] R13: 00007ffdf3466bef R14: 00007f147e9649c0 R15: 000000000078c04c [ 2192.884603][T27122] Mem-Info: [ 2192.887764][T27122] active_anon:1412757 inactive_anon:9707 isolated_anon:0 [ 2192.887764][T27122] active_file:49 inactive_file:177 isolated_file:0 [ 2192.887764][T27122] unevictable:363 dirty:59 writeback:25 unstable:0 [ 2192.887764][T27122] slab_reclaimable:10447 slab_unreclaimable:79099 [ 2192.887764][T27122] mapped:57974 shmem:9776 pagetables:36680 bounce:0 [ 2192.887764][T27122] free:11184 free_pcp:845 free_cma:0 [ 2192.925783][T27122] Node 0 active_anon:5651948kB inactive_anon:38828kB active_file:192kB inactive_file:472kB unevictable:1452kB isolated(anon):0kB isolated(file):0kB mapped:231868kB dirty:64kB writeback:12kB shmem:39104kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2192.950241][T27122] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2192.976469][T27122] lowmem_reserve[]: 0 2912 6416 6416 [ 2192.981790][T27122] DMA32 free:18192kB min:4644kB low:7624kB high:10604kB active_anon:2844432kB inactive_anon:5352kB active_file:104kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2983768kB mlocked:0kB kernel_stack:15104kB pagetables:19696kB bounce:0kB free_pcp:2004kB local_pcp:1504kB free_cma:0kB [ 2193.011684][T27122] lowmem_reserve[]: 0 0 3504 3504 [ 2193.016773][T27122] Normal free:11368kB min:5592kB low:9180kB high:12768kB active_anon:2805392kB inactive_anon:33476kB active_file:308kB inactive_file:448kB unevictable:1452kB writepending:224kB present:4718592kB managed:3588928kB mlocked:1452kB kernel_stack:29632kB pagetables:127036kB bounce:0kB free_pcp:2544kB local_pcp:1472kB free_cma:0kB [ 2193.047349][T27122] lowmem_reserve[]: 0 0 0 0 [ 2193.051863][T27122] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2193.065993][T27122] DMA32: 71*4kB (UME) 16*8kB (UME) 58*16kB (UMEH) 136*32kB (UMEH) 41*64kB (UMEH) 8*128kB (UME) 8*256kB (MEH) 6*512kB (UM) 5*1024kB (MEH) 0*2048kB 0*4096kB = 19580kB [ 2193.082475][T27122] Normal: 50*4kB (UE) 10*8kB (UE) 48*16kB (UMEH) 38*32kB (MH) 28*64kB (MH) 3*128kB (MH) 12*256kB (MH) 4*512kB (M) 0*1024kB 0*2048kB 0*4096kB = 9560kB [ 2193.097648][T27122] 10305 total pagecache pages [ 2193.102319][T27122] 0 pages in swap cache [ 2193.106502][T27122] Swap cache stats: add 0, delete 0, find 0/0 [ 2193.112559][T27122] Free swap = 0kB [ 2193.116306][T27122] Total swap = 0kB [ 2193.120047][T27122] 1965979 pages RAM [ 2193.123843][T27122] 0 pages HighMem/MovableOnly [ 2193.128635][T27122] 318829 pages reserved [ 2193.132782][T27122] 0 pages cma reserved [ 2193.136878][T27122] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.5,pid=24892,uid=0 [ 2193.150998][T27122] Out of memory: Killed process 24892 (syz-executor.5) total-vm:75240kB, anon-rss:16056kB, file-rss:35840kB, shmem-rss:0kB, UID:0 pgtables:160kB oom_score_adj:1000 [ 2193.196116][ T23] oom_reaper: reaped process 24892 (syz-executor.5), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 21:33:21 executing program 3: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x0, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:33:21 executing program 2: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:33:21 executing program 4: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:33:21 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x375, 0x900, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) 21:33:21 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/netlink\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x25, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) 21:33:21 executing program 0: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x1, 0x4, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) r4 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000200)='IPVS\x00') sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="02002dbd7000ffdbdf2507000000088a4018bb00000008000600feffffff7be5dcaaba4cb08c"], 0x2c}, 0x1, 0x0, 0x0, 0x20008001}, 0x4000004) sendmsg$IPVS_CMD_SET_DEST(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000140)={&(0x7f00000001c0)={0x28, r4, 0x300, 0x70bd2d, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_DAEMON={0x4}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x2}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8}]}, 0x28}}, 0x4000000) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ptrace$cont(0x7, r0, 0x8, 0x1) r5 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/netlink\x00') preadv(r5, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:33:21 executing program 2: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) [ 2193.657042][T27148] syz-executor.5 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 2193.673097][T27148] CPU: 1 PID: 27148 Comm: syz-executor.5 Not tainted 5.4.56-syzkaller-00005-g8555f0d9d303 #0 [ 2193.683260][T27148] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2193.693310][T27148] Call Trace: [ 2193.696599][T27148] dump_stack+0x14a/0x1ce [ 2193.700927][T27148] ? devkmsg_release+0x11c/0x11c [ 2193.705865][T27148] ? show_regs_print_info+0x12/0x12 [ 2193.711046][T27148] ? radix_tree_cpu_dead+0x160/0x160 [ 2193.716310][T27148] ? _raw_spin_lock+0xa1/0x170 [ 2193.721103][T27148] ? _raw_spin_trylock_bh+0x190/0x190 [ 2193.727162][T27148] dump_header+0xdb/0x700 [ 2193.731482][T27148] oom_kill_process+0xd3/0x280 [ 2193.736242][T27148] out_of_memory+0x5b6/0x890 [ 2193.740818][T27148] ? unregister_oom_notifier+0x20/0x20 [ 2193.746287][T27148] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2193.751825][T27148] ? get_page_from_freelist+0x7c0/0x7c0 [ 2193.758341][T27148] ? __zone_watermark_ok+0x91/0x280 [ 2193.763538][T27148] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2193.768908][T27148] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2193.774449][T27148] ? copy_process+0x5a4/0x5110 [ 2193.779205][T27148] ? kmem_cache_alloc+0x1d5/0x260 [ 2193.784214][T27148] copy_process+0x5f3/0x5110 [ 2193.788818][T27148] ? mem_cgroup_commit_charge+0x1cc/0x2a0 [ 2193.794555][T27148] ? _raw_spin_lock+0xa1/0x170 [ 2193.799302][T27148] ? mem_cgroup_try_charge_delay+0x10/0x10 [ 2193.805103][T27148] ? __lru_cache_add+0x1a1/0x1f0 [ 2193.810036][T27148] ? fork_idle+0x290/0x290 [ 2193.814445][T27148] _do_fork+0x196/0x920 [ 2193.818602][T27148] ? finish_fault+0x230/0x230 [ 2193.823262][T27148] ? up_write+0xa1/0x190 [ 2193.827521][T27148] ? dup_mm+0x300/0x300 [ 2193.831669][T27148] __x64_sys_clone+0x25e/0x2c0 [ 2193.836727][T27148] ? __ia32_sys_vfork+0x110/0x110 [ 2193.841755][T27148] ? __fpregs_load_activate+0x2d3/0x390 [ 2193.847301][T27148] ? do_user_addr_fault+0x55c/0x9f0 [ 2193.852488][T27148] do_syscall_64+0xcb/0x150 [ 2193.856969][T27148] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2193.862834][T27148] RIP: 0033:0x45f6a9 [ 2193.866703][T27148] Code: ff 48 85 f6 0f 84 57 8c fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c 2e 8c fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 2193.886289][T27148] RSP: 002b:00007ffc5a445c88 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 2193.894673][T27148] RAX: ffffffffffffffda RBX: 00007f2dca06a700 RCX: 000000000045f6a9 [ 2193.902620][T27148] RDX: 00007f2dca06a9d0 RSI: 00007f2dca069db0 RDI: 00000000003d0f00 [ 2193.910568][T27148] RBP: 00007ffc5a445eb0 R08: 00007f2dca06a700 R09: 00007f2dca06a700 [ 2193.918531][T27148] R10: 00007f2dca06a9d0 R11: 0000000000000202 R12: 0000000000000000 [ 2193.926504][T27148] R13: 00007ffc5a445d3f R14: 00007f2dca06a9c0 R15: 000000000078c04c [ 2193.966198][T27148] Mem-Info: [ 2193.979554][T27148] active_anon:1411131 inactive_anon:9707 isolated_anon:14 [ 2193.979554][T27148] active_file:7 inactive_file:61 isolated_file:0 [ 2193.979554][T27148] unevictable:363 dirty:12 writeback:0 unstable:0 [ 2193.979554][T27148] slab_reclaimable:10442 slab_unreclaimable:79295 [ 2193.979554][T27148] mapped:57986 shmem:9776 pagetables:36741 bounce:0 [ 2193.979554][T27148] free:13159 free_pcp:645 free_cma:0 [ 2194.019088][T27148] Node 0 active_anon:5644524kB inactive_anon:38828kB active_file:128kB inactive_file:108kB unevictable:1452kB isolated(anon):56kB isolated(file):0kB mapped:231944kB dirty:48kB writeback:0kB shmem:39104kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no 21:33:22 executing program 4: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:33:22 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/netlink\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x25, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) [ 2194.043843][T27148] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB 21:33:22 executing program 3: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x0, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) [ 2194.115551][T27148] lowmem_reserve[]: 0 2912 6416 6416 [ 2194.121528][T27148] DMA32 free:28412kB min:4644kB low:7624kB high:10604kB active_anon:2831964kB inactive_anon:5352kB active_file:140kB inactive_file:1512kB unevictable:0kB writepending:12kB present:3129332kB managed:2983768kB mlocked:0kB kernel_stack:15232kB pagetables:19744kB bounce:0kB free_pcp:560kB local_pcp:276kB free_cma:0kB [ 2194.152845][T27148] lowmem_reserve[]: 0 0 3504 3504 [ 2194.159350][T27148] Normal free:9924kB min:5592kB low:9180kB high:12768kB active_anon:2803588kB inactive_anon:33476kB active_file:2680kB inactive_file:2436kB unevictable:1452kB writepending:324kB present:4718592kB managed:3588928kB mlocked:1452kB kernel_stack:29248kB pagetables:127220kB bounce:0kB free_pcp:1632kB local_pcp:388kB free_cma:0kB [ 2194.195978][T27148] lowmem_reserve[]: 0 0 0 0 [ 2194.200530][T27148] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2194.215174][T27148] DMA32: 138*4kB (UM) 43*8kB (UME) 264*16kB (UMEH) 143*32kB (UMEH) 79*64kB (UMEH) 30*128kB (UME) 7*256kB (MEH) 2*512kB (UM) 3*1024kB (MEH) 0*2048kB 1*4096kB (M) = 28576kB [ 2194.232507][T27148] Normal: 62*4kB (UME) 23*8kB (UE) 125*16kB (UME) 75*32kB (UMH) 30*64kB (UM) 3*128kB (UM) 3*256kB (M) 4*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 9952kB [ 2194.311359][T27148] 10544 total pagecache pages [ 2194.317484][T27148] 0 pages in swap cache [ 2194.322092][T27148] Swap cache stats: add 0, delete 0, find 0/0 [ 2194.329559][T27148] Free swap = 0kB [ 2194.333334][T27148] Total swap = 0kB [ 2194.337132][T27148] 1965979 pages RAM [ 2194.356706][T27148] 0 pages HighMem/MovableOnly [ 2194.361408][T27148] 318829 pages reserved [ 2194.365584][T27148] 0 pages cma reserved [ 2194.369727][T27148] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.5,pid=16650,uid=0 [ 2194.383867][T27148] Out of memory: Killed process 16650 (syz-executor.5) total-vm:75240kB, anon-rss:15900kB, file-rss:35776kB, shmem-rss:0kB, UID:0 pgtables:160kB oom_score_adj:1000 [ 2194.402126][ T23] oom_reaper: reaped process 16650 (syz-executor.5), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 21:33:22 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/netlink\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x900, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) 21:33:22 executing program 2: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:33:22 executing program 4: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:33:22 executing program 5: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x0, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:33:22 executing program 2: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:33:22 executing program 4: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x15, 0x0, 0x9, 0x0, 0x0, 0x0, 0x8, 0x105}, 0x0) r1 = socket$inet6(0xa, 0x5, 0x2) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0) finit_module(0xffffffffffffffff, 0x0, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) perf_event_open(0x0, 0x0, 0x0, r3, 0x1) ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x2103, 0x64}, {r5, 0xa367750423dce508}], 0x2, 0x0, 0x0, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_open_procfs(0x0, &(0x7f00000002c0)='net/netlink\x00') 21:33:22 executing program 0: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) 21:33:22 executing program 3: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:33:23 executing program 0: mlockall(0x7) ioctl$HIDIOCSFEATURE(0xffffffffffffffff, 0xc0404806, 0x0) open(&(0x7f0000000140)='./bus\x00', 0x0, 0x0) getsockopt$IP_SET_OP_GET_FNAME(0xffffffffffffffff, 0x1, 0x53, &(0x7f00000001c0)={0x8, 0x7, 0x0, 'syz1\x00'}, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='pagemap\x00') read$char_usb(r0, 0x0, 0x7ffff000) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000040)={r0, &(0x7f0000000000)="a009bb4d0acf4a7408d6615d29462cb1c0e0263c47f5565a14f4e2d08dee182e"}, 0x20) ioctl$KDFONTOP_SET(0xffffffffffffffff, 0x4b72, 0x0) perf_event_open(&(0x7f00000000c0)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0xffffffffffffffff}, 0x8940, 0x0, 0x0, 0x7, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000000)='pagemap\x00') read$char_usb(r1, 0x0, 0x7ffff000) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x2400, 0x71) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) munlockall() r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0xfffffffffffffdc1, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x4000850}, 0x0) sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=@newlink={0x158, 0x10, 0x401, 0x400000, 0x0, {0x0, 0x0, 0x0, 0x0, 0x42df58543c8380db}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @ipip6={{0xb, 0x1, 'ip6tnl\x00'}, {0x20, 0x2, 0x0, 0x1, [@IFLA_IPTUN_ENCAP_FLAGS={0x6}, @IFLA_IPTUN_LOCAL={0x14, 0x3, @rand_addr=' \x01\x00'}]}}}, @IFLA_MTU={0x8, 0x4, 0x10001}, @IFLA_MASTER={0x8}, @IFLA_PHYS_SWITCH_ID={0xa, 0x24, "52e9e867cc93"}, @IFLA_WEIGHT={0x8, 0xf, 0x5}, @IFLA_VFINFO_LIST={0xe4, 0x16, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, [@IFLA_VF_TX_RATE={0xc, 0x3, {0x6006, 0x4}}, @IFLA_VF_RATE={0x10, 0x6, {0xa4, 0x9, 0x1f}}]}, {0x88, 0x1, 0x0, 0x1, [@IFLA_VF_TX_RATE={0xc, 0x3, {0x7, 0x9}}, @IFLA_VF_SPOOFCHK={0xc, 0x4, {0x4, 0x7}}, @IFLA_VF_VLAN={0x10, 0x2, {0x7c, 0xa34, 0x200}}, @IFLA_VF_MAC={0x28, 0x1, {0x6, @broadcast}}, @IFLA_VF_MAC={0x28, 0x1, {0x69, @dev={[], 0x1e}}}, @IFLA_VF_TX_RATE={0xc, 0x3, {0x7fff, 0xfbb}}]}, {0x28, 0x1, 0x0, 0x1, [@IFLA_VF_IB_NODE_GUID={0x14, 0xa, {0x7, 0x40}}, @IFLA_VF_RATE={0x10, 0x6, {0x1, 0x80000000, 0x20}}]}, {0x10, 0x1, 0x0, 0x1, [@IFLA_VF_SPOOFCHK={0xc, 0x4, {0x7, 0x1}}]}]}]}, 0x158}}, 0x8100) [ 2195.226758][T27237] syz-executor.3 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 2195.277445][T27237] CPU: 1 PID: 27237 Comm: syz-executor.3 Not tainted 5.4.56-syzkaller-00005-g8555f0d9d303 #0 [ 2195.287705][T27237] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2195.297744][T27237] Call Trace: [ 2195.301022][T27237] dump_stack+0x14a/0x1ce [ 2195.305335][T27237] ? devkmsg_release+0x11c/0x11c [ 2195.310250][T27237] ? show_regs_print_info+0x12/0x12 [ 2195.315446][T27237] ? radix_tree_cpu_dead+0x160/0x160 [ 2195.320712][T27237] ? _raw_spin_lock+0xa1/0x170 [ 2195.325545][T27237] ? _raw_spin_trylock_bh+0x190/0x190 [ 2195.330894][T27237] dump_header+0xdb/0x700 [ 2195.335202][T27237] oom_kill_process+0xd3/0x280 [ 2195.339956][T27237] out_of_memory+0x5b6/0x890 [ 2195.344519][T27237] ? unregister_oom_notifier+0x20/0x20 [ 2195.349949][T27237] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2195.355478][T27237] ? get_page_from_freelist+0x7c0/0x7c0 [ 2195.361022][T27237] ? __zone_watermark_ok+0x91/0x280 [ 2195.366211][T27237] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2195.371576][T27237] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2195.377227][T27237] ? copy_process+0x5a4/0x5110 [ 2195.381974][T27237] ? copy_process+0x5a4/0x5110 [ 2195.386723][T27237] ? kmem_cache_alloc+0x1d5/0x260 [ 2195.391720][T27237] copy_process+0x5f3/0x5110 [ 2195.396397][T27237] ? mem_cgroup_commit_charge+0x1cc/0x2a0 [ 2195.402089][T27237] ? _raw_spin_lock+0xa1/0x170 [ 2195.406848][T27237] ? mem_cgroup_try_charge_delay+0x10/0x10 [ 2195.412634][T27237] ? __lru_cache_add+0x1a1/0x1f0 [ 2195.417553][T27237] ? fork_idle+0x290/0x290 [ 2195.421954][T27237] _do_fork+0x196/0x920 [ 2195.426522][T27237] ? finish_fault+0x230/0x230 [ 2195.431221][T27237] ? up_write+0xa1/0x190 [ 2195.436391][T27237] ? dup_mm+0x300/0x300 [ 2195.440537][T27237] __x64_sys_clone+0x25e/0x2c0 [ 2195.445381][T27237] ? __ia32_sys_vfork+0x110/0x110 [ 2195.450403][T27237] ? do_user_addr_fault+0x55c/0x9f0 [ 2195.455593][T27237] do_syscall_64+0xcb/0x150 [ 2195.460116][T27237] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2195.465986][T27237] RIP: 0033:0x45f6a9 [ 2195.469879][T27237] Code: ff 48 85 f6 0f 84 57 8c fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c 2e 8c fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 2195.489459][T27237] RSP: 002b:00007ffd7c796528 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 2195.497843][T27237] RAX: ffffffffffffffda RBX: 00007fbf5a9d1700 RCX: 000000000045f6a9 [ 2195.505805][T27237] RDX: 00007fbf5a9d19d0 RSI: 00007fbf5a9d0db0 RDI: 00000000003d0f00 [ 2195.513759][T27237] RBP: 00007ffd7c796750 R08: 00007fbf5a9d1700 R09: 00007fbf5a9d1700 [ 2195.521702][T27237] R10: 00007fbf5a9d19d0 R11: 0000000000000202 R12: 0000000000000000 [ 2195.529644][T27237] R13: 00007ffd7c7965df R14: 00007fbf5a9d19c0 R15: 000000000078c0ec [ 2195.539991][T27237] Mem-Info: [ 2195.546522][T27237] active_anon:1414604 inactive_anon:9707 isolated_anon:0 [ 2195.546522][T27237] active_file:5 inactive_file:54 isolated_file:0 [ 2195.546522][T27237] unevictable:363 dirty:14 writeback:0 unstable:0 [ 2195.546522][T27237] slab_reclaimable:10445 slab_unreclaimable:79312 [ 2195.546522][T27237] mapped:57984 shmem:9776 pagetables:36700 bounce:0 [ 2195.546522][T27237] free:9992 free_pcp:62 free_cma:0 [ 2195.588297][T27237] Node 0 active_anon:5658904kB inactive_anon:38828kB active_file:160kB inactive_file:528kB unevictable:1452kB isolated(anon):0kB isolated(file):112kB mapped:232140kB dirty:0kB writeback:0kB shmem:39104kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2195.615588][T27237] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2195.726617][T27237] lowmem_reserve[]: 0 2912 6416 6416 [ 2195.751637][T27237] DMA32 free:22468kB min:4644kB low:7624kB high:10604kB active_anon:2835632kB inactive_anon:5352kB active_file:532kB inactive_file:1452kB unevictable:0kB writepending:0kB present:3129332kB managed:2983768kB mlocked:0kB kernel_stack:15264kB pagetables:20216kB bounce:0kB free_pcp:1616kB local_pcp:212kB free_cma:0kB [ 2195.840438][T27237] lowmem_reserve[]: 0 0 3504 3504 [ 2195.867323][T27237] Normal free:9012kB min:5592kB low:9180kB high:12768kB active_anon:2813092kB inactive_anon:33476kB active_file:32kB inactive_file:8kB unevictable:1452kB writepending:0kB present:4718592kB managed:3588928kB mlocked:1452kB kernel_stack:29216kB pagetables:126600kB bounce:0kB free_pcp:292kB local_pcp:44kB free_cma:0kB [ 2195.897363][T27237] lowmem_reserve[]: 0 0 0 0 [ 2195.901909][T27237] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2195.916280][T27237] DMA32: 152*4kB (UM) 195*8kB (UME) 164*16kB (UME) 106*32kB (UMEH) 48*64kB (UMEH) 11*128kB (UME) 13*256kB (MEH) 2*512kB (UM) 3*1024kB (MEH) 0*2048kB 1*4096kB (M) = 24184kB [ 2195.933347][T27237] Normal: 321*4kB (UME) 137*8kB (UME) 45*16kB (UME) 27*32kB (UM) 23*64kB (M) 1*128kB (M) 4*256kB (M) 4*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 8636kB [ 2195.981131][T27237] 10449 total pagecache pages [ 2195.993344][T27237] 0 pages in swap cache [ 2195.997866][T27237] Swap cache stats: add 0, delete 0, find 0/0 [ 2196.004315][T27237] Free swap = 0kB [ 2196.008259][T27237] Total swap = 0kB [ 2196.012501][T27237] 1965979 pages RAM [ 2196.016800][T27237] 0 pages HighMem/MovableOnly [ 2196.024710][T27237] 318829 pages reserved [ 2196.031479][T27237] 0 pages cma reserved [ 2196.037642][T27237] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.2,pid=19291,uid=0 [ 2196.066141][T27237] Out of memory: Killed process 19291 (syz-executor.2) total-vm:75372kB, anon-rss:15632kB, file-rss:35844kB, shmem-rss:0kB, UID:0 pgtables:156kB oom_score_adj:1000 [ 2196.091353][ T23] oom_reaper: reaped process 19291 (syz-executor.2), now anon-rss:0kB, file-rss:34824kB, shmem-rss:0kB 21:33:24 executing program 5: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x0, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:33:24 executing program 3: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:33:24 executing program 2: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:33:24 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/netlink\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x900, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) 21:33:24 executing program 0: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) 21:33:24 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f0000000240)='status\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x11) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) execveat(r5, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000300)=[&(0x7f00000001c0)='\x00', &(0x7f0000000200)='status\x00'], &(0x7f0000000340), 0x1000) setsockopt$inet6_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, &(0x7f00000003c0)={@in6={{0xa, 0x4e23, 0x659, @private2, 0x9}}, 0x0, 0x0, 0x4b, 0x0, "c8d40f6047db1257b75a47773d50b0d981a9399d48f89dedaede1c1e94471589a02ae91908eaee803825eaf81feaddaea7e100b938669eb9a02f5e563a7b8c1f6e60ef61fb3d6f4e929fb8ca479a284f"}, 0xd8) openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f0000000340)=@abs={0x0, 0x0, 0x4e23}, 0x6e) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000140)='pids.events\x00', 0x0, 0x0) 21:33:24 executing program 2: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, 0x0, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) [ 2196.683861][T27272] syz-executor.3 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 2196.790166][T27272] CPU: 0 PID: 27272 Comm: syz-executor.3 Not tainted 5.4.56-syzkaller-00005-g8555f0d9d303 #0 [ 2196.800446][T27272] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2196.810599][T27272] Call Trace: [ 2196.813897][T27272] dump_stack+0x14a/0x1ce [ 2196.818234][T27272] ? devkmsg_release+0x11c/0x11c [ 2196.823174][T27272] ? show_regs_print_info+0x12/0x12 [ 2196.828372][T27272] ? radix_tree_cpu_dead+0x160/0x160 [ 2196.834607][T27272] ? _raw_spin_lock+0xa1/0x170 [ 2196.839364][T27272] ? _raw_spin_trylock_bh+0x190/0x190 [ 2196.844730][T27272] dump_header+0xdb/0x700 [ 2196.849064][T27272] oom_kill_process+0xd3/0x280 [ 2196.853816][T27272] out_of_memory+0x5b6/0x890 [ 2196.858567][T27272] ? unregister_oom_notifier+0x20/0x20 [ 2196.864007][T27272] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2196.869538][T27272] ? get_page_from_freelist+0x7c0/0x7c0 [ 2196.875185][T27272] ? __zone_watermark_ok+0x91/0x280 [ 2196.880372][T27272] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2196.885744][T27272] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2196.891273][T27272] ? copy_process+0x5a4/0x5110 [ 2196.896029][T27272] ? kmem_cache_alloc+0x1d5/0x260 [ 2196.901062][T27272] copy_process+0x5f3/0x5110 [ 2196.905645][T27272] ? mem_cgroup_commit_charge+0x1cc/0x2a0 [ 2196.911362][T27272] ? _raw_spin_lock+0xa1/0x170 [ 2196.916133][T27272] ? mem_cgroup_try_charge_delay+0x10/0x10 [ 2196.921932][T27272] ? __lru_cache_add+0x1a1/0x1f0 [ 2196.926868][T27272] ? fork_idle+0x290/0x290 [ 2196.931279][T27272] _do_fork+0x196/0x920 [ 2196.935431][T27272] ? finish_fault+0x230/0x230 [ 2196.940094][T27272] ? up_write+0xa1/0x190 [ 2196.944319][T27272] ? dup_mm+0x300/0x300 [ 2196.948466][T27272] __x64_sys_clone+0x25e/0x2c0 [ 2196.953217][T27272] ? __ia32_sys_vfork+0x110/0x110 [ 2196.958248][T27272] ? do_user_addr_fault+0x55c/0x9f0 [ 2196.963437][T27272] do_syscall_64+0xcb/0x150 [ 2196.967945][T27272] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2196.973821][T27272] RIP: 0033:0x45f6a9 [ 2196.977701][T27272] Code: ff 48 85 f6 0f 84 57 8c fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c 2e 8c fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 2196.997816][T27272] RSP: 002b:00007ffd7c796528 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 2197.006218][T27272] RAX: ffffffffffffffda RBX: 00007fbf5a9d1700 RCX: 000000000045f6a9 [ 2197.014176][T27272] RDX: 00007fbf5a9d19d0 RSI: 00007fbf5a9d0db0 RDI: 00000000003d0f00 [ 2197.022130][T27272] RBP: 00007ffd7c796750 R08: 00007fbf5a9d1700 R09: 00007fbf5a9d1700 [ 2197.030111][T27272] R10: 00007fbf5a9d19d0 R11: 0000000000000202 R12: 0000000000000000 [ 2197.038072][T27272] R13: 00007ffd7c7965df R14: 00007fbf5a9d19c0 R15: 000000000078c0ec 21:33:25 executing program 0: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) 21:33:25 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f0000000240)='status\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x11) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) execveat(r5, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000300)=[&(0x7f00000001c0)='\x00', &(0x7f0000000200)='status\x00'], &(0x7f0000000340), 0x1000) setsockopt$inet6_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, &(0x7f00000003c0)={@in6={{0xa, 0x4e23, 0x659, @private2, 0x9}}, 0x0, 0x0, 0x4b, 0x0, "c8d40f6047db1257b75a47773d50b0d981a9399d48f89dedaede1c1e94471589a02ae91908eaee803825eaf81feaddaea7e100b938669eb9a02f5e563a7b8c1f6e60ef61fb3d6f4e929fb8ca479a284f"}, 0xd8) openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f0000000340)=@abs={0x0, 0x0, 0x4e23}, 0x6e) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000140)='pids.events\x00', 0x0, 0x0) [ 2197.119000][T27272] Mem-Info: [ 2197.122341][T27272] active_anon:1407974 inactive_anon:9707 isolated_anon:0 [ 2197.122341][T27272] active_file:430 inactive_file:1800 isolated_file:0 [ 2197.122341][T27272] unevictable:363 dirty:23 writeback:0 unstable:0 [ 2197.122341][T27272] slab_reclaimable:10439 slab_unreclaimable:79122 [ 2197.122341][T27272] mapped:59578 shmem:9776 pagetables:36718 bounce:0 [ 2197.122341][T27272] free:14409 free_pcp:482 free_cma:0 21:33:25 executing program 2: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, 0x0, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) [ 2197.183032][T27272] Node 0 active_anon:5632996kB inactive_anon:38828kB active_file:1720kB inactive_file:7200kB unevictable:1452kB isolated(anon):0kB isolated(file):0kB mapped:238412kB dirty:92kB writeback:0kB shmem:39104kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no 21:33:25 executing program 5: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x0, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) [ 2197.221105][T27272] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2197.249351][T27272] lowmem_reserve[]: 0 2912 6416 6416 [ 2197.255538][T27272] DMA32 free:30168kB min:4644kB low:7624kB high:10604kB active_anon:2823768kB inactive_anon:5352kB active_file:1448kB inactive_file:4288kB unevictable:0kB writepending:132kB present:3129332kB managed:2983768kB mlocked:0kB kernel_stack:15200kB pagetables:20432kB bounce:0kB free_pcp:1492kB local_pcp:1360kB free_cma:0kB [ 2197.286385][T27272] lowmem_reserve[]: 0 0 3504 3504 [ 2197.306041][T27272] Normal free:10532kB min:5592kB low:9180kB high:12768kB active_anon:2808052kB inactive_anon:33476kB active_file:492kB inactive_file:2320kB unevictable:1452kB writepending:160kB present:4718592kB managed:3588928kB mlocked:1452kB kernel_stack:29216kB pagetables:126440kB bounce:0kB free_pcp:1568kB local_pcp:1144kB free_cma:0kB 21:33:25 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/netlink\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x900, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) 21:33:25 executing program 2: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, 0x0, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:33:25 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f0000000240)='status\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x11) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) execveat(r5, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000300)=[&(0x7f00000001c0)='\x00', &(0x7f0000000200)='status\x00'], &(0x7f0000000340), 0x1000) setsockopt$inet6_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, &(0x7f00000003c0)={@in6={{0xa, 0x4e23, 0x659, @private2, 0x9}}, 0x0, 0x0, 0x4b, 0x0, "c8d40f6047db1257b75a47773d50b0d981a9399d48f89dedaede1c1e94471589a02ae91908eaee803825eaf81feaddaea7e100b938669eb9a02f5e563a7b8c1f6e60ef61fb3d6f4e929fb8ca479a284f"}, 0xd8) openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f0000000340)=@abs={0x0, 0x0, 0x4e23}, 0x6e) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000140)='pids.events\x00', 0x0, 0x0) [ 2197.459262][T27272] lowmem_reserve[]: 0 0 0 0 [ 2197.502576][T27272] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2197.543961][T27272] DMA32: 2*4kB (UM) 60*8kB (UM) 106*16kB (ME) 138*32kB (UMEH) 112*64kB (UMEH) 28*128kB (UME) 9*256kB (MEH) 4*512kB (UM) 4*1024kB (MEH) 0*2048kB 1*4096kB (M) = 29896kB [ 2197.620755][T27272] Normal: 76*4kB (UMEH) 48*8kB (UMEH) 110*16kB (MEH) 80*32kB (UM) 17*64kB (MH) 2*128kB (M) 6*256kB (MH) 3*512kB (M) 0*1024kB 0*2048kB 0*4096kB = 9424kB [ 2197.758972][T27272] 11618 total pagecache pages [ 2197.789758][T27272] 0 pages in swap cache [ 2197.794296][T27272] Swap cache stats: add 0, delete 0, find 0/0 [ 2197.819870][T27272] Free swap = 0kB [ 2197.855358][T27272] Total swap = 0kB [ 2197.861798][T27272] 1965979 pages RAM [ 2197.867220][T27272] 0 pages HighMem/MovableOnly [ 2197.873405][T27272] 318829 pages reserved [ 2197.878303][T27272] 0 pages cma reserved [ 2197.883567][T27272] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.0,pid=13793,uid=0 [ 2197.900896][T27272] Out of memory: Killed process 13793 (syz-executor.0) total-vm:75504kB, anon-rss:16580kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:152kB oom_score_adj:1000 21:33:25 executing program 3: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:33:25 executing program 2: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r3, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:33:25 executing program 5: mlockall(0x7) ioctl$HIDIOCSFEATURE(0xffffffffffffffff, 0xc0404806, 0x0) open(&(0x7f0000000140)='./bus\x00', 0x0, 0x0) getsockopt$IP_SET_OP_GET_FNAME(0xffffffffffffffff, 0x1, 0x53, &(0x7f00000001c0)={0x8, 0x7, 0x0, 'syz1\x00'}, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='pagemap\x00') read$char_usb(r0, 0x0, 0x7ffff000) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000040)={r0, &(0x7f0000000000)="a009bb4d0acf4a7408d6615d29462cb1c0e0263c47f5565a14f4e2d08dee182e"}, 0x20) ioctl$KDFONTOP_SET(0xffffffffffffffff, 0x4b72, 0x0) perf_event_open(&(0x7f00000000c0)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0xffffffffffffffff}, 0x8940, 0x0, 0x0, 0x7, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000000)='pagemap\x00') read$char_usb(r1, 0x0, 0x7ffff000) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x2400, 0x71) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) munlockall() r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0xfffffffffffffdc1, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x4000850}, 0x0) sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=@newlink={0x158, 0x10, 0x401, 0x400000, 0x0, {0x0, 0x0, 0x0, 0x0, 0x42df58543c8380db}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @ipip6={{0xb, 0x1, 'ip6tnl\x00'}, {0x20, 0x2, 0x0, 0x1, [@IFLA_IPTUN_ENCAP_FLAGS={0x6}, @IFLA_IPTUN_LOCAL={0x14, 0x3, @rand_addr=' \x01\x00'}]}}}, @IFLA_MTU={0x8, 0x4, 0x10001}, @IFLA_MASTER={0x8}, @IFLA_PHYS_SWITCH_ID={0xa, 0x24, "52e9e867cc93"}, @IFLA_WEIGHT={0x8, 0xf, 0x5}, @IFLA_VFINFO_LIST={0xe4, 0x16, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, [@IFLA_VF_TX_RATE={0xc, 0x3, {0x6006, 0x4}}, @IFLA_VF_RATE={0x10, 0x6, {0xa4, 0x9, 0x1f}}]}, {0x88, 0x1, 0x0, 0x1, [@IFLA_VF_TX_RATE={0xc, 0x3, {0x7, 0x9}}, @IFLA_VF_SPOOFCHK={0xc, 0x4, {0x4, 0x7}}, @IFLA_VF_VLAN={0x10, 0x2, {0x7c, 0xa34, 0x200}}, @IFLA_VF_MAC={0x28, 0x1, {0x6, @broadcast}}, @IFLA_VF_MAC={0x28, 0x1, {0x69, @dev={[], 0x1e}}}, @IFLA_VF_TX_RATE={0xc, 0x3, {0x7fff, 0xfbb}}]}, {0x28, 0x1, 0x0, 0x1, [@IFLA_VF_IB_NODE_GUID={0x14, 0xa, {0x7, 0x40}}, @IFLA_VF_RATE={0x10, 0x6, {0x1, 0x80000000, 0x20}}]}, {0x10, 0x1, 0x0, 0x1, [@IFLA_VF_SPOOFCHK={0xc, 0x4, {0x7, 0x1}}]}]}]}, 0x158}}, 0x500) 21:33:26 executing program 4: recvmmsg(0xffffffffffffffff, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller1\x00', 0x420000015001}) r1 = syz_open_procfs(0x0, &(0x7f0000000000)='pagemap\x00') sync_file_range(r0, 0x8, 0x7, 0x3) read$char_usb(r1, 0x0, 0x7ffff000) sendmsg$BATADV_CMD_GET_GATEWAYS(r1, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x24, 0x0, 0xa9bcd26255b1b3de, 0x70bd2a, 0x25dfdbfe, {}, [@BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x3}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5}]}, 0x24}, 0x1, 0x0, 0x0, 0x4000}, 0x40) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=@newlink={0x28, 0x10, 0xc362e63b3f31ba5f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x7}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0) write$tun(r0, &(0x7f0000000700)={@void, @void, @mpls={[], @ipv4=@udp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x11, 0x0, @remote, @multicast2}, {0x0, 0x0, 0x10, 0x0, @gue={{0x2}}}}}}, 0x24) r3 = syz_open_procfs(0x0, &(0x7f0000000240)='status\x00') rt_sigaction(0x16, &(0x7f00000002c0)={&(0x7f0000000340)="f20f1b493bc4814564720065f0ff8900000000c482f9415200f2f04129b208000000c443f9699a0b0000000d64f0458372fd1240766ac46279795300c4e251a774d20e", 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000480)) preadv(r3, &(0x7f00000017c0), 0x375, 0xffffff7f, 0x0) 21:33:26 executing program 0: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f0000000240)='status\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x11) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) execveat(r5, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000300)=[&(0x7f00000001c0)='\x00', &(0x7f0000000200)='status\x00'], &(0x7f0000000340), 0x1000) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:33:26 executing program 2: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r3, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:33:26 executing program 4: r0 = syz_open_procfs(0x0, &(0x7f0000000000)='pagemap\x00') read$char_usb(r0, 0x0, 0x7ffff000) ioctl$TCSETXW(r0, 0x5435, &(0x7f00000000c0)={0x6, 0x8, [0x200, 0x6, 0x4, 0x7], 0x3}) ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) openat$pfkey(0xffffffffffffff9c, &(0x7f0000000140)='/proc/self/net/pfkey\x00', 0x8c002, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/netlink\x00') preadv(r5, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:33:26 executing program 5: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/netlink\x00') ioctl$GIO_UNIMAP(r2, 0x4b66, &(0x7f0000000140)={0x8, &(0x7f00000000c0)=[{}, {}, {}, {}, {}, {}, {}, {}]}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r2, 0xc0502100, &(0x7f00000001c0)) preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:33:26 executing program 0: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500)}], 0x1, 0x9) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/netlink\x00') preadv(r3, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:33:26 executing program 3: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x0, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:33:26 executing program 2: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r3, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:33:26 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/netlink\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x900, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) [ 2198.514906][T27398] syz-executor.3 invoked oom-killer: gfp_mask=0x1100dca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO|0x1000000), order=0, oom_score_adj=1000 [ 2198.564524][T27398] CPU: 0 PID: 27398 Comm: syz-executor.3 Not tainted 5.4.56-syzkaller-00005-g8555f0d9d303 #0 [ 2198.574698][T27398] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2198.584746][T27398] Call Trace: [ 2198.588035][T27398] dump_stack+0x14a/0x1ce [ 2198.592362][T27398] ? devkmsg_release+0x11c/0x11c [ 2198.597295][T27398] ? show_regs_print_info+0x12/0x12 [ 2198.602489][T27398] ? radix_tree_cpu_dead+0x160/0x160 [ 2198.607766][T27398] ? _raw_spin_lock+0xa1/0x170 [ 2198.612538][T27398] ? _raw_spin_trylock_bh+0x190/0x190 [ 2198.617918][T27398] dump_header+0xdb/0x700 [ 2198.623472][T27398] oom_kill_process+0xd3/0x280 [ 2198.628237][T27398] out_of_memory+0x5b6/0x890 [ 2198.632839][T27398] ? unregister_oom_notifier+0x20/0x20 [ 2198.638297][T27398] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2198.643834][T27398] ? get_page_from_freelist+0x7c0/0x7c0 [ 2198.649360][T27398] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2198.654729][T27398] ? gfp_pfmemalloc_allowed+0x130/0x130 21:33:26 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/netlink\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x900, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) 21:33:26 executing program 0: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500)}], 0x1, 0x9) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/netlink\x00') preadv(r3, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:33:26 executing program 5: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/netlink\x00') ioctl$GIO_UNIMAP(r2, 0x4b66, &(0x7f0000000140)={0x8, &(0x7f00000000c0)=[{}, {}, {}, {}, {}, {}, {}, {}]}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r2, 0xc0502100, &(0x7f00000001c0)) preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:33:26 executing program 2: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) [ 2198.660259][T27398] ? mem_cgroup_commit_charge+0x1cc/0x2a0 [ 2198.665982][T27398] ? __rcu_read_lock+0x50/0x50 [ 2198.671708][T27398] handle_mm_fault+0x18e6/0x41e0 [ 2198.676637][T27398] ? finish_fault+0x230/0x230 [ 2198.681304][T27398] ? down_read_trylock+0x17a/0x1d0 [ 2198.686590][T27398] ? vmacache_find+0x205/0x4b0 [ 2198.691347][T27398] do_user_addr_fault+0x48a/0x9f0 [ 2198.696367][T27398] page_fault+0x2f/0x40 [ 2198.700528][T27398] RIP: 0033:0x400684 [ 2198.704413][T27398] Code: 01 e9 c9 00 00 00 48 8b 44 24 10 48 0b 44 24 28 be 08 00 00 00 48 8b 14 24 75 17 48 8b 7c 24 20 e8 81 5b 00 00 48 8b 4c 24 08 <48> 89 01 e9 9d 00 00 00 48 8b 44 24 08 48 8b 38 e8 67 5b 00 00 8a [ 2198.724008][T27398] RSP: 002b:00007ffd7c796620 EFLAGS: 00010206 [ 2198.730060][T27398] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000020002bc0 [ 2198.738022][T27398] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000000 [ 2198.745984][T27398] RBP: 00000000007902f8 R08: 0000000000000000 R09: 0000000000000000 [ 2198.754726][T27398] R10: 00007ffd7c796740 R11: 0000000000000246 R12: 0000000000790300 [ 2198.763035][T27398] R13: 0000000000218b7a R14: fffffffffffffffe R15: 000000000078bf0c [ 2198.772224][T27398] Mem-Info: [ 2198.778614][T27398] active_anon:1407106 inactive_anon:9707 isolated_anon:21 [ 2198.778614][T27398] active_file:867 inactive_file:1792 isolated_file:0 [ 2198.778614][T27398] unevictable:363 dirty:26 writeback:0 unstable:0 [ 2198.778614][T27398] slab_reclaimable:10377 slab_unreclaimable:79279 [ 2198.778614][T27398] mapped:59692 shmem:9776 pagetables:36808 bounce:0 21:33:26 executing program 2: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:33:26 executing program 0: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500)}], 0x1, 0x9) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/netlink\x00') preadv(r3, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) [ 2198.778614][T27398] free:14463 free_pcp:463 free_cma:0 [ 2198.833246][T27398] Node 0 active_anon:5630924kB inactive_anon:38828kB active_file:3468kB inactive_file:7468kB unevictable:1452kB isolated(anon):84kB isolated(file):0kB mapped:239168kB dirty:204kB writeback:0kB shmem:39104kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2198.928111][T27398] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2198.970339][T27398] lowmem_reserve[]: 0 2912 6416 6416 [ 2198.975918][T27398] DMA32 free:26148kB min:4644kB low:7624kB high:10604kB active_anon:2833352kB inactive_anon:5352kB active_file:876kB inactive_file:0kB unevictable:0kB writepending:16kB present:3129332kB managed:2983768kB mlocked:0kB kernel_stack:15232kB pagetables:20028kB bounce:0kB free_pcp:1680kB local_pcp:244kB free_cma:0kB [ 2199.008804][T27398] lowmem_reserve[]: 0 0 3504 3504 [ 2199.014223][T27398] Normal free:10484kB min:5592kB low:9180kB high:12768kB active_anon:2808956kB inactive_anon:33476kB active_file:788kB inactive_file:644kB unevictable:1452kB writepending:88kB present:4718592kB managed:3588928kB mlocked:1452kB kernel_stack:29408kB pagetables:127204kB bounce:0kB free_pcp:684kB local_pcp:612kB free_cma:0kB [ 2199.058929][T27398] lowmem_reserve[]: 0 0 0 0 [ 2199.066124][T27398] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2199.087389][T27398] DMA32: 3*4kB (ME) 21*8kB (UME) 44*16kB (UME) 81*32kB (UMEH) 69*64kB (UMEH) 8*128kB (UME) 9*256kB (MEH) 4*512kB (UM) 4*1024kB (MEH) 0*2048kB 1*4096kB (M) = 21460kB [ 2199.106404][T27398] Normal: 5*4kB (MEH) 5*8kB (UEH) 7*16kB (UMEH) 4*32kB (UMH) 1*64kB (H) 2*128kB (MH) 1*256kB (H) 3*512kB (MH) 3*1024kB (MH) 0*2048kB 0*4096kB = 5484kB [ 2199.123105][T27398] 11009 total pagecache pages [ 2199.129135][T27398] 0 pages in swap cache [ 2199.133740][T27398] Swap cache stats: add 0, delete 0, find 0/0 [ 2199.139869][T27398] Free swap = 0kB [ 2199.144666][T27398] Total swap = 0kB [ 2199.148410][T27398] 1965979 pages RAM [ 2199.152699][T27398] 0 pages HighMem/MovableOnly [ 2199.158579][T27398] 318829 pages reserved [ 2199.162747][T27398] 0 pages cma reserved [ 2199.166956][T27398] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.0,pid=25864,uid=0 [ 2199.182991][T27398] Out of memory: Killed process 25864 (syz-executor.0) total-vm:75372kB, anon-rss:16572kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:152kB oom_score_adj:1000 [ 2199.204622][ T23] oom_reaper: reaped process 25864 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 21:33:27 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/netlink\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x900, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) 21:33:27 executing program 3: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x0, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:33:27 executing program 2: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:33:27 executing program 0: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0xa, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0xfffffffffdfffffe) r4 = syz_open_procfs(0x0, &(0x7f0000000000)='pagemap\x00') read$char_usb(r4, 0x0, 0x7ffff000) write(r4, &(0x7f00000001c0)="f09271b9ab8891d309696caa28f61d2cd15859cb8884414e76896122be0954f048fd7ccd186626d23dbe90750173ab8b39bdd230cf25f9f030afe04ad8f728fcacbafd6512f5e0", 0x47) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/fib_trie\x00') fspick(0xffffffffffffffff, &(0x7f0000000140)='./file0\x00', 0x0) preadv(r5, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:33:27 executing program 5: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/netlink\x00') ioctl$GIO_UNIMAP(r2, 0x4b66, &(0x7f0000000140)={0x8, &(0x7f00000000c0)=[{}, {}, {}, {}, {}, {}, {}, {}]}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r2, 0xc0502100, &(0x7f00000001c0)) preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:33:27 executing program 4: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f0000000240)='status\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x10000000, 0x11) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) execveat(r5, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000300)=[&(0x7f00000001c0)='\x00', &(0x7f0000000200)='status\x00'], &(0x7f0000000340), 0x1000) openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:33:27 executing program 2: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) [ 2199.952390][T27468] modprobe invoked oom-killer: gfp_mask=0x1100dca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO|0x1000000), order=0, oom_score_adj=0 [ 2199.974307][T27468] CPU: 1 PID: 27468 Comm: modprobe Not tainted 5.4.56-syzkaller-00005-g8555f0d9d303 #0 [ 2199.983957][T27468] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2199.994044][T27468] Call Trace: [ 2199.997356][T27468] dump_stack+0x14a/0x1ce [ 2200.001752][T27468] ? devkmsg_release+0x11c/0x11c [ 2200.006686][T27468] ? show_regs_print_info+0x12/0x12 [ 2200.011895][T27468] ? radix_tree_cpu_dead+0x160/0x160 [ 2200.017524][T27468] ? _raw_spin_lock+0xa1/0x170 [ 2200.022286][T27468] ? _raw_spin_trylock_bh+0x190/0x190 [ 2200.027649][T27468] dump_header+0xdb/0x700 [ 2200.031969][T27468] oom_kill_process+0xd3/0x280 [ 2200.036719][T27468] out_of_memory+0x5b6/0x890 [ 2200.041299][T27468] ? unregister_oom_notifier+0x20/0x20 [ 2200.046751][T27468] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2200.052290][T27468] ? get_page_from_freelist+0x7c0/0x7c0 [ 2200.058781][T27468] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2200.064146][T27468] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2200.069698][T27468] ? __rcu_read_lock+0x50/0x50 [ 2200.074457][T27468] handle_mm_fault+0x18e6/0x41e0 [ 2200.079380][T27468] ? finish_fault+0x230/0x230 [ 2200.084064][T27468] ? preempt_schedule_irq+0xe7/0x140 [ 2200.089348][T27468] ? preempt_schedule_notrace+0x130/0x130 [ 2200.095067][T27468] ? vmacache_update+0x9f/0xf0 [ 2200.099823][T27468] do_user_addr_fault+0x48a/0x9f0 [ 2200.104858][T27468] page_fault+0x2f/0x40 [ 2200.108999][T27468] RIP: 0033:0x55797d140461 [ 2200.113417][T27468] Code: 54 41 89 fd 55 53 48 8d 3d 53 4c 01 00 48 89 f5 48 81 ec f8 11 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 e8 11 00 00 31 c0 c2 d6 ff ff 48 85 c0 0f 84 48 07 00 00 49 89 c6 0f b6 00 84 c0 [ 2200.133026][T27468] RSP: 002b:00007ffde7487bb0 EFLAGS: 00010246 [ 2200.139111][T27468] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000070 [ 2200.147080][T27468] RDX: 0000000000000000 RSI: 00007ffde7488eb8 RDI: 000055797d155097 [ 2200.155048][T27468] RBP: 00007ffde7488eb8 R08: 000055797d1542c0 R09: 00007f2356e6dba0 [ 2200.165444][T27468] R10: 0000000000000002 R11: 0000000000000001 R12: 000055797d13e010 [ 2200.173426][T27468] R13: 0000000000000004 R14: 0000000000000000 R15: 0000000000000000 [ 2200.189685][T27468] Mem-Info: 21:33:28 executing program 2: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:33:28 executing program 0: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0xa, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0xfffffffffdfffffe) r4 = syz_open_procfs(0x0, &(0x7f0000000000)='pagemap\x00') read$char_usb(r4, 0x0, 0x7ffff000) write(r4, &(0x7f00000001c0)="f09271b9ab8891d309696caa28f61d2cd15859cb8884414e76896122be0954f048fd7ccd186626d23dbe90750173ab8b39bdd230cf25f9f030afe04ad8f728fcacbafd6512f5e0", 0x47) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/fib_trie\x00') fspick(0xffffffffffffffff, &(0x7f0000000140)='./file0\x00', 0x0) preadv(r5, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:33:28 executing program 4: mlockall(0x7) ioctl$HIDIOCSFEATURE(0xffffffffffffffff, 0xc0404806, 0x0) open(&(0x7f0000000140)='./bus\x00', 0x0, 0x0) getsockopt$IP_SET_OP_GET_FNAME(0xffffffffffffffff, 0x1, 0x53, &(0x7f00000001c0)={0x8, 0x7, 0x0, 'syz1\x00'}, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='pagemap\x00') read$char_usb(r0, 0x0, 0x7ffff000) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000040)={r0, &(0x7f0000000000)="a009bb4d0acf4a7408d6615d29462cb1c0e0263c47f5565a14f4e2d08dee182e"}, 0x20) ioctl$KDFONTOP_SET(0xffffffffffffffff, 0x4b72, 0x0) perf_event_open(&(0x7f00000000c0)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0xffffffffffffffff}, 0x8940, 0x0, 0x0, 0x7, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000000)='pagemap\x00') read$char_usb(r1, 0x0, 0x7ffff000) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x2400, 0x71) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) munlockall() r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0xfffffffffffffdc1, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x4000850}, 0x0) sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=@newlink={0x158, 0x10, 0x401, 0x400000, 0x0, {0x0, 0x0, 0x0, 0x0, 0x42df58543c8380db}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @ipip6={{0xb, 0x1, 'ip6tnl\x00'}, {0x20, 0x2, 0x0, 0x1, [@IFLA_IPTUN_ENCAP_FLAGS={0x6}, @IFLA_IPTUN_LOCAL={0x14, 0x3, @rand_addr=' \x01\x00'}]}}}, @IFLA_MTU={0x8, 0x4, 0x10001}, @IFLA_MASTER={0x8}, @IFLA_PHYS_SWITCH_ID={0xa, 0x24, "52e9e867cc93"}, @IFLA_WEIGHT={0x8, 0xf, 0x5}, @IFLA_VFINFO_LIST={0xe4, 0x16, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, [@IFLA_VF_TX_RATE={0xc, 0x3, {0x6006, 0x4}}, @IFLA_VF_RATE={0x10, 0x6, {0xa4, 0x9, 0x1f}}]}, {0x88, 0x1, 0x0, 0x1, [@IFLA_VF_TX_RATE={0xc, 0x3, {0x7, 0x9}}, @IFLA_VF_SPOOFCHK={0xc, 0x4, {0x4, 0x7}}, @IFLA_VF_VLAN={0x10, 0x2, {0x7c, 0xa34, 0x200}}, @IFLA_VF_MAC={0x28, 0x1, {0x6, @broadcast}}, @IFLA_VF_MAC={0x28, 0x1, {0x69, @dev={[], 0x1e}}}, @IFLA_VF_TX_RATE={0xc, 0x3, {0x7fff, 0xfbb}}]}, {0x28, 0x1, 0x0, 0x1, [@IFLA_VF_IB_NODE_GUID={0x14, 0xa, {0x7, 0x40}}, @IFLA_VF_RATE={0x10, 0x6, {0x1, 0x80000000, 0x20}}]}, {0x10, 0x1, 0x0, 0x1, [@IFLA_VF_SPOOFCHK={0xc, 0x4, {0x7, 0x1}}]}]}]}, 0x158}}, 0x6) 21:33:28 executing program 5: mlockall(0x7) ioctl$HIDIOCSFEATURE(0xffffffffffffffff, 0xc0404806, 0x0) open(&(0x7f0000000140)='./bus\x00', 0x0, 0x0) getsockopt$IP_SET_OP_GET_FNAME(0xffffffffffffffff, 0x1, 0x53, &(0x7f00000001c0)={0x8, 0x7, 0x0, 'syz1\x00'}, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='pagemap\x00') read$char_usb(r0, 0x0, 0x7ffff000) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000040)={r0, &(0x7f0000000000)="a009bb4d0acf4a7408d6615d29462cb1c0e0263c47f5565a14f4e2d08dee182e"}, 0x20) ioctl$KDFONTOP_SET(0xffffffffffffffff, 0x4b72, 0x0) perf_event_open(&(0x7f00000000c0)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0xffffffffffffffff}, 0x8940, 0x0, 0x0, 0x7, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000000)='pagemap\x00') read$char_usb(r1, 0x0, 0x7ffff000) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x2400, 0x71) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) munlockall() r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0xfffffffffffffdc1, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x4000850}, 0x0) sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=@newlink={0x158, 0x10, 0x401, 0x400000, 0x0, {0x0, 0x0, 0x0, 0x0, 0x42df58543c8380db}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @ipip6={{0xb, 0x1, 'ip6tnl\x00'}, {0x20, 0x2, 0x0, 0x1, [@IFLA_IPTUN_ENCAP_FLAGS={0x6}, @IFLA_IPTUN_LOCAL={0x14, 0x3, @rand_addr=' \x01\x00'}]}}}, @IFLA_MTU={0x8, 0x4, 0x10001}, @IFLA_MASTER={0x8}, @IFLA_PHYS_SWITCH_ID={0xa, 0x24, "52e9e867cc93"}, @IFLA_WEIGHT={0x8, 0xf, 0x5}, @IFLA_VFINFO_LIST={0xe4, 0x16, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, [@IFLA_VF_TX_RATE={0xc, 0x3, {0x6006, 0x4}}, @IFLA_VF_RATE={0x10, 0x6, {0xa4, 0x9, 0x1f}}]}, {0x88, 0x1, 0x0, 0x1, [@IFLA_VF_TX_RATE={0xc, 0x3, {0x7, 0x9}}, @IFLA_VF_SPOOFCHK={0xc, 0x4, {0x4, 0x7}}, @IFLA_VF_VLAN={0x10, 0x2, {0x7c, 0xa34, 0x200}}, @IFLA_VF_MAC={0x28, 0x1, {0x6, @broadcast}}, @IFLA_VF_MAC={0x28, 0x1, {0x69, @dev={[], 0x1e}}}, @IFLA_VF_TX_RATE={0xc, 0x3, {0x7fff, 0xfbb}}]}, {0x28, 0x1, 0x0, 0x1, [@IFLA_VF_IB_NODE_GUID={0x14, 0xa, {0x7, 0x40}}, @IFLA_VF_RATE={0x10, 0x6, {0x1, 0x80000000, 0x20}}]}, {0x10, 0x1, 0x0, 0x1, [@IFLA_VF_SPOOFCHK={0xc, 0x4, {0x7, 0x1}}]}]}]}, 0x158}}, 0x6) [ 2200.207342][T27468] active_anon:1404898 inactive_anon:9707 isolated_anon:0 [ 2200.207342][T27468] active_file:211 inactive_file:1331 isolated_file:32 [ 2200.207342][T27468] unevictable:363 dirty:0 writeback:0 unstable:0 [ 2200.207342][T27468] slab_reclaimable:10369 slab_unreclaimable:79177 [ 2200.207342][T27468] mapped:58901 shmem:9776 pagetables:36923 bounce:0 [ 2200.207342][T27468] free:17462 free_pcp:916 free_cma:0 21:33:28 executing program 3: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x0, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) [ 2200.416766][T27468] Node 0 active_anon:5636392kB inactive_anon:38828kB active_file:2844kB inactive_file:7724kB unevictable:1452kB isolated(anon):0kB isolated(file):128kB mapped:239304kB dirty:200kB writeback:0kB shmem:39104kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no 21:33:28 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/netlink\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x900, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) 21:33:28 executing program 5 (fault-call:13 fault-nth:0): ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x0) 21:33:28 executing program 2: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:33:28 executing program 0 (fault-call:13 fault-nth:0): ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:33:28 executing program 4 (fault-call:13 fault-nth:0): ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) [ 2200.560163][T27468] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2200.610146][T27468] lowmem_reserve[]: 0 2912 6416 6416 [ 2200.618224][T27468] DMA32 free:21252kB min:4644kB low:7624kB high:10604kB active_anon:2838676kB inactive_anon:5352kB active_file:132kB inactive_file:624kB unevictable:0kB writepending:44kB present:3129332kB managed:2983768kB mlocked:0kB kernel_stack:15168kB pagetables:20528kB bounce:0kB free_pcp:8kB local_pcp:0kB free_cma:0kB [ 2200.649874][T27468] lowmem_reserve[]: 0 0 3504 3504 21:33:28 executing program 3: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r3, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) [ 2200.658777][T27468] Normal free:17832kB min:5592kB low:9180kB high:12768kB active_anon:2799520kB inactive_anon:33476kB active_file:1616kB inactive_file:1592kB unevictable:1396kB writepending:152kB present:4718592kB managed:3588928kB mlocked:1396kB kernel_stack:29536kB pagetables:127316kB bounce:0kB free_pcp:1144kB local_pcp:712kB free_cma:0kB [ 2200.693057][T27468] lowmem_reserve[]: 0 0 0 0 [ 2200.705981][T27468] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2200.780853][T27468] DMA32: 3*4kB (UE) 4*8kB (ME) 4*16kB (ME) 10*32kB (UEH) 68*64kB (UMEH) 10*128kB (UME) 5*256kB (MEH) 3*512kB (UM) 4*1024kB (MEH) 0*2048kB 1*4096kB (M) = 17068kB [ 2200.798436][T27468] Normal: 248*4kB (UME) 20*8kB (UME) 13*16kB (UME) 2*32kB (M) 11*64kB (UM) 4*128kB (UM) 1*256kB (U) 0*512kB 2*1024kB (UM) 0*2048kB 0*4096kB = 4944kB [ 2200.815196][T27468] 10252 total pagecache pages [ 2200.820799][T27468] 0 pages in swap cache [ 2200.827696][T27468] Swap cache stats: add 0, delete 0, find 0/0 [ 2200.834455][T27468] Free swap = 0kB [ 2200.838195][T27468] Total swap = 0kB [ 2200.841939][T27468] 1965979 pages RAM [ 2200.845924][T27468] 0 pages HighMem/MovableOnly [ 2200.850595][T27468] 318829 pages reserved [ 2200.854746][T27468] 0 pages cma reserved [ 2200.858839][T27468] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.0,pid=23795,uid=0 [ 2200.873317][T27468] Out of memory: Killed process 23795 (syz-executor.0) total-vm:75504kB, anon-rss:16572kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:152kB oom_score_adj:1000 [ 2201.017569][T27554] FAULT_INJECTION: forcing a failure. [ 2201.017569][T27554] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2201.030837][T27554] CPU: 0 PID: 27554 Comm: syz-executor.0 Not tainted 5.4.56-syzkaller-00005-g8555f0d9d303 #0 [ 2201.040985][T27554] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2201.051042][T27554] Call Trace: [ 2201.054338][T27554] dump_stack+0x14a/0x1ce [ 2201.058671][T27554] ? devkmsg_release+0x11c/0x11c [ 2201.063611][T27554] ? show_regs_print_info+0x12/0x12 [ 2201.063716][T27555] FAULT_INJECTION: forcing a failure. [ 2201.063716][T27555] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2201.068827][T27554] ? stack_trace_save+0x1f0/0x1f0 [ 2201.068838][T27554] ? __kernel_text_address+0x93/0x110 [ 2201.068853][T27554] should_fail+0x6fb/0x860 [ 2201.096805][T27554] ? setup_fault_attr+0x3d0/0x3d0 [ 2201.101823][T27554] __alloc_pages_nodemask+0x1ee/0x7c0 [ 2201.107217][T27554] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2201.112755][T27554] ? __kasan_slab_free+0x1f2/0x230 [ 2201.117874][T27554] ? __rcu_read_lock+0x50/0x50 [ 2201.122623][T27554] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2201.128703][T27554] kmalloc_order_trace+0x2a/0xf0 [ 2201.133633][T27554] __kmalloc+0x268/0x2d0 [ 2201.137876][T27554] ? proc_fail_nth_write+0x18f/0x250 [ 2201.143162][T27554] kmalloc_array+0x2b/0x50 [ 2201.147580][T27554] rw_copy_check_uvector+0x8a/0x310 [ 2201.152777][T27554] import_iovec+0x113/0x380 [ 2201.158249][T27554] ? dup_iter+0x110/0x110 [ 2201.163004][T27554] do_preadv+0x1d9/0x350 [ 2201.167256][T27554] ? do_writev+0x5b0/0x5b0 [ 2201.171657][T27554] ? fput_many+0x42/0x1a0 [ 2201.175993][T27554] ? ksys_write+0x25d/0x2c0 [ 2201.180484][T27554] do_syscall_64+0xcb/0x150 [ 2201.184976][T27554] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2201.190856][T27554] RIP: 0033:0x45ccd9 [ 2201.194735][T27554] Code: 2d b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb b5 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2201.214332][T27554] RSP: 002b:00007fde41bc5c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000127 [ 2201.222740][T27554] RAX: ffffffffffffffda RBX: 0000000000024a80 RCX: 000000000045ccd9 [ 2201.230708][T27554] RDX: 0000000000000375 RSI: 00000000200017c0 RDI: 0000000000000006 [ 2201.238676][T27554] RBP: 00007fde41bc5ca0 R08: 0000000000000000 R09: 0000000000000000 [ 2201.246642][T27554] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 2201.254609][T27554] R13: 00007ffc21977a6f R14: 00007fde41bc69c0 R15: 000000000078c18c [ 2201.262591][T27555] CPU: 1 PID: 27555 Comm: syz-executor.5 Not tainted 5.4.56-syzkaller-00005-g8555f0d9d303 #0 [ 2201.272747][T27555] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2201.282805][T27555] Call Trace: [ 2201.286101][T27555] dump_stack+0x14a/0x1ce [ 2201.290426][T27555] ? devkmsg_release+0x11c/0x11c [ 2201.295362][T27555] ? show_regs_print_info+0x12/0x12 [ 2201.300554][T27555] ? stack_trace_save+0x1f0/0x1f0 [ 2201.305572][T27555] ? __kernel_text_address+0x93/0x110 [ 2201.310939][T27555] should_fail+0x6fb/0x860 [ 2201.315350][T27555] ? setup_fault_attr+0x3d0/0x3d0 [ 2201.320383][T27555] __alloc_pages_nodemask+0x1ee/0x7c0 [ 2201.325757][T27555] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2201.331301][T27555] ? __kasan_slab_free+0x1f2/0x230 [ 2201.336408][T27555] ? __rcu_read_lock+0x50/0x50 [ 2201.341171][T27555] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2201.347235][T27555] kmalloc_order_trace+0x2a/0xf0 [ 2201.352176][T27555] __kmalloc+0x268/0x2d0 [ 2201.356409][T27555] ? proc_fail_nth_write+0x18f/0x250 [ 2201.361681][T27555] kmalloc_array+0x2b/0x50 [ 2201.366082][T27555] rw_copy_check_uvector+0x8a/0x310 [ 2201.371264][T27555] import_iovec+0x113/0x380 [ 2201.375750][T27555] ? dup_iter+0x110/0x110 [ 2201.380059][T27555] do_preadv+0x1d9/0x350 [ 2201.384304][T27555] ? do_writev+0x5b0/0x5b0 [ 2201.388709][T27555] ? fput_many+0x42/0x1a0 [ 2201.393033][T27555] ? ksys_write+0x25d/0x2c0 [ 2201.397539][T27555] do_syscall_64+0xcb/0x150 [ 2201.402044][T27555] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2201.407928][T27555] RIP: 0033:0x45ccd9 [ 2201.411813][T27555] Code: 2d b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb b5 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2201.431511][T27555] RSP: 002b:00007f2dca027c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000127 [ 2201.439912][T27555] RAX: ffffffffffffffda RBX: 0000000000024a80 RCX: 000000000045ccd9 [ 2201.448309][T27555] RDX: 0000000000000375 RSI: 00000000200017c0 RDI: 0000000000000006 [ 2201.456275][T27555] RBP: 00007f2dca027ca0 R08: 0000000000000000 R09: 0000000000000000 [ 2201.464258][T27555] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 2201.472223][T27555] R13: 00007ffc5a445d3f R14: 00007f2dca0289c0 R15: 000000000078c18c [ 2201.485755][T27547] syz-executor.5 invoked oom-killer: gfp_mask=0x1100dca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO|0x1000000), order=0, oom_score_adj=1000 [ 2201.500145][T27547] CPU: 1 PID: 27547 Comm: syz-executor.5 Not tainted 5.4.56-syzkaller-00005-g8555f0d9d303 #0 [ 2201.510301][T27547] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2201.520379][T27547] Call Trace: [ 2201.523681][T27547] dump_stack+0x14a/0x1ce [ 2201.528008][T27547] ? devkmsg_release+0x11c/0x11c [ 2201.532947][T27547] ? show_regs_print_info+0x12/0x12 [ 2201.538127][T27547] ? radix_tree_cpu_dead+0x160/0x160 [ 2201.543406][T27547] ? _raw_spin_lock+0xa1/0x170 [ 2201.548176][T27547] ? _raw_spin_trylock_bh+0x190/0x190 [ 2201.553540][T27547] dump_header+0xdb/0x700 [ 2201.557856][T27547] oom_kill_process+0xd3/0x280 [ 2201.562606][T27547] out_of_memory+0x5b6/0x890 [ 2201.567230][T27547] ? unregister_oom_notifier+0x20/0x20 [ 2201.572680][T27547] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2201.578229][T27547] ? get_page_from_freelist+0x7c0/0x7c0 [ 2201.583773][T27547] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2201.589140][T27547] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2201.594671][T27547] ? mem_cgroup_commit_charge+0x1cc/0x2a0 [ 2201.600376][T27547] ? mem_cgroup_try_charge_delay+0x10/0x10 [ 2201.606179][T27547] ? __lru_cache_add+0x1a1/0x1f0 [ 2201.611557][T27547] wp_page_copy+0x1cb/0x1120 [ 2201.616151][T27547] ? add_mm_rss_vec+0x270/0x270 [ 2201.620993][T27547] ? vm_normal_page+0x1c9/0x1d0 [ 2201.625846][T27547] do_wp_page+0x4c1/0x1530 [ 2201.630262][T27547] ? push_rt_tasks+0x4f8/0x670 [ 2201.635018][T27547] ? _raw_spin_lock+0xa1/0x170 [ 2201.639762][T27547] ? do_swap_page+0x1560/0x1560 [ 2201.644617][T27547] handle_mm_fault+0xfa5/0x41e0 [ 2201.649453][T27547] ? finish_fault+0x230/0x230 [ 2201.654119][T27547] ? push_rt_tasks+0x4f8/0x670 [ 2201.658907][T27547] ? down_read_trylock+0x17a/0x1d0 [ 2201.664001][T27547] ? vmacache_find+0x2d2/0x4b0 [ 2201.668751][T27547] do_user_addr_fault+0x48a/0x9f0 [ 2201.673762][T27547] page_fault+0x2f/0x40 [ 2201.677900][T27547] RIP: 0010:copy_user_enhanced_fast_string+0xe/0x30 [ 2201.684942][T27547] Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 89 d1 f3 a4 [ 2201.705501][T27547] RSP: 0018:ffff888123167888 EFLAGS: 00010206 [ 2201.711549][T27547] RAX: ffffffff81f80e01 RBX: 0000000020e1a500 RCX: 0000000000000500 [ 2201.719516][T27547] RDX: 0000000000001000 RSI: ffff88819abd0b00 RDI: 0000000020e1a000 [ 2201.727580][T27547] RBP: ffff888123167da8 R08: dffffc0000000000 R09: ffffed103357a200 [ 2201.735539][T27547] R10: 0000000000000000 R11: 0000000000000000 R12: 00007ffffffff000 [ 2201.743488][T27547] R13: 0000000000001000 R14: ffff88819abd0000 R15: 0000000020e19500 [ 2201.751480][T27547] ? _copy_to_iter+0x1021/0x1060 [ 2201.756411][T27547] copyout+0x8e/0xb0 [ 2201.760299][T27547] copy_page_to_iter+0x393/0xbd0 [ 2201.765249][T27547] pipe_to_user+0xa3/0x130 [ 2201.769661][T27547] __splice_from_pipe+0x2d3/0x870 [ 2201.774687][T27547] ? user_page_pipe_buf_steal+0xc0/0xc0 [ 2201.780235][T27547] do_vmsplice+0x252/0xee0 [ 2201.784649][T27547] ? avc_ss_reset+0x3a0/0x3a0 [ 2201.789320][T27547] ? write_pipe_buf+0x1d0/0x1d0 [ 2201.794165][T27547] ? __rcu_read_lock+0x50/0x50 [ 2201.798918][T27547] ? check_stack_object+0x5a/0x90 [ 2201.803928][T27547] ? _copy_from_user+0xa4/0xe0 [ 2201.808683][T27547] ? rw_copy_check_uvector+0x2b3/0x310 [ 2201.814191][T27547] ? import_iovec+0x1c2/0x380 [ 2201.818861][T27547] ? dup_iter+0x110/0x110 [ 2201.823180][T27547] ? do_vfs_ioctl+0x780/0x1750 [ 2201.827934][T27547] __se_sys_vmsplice+0x1fb/0x300 [ 2201.832861][T27547] ? __x64_sys_vmsplice+0xa0/0xa0 [ 2201.837874][T27547] ? put_timespec64+0x109/0x150 [ 2201.842714][T27547] ? __x64_sys_clock_gettime+0x20d/0x260 [ 2201.848347][T27547] ? __ia32_sys_clock_settime+0x2a0/0x2a0 [ 2201.854081][T27547] do_syscall_64+0xcb/0x150 [ 2201.858579][T27547] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2201.864463][T27547] RIP: 0033:0x45ccd9 [ 2201.868345][T27547] Code: 2d b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb b5 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2201.888640][T27547] RSP: 002b:00007f2dca069c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000116 [ 2201.897050][T27547] RAX: ffffffffffffffda RBX: 0000000000035780 RCX: 000000000045ccd9 [ 2201.905704][T27547] RDX: 0000000000000001 RSI: 0000000020000000 RDI: 0000000000000004 [ 2201.913674][T27547] RBP: 000000000078c088 R08: 0000000000000000 R09: 0000000000000000 [ 2201.921646][T27547] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078c04c [ 2201.929616][T27547] R13: 00007ffc5a445d3f R14: 00007f2dca06a9c0 R15: 000000000078c04c [ 2201.937678][T27547] Mem-Info: [ 2201.940815][T27547] active_anon:1414716 inactive_anon:9707 isolated_anon:0 [ 2201.940815][T27547] active_file:35 inactive_file:36 isolated_file:0 [ 2201.940815][T27547] unevictable:363 dirty:0 writeback:6 unstable:0 [ 2201.940815][T27547] slab_reclaimable:10361 slab_unreclaimable:79261 [ 2201.940815][T27547] mapped:57996 shmem:9776 pagetables:36999 bounce:0 [ 2201.940815][T27547] free:9226 free_pcp:491 free_cma:0 [ 2201.979206][T27547] Node 0 active_anon:5658864kB inactive_anon:38828kB active_file:140kB inactive_file:144kB unevictable:1452kB isolated(anon):0kB isolated(file):0kB mapped:231984kB dirty:0kB writeback:24kB shmem:39104kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2202.003549][T27547] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2202.029541][T27547] lowmem_reserve[]: 0 2912 6416 6416 [ 2202.034872][T27547] DMA32 free:16868kB min:4644kB low:7624kB high:10604kB active_anon:2843640kB inactive_anon:5352kB active_file:0kB inactive_file:4kB unevictable:0kB writepending:4kB present:3129332kB managed:2983768kB mlocked:0kB kernel_stack:15104kB pagetables:20544kB bounce:0kB free_pcp:460kB local_pcp:0kB free_cma:0kB [ 2202.064044][T27547] lowmem_reserve[]: 0 0 3504 3504 [ 2202.069108][T27547] Normal free:4132kB min:5592kB low:9180kB high:12768kB active_anon:2814688kB inactive_anon:33476kB active_file:364kB inactive_file:260kB unevictable:1452kB writepending:12kB present:4718592kB managed:3588928kB mlocked:1452kB kernel_stack:30048kB pagetables:127452kB bounce:0kB free_pcp:1504kB local_pcp:1136kB free_cma:0kB [ 2202.103566][T27547] lowmem_reserve[]: 0 0 0 0 [ 2202.108076][T27547] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2202.121393][T27547] DMA32: 3*4kB (ME) 15*8kB (UME) 12*16kB (UME) 11*32kB (UE) 63*64kB (UME) 11*128kB (UME) 4*256kB (ME) 3*512kB (UM) 4*1024kB (ME) 0*2048kB 1*4096kB (M) = 16868kB [ 2202.137510][T27547] Normal: 41*4kB (UE) 18*8kB (ME) 11*16kB (ME) 1*32kB (U) 0*64kB 4*128kB (UM) 4*256kB (UM) 0*512kB 2*1024kB (UM) 0*2048kB 0*4096kB = 4100kB [ 2202.152773][T27547] 10116 total pagecache pages [ 2202.157460][T27547] 0 pages in swap cache [ 2202.161595][T27547] Swap cache stats: add 0, delete 0, find 0/0 [ 2202.167652][T27547] Free swap = 0kB [ 2202.172309][T27547] Total swap = 0kB [ 2202.176023][T27547] 1965979 pages RAM [ 2202.179812][T27547] 0 pages HighMem/MovableOnly [ 2202.184510][T27547] 318829 pages reserved [ 2202.188669][T27547] 0 pages cma reserved [ 2202.192720][T27547] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.0,pid=13115,uid=0 [ 2202.206825][T27547] Out of memory: Killed process 13115 (syz-executor.0) total-vm:75240kB, anon-rss:15600kB, file-rss:35776kB, shmem-rss:0kB, UID:0 pgtables:160kB oom_score_adj:1000 [ 2202.305135][T27468] modprobe invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 2202.313356][ T23] oom_reaper: reaped process 13115 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 2202.320652][T27468] CPU: 0 PID: 27468 Comm: modprobe Not tainted 5.4.56-syzkaller-00005-g8555f0d9d303 #0 [ 2202.336786][T27468] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2202.346834][T27468] Call Trace: [ 2202.350107][T27468] dump_stack+0x14a/0x1ce [ 2202.354424][T27468] ? devkmsg_release+0x11c/0x11c [ 2202.359350][T27468] ? show_regs_print_info+0x12/0x12 [ 2202.364546][T27468] ? radix_tree_cpu_dead+0x160/0x160 [ 2202.369898][T27468] ? _raw_spin_lock+0xa1/0x170 [ 2202.374686][T27468] ? _raw_spin_trylock_bh+0x190/0x190 [ 2202.380038][T27468] dump_header+0xdb/0x700 [ 2202.384348][T27468] oom_kill_process+0xd3/0x280 [ 2202.389098][T27468] out_of_memory+0x5b6/0x890 [ 2202.393693][T27468] ? unregister_oom_notifier+0x20/0x20 [ 2202.399134][T27468] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2202.404685][T27468] ? get_page_from_freelist+0x7c0/0x7c0 [ 2202.410238][T27468] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2202.415605][T27468] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2202.421242][T27468] pagecache_get_page+0x50f/0x880 [ 2202.426275][T27468] filemap_fault+0x14cb/0x1a30 [ 2202.431034][T27468] ? __down_read+0xf1/0x210 [ 2202.435512][T27468] ? generic_file_read_iter+0x20b0/0x20b0 [ 2202.441209][T27468] ? ___preempt_schedule+0x16/0x20 [ 2202.446312][T27468] ext4_filemap_fault+0x7b/0x90 [ 2202.451169][T27468] handle_mm_fault+0x29ca/0x41e0 [ 2202.456130][T27468] ? finish_fault+0x230/0x230 [ 2202.460793][T27468] ? down_read_trylock+0x17a/0x1d0 [ 2202.465881][T27468] ? vmacache_find+0x205/0x4b0 [ 2202.470636][T27468] do_user_addr_fault+0x48a/0x9f0 [ 2202.475654][T27468] page_fault+0x2f/0x40 [ 2202.479788][T27468] RIP: 0033:0x7f2356bb7cd0 [ 2202.484199][T27468] Code: Bad RIP value. [ 2202.488239][T27468] RSP: 002b:00007ffde74879b8 EFLAGS: 00010246 [ 2202.494987][T27468] RAX: 0000000000000000 RBX: 00007ffde74879d0 RCX: 000055797d157988 [ 2202.502959][T27468] RDX: 000055797d157995 RSI: 0000000000000001 RDI: 00007ffde74879c8 [ 2202.510935][T27468] RBP: 0000000000000000 R08: 00007ffde7487a52 R09: 0000000000000080 [ 2202.518888][T27468] R10: 00007f2356e58b58 R11: 0000000000000246 R12: 0000000000000000 [ 2202.526836][T27468] R13: 0000000000000001 R14: 00007ffde7487bf8 R15: 0000000000000000 [ 2202.538184][T27468] Mem-Info: [ 2202.541754][T27468] active_anon:1406182 inactive_anon:9707 isolated_anon:0 [ 2202.541754][T27468] active_file:17 inactive_file:73 isolated_file:0 [ 2202.541754][T27468] unevictable:363 dirty:2 writeback:0 unstable:0 [ 2202.541754][T27468] slab_reclaimable:10361 slab_unreclaimable:79262 [ 2202.541754][T27468] mapped:57988 shmem:9776 pagetables:37003 bounce:0 [ 2202.541754][T27468] free:17435 free_pcp:1021 free_cma:0 [ 2202.580557][T27468] Node 0 active_anon:5624728kB inactive_anon:38828kB active_file:568kB inactive_file:6300kB unevictable:1452kB isolated(anon):0kB isolated(file):0kB mapped:236152kB dirty:108kB writeback:0kB shmem:39104kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no 21:33:30 executing program 0 (fault-call:13 fault-nth:1): ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:33:30 executing program 5 (fault-call:13 fault-nth:1): ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x0) 21:33:30 executing program 4: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) 21:33:30 executing program 2: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{0x0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) [ 2202.605101][T27468] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB 21:33:30 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/netlink\x00') preadv(r3, &(0x7f00000017c0), 0x375, 0x900, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) 21:33:30 executing program 3: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r3, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) [ 2202.658237][T27468] lowmem_reserve[]: 0 2912 6416 6416 [ 2202.665731][T27468] DMA32 free:21168kB min:4644kB low:7624kB high:10604kB active_anon:2838696kB inactive_anon:5352kB active_file:4kB inactive_file:4kB unevictable:0kB writepending:8kB present:3129332kB managed:2983768kB mlocked:0kB kernel_stack:15040kB pagetables:20248kB bounce:0kB free_pcp:1880kB local_pcp:476kB free_cma:0kB [ 2202.734475][T27468] lowmem_reserve[]: 0 0 3504 3504 [ 2202.739847][T27468] Normal free:30416kB min:9688kB low:13276kB high:16864kB active_anon:2774724kB inactive_anon:33476kB active_file:492kB inactive_file:10680kB unevictable:1452kB writepending:184kB present:4718592kB managed:3588928kB mlocked:1452kB kernel_stack:29760kB pagetables:127460kB bounce:0kB free_pcp:1712kB local_pcp:428kB free_cma:0kB [ 2202.869043][T27592] FAULT_INJECTION: forcing a failure. [ 2202.869043][T27592] name failslab, interval 1, probability 0, space 0, times 0 [ 2202.881690][T27592] CPU: 0 PID: 27592 Comm: syz-executor.5 Not tainted 5.4.56-syzkaller-00005-g8555f0d9d303 #0 [ 2202.891847][T27592] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2202.902155][T27592] Call Trace: [ 2202.905440][T27592] dump_stack+0x14a/0x1ce [ 2202.909754][T27592] ? devkmsg_release+0x11c/0x11c [ 2202.914675][T27592] ? show_regs_print_info+0x12/0x12 [ 2202.919858][T27592] ? __alloc_pages_nodemask+0x5cb/0x7c0 [ 2202.925389][T27592] should_fail+0x6fb/0x860 [ 2202.929806][T27592] ? setup_fault_attr+0x3d0/0x3d0 [ 2202.934816][T27592] ? kvmalloc_node+0xc2/0x120 [ 2202.939492][T27592] should_failslab+0x5/0x20 [ 2202.943983][T27592] __kmalloc+0x5f/0x2d0 [ 2202.948138][T27592] kvmalloc_node+0xc2/0x120 [ 2202.952627][T27592] seq_read+0x217/0xd30 [ 2202.956782][T27592] ? rw_copy_check_uvector+0x174/0x310 [ 2202.962248][T27592] ? selinux_file_permission+0x2d0/0x520 [ 2202.967880][T27592] do_iter_read+0x43b/0x550 [ 2202.972392][T27592] do_preadv+0x213/0x350 [ 2202.976635][T27592] ? do_writev+0x5b0/0x5b0 [ 2202.981050][T27592] ? fput_many+0x42/0x1a0 [ 2202.985373][T27592] ? ksys_write+0x25d/0x2c0 [ 2202.989869][T27592] ? do_user_addr_fault+0x55c/0x9f0 [ 2202.995072][T27592] do_syscall_64+0xcb/0x150 [ 2202.999569][T27592] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2203.005455][T27592] RIP: 0033:0x45ccd9 [ 2203.009339][T27592] Code: 2d b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb b5 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2203.028935][T27592] RSP: 002b:00007f2dca027c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000127 [ 2203.037340][T27592] RAX: ffffffffffffffda RBX: 0000000000024a80 RCX: 000000000045ccd9 [ 2203.045312][T27592] RDX: 0000000000000375 RSI: 00000000200017c0 RDI: 0000000000000006 [ 2203.053288][T27592] RBP: 00007f2dca027ca0 R08: 0000000000000000 R09: 0000000000000000 [ 2203.061260][T27592] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2203.069233][T27592] R13: 00007ffc5a445d3f R14: 00007f2dca0289c0 R15: 000000000078c18c [ 2203.151976][T27468] lowmem_reserve[]: 0 0 0 0 [ 2203.161968][T27468] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2203.179992][T27468] DMA32: 73*4kB (UME) 27*8kB (UME) 47*16kB (UME) 17*32kB (UMEH) 67*64kB (UMEH) 11*128kB (UME) 4*256kB (ME) 3*512kB (UM) 4*1024kB (ME) 0*2048kB 1*4096kB (M) = 18252kB 21:33:31 executing program 0: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) [ 2203.198304][T27468] Normal: 812*4kB (UMEH) 187*8kB (UME) 101*16kB (UMEH) 96*32kB (UMH) 36*64kB (UM) 11*128kB (M) 0*256kB 2*512kB (UM) 3*1024kB (UM) 1*2048kB (M) 0*4096kB = 19288kB [ 2203.216173][T27468] 11951 total pagecache pages [ 2203.221439][T27468] 0 pages in swap cache [ 2203.227231][T27468] Swap cache stats: add 0, delete 0, find 0/0 [ 2203.241672][T27468] Free swap = 0kB 21:33:31 executing program 2: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{0x0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:33:31 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/netlink\x00') preadv(r3, &(0x7f00000017c0), 0x375, 0x900, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) 21:33:31 executing program 3: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r3, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) [ 2203.249241][T27468] Total swap = 0kB [ 2203.256645][T27468] 1965979 pages RAM [ 2203.270206][T27468] 0 pages HighMem/MovableOnly [ 2203.275287][T27468] 318829 pages reserved [ 2203.279734][T27468] 0 pages cma reserved [ 2203.284146][T27468] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.0,pid=18470,uid=0 21:33:31 executing program 4: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') setxattr$trusted_overlay_nlink(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.nlink\x00', &(0x7f0000000180)={'U+', 0x8000}, 0x16, 0x1) preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) [ 2203.299933][T27468] Out of memory: Killed process 18470 (syz-executor.0) total-vm:75240kB, anon-rss:16564kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:152kB oom_score_adj:1000 [ 2203.320473][ T23] oom_reaper: reaped process 18470 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 21:33:31 executing program 2: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{0x0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:33:31 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/netlink\x00') preadv(r3, &(0x7f00000017c0), 0x375, 0x900, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) 21:33:31 executing program 3: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:33:31 executing program 5 (fault-call:13 fault-nth:2): ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x0) 21:33:31 executing program 0: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x2}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) [ 2203.565081][ T356] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2203.575170][ T356] CPU: 0 PID: 356 Comm: syz-executor.2 Not tainted 5.4.56-syzkaller-00005-g8555f0d9d303 #0 [ 2203.585835][ T356] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2203.595886][ T356] Call Trace: [ 2203.599165][ T356] dump_stack+0x14a/0x1ce [ 2203.603479][ T356] ? devkmsg_release+0x11c/0x11c [ 2203.608426][ T356] ? show_regs_print_info+0x12/0x12 21:33:31 executing program 4: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) r4 = syz_open_procfs(0x0, &(0x7f0000000000)='pagemap\x00') read$char_usb(r4, 0x0, 0x7ffff000) ioctl$FITRIM(r4, 0xc0185879, &(0x7f00000000c0)={0x68c980d1, 0x0, 0xee}) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r5, &(0x7f00000017c0), 0x375, 0x0, 0x0) [ 2203.613669][ T356] ? radix_tree_cpu_dead+0x160/0x160 [ 2203.618956][ T356] ? _raw_spin_lock+0xa1/0x170 [ 2203.623717][ T356] ? _raw_spin_trylock_bh+0x190/0x190 [ 2203.629089][ T356] dump_header+0xdb/0x700 [ 2203.633420][ T356] oom_kill_process+0xd3/0x280 [ 2203.638190][ T356] out_of_memory+0x5b6/0x890 [ 2203.642778][ T356] ? unregister_oom_notifier+0x20/0x20 [ 2203.648239][ T356] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2203.653795][ T356] ? get_page_from_freelist+0x7c0/0x7c0 [ 2203.659340][ T356] ? __zone_watermark_ok+0x91/0x280 [ 2203.664547][ T356] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2203.669932][ T356] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2203.675463][ T356] ? lockref_get+0x1c2/0x2b0 [ 2203.680054][ T356] ? blk_crypto_keyslot_evict+0x160/0x160 [ 2203.685774][ T356] ? find_inode_fast+0x3f9/0x4b0 [ 2203.690710][ T356] __get_free_pages+0xa/0x30 [ 2203.695299][ T356] inode_doinit_with_dentry+0x950/0x10e0 [ 2203.700915][ T356] ? __wake_up_bit+0x180/0x180 [ 2203.705675][ T356] ? sb_finish_set_opts+0x7e0/0x7e0 [ 2203.710876][ T356] ? current_time+0x1be/0x2f0 [ 2203.715544][ T356] ? atime_needs_update+0x570/0x570 [ 2203.720727][ T356] security_d_instantiate+0x90/0xf0 [ 2203.725906][ T356] d_splice_alias+0x71/0x590 [ 2203.730483][ T356] kernfs_iop_lookup+0x17a/0x1f0 [ 2203.735397][ T356] __lookup_slow+0x312/0x490 [ 2203.739961][ T356] ? lookup_one_len2+0x2d0/0x2d0 [ 2203.744875][ T356] path_mountpoint+0x2ac/0x7a0 [ 2203.749622][ T356] ? success_walk_trace+0x430/0x430 [ 2203.754795][ T356] filename_mountpoint+0x239/0x680 [ 2203.759895][ T356] ? user_path_mountpoint_at+0x40/0x40 [ 2203.765343][ T356] ? getname_flags+0x20d/0x610 [ 2203.770087][ T356] ksys_umount+0x167/0xff0 [ 2203.774484][ T356] ? namespace_unlock+0x4e0/0x4e0 [ 2203.779494][ T356] ? __fpregs_load_activate+0x2d3/0x390 [ 2203.785011][ T356] ? switch_fpu_return+0x10/0x10 [ 2203.789934][ T356] ? getname_flags+0x20d/0x610 [ 2203.794670][ T356] __x64_sys_umount+0x56/0x60 [ 2203.799339][ T356] do_syscall_64+0xcb/0x150 [ 2203.803817][ T356] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2203.809683][ T356] RIP: 0033:0x45f707 [ 2203.813555][ T356] Code: 64 89 04 25 d0 02 00 00 58 5f ff d0 48 89 c7 e8 2f be ff ff 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 cd 8b fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2203.833150][ T356] RSP: 002b:00007ffdfaf6a318 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 2203.841539][ T356] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000045f707 [ 2203.849504][ T356] RDX: 0000000000402dc8 RSI: 0000000000000002 RDI: 00007ffdfaf6a3c0 [ 2203.858181][ T356] RBP: 0000000000002f8e R08: 0000000000000000 R09: 000000000000000d [ 2203.866135][ T356] R10: 0000000000000006 R11: 0000000000000246 R12: 00007ffdfaf6b450 [ 2203.874097][ T356] R13: 0000000001b3e940 R14: 0000000000000000 R15: 00007ffdfaf6b450 [ 2203.883094][ T356] Mem-Info: [ 2203.893762][ T356] active_anon:1405174 inactive_anon:9707 isolated_anon:0 [ 2203.893762][ T356] active_file:579 inactive_file:904 isolated_file:2 [ 2203.893762][ T356] unevictable:363 dirty:13 writeback:0 unstable:0 [ 2203.893762][ T356] slab_reclaimable:10343 slab_unreclaimable:79446 [ 2203.893762][ T356] mapped:58922 shmem:9776 pagetables:36925 bounce:0 [ 2203.893762][ T356] free:16944 free_pcp:1101 free_cma:0 [ 2203.932319][ T356] Node 0 active_anon:5620696kB inactive_anon:38828kB active_file:2316kB inactive_file:3616kB unevictable:1452kB isolated(anon):0kB isolated(file):8kB mapped:235688kB dirty:52kB writeback:0kB shmem:39104kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2203.957432][ T356] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2203.984212][ T356] lowmem_reserve[]: 0 2912 6416 6416 [ 2203.989943][ T356] DMA32 free:35132kB min:4644kB low:7624kB high:10604kB active_anon:2824796kB inactive_anon:5352kB active_file:0kB inactive_file:4kB unevictable:0kB writepending:0kB present:3129332kB managed:2983768kB mlocked:0kB kernel_stack:15104kB pagetables:20368kB bounce:0kB free_pcp:2788kB local_pcp:1336kB free_cma:0kB [ 2204.019512][ T356] lowmem_reserve[]: 0 0 3504 3504 [ 2204.024899][ T356] Normal free:16140kB min:5592kB low:9180kB high:12768kB active_anon:2795900kB inactive_anon:33476kB active_file:2320kB inactive_file:3656kB unevictable:1452kB writepending:92kB present:4718592kB managed:3588928kB mlocked:1452kB kernel_stack:29312kB pagetables:127332kB bounce:0kB free_pcp:1748kB local_pcp:424kB free_cma:0kB [ 2204.055699][ T356] lowmem_reserve[]: 0 0 0 0 [ 2204.060197][ T356] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2204.074122][ T356] DMA32: 569*4kB (UME) 411*8kB (UME) 358*16kB (UME) 78*32kB (UMEH) 123*64kB (UMEH) 26*128kB (UMEH) 4*256kB (ME) 3*512kB (UM) 4*1024kB (ME) 0*2048kB 1*4096kB (M) = 35740kB [ 2204.091449][ T356] Normal: 777*4kB (UMEH) 263*8kB (UMEH) 91*16kB (UMEH) 44*32kB (UMH) 46*64kB (UMH) 8*128kB (M) 0*256kB 0*512kB 2*1024kB (UH) 1*2048kB (M) 0*4096kB = 16140kB [ 2204.107492][ T356] 11622 total pagecache pages [ 2204.112152][ T356] 0 pages in swap cache [ 2204.116691][ T356] Swap cache stats: add 0, delete 0, find 0/0 [ 2204.122745][ T356] Free swap = 0kB [ 2204.126856][ T356] Total swap = 0kB [ 2204.130552][ T356] 1965979 pages RAM [ 2204.134338][ T356] 0 pages HighMem/MovableOnly [ 2204.139620][ T356] 318829 pages reserved [ 2204.143751][ T356] 0 pages cma reserved [ 2204.148232][ T356] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.0,pid=12618,uid=0 [ 2204.162774][ T356] Out of memory: Killed process 12618 (syz-executor.0) total-vm:75240kB, anon-rss:16556kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:152kB oom_score_adj:1000 [ 2204.180987][ T23] oom_reaper: reaped process 12618 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 2204.417453][T27659] FAULT_INJECTION: forcing a failure. [ 2204.417453][T27659] name failslab, interval 1, probability 0, space 0, times 0 [ 2204.430143][T27659] CPU: 0 PID: 27659 Comm: syz-executor.5 Not tainted 5.4.56-syzkaller-00005-g8555f0d9d303 #0 [ 2204.440274][T27659] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2204.450317][T27659] Call Trace: [ 2204.453606][T27659] dump_stack+0x14a/0x1ce [ 2204.457946][T27659] ? devkmsg_release+0x11c/0x11c [ 2204.462882][T27659] ? show_regs_print_info+0x12/0x12 [ 2204.468063][T27659] ? cred_has_capability+0x1c2/0x410 [ 2204.473327][T27659] ? cred_has_capability+0x2cc/0x410 [ 2204.478619][T27659] should_fail+0x6fb/0x860 [ 2204.483031][T27659] ? setup_fault_attr+0x3d0/0x3d0 [ 2204.488039][T27659] ? cap_capable+0x23f/0x280 [ 2204.492611][T27659] ? proc_pid_stack+0x8e/0x1f0 [ 2204.497376][T27659] should_failslab+0x5/0x20 [ 2204.501883][T27659] kmem_cache_alloc_trace+0x39/0x280 [ 2204.507155][T27659] proc_pid_stack+0x8e/0x1f0 [ 2204.511751][T27659] proc_single_show+0xd3/0x130 [ 2204.516523][T27659] seq_read+0x4aa/0xd30 [ 2204.520679][T27659] do_iter_read+0x43b/0x550 [ 2204.525191][T27659] do_preadv+0x213/0x350 [ 2204.529418][T27659] ? do_writev+0x5b0/0x5b0 [ 2204.533811][T27659] ? fput_many+0x42/0x1a0 [ 2204.538129][T27659] ? do_syscall_64+0x80/0x150 [ 2204.542782][T27659] do_syscall_64+0xcb/0x150 [ 2204.547267][T27659] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2204.553148][T27659] RIP: 0033:0x45ccd9 [ 2204.557025][T27659] Code: 2d b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb b5 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2204.576616][T27659] RSP: 002b:00007f2dca048c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000127 [ 2204.585020][T27659] RAX: ffffffffffffffda RBX: 0000000000024a80 RCX: 000000000045ccd9 [ 2204.592988][T27659] RDX: 0000000000000375 RSI: 00000000200017c0 RDI: 0000000000000006 [ 2204.600946][T27659] RBP: 00007f2dca048ca0 R08: 0000000000000000 R09: 0000000000000000 [ 2204.608908][T27659] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2204.616891][T27659] R13: 00007ffc5a445d3f R14: 00007f2dca0499c0 R15: 000000000078c0ec 21:33:32 executing program 3: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:33:32 executing program 0: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) r4 = syz_open_procfs(0x0, &(0x7f0000000000)='pagemap\x00') read$char_usb(0xffffffffffffffff, 0x0, 0x7ffff000) fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f00000000c0)) read$char_usb(r4, 0x0, 0x7ffff000) pidfd_send_signal(r4, 0x3f, &(0x7f00000001c0)={0x37, 0x4, 0x6}, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r5, &(0x7f00000017c0), 0x375, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:33:32 executing program 2: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, 0x0, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:33:32 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/netlink\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x900, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) 21:33:32 executing program 3: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:33:32 executing program 4: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9, 0x0, 0x4, 0xfffffffffffffffc}, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup/syz1\x00', 0x200002, 0x0) write(r2, &(0x7f0000000340), 0x41395527) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, 0x0, r3) r5 = gettid() sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000180)=[@cred={{0x1c, 0x1, 0x2, {r5, r3, r4}}}], 0x20}, 0x0) getgroups(0x3, &(0x7f0000000140)=[0x0, 0xffffffffffffffff, r4]) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x40280900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r6, &(0x7f00000017c0), 0x375, 0x0, 0x0) 21:33:32 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/netlink\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x900, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) 21:33:33 executing program 2: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, 0x0, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:33:33 executing program 5 (fault-call:13 fault-nth:3): ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x0) 21:33:33 executing program 0: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='pagemap\x00') read$char_usb(r0, 0x0, 0x7ffff000) ioctl$EVIOCGREP(r0, 0x80084503, &(0x7f00000001c0)=""/174) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') read$char_usb(0xffffffffffffffff, 0x0, 0x7ffff000) ioctl$RTC_RD_TIME(0xffffffffffffffff, 0x80247009, &(0x7f00000000c0)) preadv(r5, &(0x7f00000017c0), 0x375, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) [ 2205.228424][T27712] syz-executor.4 invoked oom-killer: gfp_mask=0x1100dca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO|0x1000000), order=0, oom_score_adj=1000 [ 2205.241879][T27712] CPU: 1 PID: 27712 Comm: syz-executor.4 Not tainted 5.4.56-syzkaller-00005-g8555f0d9d303 #0 [ 2205.252029][T27712] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2205.262095][T27712] Call Trace: [ 2205.265399][T27712] dump_stack+0x14a/0x1ce [ 2205.269733][T27712] ? devkmsg_release+0x11c/0x11c [ 2205.274675][T27712] ? show_regs_print_info+0x12/0x12 [ 2205.279859][T27712] ? radix_tree_cpu_dead+0x160/0x160 [ 2205.285129][T27712] ? _raw_spin_lock+0xa1/0x170 [ 2205.289886][T27712] ? _raw_spin_trylock_bh+0x190/0x190 [ 2205.295269][T27712] dump_header+0xdb/0x700 [ 2205.299785][T27712] oom_kill_process+0xd3/0x280 [ 2205.304585][T27712] out_of_memory+0x5b6/0x890 [ 2205.309166][T27712] ? unregister_oom_notifier+0x20/0x20 [ 2205.314629][T27712] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2205.320172][T27712] ? get_page_from_freelist+0x7c0/0x7c0 [ 2205.325703][T27712] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2205.331075][T27712] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2205.336597][T27712] ? mem_cgroup_commit_charge+0x1cc/0x2a0 [ 2205.342325][T27712] ? __perf_event_task_sched_out+0xfe4/0x1110 [ 2205.348392][T27712] ? __perf_event_task_sched_in+0x4f7/0x560 [ 2205.354281][T27712] wp_page_copy+0x1cb/0x1120 [ 2205.358851][T27712] ? perf_pmu_sched_task+0x370/0x370 [ 2205.364121][T27712] ? switch_mm_irqs_off+0x2bf/0x9a0 [ 2205.369303][T27712] ? add_mm_rss_vec+0x270/0x270 [ 2205.374133][T27712] ? _raw_spin_unlock_irq+0x5/0x20 [ 2205.379250][T27712] ? finish_task_switch+0x235/0x4c0 [ 2205.384436][T27712] ? vm_normal_page+0x1c9/0x1d0 [ 2205.389291][T27712] do_wp_page+0x4c1/0x1530 [ 2205.393685][T27712] ? _raw_spin_lock+0xa1/0x170 [ 2205.398445][T27712] ? do_swap_page+0x1560/0x1560 [ 2205.403273][T27712] ? ttwu_do_wakeup+0x154/0x5b0 [ 2205.408110][T27712] handle_mm_fault+0xfa5/0x41e0 [ 2205.412956][T27712] ? finish_fault+0x230/0x230 [ 2205.417627][T27712] ? down_read_trylock+0x17a/0x1d0 [ 2205.422716][T27712] ? vmacache_find+0x47a/0x4b0 [ 2205.427453][T27712] do_user_addr_fault+0x48a/0x9f0 [ 2205.432476][T27712] page_fault+0x2f/0x40 [ 2205.436605][T27712] RIP: 0010:copy_user_enhanced_fast_string+0xe/0x30 [ 2205.443178][T27712] Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 89 d1 f3 a4 [ 2205.462771][T27712] RSP: 0018:ffff8881389af888 EFLAGS: 00010206 [ 2205.469345][T27712] RAX: ffffffff81f80e01 RBX: 0000000020246500 RCX: 0000000000000500 [ 2205.478002][T27712] RDX: 0000000000001000 RSI: ffff88817a547b00 RDI: 0000000020246000 [ 2205.485960][T27712] RBP: ffff8881389afda8 R08: dffffc0000000000 R09: ffffed102f4a9000 [ 2205.494280][T27712] R10: 0000000000000000 R11: 0000000000000000 R12: 00007ffffffff000 [ 2205.502254][T27712] R13: 0000000000001000 R14: ffff88817a547000 R15: 0000000020245500 [ 2205.510257][T27712] ? _copy_to_iter+0x1021/0x1060 [ 2205.515193][T27712] copyout+0x8e/0xb0 [ 2205.519081][T27712] copy_page_to_iter+0x393/0xbd0 [ 2205.524043][T27712] pipe_to_user+0xa3/0x130 [ 2205.528445][T27712] __splice_from_pipe+0x2d3/0x870 [ 2205.533453][T27712] ? user_page_pipe_buf_steal+0xc0/0xc0 [ 2205.538986][T27712] do_vmsplice+0x252/0xee0 [ 2205.543388][T27712] ? futex_exit_release+0xc0/0xc0 [ 2205.548393][T27712] ? __rcu_read_lock+0x50/0x50 [ 2205.553149][T27712] ? write_pipe_buf+0x1d0/0x1d0 [ 2205.564318][T27712] ? __fget+0x37c/0x3c0 [ 2205.568456][T27712] ? __rcu_read_lock+0x50/0x50 [ 2205.573216][T27712] ? __kmalloc+0xf7/0x2d0 [ 2205.577549][T27712] ? kzalloc+0x22/0x40 [ 2205.581609][T27712] ? check_stack_object+0x5a/0x90 [ 2205.586621][T27712] ? _copy_from_user+0xa4/0xe0 [ 2205.591390][T27712] ? rw_copy_check_uvector+0x2b3/0x310 [ 2205.596836][T27712] ? import_iovec+0x1c2/0x380 [ 2205.601514][T27712] ? dup_iter+0x110/0x110 [ 2205.605842][T27712] ? ____sys_sendmsg+0x8d0/0x8d0 [ 2205.610769][T27712] __se_sys_vmsplice+0x1fb/0x300 [ 2205.615693][T27712] ? __x64_sys_vmsplice+0xa0/0xa0 [ 2205.620698][T27712] ? put_timespec64+0x109/0x150 [ 2205.625525][T27712] ? __x64_sys_clock_gettime+0x20d/0x260 [ 2205.631142][T27712] ? __ia32_sys_clock_settime+0x2a0/0x2a0 [ 2205.636846][T27712] do_syscall_64+0xcb/0x150 [ 2205.641332][T27712] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2205.647288][T27712] RIP: 0033:0x45ccd9 [ 2205.651152][T27712] Code: 2d b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb b5 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2205.670744][T27712] RSP: 002b:00007f147e963c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000116 [ 2205.679137][T27712] RAX: ffffffffffffffda RBX: 0000000000035780 RCX: 000000000045ccd9 [ 2205.687086][T27712] RDX: 0000000000000001 RSI: 0000000020000000 RDI: 0000000000000004 [ 2205.695047][T27712] RBP: 000000000078c088 R08: 0000000000000000 R09: 0000000000000000 [ 2205.702998][T27712] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078c04c [ 2205.710953][T27712] R13: 00007ffdf3466bef R14: 00007f147e9649c0 R15: 000000000078c04c [ 2205.727111][T27723] FAULT_INJECTION: forcing a failure. [ 2205.727111][T27723] name failslab, interval 1, probability 0, space 0, times 0 [ 2205.739766][T27723] CPU: 1 PID: 27723 Comm: syz-executor.5 Not tainted 5.4.56-syzkaller-00005-g8555f0d9d303 #0 [ 2205.749911][T27723] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2205.759966][T27723] Call Trace: [ 2205.763251][T27723] dump_stack+0x14a/0x1ce [ 2205.767561][T27723] ? devkmsg_release+0x11c/0x11c [ 2205.772499][T27723] ? show_regs_print_info+0x12/0x12 [ 2205.777694][T27723] ? cred_has_capability+0x1c2/0x410 [ 2205.782960][T27723] ? cred_has_capability+0x2cc/0x410 [ 2205.788229][T27723] should_fail+0x6fb/0x860 [ 2205.792636][T27723] ? setup_fault_attr+0x3d0/0x3d0 [ 2205.797670][T27723] ? slab_free_freelist_hook+0xd0/0x150 [ 2205.803220][T27723] ? cap_capable+0x23f/0x280 [ 2205.807794][T27723] ? proc_pid_stack+0x1d5/0x1f0 [ 2205.812625][T27723] ? proc_pid_stack+0x8e/0x1f0 [ 2205.817374][T27723] should_failslab+0x5/0x20 [ 2205.821871][T27723] kmem_cache_alloc_trace+0x39/0x280 [ 2205.827168][T27723] proc_pid_stack+0x8e/0x1f0 [ 2205.831750][T27723] proc_single_show+0xd3/0x130 [ 2205.836502][T27723] seq_read+0x4aa/0xd30 [ 2205.840647][T27723] do_iter_read+0x43b/0x550 [ 2205.845153][T27723] do_preadv+0x213/0x350 [ 2205.849385][T27723] ? do_writev+0x5b0/0x5b0 [ 2205.853784][T27723] ? fput_many+0x42/0x1a0 [ 2205.858109][T27723] ? ksys_write+0x25d/0x2c0 [ 2205.862609][T27723] do_syscall_64+0xcb/0x150 [ 2205.867111][T27723] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2205.873007][T27723] RIP: 0033:0x45ccd9 [ 2205.876885][T27723] Code: 2d b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb b5 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2205.896481][T27723] RSP: 002b:00007f2dca027c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000127 [ 2205.904902][T27723] RAX: ffffffffffffffda RBX: 0000000000024a80 RCX: 000000000045ccd9 [ 2205.912871][T27723] RDX: 0000000000000375 RSI: 00000000200017c0 RDI: 0000000000000006 [ 2205.920838][T27723] RBP: 00007f2dca027ca0 R08: 0000000000000000 R09: 0000000000000000 [ 2205.928803][T27723] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 2205.936768][T27723] R13: 00007ffc5a445d3f R14: 00007f2dca0289c0 R15: 000000000078c18c [ 2205.979216][T27712] Mem-Info: [ 2205.984875][T27712] active_anon:1414244 inactive_anon:9707 isolated_anon:0 [ 2205.984875][T27712] active_file:26 inactive_file:9 isolated_file:5 [ 2205.984875][T27712] unevictable:363 dirty:8 writeback:0 unstable:0 [ 2205.984875][T27712] slab_reclaimable:10333 slab_unreclaimable:79302 [ 2205.984875][T27712] mapped:58039 shmem:9776 pagetables:37072 bounce:0 [ 2205.984875][T27712] free:10032 free_pcp:25 free_cma:0 [ 2206.022540][T27712] Node 0 active_anon:5656976kB inactive_anon:38828kB active_file:104kB inactive_file:36kB unevictable:1452kB isolated(anon):0kB isolated(file):20kB mapped:232156kB dirty:32kB writeback:0kB shmem:39104kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2206.047290][T27712] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2206.073345][T27712] lowmem_reserve[]: 0 2912 6416 6416 [ 2206.078922][T27712] DMA32 free:17172kB min:4644kB low:7624kB high:10604kB active_anon:2844180kB inactive_anon:5352kB active_file:0kB inactive_file:4kB unevictable:0kB writepending:4kB present:3129332kB managed:2983768kB mlocked:0kB kernel_stack:15168kB pagetables:20672kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2206.107803][T27712] lowmem_reserve[]: 0 0 3504 3504 [ 2206.112836][T27712] Normal free:6472kB min:5592kB low:9180kB high:12768kB active_anon:2812316kB inactive_anon:33476kB active_file:0kB inactive_file:300kB unevictable:1452kB writepending:28kB present:4718592kB managed:3588928kB mlocked:1452kB kernel_stack:29856kB pagetables:127616kB bounce:0kB free_pcp:248kB local_pcp:248kB free_cma:0kB [ 2206.143774][T27712] lowmem_reserve[]: 0 0 0 0 [ 2206.148740][T27712] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2206.162672][T27712] DMA32: 24*4kB (UME) 23*8kB (UME) 37*16kB (UME) 21*32kB (UMEH) 29*64kB (UMEH) 27*128kB (UMEH) 4*256kB (ME) 3*512kB (UM) 4*1024kB (ME) 0*2048kB 1*4096kB (M) = 17608kB [ 2206.179748][T27712] Normal: 249*4kB (UME) 69*8kB (UME) 33*16kB (UME) 9*32kB (M) 7*64kB (M) 2*128kB (M) 0*256kB 0*512kB 1*1024kB (M) 1*2048kB (M) 0*4096kB = 6140kB [ 2206.194895][T27712] 10249 total pagecache pages [ 2206.199571][T27712] 0 pages in swap cache [ 2206.203703][T27712] Swap cache stats: add 0, delete 0, find 0/0 [ 2206.209802][T27712] Free swap = 0kB [ 2206.213535][T27712] Total swap = 0kB [ 2206.217313][T27712] 1965979 pages RAM [ 2206.221096][T27712] 0 pages HighMem/MovableOnly [ 2206.225785][T27712] 318829 pages reserved [ 2206.229946][T27712] 0 pages cma reserved [ 2206.234001][T27712] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.0,pid=25699,uid=0 [ 2206.248123][T27712] Out of memory: Killed process 25699 (syz-executor.0) total-vm:75240kB, anon-rss:15516kB, file-rss:35840kB, shmem-rss:0kB, UID:0 pgtables:160kB oom_score_adj:1000 21:33:34 executing program 3: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0), 0x0, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:33:34 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/netlink\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x900, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) 21:33:34 executing program 2: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, 0x0, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:33:34 executing program 5 (fault-call:13 fault-nth:4): ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x0) [ 2206.617257][T27748] FAULT_INJECTION: forcing a failure. [ 2206.617257][T27748] name failslab, interval 1, probability 0, space 0, times 0 [ 2206.630107][T27748] CPU: 0 PID: 27748 Comm: syz-executor.5 Not tainted 5.4.56-syzkaller-00005-g8555f0d9d303 #0 [ 2206.640271][T27748] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2206.650318][T27748] Call Trace: [ 2206.653603][T27748] dump_stack+0x14a/0x1ce [ 2206.657952][T27748] ? devkmsg_release+0x11c/0x11c [ 2206.662878][T27748] ? show_regs_print_info+0x12/0x12 [ 2206.668081][T27748] ? cred_has_capability+0x1c2/0x410 [ 2206.673362][T27748] ? cred_has_capability+0x2cc/0x410 [ 2206.678642][T27748] should_fail+0x6fb/0x860 [ 2206.683047][T27748] ? setup_fault_attr+0x3d0/0x3d0 [ 2206.688073][T27748] ? slab_free_freelist_hook+0xd0/0x150 [ 2206.693606][T27748] ? cap_capable+0x23f/0x280 [ 2206.698188][T27748] ? proc_pid_stack+0x1d5/0x1f0 [ 2206.703136][T27748] ? proc_pid_stack+0x8e/0x1f0 [ 2206.708524][T27748] should_failslab+0x5/0x20 [ 2206.713031][T27748] kmem_cache_alloc_trace+0x39/0x280 [ 2206.718305][T27748] proc_pid_stack+0x8e/0x1f0 [ 2206.722907][T27748] proc_single_show+0xd3/0x130 [ 2206.727684][T27748] seq_read+0x4aa/0xd30 [ 2206.731840][T27748] do_iter_read+0x43b/0x550 [ 2206.736338][T27748] do_preadv+0x213/0x350 [ 2206.740591][T27748] ? do_writev+0x5b0/0x5b0 [ 2206.745000][T27748] ? fput_many+0x42/0x1a0 [ 2206.749318][T27748] ? ksys_write+0x25d/0x2c0 [ 2206.753818][T27748] ? do_user_addr_fault+0x55c/0x9f0 [ 2206.759026][T27748] do_syscall_64+0xcb/0x150 [ 2206.763524][T27748] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2206.770366][T27748] RIP: 0033:0x45ccd9 [ 2206.774249][T27748] Code: 2d b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb b5 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2206.793862][T27748] RSP: 002b:00007f2dca048c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000127 [ 2206.803526][T27748] RAX: ffffffffffffffda RBX: 0000000000024a80 RCX: 000000000045ccd9 21:33:34 executing program 4: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) setxattr$security_selinux(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='security.selinux\x00', &(0x7f0000000180)='system_u:object_r:utempter_exec_t:s0\x00', 0x25, 0x2) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) [ 2206.811500][T27748] RDX: 0000000000000375 RSI: 00000000200017c0 RDI: 0000000000000006 [ 2206.819495][T27748] RBP: 00007f2dca048ca0 R08: 0000000000000000 R09: 0000000000000000 [ 2206.827477][T27748] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 2206.835451][T27748] R13: 00007ffc5a445d3f R14: 00007f2dca0499c0 R15: 000000000078c0ec 21:33:34 executing program 3: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0), 0x0, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:33:34 executing program 2: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x0, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:33:34 executing program 0: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x5, 0x2}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) sendmsg$ETHTOOL_MSG_LINKINFO_SET(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000200)={&(0x7f00000002c0)=ANY=[@ANYBLOB="7201a960632ed46b0fde8aad6bba45825a570e80e9649fced16db574dd5a49d3145698a6e6995b025f1e868d251f2481f539", @ANYRES16, @ANYRES64], 0x58}, 0x1, 0x0, 0x0, 0x4000}, 0x8004) sendmsg$ETHTOOL_MSG_LINKMODES_SET(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x3c, 0x0, 0x300, 0x70bd2a, 0x25dfdbfd, {}, [@ETHTOOL_A_LINKMODES_AUTONEG={0x5, 0x2, 0x40}, @ETHTOOL_A_LINKMODES_AUTONEG={0x5, 0x2, 0x40}, @ETHTOOL_A_LINKMODES_SPEED={0x8, 0x5, 0x3}, @ETHTOOL_A_LINKMODES_SPEED={0x8, 0x5, 0xd4d}, @ETHTOOL_A_LINKMODES_AUTONEG={0x5, 0x2, 0xc9}]}, 0x3c}}, 0x4) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f0000000000)='pagemap\x00') read$char_usb(r4, 0x0, 0x7ffff000) ioctl$TIOCGPGRP(r4, 0x540f, &(0x7f00000000c0)=0x0) r6 = syz_open_procfs(r5, &(0x7f00000002c0)='stack\x00') preadv(r6, &(0x7f00000017c0), 0x0, 0x0, 0x1000000) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) [ 2207.118243][T27755] syz-executor.3 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000 [ 2207.137068][T27755] CPU: 0 PID: 27755 Comm: syz-executor.3 Not tainted 5.4.56-syzkaller-00005-g8555f0d9d303 #0 [ 2207.147227][T27755] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2207.157267][T27755] Call Trace: [ 2207.160571][T27755] dump_stack+0x14a/0x1ce [ 2207.164896][T27755] ? devkmsg_release+0x11c/0x11c [ 2207.169828][T27755] ? show_regs_print_info+0x12/0x12 [ 2207.175018][T27755] ? radix_tree_cpu_dead+0x160/0x160 [ 2207.180291][T27755] ? _raw_spin_lock+0xa1/0x170 [ 2207.185045][T27755] ? _raw_spin_trylock_bh+0x190/0x190 [ 2207.190411][T27755] dump_header+0xdb/0x700 [ 2207.194752][T27755] oom_kill_process+0xd3/0x280 [ 2207.199510][T27755] out_of_memory+0x5b6/0x890 [ 2207.204085][T27755] ? unregister_oom_notifier+0x20/0x20 [ 2207.209557][T27755] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2207.215112][T27755] ? get_page_from_freelist+0x7c0/0x7c0 [ 2207.220677][T27755] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2207.226053][T27755] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2207.232379][T27755] pagecache_get_page+0x50f/0x880 [ 2207.237407][T27755] filemap_fault+0x14cb/0x1a30 [ 2207.242156][T27755] ? __down_read+0xf1/0x210 [ 2207.246656][T27755] ? generic_file_read_iter+0x20b0/0x20b0 [ 2207.252379][T27755] ext4_filemap_fault+0x7b/0x90 [ 2207.257229][T27755] handle_mm_fault+0x29ca/0x41e0 [ 2207.262171][T27755] ? _raw_spin_unlock+0x5/0x20 [ 2207.267124][T27755] ? wake_up_new_task+0x9d3/0xb60 [ 2207.272136][T27755] ? finish_fault+0x230/0x230 [ 2207.276797][T27755] ? down_read_trylock+0x17a/0x1d0 [ 2207.282076][T27755] ? vmacache_update+0x9f/0xf0 [ 2207.286824][T27755] do_user_addr_fault+0x48a/0x9f0 [ 2207.291835][T27755] page_fault+0x2f/0x40 [ 2207.296019][T27755] RIP: 0033:0x40f62e [ 2207.299891][T27755] Code: 0f 1f 40 00 48 c7 44 24 10 00 00 00 00 c7 44 24 0c 00 00 00 00 48 8b ac 24 88 00 00 00 48 81 fd 00 00 b9 00 0f 83 48 06 00 00 <4c> 8b 75 00 4c 8d 65 08 4c 89 a4 24 88 00 00 00 49 83 fe ff 0f 84 [ 2207.319915][T27755] RSP: 002b:00007ffd7c796660 EFLAGS: 00010283 [ 2207.325962][T27755] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 000000000021ad18 [ 2207.333927][T27755] RDX: 000000000000004a RSI: 0000000000000000 RDI: 0000000000000001 [ 2207.341889][T27755] RBP: 00000000007905e0 R08: 0000000000000000 R09: 0000000000000000 [ 2207.349860][T27755] R10: 00007ffd7c796740 R11: 0000000000000246 R12: 00000000000003e8 [ 2207.357815][T27755] R13: 000000000021ad55 R14: 000000000021ad28 R15: 000000000078bfac [ 2207.367757][T27755] Mem-Info: [ 2207.371396][T27755] active_anon:1414187 inactive_anon:9707 isolated_anon:0 [ 2207.371396][T27755] active_file:77 inactive_file:77 isolated_file:0 [ 2207.371396][T27755] unevictable:363 dirty:0 writeback:22 unstable:0 [ 2207.371396][T27755] slab_reclaimable:10325 slab_unreclaimable:79218 [ 2207.371396][T27755] mapped:58071 shmem:9776 pagetables:37085 bounce:0 [ 2207.371396][T27755] free:10082 free_pcp:101 free_cma:0 [ 2207.420808][T27755] Node 0 active_anon:5643648kB inactive_anon:38828kB active_file:360kB inactive_file:1652kB unevictable:1452kB isolated(anon):0kB isolated(file):0kB mapped:232884kB dirty:0kB writeback:88kB shmem:39104kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2207.485371][T27755] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2207.525421][T27755] lowmem_reserve[]: 0 2912 6416 6416 [ 2207.533740][T27755] DMA32 free:20192kB min:4644kB low:7624kB high:10604kB active_anon:2837732kB inactive_anon:5352kB active_file:0kB inactive_file:492kB unevictable:0kB writepending:56kB present:3129332kB managed:2983768kB mlocked:0kB kernel_stack:15296kB pagetables:20612kB bounce:0kB free_pcp:2904kB local_pcp:1404kB free_cma:0kB [ 2207.581902][T27755] lowmem_reserve[]: 0 0 3504 3504 [ 2207.593847][T27755] Normal free:7092kB min:5592kB low:9180kB high:12768kB active_anon:2809484kB inactive_anon:33476kB active_file:364kB inactive_file:5712kB unevictable:1452kB writepending:56kB present:4718592kB managed:3588928kB mlocked:1452kB kernel_stack:29376kB pagetables:127536kB bounce:0kB free_pcp:564kB local_pcp:208kB free_cma:0kB [ 2207.637414][T27755] lowmem_reserve[]: 0 0 0 0 [ 2207.648287][T27755] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2207.662930][T27755] DMA32: 2*4kB (UE) 78*8kB (UME) 52*16kB (ME) 20*32kB (UME) 13*64kB (UME) 43*128kB (UME) 4*256kB (ME) 3*512kB (UM) 4*1024kB (ME) 0*2048kB 1*4096kB (M) = 19192kB [ 2207.682036][T27755] Normal: 54*4kB (MEH) 15*8kB (EH) 10*16kB (MEH) 15*32kB (UMH) 0*64kB 2*128kB (UM) 4*256kB (M) 2*512kB (M) 0*1024kB 1*2048kB (M) 0*4096kB = 5328kB [ 2207.703309][T27755] 11303 total pagecache pages [ 2207.708667][T27755] 0 pages in swap cache [ 2207.713027][T27755] Swap cache stats: add 0, delete 0, find 0/0 [ 2207.720380][T27755] Free swap = 0kB [ 2207.724319][T27755] Total swap = 0kB [ 2207.729120][T27755] 1965979 pages RAM [ 2207.733104][T27755] 0 pages HighMem/MovableOnly 21:33:35 executing program 5 (fault-call:13 fault-nth:5): ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x0) 21:33:35 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/netlink\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x900, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) 21:33:35 executing program 2: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x0, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) [ 2207.738704][T27755] 318829 pages reserved [ 2207.743059][T27755] 0 pages cma reserved [ 2207.753578][T27755] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.5,pid=27730,uid=0 [ 2207.904741][T27786] syz-executor.1 invoked oom-killer: gfp_mask=0x1100dca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO|0x1000000), order=0, oom_score_adj=1000 [ 2207.918479][T27786] CPU: 1 PID: 27786 Comm: syz-executor.1 Not tainted 5.4.56-syzkaller-00005-g8555f0d9d303 #0 [ 2207.928728][T27786] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2207.938767][T27786] Call Trace: [ 2207.942043][T27786] dump_stack+0x14a/0x1ce [ 2207.946354][T27786] ? devkmsg_release+0x11c/0x11c [ 2207.951284][T27786] ? show_regs_print_info+0x12/0x12 [ 2207.956480][T27786] ? radix_tree_cpu_dead+0x160/0x160 [ 2207.961749][T27786] ? _raw_spin_lock+0xa1/0x170 [ 2207.966489][T27786] ? _raw_spin_trylock_bh+0x190/0x190 [ 2207.971855][T27786] dump_header+0xdb/0x700 [ 2207.976159][T27786] oom_kill_process+0xd3/0x280 [ 2207.980901][T27786] out_of_memory+0x5b6/0x890 [ 2207.985479][T27786] ? unregister_oom_notifier+0x20/0x20 [ 2207.990919][T27786] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2207.996469][T27786] ? get_page_from_freelist+0x7c0/0x7c0 [ 2208.002000][T27786] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2208.007372][T27786] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2208.012902][T27786] ? mem_cgroup_commit_charge+0x1cc/0x2a0 [ 2208.018616][T27786] ? mem_cgroup_try_charge_delay+0x10/0x10 [ 2208.024413][T27786] ? __lru_cache_add+0x1a1/0x1f0 [ 2208.029341][T27786] wp_page_copy+0x1cb/0x1120 [ 2208.033909][T27786] ? add_mm_rss_vec+0x270/0x270 [ 2208.038738][T27786] ? perf_pmu_sched_task+0x370/0x370 [ 2208.044010][T27786] ? switch_mm_irqs_off+0x4d7/0x9a0 [ 2208.049194][T27786] ? vm_normal_page+0x1c9/0x1d0 [ 2208.054019][T27786] do_wp_page+0x4c1/0x1530 [ 2208.058428][T27786] ? _raw_spin_lock+0xa1/0x170 [ 2208.063167][T27786] ? do_swap_page+0x1560/0x1560 [ 2208.068007][T27786] handle_mm_fault+0xfa5/0x41e0 [ 2208.072846][T27786] ? finish_fault+0x230/0x230 [ 2208.077501][T27786] ? update_curr+0x584/0x740 [ 2208.082078][T27786] ? down_read_trylock+0x17a/0x1d0 [ 2208.087174][T27786] ? vmacache_find+0x47a/0x4b0 [ 2208.091931][T27786] do_user_addr_fault+0x48a/0x9f0 [ 2208.096930][T27786] page_fault+0x2f/0x40 [ 2208.101089][T27786] RIP: 0010:copy_user_enhanced_fast_string+0xe/0x30 [ 2208.107678][T27786] Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 89 d1 f3 a4 [ 2208.127380][T27786] RSP: 0018:ffff88803d127888 EFLAGS: 00010206 [ 2208.133440][T27786] RAX: ffffffff81f80e01 RBX: 000000002026c500 RCX: 0000000000000500 [ 2208.141405][T27786] RDX: 0000000000001000 RSI: ffff888082136b00 RDI: 000000002026c000 [ 2208.149367][T27786] RBP: ffff88803d127da8 R08: dffffc0000000000 R09: ffffed1010426e00 [ 2208.157328][T27786] R10: 0000000000000000 R11: 0000000000000000 R12: 00007ffffffff000 [ 2208.165281][T27786] R13: 0000000000001000 R14: ffff888082136000 R15: 000000002026b500 [ 2208.173263][T27786] ? _copy_to_iter+0x1021/0x1060 [ 2208.178190][T27786] copyout+0x8e/0xb0 [ 2208.182073][T27786] copy_page_to_iter+0x393/0xbd0 [ 2208.187017][T27786] pipe_to_user+0xa3/0x130 [ 2208.191434][T27786] __splice_from_pipe+0x2d3/0x870 [ 2208.196456][T27786] ? user_page_pipe_buf_steal+0xc0/0xc0 [ 2208.202002][T27786] do_vmsplice+0x252/0xee0 [ 2208.206661][T27786] ? is_mmconf_reserved+0x420/0x420 [ 2208.211834][T27786] ? write_pipe_buf+0x1d0/0x1d0 [ 2208.216658][T27786] ? __rcu_read_lock+0x50/0x50 [ 2208.221411][T27786] ? preempt_schedule+0x110/0x130 [ 2208.226409][T27786] ? check_stack_object+0x5a/0x90 [ 2208.231408][T27786] ? _copy_from_user+0xa4/0xe0 [ 2208.236146][T27786] ? rw_copy_check_uvector+0x2b3/0x310 [ 2208.241577][T27786] ? import_iovec+0x1c2/0x380 [ 2208.246259][T27786] ? dup_iter+0x110/0x110 [ 2208.250573][T27786] ? do_vfs_ioctl+0x780/0x1750 [ 2208.255330][T27786] __se_sys_vmsplice+0x1fb/0x300 [ 2208.260428][T27786] ? __x64_sys_vmsplice+0xa0/0xa0 [ 2208.265455][T27786] ? put_timespec64+0x109/0x150 [ 2208.270291][T27786] ? __x64_sys_clock_gettime+0x20d/0x260 [ 2208.275906][T27786] ? __ia32_sys_clock_settime+0x2a0/0x2a0 [ 2208.281634][T27786] do_syscall_64+0xcb/0x150 [ 2208.286121][T27786] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2208.291989][T27786] RIP: 0033:0x45ccd9 [ 2208.295872][T27786] Code: 2d b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb b5 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2208.315564][T27786] RSP: 002b:00007f08e95a3c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000116 [ 2208.323951][T27786] RAX: ffffffffffffffda RBX: 0000000000035780 RCX: 000000000045ccd9 [ 2208.331905][T27786] RDX: 0000000000000001 RSI: 0000000020000000 RDI: 0000000000000004 [ 2208.339859][T27786] RBP: 000000000078c088 R08: 0000000000000000 R09: 0000000000000000 [ 2208.347814][T27786] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078c04c [ 2208.355781][T27786] R13: 00007ffee81ce42f R14: 00007f08e95a49c0 R15: 000000000078c04c [ 2208.364104][T27786] Mem-Info: [ 2208.367342][T27786] active_anon:1414870 inactive_anon:9707 isolated_anon:0 [ 2208.367342][T27786] active_file:27 inactive_file:23 isolated_file:0 [ 2208.367342][T27786] unevictable:363 dirty:6 writeback:0 unstable:0 [ 2208.367342][T27786] slab_reclaimable:10326 slab_unreclaimable:78945 [ 2208.367342][T27786] mapped:58053 shmem:9776 pagetables:37064 bounce:0 [ 2208.367342][T27786] free:9760 free_pcp:21 free_cma:0 [ 2208.405765][T27786] Node 0 active_anon:5659580kB inactive_anon:38828kB active_file:108kB inactive_file:0kB unevictable:1452kB isolated(anon):0kB isolated(file):0kB mapped:232212kB dirty:24kB writeback:0kB shmem:39104kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2208.431139][T27786] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2208.457965][T27786] lowmem_reserve[]: 0 2912 6416 6416 [ 2208.464940][T27786] DMA32 free:18356kB min:4644kB low:7624kB high:10604kB active_anon:2840804kB inactive_anon:5352kB active_file:448kB inactive_file:84kB unevictable:0kB writepending:4kB present:3129332kB managed:2983768kB mlocked:0kB kernel_stack:15360kB pagetables:20716kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2208.496858][T27786] lowmem_reserve[]: 0 0 3504 3504 [ 2208.501919][T27786] Normal free:6704kB min:5592kB low:9180kB high:12768kB active_anon:2813596kB inactive_anon:33476kB active_file:116kB inactive_file:1364kB unevictable:1452kB writepending:16kB present:4718592kB managed:3588928kB mlocked:1452kB kernel_stack:29440kB pagetables:127540kB bounce:0kB free_pcp:760kB local_pcp:448kB free_cma:0kB [ 2208.532538][T27786] lowmem_reserve[]: 0 0 0 0 [ 2208.537082][T27786] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2208.550417][T27786] DMA32: 14*4kB (U) 19*8kB (UME) 12*16kB (UME) 38*32kB (UME) 13*64kB (ME) 43*128kB (UME) 4*256kB (ME) 3*512kB (UM) 4*1024kB (ME) 0*2048kB 1*4096kB (M) = 18704kB [ 2208.577923][T27786] Normal: 475*4kB (UME) 77*8kB (UME) 48*16kB (UME) 25*32kB (UM) 3*64kB (M) 3*128kB (UM) 1*256kB (M) 3*512kB (M) 0*1024kB 1*2048kB (M) 0*4096kB = 8500kB [ 2208.594236][T27786] 10848 total pagecache pages [ 2208.599541][T27786] 0 pages in swap cache 21:33:36 executing program 4: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) waitid(0x1, r1, 0x0, 0x40000000, 0x0) sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r5, &(0x7f00000017c0), 0x375, 0x0, 0x0) read$char_usb(0xffffffffffffffff, 0x0, 0x7ffff000) ioctl$sock_SIOCGIFVLAN_GET_VLAN_INGRESS_PRIORITY_CMD(0xffffffffffffffff, 0x8982, &(0x7f0000000140)) write$P9_RVERSION(r5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1500000065ffffff03012b850b714f95b674000008"], 0x15) [ 2208.613583][T27786] Swap cache stats: add 0, delete 0, find 0/0 [ 2208.619842][T27786] Free swap = 0kB [ 2208.623685][T27786] Total swap = 0kB [ 2208.627497][T27786] 1965979 pages RAM [ 2208.636649][T27786] 0 pages HighMem/MovableOnly [ 2208.641317][T27786] 318829 pages reserved [ 2208.653419][T27786] 0 pages cma reserved [ 2208.657560][T27786] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.4,pid=26974,uid=0 [ 2208.671858][T27786] Out of memory: Killed process 26974 (syz-executor.4) total-vm:75372kB, anon-rss:15412kB, file-rss:35928kB, shmem-rss:0kB, UID:0 pgtables:164kB oom_score_adj:1000 [ 2208.695010][ T23] oom_reaper: reaped process 26974 (syz-executor.4), now anon-rss:0kB, file-rss:34840kB, shmem-rss:0kB 21:33:36 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/netlink\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x900, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) 21:33:36 executing program 0: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() setsockopt$inet6_mtu(0xffffffffffffffff, 0x29, 0x17, &(0x7f0000000380)=0x2, 0x4) sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x25}, 0xfff}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$netlink(r3, 0x10e, 0x0, &(0x7f00000001c0)=""/159, &(0x7f00000000c0)=0x9f) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) r4 = syz_open_procfs(0x0, &(0x7f0000000000)='pagemap\x00') read$char_usb(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(r4, &(0x7f0000000300)="e88ff1d929bcef0dba6fbdc66e6e1ca06fccb35d157cb82a66ddd29336244a804a2e1ff1dd37b9fdabb8fe6677b493a4d182597b900cd6c362745a2e0768c92d2c4208fe9a91e6c5219a5c60f9044c60a016a46f82887f7f7f7024cb09af3756b1d39c", 0x63, 0x4c084, &(0x7f0000000140)={0xa, 0x4e24, 0x8, @mcast1, 0x7}, 0x1c) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3, 0x2b21000000000, 0x0, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r5, &(0x7f00000017c0), 0x375, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:33:36 executing program 3: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0), 0x0, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) [ 2208.927825][T27804] FAULT_INJECTION: forcing a failure. [ 2208.927825][T27804] name failslab, interval 1, probability 0, space 0, times 0 [ 2208.940596][T27804] CPU: 1 PID: 27804 Comm: syz-executor.5 Not tainted 5.4.56-syzkaller-00005-g8555f0d9d303 #0 [ 2208.950749][T27804] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2208.960793][T27804] Call Trace: [ 2208.973480][T27804] dump_stack+0x14a/0x1ce [ 2208.977794][T27804] ? devkmsg_release+0x11c/0x11c [ 2208.982714][T27804] ? show_regs_print_info+0x12/0x12 [ 2208.987893][T27804] ? cred_has_capability+0x1c2/0x410 [ 2208.993209][T27804] ? cred_has_capability+0x2cc/0x410 [ 2208.998474][T27804] should_fail+0x6fb/0x860 [ 2209.002873][T27804] ? setup_fault_attr+0x3d0/0x3d0 [ 2209.007893][T27804] ? slab_free_freelist_hook+0xd0/0x150 [ 2209.013431][T27804] ? cap_capable+0x23f/0x280 [ 2209.018014][T27804] ? proc_pid_stack+0x1d5/0x1f0 [ 2209.022881][T27804] ? proc_pid_stack+0x8e/0x1f0 [ 2209.027639][T27804] should_failslab+0x5/0x20 [ 2209.032137][T27804] kmem_cache_alloc_trace+0x39/0x280 [ 2209.037433][T27804] proc_pid_stack+0x8e/0x1f0 [ 2209.042019][T27804] proc_single_show+0xd3/0x130 [ 2209.046781][T27804] seq_read+0x4aa/0xd30 [ 2209.050932][T27804] do_iter_read+0x43b/0x550 [ 2209.055436][T27804] do_preadv+0x213/0x350 [ 2209.059678][T27804] ? do_writev+0x5b0/0x5b0 [ 2209.064075][T27804] ? fput_many+0x42/0x1a0 [ 2209.068411][T27804] ? ksys_write+0x25d/0x2c0 [ 2209.072926][T27804] do_syscall_64+0xcb/0x150 [ 2209.077434][T27804] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2209.083320][T27804] RIP: 0033:0x45ccd9 [ 2209.087218][T27804] Code: 2d b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb b5 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2209.106810][T27804] RSP: 002b:00007f2dca048c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000127 [ 2209.115218][T27804] RAX: ffffffffffffffda RBX: 0000000000024a80 RCX: 000000000045ccd9 21:33:36 executing program 2: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x0, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) [ 2209.123180][T27804] RDX: 0000000000000375 RSI: 00000000200017c0 RDI: 0000000000000006 [ 2209.131149][T27804] RBP: 00007f2dca048ca0 R08: 0000000000000000 R09: 0000000000000000 [ 2209.139113][T27804] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 2209.147113][T27804] R13: 00007ffc5a445d3f R14: 00007f2dca0499c0 R15: 000000000078c0ec [ 2209.286414][ T333] syz-fuzzer invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 2209.297369][ T333] CPU: 0 PID: 333 Comm: syz-fuzzer Not tainted 5.4.56-syzkaller-00005-g8555f0d9d303 #0 [ 2209.307071][ T333] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2209.317109][ T333] Call Trace: [ 2209.320388][ T333] dump_stack+0x14a/0x1ce [ 2209.324716][ T333] ? devkmsg_release+0x11c/0x11c [ 2209.329643][ T333] ? show_regs_print_info+0x12/0x12 [ 2209.334824][ T333] ? radix_tree_cpu_dead+0x160/0x160 [ 2209.340099][ T333] ? _raw_spin_lock+0xa1/0x170 [ 2209.344853][ T333] ? _raw_spin_trylock_bh+0x190/0x190 [ 2209.350204][ T333] dump_header+0xdb/0x700 [ 2209.354519][ T333] oom_kill_process+0xd3/0x280 [ 2209.359276][ T333] out_of_memory+0x5b6/0x890 [ 2209.363842][ T333] ? unregister_oom_notifier+0x20/0x20 [ 2209.369352][ T333] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2209.374874][ T333] ? get_page_from_freelist+0x7c0/0x7c0 [ 2209.380729][ T333] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2209.386179][ T333] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2209.391695][ T333] pagecache_get_page+0x50f/0x880 [ 2209.396692][ T333] filemap_fault+0x14cb/0x1a30 [ 2209.401438][ T333] ? __down_read+0xf1/0x210 [ 2209.405911][ T333] ? generic_file_read_iter+0x20b0/0x20b0 [ 2209.411618][ T333] ? is_mmconf_reserved+0x420/0x420 [ 2209.416814][ T333] ext4_filemap_fault+0x7b/0x90 [ 2209.421663][ T333] handle_mm_fault+0x29ca/0x41e0 [ 2209.426590][ T333] ? finish_fault+0x230/0x230 [ 2209.431263][ T333] ? down_read_trylock+0x17a/0x1d0 [ 2209.436352][ T333] ? __x64_sys_nanosleep+0x60/0x60 [ 2209.441435][ T333] ? vmacache_find+0x205/0x4b0 [ 2209.446183][ T333] do_user_addr_fault+0x48a/0x9f0 [ 2209.451191][ T333] page_fault+0x2f/0x40 [ 2209.455330][ T333] RIP: 0033:0x4418ad [ 2209.459214][ T333] Code: Bad RIP value. [ 2209.463257][ T333] RSP: 002b:000000c00004df38 EFLAGS: 00010216 [ 2209.469308][ T333] RAX: 0000000000000000 RBX: 0000000000004e20 RCX: 0000000000468a8d [ 2209.477258][ T333] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000c00004df18 [ 2209.485217][ T333] RBP: 000000c00004dfa0 R08: 00000000002f6b4a R09: 00007ffcb21f80b8 [ 2209.493172][ T333] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000439470 [ 2209.501130][ T333] R13: 0000000000000000 R14: 0000000000ad5284 R15: 0000000000000000 [ 2209.509846][ T333] Mem-Info: [ 2209.513383][ T333] active_anon:1414770 inactive_anon:9707 isolated_anon:0 [ 2209.513383][ T333] active_file:26 inactive_file:0 isolated_file:5 [ 2209.513383][ T333] unevictable:363 dirty:23 writeback:0 unstable:0 [ 2209.513383][ T333] slab_reclaimable:10321 slab_unreclaimable:79015 [ 2209.513383][ T333] mapped:58072 shmem:9776 pagetables:37134 bounce:0 [ 2209.513383][ T333] free:9658 free_pcp:29 free_cma:0 [ 2209.551672][ T333] Node 0 active_anon:5659080kB inactive_anon:38828kB active_file:104kB inactive_file:0kB unevictable:1452kB isolated(anon):0kB isolated(file):20kB mapped:232288kB dirty:92kB writeback:0kB shmem:39104kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 2209.576047][ T333] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2209.602012][ T333] lowmem_reserve[]: 0 2912 6416 6416 [ 2209.607375][ T333] DMA32 free:18664kB min:4644kB low:7624kB high:10604kB active_anon:2836912kB inactive_anon:5352kB active_file:16kB inactive_file:44kB unevictable:0kB writepending:20kB present:3129332kB managed:2983768kB mlocked:0kB kernel_stack:15552kB pagetables:21076kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2209.636771][ T333] lowmem_reserve[]: 0 0 3504 3504 [ 2209.642526][ T333] Normal free:4536kB min:5592kB low:9180kB high:12768kB active_anon:2822212kB inactive_anon:33476kB active_file:20kB inactive_file:32kB unevictable:1452kB writepending:8kB present:4718592kB managed:3588928kB mlocked:1452kB kernel_stack:29440kB pagetables:127640kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2209.676721][ T333] lowmem_reserve[]: 0 0 0 0 [ 2209.681335][ T333] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2209.722730][ T333] DMA32: 2*4kB (UM) 27*8kB (ME) 61*16kB (ME) 48*32kB (UME) 33*64kB (UME) 54*128kB (UME) 6*256kB (UME) 5*512kB (UM) 5*1024kB (ME) 0*2048kB 0*4096kB = 20976kB 21:33:37 executing program 4: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') r5 = syz_open_procfs(0x0, &(0x7f0000000000)='pagemap\x00') read$char_usb(r5, 0x0, 0x7ffff000) ioctl$FS_IOC_SETVERSION(r5, 0x40087602, &(0x7f00000000c0)=0x8) r6 = syz_open_procfs(0x0, &(0x7f0000000000)='pagemap\x00') read$char_usb(r6, 0x0, 0x7ffff000) splice(r6, &(0x7f0000000140)=0x800, 0xffffffffffffffff, &(0x7f0000000180)=0x9, 0x7, 0x0) preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) 21:33:37 executing program 5 (fault-call:13 fault-nth:6): ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x0) [ 2209.738818][ T333] Normal: 40*4kB (ME) 59*8kB (ME) 29*16kB (UME) 38*32kB (UM) 3*64kB (M) 3*128kB (UM) 3*256kB (M) 1*512kB (M) 0*1024kB 1*2048kB (M) 0*4096kB = 6216kB [ 2209.754160][ T333] 11350 total pagecache pages [ 2209.759921][ T333] 0 pages in swap cache [ 2209.764290][ T333] Swap cache stats: add 0, delete 0, find 0/0 [ 2209.771171][ T333] Free swap = 0kB [ 2209.775393][ T333] Total swap = 0kB [ 2209.781603][ T333] 1965979 pages RAM [ 2209.786898][ T333] 0 pages HighMem/MovableOnly [ 2209.792399][ T333] 318829 pages reserved [ 2209.798763][ T333] 0 pages cma reserved [ 2209.803484][ T333] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.5,pid=27794,uid=0 [ 2209.922273][T23960] syz-fuzzer invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 2209.933161][T23960] CPU: 1 PID: 23960 Comm: syz-fuzzer Not tainted 5.4.56-syzkaller-00005-g8555f0d9d303 #0 [ 2209.942975][T23960] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2209.953038][T23960] Call Trace: [ 2209.956320][T23960] dump_stack+0x14a/0x1ce [ 2209.960655][T23960] ? devkmsg_release+0x11c/0x11c [ 2209.965604][T23960] ? show_regs_print_info+0x12/0x12 [ 2209.970794][T23960] ? radix_tree_cpu_dead+0x160/0x160 [ 2209.976067][T23960] ? _raw_spin_lock+0xa1/0x170 [ 2209.980809][T23960] ? _raw_spin_trylock_bh+0x190/0x190 [ 2209.986168][T23960] dump_header+0xdb/0x700 [ 2209.990494][T23960] oom_kill_process+0xd3/0x280 [ 2209.995238][T23960] out_of_memory+0x5b6/0x890 [ 2209.999805][T23960] ? unregister_oom_notifier+0x20/0x20 [ 2210.005243][T23960] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2210.010787][T23960] ? get_page_from_freelist+0x7c0/0x7c0 [ 2210.016318][T23960] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2210.021675][T23960] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2210.027206][T23960] pagecache_get_page+0x50f/0x880 [ 2210.032211][T23960] filemap_fault+0x14cb/0x1a30 [ 2210.036956][T23960] ? __down_read+0xf1/0x210 [ 2210.041453][T23960] ? generic_file_read_iter+0x20b0/0x20b0 [ 2210.047154][T23960] ext4_filemap_fault+0x7b/0x90 [ 2210.051984][T23960] handle_mm_fault+0x29ca/0x41e0 [ 2210.056902][T23960] ? finish_fault+0x230/0x230 [ 2210.061570][T23960] ? down_read_trylock+0x17a/0x1d0 [ 2210.066692][T23960] ? vmacache_find+0x3a2/0x4b0 [ 2210.071470][T23960] do_user_addr_fault+0x48a/0x9f0 [ 2210.076489][T23960] page_fault+0x2f/0x40 [ 2210.080632][T23960] RIP: 0033:0x40294e [ 2210.084530][T23960] Code: d3 e2 c1 ea 10 0f bc d2 74 ac 49 89 10 c3 80 3d ca 1a 44 01 01 0f 85 66 ff ff ff 66 48 0f 6e c0 4c 8d 5c 1e e0 c4 e2 7d 78 c8 fe 6f 17 c5 ed 74 d9 c4 e2 7d 17 db 75 26 48 83 c7 20 4c 39 df [ 2210.105091][T23960] RSP: 002b:000000c007feb828 EFLAGS: 00010246 [ 2210.111160][T23960] RAX: 0000000000000d00 RBX: 0000000000000de0 RCX: 0000000000c12220 [ 2210.119124][T23960] RDX: 0000000000000000 RSI: 0000000000c12220 RDI: 0000000000c12220 [ 2210.127090][T23960] RBP: 000000c007feb878 R08: 000000c007feb848 R09: 0000000000dc9b7c [ 2210.135069][T23960] R10: 0000000000b3b4a0 R11: 0000000000c12fe0 R12: 000000c0039349c0 [ 2210.143030][T23960] R13: 0000000000000000 R14: 0000000000000000 R15: ffffffffffffffff [ 2210.153708][T23960] Mem-Info: [ 2210.157042][T23960] active_anon:1414242 inactive_anon:9707 isolated_anon:0 [ 2210.157042][T23960] active_file:15 inactive_file:57 isolated_file:6 [ 2210.157042][T23960] unevictable:363 dirty:15 writeback:0 unstable:0 [ 2210.157042][T23960] slab_reclaimable:10318 slab_unreclaimable:78981 [ 2210.157042][T23960] mapped:58083 shmem:9776 pagetables:37197 bounce:0 [ 2210.157042][T23960] free:10187 free_pcp:0 free_cma:0 [ 2210.196412][T23960] Node 0 active_anon:5656968kB inactive_anon:38828kB active_file:60kB inactive_file:100kB unevictable:1452kB isolated(anon):0kB isolated(file):24kB mapped:232332kB dirty:60kB writeback:0kB shmem:39104kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2210.221526][T23960] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2210.247476][T23960] lowmem_reserve[]: 0 2912 6416 6416 [ 2210.252763][T23960] DMA32 free:20736kB min:8740kB low:11720kB high:14700kB active_anon:2833400kB inactive_anon:5352kB active_file:52kB inactive_file:0kB unevictable:0kB writepending:8kB present:3129332kB managed:2983768kB mlocked:0kB kernel_stack:15456kB pagetables:21068kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2210.282222][T23960] lowmem_reserve[]: 0 0 3504 3504 [ 2210.287404][T23960] Normal free:4108kB min:5592kB low:9180kB high:12768kB active_anon:2823372kB inactive_anon:33476kB active_file:264kB inactive_file:32kB unevictable:1452kB writepending:52kB present:4718592kB managed:3588928kB mlocked:1452kB kernel_stack:29600kB pagetables:127720kB bounce:0kB free_pcp:128kB local_pcp:48kB free_cma:0kB [ 2210.317836][T23960] lowmem_reserve[]: 0 0 0 0 [ 2210.322352][T23960] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2210.335650][T23960] DMA32: 2*4kB (UE) 3*8kB (UE) 4*16kB (ME) 40*32kB (UME) 39*64kB (UME) 56*128kB (UME) 7*256kB (ME) 4*512kB (M) 5*1024kB (ME) 0*2048kB 0*4096kB = 20000kB [ 2210.351020][T23960] Normal: 108*4kB (UME) 35*8kB (UME) 28*16kB (UME) 26*32kB (UM) 2*64kB (UM) 1*128kB (U) 1*256kB (M) 0*512kB 0*1024kB 1*2048kB (M) 0*4096kB = 4552kB [ 2210.365969][T23960] 10114 total pagecache pages [ 2210.370632][T23960] 0 pages in swap cache [ 2210.374807][T23960] Swap cache stats: add 0, delete 0, find 0/0 [ 2210.380843][T23960] Free swap = 0kB [ 2210.384562][T23960] Total swap = 0kB [ 2210.388270][T23960] 1965979 pages RAM [ 2210.392051][T23960] 0 pages HighMem/MovableOnly [ 2210.397206][T23960] 318829 pages reserved [ 2210.401845][T23960] 0 pages cma reserved [ 2210.408470][T23960] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.1,pid=12476,uid=0 [ 2210.422785][T23960] Out of memory: Killed process 12476 (syz-executor.1) total-vm:75240kB, anon-rss:15392kB, file-rss:35772kB, shmem-rss:0kB, UID:0 pgtables:164kB oom_score_adj:1000 [ 2210.450087][ T23] oom_reaper: reaped process 12476 (syz-executor.1), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 2210.581039][T27833] FAULT_INJECTION: forcing a failure. [ 2210.581039][T27833] name failslab, interval 1, probability 0, space 0, times 0 [ 2210.593695][T27833] CPU: 0 PID: 27833 Comm: syz-executor.5 Not tainted 5.4.56-syzkaller-00005-g8555f0d9d303 #0 [ 2210.603842][T27833] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2210.613890][T27833] Call Trace: [ 2210.617202][T27833] dump_stack+0x14a/0x1ce [ 2210.621520][T27833] ? devkmsg_release+0x11c/0x11c [ 2210.626458][T27833] ? show_regs_print_info+0x12/0x12 [ 2210.631649][T27833] ? cred_has_capability+0x1c2/0x410 [ 2210.636999][T27833] ? cred_has_capability+0x2cc/0x410 [ 2210.642289][T27833] should_fail+0x6fb/0x860 [ 2210.646697][T27833] ? setup_fault_attr+0x3d0/0x3d0 [ 2210.651703][T27833] ? slab_free_freelist_hook+0xd0/0x150 [ 2210.657246][T27833] ? cap_capable+0x23f/0x280 [ 2210.661818][T27833] ? proc_pid_stack+0x1d5/0x1f0 [ 2210.666663][T27833] ? proc_pid_stack+0x8e/0x1f0 [ 2210.671417][T27833] should_failslab+0x5/0x20 [ 2210.675924][T27833] kmem_cache_alloc_trace+0x39/0x280 [ 2210.681208][T27833] proc_pid_stack+0x8e/0x1f0 [ 2210.685802][T27833] proc_single_show+0xd3/0x130 [ 2210.690599][T27833] seq_read+0x4aa/0xd30 [ 2210.695716][T27833] do_iter_read+0x43b/0x550 [ 2210.700287][T27833] do_preadv+0x213/0x350 [ 2210.704956][T27833] ? do_writev+0x5b0/0x5b0 [ 2210.709457][T27833] ? fput_many+0x42/0x1a0 [ 2210.713778][T27833] ? ksys_write+0x25d/0x2c0 [ 2210.718279][T27833] do_syscall_64+0xcb/0x150 [ 2210.722889][T27833] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2210.728778][T27833] RIP: 0033:0x45ccd9 [ 2210.732669][T27833] Code: 2d b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb b5 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2210.752261][T27833] RSP: 002b:00007f2dca027c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000127 [ 2210.760661][T27833] RAX: ffffffffffffffda RBX: 0000000000024a80 RCX: 000000000045ccd9 [ 2210.768628][T27833] RDX: 0000000000000375 RSI: 00000000200017c0 RDI: 0000000000000006 [ 2210.776599][T27833] RBP: 00007f2dca027ca0 R08: 0000000000000000 R09: 0000000000000000 [ 2210.784555][T27833] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006 [ 2210.792518][T27833] R13: 00007ffc5a445d3f R14: 00007f2dca0289c0 R15: 000000000078c18c 21:33:38 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/netlink\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x900, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) 21:33:38 executing program 3: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:33:39 executing program 4: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) r4 = getpid() sched_setattr(r4, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) sched_setattr(r4, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3, 0x40}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r5, &(0x7f00000017c0), 0x375, 0x0, 0x0) 21:33:39 executing program 2: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:33:39 executing program 5 (fault-call:13 fault-nth:7): ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x0) 21:33:39 executing program 0: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) [ 2211.291818][T27861] syz-executor.2 invoked oom-killer: gfp_mask=0x1100dca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO|0x1000000), order=0, oom_score_adj=1000 [ 2211.305296][T27861] CPU: 0 PID: 27861 Comm: syz-executor.2 Not tainted 5.4.56-syzkaller-00005-g8555f0d9d303 #0 [ 2211.315450][T27861] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2211.325504][T27861] Call Trace: [ 2211.328795][T27861] dump_stack+0x14a/0x1ce [ 2211.333102][T27861] ? devkmsg_release+0x11c/0x11c [ 2211.338016][T27861] ? show_regs_print_info+0x12/0x12 [ 2211.343200][T27861] ? radix_tree_cpu_dead+0x160/0x160 [ 2211.348483][T27861] ? _raw_spin_lock+0xa1/0x170 [ 2211.354117][T27861] ? _raw_spin_trylock_bh+0x190/0x190 [ 2211.359489][T27861] dump_header+0xdb/0x700 [ 2211.363797][T27861] oom_kill_process+0xd3/0x280 [ 2211.368543][T27861] out_of_memory+0x5b6/0x890 [ 2211.373115][T27861] ? unregister_oom_notifier+0x20/0x20 [ 2211.378576][T27861] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2211.384109][T27861] ? get_page_from_freelist+0x7c0/0x7c0 [ 2211.389644][T27861] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2211.394997][T27861] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2211.400560][T27861] ? mem_cgroup_commit_charge+0x1cc/0x2a0 [ 2211.406249][T27861] ? mem_cgroup_try_charge_delay+0x10/0x10 [ 2211.412039][T27861] ? __lru_cache_add+0x1a1/0x1f0 [ 2211.416952][T27861] wp_page_copy+0x1cb/0x1120 [ 2211.421514][T27861] ? add_mm_rss_vec+0x270/0x270 [ 2211.426355][T27861] ? vm_normal_page+0x1c9/0x1d0 [ 2211.431190][T27861] do_wp_page+0x4c1/0x1530 [ 2211.435590][T27861] ? push_rt_tasks+0x4f8/0x670 [ 2211.440338][T27861] ? _raw_spin_lock+0xa1/0x170 [ 2211.445098][T27861] ? do_swap_page+0x1560/0x1560 [ 2211.449924][T27861] handle_mm_fault+0xfa5/0x41e0 [ 2211.454753][T27861] ? finish_fault+0x230/0x230 [ 2211.459405][T27861] ? push_rt_tasks+0x4f8/0x670 [ 2211.464147][T27861] ? down_read_trylock+0x17a/0x1d0 [ 2211.469256][T27861] ? vmacache_find+0x3a2/0x4b0 [ 2211.474017][T27861] do_user_addr_fault+0x48a/0x9f0 [ 2211.479049][T27861] page_fault+0x2f/0x40 [ 2211.483191][T27861] RIP: 0010:copy_user_enhanced_fast_string+0xe/0x30 [ 2211.489757][T27861] Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 89 d1 f3 a4 [ 2211.509347][T27861] RSP: 0018:ffff88813961f888 EFLAGS: 00010206 [ 2211.515400][T27861] RAX: ffffffff81f80e01 RBX: 0000000020443500 RCX: 0000000000000500 [ 2211.523347][T27861] RDX: 0000000000001000 RSI: ffff888138a80b00 RDI: 0000000020443000 [ 2211.531598][T27861] RBP: ffff88813961fda8 R08: dffffc0000000000 R09: ffffed1027150200 [ 2211.539548][T27861] R10: 0000000000000000 R11: 0000000000000000 R12: 00007ffffffff000 [ 2211.547497][T27861] R13: 0000000000001000 R14: ffff888138a80000 R15: 0000000020442500 [ 2211.555460][T27861] ? _copy_to_iter+0x1021/0x1060 [ 2211.560397][T27861] copyout+0x8e/0xb0 [ 2211.564275][T27861] copy_page_to_iter+0x393/0xbd0 [ 2211.569186][T27861] pipe_to_user+0xa3/0x130 [ 2211.573571][T27861] __splice_from_pipe+0x2d3/0x870 [ 2211.578575][T27861] ? user_page_pipe_buf_steal+0xc0/0xc0 [ 2211.584134][T27861] do_vmsplice+0x252/0xee0 [ 2211.588547][T27861] ? avc_ss_reset+0x3a0/0x3a0 [ 2211.593216][T27861] ? write_pipe_buf+0x1d0/0x1d0 [ 2211.598346][T27861] ? __rcu_read_lock+0x50/0x50 [ 2211.603083][T27861] ? check_stack_object+0x5a/0x90 [ 2211.608078][T27861] ? _copy_from_user+0xa4/0xe0 [ 2211.612833][T27861] ? rw_copy_check_uvector+0x2b3/0x310 [ 2211.618261][T27861] ? import_iovec+0x1c2/0x380 [ 2211.622920][T27861] ? dup_iter+0x110/0x110 [ 2211.627225][T27861] ? do_vfs_ioctl+0x780/0x1750 [ 2211.632514][T27861] __se_sys_vmsplice+0x1fb/0x300 [ 2211.637425][T27861] ? __x64_sys_vmsplice+0xa0/0xa0 [ 2211.642420][T27861] ? put_timespec64+0x109/0x150 [ 2211.647418][T27861] ? __x64_sys_clock_gettime+0x20d/0x260 [ 2211.653019][T27861] ? __ia32_sys_clock_settime+0x2a0/0x2a0 [ 2211.658722][T27861] do_syscall_64+0xcb/0x150 [ 2211.663219][T27861] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2211.669105][T27861] RIP: 0033:0x45ccd9 [ 2211.672994][T27861] Code: 2d b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb b5 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2211.693015][T27861] RSP: 002b:00007fddb5d87c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000116 [ 2211.701418][T27861] RAX: ffffffffffffffda RBX: 0000000000035780 RCX: 000000000045ccd9 [ 2211.709391][T27861] RDX: 0000000000000001 RSI: 0000000020000000 RDI: 0000000000000004 [ 2211.717362][T27861] RBP: 000000000078c088 R08: 0000000000000000 R09: 0000000000000000 [ 2211.725316][T27861] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078c04c [ 2211.733292][T27861] R13: 00007ffdfaf6b1cf R14: 00007fddb5d889c0 R15: 000000000078c04c [ 2211.741373][T27861] Mem-Info: [ 2211.744526][T27861] active_anon:1414568 inactive_anon:9707 isolated_anon:0 [ 2211.744526][T27861] active_file:19 inactive_file:20 isolated_file:0 [ 2211.744526][T27861] unevictable:363 dirty:24 writeback:0 unstable:0 [ 2211.744526][T27861] slab_reclaimable:10317 slab_unreclaimable:78969 [ 2211.744526][T27861] mapped:58100 shmem:9776 pagetables:37182 bounce:0 [ 2211.744526][T27861] free:9224 free_pcp:586 free_cma:0 [ 2211.782244][T27861] Node 0 active_anon:5658272kB inactive_anon:38828kB active_file:56kB inactive_file:96kB unevictable:1452kB isolated(anon):0kB isolated(file):0kB mapped:232404kB dirty:88kB writeback:0kB shmem:39104kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2211.806441][T27861] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2211.832423][T27861] lowmem_reserve[]: 0 2912 6416 6416 [ 2211.837793][T27861] DMA32 free:17108kB min:4644kB low:7624kB high:10604kB active_anon:2834208kB inactive_anon:5352kB active_file:4kB inactive_file:4kB unevictable:0kB writepending:0kB present:3129332kB managed:2983768kB mlocked:0kB kernel_stack:15616kB pagetables:20936kB bounce:0kB free_pcp:868kB local_pcp:368kB free_cma:0kB [ 2211.866706][T27861] lowmem_reserve[]: 0 0 3504 3504 [ 2211.871746][T27861] Normal free:3884kB min:5592kB low:9180kB high:12768kB active_anon:2823712kB inactive_anon:33476kB active_file:308kB inactive_file:528kB unevictable:1452kB writepending:0kB present:4718592kB managed:3588928kB mlocked:1452kB kernel_stack:29664kB pagetables:127792kB bounce:0kB free_pcp:1488kB local_pcp:940kB free_cma:0kB [ 2211.901799][T27861] lowmem_reserve[]: 0 0 0 0 [ 2211.906319][T27861] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2211.919658][T27861] DMA32: 1*4kB (H) 2*8kB (H) 8*16kB (UH) 6*32kB (UMH) 34*64kB (M) 54*128kB (MH) 6*256kB (M) 4*512kB (M) 4*1024kB (M) 0*2048kB 0*4096kB = 17108kB [ 2211.934397][T27861] Normal: 41*4kB (UE) 21*8kB (UME) 6*16kB (UME) 2*32kB (UM) 1*64kB (U) 4*128kB (M) 3*256kB (M) 2*512kB (UM) 1*1024kB (U) 0*2048kB 0*4096kB = 3884kB [ 2211.949435][T27861] 10121 total pagecache pages [ 2211.954109][T27861] 0 pages in swap cache [ 2211.958300][T27861] Swap cache stats: add 0, delete 0, find 0/0 [ 2211.964363][T27861] Free swap = 0kB [ 2211.968092][T27861] Total swap = 0kB [ 2211.971795][T27861] 1965979 pages RAM [ 2211.975971][T27861] 0 pages HighMem/MovableOnly [ 2211.980650][T27861] 318829 pages reserved [ 2211.984827][T27861] 0 pages cma reserved [ 2211.988882][T27861] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.1,pid=20799,uid=0 [ 2212.003187][T27861] Out of memory: Killed process 20799 (syz-executor.1) total-vm:75240kB, anon-rss:15236kB, file-rss:35840kB, shmem-rss:0kB, UID:0 pgtables:164kB oom_score_adj:1000 [ 2212.053780][ T23] oom_reaper: reaped process 20799 (syz-executor.1), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 2212.178811][T27864] FAULT_INJECTION: forcing a failure. [ 2212.178811][T27864] name failslab, interval 1, probability 0, space 0, times 0 [ 2212.191552][T27864] CPU: 0 PID: 27864 Comm: syz-executor.5 Not tainted 5.4.56-syzkaller-00005-g8555f0d9d303 #0 [ 2212.201720][T27864] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2212.211783][T27864] Call Trace: [ 2212.215075][T27864] dump_stack+0x14a/0x1ce [ 2212.219405][T27864] ? devkmsg_release+0x11c/0x11c [ 2212.224337][T27864] ? show_regs_print_info+0x12/0x12 [ 2212.229533][T27864] ? cred_has_capability+0x1c2/0x410 [ 2212.234847][T27864] ? cred_has_capability+0x2cc/0x410 [ 2212.240137][T27864] should_fail+0x6fb/0x860 [ 2212.244559][T27864] ? setup_fault_attr+0x3d0/0x3d0 [ 2212.249604][T27864] ? slab_free_freelist_hook+0xd0/0x150 [ 2212.255165][T27864] ? cap_capable+0x23f/0x280 [ 2212.259851][T27864] ? proc_pid_stack+0x1d5/0x1f0 [ 2212.264693][T27864] ? proc_pid_stack+0x8e/0x1f0 [ 2212.269482][T27864] should_failslab+0x5/0x20 [ 2212.273978][T27864] kmem_cache_alloc_trace+0x39/0x280 [ 2212.279258][T27864] proc_pid_stack+0x8e/0x1f0 [ 2212.283846][T27864] proc_single_show+0xd3/0x130 [ 2212.288613][T27864] seq_read+0x4aa/0xd30 [ 2212.292768][T27864] do_iter_read+0x43b/0x550 [ 2212.297263][T27864] do_preadv+0x213/0x350 [ 2212.301752][T27864] ? do_writev+0x5b0/0x5b0 [ 2212.306159][T27864] ? fput_many+0x42/0x1a0 [ 2212.310484][T27864] ? ksys_write+0x25d/0x2c0 [ 2212.314999][T27864] do_syscall_64+0xcb/0x150 [ 2212.319504][T27864] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2212.325387][T27864] RIP: 0033:0x45ccd9 [ 2212.329263][T27864] Code: 2d b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb b5 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2212.349812][T27864] RSP: 002b:00007f2dca048c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000127 [ 2212.358211][T27864] RAX: ffffffffffffffda RBX: 0000000000024a80 RCX: 000000000045ccd9 [ 2212.366171][T27864] RDX: 0000000000000375 RSI: 00000000200017c0 RDI: 0000000000000006 [ 2212.374216][T27864] RBP: 00007f2dca048ca0 R08: 0000000000000000 R09: 0000000000000000 [ 2212.382174][T27864] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000007 [ 2212.390134][T27864] R13: 00007ffc5a445d3f R14: 00007f2dca0499c0 R15: 000000000078c0ec [ 2212.612221][T27876] syz-executor.3 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 2212.627030][T27876] CPU: 0 PID: 27876 Comm: syz-executor.3 Not tainted 5.4.56-syzkaller-00005-g8555f0d9d303 #0 [ 2212.637188][T27876] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2212.647236][T27876] Call Trace: [ 2212.650528][T27876] dump_stack+0x14a/0x1ce [ 2212.654874][T27876] ? devkmsg_release+0x11c/0x11c [ 2212.659815][T27876] ? show_regs_print_info+0x12/0x12 [ 2212.665370][T27876] ? radix_tree_cpu_dead+0x160/0x160 [ 2212.670652][T27876] ? _raw_spin_lock+0xa1/0x170 [ 2212.675436][T27876] ? _raw_spin_trylock_bh+0x190/0x190 [ 2212.680948][T27876] dump_header+0xdb/0x700 [ 2212.685284][T27876] oom_kill_process+0xd3/0x280 [ 2212.690053][T27876] out_of_memory+0x5b6/0x890 [ 2212.694779][T27876] ? unregister_oom_notifier+0x20/0x20 [ 2212.700259][T27876] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2212.705820][T27876] ? get_page_from_freelist+0x7c0/0x7c0 [ 2212.711368][T27876] ? __zone_watermark_ok+0x91/0x280 [ 2212.716653][T27876] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2212.722063][T27876] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2212.727610][T27876] ? copy_process+0x5a4/0x5110 [ 2212.732367][T27876] ? kmem_cache_alloc+0x1d5/0x260 [ 2212.737394][T27876] copy_process+0x5f3/0x5110 [ 2212.741985][T27876] ? _raw_spin_lock+0xa1/0x170 [ 2212.746753][T27876] ? _raw_spin_trylock_bh+0x190/0x190 [ 2212.752123][T27876] ? cap_capable+0x23f/0x280 [ 2212.756701][T27876] ? fork_idle+0x290/0x290 [ 2212.761103][T27876] ? capable+0x79/0xe0 [ 2212.765178][T27876] _do_fork+0x196/0x920 [ 2212.769668][T27876] ? dup_mm+0x300/0x300 [ 2212.773809][T27876] ? ktime_get_raw+0x130/0x130 [ 2212.778555][T27876] __x64_sys_clone+0x25e/0x2c0 [ 2212.783321][T27876] ? __ia32_sys_vfork+0x110/0x110 [ 2212.788329][T27876] ? __x64_sys_clock_gettime+0x20d/0x260 [ 2212.793962][T27876] do_syscall_64+0xcb/0x150 [ 2212.798452][T27876] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2212.804334][T27876] RIP: 0033:0x45ccd9 [ 2212.808213][T27876] Code: 2d b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb b5 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2212.827828][T27876] RSP: 002b:00007fbf5a9d0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2212.836230][T27876] RAX: ffffffffffffffda RBX: 0000000000001f00 RCX: 000000000045ccd9 [ 2212.844185][T27876] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000103 [ 2212.852141][T27876] RBP: 000000000078c130 R08: ffffffffffffffff R09: 0000000000000000 [ 2212.860094][T27876] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078c0ec [ 2212.868270][T27876] R13: 00007ffd7c7965df R14: 00007fbf5a9d19c0 R15: 000000000078c0ec [ 2212.877538][T27876] Mem-Info: [ 2212.883118][T27876] active_anon:1413461 inactive_anon:9707 isolated_anon:0 [ 2212.883118][T27876] active_file:44 inactive_file:26 isolated_file:0 [ 2212.883118][T27876] unevictable:363 dirty:22 writeback:22 unstable:0 [ 2212.883118][T27876] slab_reclaimable:10314 slab_unreclaimable:78900 [ 2212.883118][T27876] mapped:58107 shmem:9776 pagetables:37140 bounce:0 [ 2212.883118][T27876] free:10908 free_pcp:163 free_cma:0 [ 2212.921165][T27876] Node 0 active_anon:5653944kB inactive_anon:38828kB active_file:176kB inactive_file:104kB unevictable:1452kB isolated(anon):0kB isolated(file):0kB mapped:232428kB dirty:88kB writeback:88kB shmem:39104kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2212.946309][T27876] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2212.974021][T27876] lowmem_reserve[]: 0 2912 6416 6416 [ 2212.980041][T27876] DMA32 free:20692kB min:4644kB low:7624kB high:10604kB active_anon:2831700kB inactive_anon:5352kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2983768kB mlocked:0kB kernel_stack:15424kB pagetables:20836kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2213.011917][T27876] lowmem_reserve[]: 0 0 3504 3504 [ 2213.017942][T27876] Normal free:6392kB min:5592kB low:9180kB high:12768kB active_anon:2822428kB inactive_anon:33476kB active_file:216kB inactive_file:456kB unevictable:1452kB writepending:176kB present:4718592kB managed:3588928kB mlocked:1452kB kernel_stack:29472kB pagetables:127724kB bounce:0kB free_pcp:660kB local_pcp:468kB free_cma:0kB [ 2213.062215][T27876] lowmem_reserve[]: 0 0 0 0 [ 2213.067968][T27876] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2213.083283][T27876] DMA32: 162*4kB (MH) 8*8kB (UMH) 21*16kB (MH) 34*32kB (MH) 38*64kB (MH) 54*128kB (MH) 6*256kB (M) 4*512kB (M) 4*1024kB (M) 0*2048kB 0*4096kB = 19160kB [ 2213.100416][T27876] Normal: 40*4kB (ME) 9*8kB (E) 5*16kB (UME) 20*32kB (UM) 2*64kB (U) 6*128kB (UM) 4*256kB (M) 2*512kB (UM) 1*1024kB (U) 0*2048kB 0*4096kB = 4920kB [ 2213.120995][T27876] 10395 total pagecache pages [ 2213.130047][T27876] 0 pages in swap cache [ 2213.134826][T27876] Swap cache stats: add 0, delete 0, find 0/0 [ 2213.142022][T27876] Free swap = 0kB [ 2213.145950][T27876] Total swap = 0kB [ 2213.149701][T27876] 1965979 pages RAM [ 2213.153513][T27876] 0 pages HighMem/MovableOnly [ 2213.158244][T27876] 318829 pages reserved [ 2213.162406][T27876] 0 pages cma reserved [ 2213.168808][T27876] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.4,pid=26809,uid=0 [ 2213.183079][T27876] Out of memory: Killed process 26809 (syz-executor.4) total-vm:75240kB, anon-rss:15068kB, file-rss:35920kB, shmem-rss:0kB, UID:0 pgtables:164kB oom_score_adj:1000 [ 2213.203814][ T23] oom_reaper: reaped process 26809 (syz-executor.4), now anon-rss:0kB, file-rss:34832kB, shmem-rss:0kB 21:33:41 executing program 3: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:33:41 executing program 2: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:33:41 executing program 5 (fault-call:13 fault-nth:8): ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x0) 21:33:41 executing program 4: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') 21:33:41 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/netlink\x00') preadv(r2, &(0x7f00000017c0), 0x375, 0x900, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) 21:33:41 executing program 0: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) r4 = getpid() sched_setattr(r4, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) sched_setattr(r4, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3, 0x0, 0x6, 0x0, 0xfffffffe}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r5, &(0x7f00000017c0), 0x375, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:33:41 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/netlink\x00') preadv(r2, &(0x7f00000017c0), 0x375, 0x900, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) 21:33:41 executing program 2: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) [ 2213.760795][T27905] syz-executor.5 invoked oom-killer: gfp_mask=0x1100dca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO|0x1000000), order=0, oom_score_adj=1000 [ 2213.774077][T27905] CPU: 1 PID: 27905 Comm: syz-executor.5 Not tainted 5.4.56-syzkaller-00005-g8555f0d9d303 #0 [ 2213.784230][T27905] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2213.794286][T27905] Call Trace: [ 2213.797585][T27905] dump_stack+0x14a/0x1ce [ 2213.803213][T27905] ? devkmsg_release+0x11c/0x11c [ 2213.808172][T27905] ? show_regs_print_info+0x12/0x12 [ 2213.813373][T27905] ? radix_tree_cpu_dead+0x160/0x160 [ 2213.818675][T27905] ? _raw_spin_lock+0xa1/0x170 [ 2213.823449][T27905] ? _raw_spin_trylock_bh+0x190/0x190 [ 2213.829100][T27905] dump_header+0xdb/0x700 [ 2213.833436][T27905] oom_kill_process+0xd3/0x280 [ 2213.838214][T27905] out_of_memory+0x5b6/0x890 [ 2213.842947][T27905] ? unregister_oom_notifier+0x20/0x20 [ 2213.848580][T27905] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2213.854121][T27905] ? get_page_from_freelist+0x7c0/0x7c0 [ 2213.859655][T27905] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2213.865014][T27905] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2213.870544][T27905] ? mem_cgroup_commit_charge+0x1cc/0x2a0 [ 2213.876254][T27905] ? mem_cgroup_try_charge_delay+0x10/0x10 [ 2213.882044][T27905] ? __lru_cache_add+0x1a1/0x1f0 [ 2213.886971][T27905] wp_page_copy+0x1cb/0x1120 [ 2213.891549][T27905] ? add_mm_rss_vec+0x270/0x270 [ 2213.896386][T27905] ? vm_normal_page+0x1c9/0x1d0 [ 2213.901215][T27905] do_wp_page+0x4c1/0x1530 [ 2213.905637][T27905] ? push_rt_tasks+0x4f8/0x670 [ 2213.910384][T27905] ? _raw_spin_lock+0xa1/0x170 [ 2213.915127][T27905] ? do_swap_page+0x1560/0x1560 [ 2213.919971][T27905] handle_mm_fault+0xfa5/0x41e0 [ 2213.924806][T27905] ? finish_fault+0x230/0x230 [ 2213.929463][T27905] ? push_rt_tasks+0x4f8/0x670 [ 2213.934208][T27905] ? down_read_trylock+0x17a/0x1d0 [ 2213.939308][T27905] ? vmacache_find+0x2d2/0x4b0 [ 2213.944052][T27905] do_user_addr_fault+0x48a/0x9f0 [ 2213.949060][T27905] page_fault+0x2f/0x40 [ 2213.953203][T27905] RIP: 0010:copy_user_enhanced_fast_string+0xe/0x30 [ 2213.959772][T27905] Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 89 d1 f3 a4 [ 2213.979388][T27905] RSP: 0018:ffff888141237888 EFLAGS: 00010206 [ 2213.985447][T27905] RAX: ffffffff81f80e01 RBX: 00000000206fa500 RCX: 0000000000000500 [ 2213.993424][T27905] RDX: 0000000000001000 RSI: ffff88804a465b00 RDI: 00000000206fa000 [ 2214.001413][T27905] RBP: ffff888141237da8 R08: dffffc0000000000 R09: ffffed100948cc00 [ 2214.009383][T27905] R10: 0000000000000000 R11: 0000000000000000 R12: 00007ffffffff000 [ 2214.017357][T27905] R13: 0000000000001000 R14: ffff88804a465000 R15: 00000000206f9500 [ 2214.025343][T27905] ? _copy_to_iter+0x1021/0x1060 [ 2214.030292][T27905] copyout+0x8e/0xb0 [ 2214.034184][T27905] copy_page_to_iter+0x393/0xbd0 [ 2214.039115][T27905] pipe_to_user+0xa3/0x130 [ 2214.043524][T27905] __splice_from_pipe+0x2d3/0x870 [ 2214.048546][T27905] ? user_page_pipe_buf_steal+0xc0/0xc0 [ 2214.054088][T27905] do_vmsplice+0x252/0xee0 [ 2214.058528][T27905] ? avc_ss_reset+0x3a0/0x3a0 [ 2214.063201][T27905] ? write_pipe_buf+0x1d0/0x1d0 [ 2214.068046][T27905] ? __rcu_read_lock+0x50/0x50 [ 2214.072794][T27905] ? check_stack_object+0x5a/0x90 [ 2214.077823][T27905] ? _copy_from_user+0xa4/0xe0 [ 2214.082590][T27905] ? rw_copy_check_uvector+0x2b3/0x310 [ 2214.088034][T27905] ? import_iovec+0x1c2/0x380 [ 2214.092691][T27905] ? dup_iter+0x110/0x110 [ 2214.097017][T27905] ? do_vfs_ioctl+0x780/0x1750 [ 2214.101764][T27905] __se_sys_vmsplice+0x1fb/0x300 [ 2214.106704][T27905] ? __x64_sys_vmsplice+0xa0/0xa0 [ 2214.111726][T27905] ? put_timespec64+0x109/0x150 [ 2214.116582][T27905] ? __x64_sys_clock_gettime+0x20d/0x260 [ 2214.122196][T27905] ? __ia32_sys_clock_settime+0x2a0/0x2a0 [ 2214.127918][T27905] do_syscall_64+0xcb/0x150 [ 2214.132405][T27905] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2214.138280][T27905] RIP: 0033:0x45ccd9 [ 2214.142166][T27905] Code: 2d b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb b5 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2214.161756][T27905] RSP: 002b:00007f2dca069c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000116 [ 2214.170168][T27905] RAX: ffffffffffffffda RBX: 0000000000035780 RCX: 000000000045ccd9 [ 2214.178129][T27905] RDX: 0000000000000001 RSI: 0000000020000000 RDI: 0000000000000004 [ 2214.186105][T27905] RBP: 000000000078c088 R08: 0000000000000000 R09: 0000000000000000 [ 2214.194071][T27905] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078c04c [ 2214.202037][T27905] R13: 00007ffc5a445d3f R14: 00007f2dca06a9c0 R15: 000000000078c04c [ 2214.210104][T27905] Mem-Info: [ 2214.213915][T27905] active_anon:1413045 inactive_anon:9707 isolated_anon:585 [ 2214.213915][T27905] active_file:24 inactive_file:19 isolated_file:0 [ 2214.213915][T27905] unevictable:363 dirty:21 writeback:0 unstable:0 [ 2214.213915][T27905] slab_reclaimable:10308 slab_unreclaimable:79293 [ 2214.213915][T27905] mapped:58123 shmem:9776 pagetables:37229 bounce:0 [ 2214.213915][T27905] free:9633 free_pcp:515 free_cma:0 [ 2214.252161][T27905] Node 0 active_anon:5654480kB inactive_anon:38828kB active_file:96kB inactive_file:0kB unevictable:1452kB isolated(anon):88kB isolated(file):0kB mapped:232492kB dirty:84kB writeback:0kB shmem:39104kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2214.276311][T27905] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2214.302279][T27905] lowmem_reserve[]: 0 2912 6416 6416 [ 2214.307598][T27905] DMA32 free:18092kB min:4644kB low:7624kB high:10604kB active_anon:2827356kB inactive_anon:5352kB active_file:48kB inactive_file:364kB unevictable:0kB writepending:44kB present:3129332kB managed:2983768kB mlocked:0kB kernel_stack:15808kB pagetables:20892kB bounce:0kB free_pcp:2476kB local_pcp:1076kB free_cma:0kB [ 2214.338083][T27905] lowmem_reserve[]: 0 0 3504 3504 [ 2214.343114][T27905] Normal free:4444kB min:5592kB low:9180kB high:12768kB active_anon:2826680kB inactive_anon:33476kB active_file:168kB inactive_file:316kB unevictable:1452kB writepending:140kB present:4718592kB managed:3588928kB mlocked:1452kB kernel_stack:29376kB pagetables:128024kB bounce:0kB free_pcp:996kB local_pcp:940kB free_cma:0kB [ 2214.373364][T27905] lowmem_reserve[]: 0 0 0 0 [ 2214.377940][T27905] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2214.391303][T27905] DMA32: 419*4kB (UMH) 33*8kB (UMH) 19*16kB (MH) 12*32kB (UMH) 8*64kB (UMH) 14*128kB (UMH) 10*256kB (MH) 6*512kB (UM) 4*1024kB (UM) 1*2048kB (M) 1*4096kB (M) = 20804kB [ 2214.408077][T27905] Normal: 231*4kB (UME) 75*8kB (UME) 35*16kB (UME) 22*32kB (UM) 3*64kB (UM) 1*128kB (M) 2*256kB (M) 2*512kB (UM) 1*1024kB (U) 0*2048kB 0*4096kB = 5668kB [ 2214.423536][T27905] 10204 total pagecache pages [ 2214.428215][T27905] 0 pages in swap cache [ 2214.432371][T27905] Swap cache stats: add 0, delete 0, find 0/0 [ 2214.438441][T27905] Free swap = 0kB [ 2214.443103][T27905] Total swap = 0kB [ 2214.446845][T27905] 1965979 pages RAM [ 2214.450651][T27905] 0 pages HighMem/MovableOnly [ 2214.455344][T27905] 318829 pages reserved [ 2214.459498][T27905] 0 pages cma reserved [ 2214.463536][T27905] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.1,pid=27877,uid=0 [ 2214.477631][T27905] Out of memory: Killed process 27877 (syz-executor.1) total-vm:75240kB, anon-rss:16572kB, file-rss:35776kB, shmem-rss:0kB, UID:0 pgtables:164kB oom_score_adj:1000 [ 2214.518844][ T23] oom_reaper: reaped process 27877 (syz-executor.1), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 21:33:42 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/netlink\x00') preadv(r2, &(0x7f00000017c0), 0x375, 0x900, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) 21:33:42 executing program 3: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:33:42 executing program 4: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='pagemap\x00') read$char_usb(r0, 0x0, 0x7ffff000) ioctl$EVIOCGUNIQ(r0, 0x80404508, &(0x7f0000001300)=""/114) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x38, 0x5, 0x0, 0xffffffff, 0x9, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$KDGKBTYPE(r4, 0x4b33, &(0x7f0000000140)) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r5, &(0x7f0000000200)=[{&(0x7f00000000c0)=""/33, 0x21}, {&(0x7f0000001380)=""/71, 0x47}, {&(0x7f0000000180)=""/121, 0x79}, {&(0x7f0000000300)=""/4082, 0xff2}], 0x4, 0x0, 0x0) 21:33:42 executing program 0: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioprio_set$pid(0x2, r0, 0x4000) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) prctl$PR_GET_NAME(0x10, &(0x7f00000001c0)=""/142) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:33:42 executing program 5: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x0) 21:33:42 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) socket$inet6(0xa, 0x2, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/netlink\x00') preadv(r3, &(0x7f00000017c0), 0x375, 0x900, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) 21:33:43 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) socket$inet6(0xa, 0x2, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/netlink\x00') preadv(r3, &(0x7f00000017c0), 0x375, 0x900, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) 21:33:43 executing program 3: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r2, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:33:43 executing program 2: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:33:43 executing program 4: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000), 0x0, 0x4) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f0000000000)='pagemap\x00') read$char_usb(r4, 0x0, 0x7ffff000) ioctl$PIO_FONTX(r3, 0x4b6c, &(0x7f00000000c0)={0x19e, 0xf, &(0x7f0000000300)="a453905cd1b2170a1105d8fe0fa3e66c94d06b997280c0b8d63b228fb9b0d802e13863e490f6ecf15fdcbff16db581fedafe6c30b87f74ef77e65413cbdfbc75c0c4961b73cd3d450c01dd67b9e8e54c1f5ac8c435d2857dc122afc5f1407e03ebb644d97b379bd91ce169dc4b5bb235ab09486733bae0182ebd118f549a348b0593a31e4863dec765c147f102a8076b055525fec18807e151a89c4d9c64375b572b4c7bf87129cf1abe2ff95500c78638779fb669f352f77a1ee2fabd08f1ddcc6458921ca4bcf454dcfb3795506bb0558bae54ffe8c60be0330b2b91e93bc5530ca2b82f24239155a58c9f0f817b7ff9d0764a6289fa96ee82c4b1f6899ce80b80ef8083bd8466abc3bdcb9237cf74e901a95b2cd050bb9776f05014f45207320284a6bbcca3733a5697a69e995931e74991439d31faf634c2b50f811925cc98abb61fcac9a07ac7391398e43624aee2d95f612c1ec68e05a6ecbd77dac1884e78860d3c487d33c76b572960868fee9eba1de827af4259097aabd31cf2542e014873ab9b4965a601a7b65b34dfd972ac1a361db2523945f93da97016630364ca14177d7a8496b8bf27d35269a444675a70e7233d6334d2e3f5579f2f0fce3687dca6bb1a555c5ed2d324ed2641c5beec3365aa8f1efd45c59eb08d9a66d3af3d6270dbe224b2320fb979a47964d9a11011980cb4c8d8b8985225b34136741e4e78db6802f60e26e64f3235706389558e51f005d80ab820a4f5d0512e6b57615fa05f77d0069428a062373340f6b427579fee510d6fa0cbbe29ae0921b8a924ab6638e7c1b031b1322d058733d88aea04d246ee75551741f57768b7e3cbd9c802723530134428d794dda4fc605e465659ba11f88dfc00546ee9fa10da38887027019faddf13a0a235c96b19889ef12f2d6e782b2b0f38dc8d56bb813af05599374336a9eaef974647d6a46359fcb022be93d94c50000258db6eecc593e7a7301e9f4a635bd83d50b34dd1a3fbe2447a3fd044da76fa6d8b1ce46379885bcdca519052ae0e6de662060d90b335a2d2d80562613164ea0503daac071608b1c031cd5c8c917ede97f277c84c7bb408bdad96ee2e455b54ed8844c94aef3d624055b9e7e40da995fe0cfda02c66a29a1baded0df45e609711745bac8dc81c7cbb0734f9581e763101f5714bc9bd8b9c37a3f421b09b71bb462034f6defc10cfc0966af452caabfabcc304b343faefb33fc2caabce620164ffc04e842eb9f1b2667959dd61ccc530703baa059099aa346970b9b8453cdeda09d565ebd8ec33ae6a8adae38d42f4cc8a0016a1ef9fb75e9f377296a562c8b17e9cec34931c3d1a84ff9a44a01595ce33c9c432984c4b22d645eb3b8771129e3246cb5f20ee954f1145c2b27cdf23dba16f32d23f985961ce7ae588ae040047b3df9fb07da71738079c"}) ioctl$TIOCSBRK(r4, 0x5427) r5 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r5, &(0x7f00000017c0), 0x0, 0x0, 0x0) 21:33:43 executing program 0: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, 0x0, r2) r4 = gettid() sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000180)=[@cred={{0x1c, 0x1, 0x2, {r4, r2, r3}}}], 0x20}, 0x0) mount$fuse(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='fuse\x00', 0x8020, &(0x7f0000000440)={{'fd'}, 0x2c, {'rootmode', 0x3d, 0x2000}, 0x2c, {'user_id'}, 0x2c, {'group_id', 0x3d, r3}, 0x2c, {[{@max_read={'max_read', 0x3d, 0x7fffffff}}, {@max_read={'max_read', 0x3d, 0x80000001}}, {@default_permissions='default_permissions'}, {@default_permissions='default_permissions'}, {@allow_other='allow_other'}, {@default_permissions='default_permissions'}, {@max_read={'max_read'}}, {@allow_other='allow_other'}, {@default_permissions='default_permissions'}, {@allow_other='allow_other'}], [{@euid_lt={'euid<', 0xffffffffffffffff}}]}}) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r6, 0x407, 0x0) write(r6, &(0x7f0000000300)="40fb5d7984d21c748aff8297796c5c66e3040df16db6c68236bf9d54090769f8e1c3425a41aaf8193f289051bdedc09d6340e42300dd5357c303f8592f76def8e4e2aabdd74e08699ed77b4fb8c05aaea0aa028523133f5475bbc8e9e182558cdfd0d8dad7fbadf4a03a1a1be1f629879b2a65f151f8c97f9f970a76edeb1d729116a3c725a878cfa8803ceef97d99e75597dccc753086b68c113f5e67bbf0f1a72d7c9325c6bbba7db9a73c970fbaf573eaba12cbd4d5410ed3e0973ece4b85f45b5774b8baf607a93e166059bfcd7206ff116db8c5aa8e4cd80ba78aba23113456c3a1213565f68389d5c0e4f4f6411059603a20567a6d4721e179ef01c943b61b0db1eafe7dd555a9490a69f5bc7d0e4f32fb61b0111b7ee538b8872188556e06251b791af784af106f7c6399eefcec0ea1", 0x133) vmsplice(r5, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r7 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r7, &(0x7f00000017c0), 0x375, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:33:43 executing program 5: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x8, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x0) 21:33:43 executing program 3: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r2, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:33:43 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) socket$inet6(0xa, 0x2, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/netlink\x00') preadv(r3, &(0x7f00000017c0), 0x375, 0x900, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) 21:33:43 executing program 4: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) r4 = syz_open_procfs(0x0, &(0x7f0000000000)='pagemap\x00') read$char_usb(r4, 0x0, 0x7ffff000) getsockopt$SO_COOKIE(r4, 0x1, 0x39, &(0x7f0000000140), &(0x7f0000000180)=0x8) r5 = add_key$keyring(&(0x7f0000000280)='keyring\x00', &(0x7f00000002c0)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe) add_key(&(0x7f0000000000)='user\x00', &(0x7f0000000040)={'syz', 0x2}, &(0x7f0000000380)='>', 0x1, r5) keyctl$instantiate(0xc, r5, &(0x7f00000000c0)=@encrypted_load={'load ', 'default', 0x20, 'trusted:', 'stack\x00', 0x20, 0x4a, 0x20, [0x30, 0x63, 0xc2, 0x35]}, 0x36, 0xfffffffffffffffd) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r6, &(0x7f0000000140), 0x0, 0x0, 0x0) 21:33:43 executing program 0: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) pread64(0xffffffffffffffff, &(0x7f0000000300)=""/4096, 0x1000, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) r4 = syz_open_procfs(0x0, &(0x7f0000000000)='pagemap\x00') bpf$OBJ_PIN_MAP(0x6, &(0x7f0000000140)={&(0x7f00000000c0)='./file0\x00'}, 0x10) read$char_usb(r4, 0x0, 0x7ffff000) setsockopt$inet_MCAST_MSFILTER(r4, 0x0, 0x30, &(0x7f0000001300)=ANY=[@ANYBLOB="030000000000000002004e22ac1414aa000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000002004e217f00000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002004e21e000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002004e220000000000000000638ee0b500"/528], 0x210) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r5, &(0x7f00000017c0), 0x375, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:33:43 executing program 2: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:33:43 executing program 3: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r2, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:33:43 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/netlink\x00') preadv(r3, &(0x7f00000017c0), 0x375, 0x900, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) [ 2215.975108][T28002] syz-executor.5 invoked oom-killer: gfp_mask=0x1100dca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO|0x1000000), order=0, oom_score_adj=1000 [ 2215.988482][T28002] CPU: 1 PID: 28002 Comm: syz-executor.5 Not tainted 5.4.56-syzkaller-00005-g8555f0d9d303 #0 [ 2215.998630][T28002] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2216.008708][T28002] Call Trace: [ 2216.012005][T28002] dump_stack+0x14a/0x1ce [ 2216.016360][T28002] ? devkmsg_release+0x11c/0x11c [ 2216.021301][T28002] ? show_regs_print_info+0x12/0x12 [ 2216.026523][T28002] ? radix_tree_cpu_dead+0x160/0x160 [ 2216.031794][T28002] ? _raw_spin_lock+0xa1/0x170 [ 2216.036553][T28002] ? _raw_spin_trylock_bh+0x190/0x190 [ 2216.042129][T28002] dump_header+0xdb/0x700 [ 2216.046469][T28002] oom_kill_process+0xd3/0x280 [ 2216.051253][T28002] out_of_memory+0x5b6/0x890 [ 2216.055825][T28002] ? unregister_oom_notifier+0x20/0x20 [ 2216.061459][T28002] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2216.066995][T28002] ? get_page_from_freelist+0x7c0/0x7c0 [ 2216.072549][T28002] ? flush_tlb_func_common+0x45/0x580 [ 2216.077923][T28002] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2216.083647][T28002] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2216.089198][T28002] ? mem_cgroup_commit_charge+0x1cc/0x2a0 [ 2216.094937][T28002] ? mem_cgroup_try_charge_delay+0x10/0x10 [ 2216.100731][T28002] ? __lru_cache_add+0x1a1/0x1f0 [ 2216.105654][T28002] wp_page_copy+0x1cb/0x1120 [ 2216.110253][T28002] ? add_mm_rss_vec+0x270/0x270 [ 2216.115101][T28002] ? vm_normal_page+0x1c9/0x1d0 [ 2216.119970][T28002] do_wp_page+0x4c1/0x1530 [ 2216.124396][T28002] ? push_rt_tasks+0x4f8/0x670 [ 2216.129173][T28002] ? _raw_spin_lock+0xa1/0x170 [ 2216.133927][T28002] ? do_swap_page+0x1560/0x1560 [ 2216.138785][T28002] handle_mm_fault+0xfa5/0x41e0 [ 2216.143623][T28002] ? finish_fault+0x230/0x230 [ 2216.148292][T28002] ? push_rt_tasks+0x4f8/0x670 [ 2216.153037][T28002] ? down_read_trylock+0x17a/0x1d0 [ 2216.158143][T28002] ? vmacache_find+0x2d2/0x4b0 [ 2216.162916][T28002] do_user_addr_fault+0x48a/0x9f0 [ 2216.167941][T28002] page_fault+0x2f/0x40 [ 2216.172137][T28002] RIP: 0010:copy_user_enhanced_fast_string+0xe/0x30 [ 2216.178713][T28002] Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 89 d1 f3 a4 [ 2216.198309][T28002] RSP: 0018:ffff88816132f888 EFLAGS: 00010206 [ 2216.204403][T28002] RAX: ffffffff81f80e01 RBX: 0000000020eee500 RCX: 0000000000000500 [ 2216.212385][T28002] RDX: 0000000000001000 RSI: ffff8880536f7b00 RDI: 0000000020eee000 [ 2216.220337][T28002] RBP: ffff88816132fda8 R08: dffffc0000000000 R09: ffffed100a6df000 [ 2216.228289][T28002] R10: 0000000000000000 R11: 0000000000000000 R12: 00007ffffffff000 [ 2216.236260][T28002] R13: 0000000000001000 R14: ffff8880536f7000 R15: 0000000020eed500 [ 2216.244243][T28002] ? _copy_to_iter+0x1021/0x1060 [ 2216.249184][T28002] copyout+0x8e/0xb0 [ 2216.253060][T28002] copy_page_to_iter+0x393/0xbd0 [ 2216.257977][T28002] pipe_to_user+0xa3/0x130 [ 2216.262391][T28002] __splice_from_pipe+0x2d3/0x870 [ 2216.267389][T28002] ? user_page_pipe_buf_steal+0xc0/0xc0 [ 2216.272906][T28002] do_vmsplice+0x252/0xee0 [ 2216.277294][T28002] ? avc_ss_reset+0x3a0/0x3a0 [ 2216.281944][T28002] ? write_pipe_buf+0x1d0/0x1d0 [ 2216.286763][T28002] ? __rcu_read_lock+0x50/0x50 [ 2216.291496][T28002] ? check_stack_object+0x5a/0x90 [ 2216.296510][T28002] ? _copy_from_user+0xa4/0xe0 [ 2216.301247][T28002] ? rw_copy_check_uvector+0x2b3/0x310 [ 2216.306689][T28002] ? import_iovec+0x1c2/0x380 [ 2216.311351][T28002] ? dup_iter+0x110/0x110 [ 2216.315673][T28002] ? do_vfs_ioctl+0x780/0x1750 [ 2216.320409][T28002] __se_sys_vmsplice+0x1fb/0x300 [ 2216.325342][T28002] ? __x64_sys_vmsplice+0xa0/0xa0 [ 2216.330367][T28002] ? put_timespec64+0x109/0x150 [ 2216.335221][T28002] ? __x64_sys_clock_gettime+0x20d/0x260 [ 2216.340840][T28002] ? __ia32_sys_clock_settime+0x2a0/0x2a0 [ 2216.346901][T28002] do_syscall_64+0xcb/0x150 [ 2216.351402][T28002] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2216.357304][T28002] RIP: 0033:0x45ccd9 [ 2216.361175][T28002] Code: 2d b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb b5 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2216.380768][T28002] RSP: 002b:00007f2dca069c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000116 [ 2216.389168][T28002] RAX: ffffffffffffffda RBX: 0000000000035780 RCX: 000000000045ccd9 [ 2216.397144][T28002] RDX: 0000000000000001 RSI: 0000000020000000 RDI: 0000000000000004 [ 2216.405117][T28002] RBP: 000000000078c088 R08: 0000000000000000 R09: 0000000000000000 [ 2216.413083][T28002] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078c04c [ 2216.421058][T28002] R13: 00007ffc5a445d3f R14: 00007f2dca06a9c0 R15: 000000000078c04c [ 2216.429101][T28002] Mem-Info: [ 2216.432238][T28002] active_anon:1414269 inactive_anon:9707 isolated_anon:0 [ 2216.432238][T28002] active_file:27 inactive_file:2 isolated_file:0 [ 2216.432238][T28002] unevictable:363 dirty:0 writeback:22 unstable:0 [ 2216.432238][T28002] slab_reclaimable:10294 slab_unreclaimable:79078 [ 2216.432238][T28002] mapped:58110 shmem:9776 pagetables:37400 bounce:0 [ 2216.432238][T28002] free:9295 free_pcp:391 free_cma:0 [ 2216.469849][T28002] Node 0 active_anon:5657076kB inactive_anon:38828kB active_file:108kB inactive_file:8kB unevictable:1452kB isolated(anon):0kB isolated(file):0kB mapped:232440kB dirty:0kB writeback:88kB shmem:39104kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 2216.494117][T28002] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2216.520134][T28002] lowmem_reserve[]: 0 2912 6416 6416 [ 2216.525488][T28002] DMA32 free:17088kB min:4644kB low:7624kB high:10604kB active_anon:2831492kB inactive_anon:5352kB active_file:252kB inactive_file:324kB unevictable:0kB writepending:64kB present:3129332kB managed:2983768kB mlocked:0kB kernel_stack:15712kB pagetables:21636kB bounce:0kB free_pcp:572kB local_pcp:572kB free_cma:0kB [ 2216.557622][T28002] lowmem_reserve[]: 0 0 3504 3504 [ 2216.562643][T28002] Normal free:4188kB min:5592kB low:9180kB high:12768kB active_anon:2825000kB inactive_anon:33476kB active_file:56kB inactive_file:72kB unevictable:1452kB writepending:180kB present:4718592kB managed:3588928kB mlocked:1452kB kernel_stack:29760kB pagetables:127964kB bounce:0kB free_pcp:992kB local_pcp:496kB free_cma:0kB [ 2216.592630][T28002] lowmem_reserve[]: 0 0 0 0 [ 2216.597150][T28002] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2216.610466][T28002] DMA32: 81*4kB (UM) 19*8kB (UM) 17*16kB (UM) 11*32kB (UM) 11*64kB (UM) 6*128kB (M) 4*256kB (UM) 5*512kB (UM) 3*1024kB (UM) 2*2048kB (M) 1*4096kB (M) = 17420kB [ 2216.626539][T28002] Normal: 39*4kB (E) 10*8kB (UE) 3*16kB (UME) 2*32kB (UM) 18*64kB (UM) 17*128kB (UM) 0*256kB 1*512kB (M) 0*1024kB 0*2048kB 0*4096kB = 4188kB [ 2216.640891][T28002] 10128 total pagecache pages [ 2216.645563][T28002] 0 pages in swap cache [ 2216.649735][T28002] Swap cache stats: add 0, delete 0, find 0/0 [ 2216.655793][T28002] Free swap = 0kB [ 2216.659494][T28002] Total swap = 0kB [ 2216.663189][T28002] 1965979 pages RAM [ 2216.666990][T28002] 0 pages HighMem/MovableOnly [ 2216.671671][T28002] 318829 pages reserved [ 2216.675823][T28002] 0 pages cma reserved [ 2216.679903][T28002] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.5,pid=27977,uid=0 [ 2216.694043][T28002] Out of memory: Killed process 27977 (syz-executor.5) total-vm:75240kB, anon-rss:15232kB, file-rss:35772kB, shmem-rss:0kB, UID:0 pgtables:160kB oom_score_adj:1000 [ 2216.719393][ T23] oom_reaper: reaped process 27977 (syz-executor.5), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 21:33:44 executing program 2: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:33:44 executing program 5: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x0) 21:33:44 executing program 3: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:33:45 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/netlink\x00') preadv(r3, &(0x7f00000017c0), 0x375, 0x900, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) 21:33:45 executing program 3: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:33:45 executing program 0: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) rt_sigsuspend(&(0x7f00000000c0)={[0x2]}, 0x8) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:33:45 executing program 4: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() r1 = syz_open_procfs(0x0, &(0x7f0000000000)='pagemap\x00') read$char_usb(r1, 0x0, 0x7ffff000) connect$inet6(r1, &(0x7f0000000200)={0xa, 0x4e23, 0x2, @loopback, 0x6}, 0x1c) sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) wait4(0x0, &(0x7f00000000c0), 0xc, &(0x7f0000000140)) recvmmsg(r2, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r5, &(0x7f00000017c0), 0x375, 0x0, 0x0) 21:33:45 executing program 2: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) [ 2217.883479][T28065] syz-executor.5 invoked oom-killer: gfp_mask=0x1100dca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO|0x1000000), order=0, oom_score_adj=1000 [ 2217.896780][T28065] CPU: 0 PID: 28065 Comm: syz-executor.5 Not tainted 5.4.56-syzkaller-00005-g8555f0d9d303 #0 [ 2217.906940][T28065] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2217.916995][T28065] Call Trace: [ 2217.920310][T28065] dump_stack+0x14a/0x1ce [ 2217.924667][T28065] ? devkmsg_release+0x11c/0x11c [ 2217.929603][T28065] ? show_regs_print_info+0x12/0x12 [ 2217.934967][T28065] ? radix_tree_cpu_dead+0x160/0x160 [ 2217.940274][T28065] ? _raw_spin_lock+0xa1/0x170 [ 2217.945183][T28065] ? _raw_spin_trylock_bh+0x190/0x190 [ 2217.950629][T28065] dump_header+0xdb/0x700 [ 2217.954954][T28065] oom_kill_process+0xd3/0x280 [ 2217.959720][T28065] out_of_memory+0x5b6/0x890 [ 2217.964318][T28065] ? unregister_oom_notifier+0x20/0x20 [ 2217.969780][T28065] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2217.975338][T28065] ? get_page_from_freelist+0x7c0/0x7c0 [ 2217.980901][T28065] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2217.986262][T28065] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2217.991826][T28065] ? mem_cgroup_commit_charge+0x1cc/0x2a0 [ 2217.998509][T28065] ? mem_cgroup_try_charge_delay+0x10/0x10 [ 2218.004290][T28065] ? __lru_cache_add+0x1a1/0x1f0 [ 2218.009203][T28065] wp_page_copy+0x1cb/0x1120 [ 2218.013777][T28065] ? add_mm_rss_vec+0x270/0x270 [ 2218.018700][T28065] ? vm_normal_page+0x1c9/0x1d0 [ 2218.023708][T28065] do_wp_page+0x4c1/0x1530 [ 2218.028212][T28065] ? push_rt_tasks+0x4f8/0x670 [ 2218.032962][T28065] ? _raw_spin_lock+0xa1/0x170 [ 2218.037721][T28065] ? do_swap_page+0x1560/0x1560 [ 2218.042570][T28065] handle_mm_fault+0xfa5/0x41e0 [ 2218.047398][T28065] ? finish_fault+0x230/0x230 [ 2218.052059][T28065] ? push_rt_tasks+0x4f8/0x670 [ 2218.056803][T28065] ? down_read_trylock+0x17a/0x1d0 [ 2218.061899][T28065] ? vmacache_find+0x3a2/0x4b0 [ 2218.066639][T28065] do_user_addr_fault+0x48a/0x9f0 [ 2218.071738][T28065] page_fault+0x2f/0x40 [ 2218.075900][T28065] RIP: 0010:copy_user_enhanced_fast_string+0xe/0x30 [ 2218.082511][T28065] Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 89 d1 f3 a4 [ 2218.103404][T28065] RSP: 0018:ffff888027fff888 EFLAGS: 00010206 [ 2218.109465][T28065] RAX: ffffffff81f80e01 RBX: 000000002046b500 RCX: 0000000000000500 [ 2218.118406][T28065] RDX: 0000000000001000 RSI: ffff888161344b00 RDI: 000000002046b000 [ 2218.126371][T28065] RBP: ffff888027fffda8 R08: dffffc0000000000 R09: ffffed102c268a00 [ 2218.134502][T28065] R10: 0000000000000000 R11: 0000000000000000 R12: 00007ffffffff000 [ 2218.143097][T28065] R13: 0000000000001000 R14: ffff888161344000 R15: 000000002046a500 [ 2218.151812][T28065] ? _copy_to_iter+0x1021/0x1060 [ 2218.156759][T28065] copyout+0x8e/0xb0 [ 2218.160757][T28065] copy_page_to_iter+0x393/0xbd0 [ 2218.166204][T28065] pipe_to_user+0xa3/0x130 [ 2218.170627][T28065] __splice_from_pipe+0x2d3/0x870 [ 2218.175656][T28065] ? user_page_pipe_buf_steal+0xc0/0xc0 [ 2218.181200][T28065] do_vmsplice+0x252/0xee0 [ 2218.185798][T28065] ? avc_ss_reset+0x3a0/0x3a0 [ 2218.190471][T28065] ? write_pipe_buf+0x1d0/0x1d0 [ 2218.195313][T28065] ? __rcu_read_lock+0x50/0x50 [ 2218.200074][T28065] ? check_stack_object+0x5a/0x90 [ 2218.205113][T28065] ? _copy_from_user+0xa4/0xe0 [ 2218.209861][T28065] ? rw_copy_check_uvector+0x2b3/0x310 [ 2218.215318][T28065] ? import_iovec+0x1c2/0x380 [ 2218.219993][T28065] ? dup_iter+0x110/0x110 [ 2218.224312][T28065] ? do_vfs_ioctl+0x780/0x1750 [ 2218.229203][T28065] __se_sys_vmsplice+0x1fb/0x300 [ 2218.234154][T28065] ? __x64_sys_vmsplice+0xa0/0xa0 [ 2218.239184][T28065] ? put_timespec64+0x109/0x150 [ 2218.244045][T28065] ? __x64_sys_clock_gettime+0x20d/0x260 [ 2218.249692][T28065] ? __ia32_sys_clock_settime+0x2a0/0x2a0 [ 2218.255431][T28065] do_syscall_64+0xcb/0x150 [ 2218.259950][T28065] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2218.265850][T28065] RIP: 0033:0x45ccd9 [ 2218.269735][T28065] Code: 2d b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb b5 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2218.290276][T28065] RSP: 002b:00007f2dca069c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000116 [ 2218.298661][T28065] RAX: ffffffffffffffda RBX: 0000000000035780 RCX: 000000000045ccd9 [ 2218.306617][T28065] RDX: 0000000000000001 RSI: 0000000020000000 RDI: 0000000000000004 [ 2218.314567][T28065] RBP: 000000000078c088 R08: 0000000000000000 R09: 0000000000000000 [ 2218.322522][T28065] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078c04c [ 2218.330491][T28065] R13: 00007ffc5a445d3f R14: 00007f2dca06a9c0 R15: 000000000078c04c [ 2218.338600][T28065] Mem-Info: [ 2218.341755][T28065] active_anon:1414336 inactive_anon:9707 isolated_anon:0 [ 2218.341755][T28065] active_file:16 inactive_file:9 isolated_file:0 [ 2218.341755][T28065] unevictable:363 dirty:16 writeback:0 unstable:0 [ 2218.341755][T28065] slab_reclaimable:10291 slab_unreclaimable:79185 [ 2218.341755][T28065] mapped:58139 shmem:9776 pagetables:37440 bounce:0 [ 2218.341755][T28065] free:9182 free_pcp:352 free_cma:0 [ 2218.379386][T28065] Node 0 active_anon:5657344kB inactive_anon:38828kB active_file:64kB inactive_file:36kB unevictable:1452kB isolated(anon):0kB isolated(file):0kB mapped:232556kB dirty:64kB writeback:0kB shmem:39104kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 2218.403724][T28065] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2218.429674][T28065] lowmem_reserve[]: 0 2912 6416 6416 [ 2218.434991][T28065] DMA32 free:17004kB min:4644kB low:7624kB high:10604kB active_anon:2831108kB inactive_anon:5352kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2983768kB mlocked:0kB kernel_stack:15872kB pagetables:21752kB bounce:0kB free_pcp:596kB local_pcp:592kB free_cma:0kB [ 2218.464078][T28065] lowmem_reserve[]: 0 0 3504 3504 [ 2218.469159][T28065] Normal free:3820kB min:5592kB low:9180kB high:12768kB active_anon:2825456kB inactive_anon:33476kB active_file:56kB inactive_file:188kB unevictable:1452kB writepending:64kB present:4718592kB managed:3588928kB mlocked:1452kB kernel_stack:29600kB pagetables:128008kB bounce:0kB free_pcp:812kB local_pcp:332kB free_cma:0kB [ 2218.499102][T28065] lowmem_reserve[]: 0 0 0 0 [ 2218.503599][T28065] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2218.517877][T28065] DMA32: 8*4kB (UM) 8*8kB (UM) 12*16kB (UM) 30*32kB (UMH) 12*64kB (M) 7*128kB (MH) 4*256kB (MH) 4*512kB (M) 3*1024kB (MH) 2*2048kB (M) 1*4096kB (M) = 17248kB [ 2218.533760][T28065] Normal: 40*4kB (EH) 10*8kB (EH) 6*16kB (EH) 1*32kB (M) 22*64kB (MH) 14*128kB (MH) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 3568kB [ 2218.547694][T28065] 10108 total pagecache pages [ 2218.552349][T28065] 0 pages in swap cache [ 2218.556598][T28065] Swap cache stats: add 0, delete 0, find 0/0 [ 2218.562647][T28065] Free swap = 0kB [ 2218.566360][T28065] Total swap = 0kB [ 2218.570076][T28065] 1965979 pages RAM [ 2218.573870][T28065] 0 pages HighMem/MovableOnly [ 2218.578562][T28065] 318829 pages reserved [ 2218.582707][T28065] 0 pages cma reserved [ 2218.586777][T28065] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.5,pid=10476,uid=0 [ 2218.600880][T28065] Out of memory: Killed process 10476 (syz-executor.5) total-vm:75240kB, anon-rss:15108kB, file-rss:35840kB, shmem-rss:0kB, UID:0 pgtables:160kB oom_score_adj:1000 [ 2218.625304][ T23] oom_reaper: reaped process 10476 (syz-executor.5), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 2218.708628][ T333] syz-fuzzer invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 2218.722930][ T333] CPU: 0 PID: 333 Comm: syz-fuzzer Not tainted 5.4.56-syzkaller-00005-g8555f0d9d303 #0 [ 2218.740273][ T333] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2218.750352][ T333] Call Trace: [ 2218.753631][ T333] dump_stack+0x14a/0x1ce [ 2218.757963][ T333] ? devkmsg_release+0x11c/0x11c [ 2218.762891][ T333] ? show_regs_print_info+0x12/0x12 [ 2218.768088][ T333] ? radix_tree_cpu_dead+0x160/0x160 [ 2218.773372][ T333] ? _raw_spin_lock+0xa1/0x170 [ 2218.778382][ T333] ? _raw_spin_trylock_bh+0x190/0x190 [ 2218.784004][ T333] dump_header+0xdb/0x700 [ 2218.788348][ T333] oom_kill_process+0xd3/0x280 [ 2218.793141][ T333] out_of_memory+0x5b6/0x890 [ 2218.802093][ T333] ? unregister_oom_notifier+0x20/0x20 [ 2218.807742][ T333] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2218.813293][ T333] ? get_page_from_freelist+0x7c0/0x7c0 [ 2218.818955][ T333] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2218.824353][ T333] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2218.829904][ T333] pagecache_get_page+0x50f/0x880 [ 2218.834970][ T333] filemap_fault+0x14cb/0x1a30 [ 2218.839726][ T333] ? __down_read+0xf1/0x210 [ 2218.844223][ T333] ? generic_file_read_iter+0x20b0/0x20b0 [ 2218.849962][ T333] ? is_mmconf_reserved+0x420/0x420 [ 2218.855165][ T333] ext4_filemap_fault+0x7b/0x90 [ 2218.860014][ T333] handle_mm_fault+0x29ca/0x41e0 [ 2218.864953][ T333] ? finish_fault+0x230/0x230 [ 2218.869640][ T333] ? get_timespec64+0x11f/0x1d0 [ 2218.874503][ T333] ? down_read_trylock+0x17a/0x1d0 [ 2218.879623][ T333] ? __x64_sys_nanosleep+0x60/0x60 [ 2218.884744][ T333] ? vmacache_find+0x205/0x4b0 [ 2218.890035][ T333] do_user_addr_fault+0x48a/0x9f0 [ 2218.895074][ T333] page_fault+0x2f/0x40 [ 2218.904556][ T333] RIP: 0033:0x468a8d [ 2218.908448][ T333] Code: Bad RIP value. [ 2218.912499][ T333] RSP: 002b:000000c00004df18 EFLAGS: 00010202 [ 2218.918581][ T333] RAX: 0000000000000000 RBX: 0000000000000014 RCX: 0000000000468a8d [ 2218.926543][ T333] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000c00004df18 [ 2218.934507][ T333] RBP: 000000c00004df28 R08: 00000000002f6b94 R09: 00007ffcb21f80b8 [ 2218.942470][ T333] R10: 000000000006a6da R11: 0000000000000202 R12: 0000000000439470 [ 2218.950429][ T333] R13: 0000000000000000 R14: 0000000000ad5284 R15: 0000000000000000 [ 2218.963923][ T333] Mem-Info: [ 2218.982516][ T333] active_anon:1414387 inactive_anon:9707 isolated_anon:0 [ 2218.982516][ T333] active_file:10 inactive_file:14 isolated_file:0 [ 2218.982516][ T333] unevictable:363 dirty:0 writeback:0 unstable:0 [ 2218.982516][ T333] slab_reclaimable:10291 slab_unreclaimable:79214 [ 2218.982516][ T333] mapped:58102 shmem:9776 pagetables:37462 bounce:0 [ 2218.982516][ T333] free:9281 free_pcp:2 free_cma:0 [ 2219.022605][ T333] Node 0 active_anon:5657548kB inactive_anon:38828kB active_file:40kB inactive_file:32kB unevictable:1452kB isolated(anon):0kB isolated(file):0kB mapped:232408kB dirty:0kB writeback:0kB shmem:39104kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2219.048450][ T333] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2219.082266][ T333] lowmem_reserve[]: 0 2912 6416 6416 [ 2219.088353][ T333] DMA32 free:17308kB min:4644kB low:7624kB high:10604kB active_anon:2830832kB inactive_anon:5352kB active_file:92kB inactive_file:20kB unevictable:0kB writepending:0kB present:3129332kB managed:2983768kB mlocked:0kB kernel_stack:15968kB pagetables:21868kB bounce:0kB free_pcp:8kB local_pcp:8kB free_cma:0kB [ 2219.118776][ T333] lowmem_reserve[]: 0 0 3504 3504 [ 2219.123833][ T333] Normal free:3912kB min:5592kB low:9180kB high:12768kB active_anon:2826120kB inactive_anon:33476kB active_file:124kB inactive_file:0kB unevictable:1452kB writepending:0kB present:4718592kB managed:3588928kB mlocked:1452kB kernel_stack:29792kB pagetables:127980kB bounce:0kB free_pcp:4kB local_pcp:4kB free_cma:0kB [ 2219.161201][ T333] lowmem_reserve[]: 0 0 0 0 [ 2219.168522][ T333] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2219.188645][ T333] DMA32: 13*4kB (UM) 4*8kB (UM) 17*16kB (UM) 2*32kB (M) 1*64kB (M) 22*128kB (M) 4*256kB (M) 4*512kB (M) 3*1024kB (M) 2*2048kB (M) 1*4096kB (U) = 17636kB [ 2219.204100][ T333] Normal: 76*4kB (UME) 26*8kB (UME) 18*16kB (UME) 4*32kB (UM) 23*64kB (UM) 15*128kB (UM) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 4320kB [ 2219.218654][ T333] 10107 total pagecache pages [ 2219.223432][ T333] 0 pages in swap cache [ 2219.228708][ T333] Swap cache stats: add 0, delete 0, find 0/0 [ 2219.235158][ T333] Free swap = 0kB [ 2219.239014][ T333] Total swap = 0kB [ 2219.242825][ T333] 1965979 pages RAM [ 2219.246712][ T333] 0 pages HighMem/MovableOnly [ 2219.251469][ T333] 318829 pages reserved [ 2219.272405][ T333] 0 pages cma reserved [ 2219.277050][ T333] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.2,pid=26167,uid=0 [ 2219.292654][ T333] Out of memory: Killed process 26167 (syz-executor.2) total-vm:75240kB, anon-rss:14892kB, file-rss:35856kB, shmem-rss:0kB, UID:0 pgtables:156kB oom_score_adj:1000 [ 2219.337504][ T23] oom_reaper: reaped process 26167 (syz-executor.2), now anon-rss:0kB, file-rss:34824kB, shmem-rss:0kB [ 2219.381332][T28068] syz-executor.2 invoked oom-killer: gfp_mask=0x1100dca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO|0x1000000), order=0, oom_score_adj=1000 [ 2219.395450][T28068] CPU: 0 PID: 28068 Comm: syz-executor.2 Not tainted 5.4.56-syzkaller-00005-g8555f0d9d303 #0 [ 2219.405629][T28068] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2219.415785][T28068] Call Trace: [ 2219.419069][T28068] dump_stack+0x14a/0x1ce [ 2219.423564][T28068] ? devkmsg_release+0x11c/0x11c [ 2219.428507][T28068] ? show_regs_print_info+0x12/0x12 [ 2219.433695][T28068] ? radix_tree_cpu_dead+0x160/0x160 [ 2219.438974][T28068] ? _raw_spin_lock+0xa1/0x170 [ 2219.443729][T28068] ? _raw_spin_trylock_bh+0x190/0x190 [ 2219.449091][T28068] dump_header+0xdb/0x700 [ 2219.453413][T28068] oom_kill_process+0xd3/0x280 [ 2219.458166][T28068] out_of_memory+0x5b6/0x890 [ 2219.462749][T28068] ? unregister_oom_notifier+0x20/0x20 [ 2219.468205][T28068] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2219.473787][T28068] ? get_page_from_freelist+0x7c0/0x7c0 [ 2219.479341][T28068] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2219.485496][T28068] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2219.491034][T28068] ? mem_cgroup_commit_charge+0x1cc/0x2a0 [ 2219.496733][T28068] ? mem_cgroup_try_charge_delay+0x10/0x10 [ 2219.502529][T28068] ? __lru_cache_add+0x1a1/0x1f0 [ 2219.507458][T28068] wp_page_copy+0x1cb/0x1120 [ 2219.512060][T28068] ? add_mm_rss_vec+0x270/0x270 [ 2219.516902][T28068] ? vm_normal_page+0x1c9/0x1d0 [ 2219.521739][T28068] do_wp_page+0x4c1/0x1530 [ 2219.526144][T28068] ? push_rt_tasks+0x4f8/0x670 [ 2219.530908][T28068] ? _raw_spin_lock+0xa1/0x170 [ 2219.535678][T28068] ? do_swap_page+0x1560/0x1560 [ 2219.540527][T28068] handle_mm_fault+0xfa5/0x41e0 [ 2219.545378][T28068] ? finish_fault+0x230/0x230 [ 2219.550053][T28068] ? down_read_trylock+0x17a/0x1d0 [ 2219.555158][T28068] ? vmacache_find+0x205/0x4b0 [ 2219.559932][T28068] do_user_addr_fault+0x48a/0x9f0 [ 2219.564947][T28068] page_fault+0x2f/0x40 [ 2219.569103][T28068] RIP: 0010:copy_user_enhanced_fast_string+0xe/0x30 [ 2219.575681][T28068] Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 89 d1 f3 a4 [ 2219.595276][T28068] RSP: 0018:ffff888033697888 EFLAGS: 00010206 [ 2219.601338][T28068] RAX: ffffffff81f80e01 RBX: 0000000020981500 RCX: 0000000000000500 [ 2219.609337][T28068] RDX: 0000000000001000 RSI: ffff8881cf4e8b00 RDI: 0000000020981000 [ 2219.623380][T28068] RBP: ffff888033697da8 R08: dffffc0000000000 R09: ffffed1039e9d200 [ 2219.631346][T28068] R10: 0000000000000000 R11: 0000000000000000 R12: 00007ffffffff000 [ 2219.639312][T28068] R13: 0000000000001000 R14: ffff8881cf4e8000 R15: 0000000020980500 [ 2219.647301][T28068] ? _copy_to_iter+0x1021/0x1060 [ 2219.652253][T28068] copyout+0x8e/0xb0 [ 2219.656155][T28068] copy_page_to_iter+0x393/0xbd0 [ 2219.661790][T28068] pipe_to_user+0xa3/0x130 [ 2219.666201][T28068] __splice_from_pipe+0x2d3/0x870 [ 2219.671227][T28068] ? user_page_pipe_buf_steal+0xc0/0xc0 [ 2219.677561][T28068] do_vmsplice+0x252/0xee0 [ 2219.681971][T28068] ? avc_ss_reset+0x3a0/0x3a0 [ 2219.686653][T28068] ? write_pipe_buf+0x1d0/0x1d0 [ 2219.692467][T28068] ? __rcu_read_lock+0x50/0x50 [ 2219.697234][T28068] ? check_stack_object+0x5a/0x90 [ 2219.702255][T28068] ? _copy_from_user+0xa4/0xe0 [ 2219.707018][T28068] ? rw_copy_check_uvector+0x2b3/0x310 [ 2219.712487][T28068] ? import_iovec+0x1c2/0x380 [ 2219.717158][T28068] ? dup_iter+0x110/0x110 [ 2219.721491][T28068] ? do_vfs_ioctl+0x780/0x1750 [ 2219.726244][T28068] __se_sys_vmsplice+0x1fb/0x300 [ 2219.731174][T28068] ? __x64_sys_vmsplice+0xa0/0xa0 [ 2219.736200][T28068] ? put_timespec64+0x109/0x150 [ 2219.741046][T28068] ? __x64_sys_clock_gettime+0x20d/0x260 [ 2219.746673][T28068] ? __ia32_sys_clock_settime+0x2a0/0x2a0 [ 2219.752406][T28068] do_syscall_64+0xcb/0x150 [ 2219.756909][T28068] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2219.762798][T28068] RIP: 0033:0x45ccd9 [ 2219.766670][T28068] Code: 2d b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb b5 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2219.786348][T28068] RSP: 002b:00007fddb5d87c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000116 [ 2219.794749][T28068] RAX: ffffffffffffffda RBX: 0000000000035780 RCX: 000000000045ccd9 [ 2219.802709][T28068] RDX: 0000000000000001 RSI: 0000000020000000 RDI: 0000000000000004 [ 2219.810670][T28068] RBP: 000000000078c088 R08: 0000000000000000 R09: 0000000000000000 [ 2219.818664][T28068] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078c04c [ 2219.826833][T28068] R13: 00007ffdfaf6b1cf R14: 00007fddb5d889c0 R15: 000000000078c04c [ 2219.835095][T28068] Mem-Info: [ 2219.838223][T28068] active_anon:1413428 inactive_anon:9707 isolated_anon:0 [ 2219.838223][T28068] active_file:58 inactive_file:35 isolated_file:0 [ 2219.838223][T28068] unevictable:363 dirty:8 writeback:0 unstable:0 [ 2219.838223][T28068] slab_reclaimable:10291 slab_unreclaimable:78976 [ 2219.838223][T28068] mapped:58147 shmem:9776 pagetables:37432 bounce:0 [ 2219.838223][T28068] free:10134 free_pcp:516 free_cma:0 [ 2219.875934][T28068] Node 0 active_anon:5653712kB inactive_anon:38828kB active_file:232kB inactive_file:140kB unevictable:1452kB isolated(anon):0kB isolated(file):0kB mapped:232588kB dirty:32kB writeback:0kB shmem:39104kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2219.900303][T28068] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2219.926292][T28068] lowmem_reserve[]: 0 2912 6416 6416 [ 2219.931600][T28068] DMA32 free:17200kB min:4644kB low:7624kB high:10604kB active_anon:2832184kB inactive_anon:5352kB active_file:0kB inactive_file:56kB unevictable:0kB writepending:4kB present:3129332kB managed:2983768kB mlocked:0kB kernel_stack:15936kB pagetables:21872kB bounce:0kB free_pcp:464kB local_pcp:432kB free_cma:0kB [ 2219.960618][T28068] lowmem_reserve[]: 0 0 3504 3504 [ 2219.965715][T28068] Normal free:3816kB min:5592kB low:9180kB high:12768kB active_anon:2825060kB inactive_anon:33476kB active_file:132kB inactive_file:84kB unevictable:1452kB writepending:32kB present:4718592kB managed:3588928kB mlocked:1452kB kernel_stack:29728kB pagetables:127896kB bounce:0kB free_pcp:1740kB local_pcp:1252kB free_cma:0kB [ 2219.995855][T28068] lowmem_reserve[]: 0 0 0 0 [ 2220.000342][T28068] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2220.013652][T28068] DMA32: 4*4kB (UM) 2*8kB (UM) 21*16kB (UM) 3*32kB (U) 2*64kB (UM) 20*128kB (M) 5*256kB (M) 5*512kB (M) 4*1024kB (M) 3*2048kB (M) 0*4096kB = 17232kB [ 2220.028760][T28068] Normal: 40*4kB (ME) 11*8kB (ME) 1*16kB (E) 7*32kB (M) 24*64kB (M) 14*128kB (M) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 3816kB [ 2220.042409][T28068] 10123 total pagecache pages [ 2220.047070][T28068] 0 pages in swap cache [ 2220.051194][T28068] Swap cache stats: add 0, delete 0, find 0/0 [ 2220.057270][T28068] Free swap = 0kB [ 2220.060967][T28068] Total swap = 0kB [ 2220.064689][T28068] 1965979 pages RAM [ 2220.068481][T28068] 0 pages HighMem/MovableOnly [ 2220.073145][T28068] 318829 pages reserved [ 2220.077294][T28068] 0 pages cma reserved [ 2220.081349][T28068] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.1,pid=20328,uid=0 [ 2220.095448][T28068] Out of memory: Killed process 20328 (syz-executor.1) total-vm:75240kB, anon-rss:14952kB, file-rss:35776kB, shmem-rss:0kB, UID:0 pgtables:164kB oom_score_adj:1000 [ 2220.131291][ T333] syz-fuzzer invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 2220.160268][ T333] CPU: 0 PID: 333 Comm: syz-fuzzer Not tainted 5.4.56-syzkaller-00005-g8555f0d9d303 #0 [ 2220.169928][ T333] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2220.179992][ T333] Call Trace: [ 2220.183283][ T333] dump_stack+0x14a/0x1ce [ 2220.187619][ T333] ? devkmsg_release+0x11c/0x11c [ 2220.192559][ T333] ? show_regs_print_info+0x12/0x12 [ 2220.197764][ T333] ? radix_tree_cpu_dead+0x160/0x160 [ 2220.203053][ T333] ? _raw_spin_lock+0xa1/0x170 [ 2220.207822][ T333] ? _raw_spin_trylock_bh+0x190/0x190 [ 2220.213195][ T333] dump_header+0xdb/0x700 [ 2220.217549][ T333] oom_kill_process+0xd3/0x280 [ 2220.222317][ T333] out_of_memory+0x5b6/0x890 [ 2220.226915][ T333] ? unregister_oom_notifier+0x20/0x20 [ 2220.232375][ T333] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2220.237926][ T333] ? get_page_from_freelist+0x7c0/0x7c0 [ 2220.243476][ T333] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2220.248874][ T333] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2220.254438][ T333] pagecache_get_page+0x50f/0x880 [ 2220.259456][ T333] filemap_fault+0x14cb/0x1a30 [ 2220.264220][ T333] ? __down_read+0xf1/0x210 [ 2220.268730][ T333] ? generic_file_read_iter+0x20b0/0x20b0 [ 2220.274446][ T333] ? is_mmconf_reserved+0x420/0x420 [ 2220.279639][ T333] ext4_filemap_fault+0x7b/0x90 [ 2220.284492][ T333] handle_mm_fault+0x29ca/0x41e0 [ 2220.289427][ T333] ? finish_fault+0x230/0x230 [ 2220.294099][ T333] ? get_timespec64+0x11f/0x1d0 [ 2220.298949][ T333] ? down_read_trylock+0x17a/0x1d0 [ 2220.304055][ T333] ? __x64_sys_nanosleep+0x60/0x60 [ 2220.309955][ T333] ? vmacache_find+0x205/0x4b0 [ 2220.314710][ T333] do_user_addr_fault+0x48a/0x9f0 [ 2220.319727][ T333] page_fault+0x2f/0x40 [ 2220.323862][ T333] RIP: 0033:0x4561e1 [ 2220.327750][ T333] Code: ff ff 48 3b 61 10 0f 86 88 01 00 00 48 83 ec 50 48 89 6c 24 48 48 8d 6c 24 48 48 8d 05 c0 da 3e 01 48 89 04 24 e8 ef 49 fb ff <48> 8b 05 68 1d 3c 01 48 89 44 24 40 48 8b 0d 64 1d 3c 01 48 89 4c [ 2220.347347][ T333] RSP: 002b:000000c00004dee0 EFLAGS: 00010206 [ 2220.353406][ T333] RAX: 0000000001843c98 RBX: 000000c00003e000 RCX: 0000000000000000 [ 2220.361377][ T333] RDX: 0000000001843c98 RSI: 000000c00004df10 RDI: 00000000146d8733 [ 2220.369343][ T333] RBP: 000000c00004df28 R08: 00007ffcb21f8080 R09: 00007ffcb21f80b8 [ 2220.377310][ T333] R10: 000000000006a758 R11: 00000000000008ab R12: 0000000000439470 [ 2220.385281][ T333] R13: 0000000000000000 R14: 0000000000ad5284 R15: 0000000000000000 [ 2220.421456][ T333] Mem-Info: [ 2220.426584][ T333] active_anon:1408033 inactive_anon:9707 isolated_anon:0 [ 2220.426584][ T333] active_file:830 inactive_file:903 isolated_file:0 [ 2220.426584][ T333] unevictable:363 dirty:33 writeback:1 unstable:0 [ 2220.426584][ T333] slab_reclaimable:10290 slab_unreclaimable:79013 [ 2220.426584][ T333] mapped:59521 shmem:9776 pagetables:37459 bounce:0 [ 2220.426584][ T333] free:13840 free_pcp:612 free_cma:0 21:33:48 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/netlink\x00') preadv(r3, &(0x7f00000017c0), 0x375, 0x900, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) 21:33:48 executing program 3: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:33:48 executing program 2: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:33:48 executing program 5: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x2, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x0) [ 2220.478387][ T333] Node 0 active_anon:5624532kB inactive_anon:38828kB active_file:3820kB inactive_file:4812kB unevictable:1452kB isolated(anon):0kB isolated(file):0kB mapped:238984kB dirty:232kB writeback:4kB shmem:39104kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no 21:33:48 executing program 4: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) r4 = creat(&(0x7f0000000300)='./bus\x00', 0x0) io_setup(0xb, &(0x7f0000000040)=0x0) io_submit(r5, 0x8, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r4, &(0x7f0000000000), 0x200a00}]) io_pgetevents(r5, 0x80000000, 0x1, &(0x7f00000000c0)=[{}], &(0x7f0000000140), &(0x7f00000001c0)={&(0x7f0000000200)={[0x7]}, 0x8}) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r6, &(0x7f00000017c0), 0x375, 0x0, 0x0) 21:33:48 executing program 0: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0xfffffffffffffdc1, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x4000850}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=ANY=[@ANYBLOB="60008e000000000000dd7b8cbb88271f4c029002ea2985013b8dff8307d1f9ee332c63ed82eea08ca3cfc286a5a527ca8d3e3763fa8cc5731479702bdc11b9fe", @ANYRES32=0x0, @ANYBLOB="db80833c00000000300012800b000100697036746e6c000020000280060010000000000014000300fe800000000000000000000000000000080004000100010008000a00", @ANYRES32=r5, @ANYBLOB], 0x60}}, 0x0) sendmsg$NL80211_CMD_DEL_MPATH(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="687cd9cd", @ANYRES16=0x0, @ANYBLOB="000126bd7000fbdbdf251800000008000100020000000a001a00aaaaaaaaaa0a00000a000600aaaaaaaaaa2a000008000300", @ANYRES32=0x0, @ANYBLOB="08000300", @ANYRES32=0x0, @ANYBLOB="08000300", @ANYRES32=0x0, @ANYBLOB="08000300", @ANYRES32=r5, @ANYBLOB="0a001a000180c200000100000c0099000600000004000000"], 0x6c}, 0x1, 0x0, 0x0, 0x90}, 0x8894) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r6, &(0x7f00000017c0), 0x375, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) [ 2220.514867][ T333] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2220.555206][ T333] lowmem_reserve[]: 0 2912 6416 6416 [ 2220.572454][ T333] DMA32 free:29068kB min:4644kB low:7624kB high:10604kB active_anon:2812048kB inactive_anon:5352kB active_file:2976kB inactive_file:4312kB unevictable:0kB writepending:4kB present:3129332kB managed:2983768kB mlocked:0kB kernel_stack:15744kB pagetables:21772kB bounce:0kB free_pcp:1068kB local_pcp:272kB free_cma:0kB [ 2220.783318][ T333] lowmem_reserve[]: 0 0 3504 3504 [ 2220.790379][ T333] Normal free:8480kB min:13784kB low:17372kB high:20960kB active_anon:2822400kB inactive_anon:33476kB active_file:8kB inactive_file:84kB unevictable:1452kB writepending:0kB present:4718592kB managed:3588928kB mlocked:1452kB kernel_stack:29728kB pagetables:127936kB bounce:0kB free_pcp:24kB local_pcp:0kB free_cma:0kB [ 2220.820231][ T333] lowmem_reserve[]: 0 0 0 0 [ 2220.825511][ T333] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2220.838980][ T333] DMA32: 30*4kB (U) 9*8kB (UM) 9*16kB (UM) 12*32kB (UMH) 10*64kB (UMH) 28*128kB (MH) 9*256kB (UMH) 4*512kB (M) 4*1024kB (UM) 2*2048kB (M) 0*4096kB = 17488kB [ 2220.855166][ T333] Normal: 86*4kB (UME) 56*8kB (UME) 170*16kB (UME) 54*32kB (UM) 25*64kB (UM) 14*128kB (UM) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8632kB [ 2220.869857][ T333] 10128 total pagecache pages [ 2220.874826][ T333] 0 pages in swap cache [ 2220.879245][ T333] Swap cache stats: add 0, delete 0, find 0/0 [ 2220.886098][ T333] Free swap = 0kB [ 2220.889956][ T333] Total swap = 0kB [ 2220.893741][ T333] 1965979 pages RAM [ 2220.898687][ T333] 0 pages HighMem/MovableOnly [ 2220.903409][ T333] 318829 pages reserved [ 2220.907943][ T333] 0 pages cma reserved [ 2220.912065][ T333] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.5,pid=28046,uid=0 [ 2220.928834][ T333] syz-fuzzer invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 2220.939533][ T333] CPU: 1 PID: 333 Comm: syz-fuzzer Not tainted 5.4.56-syzkaller-00005-g8555f0d9d303 #0 [ 2220.949155][ T333] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2220.959198][ T333] Call Trace: [ 2220.962482][ T333] dump_stack+0x14a/0x1ce [ 2220.966806][ T333] ? devkmsg_release+0x11c/0x11c [ 2220.971789][ T333] ? show_regs_print_info+0x12/0x12 [ 2220.977007][ T333] ? radix_tree_cpu_dead+0x160/0x160 [ 2220.982290][ T333] ? _raw_spin_lock+0xa1/0x170 [ 2220.987040][ T333] ? _raw_spin_trylock_bh+0x190/0x190 [ 2220.992400][ T333] dump_header+0xdb/0x700 [ 2220.996730][ T333] oom_kill_process+0xd3/0x280 [ 2221.001525][ T333] out_of_memory+0x5b6/0x890 [ 2221.006145][ T333] ? unregister_oom_notifier+0x20/0x20 [ 2221.011622][ T333] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2221.017189][ T333] ? get_page_from_freelist+0x7c0/0x7c0 [ 2221.022723][ T333] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2221.028085][ T333] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2221.033643][ T333] pagecache_get_page+0x50f/0x880 [ 2221.038655][ T333] filemap_fault+0x14cb/0x1a30 [ 2221.043420][ T333] ? __down_read+0xf1/0x210 [ 2221.047907][ T333] ? generic_file_read_iter+0x20b0/0x20b0 [ 2221.053608][ T333] ? is_mmconf_reserved+0x420/0x420 [ 2221.058792][ T333] ext4_filemap_fault+0x7b/0x90 [ 2221.063632][ T333] handle_mm_fault+0x29ca/0x41e0 [ 2221.068579][ T333] ? finish_fault+0x230/0x230 [ 2221.073293][ T333] ? get_timespec64+0x11f/0x1d0 [ 2221.078246][ T333] ? down_read_trylock+0x17a/0x1d0 [ 2221.083344][ T333] ? __x64_sys_nanosleep+0x60/0x60 [ 2221.088442][ T333] ? vmacache_find+0x205/0x4b0 [ 2221.093195][ T333] do_user_addr_fault+0x48a/0x9f0 [ 2221.098222][ T333] page_fault+0x2f/0x40 [ 2221.102366][ T333] RIP: 0033:0x4561e1 [ 2221.106258][ T333] Code: Bad RIP value. [ 2221.110417][ T333] RSP: 002b:000000c00004dee0 EFLAGS: 00010206 [ 2221.116460][ T333] RAX: 0000000001843c98 RBX: 000000c00003e000 RCX: 0000000000000000 [ 2221.124436][ T333] RDX: 0000000001843c98 RSI: 000000c00004df10 RDI: 00000000146d8733 [ 2221.132402][ T333] RBP: 000000c00004df28 R08: 00007ffcb21f8080 R09: 00007ffcb21f80b8 [ 2221.140363][ T333] R10: 000000000006a758 R11: 00000000000008ab R12: 0000000000439470 [ 2221.148349][ T333] R13: 0000000000000000 R14: 0000000000ad5284 R15: 0000000000000000 [ 2221.189091][ T333] Mem-Info: [ 2221.192372][ T333] active_anon:1414416 inactive_anon:9707 isolated_anon:0 [ 2221.192372][ T333] active_file:27 inactive_file:2 isolated_file:0 [ 2221.192372][ T333] unevictable:363 dirty:33 writeback:0 unstable:0 [ 2221.192372][ T333] slab_reclaimable:10289 slab_unreclaimable:78868 [ 2221.192372][ T333] mapped:58141 shmem:9776 pagetables:37525 bounce:0 [ 2221.192372][ T333] free:9378 free_pcp:145 free_cma:0 [ 2221.231169][ T333] Node 0 active_anon:5657864kB inactive_anon:38828kB active_file:108kB inactive_file:8kB unevictable:1452kB isolated(anon):0kB isolated(file):0kB mapped:232564kB dirty:132kB writeback:0kB shmem:39104kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2221.258807][ T333] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2221.303015][ T333] lowmem_reserve[]: 0 2912 6416 6416 [ 2221.308752][ T333] DMA32 free:17084kB min:4644kB low:7624kB high:10604kB active_anon:2831120kB inactive_anon:5352kB active_file:128kB inactive_file:8kB unevictable:0kB writepending:112kB present:3129332kB managed:2983768kB mlocked:0kB kernel_stack:16096kB pagetables:22168kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2221.338063][ T333] lowmem_reserve[]: 0 0 3504 3504 [ 2221.343133][ T333] Normal free:4064kB min:5592kB low:9180kB high:12768kB active_anon:2825968kB inactive_anon:33476kB active_file:16kB inactive_file:0kB unevictable:1452kB writepending:20kB present:4718592kB managed:3588928kB mlocked:1452kB kernel_stack:29696kB pagetables:127932kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2221.372754][ T333] lowmem_reserve[]: 0 0 0 0 [ 2221.377288][ T333] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2221.390664][ T333] DMA32: 91*4kB (UM) 6*8kB (UM) 14*16kB (UM) 16*32kB (UMH) 9*64kB (UMH) 27*128kB (MH) 9*256kB (UMH) 4*512kB (M) 4*1024kB (UM) 2*2048kB (M) 0*4096kB = 17724kB [ 2221.410890][ T333] Normal: 65*4kB (UME) 17*8kB (UME) 13*16kB (UME) 22*32kB (UM) 26*64kB (M) 13*128kB (M) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 4636kB [ 2221.428898][ T333] 10154 total pagecache pages [ 2221.433612][ T333] 0 pages in swap cache [ 2221.438550][ T333] Swap cache stats: add 0, delete 0, find 0/0 [ 2221.445087][ T333] Free swap = 0kB [ 2221.448792][ T333] Total swap = 0kB [ 2221.452497][ T333] 1965979 pages RAM [ 2221.456718][ T333] 0 pages HighMem/MovableOnly [ 2221.461375][ T333] 318829 pages reserved [ 2221.465912][ T333] 0 pages cma reserved [ 2221.469965][ T333] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.2,pid=19770,uid=0 [ 2221.484100][ T333] Out of memory: Killed process 19770 (syz-executor.2) total-vm:75240kB, anon-rss:14852kB, file-rss:35792kB, shmem-rss:0kB, UID:0 pgtables:156kB oom_score_adj:1000 [ 2221.503392][ T23] oom_reaper: reaped process 19770 (syz-executor.2), now anon-rss:0kB, file-rss:34824kB, shmem-rss:0kB [ 2221.540331][T28100] syz-executor.3 invoked oom-killer: gfp_mask=0x500cc2(GFP_HIGHUSER|__GFP_ACCOUNT), order=0, oom_score_adj=1000 [ 2221.553152][T28100] CPU: 1 PID: 28100 Comm: syz-executor.3 Not tainted 5.4.56-syzkaller-00005-g8555f0d9d303 #0 [ 2221.563311][T28100] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2221.573362][T28100] Call Trace: [ 2221.576646][T28100] dump_stack+0x14a/0x1ce [ 2221.580945][T28100] ? devkmsg_release+0x11c/0x11c [ 2221.585858][T28100] ? show_regs_print_info+0x12/0x12 [ 2221.591042][T28100] ? radix_tree_cpu_dead+0x160/0x160 [ 2221.596307][T28100] ? _raw_spin_lock+0xa1/0x170 [ 2221.601097][T28100] ? _raw_spin_trylock_bh+0x190/0x190 [ 2221.606455][T28100] dump_header+0xdb/0x700 [ 2221.610775][T28100] oom_kill_process+0xd3/0x280 [ 2221.615519][T28100] out_of_memory+0x5b6/0x890 [ 2221.620096][T28100] ? unregister_oom_notifier+0x20/0x20 [ 2221.625528][T28100] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2221.631046][T28100] ? get_page_from_freelist+0x7c0/0x7c0 [ 2221.636582][T28100] ? __zone_watermark_ok+0x91/0x280 [ 2221.641762][T28100] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2221.647130][T28100] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2221.652653][T28100] ? copy_page_from_iter+0x3f3/0x660 [ 2221.657921][T28100] pipe_write+0x4da/0xe40 [ 2221.662253][T28100] __vfs_write+0x59d/0x720 [ 2221.666651][T28100] ? __kernel_write+0x340/0x340 [ 2221.671480][T28100] ? security_file_permission+0x128/0x300 [ 2221.677179][T28100] vfs_write+0x217/0x4f0 [ 2221.681428][T28100] ksys_write+0x18c/0x2c0 [ 2221.685746][T28100] ? __ia32_sys_read+0x80/0x80 [ 2221.690489][T28100] do_syscall_64+0xcb/0x150 [ 2221.694971][T28100] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2221.700834][T28100] RIP: 0033:0x45ccd9 [ 2221.704701][T28100] Code: 2d b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb b5 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2221.724290][T28100] RSP: 002b:00007fbf5aa12c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2221.732683][T28100] RAX: ffffffffffffffda RBX: 00000000000358c0 RCX: 000000000045ccd9 [ 2221.740636][T28100] RDX: 0000000041395527 RSI: 0000000020000340 RDI: 0000000000000005 [ 2221.748590][T28100] RBP: 000000000078bfe0 R08: 0000000000000000 R09: 0000000000000000 [ 2221.756542][T28100] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bfac [ 2221.764492][T28100] R13: 00007ffd7c7965df R14: 00007fbf5aa139c0 R15: 000000000078bfac [ 2221.773650][T28100] Mem-Info: [ 2221.812082][T28100] active_anon:1409904 inactive_anon:9707 isolated_anon:0 [ 2221.812082][T28100] active_file:76 inactive_file:394 isolated_file:0 [ 2221.812082][T28100] unevictable:363 dirty:21 writeback:3 unstable:0 [ 2221.812082][T28100] slab_reclaimable:10289 slab_unreclaimable:78857 [ 2221.812082][T28100] mapped:58383 shmem:9776 pagetables:37500 bounce:0 [ 2221.812082][T28100] free:13720 free_pcp:104 free_cma:0 [ 2221.850727][T28100] Node 0 active_anon:5639716kB inactive_anon:38828kB active_file:604kB inactive_file:2076kB unevictable:1452kB isolated(anon):0kB isolated(file):0kB mapped:234032kB dirty:84kB writeback:12kB shmem:39104kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2221.876093][T28100] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2221.902761][T28100] lowmem_reserve[]: 0 2912 6416 6416 [ 2221.908345][T28100] DMA32 free:20628kB min:4644kB low:7624kB high:10604kB active_anon:2830272kB inactive_anon:5352kB active_file:0kB inactive_file:24kB unevictable:0kB writepending:24kB present:3129332kB managed:2983768kB mlocked:0kB kernel_stack:15584kB pagetables:22080kB bounce:0kB free_pcp:216kB local_pcp:136kB free_cma:0kB [ 2221.937666][T28100] lowmem_reserve[]: 0 0 3504 3504 21:33:49 executing program 2: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) [ 2221.942877][T28100] Normal free:17728kB min:5592kB low:9180kB high:12768kB active_anon:2810000kB inactive_anon:33476kB active_file:1012kB inactive_file:1640kB unevictable:1452kB writepending:72kB present:4718592kB managed:3588928kB mlocked:1452kB kernel_stack:29664kB pagetables:127920kB bounce:0kB free_pcp:1100kB local_pcp:192kB free_cma:0kB [ 2221.973878][T28100] lowmem_reserve[]: 0 0 0 0 [ 2221.978684][T28100] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2221.992500][T28100] DMA32: 577*4kB (UM) 36*8kB (UM) 28*16kB (UM) 25*32kB (UMH) 12*64kB (UMH) 29*128kB (UMH) 9*256kB (UMH) 4*512kB (M) 4*1024kB (UM) 2*2048kB (M) 0*4096kB = 20868kB [ 2222.009491][T28100] Normal: 396*4kB (UMEH) 56*8kB (UME) 60*16kB (UME) 105*32kB (UM) 64*64kB (UM) 37*128kB (UM) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 15184kB [ 2222.047581][T28100] 11159 total pagecache pages [ 2222.052724][T28100] 0 pages in swap cache [ 2222.057191][T28100] Swap cache stats: add 0, delete 0, find 0/0 21:33:50 executing program 5: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x3, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x0) [ 2222.064177][T28100] Free swap = 0kB [ 2222.068489][T28100] Total swap = 0kB [ 2222.072660][T28100] 1965979 pages RAM [ 2222.077317][T28100] 0 pages HighMem/MovableOnly 21:33:50 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/netlink\x00') preadv(r3, &(0x7f00000017c0), 0x375, 0x900, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) [ 2222.105372][T28100] 318829 pages reserved [ 2222.114683][T28100] 0 pages cma reserved [ 2222.121513][T28100] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.0,pid=10700,uid=0 [ 2222.137490][T28100] Out of memory: Killed process 10700 (syz-executor.0) total-vm:75240kB, anon-rss:14592kB, file-rss:35836kB, shmem-rss:0kB, UID:0 pgtables:160kB oom_score_adj:1000 [ 2222.224922][ T23] oom_reaper: reaped process 10700 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 21:33:50 executing program 3: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) [ 2222.415363][ T336] syz-fuzzer invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 2222.455382][ T336] CPU: 0 PID: 336 Comm: syz-fuzzer Not tainted 5.4.56-syzkaller-00005-g8555f0d9d303 #0 [ 2222.465048][ T336] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2222.475109][ T336] Call Trace: [ 2222.478391][ T336] dump_stack+0x14a/0x1ce [ 2222.482706][ T336] ? devkmsg_release+0x11c/0x11c [ 2222.487814][ T336] ? show_regs_print_info+0x12/0x12 [ 2222.493006][ T336] ? radix_tree_cpu_dead+0x160/0x160 [ 2222.498306][ T336] ? _raw_spin_lock+0xa1/0x170 [ 2222.503070][ T336] ? _raw_spin_trylock_bh+0x190/0x190 [ 2222.508430][ T336] dump_header+0xdb/0x700 [ 2222.512748][ T336] oom_kill_process+0xd3/0x280 [ 2222.517511][ T336] out_of_memory+0x5b6/0x890 [ 2222.522096][ T336] ? unregister_oom_notifier+0x20/0x20 [ 2222.527547][ T336] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2222.533084][ T336] ? get_page_from_freelist+0x7c0/0x7c0 [ 2222.538621][ T336] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2222.543985][ T336] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2222.549528][ T336] pagecache_get_page+0x50f/0x880 [ 2222.554556][ T336] filemap_fault+0x14cb/0x1a30 [ 2222.559343][ T336] ? __down_read+0xf1/0x210 [ 2222.563845][ T336] ? generic_file_read_iter+0x20b0/0x20b0 [ 2222.569577][ T336] ext4_filemap_fault+0x7b/0x90 [ 2222.574426][ T336] handle_mm_fault+0x29ca/0x41e0 [ 2222.579364][ T336] ? finish_fault+0x230/0x230 [ 2222.584035][ T336] ? down_read_trylock+0x17a/0x1d0 [ 2222.589145][ T336] ? vmacache_find+0x47a/0x4b0 [ 2222.593904][ T336] do_user_addr_fault+0x48a/0x9f0 [ 2222.598923][ T336] page_fault+0x2f/0x40 [ 2222.603060][ T336] RIP: 0033:0x7f73f0 [ 2222.606983][ T336] Code: Bad RIP value. [ 2222.611060][ T336] RSP: 002b:000000c000d07770 EFLAGS: 00010206 [ 2222.617103][ T336] RAX: 0000000000000000 RBX: 000000c00c6f7b00 RCX: 0000000000000000 [ 2222.625062][ T336] RDX: 0000000000000000 RSI: 000000c0102d2b20 RDI: 0000000001000000 [ 2222.633021][ T336] RBP: 000000c000d07860 R08: 00007fd74433a000 R09: 0000000000203002 [ 2222.640987][ T336] R10: 0000000000000002 R11: 0000000000000011 R12: 00000000000000f1 [ 2222.648962][ T336] R13: 0000000000000000 R14: 0000000000ad4ef6 R15: 0000000000000000 [ 2222.661668][ T336] Mem-Info: [ 2222.664987][ T336] active_anon:1414223 inactive_anon:9707 isolated_anon:0 [ 2222.664987][ T336] active_file:20 inactive_file:29 isolated_file:32 [ 2222.664987][ T336] unevictable:363 dirty:11 writeback:9 unstable:0 [ 2222.664987][ T336] slab_reclaimable:10289 slab_unreclaimable:78790 [ 2222.664987][ T336] mapped:58172 shmem:9776 pagetables:37501 bounce:0 [ 2222.664987][ T336] free:9816 free_pcp:123 free_cma:0 [ 2222.702854][ T336] Node 0 active_anon:5656952kB inactive_anon:38828kB active_file:88kB inactive_file:128kB unevictable:1452kB isolated(anon):0kB isolated(file):32kB mapped:232656kB dirty:12kB writeback:0kB shmem:39104kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2222.727203][ T336] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2222.753201][ T336] lowmem_reserve[]: 0 2912 6416 6416 [ 2222.758535][ T336] DMA32 free:18272kB min:4644kB low:7624kB high:10604kB active_anon:2831908kB inactive_anon:5352kB active_file:220kB inactive_file:24kB unevictable:0kB writepending:0kB present:3129332kB managed:2983768kB mlocked:0kB kernel_stack:15680kB pagetables:22184kB bounce:0kB free_pcp:216kB local_pcp:216kB free_cma:0kB [ 2222.787835][ T336] lowmem_reserve[]: 0 0 3504 3504 [ 2222.792874][ T336] Normal free:5424kB min:5592kB low:9180kB high:12768kB active_anon:2825044kB inactive_anon:33476kB active_file:244kB inactive_file:108kB unevictable:1452kB writepending:8kB present:4718592kB managed:3588928kB mlocked:1452kB kernel_stack:29792kB pagetables:128016kB bounce:0kB free_pcp:408kB local_pcp:276kB free_cma:0kB [ 2222.823001][ T336] lowmem_reserve[]: 0 0 0 0 [ 2222.827548][ T336] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2222.841029][ T336] DMA32: 62*4kB (UM) 9*8kB (UM) 12*16kB (UM) 37*32kB (UMH) 12*64kB (UMH) 24*128kB (UMH) 10*256kB (UMH) 4*512kB (M) 4*1024kB (UM) 2*2048kB (M) 0*4096kB = 18336kB [ 2222.857237][ T336] Normal: 209*4kB (UME) 52*8kB (UME) 17*16kB (UME) 9*32kB (UM) 4*64kB (UM) 25*128kB (M) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 5268kB [ 2222.871547][ T336] 10128 total pagecache pages [ 2222.876230][ T336] 0 pages in swap cache [ 2222.880362][ T336] Swap cache stats: add 0, delete 0, find 0/0 [ 2222.886421][ T336] Free swap = 0kB [ 2222.890113][ T336] Total swap = 0kB [ 2222.893799][ T336] 1965979 pages RAM [ 2222.897604][ T336] 0 pages HighMem/MovableOnly [ 2222.902264][ T336] 318829 pages reserved [ 2222.906484][ T336] 0 pages cma reserved [ 2222.910544][ T336] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.2,pid=28129,uid=0 [ 2222.924687][ T336] Out of memory: Killed process 28130 (syz-executor.2) total-vm:75372kB, anon-rss:16564kB, file-rss:35912kB, shmem-rss:0kB, UID:0 pgtables:156kB oom_score_adj:1000 [ 2222.945022][ T23] oom_reaper: reaped process 28130 (syz-executor.2), now anon-rss:0kB, file-rss:34824kB, shmem-rss:0kB 21:33:51 executing program 2: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, 0x0) preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:33:51 executing program 5: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x4, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x0) 21:33:51 executing program 0: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) read$char_usb(0xffffffffffffffff, 0x0, 0x7ffff000) ioctl$TUNSETFILTEREBPF(0xffffffffffffffff, 0x800454e1, &(0x7f0000000140)) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f0000000000)='pagemap\x00') read$char_usb(r4, 0x0, 0x7ffff000) bpf$ITER_CREATE(0x21, &(0x7f00000000c0)={r4}, 0x8) r5 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r5, &(0x7f00000017c0), 0x375, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) [ 2223.343600][T28144] syz-executor.1 invoked oom-killer: gfp_mask=0x1100dca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO|0x1000000), order=0, oom_score_adj=1000 [ 2223.416955][T28144] CPU: 0 PID: 28144 Comm: syz-executor.1 Not tainted 5.4.56-syzkaller-00005-g8555f0d9d303 #0 [ 2223.428058][T28144] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2223.438457][T28144] Call Trace: [ 2223.441774][T28144] dump_stack+0x14a/0x1ce [ 2223.446583][T28144] ? devkmsg_release+0x11c/0x11c [ 2223.451508][T28144] ? show_regs_print_info+0x12/0x12 [ 2223.456692][T28144] ? radix_tree_cpu_dead+0x160/0x160 [ 2223.462594][T28144] ? _raw_spin_lock+0xa1/0x170 [ 2223.467344][T28144] ? _raw_spin_trylock_bh+0x190/0x190 [ 2223.472710][T28144] dump_header+0xdb/0x700 [ 2223.477630][T28144] oom_kill_process+0xd3/0x280 [ 2223.482372][T28144] out_of_memory+0x5b6/0x890 [ 2223.487915][T28144] ? unregister_oom_notifier+0x20/0x20 [ 2223.493800][T28144] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2223.499346][T28144] ? get_page_from_freelist+0x7c0/0x7c0 [ 2223.504906][T28144] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2223.510471][T28144] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2223.516000][T28144] handle_mm_fault+0x18e6/0x41e0 [ 2223.523372][T28144] ? find_vma+0x150/0x150 [ 2223.528529][T28144] ? finish_fault+0x230/0x230 [ 2223.533191][T28144] ? up_write+0xa1/0x190 [ 2223.537422][T28144] ? down_read_trylock+0x17a/0x1d0 [ 2223.542546][T28144] ? vmacache_update+0x9f/0xf0 [ 2223.547305][T28144] do_user_addr_fault+0x48a/0x9f0 [ 2223.552586][T28144] page_fault+0x2f/0x40 [ 2223.556862][T28144] RIP: 0033:0x4142bf [ 2223.560739][T28144] Code: 0f 84 c8 02 00 00 48 83 bd 78 ff ff ff 00 0f 84 f9 04 00 00 48 8b 95 68 ff ff ff 44 89 95 38 ff ff ff 4c 8d ac 10 00 f7 ff ff <49> 89 85 90 06 00 00 49 8d 85 10 03 00 00 49 89 95 98 06 00 00 41 [ 2223.582108][T28144] RSP: 002b:00007ffee81ce3c0 EFLAGS: 00010206 [ 2223.588247][T28144] RAX: 00007f08e9563000 RBX: 0000000000020000 RCX: 000000000045cd2a [ 2223.596344][T28144] RDX: 0000000000021000 RSI: 0000000000021000 RDI: 0000000000000000 [ 2223.604321][T28144] RBP: 00007ffee81ce4a0 R08: ffffffffffffffff R09: 0000000000000000 [ 2223.612290][T28144] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffee81ce5a0 [ 2223.620258][T28144] R13: 00007f08e9583700 R14: 0000000000000992 R15: 000000000078c0ec [ 2223.635892][T28144] Mem-Info: [ 2223.640550][T28144] active_anon:1414290 inactive_anon:9707 isolated_anon:0 [ 2223.640550][T28144] active_file:31 inactive_file:0 isolated_file:1 [ 2223.640550][T28144] unevictable:363 dirty:0 writeback:0 unstable:0 [ 2223.640550][T28144] slab_reclaimable:10286 slab_unreclaimable:79121 [ 2223.640550][T28144] mapped:58153 shmem:9776 pagetables:37628 bounce:0 [ 2223.640550][T28144] free:9293 free_pcp:0 free_cma:0 [ 2223.683851][T28144] Node 0 active_anon:5655860kB inactive_anon:38828kB active_file:124kB inactive_file:0kB unevictable:1452kB isolated(anon):0kB isolated(file):4kB mapped:232612kB dirty:0kB writeback:0kB shmem:39104kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 2223.708469][T28144] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2223.734869][T28144] lowmem_reserve[]: 0 2912 6416 6416 [ 2223.740468][T28144] DMA32 free:20944kB min:4644kB low:7624kB high:10604kB active_anon:2825184kB inactive_anon:5352kB active_file:0kB inactive_file:28kB unevictable:0kB writepending:0kB present:3129332kB managed:2983768kB mlocked:0kB kernel_stack:16000kB pagetables:22512kB bounce:0kB free_pcp:1348kB local_pcp:0kB free_cma:0kB [ 2223.770164][T28144] lowmem_reserve[]: 0 0 3504 3504 [ 2223.779161][T28144] Normal free:5176kB min:5592kB low:9180kB high:12768kB active_anon:2824416kB inactive_anon:33476kB active_file:124kB inactive_file:448kB unevictable:1452kB writepending:0kB present:4718592kB managed:3588928kB mlocked:1452kB kernel_stack:29824kB pagetables:128000kB bounce:0kB free_pcp:1196kB local_pcp:248kB free_cma:0kB [ 2223.841444][T28144] lowmem_reserve[]: 0 0 0 0 [ 2223.846256][T28144] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2223.859718][T28144] DMA32: 39*4kB (UM) 17*8kB (U) 15*16kB (UM) 8*32kB (UM) 5*64kB (UM) 36*128kB (M) 10*256kB (UM) 5*512kB (UM) 4*1024kB (UM) 1*2048kB (M) 0*4096kB = 16980kB [ 2223.884070][T28144] Normal: 86*4kB (UME) 20*8kB (UME) 10*16kB (UME) 21*32kB (M) 2*64kB (UM) 23*128kB (M) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 4408kB [ 2223.898374][T28144] 10128 total pagecache pages [ 2223.903116][T28144] 0 pages in swap cache [ 2223.908089][T28144] Swap cache stats: add 0, delete 0, find 0/0 [ 2223.918328][T28144] Free swap = 0kB [ 2223.922086][T28144] Total swap = 0kB [ 2223.926027][T28144] 1965979 pages RAM [ 2223.929854][T28144] 0 pages HighMem/MovableOnly [ 2223.934578][T28144] 318829 pages reserved [ 2223.938759][T28144] 0 pages cma reserved [ 2223.942836][T28144] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.5,pid=28127,uid=0 [ 2223.957367][T28144] Out of memory: Killed process 28127 (syz-executor.5) total-vm:75636kB, anon-rss:16592kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:156kB oom_score_adj:1000 [ 2223.976436][ T23] oom_reaper: reaped process 28127 (syz-executor.5), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 21:33:52 executing program 2: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, 0x0) preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:33:52 executing program 3: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:33:52 executing program 5: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x5, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x0) 21:33:52 executing program 0: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) r4 = dup(r2) ioctl(r4, 0x4, &(0x7f00000000c0)="d919b374a06fd199ff1da3a07b3afc72f1") write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r5, &(0x7f00000017c0), 0x375, 0x0, 0x0) r6 = syz_genetlink_get_family_id$tipc2(&(0x7f00000001c0)='TIPCv2\x00') sendmsg$TIPC_NL_PUBL_GET(r5, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x28, r6, 0x1, 0x70bd27, 0x25dfdbfd, {}, [@TIPC_NLA_LINK={0x10, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}]}, @TIPC_NLA_BEARER={0x4}]}, 0x28}, 0x1, 0x0, 0x0, 0x4015}, 0x20000080) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:33:52 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/netlink\x00') preadv(r3, &(0x7f00000017c0), 0x375, 0x900, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) [ 2224.306245][T28198] syz-executor.0 invoked oom-killer: gfp_mask=0x1100dca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO|0x1000000), order=0, oom_score_adj=1000 [ 2224.320522][T28198] CPU: 1 PID: 28198 Comm: syz-executor.0 Not tainted 5.4.56-syzkaller-00005-g8555f0d9d303 #0 [ 2224.330691][T28198] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2224.340842][T28198] Call Trace: [ 2224.344140][T28198] dump_stack+0x14a/0x1ce [ 2224.348458][T28198] ? devkmsg_release+0x11c/0x11c [ 2224.353413][T28198] ? show_regs_print_info+0x12/0x12 [ 2224.358606][T28198] ? radix_tree_cpu_dead+0x160/0x160 [ 2224.363902][T28198] ? _raw_spin_lock+0xa1/0x170 [ 2224.368698][T28198] ? _raw_spin_trylock_bh+0x190/0x190 [ 2224.374208][T28198] dump_header+0xdb/0x700 [ 2224.378529][T28198] oom_kill_process+0xd3/0x280 [ 2224.383281][T28198] out_of_memory+0x5b6/0x890 [ 2224.387879][T28198] ? unregister_oom_notifier+0x20/0x20 [ 2224.393327][T28198] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2224.398873][T28198] ? get_page_from_freelist+0x7c0/0x7c0 [ 2224.404403][T28198] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2224.409760][T28198] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2224.415303][T28198] ? mem_cgroup_commit_charge+0x1cc/0x2a0 [ 2224.421008][T28198] ? mem_cgroup_try_charge_delay+0x10/0x10 [ 2224.426802][T28198] ? __lru_cache_add+0x1a1/0x1f0 [ 2224.431724][T28198] wp_page_copy+0x1cb/0x1120 [ 2224.436363][T28198] ? add_mm_rss_vec+0x270/0x270 [ 2224.441195][T28198] ? vm_normal_page+0x1c9/0x1d0 [ 2224.446029][T28198] do_wp_page+0x4c1/0x1530 [ 2224.450424][T28198] ? push_rt_tasks+0x4f8/0x670 [ 2224.455166][T28198] ? _raw_spin_lock+0xa1/0x170 [ 2224.459908][T28198] ? do_swap_page+0x1560/0x1560 [ 2224.464739][T28198] handle_mm_fault+0xfa5/0x41e0 [ 2224.469576][T28198] ? finish_fault+0x230/0x230 [ 2224.474244][T28198] ? push_rt_tasks+0x4f8/0x670 [ 2224.478991][T28198] ? down_read_trylock+0x17a/0x1d0 [ 2224.484113][T28198] ? vmacache_find+0x3a2/0x4b0 [ 2224.488863][T28198] do_user_addr_fault+0x48a/0x9f0 [ 2224.493889][T28198] page_fault+0x2f/0x40 [ 2224.498031][T28198] RIP: 0010:copy_user_enhanced_fast_string+0xe/0x30 [ 2224.504601][T28198] Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 89 d1 f3 a4 [ 2224.524185][T28198] RSP: 0018:ffff88800984f888 EFLAGS: 00010206 [ 2224.530243][T28198] RAX: ffffffff81f80e01 RBX: 000000002052d500 RCX: 0000000000000500 [ 2224.538237][T28198] RDX: 0000000000001000 RSI: ffff88810deacb00 RDI: 000000002052d000 [ 2224.546189][T28198] RBP: ffff88800984fda8 R08: dffffc0000000000 R09: ffffed1021bd5a00 [ 2224.554387][T28198] R10: 0000000000000000 R11: 0000000000000000 R12: 00007ffffffff000 [ 2224.562349][T28198] R13: 0000000000001000 R14: ffff88810deac000 R15: 000000002052c500 [ 2224.570319][T28198] ? _copy_to_iter+0x1021/0x1060 [ 2224.575248][T28198] copyout+0x8e/0xb0 [ 2224.579123][T28198] copy_page_to_iter+0x393/0xbd0 [ 2224.584088][T28198] pipe_to_user+0xa3/0x130 [ 2224.588547][T28198] __splice_from_pipe+0x2d3/0x870 [ 2224.593564][T28198] ? user_page_pipe_buf_steal+0xc0/0xc0 [ 2224.599123][T28198] do_vmsplice+0x252/0xee0 [ 2224.603616][T28198] ? avc_ss_reset+0x3a0/0x3a0 [ 2224.608303][T28198] ? write_pipe_buf+0x1d0/0x1d0 [ 2224.613143][T28198] ? __rcu_read_lock+0x50/0x50 [ 2224.617891][T28198] ? check_stack_object+0x5a/0x90 [ 2224.622906][T28198] ? _copy_from_user+0xa4/0xe0 [ 2224.627659][T28198] ? rw_copy_check_uvector+0x2b3/0x310 [ 2224.633120][T28198] ? import_iovec+0x1c2/0x380 [ 2224.637783][T28198] ? dup_iter+0x110/0x110 [ 2224.642105][T28198] ? do_vfs_ioctl+0x780/0x1750 [ 2224.646979][T28198] __se_sys_vmsplice+0x1fb/0x300 [ 2224.651917][T28198] ? __x64_sys_vmsplice+0xa0/0xa0 [ 2224.656929][T28198] ? put_timespec64+0x109/0x150 [ 2224.661768][T28198] ? __x64_sys_clock_gettime+0x20d/0x260 [ 2224.667393][T28198] ? __ia32_sys_clock_settime+0x2a0/0x2a0 [ 2224.673116][T28198] do_syscall_64+0xcb/0x150 [ 2224.677605][T28198] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2224.683542][T28198] RIP: 0033:0x45ccd9 [ 2224.687454][T28198] Code: 2d b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb b5 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2224.707039][T28198] RSP: 002b:00007fde41c07c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000116 [ 2224.715584][T28198] RAX: ffffffffffffffda RBX: 0000000000035780 RCX: 000000000045ccd9 [ 2224.723535][T28198] RDX: 0000000000000001 RSI: 0000000020000000 RDI: 0000000000000004 [ 2224.731484][T28198] RBP: 000000000078c088 R08: 0000000000000000 R09: 0000000000000000 [ 2224.739438][T28198] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078c04c [ 2224.747392][T28198] R13: 00007ffc21977a6f R14: 00007fde41c089c0 R15: 000000000078c04c [ 2224.756054][T28198] Mem-Info: [ 2224.759321][T28198] active_anon:1412843 inactive_anon:9707 isolated_anon:0 [ 2224.759321][T28198] active_file:29 inactive_file:54 isolated_file:0 [ 2224.759321][T28198] unevictable:363 dirty:29 writeback:10 unstable:0 [ 2224.759321][T28198] slab_reclaimable:10285 slab_unreclaimable:79255 [ 2224.759321][T28198] mapped:58214 shmem:9776 pagetables:37646 bounce:0 [ 2224.759321][T28198] free:9620 free_pcp:1072 free_cma:0 [ 2224.797320][T28198] Node 0 active_anon:5651372kB inactive_anon:38828kB active_file:116kB inactive_file:88kB unevictable:1452kB isolated(anon):0kB isolated(file):128kB mapped:232856kB dirty:116kB writeback:40kB shmem:39104kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2224.822174][T28198] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2224.848281][T28198] lowmem_reserve[]: 0 2912 6416 6416 [ 2224.853619][T28198] DMA32 free:17208kB min:4644kB low:7624kB high:10604kB active_anon:2827516kB inactive_anon:5352kB active_file:428kB inactive_file:0kB unevictable:0kB writepending:68kB present:3129332kB managed:2983768kB mlocked:0kB kernel_stack:16000kB pagetables:22400kB bounce:0kB free_pcp:1724kB local_pcp:672kB free_cma:0kB [ 2224.883083][T28198] lowmem_reserve[]: 0 0 3504 3504 [ 2224.888223][T28198] Normal free:5372kB min:5592kB low:9180kB high:12768kB active_anon:2823644kB inactive_anon:33476kB active_file:192kB inactive_file:248kB unevictable:1452kB writepending:144kB present:4718592kB managed:3588928kB mlocked:1452kB kernel_stack:29760kB pagetables:128204kB bounce:0kB free_pcp:2648kB local_pcp:1272kB free_cma:0kB [ 2224.918537][T28198] lowmem_reserve[]: 0 0 0 0 [ 2224.923024][T28198] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2224.936347][T28198] DMA32: 5*4kB (UH) 3*8kB (UMH) 33*16kB (UM) 22*32kB (MH) 31*64kB (UMH) 39*128kB (M) 8*256kB (M) 3*512kB (M) 3*1024kB (UM) 1*2048kB (U) 0*4096kB = 16956kB [ 2224.951924][T28198] Normal: 288*4kB (UME) 33*8kB (UME) 13*16kB (UME) 10*32kB (UM) 10*64kB (UM) 24*128kB (UM) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 5656kB [ 2224.966448][T28198] 10146 total pagecache pages [ 2224.971100][T28198] 0 pages in swap cache [ 2224.975277][T28198] Swap cache stats: add 0, delete 0, find 0/0 [ 2224.981328][T28198] Free swap = 0kB [ 2224.985062][T28198] Total swap = 0kB [ 2224.988878][T28198] 1965979 pages RAM [ 2224.992663][T28198] 0 pages HighMem/MovableOnly [ 2224.997380][T28198] 318829 pages reserved [ 2225.001545][T28198] 0 pages cma reserved [ 2225.005612][T28198] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.2,pid=14772,uid=0 [ 2225.019745][T28198] Out of memory: Killed process 14772 (syz-executor.2) total-vm:75240kB, anon-rss:14576kB, file-rss:35856kB, shmem-rss:0kB, UID:0 pgtables:156kB oom_score_adj:1000 [ 2225.066888][ T23] oom_reaper: reaped process 14772 (syz-executor.2), now anon-rss:0kB, file-rss:34824kB, shmem-rss:0kB 21:33:53 executing program 2: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, 0x0) preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:33:53 executing program 3: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:33:53 executing program 5: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x6, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x0) [ 2225.656841][T28216] syz-executor.3 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 2225.669152][T28216] CPU: 1 PID: 28216 Comm: syz-executor.3 Not tainted 5.4.56-syzkaller-00005-g8555f0d9d303 #0 [ 2225.679303][T28216] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2225.689345][T28216] Call Trace: [ 2225.692623][T28216] dump_stack+0x14a/0x1ce [ 2225.696983][T28216] ? devkmsg_release+0x11c/0x11c [ 2225.701946][T28216] ? show_regs_print_info+0x12/0x12 [ 2225.707126][T28216] ? radix_tree_cpu_dead+0x160/0x160 [ 2225.712401][T28216] ? _raw_spin_lock+0xa1/0x170 [ 2225.717159][T28216] ? _raw_spin_trylock_bh+0x190/0x190 [ 2225.722543][T28216] dump_header+0xdb/0x700 [ 2225.726863][T28216] oom_kill_process+0xd3/0x280 [ 2225.731623][T28216] out_of_memory+0x5b6/0x890 [ 2225.736224][T28216] ? unregister_oom_notifier+0x20/0x20 [ 2225.741668][T28216] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2225.747196][T28216] ? get_page_from_freelist+0x7c0/0x7c0 [ 2225.752735][T28216] ? __zone_watermark_ok+0x91/0x280 [ 2225.757912][T28216] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2225.763268][T28216] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2225.768794][T28216] ? copy_process+0x5a4/0x5110 [ 2225.773536][T28216] ? kmem_cache_alloc+0x1d5/0x260 [ 2225.778543][T28216] copy_process+0x5f3/0x5110 [ 2225.783136][T28216] ? mem_cgroup_commit_charge+0x1cc/0x2a0 [ 2225.788861][T28216] ? _raw_spin_lock+0xa1/0x170 [ 2225.793605][T28216] ? mem_cgroup_try_charge_delay+0x10/0x10 [ 2225.799390][T28216] ? __lru_cache_add+0x1a1/0x1f0 [ 2225.804315][T28216] ? fork_idle+0x290/0x290 [ 2225.808719][T28216] _do_fork+0x196/0x920 [ 2225.812862][T28216] ? finish_fault+0x230/0x230 [ 2225.817535][T28216] ? up_write+0xa1/0x190 [ 2225.821783][T28216] ? dup_mm+0x300/0x300 [ 2225.825922][T28216] __x64_sys_clone+0x25e/0x2c0 [ 2225.830669][T28216] ? __ia32_sys_vfork+0x110/0x110 [ 2225.835690][T28216] ? do_user_addr_fault+0x55c/0x9f0 [ 2225.840882][T28216] do_syscall_64+0xcb/0x150 [ 2225.845375][T28216] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2225.851256][T28216] RIP: 0033:0x45f6a9 [ 2225.855142][T28216] Code: ff 48 85 f6 0f 84 57 8c fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c 2e 8c fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 2225.874725][T28216] RSP: 002b:00007ffd7c796528 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 2225.883120][T28216] RAX: ffffffffffffffda RBX: 00007fbf5a9d1700 RCX: 000000000045f6a9 [ 2225.891787][T28216] RDX: 00007fbf5a9d19d0 RSI: 00007fbf5a9d0db0 RDI: 00000000003d0f00 [ 2225.899745][T28216] RBP: 00007ffd7c796750 R08: 00007fbf5a9d1700 R09: 00007fbf5a9d1700 [ 2225.907699][T28216] R10: 00007fbf5a9d19d0 R11: 0000000000000202 R12: 0000000000000000 [ 2225.915650][T28216] R13: 00007ffd7c7965df R14: 00007fbf5a9d19c0 R15: 000000000078c0ec [ 2225.926207][T28216] Mem-Info: [ 2225.929971][T28216] active_anon:1410041 inactive_anon:9707 isolated_anon:0 [ 2225.929971][T28216] active_file:84 inactive_file:207 isolated_file:0 [ 2225.929971][T28216] unevictable:363 dirty:31 writeback:0 unstable:0 [ 2225.929971][T28216] slab_reclaimable:10282 slab_unreclaimable:79194 [ 2225.929971][T28216] mapped:58308 shmem:9776 pagetables:37534 bounce:0 [ 2225.929971][T28216] free:13304 free_pcp:61 free_cma:0 [ 2225.968163][T28216] Node 0 active_anon:5640200kB inactive_anon:38828kB active_file:316kB inactive_file:340kB unevictable:1452kB isolated(anon):0kB isolated(file):0kB mapped:232996kB dirty:120kB writeback:36kB shmem:39104kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 2225.993561][T28216] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2226.019970][T28216] lowmem_reserve[]: 0 2912 6416 6416 [ 2226.026042][T28216] DMA32 free:25256kB min:4644kB low:7624kB high:10604kB active_anon:2822388kB inactive_anon:5352kB active_file:136kB inactive_file:216kB unevictable:0kB writepending:4kB present:3129332kB managed:2983768kB mlocked:0kB kernel_stack:15648kB pagetables:22268kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2226.055426][T28216] lowmem_reserve[]: 0 0 3504 3504 [ 2226.060851][T28216] Normal free:9820kB min:5592kB low:9180kB high:12768kB active_anon:2817968kB inactive_anon:33476kB active_file:644kB inactive_file:2744kB unevictable:1452kB writepending:0kB present:4718592kB managed:3588928kB mlocked:1452kB kernel_stack:29920kB pagetables:128068kB bounce:0kB free_pcp:572kB local_pcp:204kB free_cma:0kB [ 2226.091417][T28216] lowmem_reserve[]: 0 0 0 0 [ 2226.096260][T28216] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2226.110162][T28216] DMA32: 87*4kB (MH) 167*8kB (UMH) 173*16kB (UMH) 95*32kB (UMH) 42*64kB (UMH) 40*128kB (MH) 10*256kB (MH) 3*512kB (M) 3*1024kB (UM) 1*2048kB (U) 0*4096kB = 24516kB [ 2226.126984][T28216] Normal: 29*4kB (M) 59*8kB (UM) 25*16kB (M) 77*32kB (UM) 21*64kB (UM) 26*128kB (UM) 3*256kB (UM) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8892kB [ 2226.142048][T28216] 11458 total pagecache pages [ 2226.147086][T28216] 0 pages in swap cache [ 2226.151592][T28216] Swap cache stats: add 0, delete 0, find 0/0 [ 2226.157945][T28216] Free swap = 0kB [ 2226.161840][T28216] Total swap = 0kB [ 2226.165774][T28216] 1965979 pages RAM [ 2226.169801][T28216] 0 pages HighMem/MovableOnly [ 2226.174769][T28216] 318829 pages reserved [ 2226.179090][T28216] 0 pages cma reserved [ 2226.183355][T28216] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.5,pid=28217,uid=0 [ 2226.197810][T28216] Out of memory: Killed process 28217 (syz-executor.5) total-vm:75240kB, anon-rss:15752kB, file-rss:35756kB, shmem-rss:0kB, UID:0 pgtables:160kB oom_score_adj:1000 [ 2226.219020][ T23] oom_reaper: reaped process 28217 (syz-executor.5), now anon-rss:0kB, file-rss:34820kB, shmem-rss:0kB 21:33:54 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/netlink\x00') preadv(r3, &(0x7f00000017c0), 0x375, 0x900, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) 21:33:55 executing program 3: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, 0x0, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:33:55 executing program 5: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x7, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x0) 21:33:55 executing program 2: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) [ 2228.176877][T28244] syz-executor.2 invoked oom-killer: gfp_mask=0x1100dca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO|0x1000000), order=0, oom_score_adj=1000 [ 2228.190505][T28244] CPU: 1 PID: 28244 Comm: syz-executor.2 Not tainted 5.4.56-syzkaller-00005-g8555f0d9d303 #0 [ 2228.200652][T28244] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2228.210706][T28244] Call Trace: [ 2228.213979][T28244] dump_stack+0x14a/0x1ce [ 2228.218292][T28244] ? devkmsg_release+0x11c/0x11c [ 2228.223250][T28244] ? show_regs_print_info+0x12/0x12 [ 2228.228446][T28244] ? radix_tree_cpu_dead+0x160/0x160 [ 2228.234593][T28244] ? _raw_spin_lock+0xa1/0x170 [ 2228.239348][T28244] ? _raw_spin_trylock_bh+0x190/0x190 [ 2228.244716][T28244] dump_header+0xdb/0x700 [ 2228.249056][T28244] oom_kill_process+0xd3/0x280 [ 2228.253835][T28244] out_of_memory+0x5b6/0x890 [ 2228.258408][T28244] ? unregister_oom_notifier+0x20/0x20 [ 2228.263880][T28244] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2228.269436][T28244] ? get_page_from_freelist+0x7c0/0x7c0 [ 2228.274975][T28244] ? flush_tlb_func_common+0x45/0x580 [ 2228.280337][T28244] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2228.285705][T28244] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2228.291256][T28244] ? mem_cgroup_commit_charge+0x1cc/0x2a0 [ 2228.296970][T28244] ? mem_cgroup_try_charge_delay+0x10/0x10 [ 2228.302778][T28244] ? __lru_cache_add+0x1a1/0x1f0 [ 2228.307722][T28244] wp_page_copy+0x1cb/0x1120 [ 2228.312316][T28244] ? add_mm_rss_vec+0x270/0x270 [ 2228.317184][T28244] ? vm_normal_page+0x1c9/0x1d0 [ 2228.322028][T28244] do_wp_page+0x4c1/0x1530 [ 2228.326433][T28244] ? push_rt_tasks+0x4f8/0x670 [ 2228.331191][T28244] ? _raw_spin_lock+0xa1/0x170 [ 2228.336927][T28244] ? do_swap_page+0x1560/0x1560 [ 2228.341772][T28244] handle_mm_fault+0xfa5/0x41e0 [ 2228.346611][T28244] ? finish_fault+0x230/0x230 [ 2228.351277][T28244] ? down_read_trylock+0x17a/0x1d0 [ 2228.356390][T28244] ? vmacache_find+0x47a/0x4b0 [ 2228.361168][T28244] do_user_addr_fault+0x48a/0x9f0 [ 2228.366195][T28244] page_fault+0x2f/0x40 [ 2228.370348][T28244] RIP: 0010:copy_user_enhanced_fast_string+0xe/0x30 [ 2228.376918][T28244] Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 89 d1 f3 a4 [ 2228.396511][T28244] RSP: 0018:ffff88810eb6f888 EFLAGS: 00010206 [ 2228.402570][T28244] RAX: ffffffff81f80e01 RBX: 0000000020ba5500 RCX: 0000000000000500 [ 2228.410554][T28244] RDX: 0000000000001000 RSI: ffff888122010b00 RDI: 0000000020ba5000 [ 2228.418616][T28244] RBP: ffff88810eb6fda8 R08: dffffc0000000000 R09: ffffed1024402200 [ 2228.426570][T28244] R10: 0000000000000000 R11: 0000000000000000 R12: 00007ffffffff000 [ 2228.434531][T28244] R13: 0000000000001000 R14: ffff888122010000 R15: 0000000020ba4500 [ 2228.442503][T28244] ? _copy_to_iter+0x1021/0x1060 [ 2228.447471][T28244] copyout+0x8e/0xb0 [ 2228.451365][T28244] copy_page_to_iter+0x393/0xbd0 [ 2228.456297][T28244] pipe_to_user+0xa3/0x130 [ 2228.460743][T28244] __splice_from_pipe+0x2d3/0x870 [ 2228.465791][T28244] ? user_page_pipe_buf_steal+0xc0/0xc0 [ 2228.471326][T28244] do_vmsplice+0x252/0xee0 [ 2228.475749][T28244] ? avc_ss_reset+0x3a0/0x3a0 [ 2228.480425][T28244] ? write_pipe_buf+0x1d0/0x1d0 [ 2228.485296][T28244] ? __rcu_read_lock+0x50/0x50 [ 2228.490098][T28244] ? check_stack_object+0x5a/0x90 [ 2228.495116][T28244] ? _copy_from_user+0xa4/0xe0 [ 2228.499871][T28244] ? rw_copy_check_uvector+0x2b3/0x310 [ 2228.505391][T28244] ? import_iovec+0x1c2/0x380 [ 2228.510061][T28244] ? dup_iter+0x110/0x110 [ 2228.514390][T28244] ? do_vfs_ioctl+0x780/0x1750 [ 2228.519150][T28244] __se_sys_vmsplice+0x1fb/0x300 [ 2228.524076][T28244] ? __x64_sys_vmsplice+0xa0/0xa0 [ 2228.529091][T28244] ? put_timespec64+0x109/0x150 [ 2228.533951][T28244] ? __x64_sys_clock_gettime+0x20d/0x260 [ 2228.539572][T28244] ? __ia32_sys_clock_settime+0x2a0/0x2a0 [ 2228.545279][T28244] do_syscall_64+0xcb/0x150 [ 2228.549794][T28244] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2228.555672][T28244] RIP: 0033:0x45ccd9 [ 2228.559656][T28244] Code: 2d b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb b5 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2228.580219][T28244] RSP: 002b:00007fddb5d87c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000116 [ 2228.588622][T28244] RAX: ffffffffffffffda RBX: 0000000000035780 RCX: 000000000045ccd9 [ 2228.596597][T28244] RDX: 0000000000000001 RSI: 0000000020000000 RDI: 0000000000000004 [ 2228.604574][T28244] RBP: 000000000078c088 R08: 0000000000000000 R09: 0000000000000000 [ 2228.612546][T28244] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078c04c [ 2228.620517][T28244] R13: 00007ffdfaf6b1cf R14: 00007fddb5d889c0 R15: 000000000078c04c [ 2228.628744][T28244] Mem-Info: [ 2228.631998][T28244] active_anon:1412854 inactive_anon:9707 isolated_anon:0 [ 2228.631998][T28244] active_file:28 inactive_file:91 isolated_file:0 [ 2228.631998][T28244] unevictable:363 dirty:22 writeback:0 unstable:0 [ 2228.631998][T28244] slab_reclaimable:10289 slab_unreclaimable:79327 [ 2228.631998][T28244] mapped:58242 shmem:9776 pagetables:37584 bounce:0 [ 2228.631998][T28244] free:10103 free_pcp:481 free_cma:0 [ 2228.670598][T28244] Node 0 active_anon:5651500kB inactive_anon:38828kB active_file:280kB inactive_file:464kB unevictable:1452kB isolated(anon):0kB isolated(file):0kB mapped:232864kB dirty:36kB writeback:60kB shmem:39104kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 2228.695349][T28244] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2228.721619][T28244] lowmem_reserve[]: 0 2912 6416 6416 [ 2228.727383][T28244] DMA32 free:19144kB min:4644kB low:7624kB high:10604kB active_anon:2827460kB inactive_anon:5352kB active_file:604kB inactive_file:628kB unevictable:0kB writepending:0kB present:3129332kB managed:2983768kB mlocked:0kB kernel_stack:15648kB pagetables:22364kB bounce:0kB free_pcp:652kB local_pcp:292kB free_cma:0kB [ 2228.757879][T28244] lowmem_reserve[]: 0 0 3504 3504 [ 2228.763327][T28244] Normal free:4380kB min:5592kB low:9180kB high:12768kB active_anon:2823740kB inactive_anon:33476kB active_file:244kB inactive_file:320kB unevictable:1452kB writepending:96kB present:4718592kB managed:3588928kB mlocked:1452kB kernel_stack:29920kB pagetables:127984kB bounce:0kB free_pcp:1332kB local_pcp:1260kB free_cma:0kB [ 2228.793898][T28244] lowmem_reserve[]: 0 0 0 0 [ 2228.798443][T28244] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2228.811779][T28244] DMA32: 4*4kB (UMH) 4*8kB (UMH) 58*16kB (UMH) 14*32kB (MH) 45*64kB (MH) 42*128kB (MH) 11*256kB (MH) 4*512kB (MH) 2*1024kB (M) 1*2048kB (H) 0*4096kB = 18640kB [ 2228.827803][T28244] Normal: 76*4kB (UME) 19*8kB (UME) 7*16kB (UME) 1*32kB (M) 21*64kB (UM) 21*128kB (UM) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 4632kB [ 2228.841992][T28244] 10303 total pagecache pages [ 2228.846705][T28244] 0 pages in swap cache [ 2228.850857][T28244] Swap cache stats: add 0, delete 0, find 0/0 [ 2228.856927][T28244] Free swap = 0kB [ 2228.860641][T28244] Total swap = 0kB [ 2228.864362][T28244] 1965979 pages RAM [ 2228.868186][T28244] 0 pages HighMem/MovableOnly [ 2228.872855][T28244] 318829 pages reserved [ 2228.877016][T28244] 0 pages cma reserved [ 2228.881076][T28244] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.1,pid=19990,uid=0 [ 2228.895226][T28244] Out of memory: Killed process 19990 (syz-executor.1) total-vm:75240kB, anon-rss:14132kB, file-rss:35776kB, shmem-rss:0kB, UID:0 pgtables:160kB oom_score_adj:1000 [ 2228.933526][ T23] oom_reaper: reaped process 19990 (syz-executor.1), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 2229.070134][ T144] systemd-journal invoked oom-killer: gfp_mask=0x40cc0(GFP_KERNEL|__GFP_COMP), order=1, oom_score_adj=0 [ 2229.092931][ T144] CPU: 1 PID: 144 Comm: systemd-journal Not tainted 5.4.56-syzkaller-00005-g8555f0d9d303 #0 [ 2229.103016][ T144] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2229.113069][ T144] Call Trace: [ 2229.116346][ T144] dump_stack+0x14a/0x1ce [ 2229.120653][ T144] ? devkmsg_release+0x11c/0x11c [ 2229.125581][ T144] ? show_regs_print_info+0x12/0x12 [ 2229.130753][ T144] ? radix_tree_cpu_dead+0x160/0x160 [ 2229.136014][ T144] ? _raw_spin_lock+0xa1/0x170 [ 2229.140753][ T144] ? _raw_spin_trylock_bh+0x190/0x190 [ 2229.146109][ T144] dump_header+0xdb/0x700 [ 2229.150429][ T144] oom_kill_process+0xd3/0x280 [ 2229.155326][ T144] out_of_memory+0x5b6/0x890 [ 2229.159946][ T144] ? unregister_oom_notifier+0x20/0x20 [ 2229.165409][ T144] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2229.171081][ T144] ? get_page_from_freelist+0x7c0/0x7c0 [ 2229.176633][ T144] ? __zone_watermark_ok+0x91/0x280 [ 2229.181816][ T144] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2229.187191][ T144] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2229.192721][ T144] ? __secure_computing+0x250/0x250 [ 2229.197912][ T144] alloc_slab_page+0x3a/0x3a0 [ 2229.202580][ T144] ? __perf_event_task_sched_in+0x4f7/0x560 [ 2229.208477][ T144] new_slab+0x408/0x450 [ 2229.212626][ T144] ___slab_alloc+0x2e0/0x450 [ 2229.217210][ T144] ? switch_mm+0x100/0x100 [ 2229.221613][ T144] ? getname_flags+0xb8/0x610 [ 2229.226298][ T144] ? getname_flags+0xb8/0x610 [ 2229.230957][ T144] kmem_cache_alloc+0x23f/0x260 [ 2229.235813][ T144] ? __secure_computing+0x1b6/0x250 [ 2229.240987][ T144] getname_flags+0xb8/0x610 [ 2229.245481][ T144] do_mkdirat+0xa1/0x310 [ 2229.254131][ T144] ? do_syscall_64+0x150/0x150 [ 2229.258885][ T144] ? vfs_mkdir+0x30/0x30 [ 2229.263117][ T144] do_syscall_64+0xcb/0x150 [ 2229.267598][ T144] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2229.273467][ T144] RIP: 0033:0x7ff88f45b687 [ 2229.277872][ T144] Code: Bad RIP value. [ 2229.281910][ T144] RSP: 002b:00007fff7a6210d8 EFLAGS: 00000293 ORIG_RAX: 0000000000000053 [ 2229.290386][ T144] RAX: ffffffffffffffda RBX: 00007fff7a624140 RCX: 00007ff88f45b687 [ 2229.298361][ T144] RDX: 0000000000000000 RSI: 00000000000001ed RDI: 0000560bc4dba8c0 [ 2229.307039][ T144] RBP: 00007fff7a621110 R08: 0000560bc37af3e5 R09: 0000000000000018 [ 2229.315006][ T144] R10: 0000000000000069 R11: 0000000000000293 R12: 0000000000000000 [ 2229.322969][ T144] R13: 0000000000000001 R14: 0000560bc4dba8c0 R15: 00007fff7a621750 [ 2229.332378][ T144] Mem-Info: [ 2229.335983][ T144] active_anon:1406427 inactive_anon:9707 isolated_anon:0 [ 2229.335983][ T144] active_file:228 inactive_file:818 isolated_file:0 [ 2229.335983][ T144] unevictable:363 dirty:6 writeback:0 unstable:0 [ 2229.335983][ T144] slab_reclaimable:10289 slab_unreclaimable:79474 [ 2229.335983][ T144] mapped:58754 shmem:9776 pagetables:37587 bounce:0 [ 2229.335983][ T144] free:15376 free_pcp:706 free_cma:0 [ 2229.375350][ T144] Node 0 active_anon:5625708kB inactive_anon:38828kB active_file:1012kB inactive_file:3572kB unevictable:1452kB isolated(anon):0kB isolated(file):0kB mapped:235116kB dirty:24kB writeback:0kB shmem:39104kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2229.400113][ T144] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2229.426342][ T144] lowmem_reserve[]: 0 2912 6416 6416 [ 2229.431818][ T144] DMA32 free:36040kB min:4644kB low:7624kB high:10604kB active_anon:2810452kB inactive_anon:5352kB active_file:408kB inactive_file:300kB unevictable:0kB writepending:0kB present:3129332kB managed:2983768kB mlocked:0kB kernel_stack:15648kB pagetables:22364kB bounce:0kB free_pcp:1636kB local_pcp:320kB free_cma:0kB [ 2229.461391][ T144] lowmem_reserve[]: 0 0 3504 3504 [ 2229.466592][ T144] Normal free:9668kB min:5592kB low:9180kB high:12768kB active_anon:2815220kB inactive_anon:33476kB active_file:528kB inactive_file:4436kB unevictable:1452kB writepending:96kB present:4718592kB managed:3588928kB mlocked:1452kB kernel_stack:29632kB pagetables:127984kB bounce:0kB free_pcp:368kB local_pcp:252kB free_cma:0kB [ 2229.496984][ T144] lowmem_reserve[]: 0 0 0 0 [ 2229.501670][ T144] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2229.515227][ T144] DMA32: 439*4kB (UMH) 237*8kB (MH) 201*16kB (UMH) 154*32kB (UMH) 81*64kB (MH) 75*128kB (MH) 12*256kB (UMH) 6*512kB (UMH) 1*1024kB (M) 1*2048kB (H) 0*4096kB = 35796kB [ 2229.532019][ T144] Normal: 601*4kB (MEH) 117*8kB (MEH) 52*16kB (MEH) 40*32kB (MH) 20*64kB (MH) 19*128kB (M) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 9164kB [ 2229.546761][ T144] 11975 total pagecache pages [ 2229.551594][ T144] 0 pages in swap cache [ 2229.555878][ T144] Swap cache stats: add 0, delete 0, find 0/0 [ 2229.562114][ T144] Free swap = 0kB [ 2229.566004][ T144] Total swap = 0kB 21:33:57 executing program 2: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:33:57 executing program 5: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x8, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x0) 21:33:57 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, 0x0, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/netlink\x00') preadv(r3, &(0x7f00000017c0), 0x375, 0x900, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) 21:33:57 executing program 0: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$sock_inet6_tcp_SIOCOUTQNSD(r2, 0x894b, &(0x7f00000000c0)) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0xffffffffffffffff, 0x3, 0x10}, 0xc) vmsplice(0xffffffffffffffff, &(0x7f0000000800)=[{&(0x7f00000001c0)="d714fee6ae16b1cfdb1a54a32214c385ff317aea91ff573103e0c2142d66405b336382931fc685f6aec05f083f4bc8375f98d5d769a1f17f55358542a6c802bc70099c46ea98d9a853d1b96ad5901c60ad67", 0x52}, {&(0x7f0000000300)="8c871d0d1a51c19ca2199863469d21f0b72e495bed6c7ff29ec37bfe62644dd04d8d3af3593e544c4482750c888a1ac14753c6aa0658e48ecf4f08e1398d81cab051c2467d7c7eabcab4aa147aee03364246110526f8441c1a8fbf3568d840ee903535dd08b7a9835a28e6", 0x6b}, {&(0x7f0000000380)="0036858d0e219fe28f9bc2f4b19aad36b7186bfcd86e018c684717288f0974e2fe861047538acc0886179a8086bf019aaa8a78b5d010fcd29689c48879c2aaac43db6024cfe3a912b15cf609e6a67b563526ac1b1a91474b27b38552c6498db376525ce315998de2c9f84dfeed58041ca52d324b6f0f9cff6de1b022f84661d6422b1090ccd75cf0b55b528a12459049c37019f3a9ee4beb1c1bbe90cdf414af6270", 0xa2}, {&(0x7f0000000440)="bf23ed1c174158ecf146e69c6c8f37781d50be18ed442fb0ffb9f6b4a01ba0770b00dd07e6c17e5189940003ee52c9a1bd2d0d2ca205bb9519bd87b793d297cc9eef10364b39c7d01d289b46b905e05595c1b4a502c730d4b44c9b43d13a01ddf02e229db443024699764d076a55a4af5cef488931eb4e210a6a", 0x7a}, {&(0x7f00000004c0)="8110ecac5851e60182f60b9f89dc8d588b46e927a79334ca95fdf945da105e7e44e4330501cdc41a43ac7d8d5ba3192839f29b3e72168d9deb950e95cec3f7469b7fe61c1b209018479f3e3285891e8f5330f640894130a38674d20963d08ddd54df6d71df", 0x65}, {&(0x7f0000000540)="305324a7c968e3f2bf8d1fd3ac1c211285a561264377f7da21e9cfc442ee0d30de4490fe6eff4062c87fe55a82381a83579c8c5074da0562f186e6397d58fe63b57b8e48d4915f55929bf6ad904384d0e97eef5a26dbea9bc8fa1c737698e3bdbe6569fcd302f2431bf0a4e7f0b1acd964d22b17bb498bfee74e3b430241a743c6422f36189a6b915f74f4372e826fe137b90ecf23910e4fbd1b4fb6b5d4d65880f42f5b97ece910b743566929d7fdb1b52d0a858d8c13d09f9d4b0f1febb04e595533611d1bfeefb47ac13bbdaa511e432a37fb305bd99fb648133a2002", 0xde}, {&(0x7f0000000640)="9d30bbcc86db624274ede7a88367a841d7a8b315830f2ed7a6bbc3491059ca230d33d4a40d5a059224ef694375889367aa16ce530c4344168e70c8e55e78181b6c4bdc7c799ea4f63b7a17106aa29383a48e1db1e5519c45dd18723d4c30688144f5916d190738ae60958239ea39ae86adc1ef1f17bc70e55e72539d459ed65bfbc37fa4e94b038f71e9685e93b3a24d8b5a", 0x92}, {&(0x7f0000000240)="723f2595b0c8d40dc8ed3151c371fe57b51b35606c8b011b2eeb737641e92dcd3a8631d67ff414366931608843a2cf267f60195ed97c", 0x36}, {&(0x7f0000000700)="dc13160dece24e80bca783e246795f233779864b3220d34518b0f4330dc4c5ee777e2e097ffd61ec39f0916aef5e5a5f94208ac3ae4838c52f4366a40383aa339d9eb4a89bda2bec5c722e2046398f85ea9e4c763190a3dc9b75c0cd62567ddaefc81d530ee4028b9feac62af1370890cb3fe4377272", 0x76}, {&(0x7f0000000780)="37b1cce3de73fc64ae2a0119a074bf3a23dc589537a082ea32c1d713a6d075a4cd3c1ea2b46ef0b7dc544e5861faf65c171bd2758008c96a02aa558a58030a7bfd04321f6fbf57247bbc2206f79cc46ced5f362b566bc391e6dd8ac97dec993abe0af03201ee901f8abda2384b04baa6a11b9ae9e4ff7fe46702bf167a", 0x7d}], 0xa, 0x4) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0xfff, 0x3, 0x4, 0x0, 0x4}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f0000000000)='pagemap\x00') read$char_usb(r4, 0x0, 0x7ffff000) ioctl$UI_SET_MSCBIT(r4, 0x40045568, 0xe) r5 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r5, &(0x7f00000017c0), 0x375, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:33:57 executing program 3: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, 0x0, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) [ 2229.569861][ T144] 1965979 pages RAM [ 2229.573812][ T144] 0 pages HighMem/MovableOnly [ 2229.578768][ T144] 318829 pages reserved [ 2229.583097][ T144] 0 pages cma reserved [ 2229.587359][ T144] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.5,pid=28238,uid=0 [ 2229.838157][T28271] syz-executor.3 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 2229.861508][T28271] CPU: 1 PID: 28271 Comm: syz-executor.3 Not tainted 5.4.56-syzkaller-00005-g8555f0d9d303 #0 [ 2229.871682][T28271] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2229.881718][T28271] Call Trace: [ 2229.884991][T28271] dump_stack+0x14a/0x1ce [ 2229.889340][T28271] ? devkmsg_release+0x11c/0x11c [ 2229.894267][T28271] ? show_regs_print_info+0x12/0x12 [ 2229.899454][T28271] ? radix_tree_cpu_dead+0x160/0x160 [ 2229.904721][T28271] ? _raw_spin_lock+0xa1/0x170 [ 2229.909489][T28271] ? _raw_spin_trylock_bh+0x190/0x190 [ 2229.914852][T28271] dump_header+0xdb/0x700 [ 2229.919174][T28271] oom_kill_process+0xd3/0x280 [ 2229.923921][T28271] out_of_memory+0x5b6/0x890 [ 2229.928488][T28271] ? unregister_oom_notifier+0x20/0x20 [ 2229.933932][T28271] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2229.939470][T28271] ? get_page_from_freelist+0x7c0/0x7c0 [ 2229.945011][T28271] ? __zone_watermark_ok+0x91/0x280 [ 2229.950207][T28271] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2229.955573][T28271] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2229.961121][T28271] ? copy_process+0x5a4/0x5110 [ 2229.965867][T28271] ? kmem_cache_alloc+0x1d5/0x260 [ 2229.970887][T28271] copy_process+0x5f3/0x5110 [ 2229.975481][T28271] ? mem_cgroup_commit_charge+0x1cc/0x2a0 [ 2229.981186][T28271] ? _raw_spin_lock+0xa1/0x170 [ 2229.985929][T28271] ? mem_cgroup_try_charge_delay+0x10/0x10 [ 2229.991745][T28271] ? __lru_cache_add+0x1a1/0x1f0 [ 2229.996685][T28271] ? fork_idle+0x290/0x290 [ 2230.001104][T28271] _do_fork+0x196/0x920 [ 2230.005267][T28271] ? finish_fault+0x230/0x230 [ 2230.009951][T28271] ? up_write+0xa1/0x190 [ 2230.015166][T28271] ? dup_mm+0x300/0x300 [ 2230.019313][T28271] __x64_sys_clone+0x25e/0x2c0 [ 2230.024195][T28271] ? __ia32_sys_vfork+0x110/0x110 [ 2230.029205][T28271] ? __fpregs_load_activate+0x2d3/0x390 [ 2230.034739][T28271] ? do_user_addr_fault+0x55c/0x9f0 [ 2230.039927][T28271] do_syscall_64+0xcb/0x150 [ 2230.044416][T28271] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2230.050298][T28271] RIP: 0033:0x45f6a9 [ 2230.054190][T28271] Code: ff 48 85 f6 0f 84 57 8c fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c 2e 8c fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 2230.073788][T28271] RSP: 002b:00007ffd7c796528 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 2230.082196][T28271] RAX: ffffffffffffffda RBX: 00007fbf5a9f2700 RCX: 000000000045f6a9 [ 2230.090146][T28271] RDX: 00007fbf5a9f29d0 RSI: 00007fbf5a9f1db0 RDI: 00000000003d0f00 [ 2230.098102][T28271] RBP: 00007ffd7c796750 R08: 00007fbf5a9f2700 R09: 00007fbf5a9f2700 [ 2230.106062][T28271] R10: 00007fbf5a9f29d0 R11: 0000000000000202 R12: 0000000000000000 [ 2230.114030][T28271] R13: 00007ffd7c7965df R14: 00007fbf5a9f29c0 R15: 000000000078c04c [ 2230.130601][T28271] Mem-Info: [ 2230.135960][T28271] active_anon:1410822 inactive_anon:9707 isolated_anon:0 [ 2230.135960][T28271] active_file:177 inactive_file:229 isolated_file:0 [ 2230.135960][T28271] unevictable:363 dirty:30 writeback:0 unstable:0 [ 2230.135960][T28271] slab_reclaimable:10289 slab_unreclaimable:79487 [ 2230.135960][T28271] mapped:58424 shmem:9776 pagetables:37669 bounce:0 [ 2230.135960][T28271] free:10874 free_pcp:793 free_cma:0 [ 2230.175424][T28271] Node 0 active_anon:5638488kB inactive_anon:38828kB active_file:1608kB inactive_file:2956kB unevictable:1452kB isolated(anon):0kB isolated(file):0kB mapped:236196kB dirty:120kB writeback:0kB shmem:39104kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2230.204928][T28271] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2230.235285][T28271] lowmem_reserve[]: 0 2912 6416 6416 [ 2230.240977][T28271] DMA32 free:23680kB min:8740kB low:11720kB high:14700kB active_anon:2819428kB inactive_anon:5352kB active_file:1272kB inactive_file:1120kB unevictable:0kB writepending:132kB present:3129332kB managed:2983768kB mlocked:0kB kernel_stack:16032kB pagetables:23052kB bounce:0kB free_pcp:1656kB local_pcp:504kB free_cma:0kB [ 2230.273056][T28271] lowmem_reserve[]: 0 0 3504 3504 [ 2230.278574][T28271] Normal free:11524kB min:13784kB low:17372kB high:20960kB active_anon:2819964kB inactive_anon:33476kB active_file:656kB inactive_file:480kB unevictable:1452kB writepending:88kB present:4718592kB managed:3588928kB mlocked:1452kB kernel_stack:29600kB pagetables:127624kB bounce:0kB free_pcp:244kB local_pcp:244kB free_cma:0kB [ 2230.309064][T28271] lowmem_reserve[]: 0 0 0 0 [ 2230.314354][T28271] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2230.328022][T28271] DMA32: 5*4kB (UH) 59*8kB (UMH) 69*16kB (UMH) 71*32kB (UMH) 38*64kB (UMH) 74*128kB (UMH) 11*256kB (UMH) 4*512kB (UMH) 0*1024kB 1*2048kB (H) 0*4096kB = 22684kB [ 2230.344345][T28271] Normal: 1204*4kB (UME) 114*8kB (UME) 70*16kB (UME) 27*32kB (UM) 20*64kB (UM) 18*128kB (UM) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 11296kB [ 2230.359465][T28271] 10347 total pagecache pages [ 2230.364290][T28271] 0 pages in swap cache [ 2230.368549][T28271] Swap cache stats: add 0, delete 0, find 0/0 [ 2230.374700][T28271] Free swap = 0kB [ 2230.378595][T28271] Total swap = 0kB [ 2230.382379][T28271] 1965979 pages RAM [ 2230.387540][T28271] 0 pages HighMem/MovableOnly [ 2230.392323][T28271] 318829 pages reserved [ 2230.396591][T28271] 0 pages cma reserved [ 2230.400691][T28271] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.0,pid=13490,uid=0 [ 2230.415036][T28271] Out of memory: Killed process 13490 (syz-executor.0) total-vm:75372kB, anon-rss:14036kB, file-rss:35840kB, shmem-rss:0kB, UID:0 pgtables:156kB oom_score_adj:1000 21:33:58 executing program 2: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:33:58 executing program 3: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, 0x0, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:33:58 executing program 5: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x9, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x0) 21:33:58 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, 0x0, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/netlink\x00') preadv(r3, &(0x7f00000017c0), 0x375, 0x900, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) [ 2230.962833][T28300] syz-executor.1 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 2230.975966][T28300] CPU: 0 PID: 28300 Comm: syz-executor.1 Not tainted 5.4.56-syzkaller-00005-g8555f0d9d303 #0 [ 2230.986122][T28300] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2230.996168][T28300] Call Trace: [ 2230.999452][T28300] dump_stack+0x14a/0x1ce [ 2231.003766][T28300] ? devkmsg_release+0x11c/0x11c [ 2231.008710][T28300] ? show_regs_print_info+0x12/0x12 [ 2231.013901][T28300] ? radix_tree_cpu_dead+0x160/0x160 [ 2231.019180][T28300] ? _raw_spin_lock+0xa1/0x170 [ 2231.023938][T28300] ? _raw_spin_trylock_bh+0x190/0x190 [ 2231.029306][T28300] dump_header+0xdb/0x700 [ 2231.033626][T28300] oom_kill_process+0xd3/0x280 [ 2231.039335][T28300] out_of_memory+0x5b6/0x890 [ 2231.043919][T28300] ? unregister_oom_notifier+0x20/0x20 [ 2231.049375][T28300] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2231.054920][T28300] ? get_page_from_freelist+0x7c0/0x7c0 [ 2231.060474][T28300] ? __zone_watermark_ok+0x91/0x280 [ 2231.065665][T28300] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2231.071039][T28300] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2231.076577][T28300] ? copy_process+0x5a4/0x5110 [ 2231.081329][T28300] ? kmem_cache_alloc+0x1d5/0x260 [ 2231.086344][T28300] copy_process+0x5f3/0x5110 [ 2231.090923][T28300] ? mem_cgroup_commit_charge+0x1cc/0x2a0 [ 2231.097584][T28300] ? _raw_spin_lock+0xa1/0x170 [ 2231.102350][T28300] ? mem_cgroup_try_charge_delay+0x10/0x10 [ 2231.108172][T28300] ? __lru_cache_add+0x1a1/0x1f0 [ 2231.113094][T28300] ? fork_idle+0x290/0x290 [ 2231.117496][T28300] _do_fork+0x196/0x920 [ 2231.121667][T28300] ? finish_fault+0x230/0x230 [ 2231.126383][T28300] ? up_write+0xa1/0x190 [ 2231.130615][T28300] ? dup_mm+0x300/0x300 [ 2231.134779][T28300] __x64_sys_clone+0x25e/0x2c0 [ 2231.139536][T28300] ? __ia32_sys_vfork+0x110/0x110 [ 2231.144553][T28300] ? do_user_addr_fault+0x55c/0x9f0 [ 2231.149743][T28300] do_syscall_64+0xcb/0x150 [ 2231.154242][T28300] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2231.160132][T28300] RIP: 0033:0x45f6a9 [ 2231.164014][T28300] Code: ff 48 85 f6 0f 84 57 8c fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c 2e 8c fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 2231.183607][T28300] RSP: 002b:00007ffee81ce378 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 2231.192006][T28300] RAX: ffffffffffffffda RBX: 00007f08e9583700 RCX: 000000000045f6a9 [ 2231.199985][T28300] RDX: 00007f08e95839d0 RSI: 00007f08e9582db0 RDI: 00000000003d0f00 [ 2231.208204][T28300] RBP: 00007ffee81ce5a0 R08: 00007f08e9583700 R09: 00007f08e9583700 [ 2231.216161][T28300] R10: 00007f08e95839d0 R11: 0000000000000202 R12: 0000000000000000 [ 2231.224116][T28300] R13: 00007ffee81ce42f R14: 00007f08e95839c0 R15: 000000000078c0ec [ 2231.241223][T28300] Mem-Info: [ 2231.245045][T28300] active_anon:1412038 inactive_anon:9707 isolated_anon:0 [ 2231.245045][T28300] active_file:31 inactive_file:189 isolated_file:0 [ 2231.245045][T28300] unevictable:363 dirty:0 writeback:0 unstable:0 [ 2231.245045][T28300] slab_reclaimable:10288 slab_unreclaimable:79476 [ 2231.245045][T28300] mapped:58300 shmem:9776 pagetables:37669 bounce:0 [ 2231.245045][T28300] free:10775 free_pcp:349 free_cma:0 [ 2231.283968][T28300] Node 0 active_anon:5648152kB inactive_anon:38828kB active_file:124kB inactive_file:1256kB unevictable:1452kB isolated(anon):0kB isolated(file):0kB mapped:233400kB dirty:0kB writeback:0kB shmem:39104kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2231.309443][T28300] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2231.336590][T28300] lowmem_reserve[]: 0 2912 6416 6416 [ 2231.348299][T28300] DMA32 free:19144kB min:4644kB low:7624kB high:10604kB active_anon:2825200kB inactive_anon:5352kB active_file:512kB inactive_file:404kB unevictable:0kB writepending:0kB present:3129332kB managed:2983768kB mlocked:0kB kernel_stack:15840kB pagetables:22732kB bounce:0kB free_pcp:684kB local_pcp:568kB free_cma:0kB [ 2231.377843][T28300] lowmem_reserve[]: 0 0 3504 3504 [ 2231.383739][T28300] Normal free:5580kB min:5592kB low:9180kB high:12768kB active_anon:2822472kB inactive_anon:33476kB active_file:220kB inactive_file:1152kB unevictable:1452kB writepending:0kB present:4718592kB managed:3588928kB mlocked:1452kB kernel_stack:29728kB pagetables:127944kB bounce:0kB free_pcp:528kB local_pcp:284kB free_cma:0kB [ 2231.417201][T28300] lowmem_reserve[]: 0 0 0 0 [ 2231.422228][T28300] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2231.436182][T28300] DMA32: 50*4kB (UH) 31*8kB (UMH) 34*16kB (UMH) 14*32kB (UMH) 20*64kB (UMH) 73*128kB (UMH) 12*256kB (UMH) 4*512kB (UMH) 0*1024kB 1*2048kB (H) 0*4096kB = 19232kB [ 2231.452402][T28300] Normal: 33*4kB (UE) 11*8kB (UME) 3*16kB (UE) 12*32kB (UM) 18*64kB (UM) 12*128kB (M) 7*256kB (M) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 5132kB [ 2231.476823][T28300] 10326 total pagecache pages [ 2231.481534][T28300] 0 pages in swap cache [ 2231.494509][T28300] Swap cache stats: add 0, delete 0, find 0/0 [ 2231.500609][T28300] Free swap = 0kB [ 2231.504325][T28300] Total swap = 0kB [ 2231.511884][T28300] 1965979 pages RAM [ 2231.515747][T28300] 0 pages HighMem/MovableOnly [ 2231.520419][T28300] 318829 pages reserved [ 2231.524598][T28300] 0 pages cma reserved [ 2231.528669][T28300] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.5,pid=28299,uid=0 [ 2231.549006][T28300] syz-executor.1 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 2231.561457][T28300] CPU: 0 PID: 28300 Comm: syz-executor.1 Not tainted 5.4.56-syzkaller-00005-g8555f0d9d303 #0 [ 2231.571610][T28300] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2231.581663][T28300] Call Trace: [ 2231.584979][T28300] dump_stack+0x14a/0x1ce [ 2231.589333][T28300] ? devkmsg_release+0x11c/0x11c [ 2231.594278][T28300] ? show_regs_print_info+0x12/0x12 [ 2231.599480][T28300] ? radix_tree_cpu_dead+0x160/0x160 [ 2231.604764][T28300] ? _raw_spin_lock+0xa1/0x170 [ 2231.609549][T28300] ? _raw_spin_trylock_bh+0x190/0x190 [ 2231.615028][T28300] dump_header+0xdb/0x700 [ 2231.619363][T28300] oom_kill_process+0xd3/0x280 [ 2231.624123][T28300] out_of_memory+0x5b6/0x890 [ 2231.628716][T28300] ? unregister_oom_notifier+0x20/0x20 [ 2231.634175][T28300] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2231.639727][T28300] ? get_page_from_freelist+0x7c0/0x7c0 [ 2231.645285][T28300] ? __zone_watermark_ok+0x91/0x280 [ 2231.650486][T28300] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2231.655876][T28300] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2231.661422][T28300] ? copy_process+0x5a4/0x5110 [ 2231.666183][T28300] ? kmem_cache_alloc+0x1d5/0x260 [ 2231.671203][T28300] copy_process+0x5f3/0x5110 [ 2231.675797][T28300] ? mem_cgroup_commit_charge+0x1cc/0x2a0 [ 2231.681513][T28300] ? _raw_spin_lock+0xa1/0x170 [ 2231.686275][T28300] ? mem_cgroup_try_charge_delay+0x10/0x10 [ 2231.692081][T28300] ? __lru_cache_add+0x1a1/0x1f0 [ 2231.697021][T28300] ? fork_idle+0x290/0x290 [ 2231.701453][T28300] _do_fork+0x196/0x920 [ 2231.706055][T28300] ? finish_fault+0x230/0x230 [ 2231.710749][T28300] ? up_write+0xa1/0x190 [ 2231.714990][T28300] ? dup_mm+0x300/0x300 [ 2231.719142][T28300] __x64_sys_clone+0x25e/0x2c0 [ 2231.723901][T28300] ? __ia32_sys_vfork+0x110/0x110 [ 2231.728920][T28300] ? do_user_addr_fault+0x55c/0x9f0 [ 2231.734118][T28300] do_syscall_64+0xcb/0x150 [ 2231.738620][T28300] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2231.744504][T28300] RIP: 0033:0x45f6a9 [ 2231.748389][T28300] Code: ff 48 85 f6 0f 84 57 8c fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c 2e 8c fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 2231.767983][T28300] RSP: 002b:00007ffee81ce378 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 2231.776389][T28300] RAX: ffffffffffffffda RBX: 00007f08e9583700 RCX: 000000000045f6a9 [ 2231.784356][T28300] RDX: 00007f08e95839d0 RSI: 00007f08e9582db0 RDI: 00000000003d0f00 [ 2231.792322][T28300] RBP: 00007ffee81ce5a0 R08: 00007f08e9583700 R09: 00007f08e9583700 [ 2231.800286][T28300] R10: 00007f08e95839d0 R11: 0000000000000202 R12: 0000000000000000 [ 2231.808251][T28300] R13: 00007ffee81ce42f R14: 00007f08e95839c0 R15: 000000000078c0ec [ 2231.825518][T28300] Mem-Info: [ 2231.833561][T28300] active_anon:1411129 inactive_anon:9707 isolated_anon:0 [ 2231.833561][T28300] active_file:110 inactive_file:248 isolated_file:0 [ 2231.833561][T28300] unevictable:363 dirty:0 writeback:0 unstable:0 [ 2231.833561][T28300] slab_reclaimable:10287 slab_unreclaimable:79406 [ 2231.833561][T28300] mapped:58355 shmem:9776 pagetables:37639 bounce:0 [ 2231.833561][T28300] free:11394 free_pcp:771 free_cma:0 [ 2231.871678][T28300] Node 0 active_anon:5644516kB inactive_anon:38828kB active_file:288kB inactive_file:400kB unevictable:1452kB isolated(anon):0kB isolated(file):0kB mapped:233040kB dirty:0kB writeback:0kB shmem:39104kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 2231.897123][T28300] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2231.951054][T28300] lowmem_reserve[]: 0 2912 6416 6416 [ 2231.956795][T28300] DMA32 free:20120kB min:4644kB low:7624kB high:10604kB active_anon:2824280kB inactive_anon:5352kB active_file:0kB inactive_file:52kB unevictable:0kB writepending:0kB present:3129332kB managed:2983768kB mlocked:0kB kernel_stack:15776kB pagetables:22724kB bounce:0kB free_pcp:1328kB local_pcp:1260kB free_cma:0kB [ 2231.986326][T28300] lowmem_reserve[]: 0 0 3504 3504 [ 2231.992001][T28300] Normal free:5820kB min:5592kB low:9180kB high:12768kB active_anon:2821748kB inactive_anon:33476kB active_file:588kB inactive_file:964kB unevictable:1452kB writepending:0kB present:4718592kB managed:3588928kB mlocked:1452kB kernel_stack:29632kB pagetables:127832kB bounce:0kB free_pcp:1736kB local_pcp:1332kB free_cma:0kB [ 2232.022356][T28300] lowmem_reserve[]: 0 0 0 0 [ 2232.027199][T28300] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2232.040547][T28300] DMA32: 3*4kB (MH) 102*8kB (MH) 87*16kB (UMH) 29*32kB (UMH) 10*64kB (UMH) 73*128kB (UMH) 12*256kB (UMH) 4*512kB (UMH) 0*1024kB 1*2048kB (H) 0*4096kB = 20300kB [ 2232.062580][T28300] Normal: 146*4kB (MEH) 38*8kB (UMEH) 27*16kB (UME) 9*32kB (UMH) 17*64kB (UM) 13*128kB (UM) 7*256kB (UM) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 6152kB [ 2232.077722][T28300] 10430 total pagecache pages [ 2232.082676][T28300] 0 pages in swap cache [ 2232.086942][T28300] Swap cache stats: add 0, delete 0, find 0/0 [ 2232.093031][T28300] Free swap = 0kB [ 2232.097128][T28300] Total swap = 0kB [ 2232.100849][T28300] 1965979 pages RAM [ 2232.104662][T28300] 0 pages HighMem/MovableOnly [ 2232.109662][T28300] 318829 pages reserved [ 2232.113813][T28300] 0 pages cma reserved [ 2232.118182][T28300] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.1,pid=14780,uid=0 [ 2232.132656][T28300] Out of memory: Killed process 14780 (syz-executor.1) total-vm:75240kB, anon-rss:13960kB, file-rss:35840kB, shmem-rss:0kB, UID:0 pgtables:160kB oom_score_adj:1000 21:34:00 executing program 2: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, 0x0, 0x0, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:34:00 executing program 3: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r3, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:34:00 executing program 5: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0xa, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x0) 21:34:00 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, 0x0, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/netlink\x00') preadv(r3, &(0x7f00000017c0), 0x375, 0x900, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) [ 2232.734207][T28329] syz-executor.1 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 2232.759075][T28329] CPU: 1 PID: 28329 Comm: syz-executor.1 Not tainted 5.4.56-syzkaller-00005-g8555f0d9d303 #0 [ 2232.769261][T28329] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2232.779312][T28329] Call Trace: [ 2232.782603][T28329] dump_stack+0x14a/0x1ce [ 2232.786929][T28329] ? devkmsg_release+0x11c/0x11c [ 2232.791873][T28329] ? show_regs_print_info+0x12/0x12 [ 2232.797066][T28329] ? radix_tree_cpu_dead+0x160/0x160 [ 2232.802359][T28329] ? _raw_spin_lock+0xa1/0x170 [ 2232.807135][T28329] ? _raw_spin_trylock_bh+0x190/0x190 [ 2232.812523][T28329] dump_header+0xdb/0x700 [ 2232.816863][T28329] oom_kill_process+0xd3/0x280 [ 2232.821642][T28329] out_of_memory+0x5b6/0x890 [ 2232.826255][T28329] ? unregister_oom_notifier+0x20/0x20 [ 2232.831798][T28329] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2232.837463][T28329] ? get_page_from_freelist+0x7c0/0x7c0 [ 2232.843007][T28329] ? __zone_watermark_ok+0x91/0x280 [ 2232.848198][T28329] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2232.853567][T28329] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2232.859129][T28329] ? copy_process+0x5a4/0x5110 [ 2232.863893][T28329] ? kmem_cache_alloc+0x1d5/0x260 [ 2232.868915][T28329] copy_process+0x5f3/0x5110 [ 2232.873524][T28329] ? mem_cgroup_commit_charge+0x1cc/0x2a0 [ 2232.879247][T28329] ? __mod_node_page_state+0x39/0xb0 [ 2232.884540][T28329] ? ___preempt_schedule+0x16/0x20 [ 2232.889662][T28329] ? __lru_cache_add+0x198/0x1f0 [ 2232.894976][T28329] ? fork_idle+0x290/0x290 [ 2232.899409][T28329] ? cpus_share_cache+0xd0/0xd0 [ 2232.904256][T28329] _do_fork+0x196/0x920 [ 2232.908407][T28329] ? finish_fault+0x230/0x230 [ 2232.913070][T28329] ? up_write+0x180/0x190 [ 2232.917393][T28329] ? dup_mm+0x300/0x300 [ 2232.921561][T28329] __x64_sys_clone+0x25e/0x2c0 [ 2232.926326][T28329] ? __ia32_sys_vfork+0x110/0x110 [ 2232.931351][T28329] ? __fpregs_load_activate+0x2d3/0x390 [ 2232.936916][T28329] ? do_user_addr_fault+0x55c/0x9f0 [ 2232.942108][T28329] do_syscall_64+0xcb/0x150 [ 2232.946608][T28329] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2232.952492][T28329] RIP: 0033:0x45f6a9 [ 2232.956373][T28329] Code: ff 48 85 f6 0f 84 57 8c fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c 2e 8c fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 2232.975971][T28329] RSP: 002b:00007ffee81ce378 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 2232.984375][T28329] RAX: ffffffffffffffda RBX: 00007f08e9583700 RCX: 000000000045f6a9 [ 2232.992342][T28329] RDX: 00007f08e95839d0 RSI: 00007f08e9582db0 RDI: 00000000003d0f00 [ 2233.000311][T28329] RBP: 00007ffee81ce5a0 R08: 00007f08e9583700 R09: 00007f08e9583700 [ 2233.008292][T28329] R10: 00007f08e95839d0 R11: 0000000000000202 R12: 0000000000000000 [ 2233.016425][T28329] R13: 00007ffee81ce42f R14: 00007f08e95839c0 R15: 000000000078c0ec [ 2233.041975][T28329] Mem-Info: [ 2233.045750][T28329] active_anon:1412380 inactive_anon:9707 isolated_anon:0 [ 2233.045750][T28329] active_file:59 inactive_file:110 isolated_file:32 [ 2233.045750][T28329] unevictable:363 dirty:4 writeback:0 unstable:0 [ 2233.045750][T28329] slab_reclaimable:10286 slab_unreclaimable:79506 [ 2233.045750][T28329] mapped:58276 shmem:9776 pagetables:37692 bounce:0 [ 2233.045750][T28329] free:10268 free_pcp:361 free_cma:0 [ 2233.084292][T28329] Node 0 active_anon:5649520kB inactive_anon:38828kB active_file:164kB inactive_file:568kB unevictable:1452kB isolated(anon):0kB isolated(file):0kB mapped:233124kB dirty:16kB writeback:0kB shmem:39104kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 2233.108997][T28329] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2233.135063][T28329] lowmem_reserve[]: 0 2912 6416 6416 [ 2233.140454][T28329] DMA32 free:19220kB min:4644kB low:7624kB high:10604kB active_anon:2824584kB inactive_anon:5352kB active_file:96kB inactive_file:372kB unevictable:0kB writepending:0kB present:3129332kB managed:2983768kB mlocked:0kB kernel_stack:15904kB pagetables:22736kB bounce:0kB free_pcp:328kB local_pcp:328kB free_cma:0kB [ 2233.170079][T28329] lowmem_reserve[]: 0 0 3504 3504 [ 2233.175940][T28329] Normal free:5444kB min:5592kB low:9180kB high:12768kB active_anon:2824548kB inactive_anon:33476kB active_file:432kB inactive_file:1004kB unevictable:1452kB writepending:16kB present:4718592kB managed:3588928kB mlocked:1452kB kernel_stack:29696kB pagetables:128032kB bounce:0kB free_pcp:1332kB local_pcp:684kB free_cma:0kB [ 2233.208259][T28329] lowmem_reserve[]: 0 0 0 0 [ 2233.220687][T28329] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2233.240687][T28329] DMA32: 2*4kB (H) 10*8kB (UMH) 39*16kB (UH) 1*32kB (H) 3*64kB (UH) 90*128kB (UMH) 12*256kB (MH) 1*512kB (H) 0*1024kB 1*2048kB (H) 0*4096kB = 18088kB [ 2233.256083][T28329] Normal: 256*4kB (UME) 56*8kB (UME) 33*16kB (UME) 11*32kB (UM) 1*64kB (M) 10*128kB (UM) 7*256kB (UM) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 5488kB [ 2233.270974][T28329] 10105 total pagecache pages [ 2233.275702][T28329] 0 pages in swap cache [ 2233.279900][T28329] Swap cache stats: add 0, delete 0, find 0/0 [ 2233.286229][T28329] Free swap = 0kB [ 2233.290387][T28329] Total swap = 0kB [ 2233.294176][T28329] 1965979 pages RAM [ 2233.298389][T28329] 0 pages HighMem/MovableOnly [ 2233.303156][T28329] 318829 pages reserved [ 2233.307719][T28329] 0 pages cma reserved [ 2233.311956][T28329] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.5,pid=28328,uid=0 [ 2233.326444][T28329] Out of memory: Killed process 28328 (syz-executor.5) total-vm:75240kB, anon-rss:16548kB, file-rss:35688kB, shmem-rss:0kB, UID:0 pgtables:160kB oom_score_adj:1000 21:34:02 executing program 2: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, 0x0, 0x0, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:34:02 executing program 3: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r3, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:34:02 executing program 1: r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/netlink\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x900, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) 21:34:02 executing program 5: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0xb, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x0) 21:34:02 executing program 0: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0xfffffffffffffdc1, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x4000850}, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@newlink={0x60, 0x10, 0x401, 0x400000, 0x0, {0x0, 0x0, 0x0, 0x0, 0x42df58543c8380db}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @ipip6={{0xb, 0x1, 'ip6tnl\x00'}, {0x20, 0x2, 0x0, 0x1, [@IFLA_IPTUN_ENCAP_FLAGS={0x6}, @IFLA_IPTUN_LOCAL={0x14, 0x3, @dev}]}}}, @IFLA_MTU={0x8, 0x4, 0x10001}, @IFLA_MASTER={0x8, 0xa, r1}]}, 0x60}}, 0x0) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f00000001c0)={'gretap0\x00', &(0x7f0000000140)=ANY=[@ANYBLOB='ip_vti0\x00\x00\x00\x00\x00\x00\x00\x00\x00', @ANYRES32=r1, @ANYBLOB="008078000000001f000000074724001c00640000110490780a010100e00007d6b1a5ab6f00"]}) sendmsg$NL80211_CMD_DEL_STATION(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x30, 0x0, 0x20, 0x70bd27, 0x25dfdbfd, {}, [@NL80211_ATTR_STA_AID={0x6, 0x10, 0x3b8}, @NL80211_ATTR_MAC={0xa, 0x6, @dev={[], 0x14}}, @NL80211_ATTR_IFINDEX={0x8, 0x3, r2}]}, 0x30}, 0x1, 0x0, 0x0, 0x40011}, 0x40) sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r3, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r5, 0x407, 0x0) write(r5, &(0x7f0000000340), 0x41395527) vmsplice(r4, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r6, &(0x7f00000017c0), 0x375, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) [ 2234.627697][T28351] syz-executor.5 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 2234.642865][T28351] CPU: 0 PID: 28351 Comm: syz-executor.5 Not tainted 5.4.56-syzkaller-00005-g8555f0d9d303 #0 [ 2234.653059][T28351] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2234.663107][T28351] Call Trace: [ 2234.666380][T28351] dump_stack+0x14a/0x1ce [ 2234.670704][T28351] ? devkmsg_release+0x11c/0x11c [ 2234.675629][T28351] ? show_regs_print_info+0x12/0x12 [ 2234.680828][T28351] ? radix_tree_cpu_dead+0x160/0x160 [ 2234.686113][T28351] ? _raw_spin_lock+0xa1/0x170 [ 2234.690866][T28351] ? _raw_spin_trylock_bh+0x190/0x190 [ 2234.696256][T28351] dump_header+0xdb/0x700 [ 2234.700747][T28351] oom_kill_process+0xd3/0x280 [ 2234.705506][T28351] out_of_memory+0x5b6/0x890 [ 2234.710091][T28351] ? unregister_oom_notifier+0x20/0x20 [ 2234.715560][T28351] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2234.721112][T28351] ? get_page_from_freelist+0x7c0/0x7c0 [ 2234.726661][T28351] ? __zone_watermark_ok+0x91/0x280 [ 2234.731915][T28351] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2234.737287][T28351] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2234.742835][T28351] ? copy_process+0x5a4/0x5110 [ 2234.747618][T28351] ? copy_process+0x5a4/0x5110 [ 2234.752387][T28351] ? kmem_cache_alloc+0x1d5/0x260 [ 2234.757402][T28351] copy_process+0x5f3/0x5110 [ 2234.761982][T28351] ? mem_cgroup_commit_charge+0x1cc/0x2a0 [ 2234.767689][T28351] ? _raw_spin_lock+0xa1/0x170 [ 2234.772448][T28351] ? mem_cgroup_try_charge_delay+0x10/0x10 [ 2234.778254][T28351] ? __lru_cache_add+0x1a1/0x1f0 [ 2234.783190][T28351] ? fork_idle+0x290/0x290 [ 2234.787610][T28351] _do_fork+0x196/0x920 [ 2234.791763][T28351] ? finish_fault+0x230/0x230 [ 2234.796471][T28351] ? up_write+0xa1/0x190 [ 2234.800721][T28351] ? dup_mm+0x300/0x300 [ 2234.804884][T28351] __x64_sys_clone+0x25e/0x2c0 [ 2234.809665][T28351] ? __ia32_sys_vfork+0x110/0x110 [ 2234.814701][T28351] ? do_user_addr_fault+0x55c/0x9f0 [ 2234.819902][T28351] do_syscall_64+0xcb/0x150 [ 2234.824398][T28351] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2234.830283][T28351] RIP: 0033:0x45f6a9 [ 2234.834179][T28351] Code: ff 48 85 f6 0f 84 57 8c fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c 2e 8c fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 2234.853785][T28351] RSP: 002b:00007ffc5a445c88 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 2234.862202][T28351] RAX: ffffffffffffffda RBX: 00007f2dca0ac700 RCX: 000000000045f6a9 [ 2234.870191][T28351] RDX: 00007f2dca0ac9d0 RSI: 00007f2dca0abdb0 RDI: 00000000003d0f00 [ 2234.878160][T28351] RBP: 00007ffc5a445eb0 R08: 00007f2dca0ac700 R09: 00007f2dca0ac700 [ 2234.886132][T28351] R10: 00007f2dca0ac9d0 R11: 0000000000000202 R12: 0000000000000000 [ 2234.894097][T28351] R13: 00007ffc5a445d3f R14: 00007f2dca0ac9c0 R15: 000000000078bf0c [ 2234.923389][T28351] Mem-Info: [ 2234.927516][T28351] active_anon:1409340 inactive_anon:9707 isolated_anon:0 [ 2234.927516][T28351] active_file:157 inactive_file:354 isolated_file:0 [ 2234.927516][T28351] unevictable:363 dirty:21 writeback:0 unstable:0 [ 2234.927516][T28351] slab_reclaimable:10295 slab_unreclaimable:79210 [ 2234.927516][T28351] mapped:58615 shmem:9776 pagetables:37726 bounce:0 [ 2234.927516][T28351] free:13338 free_pcp:282 free_cma:0 [ 2234.974923][T28351] Node 0 active_anon:5643260kB inactive_anon:38828kB active_file:628kB inactive_file:1816kB unevictable:1452kB isolated(anon):0kB isolated(file):0kB mapped:234660kB dirty:84kB writeback:0kB shmem:39104kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2234.999882][T28351] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2235.027207][T28351] lowmem_reserve[]: 0 2912 6416 6416 [ 2235.032652][T28351] DMA32 free:22376kB min:8740kB low:11720kB high:14700kB active_anon:2819748kB inactive_anon:5352kB active_file:100kB inactive_file:0kB unevictable:0kB writepending:12kB present:3129332kB managed:2983768kB mlocked:0kB kernel_stack:15968kB pagetables:23008kB bounce:0kB free_pcp:620kB local_pcp:0kB free_cma:0kB [ 2235.061834][T28351] lowmem_reserve[]: 0 0 3504 3504 [ 2235.066942][T28351] Normal free:6320kB min:9688kB low:13276kB high:16864kB active_anon:2826276kB inactive_anon:33476kB active_file:0kB inactive_file:124kB unevictable:1452kB writepending:72kB present:4718592kB managed:3588928kB mlocked:1452kB kernel_stack:29728kB pagetables:127896kB bounce:0kB free_pcp:1408kB local_pcp:16kB free_cma:0kB [ 2235.096905][T28351] lowmem_reserve[]: 0 0 0 0 [ 2235.101413][T28351] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2235.114727][T28351] DMA32: 2*4kB (H) 3*8kB (UMH) 2*16kB (MH) 1*32kB (H) 53*64kB (UMH) 90*128kB (MH) 9*256kB (MH) 1*512kB (H) 0*1024kB 1*2048kB (H) 0*4096kB = 19872kB [ 2235.129882][T28351] Normal: 413*4kB (UME) 54*8kB (UME) 26*16kB (UME) 12*32kB (UME) 13*64kB (UM) 18*128kB (UME) 8*256kB (UME) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8068kB [ 2235.151219][T28351] 10292 total pagecache pages [ 2235.156298][T28351] 0 pages in swap cache [ 2235.160533][T28351] Swap cache stats: add 0, delete 0, find 0/0 [ 2235.167188][T28351] Free swap = 0kB [ 2235.170935][T28351] Total swap = 0kB [ 2235.174722][T28351] 1965979 pages RAM [ 2235.178540][T28351] 0 pages HighMem/MovableOnly [ 2235.183213][T28351] 318829 pages reserved [ 2235.187436][T28351] 0 pages cma reserved [ 2235.191553][T28351] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.4,pid=26889,uid=0 [ 2235.205717][T28351] Out of memory: Killed process 26889 (syz-executor.4) total-vm:75240kB, anon-rss:13744kB, file-rss:35924kB, shmem-rss:0kB, UID:0 pgtables:160kB oom_score_adj:1000 [ 2235.227200][ T23] oom_reaper: reaped process 26889 (syz-executor.4), now anon-rss:0kB, file-rss:34836kB, shmem-rss:0kB 21:34:03 executing program 3: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r3, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:34:03 executing program 1: r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/netlink\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x900, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) 21:34:03 executing program 5: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0xc, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x0) 21:34:03 executing program 2: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, 0x0, 0x0, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:34:04 executing program 3: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) [ 2236.168374][T28393] syz-executor.1 invoked oom-killer: gfp_mask=0x1100dca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO|0x1000000), order=0, oom_score_adj=1000 [ 2236.189756][T28393] CPU: 1 PID: 28393 Comm: syz-executor.1 Not tainted 5.4.56-syzkaller-00005-g8555f0d9d303 #0 [ 2236.199922][T28393] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2236.209979][T28393] Call Trace: [ 2236.213269][T28393] dump_stack+0x14a/0x1ce [ 2236.217604][T28393] ? devkmsg_release+0x11c/0x11c [ 2236.222536][T28393] ? show_regs_print_info+0x12/0x12 [ 2236.227741][T28393] ? radix_tree_cpu_dead+0x160/0x160 [ 2236.233125][T28393] ? _raw_spin_lock+0xa1/0x170 [ 2236.237890][T28393] ? _raw_spin_trylock_bh+0x190/0x190 [ 2236.243269][T28393] dump_header+0xdb/0x700 [ 2236.247605][T28393] oom_kill_process+0xd3/0x280 [ 2236.252417][T28393] out_of_memory+0x5b6/0x890 [ 2236.257054][T28393] ? unregister_oom_notifier+0x20/0x20 [ 2236.262514][T28393] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2236.268156][T28393] ? get_page_from_freelist+0x7c0/0x7c0 [ 2236.273705][T28393] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2236.279097][T28393] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2236.284655][T28393] ? mem_cgroup_commit_charge+0x1cc/0x2a0 [ 2236.290377][T28393] ? __perf_event_task_sched_out+0xfe4/0x1110 [ 2236.296432][T28393] ? __perf_event_task_sched_in+0x4f7/0x560 [ 2236.302330][T28393] wp_page_copy+0x1cb/0x1120 [ 2236.306935][T28393] ? perf_pmu_sched_task+0x370/0x370 [ 2236.312225][T28393] ? switch_mm_irqs_off+0x2bf/0x9a0 [ 2236.317417][T28393] ? add_mm_rss_vec+0x270/0x270 [ 2236.322260][T28393] ? _raw_spin_unlock_irq+0x5/0x20 [ 2236.327378][T28393] ? finish_task_switch+0x235/0x4c0 [ 2236.332580][T28393] ? vm_normal_page+0x1c9/0x1d0 [ 2236.337429][T28393] do_wp_page+0x4c1/0x1530 [ 2236.341857][T28393] ? _raw_spin_lock+0xa1/0x170 [ 2236.346617][T28393] ? do_swap_page+0x1560/0x1560 [ 2236.351454][T28393] ? ttwu_do_wakeup+0x154/0x5b0 [ 2236.356308][T28393] handle_mm_fault+0xfa5/0x41e0 [ 2236.361210][T28393] ? __cgroup_account_cputime+0x2ba/0x2e0 [ 2236.366931][T28393] ? finish_fault+0x230/0x230 [ 2236.371745][T28393] ? update_curr+0x584/0x740 [ 2236.376403][T28393] ? down_read_trylock+0x17a/0x1d0 [ 2236.381511][T28393] ? _raw_spin_unlock_irq+0x5/0x20 [ 2236.386617][T28393] ? vmacache_find+0x47a/0x4b0 [ 2236.391379][T28393] do_user_addr_fault+0x48a/0x9f0 [ 2236.396393][T28393] page_fault+0x2f/0x40 [ 2236.400545][T28393] RIP: 0010:copy_user_enhanced_fast_string+0xe/0x30 [ 2236.407123][T28393] Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 89 d1 f3 a4 [ 2236.426710][T28393] RSP: 0018:ffff888063c3f888 EFLAGS: 00010206 [ 2236.432772][T28393] RAX: ffffffff81f80e01 RBX: 000000002027c500 RCX: 0000000000000500 [ 2236.440769][T28393] RDX: 0000000000001000 RSI: ffff888063c1bb00 RDI: 000000002027c000 [ 2236.448750][T28393] RBP: ffff888063c3fda8 R08: dffffc0000000000 R09: ffffed100c783800 [ 2236.456710][T28393] R10: 0000000000000000 R11: 0000000000000000 R12: 00007ffffffff000 [ 2236.464690][T28393] R13: 0000000000001000 R14: ffff888063c1b000 R15: 000000002027b500 [ 2236.472665][T28393] ? _copy_to_iter+0x1021/0x1060 [ 2236.477603][T28393] copyout+0x8e/0xb0 [ 2236.481510][T28393] copy_page_to_iter+0x393/0xbd0 [ 2236.486466][T28393] pipe_to_user+0xa3/0x130 [ 2236.490899][T28393] __splice_from_pipe+0x2d3/0x870 [ 2236.495933][T28393] ? user_page_pipe_buf_steal+0xc0/0xc0 [ 2236.501488][T28393] do_vmsplice+0x252/0xee0 [ 2236.505916][T28393] ? avc_ss_reset+0x3a0/0x3a0 [ 2236.510598][T28393] ? write_pipe_buf+0x1d0/0x1d0 [ 2236.515449][T28393] ? __rcu_read_lock+0x50/0x50 [ 2236.520226][T28393] ? check_stack_object+0x5a/0x90 [ 2236.525274][T28393] ? _copy_from_user+0xa4/0xe0 [ 2236.530031][T28393] ? rw_copy_check_uvector+0x2b3/0x310 [ 2236.535479][T28393] ? import_iovec+0x1c2/0x380 [ 2236.540154][T28393] ? dup_iter+0x110/0x110 [ 2236.544490][T28393] ? do_vfs_ioctl+0x780/0x1750 [ 2236.549279][T28393] __se_sys_vmsplice+0x1fb/0x300 [ 2236.554202][T28393] ? __x64_sys_vmsplice+0xa0/0xa0 [ 2236.559257][T28393] ? put_timespec64+0x109/0x150 [ 2236.564107][T28393] ? __x64_sys_clock_gettime+0x20d/0x260 [ 2236.569737][T28393] ? __ia32_sys_clock_settime+0x2a0/0x2a0 [ 2236.575464][T28393] do_syscall_64+0xcb/0x150 [ 2236.579971][T28393] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2236.585859][T28393] RIP: 0033:0x45ccd9 [ 2236.589745][T28393] Code: 2d b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb b5 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2236.609343][T28393] RSP: 002b:00007f08e95a3c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000116 [ 2236.618017][T28393] RAX: ffffffffffffffda RBX: 0000000000035780 RCX: 000000000045ccd9 [ 2236.626032][T28393] RDX: 0000000000000001 RSI: 0000000020000000 RDI: 0000000000000004 [ 2236.634010][T28393] RBP: 000000000078c088 R08: 0000000000000000 R09: 0000000000000000 [ 2236.641980][T28393] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078c04c [ 2236.649961][T28393] R13: 00007ffee81ce42f R14: 00007f08e95a49c0 R15: 000000000078c04c [ 2236.659852][T28393] Mem-Info: [ 2236.667207][T28393] active_anon:1411883 inactive_anon:9707 isolated_anon:0 [ 2236.667207][T28393] active_file:63 inactive_file:67 isolated_file:10 [ 2236.667207][T28393] unevictable:363 dirty:17 writeback:3 unstable:0 [ 2236.667207][T28393] slab_reclaimable:10310 slab_unreclaimable:79327 [ 2236.667207][T28393] mapped:58293 shmem:9776 pagetables:37824 bounce:0 [ 2236.667207][T28393] free:10561 free_pcp:590 free_cma:0 [ 2236.708285][T28393] Node 0 active_anon:5644632kB inactive_anon:38828kB active_file:224kB inactive_file:692kB unevictable:1452kB isolated(anon):0kB isolated(file):40kB mapped:233172kB dirty:68kB writeback:12kB shmem:39104kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2236.733717][T28393] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2236.760462][T28393] lowmem_reserve[]: 0 2912 6416 6416 [ 2236.766893][T28393] DMA32 free:23700kB min:4644kB low:7624kB high:10604kB active_anon:2818128kB inactive_anon:5352kB active_file:48kB inactive_file:12kB unevictable:0kB writepending:32kB present:3129332kB managed:2983768kB mlocked:0kB kernel_stack:16192kB pagetables:23440kB bounce:0kB free_pcp:148kB local_pcp:0kB free_cma:0kB [ 2236.802057][T28393] lowmem_reserve[]: 0 0 3504 3504 [ 2236.808354][T28393] Normal free:10520kB min:5592kB low:9180kB high:12768kB active_anon:2821340kB inactive_anon:33476kB active_file:528kB inactive_file:692kB unevictable:1452kB writepending:48kB present:4718592kB managed:3588928kB mlocked:1452kB kernel_stack:29760kB pagetables:127856kB bounce:0kB free_pcp:1092kB local_pcp:364kB free_cma:0kB [ 2236.839662][T28393] lowmem_reserve[]: 0 0 0 0 [ 2236.847724][T28393] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2236.861380][T28393] DMA32: 517*4kB (UMEH) 116*8kB (UMEH) 57*16kB (UMEH) 55*32kB (UMEH) 24*64kB (UMEH) 70*128kB (UMH) 7*256kB (MH) 1*512kB (H) 2*1024kB (UM) 2*2048kB (UH) 0*4096kB = 24612kB [ 2236.879386][T28393] Normal: 410*4kB (MH) 125*8kB (ME) 58*16kB (MEH) 32*32kB (MEH) 19*64kB (MH) 11*128kB (MEH) 9*256kB (MEH) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 9520kB [ 2236.895324][T28393] 10478 total pagecache pages [ 2236.900379][T28393] 0 pages in swap cache [ 2236.904937][T28393] Swap cache stats: add 0, delete 0, find 0/0 [ 2236.911440][T28393] Free swap = 0kB [ 2236.915855][T28393] Total swap = 0kB [ 2236.920166][T28393] 1965979 pages RAM [ 2236.925374][T28393] 0 pages HighMem/MovableOnly [ 2236.930588][T28393] 318829 pages reserved [ 2236.935625][T28393] 0 pages cma reserved [ 2236.940402][T28393] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.1,pid=23595,uid=0 [ 2236.955804][T28393] Out of memory: Killed process 23595 (syz-executor.1) total-vm:75372kB, anon-rss:14800kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:156kB oom_score_adj:1000 21:34:05 executing program 5: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0xd, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x0) 21:34:05 executing program 0: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="130000001500011c00ffbfec711b99ae41c0022d6b017300000011b9d11f8630fb4056df837ea1a07935618c7261d63bd45e21bfcbad8d828d3f8b18b9fc5f3e7484519a6f8ab5d354f16a96ffe887cc4df279f46c66c3e1c8d2a34fc4c7ccbba0c1583e60aec0668d15cd2d4b282a6239cd171e190ba6d7d70e5bcacb2b4fc5fc7584311b329459a5b2b910f199f31f0114a27072f7abc3b0d1485e2ccc6baf0c1e69cb736bb668f7a45459aead5ec7111ddd5a8a5d4d4f601319b0e86c5aee3bd6071edf9a5ffea56d027a017052db50abad7c36e1f90f6300941488b4c93a5076ff82f94f91f50f93c0e8ec89c6cef575879f2dd14f2b562b1a6ef28d3b14d9e17851e6f801ff11889b52e938691e9691372c8e593d7143ff6532f16a5bb6805443ed56e8a2aadfd0cf6c59d448f00c7d7f4abe4c10c5d2cb54954448bf0bba83e109e47c725d5f4f8172fcf785db3a74b47b38b2e2db72f69dda1262cfc7a7e781b289b612e15bba5ef51a3cb37f295d925b4347f1700db3b957eb2a88ec509f2b7156edd3ac6fbe63435802534758a513f800b099c98ac222445e2abb97fc65e63d49efb6fbdeb1"], 0x20}}, 0x0) r1 = socket(0x10, 0x8000000000000003, 0x0) sendmmsg(r1, &(0x7f0000000000), 0x40000000000024a, 0x0) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000000), 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000140), 0x4) sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x2, 0x0, 0x9}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x97) recvmmsg(r2, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r5, &(0x7f00000017c0), 0x375, 0x0, 0x0) openat$cgroup_ro(r5, &(0x7f0000000180)='freezer.self_freezing\x00', 0x0, 0x0) 21:34:05 executing program 3: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:34:05 executing program 1: r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/netlink\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x900, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) 21:34:05 executing program 2: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:34:05 executing program 4: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() read$char_usb(0xffffffffffffffff, 0x0, 0x7ffff000) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000340)={0x0}, 0x1, 0x0, 0x0, 0x2402a414}, 0x800) r0 = syz_genetlink_get_family_id$gtp(&(0x7f0000000500)='gtp\x00') sendmsg$GTP_CMD_DELPDP(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000ec0)=ANY=[@ANYBLOB="74235d6eff1e7ba7b29d963b4937bde975137e8e50ff51af19e250d16e08bfdddbb9916ac6fcd2c8622e0c437ade00b6ab85d06ce0bf2bdcc65e7c71a620fea1224b5b51a97cd000ddee1e9b6d947897c3d1788735edc3bf76a83f4d602deadb77cee6dbb2fcb3f4fa9971492fc9a132e19485da186750dcb8b1f43ea47e9ff7f9b732cad9bb8e8a4d23e1579c08d234d93b2b7fb842419e1dc7b938d8c615c88190a39e0ebf62b2df06c3ebd4849117be153638b0931d1fd14db39ef3c68b122cebf9e6c34dcd4eb8feb213826d33c1ecdf6b6d4379a2e318e7f6ccb4a474570cc31e40c51fb76c74a83224778b0723098f8cf896e008e6f58b875b1ce5a3672ab819c1fe10d53e5b201a0f1113e9f6c5ae089c6a29bea5da27fe77497392c66b52740d04017e9cb200b98002883c992015e4ab5cf5097f9726000000009bff1b02463072534d2603170913f48d11b3335ffacd2ddf1e64df934a7a4c6012066d8072d1261a4877feb60c72a8164bf2a02154baa6bb4961b959255b4bfd04c14b3ecb1f13ad7b1cd9063bc2229783ab0a3638fd592c0757ad06bfbd2cac9522bf4f5a213b799fcdb11c4ebbdacaf92d73d228b39f9e64092368139d0af3be0ac548444550d4352c49cf99d1e54b4ef9668acd668d473b7808a383d77156465df074469c354ff27dc285653785585baae558162d5ad63af8ff90af8d632bf21d81d3ad80a65187be452efd27a639b3fbc8468c931ac2eec36bf90eab1754e84d3ffab5435ae98141fb8dfef94b845fda13d83ac303dc3d212c2e5fad70e6f4935465f30b5b3a5fc7469be6181400100000000000001493a439a252ac004047ca12fae287fee4dc6753afd3b02759f4a9fcd2000000000000008eee64fdbc41d314810c7c5b3c73504bb9feabc93996b597ce8ed086729edee8f405f4b33906e2fb7bcdcae76ff7c47792d918127bf62d3d99b94d2bc359e8de6fb38e84f39b0dccd208e407febb07090a63eb8a089e31e650368185645de9a8aea01b78f17309586233dc613be1b4b1d4fe114d8e16b39ccecd99477759e10a6619b04818607d93909ff499a714b5a9577ae5e9feb660cac31708af45511311", @ANYRES16=r0, @ANYRESDEC], 0x3}, 0x1, 0x0, 0x0, 0x2c942}, 0x8000) sendmsg$GTP_CMD_DELPDP(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x1c, r0, 0x800, 0x70bd25, 0x25dfdbfc, {}, [@GTPA_I_TEI={0x8, 0x8, 0x6}]}, 0x1c}, 0x1, 0x0, 0x0, 0x81}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) sendmsg$AUDIT_LIST_RULES(r3, &(0x7f0000000380)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x10, 0x3f5, 0x0, 0x70bd29, 0x25dfdbfc, "", ["", "", "", "", "", ""]}, 0x10}, 0x1, 0x0, 0x0, 0x890}, 0x800) [ 2237.657638][T23960] syz-fuzzer invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 2237.669282][T23960] CPU: 1 PID: 23960 Comm: syz-fuzzer Not tainted 5.4.56-syzkaller-00005-g8555f0d9d303 #0 [ 2237.679107][T23960] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2237.689176][T23960] Call Trace: [ 2237.692476][T23960] dump_stack+0x14a/0x1ce [ 2237.696807][T23960] ? devkmsg_release+0x11c/0x11c [ 2237.701759][T23960] ? show_regs_print_info+0x12/0x12 [ 2237.706969][T23960] ? radix_tree_cpu_dead+0x160/0x160 [ 2237.712337][T23960] ? _raw_spin_lock+0xa1/0x170 [ 2237.717112][T23960] ? _raw_spin_trylock_bh+0x190/0x190 [ 2237.722478][T23960] dump_header+0xdb/0x700 [ 2237.726806][T23960] oom_kill_process+0xd3/0x280 [ 2237.731590][T23960] out_of_memory+0x5b6/0x890 [ 2237.736184][T23960] ? unregister_oom_notifier+0x20/0x20 [ 2237.741643][T23960] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2237.747201][T23960] ? get_page_from_freelist+0x7c0/0x7c0 [ 2237.753038][T23960] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2237.758416][T23960] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2237.763962][T23960] pagecache_get_page+0x50f/0x880 [ 2237.768991][T23960] filemap_fault+0x14cb/0x1a30 [ 2237.773762][T23960] ? __down_read+0xf1/0x210 [ 2237.778276][T23960] ? generic_file_read_iter+0x20b0/0x20b0 [ 2237.783999][T23960] ext4_filemap_fault+0x7b/0x90 [ 2237.788868][T23960] handle_mm_fault+0x29ca/0x41e0 [ 2237.793814][T23960] ? finish_fault+0x230/0x230 [ 2237.798496][T23960] ? __ia32_sys_sigaltstack+0x60/0x60 [ 2237.803867][T23960] ? down_read_trylock+0x17a/0x1d0 [ 2237.808989][T23960] ? vmacache_find+0x205/0x4b0 [ 2237.813752][T23960] do_user_addr_fault+0x48a/0x9f0 [ 2237.818776][T23960] page_fault+0x2f/0x40 [ 2237.822927][T23960] RIP: 0033:0x40cd92 [ 2237.826824][T23960] Code: Bad RIP value. [ 2237.830892][T23960] RSP: 002b:000000c002015640 EFLAGS: 00010202 [ 2237.836972][T23960] RAX: 00000000008efaa0 RBX: 0000000000000000 RCX: 000000c0000acc00 [ 2237.844957][T23960] RDX: 0000000000000001 RSI: 0000000000000038 RDI: 000000c011b9dac0 [ 2237.852923][T23960] RBP: 000000c002015660 R08: 00007fd749949ed7 R09: 0000000000203004 [ 2237.860885][T23960] R10: 0000000000000004 R11: 0000000000000033 R12: 00000000000000f3 [ 2237.868850][T23960] R13: 0000000000000000 R14: 0000000000ad4f10 R15: 0000000000000000 [ 2237.884363][T23960] Mem-Info: [ 2237.888513][T23960] active_anon:1412518 inactive_anon:9707 isolated_anon:0 [ 2237.888513][T23960] active_file:75 inactive_file:54 isolated_file:9 [ 2237.888513][T23960] unevictable:363 dirty:0 writeback:0 unstable:0 [ 2237.888513][T23960] slab_reclaimable:10334 slab_unreclaimable:79654 [ 2237.888513][T23960] mapped:58341 shmem:9776 pagetables:37857 bounce:0 [ 2237.888513][T23960] free:9995 free_pcp:26 free_cma:0 [ 2237.931138][T23960] Node 0 active_anon:5650072kB inactive_anon:38828kB active_file:128kB inactive_file:60kB unevictable:1452kB isolated(anon):0kB isolated(file):116kB mapped:233200kB dirty:0kB writeback:0kB shmem:39104kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2237.956709][T23960] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2237.983888][T23960] lowmem_reserve[]: 0 2912 6416 6416 [ 2237.989556][T23960] DMA32 free:18168kB min:4644kB low:7624kB high:10604kB active_anon:2821324kB inactive_anon:5352kB active_file:388kB inactive_file:152kB unevictable:0kB writepending:4kB present:3129332kB managed:2983768kB mlocked:0kB kernel_stack:16352kB pagetables:23680kB bounce:0kB free_pcp:440kB local_pcp:124kB free_cma:0kB [ 2238.019895][T23960] lowmem_reserve[]: 0 0 3504 3504 [ 2238.025923][T23960] Normal free:5512kB min:5592kB low:9180kB high:12768kB active_anon:2828748kB inactive_anon:33476kB active_file:0kB inactive_file:212kB unevictable:1452kB writepending:4kB present:4718592kB managed:3588928kB mlocked:1452kB kernel_stack:29696kB pagetables:127748kB bounce:0kB free_pcp:4kB local_pcp:0kB free_cma:0kB [ 2238.056448][T23960] lowmem_reserve[]: 0 0 0 0 [ 2238.061776][T23960] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2238.076123][T23960] DMA32: 47*4kB (UMEH) 27*8kB (UEH) 36*16kB (UMEH) 18*32kB (UMEH) 8*64kB (UMEH) 83*128kB (UMH) 8*256kB (MH) 2*512kB (UH) 1*1024kB (M) 1*2048kB (H) 0*4096kB = 18836kB [ 2238.093166][T23960] Normal: 110*4kB (UME) 31*8kB (UME) 22*16kB (UME) 20*32kB (UM) 13*64kB (UM) 8*128kB (UM) 9*256kB (UME) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 5840kB [ 2238.111593][T23960] 10149 total pagecache pages [ 2238.116530][T23960] 0 pages in swap cache [ 2238.120691][T23960] Swap cache stats: add 0, delete 0, find 0/0 [ 2238.132532][T23960] Free swap = 0kB [ 2238.144619][T23960] Total swap = 0kB [ 2238.150030][T23960] 1965979 pages RAM [ 2238.160591][T23960] 0 pages HighMem/MovableOnly [ 2238.170113][T23960] 318829 pages reserved [ 2238.209161][T23960] 0 pages cma reserved [ 2238.219121][T23960] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.5,pid=28414,uid=0 [ 2238.279319][T28449] syz-executor.4 invoked oom-killer: gfp_mask=0x1100dca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO|0x1000000), order=0, oom_score_adj=1000 [ 2238.293412][T28449] CPU: 1 PID: 28449 Comm: syz-executor.4 Not tainted 5.4.56-syzkaller-00005-g8555f0d9d303 #0 [ 2238.303561][T28449] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2238.313611][T28449] Call Trace: [ 2238.316895][T28449] dump_stack+0x14a/0x1ce [ 2238.321201][T28449] ? devkmsg_release+0x11c/0x11c [ 2238.326201][T28449] ? show_regs_print_info+0x12/0x12 [ 2238.331387][T28449] ? radix_tree_cpu_dead+0x160/0x160 [ 2238.336656][T28449] ? _raw_spin_lock+0xa1/0x170 [ 2238.341405][T28449] ? _raw_spin_trylock_bh+0x190/0x190 [ 2238.346767][T28449] dump_header+0xdb/0x700 [ 2238.351083][T28449] oom_kill_process+0xd3/0x280 [ 2238.355834][T28449] out_of_memory+0x5b6/0x890 [ 2238.360415][T28449] ? unregister_oom_notifier+0x20/0x20 [ 2238.365914][T28449] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2238.371449][T28449] ? get_page_from_freelist+0x7c0/0x7c0 [ 2238.376985][T28449] ? flush_tlb_func_common+0x45/0x580 [ 2238.382344][T28449] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2238.387707][T28449] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2238.393247][T28449] ? mem_cgroup_commit_charge+0x1cc/0x2a0 [ 2238.398956][T28449] ? mem_cgroup_try_charge_delay+0x10/0x10 [ 2238.404767][T28449] ? __lru_cache_add+0x1a1/0x1f0 [ 2238.409687][T28449] wp_page_copy+0x1cb/0x1120 [ 2238.414264][T28449] ? add_mm_rss_vec+0x270/0x270 [ 2238.419125][T28449] ? vm_normal_page+0x1c9/0x1d0 [ 2238.423961][T28449] do_wp_page+0x4c1/0x1530 [ 2238.428360][T28449] ? psi_task_change+0x92d/0xe30 [ 2238.433302][T28449] ? _raw_spin_lock+0xa1/0x170 [ 2238.438060][T28449] ? do_swap_page+0x1560/0x1560 [ 2238.442911][T28449] ? update_misfit_status+0x5e0/0x5e0 [ 2238.448271][T28449] handle_mm_fault+0xfa5/0x41e0 [ 2238.453110][T28449] ? finish_fault+0x230/0x230 [ 2238.457776][T28449] ? trace_event_raw_event_sched_switch+0x4a0/0x4a0 [ 2238.464355][T28449] ? down_read_trylock+0x17a/0x1d0 [ 2238.469458][T28449] ? vmacache_find+0x205/0x4b0 [ 2238.474216][T28449] do_user_addr_fault+0x48a/0x9f0 [ 2238.479244][T28449] page_fault+0x2f/0x40 [ 2238.483391][T28449] RIP: 0010:copy_user_enhanced_fast_string+0xe/0x30 [ 2238.489978][T28449] Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 89 d1 f3 a4 [ 2238.509577][T28449] RSP: 0018:ffff888063ec7888 EFLAGS: 00010206 [ 2238.515661][T28449] RAX: ffffffff81f80e01 RBX: 0000000020878500 RCX: 0000000000000500 [ 2238.523630][T28449] RDX: 0000000000001000 RSI: ffff888063f73b00 RDI: 0000000020878000 [ 2238.531767][T28449] RBP: ffff888063ec7da8 R08: dffffc0000000000 R09: ffffed100c7ee800 [ 2238.539737][T28449] R10: 0000000000000000 R11: 0000000000000000 R12: 00007ffffffff000 [ 2238.547812][T28449] R13: 0000000000001000 R14: ffff888063f73000 R15: 0000000020877500 [ 2238.555793][T28449] ? _copy_to_iter+0x1021/0x1060 [ 2238.560733][T28449] copyout+0x8e/0xb0 [ 2238.564642][T28449] copy_page_to_iter+0x393/0xbd0 [ 2238.569564][T28449] pipe_to_user+0xa3/0x130 [ 2238.573965][T28449] __splice_from_pipe+0x2d3/0x870 [ 2238.578984][T28449] ? user_page_pipe_buf_steal+0xc0/0xc0 [ 2238.584530][T28449] do_vmsplice+0x252/0xee0 [ 2238.588962][T28449] ? avc_ss_reset+0x3a0/0x3a0 [ 2238.593653][T28449] ? write_pipe_buf+0x1d0/0x1d0 [ 2238.598486][T28449] ? __rcu_read_lock+0x50/0x50 [ 2238.603237][T28449] ? check_stack_object+0x5a/0x90 [ 2238.608272][T28449] ? _copy_from_user+0xa4/0xe0 [ 2238.613025][T28449] ? rw_copy_check_uvector+0x2b3/0x310 [ 2238.618464][T28449] ? import_iovec+0x1c2/0x380 [ 2238.623123][T28449] ? dup_iter+0x110/0x110 [ 2238.627445][T28449] ? do_vfs_ioctl+0x780/0x1750 [ 2238.632184][T28449] __se_sys_vmsplice+0x1fb/0x300 [ 2238.637103][T28449] ? __x64_sys_vmsplice+0xa0/0xa0 [ 2238.642110][T28449] ? put_timespec64+0x109/0x150 [ 2238.646954][T28449] ? __x64_sys_clock_gettime+0x20d/0x260 [ 2238.652569][T28449] ? __ia32_sys_clock_settime+0x2a0/0x2a0 [ 2238.658284][T28449] do_syscall_64+0xcb/0x150 [ 2238.662780][T28449] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2238.668678][T28449] RIP: 0033:0x45ccd9 [ 2238.673513][T28449] Code: 2d b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb b5 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2238.694064][T28449] RSP: 002b:00007f147e942c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000116 [ 2238.702474][T28449] RAX: ffffffffffffffda RBX: 0000000000035780 RCX: 000000000045ccd9 [ 2238.710430][T28449] RDX: 0000000000000001 RSI: 0000000020000000 RDI: 0000000000000005 [ 2238.718390][T28449] RBP: 000000000078c128 R08: 0000000000000000 R09: 0000000000000000 [ 2238.726353][T28449] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078c0ec [ 2238.734313][T28449] R13: 00007ffdf3466bef R14: 00007f147e9439c0 R15: 000000000078c0ec [ 2238.745731][T28449] Mem-Info: [ 2238.749315][T28449] active_anon:1412431 inactive_anon:9707 isolated_anon:0 [ 2238.749315][T28449] active_file:88 inactive_file:128 isolated_file:0 [ 2238.749315][T28449] unevictable:363 dirty:12 writeback:0 unstable:0 [ 2238.749315][T28449] slab_reclaimable:10335 slab_unreclaimable:79658 [ 2238.749315][T28449] mapped:58305 shmem:9776 pagetables:37845 bounce:0 [ 2238.749315][T28449] free:10183 free_pcp:0 free_cma:0 [ 2238.790573][T28449] Node 0 active_anon:5649724kB inactive_anon:38828kB active_file:64kB inactive_file:0kB unevictable:1452kB isolated(anon):0kB isolated(file):0kB mapped:233120kB dirty:48kB writeback:0kB shmem:39104kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2238.816449][T28449] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2238.843058][T28449] lowmem_reserve[]: 0 2912 6416 6416 [ 2238.849332][T28449] DMA32 free:18580kB min:4644kB low:7624kB high:10604kB active_anon:2821312kB inactive_anon:5352kB active_file:412kB inactive_file:224kB unevictable:0kB writepending:32kB present:3129332kB managed:2983768kB mlocked:0kB kernel_stack:16288kB pagetables:23632kB bounce:0kB free_pcp:748kB local_pcp:748kB free_cma:0kB [ 2238.880880][T28449] lowmem_reserve[]: 0 0 3504 3504 [ 2238.887084][T28449] Normal free:5884kB min:5592kB low:9180kB high:12768kB active_anon:2828412kB inactive_anon:33476kB active_file:124kB inactive_file:0kB unevictable:1452kB writepending:4kB present:4718592kB managed:3588928kB mlocked:1452kB kernel_stack:29664kB pagetables:127748kB bounce:0kB free_pcp:248kB local_pcp:0kB free_cma:0kB [ 2238.919182][T28449] lowmem_reserve[]: 0 0 0 0 [ 2238.923747][T28449] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2238.937249][T28449] DMA32: 25*4kB (UMEH) 34*8kB (UMEH) 42*16kB (UMEH) 15*32kB (UMEH) 8*64kB (UMEH) 83*128kB (UMH) 8*256kB (MH) 2*512kB (UH) 1*1024kB (M) 1*2048kB (H) 0*4096kB = 18804kB [ 2238.953968][T28449] Normal: 15*4kB (ME) 10*8kB (UME) 3*16kB (UE) 19*32kB (UM) 17*64kB (UM) 9*128kB (UM) 9*256kB (UME) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 5340kB [ 2238.968600][T28449] 10112 total pagecache pages [ 2238.973274][T28449] 0 pages in swap cache [ 2238.977516][T28449] Swap cache stats: add 0, delete 0, find 0/0 [ 2238.983579][T28449] Free swap = 0kB [ 2238.987961][T28449] Total swap = 0kB [ 2238.991667][T28449] 1965979 pages RAM [ 2238.995489][T28449] 0 pages HighMem/MovableOnly [ 2239.000166][T28449] 318829 pages reserved [ 2239.004312][T28449] 0 pages cma reserved [ 2239.008415][T28449] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.1,pid=28420,uid=0 [ 2239.022619][T28449] Out of memory: Killed process 28420 (syz-executor.1) total-vm:75372kB, anon-rss:16560kB, file-rss:35648kB, shmem-rss:0kB, UID:0 pgtables:164kB oom_score_adj:1000 [ 2239.084057][ T23] oom_reaper: reaped process 28420 (syz-executor.1), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 2239.320572][T28461] syz-executor.3 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 2239.333749][T28461] CPU: 0 PID: 28461 Comm: syz-executor.3 Not tainted 5.4.56-syzkaller-00005-g8555f0d9d303 #0 [ 2239.343943][T28461] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2239.354101][T28461] Call Trace: [ 2239.357389][T28461] dump_stack+0x14a/0x1ce [ 2239.361715][T28461] ? devkmsg_release+0x11c/0x11c [ 2239.366642][T28461] ? show_regs_print_info+0x12/0x12 [ 2239.371936][T28461] ? radix_tree_cpu_dead+0x160/0x160 [ 2239.377335][T28461] ? _raw_spin_lock+0xa1/0x170 [ 2239.382094][T28461] ? _raw_spin_trylock_bh+0x190/0x190 [ 2239.388423][T28461] dump_header+0xdb/0x700 [ 2239.392743][T28461] oom_kill_process+0xd3/0x280 [ 2239.397503][T28461] out_of_memory+0x5b6/0x890 [ 2239.402109][T28461] ? unregister_oom_notifier+0x20/0x20 [ 2239.407665][T28461] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2239.413214][T28461] ? get_page_from_freelist+0x7c0/0x7c0 [ 2239.418785][T28461] ? __zone_watermark_ok+0x91/0x280 [ 2239.423967][T28461] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2239.429334][T28461] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2239.434883][T28461] ? vma_link+0x17a/0x290 [ 2239.439227][T28461] pte_alloc_one+0x1b/0xb0 [ 2239.443643][T28461] __pte_alloc+0x1d/0x1d0 [ 2239.447976][T28461] handle_mm_fault+0x38ce/0x41e0 [ 2239.452918][T28461] ? find_vma+0x150/0x150 [ 2239.457296][T28461] ? finish_fault+0x230/0x230 [ 2239.461966][T28461] ? up_write+0xa1/0x190 [ 2239.466212][T28461] ? down_read_trylock+0x17a/0x1d0 [ 2239.471332][T28461] ? vmacache_update+0x9f/0xf0 [ 2239.476103][T28461] do_user_addr_fault+0x48a/0x9f0 [ 2239.481129][T28461] page_fault+0x2f/0x40 [ 2239.485284][T28461] RIP: 0033:0x4142bf [ 2239.489197][T28461] Code: 0f 84 c8 02 00 00 48 83 bd 78 ff ff ff 00 0f 84 f9 04 00 00 48 8b 95 68 ff ff ff 44 89 95 38 ff ff ff 4c 8d ac 10 00 f7 ff ff <49> 89 85 90 06 00 00 49 8d 85 10 03 00 00 49 89 95 98 06 00 00 41 [ 2239.508794][T28461] RSP: 002b:00007ffd7c796570 EFLAGS: 00010206 [ 2239.514859][T28461] RAX: 00007fbf5a9d2000 RBX: 0000000000020000 RCX: 000000000045cd2a [ 2239.522812][T28461] RDX: 0000000000021000 RSI: 0000000000021000 RDI: 0000000000000000 [ 2239.530768][T28461] RBP: 00007ffd7c796650 R08: ffffffffffffffff R09: 0000000000000000 [ 2239.538741][T28461] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd7c796750 [ 2239.546710][T28461] R13: 00007fbf5a9f2700 R14: 0000000000000d5e R15: 000000000078c04c [ 2239.556759][T28461] Mem-Info: [ 2239.560149][T28461] active_anon:1413001 inactive_anon:9707 isolated_anon:0 [ 2239.560149][T28461] active_file:21 inactive_file:0 isolated_file:0 [ 2239.560149][T28461] unevictable:363 dirty:19 writeback:1 unstable:0 [ 2239.560149][T28461] slab_reclaimable:10341 slab_unreclaimable:79943 [ 2239.560149][T28461] mapped:58299 shmem:9776 pagetables:37873 bounce:0 [ 2239.560149][T28461] free:9231 free_pcp:198 free_cma:0 [ 2239.598460][T28461] Node 0 active_anon:5652004kB inactive_anon:38828kB active_file:184kB inactive_file:0kB unevictable:1452kB isolated(anon):0kB isolated(file):0kB mapped:233196kB dirty:76kB writeback:4kB shmem:39104kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2239.624961][T28461] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2239.651616][T28461] lowmem_reserve[]: 0 2912 6416 6416 [ 2239.661728][T28461] DMA32 free:17252kB min:4644kB low:7624kB high:10604kB active_anon:2821168kB inactive_anon:5352kB active_file:16kB inactive_file:36kB unevictable:0kB writepending:4kB present:3129332kB managed:2983768kB mlocked:0kB kernel_stack:16224kB pagetables:23668kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2239.695604][T28461] lowmem_reserve[]: 0 0 3504 3504 [ 2239.700897][T28461] Normal free:4040kB min:5592kB low:9180kB high:12768kB active_anon:2831028kB inactive_anon:33476kB active_file:72kB inactive_file:48kB unevictable:1452kB writepending:56kB present:4718592kB managed:3588928kB mlocked:1452kB kernel_stack:29792kB pagetables:127844kB bounce:0kB free_pcp:184kB local_pcp:52kB free_cma:0kB [ 2239.731873][T28461] lowmem_reserve[]: 0 0 0 0 [ 2239.736417][T28461] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2239.750290][T28461] DMA32: 46*4kB (UE) 48*8kB (UME) 62*16kB (UE) 6*32kB (UME) 7*64kB (UME) 82*128kB (UM) 8*256kB (UM) 1*512kB (M) 0*1024kB 1*2048kB (M) 0*4096kB = 17304kB [ 2239.766003][T28461] Normal: 69*4kB (UME) 16*8kB (UME) 7*16kB (UME) 2*32kB (M) 3*64kB (UM) 7*128kB (M) 9*256kB (UME) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 3972kB [ 2239.780484][T28461] 10113 total pagecache pages [ 2239.785443][T28461] 0 pages in swap cache [ 2239.789581][T28461] Swap cache stats: add 0, delete 0, find 0/0 [ 2239.795694][T28461] Free swap = 0kB [ 2239.799463][T28461] Total swap = 0kB [ 2239.803170][T28461] 1965979 pages RAM [ 2239.807276][T28461] 0 pages HighMem/MovableOnly [ 2239.811960][T28461] 318829 pages reserved [ 2239.816183][T28461] 0 pages cma reserved [ 2239.820268][T28461] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.1,pid=20606,uid=0 [ 2239.834438][T28461] Out of memory: Killed process 20606 (syz-executor.1) total-vm:75240kB, anon-rss:13620kB, file-rss:35840kB, shmem-rss:0kB, UID:0 pgtables:160kB oom_score_adj:1000 [ 2239.876701][ T23] oom_reaper: reaped process 20606 (syz-executor.1), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 2239.891456][ T351] syz-executor.3 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 2239.907180][ T351] CPU: 1 PID: 351 Comm: syz-executor.3 Not tainted 5.4.56-syzkaller-00005-g8555f0d9d303 #0 [ 2239.917168][ T351] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2239.927234][ T351] Call Trace: [ 2239.930544][ T351] dump_stack+0x14a/0x1ce [ 2239.934858][ T351] ? devkmsg_release+0x11c/0x11c [ 2239.940740][ T351] ? show_regs_print_info+0x12/0x12 [ 2239.945938][ T351] ? radix_tree_cpu_dead+0x160/0x160 [ 2239.951225][ T351] ? _raw_spin_lock+0xa1/0x170 [ 2239.956337][ T351] ? _raw_spin_trylock_bh+0x190/0x190 [ 2239.961805][ T351] dump_header+0xdb/0x700 [ 2239.974378][ T351] oom_kill_process+0xd3/0x280 [ 2239.979143][ T351] out_of_memory+0x5b6/0x890 [ 2239.983740][ T351] ? unregister_oom_notifier+0x20/0x20 [ 2239.989228][ T351] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2239.994766][ T351] ? get_page_from_freelist+0x7c0/0x7c0 [ 2240.000312][ T351] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2240.005688][ T351] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2240.011240][ T351] pagecache_get_page+0x50f/0x880 [ 2240.016690][ T351] filemap_fault+0x14cb/0x1a30 [ 2240.021469][ T351] ? __down_read+0xf1/0x210 [ 2240.025966][ T351] ? generic_file_read_iter+0x20b0/0x20b0 [ 2240.031671][ T351] ? is_mmconf_reserved+0x420/0x420 [ 2240.036860][ T351] ext4_filemap_fault+0x7b/0x90 [ 2240.041751][ T351] handle_mm_fault+0x29ca/0x41e0 [ 2240.046681][ T351] ? finish_fault+0x230/0x230 [ 2240.051349][ T351] ? get_timespec64+0x11f/0x1d0 [ 2240.056189][ T351] ? down_read_trylock+0x17a/0x1d0 [ 2240.061300][ T351] ? vmacache_find+0x205/0x4b0 [ 2240.066051][ T351] do_user_addr_fault+0x48a/0x9f0 [ 2240.071063][ T351] page_fault+0x2f/0x40 [ 2240.075199][ T351] RIP: 0033:0x4105de [ 2240.079220][ T351] Code: 89 c6 48 8b 05 c3 35 89 00 4c 89 f3 44 8b 20 eb 48 0f 1f 00 bf e8 03 00 00 e8 8e c6 04 00 e8 79 2d ff ff 48 8b 15 a2 35 89 00 <8b> 0a 48 89 c2 41 39 cc 48 0f 45 d8 4c 29 f2 48 81 fa 87 13 00 00 [ 2240.099493][ T351] RSP: 002b:00007ffd7c796820 EFLAGS: 00010206 [ 2240.105536][ T351] RAX: 0000000000222cad RBX: 0000000000222ad1 RCX: 0000000000222a18 [ 2240.113487][ T351] RDX: 0000001b31920000 RSI: 0000000000000000 RDI: 0000000000000001 21:34:07 executing program 5: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0xe, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x0) 21:34:07 executing program 1: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/netlink\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x900, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) 21:34:07 executing program 4: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) 21:34:07 executing program 2: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:34:07 executing program 3: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:34:07 executing program 0: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) r4 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x100, 0x0) write(r4, &(0x7f0000000340), 0x0) r5 = syz_open_procfs(0x0, &(0x7f0000000000)='pagemap\x00') read$char_usb(r5, 0x0, 0x7ffff000) r6 = socket$pptp(0x18, 0x1, 0x2) copy_file_range(r5, 0x0, r6, &(0x7f0000000140), 0x4, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r7 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r7, &(0x7f00000017c0), 0x375, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) [ 2240.121442][ T351] RBP: 00000000000041a2 R08: 0000000000000001 R09: 0000000001852940 [ 2240.129398][ T351] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006 [ 2240.137356][ T351] R13: 00007ffd7c796850 R14: 0000000000222a9d R15: 00007ffd7c796860 [ 2240.158130][ T351] Mem-Info: [ 2240.162198][ T351] active_anon:1406174 inactive_anon:9707 isolated_anon:0 [ 2240.162198][ T351] active_file:662 inactive_file:931 isolated_file:0 [ 2240.162198][ T351] unevictable:363 dirty:14 writeback:0 unstable:0 [ 2240.162198][ T351] slab_reclaimable:10341 slab_unreclaimable:79944 [ 2240.162198][ T351] mapped:59283 shmem:9776 pagetables:37859 bounce:0 [ 2240.162198][ T351] free:13842 free_pcp:965 free_cma:0 21:34:08 executing program 5: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x10, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x0) 21:34:08 executing program 2: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) [ 2240.204732][ T351] Node 0 active_anon:5624696kB inactive_anon:38828kB active_file:2648kB inactive_file:4724kB unevictable:1452kB isolated(anon):0kB isolated(file):0kB mapped:237932kB dirty:56kB writeback:0kB shmem:39104kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2240.232752][ T351] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2240.263042][ T351] lowmem_reserve[]: 0 2912 6416 6416 [ 2240.300378][ T351] DMA32 free:23204kB min:8740kB low:11720kB high:14700kB active_anon:2812604kB inactive_anon:5352kB active_file:272kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2983768kB mlocked:0kB kernel_stack:16192kB pagetables:23604kB bounce:0kB free_pcp:2600kB local_pcp:1292kB free_cma:0kB [ 2240.401319][ T351] lowmem_reserve[]: 0 0 3504 3504 [ 2240.407650][ T351] Normal free:14164kB min:5592kB low:9180kB high:12768kB active_anon:2816640kB inactive_anon:33476kB active_file:1860kB inactive_file:1864kB unevictable:1452kB writepending:204kB present:4718592kB managed:3588928kB mlocked:1452kB kernel_stack:29696kB pagetables:127916kB bounce:0kB free_pcp:1996kB local_pcp:640kB free_cma:0kB [ 2240.443390][ T351] lowmem_reserve[]: 0 0 0 0 [ 2240.452042][ T351] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2240.466846][ T351] DMA32: 439*4kB (UMEH) 126*8kB (UME) 134*16kB (UME) 87*32kB (UMEH) 29*64kB (ME) 83*128kB (M) 7*256kB (UM) 0*512kB 0*1024kB 1*2048kB (U) 0*4096kB = 24012kB [ 2240.483924][ T351] Normal: 480*4kB (UMEH) 103*8kB (UME) 63*16kB (UME) 61*32kB (M) 50*64kB (M) 28*128kB (UM) 7*256kB (M) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 14280kB [ 2240.581445][ T351] 10479 total pagecache pages [ 2240.586453][ T351] 0 pages in swap cache [ 2240.590777][ T351] Swap cache stats: add 0, delete 0, find 0/0 [ 2240.596907][ T351] Free swap = 0kB [ 2240.600666][ T351] Total swap = 0kB [ 2240.604408][ T351] 1965979 pages RAM [ 2240.608277][ T351] 0 pages HighMem/MovableOnly [ 2240.612998][ T351] 318829 pages reserved [ 2240.617226][ T351] 0 pages cma reserved [ 2240.621359][ T351] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.5,pid=28458,uid=0 [ 2240.701272][ T144] systemd-journal invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 2240.712518][ T144] CPU: 1 PID: 144 Comm: systemd-journal Not tainted 5.4.56-syzkaller-00005-g8555f0d9d303 #0 [ 2240.722603][ T144] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2240.732796][ T144] Call Trace: [ 2240.736118][ T144] dump_stack+0x14a/0x1ce [ 2240.740453][ T144] ? devkmsg_release+0x11c/0x11c [ 2240.745400][ T144] ? show_regs_print_info+0x12/0x12 [ 2240.750595][ T144] ? radix_tree_cpu_dead+0x160/0x160 [ 2240.755884][ T144] ? _raw_spin_lock+0xa1/0x170 [ 2240.760649][ T144] ? _raw_spin_trylock_bh+0x190/0x190 [ 2240.766020][ T144] dump_header+0xdb/0x700 [ 2240.770394][ T144] oom_kill_process+0xd3/0x280 [ 2240.776042][ T144] out_of_memory+0x5b6/0x890 [ 2240.780636][ T144] ? unregister_oom_notifier+0x20/0x20 [ 2240.786100][ T144] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2240.791662][ T144] ? get_page_from_freelist+0x7c0/0x7c0 [ 2240.797333][ T144] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2240.802719][ T144] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2240.808289][ T144] pagecache_get_page+0x50f/0x880 [ 2240.813547][ T144] filemap_fault+0x14cb/0x1a30 [ 2240.818327][ T144] ? __down_read+0xf1/0x210 [ 2240.822838][ T144] ? generic_file_read_iter+0x20b0/0x20b0 [ 2240.828594][ T144] ? _raw_spin_unlock_irq+0x5/0x20 [ 2240.833722][ T144] ? finish_task_switch+0x235/0x4c0 [ 2240.838939][ T144] ext4_filemap_fault+0x7b/0x90 [ 2240.843797][ T144] handle_mm_fault+0x29ca/0x41e0 [ 2240.848734][ T144] ? finish_fault+0x230/0x230 [ 2240.853408][ T144] ? down_read_trylock+0x17a/0x1d0 [ 2240.858532][ T144] ? retint_kernel+0x1b/0x1b [ 2240.863129][ T144] ? vmacache_find+0x47a/0x4b0 [ 2240.867915][ T144] do_user_addr_fault+0x48a/0x9f0 [ 2240.873044][ T144] page_fault+0x2f/0x40 [ 2240.877198][ T144] RIP: 0033:0x7ff88f400676 [ 2240.881643][ T144] Code: Bad RIP value. [ 2240.885692][ T144] RSP: 002b:00007fff7a620eb8 EFLAGS: 00010297 [ 2240.891739][ T144] RAX: 00007ff88fea1980 RBX: 00007fff7a6211e0 RCX: 0000000000000980 [ 2240.899706][ T144] RDX: 0000000000000020 RSI: 0000000000000000 RDI: 00007ff88fea1980 [ 2240.907698][ T144] RBP: 00007ff88fea1980 R08: 000000000000c0ff R09: 0000000000000001 [ 2240.915666][ T144] R10: 0000000000000069 R11: 0000000000000001 R12: 0000000000000040 [ 2240.923631][ T144] R13: 0000560bc4db7060 R14: 00007fff7a6211a0 R15: 00007fff7a621750 [ 2240.938219][ T144] Mem-Info: [ 2240.941502][ T144] active_anon:1413091 inactive_anon:9707 isolated_anon:0 [ 2240.941502][ T144] active_file:38 inactive_file:6 isolated_file:0 [ 2240.941502][ T144] unevictable:363 dirty:24 writeback:1 unstable:0 [ 2240.941502][ T144] slab_reclaimable:10340 slab_unreclaimable:79927 [ 2240.941502][ T144] mapped:58318 shmem:9776 pagetables:37846 bounce:0 [ 2240.941502][ T144] free:9248 free_pcp:4 free_cma:0 [ 2240.984274][ T144] Node 0 active_anon:5652364kB inactive_anon:38828kB active_file:36kB inactive_file:24kB unevictable:1452kB isolated(anon):0kB isolated(file):0kB mapped:233272kB dirty:96kB writeback:4kB shmem:39104kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 2241.009419][ T144] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2241.036037][ T144] lowmem_reserve[]: 0 2912 6416 6416 [ 2241.042885][ T144] DMA32 free:17180kB min:4644kB low:7624kB high:10604kB active_anon:2820800kB inactive_anon:5352kB active_file:0kB inactive_file:16kB unevictable:0kB writepending:0kB present:3129332kB managed:2983768kB mlocked:0kB kernel_stack:16000kB pagetables:23536kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2241.071874][ T144] lowmem_reserve[]: 0 0 3504 3504 [ 2241.077901][ T144] Normal free:13488kB min:5592kB low:9180kB high:12768kB active_anon:2822628kB inactive_anon:33476kB active_file:48kB inactive_file:32kB unevictable:1452kB writepending:0kB present:4718592kB managed:3588928kB mlocked:1452kB kernel_stack:29856kB pagetables:127856kB bounce:0kB free_pcp:488kB local_pcp:280kB free_cma:0kB [ 2241.109432][ T144] lowmem_reserve[]: 0 0 0 0 [ 2241.115751][ T144] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2241.129602][ T144] DMA32: 370*4kB (UMEH) 106*8kB (UMEH) 91*16kB (UME) 30*32kB (UME) 18*64kB (ME) 83*128kB (M) 7*256kB (UM) 0*512kB 0*1024kB 1*2048kB (U) 0*4096kB = 20360kB [ 2241.145819][ T144] Normal: 832*4kB (MEH) 99*8kB (UMEH) 71*16kB (MEH) 55*32kB (UMH) 25*64kB (MH) 15*128kB (MH) 4*256kB (UMH) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 11560kB [ 2241.161966][ T144] 10213 total pagecache pages [ 2241.166952][ T144] 0 pages in swap cache [ 2241.171374][ T144] Swap cache stats: add 0, delete 0, find 0/0 [ 2241.177775][ T144] Free swap = 0kB [ 2241.181706][ T144] Total swap = 0kB [ 2241.185653][ T144] 1965979 pages RAM [ 2241.189624][ T144] 0 pages HighMem/MovableOnly [ 2241.194540][ T144] 318829 pages reserved [ 2241.198878][ T144] 0 pages cma reserved [ 2241.203132][ T144] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.4,pid=26461,uid=0 [ 2241.220058][ T144] Out of memory: Killed process 26461 (syz-executor.4) total-vm:75240kB, anon-rss:14548kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:156kB oom_score_adj:1000 [ 2241.258577][ T23] oom_reaper: reaped process 26461 (syz-executor.4), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 21:34:09 executing program 0: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) syz_open_dev$binderN(&(0x7f00000000c0)='/dev/binder#\x00', 0x0, 0x800) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) r5 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/debug/binder/transaction_log\x00', 0x0, 0x0) ioctl$EVIOCGBITSND(r5, 0x80404532, &(0x7f0000000300)=""/248) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2ad5e33e, 0x2, 0x0, 0x0, 0x1e, 0x11, "d67917250c4993dc86817457494353d3650dd92e5c13d2d061107f40e108e5a18cf07206d31ad5842beca3135a60166f1f28be9991c9f3f7daf1a4a563a75324", "f7d3c38f9416bed56841857651ba8a5e3e97f2d9e9e42b17e3121b29835c094e00a0964ef4b46e3597045a9a7e59d024c8129e8b251af65c3e2075c846af7a62", "93bb0a86640957d7dec780acefb602d1cc5d4c23828c7d353798cfd92bcbe783", [0x1, 0x10000]}) ioctl(r4, 0xfff, &(0x7f00000001c0)="daa759b2e9e73c6decaddeebd537c4e0ac7791258d45443deb5b487646a762f26275") 21:34:09 executing program 5: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x11, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x0) 21:34:09 executing program 1: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/netlink\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x900, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) 21:34:09 executing program 2: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) 21:34:09 executing program 3: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) [ 2241.647720][T28525] syz-executor.2 invoked oom-killer: gfp_mask=0x1100dca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO|0x1000000), order=0, oom_score_adj=1000 [ 2241.661286][T28525] CPU: 1 PID: 28525 Comm: syz-executor.2 Not tainted 5.4.56-syzkaller-00005-g8555f0d9d303 #0 [ 2241.671425][T28525] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2241.681473][T28525] Call Trace: [ 2241.684772][T28525] dump_stack+0x14a/0x1ce [ 2241.689097][T28525] ? devkmsg_release+0x11c/0x11c [ 2241.694021][T28525] ? show_regs_print_info+0x12/0x12 [ 2241.699249][T28525] ? radix_tree_cpu_dead+0x160/0x160 [ 2241.704520][T28525] ? _raw_spin_lock+0xa1/0x170 [ 2241.709376][T28525] ? _raw_spin_trylock_bh+0x190/0x190 [ 2241.714746][T28525] dump_header+0xdb/0x700 [ 2241.719072][T28525] oom_kill_process+0xd3/0x280 [ 2241.723816][T28525] out_of_memory+0x5b6/0x890 [ 2241.728433][T28525] ? unregister_oom_notifier+0x20/0x20 [ 2241.733924][T28525] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2241.739472][T28525] ? get_page_from_freelist+0x7c0/0x7c0 [ 2241.745030][T28525] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2241.750475][T28525] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2241.756059][T28525] ? mem_cgroup_commit_charge+0x1cc/0x2a0 [ 2241.761784][T28525] ? mem_cgroup_try_charge_delay+0x10/0x10 [ 2241.767592][T28525] ? __lru_cache_add+0x1a1/0x1f0 [ 2241.772571][T28525] wp_page_copy+0x1cb/0x1120 [ 2241.777160][T28525] ? add_mm_rss_vec+0x270/0x270 [ 2241.782021][T28525] ? vm_normal_page+0x1c9/0x1d0 [ 2241.786882][T28525] do_wp_page+0x4c1/0x1530 [ 2241.791303][T28525] ? push_rt_tasks+0x4f8/0x670 [ 2241.796184][T28525] ? _raw_spin_lock+0xa1/0x170 [ 2241.800960][T28525] ? do_swap_page+0x1560/0x1560 [ 2241.805828][T28525] handle_mm_fault+0xfa5/0x41e0 [ 2241.810697][T28525] ? finish_fault+0x230/0x230 [ 2241.815387][T28525] ? down_read_trylock+0x17a/0x1d0 [ 2241.820499][T28525] ? vmacache_find+0x205/0x4b0 [ 2241.825268][T28525] do_user_addr_fault+0x48a/0x9f0 [ 2241.830302][T28525] page_fault+0x2f/0x40 [ 2241.834496][T28525] RIP: 0010:copy_user_enhanced_fast_string+0xe/0x30 [ 2241.841091][T28525] Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 89 d1 f3 a4 [ 2241.860700][T28525] RSP: 0018:ffff888064be7888 EFLAGS: 00010206 [ 2241.866769][T28525] RAX: ffffffff81f80e01 RBX: 00000000209f5500 RCX: 0000000000000500 [ 2241.874843][T28525] RDX: 0000000000001000 RSI: ffff88812d2fbb00 RDI: 00000000209f5000 [ 2241.882822][T28525] RBP: ffff888064be7da8 R08: dffffc0000000000 R09: ffffed1025a5f800 [ 2241.890900][T28525] R10: 0000000000000000 R11: 0000000000000000 R12: 00007ffffffff000 [ 2241.900244][T28525] R13: 0000000000001000 R14: ffff88812d2fb000 R15: 00000000209f4500 [ 2241.908215][T28525] ? _copy_to_iter+0x1021/0x1060 [ 2241.913158][T28525] copyout+0x8e/0xb0 [ 2241.917051][T28525] copy_page_to_iter+0x393/0xbd0 [ 2241.921978][T28525] pipe_to_user+0xa3/0x130 [ 2241.926386][T28525] __splice_from_pipe+0x2d3/0x870 [ 2241.931420][T28525] ? user_page_pipe_buf_steal+0xc0/0xc0 [ 2241.936981][T28525] do_vmsplice+0x252/0xee0 [ 2241.941379][T28525] ? avc_ss_reset+0x3a0/0x3a0 [ 2241.946042][T28525] ? write_pipe_buf+0x1d0/0x1d0 [ 2241.950873][T28525] ? __rcu_read_lock+0x50/0x50 [ 2241.955646][T28525] ? check_stack_object+0x5a/0x90 [ 2241.960668][T28525] ? _copy_from_user+0xa4/0xe0 [ 2241.966372][T28525] ? rw_copy_check_uvector+0x2b3/0x310 [ 2241.971831][T28525] ? import_iovec+0x1c2/0x380 [ 2241.976523][T28525] ? dup_iter+0x110/0x110 [ 2241.980841][T28525] ? do_vfs_ioctl+0x780/0x1750 [ 2241.985593][T28525] __se_sys_vmsplice+0x1fb/0x300 [ 2241.990522][T28525] ? __x64_sys_vmsplice+0xa0/0xa0 [ 2241.995645][T28525] ? put_timespec64+0x109/0x150 [ 2242.000505][T28525] ? __x64_sys_clock_gettime+0x20d/0x260 [ 2242.006128][T28525] ? __ia32_sys_clock_settime+0x2a0/0x2a0 [ 2242.011868][T28525] do_syscall_64+0xcb/0x150 [ 2242.016379][T28525] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2242.022272][T28525] RIP: 0033:0x45ccd9 [ 2242.026194][T28525] Code: 2d b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb b5 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2242.045795][T28525] RSP: 002b:00007fddb5d87c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000116 [ 2242.054205][T28525] RAX: ffffffffffffffda RBX: 0000000000035780 RCX: 000000000045ccd9 [ 2242.062171][T28525] RDX: 0000000000000001 RSI: 0000000020000000 RDI: 0000000000000004 [ 2242.070165][T28525] RBP: 000000000078c088 R08: 0000000000000000 R09: 0000000000000000 [ 2242.078138][T28525] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078c04c [ 2242.086111][T28525] R13: 00007ffdfaf6b1cf R14: 00007fddb5d889c0 R15: 000000000078c04c [ 2242.094186][T28525] Mem-Info: [ 2242.097366][T28525] active_anon:1411887 inactive_anon:9707 isolated_anon:0 [ 2242.097366][T28525] active_file:31 inactive_file:63 isolated_file:0 [ 2242.097366][T28525] unevictable:363 dirty:34 writeback:0 unstable:0 [ 2242.097366][T28525] slab_reclaimable:10340 slab_unreclaimable:80088 [ 2242.097366][T28525] mapped:58316 shmem:9776 pagetables:37883 bounce:0 [ 2242.097366][T28525] free:9639 free_pcp:562 free_cma:0 [ 2242.135080][T28525] Node 0 active_anon:5647548kB inactive_anon:38828kB active_file:124kB inactive_file:252kB unevictable:1452kB isolated(anon):0kB isolated(file):0kB mapped:233264kB dirty:136kB writeback:0kB shmem:39104kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 2242.159582][T28525] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2242.185526][T28525] lowmem_reserve[]: 0 2912 6416 6416 [ 2242.190857][T28525] DMA32 free:17176kB min:4644kB low:7624kB high:10604kB active_anon:2819044kB inactive_anon:5352kB active_file:448kB inactive_file:0kB unevictable:0kB writepending:36kB present:3129332kB managed:2983768kB mlocked:0kB kernel_stack:16128kB pagetables:23300kB bounce:0kB free_pcp:620kB local_pcp:588kB free_cma:0kB [ 2242.220113][T28525] lowmem_reserve[]: 0 0 3504 3504 [ 2242.225543][T28525] Normal free:5476kB min:5592kB low:9180kB high:12768kB active_anon:2828156kB inactive_anon:33476kB active_file:660kB inactive_file:256kB unevictable:1452kB writepending:100kB present:4718592kB managed:3588928kB mlocked:1452kB kernel_stack:29888kB pagetables:128232kB bounce:0kB free_pcp:1628kB local_pcp:1196kB free_cma:0kB [ 2242.255954][T28525] lowmem_reserve[]: 0 0 0 0 [ 2242.260464][T28525] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2242.273791][T28525] DMA32: 113*4kB (UMEH) 40*8kB (UME) 35*16kB (UE) 2*32kB (E) 25*64kB (ME) 86*128kB (M) 6*256kB (M) 0*512kB 0*1024kB 1*2048kB (H) 0*4096kB = 17588kB [ 2242.288741][T28525] Normal: 8*4kB (UME) 9*8kB (ME) 2*16kB (ME) 43*32kB (UM) 26*64kB (M) 16*128kB (UM) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 5224kB [ 2242.302645][T28525] 10206 total pagecache pages [ 2242.307333][T28525] 0 pages in swap cache [ 2242.311476][T28525] Swap cache stats: add 0, delete 0, find 0/0 [ 2242.317536][T28525] Free swap = 0kB [ 2242.321244][T28525] Total swap = 0kB [ 2242.324991][T28525] 1965979 pages RAM [ 2242.328780][T28525] 0 pages HighMem/MovableOnly [ 2242.333446][T28525] 318829 pages reserved [ 2242.337592][T28525] 0 pages cma reserved [ 2242.341652][T28525] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.2,pid=19984,uid=0 [ 2242.355808][T28525] Out of memory: Killed process 19984 (syz-executor.2) total-vm:75240kB, anon-rss:13540kB, file-rss:35792kB, shmem-rss:0kB, UID:0 pgtables:152kB oom_score_adj:1000 [ 2242.392960][ T23] oom_reaper: reaped process 19984 (syz-executor.2), now anon-rss:0kB, file-rss:34824kB, shmem-rss:0kB 21:34:10 executing program 2: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) [ 2242.575152][T28534] syz-executor.1 invoked oom-killer: gfp_mask=0x1100dca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO|0x1000000), order=0, oom_score_adj=1000 21:34:10 executing program 5: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x12, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x0) [ 2242.642902][T28534] CPU: 0 PID: 28534 Comm: syz-executor.1 Not tainted 5.4.56-syzkaller-00005-g8555f0d9d303 #0 [ 2242.653081][T28534] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2242.663143][T28534] Call Trace: [ 2242.666544][T28534] dump_stack+0x14a/0x1ce [ 2242.670887][T28534] ? devkmsg_release+0x11c/0x11c [ 2242.675858][T28534] ? show_regs_print_info+0x12/0x12 [ 2242.681068][T28534] ? radix_tree_cpu_dead+0x160/0x160 [ 2242.686363][T28534] ? _raw_spin_lock+0xa1/0x170 [ 2242.691134][T28534] ? _raw_spin_trylock_bh+0x190/0x190 [ 2242.696513][T28534] dump_header+0xdb/0x700 [ 2242.701541][T28534] oom_kill_process+0xd3/0x280 [ 2242.706313][T28534] out_of_memory+0x5b6/0x890 [ 2242.710908][T28534] ? unregister_oom_notifier+0x20/0x20 [ 2242.716375][T28534] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2242.721937][T28534] ? get_page_from_freelist+0x7c0/0x7c0 [ 2242.727491][T28534] ? __schedule+0x920/0xef0 [ 2242.732022][T28534] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2242.737414][T28534] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2242.742973][T28534] ? mem_cgroup_commit_charge+0x1cc/0x2a0 [ 2242.748694][T28534] ? __perf_event_task_sched_out+0xfe4/0x1110 [ 2242.754785][T28534] ? __perf_event_task_sched_in+0x4f7/0x560 [ 2242.760679][T28534] wp_page_copy+0x1cb/0x1120 [ 2242.765269][T28534] ? perf_pmu_sched_task+0x370/0x370 [ 2242.770852][T28534] ? switch_mm_irqs_off+0x4d7/0x9a0 [ 2242.776054][T28534] ? add_mm_rss_vec+0x270/0x270 [ 2242.780898][T28534] ? _raw_spin_unlock_irq+0x5/0x20 [ 2242.786029][T28534] ? finish_task_switch+0x235/0x4c0 [ 2242.791232][T28534] ? vm_normal_page+0x1c9/0x1d0 [ 2242.803632][T28534] do_wp_page+0x4c1/0x1530 [ 2242.808050][T28534] ? _raw_spin_lock+0xa1/0x170 [ 2242.812830][T28534] ? do_swap_page+0x1560/0x1560 [ 2242.817788][T28534] ? ttwu_do_wakeup+0x154/0x5b0 [ 2242.822627][T28534] handle_mm_fault+0xfa5/0x41e0 [ 2242.827467][T28534] ? finish_fault+0x230/0x230 [ 2242.832156][T28534] ? down_read_trylock+0x17a/0x1d0 [ 2242.837276][T28534] ? vmacache_find+0x3a2/0x4b0 [ 2242.842043][T28534] do_user_addr_fault+0x48a/0x9f0 [ 2242.847069][T28534] page_fault+0x2f/0x40 [ 2242.851221][T28534] RIP: 0010:copy_user_enhanced_fast_string+0xe/0x30 [ 2242.857817][T28534] Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 89 d1 f3 a4 [ 2242.877425][T28534] RSP: 0000:ffff888109597888 EFLAGS: 00010206 [ 2242.883535][T28534] RAX: ffffffff81f80e01 RBX: 00000000205dc500 RCX: 0000000000000500 [ 2242.891506][T28534] RDX: 0000000000001000 RSI: ffff888092912b00 RDI: 00000000205dc000 [ 2242.899475][T28534] RBP: ffff888109597da8 R08: dffffc0000000000 R09: ffffed1012522600 [ 2242.907446][T28534] R10: 0000000000000000 R11: 0000000000000000 R12: 00007ffffffff000 [ 2242.915414][T28534] R13: 0000000000001000 R14: ffff888092912000 R15: 00000000205db500 [ 2242.923397][T28534] ? _copy_to_iter+0x1021/0x1060 [ 2242.928337][T28534] copyout+0x8e/0xb0 [ 2242.932226][T28534] copy_page_to_iter+0x393/0xbd0 [ 2242.937186][T28534] pipe_to_user+0xa3/0x130 [ 2242.941615][T28534] __splice_from_pipe+0x2d3/0x870 [ 2242.946651][T28534] ? user_page_pipe_buf_steal+0xc0/0xc0 [ 2242.952197][T28534] do_vmsplice+0x252/0xee0 [ 2242.965923][T28534] ? avc_ss_reset+0x3a0/0x3a0 [ 2242.970605][T28534] ? write_pipe_buf+0x1d0/0x1d0 [ 2242.975458][T28534] ? __rcu_read_lock+0x50/0x50 [ 2242.980223][T28534] ? check_stack_object+0x5a/0x90 [ 2242.985289][T28534] ? _copy_from_user+0xa4/0xe0 [ 2242.990077][T28534] ? rw_copy_check_uvector+0x2b3/0x310 [ 2242.995537][T28534] ? import_iovec+0x1c2/0x380 [ 2243.000213][T28534] ? dup_iter+0x110/0x110 [ 2243.004546][T28534] ? do_vfs_ioctl+0x780/0x1750 [ 2243.009306][T28534] __se_sys_vmsplice+0x1fb/0x300 [ 2243.014249][T28534] ? __x64_sys_vmsplice+0xa0/0xa0 [ 2243.019266][T28534] ? put_timespec64+0x109/0x150 [ 2243.024116][T28534] ? __x64_sys_clock_gettime+0x20d/0x260 [ 2243.029744][T28534] ? __ia32_sys_clock_settime+0x2a0/0x2a0 [ 2243.035456][T28534] do_syscall_64+0xcb/0x150 [ 2243.039952][T28534] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2243.045838][T28534] RIP: 0033:0x45ccd9 [ 2243.049723][T28534] Code: 2d b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb b5 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2243.069335][T28534] RSP: 002b:00007f08e95a3c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000116 [ 2243.077739][T28534] RAX: ffffffffffffffda RBX: 0000000000035780 RCX: 000000000045ccd9 [ 2243.085707][T28534] RDX: 0000000000000001 RSI: 0000000020000000 RDI: 0000000000000004 [ 2243.093677][T28534] RBP: 000000000078c088 R08: 0000000000000000 R09: 0000000000000000 [ 2243.101643][T28534] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078c04c [ 2243.109625][T28534] R13: 00007ffee81ce42f R14: 00007f08e95a49c0 R15: 000000000078c04c [ 2243.119479][T28534] Mem-Info: [ 2243.123380][T28534] active_anon:1408551 inactive_anon:9707 isolated_anon:0 [ 2243.123380][T28534] active_file:57 inactive_file:128 isolated_file:32 [ 2243.123380][T28534] unevictable:363 dirty:0 writeback:20 unstable:0 [ 2243.123380][T28534] slab_reclaimable:10340 slab_unreclaimable:79963 [ 2243.123380][T28534] mapped:58381 shmem:9776 pagetables:37904 bounce:0 [ 2243.123380][T28534] free:12974 free_pcp:705 free_cma:0 [ 2243.162499][T28534] Node 0 active_anon:5634204kB inactive_anon:38828kB active_file:228kB inactive_file:812kB unevictable:1452kB isolated(anon):0kB isolated(file):128kB mapped:233624kB dirty:0kB writeback:80kB shmem:39104kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no 21:34:11 executing program 0: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f00000000c0)=[{{0x0, 0x0, 0x0, 0xffffffffffffffb6}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) keyctl$get_persistent(0x16, 0x0, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') r5 = perf_event_open$cgroup(&(0x7f00000001c0)={0x0, 0x70, 0x9, 0x7f, 0x4, 0x5, 0x0, 0xb6, 0x94a00, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x3, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x9, 0x0, @perf_bp={&(0x7f0000000140), 0xc}, 0x10900, 0x3, 0x10002, 0x6, 0xe694, 0x9, 0xb1e}, r2, 0xd, 0xffffffffffffffff, 0x2) timerfd_settime(r2, 0x1, &(0x7f00000003c0)={{}, {0x77359400}}, &(0x7f0000000400)) sendmsg$NFT_MSG_GETOBJ_RESET(r3, &(0x7f0000000380)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)=ANY=[@ANYBLOB="40000000150a01020073797a30000000000c00064000000000000000030800010073797a30000000000800034000000001"], 0x40}, 0x1, 0x0, 0x0, 0x4884}, 0x80) ftruncate(r5, 0x9) preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:34:11 executing program 3: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) [ 2243.189602][T28534] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2243.220607][T28534] lowmem_reserve[]: 0 2912 6416 6416 [ 2243.241212][T28534] DMA32 free:23968kB min:4644kB low:7624kB high:10604kB active_anon:2811864kB inactive_anon:5352kB active_file:596kB inactive_file:1428kB unevictable:0kB writepending:76kB present:3129332kB managed:2983768kB mlocked:0kB kernel_stack:16000kB pagetables:23396kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2243.274513][T28534] lowmem_reserve[]: 0 0 3504 3504 [ 2243.282528][T28534] Normal free:12324kB min:9688kB low:13276kB high:16864kB active_anon:2822440kB inactive_anon:33476kB active_file:836kB inactive_file:508kB unevictable:1452kB writepending:100kB present:4718592kB managed:3588928kB mlocked:1452kB kernel_stack:29824kB pagetables:128220kB bounce:0kB free_pcp:712kB local_pcp:264kB free_cma:0kB [ 2243.313815][T28534] lowmem_reserve[]: 0 0 0 0 [ 2243.318523][T28534] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2243.331946][T28534] DMA32: 350*4kB (UMEH) 130*8kB (UME) 203*16kB (UME) 73*32kB (UMEH) 38*64kB (UMEH) 83*128kB (UM) 3*256kB (M) 0*512kB 0*1024kB 1*2048kB (H) 0*4096kB = 23896kB [ 2243.348098][T28534] Normal: 223*4kB (UMEH) 162*8kB (UME) 108*16kB (UMEH) 53*32kB (UM) 27*64kB (UM) 40*128kB (UM) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12460kB [ 2243.363363][T28534] 10373 total pagecache pages [ 2243.368150][T28534] 0 pages in swap cache [ 2243.372362][T28534] Swap cache stats: add 0, delete 0, find 0/0 [ 2243.378859][T28534] Free swap = 0kB [ 2243.382768][T28534] Total swap = 0kB [ 2243.386570][T28534] 1965979 pages RAM [ 2243.390415][T28534] 0 pages HighMem/MovableOnly [ 2243.395164][T28534] 318829 pages reserved [ 2243.399312][T28534] 0 pages cma reserved [ 2243.403372][T28534] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.5,pid=28518,uid=0 [ 2243.634613][ T333] syz-fuzzer invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 2243.645477][ T333] CPU: 0 PID: 333 Comm: syz-fuzzer Not tainted 5.4.56-syzkaller-00005-g8555f0d9d303 #0 [ 2243.655093][ T333] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2243.665136][ T333] Call Trace: [ 2243.668411][ T333] dump_stack+0x14a/0x1ce [ 2243.672883][ T333] ? devkmsg_release+0x11c/0x11c [ 2243.677913][ T333] ? show_regs_print_info+0x12/0x12 [ 2243.683099][ T333] ? radix_tree_cpu_dead+0x160/0x160 [ 2243.688377][ T333] ? _raw_spin_lock+0xa1/0x170 [ 2243.693150][ T333] ? _raw_spin_trylock_bh+0x190/0x190 [ 2243.698538][ T333] dump_header+0xdb/0x700 [ 2243.702856][ T333] oom_kill_process+0xd3/0x280 [ 2243.707605][ T333] out_of_memory+0x5b6/0x890 [ 2243.712179][ T333] ? unregister_oom_notifier+0x20/0x20 [ 2243.717620][ T333] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2243.723176][ T333] ? get_page_from_freelist+0x7c0/0x7c0 [ 2243.728705][ T333] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2243.734069][ T333] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2243.739601][ T333] pagecache_get_page+0x50f/0x880 [ 2243.744616][ T333] filemap_fault+0x14cb/0x1a30 [ 2243.749390][ T333] ? __down_read+0xf1/0x210 [ 2243.753899][ T333] ? generic_file_read_iter+0x20b0/0x20b0 [ 2243.759624][ T333] ? is_mmconf_reserved+0x420/0x420 [ 2243.764974][ T333] ext4_filemap_fault+0x7b/0x90 [ 2243.769835][ T333] handle_mm_fault+0x29ca/0x41e0 [ 2243.774780][ T333] ? finish_fault+0x230/0x230 [ 2243.779447][ T333] ? get_timespec64+0x11f/0x1d0 [ 2243.784507][ T333] ? down_read_trylock+0x17a/0x1d0 [ 2243.789606][ T333] ? __x64_sys_nanosleep+0x60/0x60 [ 2243.794707][ T333] ? vmacache_find+0x205/0x4b0 [ 2243.799459][ T333] do_user_addr_fault+0x48a/0x9f0 [ 2243.804475][ T333] page_fault+0x2f/0x40 [ 2243.808629][ T333] RIP: 0033:0x468a8d [ 2243.812561][ T333] Code: Bad RIP value. [ 2243.817057][ T333] RSP: 002b:000000c00004df18 EFLAGS: 00010202 [ 2243.823123][ T333] RAX: 0000000000000000 RBX: 0000000000004e20 RCX: 0000000000468a8d [ 2243.831080][ T333] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000c00004df18 [ 2243.839042][ T333] RBP: 000000c00004df28 R08: 0000000000300228 R09: 00007ffcb21f80b8 [ 2243.847010][ T333] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000439470 [ 2243.854994][ T333] R13: 0000000000000000 R14: 0000000000ad5284 R15: 0000000000000000 [ 2243.876043][ T333] Mem-Info: [ 2243.879752][ T333] active_anon:1412691 inactive_anon:9707 isolated_anon:0 [ 2243.879752][ T333] active_file:15 inactive_file:9 isolated_file:0 [ 2243.879752][ T333] unevictable:363 dirty:5 writeback:0 unstable:0 [ 2243.879752][ T333] slab_reclaimable:10340 slab_unreclaimable:80326 [ 2243.879752][ T333] mapped:58321 shmem:9776 pagetables:37897 bounce:0 [ 2243.879752][ T333] free:9217 free_pcp:0 free_cma:0 [ 2243.918896][ T333] Node 0 active_anon:5650916kB inactive_anon:38828kB active_file:40kB inactive_file:20kB unevictable:1452kB isolated(anon):0kB isolated(file):0kB mapped:233240kB dirty:24kB writeback:0kB shmem:39104kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2243.944891][ T333] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2243.971136][ T333] lowmem_reserve[]: 0 2912 6416 6416 [ 2243.976515][ T333] DMA32 free:16660kB min:4644kB low:7624kB high:10604kB active_anon:2818660kB inactive_anon:5352kB active_file:0kB inactive_file:168kB unevictable:0kB writepending:8kB present:3129332kB managed:2983768kB mlocked:0kB kernel_stack:16032kB pagetables:23388kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2244.006718][ T333] lowmem_reserve[]: 0 0 3504 3504 [ 2244.011822][ T333] Normal free:3708kB min:5592kB low:9180kB high:12768kB active_anon:2831972kB inactive_anon:33476kB active_file:0kB inactive_file:116kB unevictable:1452kB writepending:16kB present:4718592kB managed:3588928kB mlocked:1452kB kernel_stack:29920kB pagetables:128204kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2244.042398][ T333] lowmem_reserve[]: 0 0 0 0 [ 2244.047957][ T333] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2244.061355][ T333] DMA32: 58*4kB (UME) 28*8kB (UME) 15*16kB (UME) 20*32kB (ME) 37*64kB (ME) 82*128kB (UM) 3*256kB (M) 0*512kB 0*1024kB 1*2048kB (M) 0*4096kB = 17016kB [ 2244.076571][ T333] Normal: 29*4kB (UME) 17*8kB (ME) 2*16kB (ME) 1*32kB (U) 1*64kB (M) 29*128kB (M) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 4092kB [ 2244.090481][ T333] 10101 total pagecache pages [ 2244.095213][ T333] 0 pages in swap cache [ 2244.099581][ T333] Swap cache stats: add 0, delete 0, find 0/0 [ 2244.105716][ T333] Free swap = 0kB [ 2244.109453][ T333] Total swap = 0kB [ 2244.113200][ T333] 1965979 pages RAM [ 2244.117070][ T333] 0 pages HighMem/MovableOnly [ 2244.121884][ T333] 318829 pages reserved [ 2244.126102][ T333] 0 pages cma reserved [ 2244.130190][ T333] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.5,pid=28547,uid=0 [ 2244.145371][ T333] Out of memory: Killed process 28547 (syz-executor.5) total-vm:75636kB, anon-rss:16592kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:156kB oom_score_adj:1000 [ 2244.166575][ T23] oom_reaper: reaped process 28547 (syz-executor.5), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 2244.276225][ T333] syz-fuzzer invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 2244.287567][ T333] CPU: 1 PID: 333 Comm: syz-fuzzer Not tainted 5.4.56-syzkaller-00005-g8555f0d9d303 #0 [ 2244.297189][ T333] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2244.307228][ T333] Call Trace: [ 2244.310529][ T333] dump_stack+0x14a/0x1ce [ 2244.314864][ T333] ? devkmsg_release+0x11c/0x11c [ 2244.319802][ T333] ? show_regs_print_info+0x12/0x12 [ 2244.324991][ T333] ? radix_tree_cpu_dead+0x160/0x160 [ 2244.330261][ T333] ? _raw_spin_lock+0xa1/0x170 [ 2244.335011][ T333] ? _raw_spin_trylock_bh+0x190/0x190 [ 2244.340388][ T333] dump_header+0xdb/0x700 [ 2244.344707][ T333] oom_kill_process+0xd3/0x280 [ 2244.349522][ T333] out_of_memory+0x5b6/0x890 [ 2244.354101][ T333] ? unregister_oom_notifier+0x20/0x20 [ 2244.359561][ T333] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2244.365094][ T333] ? get_page_from_freelist+0x7c0/0x7c0 [ 2244.370624][ T333] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2244.376013][ T333] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2244.381557][ T333] pagecache_get_page+0x50f/0x880 [ 2244.386575][ T333] filemap_fault+0x14cb/0x1a30 [ 2244.391326][ T333] ? __down_read+0xf1/0x210 [ 2244.395827][ T333] ? generic_file_read_iter+0x20b0/0x20b0 [ 2244.401546][ T333] ? is_mmconf_reserved+0x420/0x420 [ 2244.406731][ T333] ext4_filemap_fault+0x7b/0x90 [ 2244.411571][ T333] handle_mm_fault+0x29ca/0x41e0 [ 2244.416512][ T333] ? finish_fault+0x230/0x230 [ 2244.421172][ T333] ? get_timespec64+0x11f/0x1d0 [ 2244.426008][ T333] ? down_read_trylock+0x17a/0x1d0 [ 2244.431196][ T333] ? __x64_sys_nanosleep+0x60/0x60 [ 2244.436304][ T333] ? vmacache_find+0x205/0x4b0 [ 2244.441056][ T333] do_user_addr_fault+0x48a/0x9f0 [ 2244.446068][ T333] page_fault+0x2f/0x40 [ 2244.450239][ T333] RIP: 0033:0x468a8d [ 2244.454127][ T333] Code: Bad RIP value. [ 2244.458200][ T333] RSP: 002b:000000c00004df18 EFLAGS: 00010202 [ 2244.464268][ T333] RAX: 0000000000000000 RBX: 0000000000004e20 RCX: 0000000000468a8d [ 2244.472245][ T333] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000c00004df18 [ 2244.480209][ T333] RBP: 000000c00004df28 R08: 0000000000300228 R09: 00007ffcb21f80b8 [ 2244.488178][ T333] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000439470 [ 2244.496136][ T333] R13: 0000000000000000 R14: 0000000000ad5284 R15: 0000000000000000 [ 2244.507156][ T333] Mem-Info: [ 2244.510393][ T333] active_anon:1412455 inactive_anon:9707 isolated_anon:0 [ 2244.510393][ T333] active_file:25 inactive_file:22 isolated_file:0 [ 2244.510393][ T333] unevictable:363 dirty:0 writeback:5 unstable:0 [ 2244.510393][ T333] slab_reclaimable:10340 slab_unreclaimable:80338 [ 2244.510393][ T333] mapped:58319 shmem:9776 pagetables:37898 bounce:0 [ 2244.510393][ T333] free:9322 free_pcp:0 free_cma:0 [ 2244.552221][ T333] Node 0 active_anon:5650032kB inactive_anon:38828kB active_file:84kB inactive_file:100kB unevictable:1452kB isolated(anon):0kB isolated(file):0kB mapped:233212kB dirty:0kB writeback:0kB shmem:39104kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2244.576894][ T333] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2244.607161][ T333] lowmem_reserve[]: 0 2912 6416 6416 [ 2244.612525][ T333] DMA32 free:18292kB min:4644kB low:7624kB high:10604kB active_anon:2818536kB inactive_anon:5352kB active_file:12kB inactive_file:20kB unevictable:0kB writepending:0kB present:3129332kB managed:2983768kB mlocked:0kB kernel_stack:16000kB pagetables:23264kB bounce:0kB free_pcp:1384kB local_pcp:232kB free_cma:0kB [ 2244.642589][ T333] lowmem_reserve[]: 0 0 3504 3504 [ 2244.647912][ T333] Normal free:7216kB min:5592kB low:9180kB high:12768kB active_anon:2828824kB inactive_anon:33476kB active_file:28kB inactive_file:48kB unevictable:1452kB writepending:8kB present:4718592kB managed:3588928kB mlocked:1452kB kernel_stack:29728kB pagetables:128216kB bounce:0kB free_pcp:12kB local_pcp:0kB free_cma:0kB [ 2244.678263][ T333] lowmem_reserve[]: 0 0 0 0 [ 2244.683057][ T333] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2244.696842][ T333] DMA32: 41*4kB (UME) 47*8kB (UME) 149*16kB (UME) 93*32kB (UMEH) 43*64kB (UME) 81*128kB (M) 3*256kB (M) 0*512kB 0*1024kB 1*2048kB (U) 0*4096kB = 21836kB [ 2244.712586][ T333] Normal: 8*4kB (UMEH) 23*8kB (UME) 38*16kB (UME) 12*32kB (M) 19*64kB (UM) 37*128kB (UM) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 7160kB [ 2244.727896][ T333] 10600 total pagecache pages [ 2244.733670][ T333] 0 pages in swap cache [ 2244.740182][ T333] Swap cache stats: add 0, delete 0, find 0/0 [ 2244.747425][ T333] Free swap = 0kB [ 2244.758952][ T333] Total swap = 0kB [ 2244.765329][ T333] 1965979 pages RAM [ 2244.769201][ T333] 0 pages HighMem/MovableOnly [ 2244.773933][ T333] 318829 pages reserved [ 2244.778290][ T333] 0 pages cma reserved [ 2244.782397][ T333] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.5,pid=28548,uid=0 [ 2244.817345][ T361] syz-executor.0 invoked oom-killer: gfp_mask=0x40cc0(GFP_KERNEL|__GFP_COMP), order=1, oom_score_adj=0 [ 2244.828613][ T361] CPU: 1 PID: 361 Comm: syz-executor.0 Not tainted 5.4.56-syzkaller-00005-g8555f0d9d303 #0 [ 2244.838595][ T361] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2244.848655][ T361] Call Trace: [ 2244.851955][ T361] dump_stack+0x14a/0x1ce [ 2244.856269][ T361] ? devkmsg_release+0x11c/0x11c [ 2244.861194][ T361] ? show_regs_print_info+0x12/0x12 [ 2244.866374][ T361] ? radix_tree_cpu_dead+0x160/0x160 [ 2244.871649][ T361] ? _raw_spin_lock+0xa1/0x170 [ 2244.876397][ T361] ? _raw_spin_trylock_bh+0x190/0x190 [ 2244.881761][ T361] dump_header+0xdb/0x700 [ 2244.886075][ T361] oom_kill_process+0xd3/0x280 [ 2244.890838][ T361] out_of_memory+0x5b6/0x890 [ 2244.895429][ T361] ? unregister_oom_notifier+0x20/0x20 [ 2244.900873][ T361] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2244.906414][ T361] ? get_page_from_freelist+0x7c0/0x7c0 [ 2244.911944][ T361] ? __schedule+0x920/0xef0 [ 2244.916430][ T361] ? __zone_watermark_ok+0x91/0x280 [ 2244.921609][ T361] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2244.926967][ T361] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2244.932500][ T361] alloc_slab_page+0x3a/0x3a0 [ 2244.937173][ T361] new_slab+0x408/0x450 [ 2244.941383][ T361] ? should_fail+0x18e/0x860 [ 2244.945972][ T361] ? getname_flags+0xb8/0x610 [ 2244.950633][ T361] ___slab_alloc+0x2e0/0x450 [ 2244.955228][ T361] ? success_walk_trace+0x430/0x430 [ 2244.960414][ T361] ? getname_flags+0xb8/0x610 [ 2244.965075][ T361] ? getname_flags+0xb8/0x610 [ 2244.969760][ T361] kmem_cache_alloc+0x23f/0x260 [ 2244.974617][ T361] getname_flags+0xb8/0x610 [ 2244.979221][ T361] ? __perf_event_task_sched_out+0xfe4/0x1110 [ 2244.985284][ T361] user_path_at_empty+0x28/0x50 [ 2244.990133][ T361] __se_sys_newlstat+0xe4/0x8b0 [ 2244.994957][ T361] ? perf_pmu_sched_task+0x370/0x370 [ 2245.000241][ T361] ? __x64_sys_newlstat+0x60/0x60 [ 2245.005255][ T361] ? switch_mm+0x100/0x100 [ 2245.009652][ T361] ? _raw_spin_unlock_irq+0x5/0x20 [ 2245.014752][ T361] ? finish_task_switch+0x235/0x4c0 [ 2245.019945][ T361] ? switch_fpu_return+0x10/0x10 [ 2245.024873][ T361] do_syscall_64+0xcb/0x150 [ 2245.029367][ T361] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2245.035243][ T361] RIP: 0033:0x45c095 [ 2245.039115][ T361] Code: d4 ff ff ff 64 c7 00 16 00 00 00 b8 ff ff ff ff c3 0f 1f 40 00 83 ff 01 48 89 f0 77 30 48 89 c7 48 89 d6 b8 06 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 03 f3 c3 90 48 c7 c2 d4 ff ff ff f7 d8 64 89 [ 2245.058729][ T361] RSP: 002b:00007ffc21976bb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000006 [ 2245.067124][ T361] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000045c095 [ 2245.075110][ T361] RDX: 00007ffc21976bd0 RSI: 00007ffc21976bd0 RDI: 00007ffc21976c60 [ 2245.083084][ T361] RBP: 0000000000003339 R08: 0000000000000000 R09: 000000000000000d [ 2245.091039][ T361] R10: 0000000000000006 R11: 0000000000000246 R12: 00007ffc21977cf0 [ 2245.099003][ T361] R13: 0000000001250940 R14: 0000000000000000 R15: 00007ffc21977cf0 [ 2245.108201][ T361] Mem-Info: [ 2245.111368][ T361] active_anon:1410904 inactive_anon:9707 isolated_anon:0 [ 2245.111368][ T361] active_file:470 inactive_file:474 isolated_file:0 [ 2245.111368][ T361] unevictable:363 dirty:19 writeback:0 unstable:0 [ 2245.111368][ T361] slab_reclaimable:10340 slab_unreclaimable:80126 [ 2245.111368][ T361] mapped:59088 shmem:9776 pagetables:37838 bounce:0 [ 2245.111368][ T361] free:9976 free_pcp:322 free_cma:0 [ 2245.152497][ T361] Node 0 active_anon:5643616kB inactive_anon:38828kB active_file:300kB inactive_file:656kB unevictable:1452kB isolated(anon):0kB isolated(file):0kB mapped:233452kB dirty:76kB writeback:0kB shmem:39104kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2245.179737][ T361] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2245.207546][ T361] lowmem_reserve[]: 0 2912 6416 6416 [ 2245.213147][ T361] DMA32 free:19664kB min:4644kB low:7624kB high:10604kB active_anon:2814784kB inactive_anon:5352kB active_file:0kB inactive_file:1568kB unevictable:0kB writepending:48kB present:3129332kB managed:2983768kB mlocked:0kB kernel_stack:15872kB pagetables:23244kB bounce:0kB free_pcp:656kB local_pcp:252kB free_cma:0kB [ 2245.245673][ T361] lowmem_reserve[]: 0 0 3504 3504 [ 2245.250943][ T361] Normal free:6152kB min:5592kB low:9180kB high:12768kB active_anon:2828832kB inactive_anon:33476kB active_file:0kB inactive_file:1092kB unevictable:1452kB writepending:28kB present:4718592kB managed:3588928kB mlocked:1452kB kernel_stack:29696kB pagetables:128108kB bounce:0kB free_pcp:660kB local_pcp:408kB free_cma:0kB [ 2245.282407][ T361] lowmem_reserve[]: 0 0 0 0 [ 2245.286953][ T361] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2245.300294][ T361] DMA32: 125*4kB (UME) 60*8kB (UME) 68*16kB (UME) 92*32kB (UMEH) 40*64kB (ME) 81*128kB (M) 3*256kB (M) 0*512kB 0*1024kB 1*2048kB (U) 0*4096kB = 20756kB [ 2245.315629][ T361] Normal: 8*4kB (UME) 9*8kB (UE) 2*16kB (UE) 2*32kB (U) 10*64kB (UM) 32*128kB (UM) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 4936kB [ 2245.329505][ T361] 11190 total pagecache pages [ 2245.334188][ T361] 0 pages in swap cache [ 2245.338369][ T361] Swap cache stats: add 0, delete 0, find 0/0 [ 2245.344423][ T361] Free swap = 0kB [ 2245.348229][ T361] Total swap = 0kB [ 2245.351951][ T361] 1965979 pages RAM [ 2245.355800][ T361] 0 pages HighMem/MovableOnly [ 2245.360471][ T361] 318829 pages reserved [ 2245.364658][ T361] 0 pages cma reserved [ 2245.368725][ T361] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.2,pid=28569,uid=0 [ 2245.382859][ T361] Out of memory: Killed process 28569 (syz-executor.2) total-vm:75240kB, anon-rss:14016kB, file-rss:35912kB, shmem-rss:0kB, UID:0 pgtables:152kB oom_score_adj:1000 [ 2245.408030][ T23] oom_reaper: reaped process 28569 (syz-executor.2), now anon-rss:0kB, file-rss:34824kB, shmem-rss:0kB 21:34:13 executing program 3: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:34:14 executing program 5: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x25, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x0) 21:34:14 executing program 2: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) [ 2247.071205][T28589] syz-executor.2 invoked oom-killer: gfp_mask=0x1100dca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO|0x1000000), order=0, oom_score_adj=1000 [ 2247.084489][T28589] CPU: 0 PID: 28589 Comm: syz-executor.2 Not tainted 5.4.56-syzkaller-00005-g8555f0d9d303 #0 [ 2247.094726][T28589] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2247.104775][T28589] Call Trace: [ 2247.108063][T28589] dump_stack+0x14a/0x1ce [ 2247.112393][T28589] ? devkmsg_release+0x11c/0x11c [ 2247.117319][T28589] ? show_regs_print_info+0x12/0x12 [ 2247.122528][T28589] ? radix_tree_cpu_dead+0x160/0x160 [ 2247.127802][T28589] ? _raw_spin_lock+0xa1/0x170 [ 2247.132551][T28589] ? _raw_spin_trylock_bh+0x190/0x190 [ 2247.137904][T28589] dump_header+0xdb/0x700 [ 2247.142337][T28589] oom_kill_process+0xd3/0x280 [ 2247.147092][T28589] out_of_memory+0x5b6/0x890 [ 2247.151665][T28589] ? unregister_oom_notifier+0x20/0x20 [ 2247.157125][T28589] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2247.162682][T28589] ? get_page_from_freelist+0x7c0/0x7c0 [ 2247.168222][T28589] ? flush_tlb_func_common+0x45/0x580 [ 2247.173591][T28589] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2247.178954][T28589] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2247.184488][T28589] ? mem_cgroup_commit_charge+0x1cc/0x2a0 [ 2247.190217][T28589] ? mem_cgroup_try_charge_delay+0x10/0x10 [ 2247.196031][T28589] ? __lru_cache_add+0x1a1/0x1f0 [ 2247.201845][T28589] wp_page_copy+0x1cb/0x1120 [ 2247.206432][T28589] ? add_mm_rss_vec+0x270/0x270 [ 2247.211286][T28589] ? vm_normal_page+0x1c9/0x1d0 [ 2247.216135][T28589] do_wp_page+0x4c1/0x1530 [ 2247.220546][T28589] ? push_rt_tasks+0x4f8/0x670 [ 2247.225304][T28589] ? _raw_spin_lock+0xa1/0x170 [ 2247.230087][T28589] ? do_swap_page+0x1560/0x1560 [ 2247.234957][T28589] handle_mm_fault+0xfa5/0x41e0 [ 2247.239834][T28589] ? finish_fault+0x230/0x230 [ 2247.244518][T28589] ? down_read_trylock+0x17a/0x1d0 [ 2247.249654][T28589] ? vmacache_find+0x3a2/0x4b0 [ 2247.254444][T28589] do_user_addr_fault+0x48a/0x9f0 [ 2247.259475][T28589] page_fault+0x2f/0x40 [ 2247.263636][T28589] RIP: 0010:copy_user_enhanced_fast_string+0xe/0x30 [ 2247.270224][T28589] Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 89 d1 f3 a4 [ 2247.289833][T28589] RSP: 0018:ffff88810d507888 EFLAGS: 00010206 [ 2247.295914][T28589] RAX: ffffffff81f80e01 RBX: 00000000205b5500 RCX: 0000000000000500 [ 2247.303904][T28589] RDX: 0000000000001000 RSI: ffff888025500b00 RDI: 00000000205b5000 [ 2247.313379][T28589] RBP: ffff88810d507da8 R08: dffffc0000000000 R09: ffffed1004aa0200 [ 2247.321352][T28589] R10: 0000000000000000 R11: 0000000000000000 R12: 00007ffffffff000 [ 2247.329324][T28589] R13: 0000000000001000 R14: ffff888025500000 R15: 00000000205b4500 [ 2247.337327][T28589] ? _copy_to_iter+0x1021/0x1060 [ 2247.342263][T28589] copyout+0x8e/0xb0 [ 2247.346148][T28589] copy_page_to_iter+0x393/0xbd0 [ 2247.351085][T28589] pipe_to_user+0xa3/0x130 [ 2247.355508][T28589] __splice_from_pipe+0x2d3/0x870 [ 2247.360528][T28589] ? user_page_pipe_buf_steal+0xc0/0xc0 [ 2247.366065][T28589] do_vmsplice+0x252/0xee0 [ 2247.370472][T28589] ? avc_ss_reset+0x3a0/0x3a0 [ 2247.375137][T28589] ? write_pipe_buf+0x1d0/0x1d0 [ 2247.379977][T28589] ? __rcu_read_lock+0x50/0x50 [ 2247.384729][T28589] ? check_stack_object+0x5a/0x90 [ 2247.389741][T28589] ? _copy_from_user+0xa4/0xe0 [ 2247.395367][T28589] ? rw_copy_check_uvector+0x2b3/0x310 [ 2247.400867][T28589] ? import_iovec+0x1c2/0x380 [ 2247.405550][T28589] ? dup_iter+0x110/0x110 [ 2247.409875][T28589] ? do_vfs_ioctl+0x780/0x1750 [ 2247.414638][T28589] __se_sys_vmsplice+0x1fb/0x300 [ 2247.419595][T28589] ? __x64_sys_vmsplice+0xa0/0xa0 [ 2247.424617][T28589] ? put_timespec64+0x109/0x150 [ 2247.429492][T28589] ? __x64_sys_clock_gettime+0x20d/0x260 [ 2247.435160][T28589] ? __ia32_sys_clock_settime+0x2a0/0x2a0 [ 2247.440882][T28589] do_syscall_64+0xcb/0x150 [ 2247.445390][T28589] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2247.451278][T28589] RIP: 0033:0x45ccd9 [ 2247.455174][T28589] Code: 2d b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb b5 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2247.474771][T28589] RSP: 002b:00007fddb5d87c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000116 [ 2247.483192][T28589] RAX: ffffffffffffffda RBX: 0000000000035780 RCX: 000000000045ccd9 [ 2247.491155][T28589] RDX: 0000000000000001 RSI: 0000000020000000 RDI: 0000000000000004 [ 2247.499120][T28589] RBP: 000000000078c088 R08: 0000000000000000 R09: 0000000000000000 [ 2247.507084][T28589] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078c04c [ 2247.515048][T28589] R13: 00007ffdfaf6b1cf R14: 00007fddb5d889c0 R15: 000000000078c04c [ 2247.523244][T28589] Mem-Info: [ 2247.526411][T28589] active_anon:1411249 inactive_anon:9707 isolated_anon:0 [ 2247.526411][T28589] active_file:33 inactive_file:21 isolated_file:0 [ 2247.526411][T28589] unevictable:363 dirty:27 writeback:0 unstable:0 [ 2247.526411][T28589] slab_reclaimable:10329 slab_unreclaimable:80815 [ 2247.526411][T28589] mapped:58355 shmem:9776 pagetables:37887 bounce:0 [ 2247.526411][T28589] free:10221 free_pcp:182 free_cma:0 [ 2247.564211][T28589] Node 0 active_anon:5644996kB inactive_anon:38828kB active_file:132kB inactive_file:84kB unevictable:1452kB isolated(anon):0kB isolated(file):0kB mapped:233420kB dirty:108kB writeback:0kB shmem:39104kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2247.588591][T28589] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2247.614695][T28589] lowmem_reserve[]: 0 2912 6416 6416 [ 2247.620020][T28589] DMA32 free:17568kB min:4644kB low:7624kB high:10604kB active_anon:2816512kB inactive_anon:5352kB active_file:96kB inactive_file:396kB unevictable:0kB writepending:0kB present:3129332kB managed:2983768kB mlocked:0kB kernel_stack:16224kB pagetables:23436kB bounce:0kB free_pcp:668kB local_pcp:356kB free_cma:0kB [ 2247.649276][T28589] lowmem_reserve[]: 0 0 3504 3504 [ 2247.654306][T28589] Normal free:7128kB min:9688kB low:13276kB high:16864kB active_anon:2828252kB inactive_anon:33476kB active_file:404kB inactive_file:260kB unevictable:1452kB writepending:0kB present:4718592kB managed:3588928kB mlocked:1452kB kernel_stack:29728kB pagetables:128112kB bounce:0kB free_pcp:340kB local_pcp:272kB free_cma:0kB [ 2247.684348][T28589] lowmem_reserve[]: 0 0 0 0 [ 2247.688882][T28589] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2247.702230][T28589] DMA32: 16*4kB (UME) 42*8kB (UMEH) 87*16kB (UE) 3*32kB (EH) 17*64kB (MEH) 34*128kB (M) 4*256kB (M) 4*512kB (MH) 3*1024kB (MH) 2*2048kB (MH) 0*4096kB = 17568kB [ 2247.718313][T28589] Normal: 25*4kB (UME) 14*8kB (ME) 2*16kB (ME) 2*32kB (UM) 23*64kB (UM) 28*128kB (UM) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 5364kB [ 2247.732465][T28589] 10182 total pagecache pages [ 2247.737174][T28589] 0 pages in swap cache [ 2247.741324][T28589] Swap cache stats: add 0, delete 0, find 0/0 [ 2247.747448][T28589] Free swap = 0kB [ 2247.751165][T28589] Total swap = 0kB [ 2247.754923][T28589] 1965979 pages RAM [ 2247.758732][T28589] 0 pages HighMem/MovableOnly [ 2247.763437][T28589] 318829 pages reserved [ 2247.767630][T28589] 0 pages cma reserved 21:34:14 executing program 3: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{0x0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:34:14 executing program 0: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x1, 0x0, 0x0, 0x9, 0x0, 0xffff, 0x0, 0x0, 0x4000000}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) r5 = syz_open_procfs(0x0, &(0x7f0000000000)='pagemap\x00') read$char_usb(r5, 0x0, 0x7ffff000) getpeername$unix(r5, &(0x7f00000001c0)=@abs, &(0x7f0000000040)=0x6e) io_uring_register$IORING_UNREGISTER_FILES(r3, 0x3, 0x0, 0x0) 21:34:14 executing program 1: prlimit64(0x0, 0x0, 0x0, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/netlink\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x900, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) [ 2247.771701][T28589] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.0,pid=27722,uid=0 [ 2247.785835][T28589] Out of memory: Killed process 27722 (syz-executor.0) total-vm:75372kB, anon-rss:13416kB, file-rss:35840kB, shmem-rss:0kB, UID:0 pgtables:156kB oom_score_adj:1000 [ 2247.809285][ T23] oom_reaper: reaped process 27722 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 2247.874182][T28594] syz-executor.3 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 2247.971685][T28594] CPU: 1 PID: 28594 Comm: syz-executor.3 Not tainted 5.4.56-syzkaller-00005-g8555f0d9d303 #0 [ 2247.981892][T28594] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2247.991952][T28594] Call Trace: [ 2247.995275][T28594] dump_stack+0x14a/0x1ce [ 2247.999606][T28594] ? devkmsg_release+0x11c/0x11c [ 2248.004574][T28594] ? show_regs_print_info+0x12/0x12 [ 2248.009776][T28594] ? radix_tree_cpu_dead+0x160/0x160 [ 2248.015067][T28594] ? _raw_spin_lock+0xa1/0x170 [ 2248.019839][T28594] ? _raw_spin_trylock_bh+0x190/0x190 [ 2248.025348][T28594] dump_header+0xdb/0x700 [ 2248.029690][T28594] oom_kill_process+0xd3/0x280 [ 2248.034463][T28594] out_of_memory+0x5b6/0x890 [ 2248.039061][T28594] ? unregister_oom_notifier+0x20/0x20 [ 2248.044557][T28594] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2248.050115][T28594] ? get_page_from_freelist+0x7c0/0x7c0 [ 2248.055663][T28594] ? __zone_watermark_ok+0x91/0x280 [ 2248.060866][T28594] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2248.066243][T28594] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2248.071805][T28594] ? copy_process+0x5a4/0x5110 [ 2248.076572][T28594] ? kmem_cache_alloc+0x1d5/0x260 [ 2248.081602][T28594] copy_process+0x5f3/0x5110 [ 2248.086191][T28594] ? write_pipe_buf+0x1d0/0x1d0 [ 2248.091042][T28594] ? _copy_from_user+0xa4/0xe0 [ 2248.095810][T28594] ? __perf_event_task_sched_out+0xfe4/0x1110 [ 2248.101902][T28594] ? fork_idle+0x290/0x290 [ 2248.106326][T28594] _do_fork+0x196/0x920 [ 2248.110483][T28594] ? switch_mm+0x100/0x100 [ 2248.114900][T28594] ? dup_mm+0x300/0x300 [ 2248.119061][T28594] ? ktime_get_raw+0x130/0x130 [ 2248.123828][T28594] __x64_sys_clone+0x25e/0x2c0 [ 2248.128594][T28594] ? __ia32_sys_vfork+0x110/0x110 [ 2248.133623][T28594] ? __x64_sys_clock_gettime+0x20d/0x260 [ 2248.139262][T28594] do_syscall_64+0xcb/0x150 [ 2248.143770][T28594] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2248.149657][T28594] RIP: 0033:0x45ccd9 [ 2248.153549][T28594] Code: 2d b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb b5 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2248.173150][T28594] RSP: 002b:00007fbf5a9f1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2248.181553][T28594] RAX: ffffffffffffffda RBX: 0000000000001f00 RCX: 000000000045ccd9 [ 2248.189520][T28594] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000103 [ 2248.197488][T28594] RBP: 000000000078c090 R08: ffffffffffffffff R09: 0000000000000000 [ 2248.205454][T28594] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078c04c [ 2248.213419][T28594] R13: 00007ffd7c7965df R14: 00007fbf5a9f29c0 R15: 000000000078c04c [ 2248.241370][T28594] Mem-Info: [ 2248.257762][T28594] active_anon:1406489 inactive_anon:9707 isolated_anon:0 [ 2248.257762][T28594] active_file:578 inactive_file:1421 isolated_file:32 [ 2248.257762][T28594] unevictable:363 dirty:27 writeback:0 unstable:0 [ 2248.257762][T28594] slab_reclaimable:10329 slab_unreclaimable:80822 [ 2248.257762][T28594] mapped:59695 shmem:9776 pagetables:37891 bounce:0 [ 2248.257762][T28594] free:12785 free_pcp:186 free_cma:0 [ 2248.311058][T28594] Node 0 active_anon:5625956kB inactive_anon:38828kB active_file:584kB inactive_file:764kB unevictable:1452kB isolated(anon):0kB isolated(file):0kB mapped:234480kB dirty:8kB writeback:100kB shmem:39104kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2248.336016][T28594] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2248.373622][T28594] lowmem_reserve[]: 0 2912 6416 6416 [ 2248.379587][T28594] DMA32 free:25964kB min:4644kB low:7624kB high:10604kB active_anon:2807836kB inactive_anon:5352kB active_file:712kB inactive_file:424kB unevictable:0kB writepending:120kB present:3129332kB managed:2983768kB mlocked:0kB kernel_stack:15968kB pagetables:23536kB bounce:0kB free_pcp:1484kB local_pcp:1484kB free_cma:0kB [ 2248.477860][T28594] lowmem_reserve[]: 0 0 3504 3504 [ 2248.483227][T28594] Normal free:9116kB min:5592kB low:9180kB high:12768kB active_anon:2822832kB inactive_anon:33476kB active_file:440kB inactive_file:384kB unevictable:1452kB writepending:116kB present:4718592kB managed:3588928kB mlocked:1452kB kernel_stack:29888kB pagetables:128208kB bounce:0kB free_pcp:1768kB local_pcp:1284kB free_cma:0kB [ 2248.515364][T28594] lowmem_reserve[]: 0 0 0 0 [ 2248.520007][T28594] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2248.533462][T28594] DMA32: 18*4kB (UME) 33*8kB (UMEH) 71*16kB (UE) 82*32kB (UMEH) 46*64kB (UMEH) 36*128kB (UMH) 4*256kB (UM) 4*512kB (UMH) 3*1024kB (UMH) 2*2048kB (UH) 0*4096kB = 21888kB [ 2248.550437][T28594] Normal: 607*4kB (UMEH) 187*8kB (UME) 108*16kB (UME) 19*32kB (UM) 12*64kB (UM) 34*128kB (UM) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 11380kB [ 2248.566224][T28594] 10867 total pagecache pages [ 2248.571110][T28594] 0 pages in swap cache [ 2248.575294][T28594] Swap cache stats: add 0, delete 0, find 0/0 [ 2248.581985][T28594] Free swap = 0kB [ 2248.585840][T28594] Total swap = 0kB [ 2248.589553][T28594] 1965979 pages RAM [ 2248.593949][T28594] 0 pages HighMem/MovableOnly [ 2248.598681][T28594] 318829 pages reserved [ 2248.602863][T28594] 0 pages cma reserved [ 2248.607437][T28594] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.5,pid=28579,uid=0 21:34:16 executing program 5: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0xcf, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x0) 21:34:17 executing program 3: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{0x0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:34:17 executing program 4: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) pipe2(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x81000) sendmsg$SMC_PNETID_FLUSH(0xffffffffffffffff, &(0x7f0000003800)={0x0, 0x0, &(0x7f00000037c0)={&(0x7f0000000600)=ANY=[@ANYBLOB="2800046e8248a9a55256f31fd33ff774512643fe74e0efd5743e19a3b2808cae02000000000000003ea82f1ce8ec3d370738422ba201796817c739110be65d00ace208929737260bbd0af1470502c826a14ad6f40c", @ANYRESOCT=r2, @ANYRESOCT=r3, @ANYRES16, @ANYRES16], 0x28}, 0x1, 0x0, 0x0, 0x809}, 0x4004800) r4 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000440)='NLBL_UNLBL\x00') sendmsg$NLBL_UNLABEL_C_STATICADD(r2, &(0x7f0000000580)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000480)={&(0x7f0000000900)=ANY=[@ANYBLOB="64000000d78729b32708fb58ff56494c966c9511090c850c829992751bbf08af61f07f721ec72b9880c2f0f05c785eb7", @ANYRES16=r4, @ANYBLOB="100027a19014ce7f9ebd7000fbdbdf250300000008000500ac1414aa08000400ac1e000108000400ffffffff14000200fc010600000000000000000000000001050001000000000014080300fc020000000000000000000000000000050001000000000028f6e8e3f54b1261400be9755feefb1f23c288df40579e490225e824a712b5ccd3312ebacec4a320f3c13ed20ded41b439ea85d76bf41d8bcecc6dab208d44fb1d27ccefc871c058db47eeac6111786c987cabc639c84de38a4c31c246b84b7ecd41dc45869d0bdfbb9442486951859db03272a4301cf0cb2d3d9cce3de5d07dee0304200578b8216426582c1f792fc125f749c9711bf4c6"], 0x64}}, 0x4000000) sendmsg$NLBL_UNLABEL_C_STATICADD(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)={0x28, r4, 0x200, 0x70bd2d, 0x25dfdbfc, {}, [@NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @mcast2}]}, 0x28}, 0x1, 0x0, 0x0, 0x20000000}, 0xc084) sendmsg$NLBL_UNLABEL_C_LIST(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x30, r4, 0x200, 0x70bd2d, 0x25dfdbfe, {}, [@NLBL_UNLABEL_A_ACPTFLG={0x5, 0x1, 0x1}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @private2={0xfc, 0x2, [], 0x2}}]}, 0x30}, 0x1, 0x0, 0x0, 0xc1}, 0x80) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r6, 0x407, 0x0) write(r6, &(0x7f0000000340), 0x41395527) vmsplice(r5, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r7 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r7, &(0x7f00000017c0), 0x375, 0x0, 0x0) 21:34:18 executing program 0: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x6, 0x1, 0x0, 0x3, 0x7, 0x4000000000, 0x74}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:34:19 executing program 1: prlimit64(0x0, 0x0, 0x0, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/netlink\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x900, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) [ 2251.632351][T28634] syz-executor.1 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 2251.644593][T28634] CPU: 0 PID: 28634 Comm: syz-executor.1 Not tainted 5.4.56-syzkaller-00005-g8555f0d9d303 #0 [ 2251.654741][T28634] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2251.664808][T28634] Call Trace: [ 2251.668121][T28634] dump_stack+0x14a/0x1ce [ 2251.672475][T28634] ? devkmsg_release+0x11c/0x11c [ 2251.677421][T28634] ? show_regs_print_info+0x12/0x12 [ 2251.682632][T28634] ? radix_tree_cpu_dead+0x160/0x160 [ 2251.687921][T28634] ? _raw_spin_lock+0xa1/0x170 [ 2251.692679][T28634] ? _raw_spin_trylock_bh+0x190/0x190 [ 2251.698067][T28634] dump_header+0xdb/0x700 [ 2251.702400][T28634] oom_kill_process+0xd3/0x280 [ 2251.707164][T28634] out_of_memory+0x5b6/0x890 [ 2251.711756][T28634] ? unregister_oom_notifier+0x20/0x20 [ 2251.717242][T28634] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2251.722791][T28634] ? get_page_from_freelist+0x7c0/0x7c0 [ 2251.728348][T28634] ? __zone_watermark_ok+0x91/0x280 [ 2251.733533][T28634] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2251.738894][T28634] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2251.745146][T28634] ? copy_process+0x5a4/0x5110 [ 2251.749899][T28634] ? copy_process+0x5a4/0x5110 [ 2251.754675][T28634] ? kmem_cache_alloc+0x1d5/0x260 [ 2251.759710][T28634] copy_process+0x5f3/0x5110 [ 2251.764304][T28634] ? mem_cgroup_commit_charge+0x1cc/0x2a0 [ 2251.770014][T28634] ? _raw_spin_lock+0xa1/0x170 [ 2251.774768][T28634] ? mem_cgroup_try_charge_delay+0x10/0x10 [ 2251.780568][T28634] ? __lru_cache_add+0x1a1/0x1f0 [ 2251.785498][T28634] ? fork_idle+0x290/0x290 [ 2251.789908][T28634] _do_fork+0x196/0x920 [ 2251.794061][T28634] ? finish_fault+0x230/0x230 [ 2251.798742][T28634] ? up_write+0xa1/0x190 [ 2251.802978][T28634] ? dup_mm+0x300/0x300 [ 2251.807140][T28634] __x64_sys_clone+0x25e/0x2c0 [ 2251.811905][T28634] ? __ia32_sys_vfork+0x110/0x110 [ 2251.816928][T28634] ? do_user_addr_fault+0x55c/0x9f0 [ 2251.822124][T28634] do_syscall_64+0xcb/0x150 [ 2251.826627][T28634] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2251.832515][T28634] RIP: 0033:0x45f6a9 [ 2251.836410][T28634] Code: ff 48 85 f6 0f 84 57 8c fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c 2e 8c fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 2251.856012][T28634] RSP: 002b:00007ffee81ce378 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 2251.864434][T28634] RAX: ffffffffffffffda RBX: 00007f08e9583700 RCX: 000000000045f6a9 [ 2251.872403][T28634] RDX: 00007f08e95839d0 RSI: 00007f08e9582db0 RDI: 00000000003d0f00 [ 2251.880375][T28634] RBP: 00007ffee81ce5a0 R08: 00007f08e9583700 R09: 00007f08e9583700 [ 2251.888341][T28634] R10: 00007f08e95839d0 R11: 0000000000000202 R12: 0000000000000000 [ 2251.896307][T28634] R13: 00007ffee81ce42f R14: 00007f08e95839c0 R15: 000000000078c0ec [ 2251.905021][T28634] Mem-Info: [ 2251.908414][T28634] active_anon:1409886 inactive_anon:9707 isolated_anon:0 [ 2251.908414][T28634] active_file:82 inactive_file:87 isolated_file:32 [ 2251.908414][T28634] unevictable:363 dirty:1 writeback:0 unstable:0 [ 2251.908414][T28634] slab_reclaimable:10327 slab_unreclaimable:81131 [ 2251.908414][T28634] mapped:58463 shmem:9776 pagetables:37913 bounce:0 [ 2251.908414][T28634] free:11115 free_pcp:106 free_cma:0 [ 2251.946247][T28634] Node 0 active_anon:5639544kB inactive_anon:38828kB active_file:56kB inactive_file:16kB unevictable:1452kB isolated(anon):0kB isolated(file):0kB mapped:233452kB dirty:4kB writeback:0kB shmem:39104kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2251.970522][T28634] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2251.996685][T28634] lowmem_reserve[]: 0 2912 6416 6416 [ 2252.002149][T28634] DMA32 free:21312kB min:4644kB low:7624kB high:10604kB active_anon:2813380kB inactive_anon:5352kB active_file:520kB inactive_file:140kB unevictable:0kB writepending:0kB present:3129332kB managed:2983768kB mlocked:0kB kernel_stack:16000kB pagetables:23444kB bounce:0kB free_pcp:492kB local_pcp:0kB free_cma:0kB [ 2252.031448][T28634] lowmem_reserve[]: 0 0 3504 3504 [ 2252.037040][T28634] Normal free:6640kB min:5592kB low:9180kB high:12768kB active_anon:2826080kB inactive_anon:33476kB active_file:28kB inactive_file:248kB unevictable:1452kB writepending:4kB present:4718592kB managed:3588928kB mlocked:1452kB kernel_stack:29760kB pagetables:128208kB bounce:0kB free_pcp:96kB local_pcp:0kB free_cma:0kB [ 2252.067062][T28634] lowmem_reserve[]: 0 0 0 0 [ 2252.071998][T28634] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2252.085878][T28634] DMA32: 9*4kB (UMEH) 13*8kB (UEH) 23*16kB (UMEH) 82*32kB (UMEH) 45*64kB (UMEH) 36*128kB (UMH) 4*256kB (UM) 4*512kB (UMH) 3*1024kB (UMH) 2*2048kB (UH) 0*4096kB = 20860kB [ 2252.103455][T28634] Normal: 23*4kB (UMEH) 15*8kB (UME) 14*16kB (UME) 17*32kB (UM) 20*64kB (UM) 29*128kB (UM) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 5972kB [ 2252.126966][T28634] 10623 total pagecache pages [ 2252.137323][T28634] 0 pages in swap cache [ 2252.141701][T28634] Swap cache stats: add 0, delete 0, find 0/0 [ 2252.148400][T28634] Free swap = 0kB [ 2252.152335][T28634] Total swap = 0kB [ 2252.156287][T28634] 1965979 pages RAM [ 2252.160705][T28634] 0 pages HighMem/MovableOnly [ 2252.165455][T28634] 318829 pages reserved [ 2252.169613][T28634] 0 pages cma reserved [ 2252.174138][T28634] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.5,pid=21614,uid=0 [ 2252.189068][T28634] Out of memory: Killed process 21614 (syz-executor.5) total-vm:75240kB, anon-rss:13376kB, file-rss:35840kB, shmem-rss:0kB, UID:0 pgtables:156kB oom_score_adj:1000 [ 2252.212288][ T23] oom_reaper: reaped process 21614 (syz-executor.5), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 21:34:22 executing program 1: prlimit64(0x0, 0x0, 0x0, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/netlink\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x900, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) 21:34:22 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() setxattr$security_evm(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='security.evm\x00', &(0x7f00000001c0)=@ng={0x4, 0x11, "fb0b21435e9e4a6f8c"}, 0xb, 0x1) sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x800, 0xffffffff) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x8) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$sock_SIOCOUTQ(r2, 0x5411, &(0x7f00000000c0)) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) [ 2254.639235][T28650] syz-executor.1 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 2254.654223][T28650] CPU: 1 PID: 28650 Comm: syz-executor.1 Not tainted 5.4.56-syzkaller-00005-g8555f0d9d303 #0 [ 2254.664402][T28650] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2254.674495][T28650] Call Trace: [ 2254.677946][T28650] dump_stack+0x14a/0x1ce [ 2254.682286][T28650] ? devkmsg_release+0x11c/0x11c [ 2254.687224][T28650] ? show_regs_print_info+0x12/0x12 [ 2254.692435][T28650] ? radix_tree_cpu_dead+0x160/0x160 [ 2254.697717][T28650] ? _raw_spin_lock+0xa1/0x170 [ 2254.702505][T28650] ? _raw_spin_trylock_bh+0x190/0x190 [ 2254.707874][T28650] dump_header+0xdb/0x700 [ 2254.712217][T28650] oom_kill_process+0xd3/0x280 [ 2254.716987][T28650] out_of_memory+0x5b6/0x890 [ 2254.721579][T28650] ? unregister_oom_notifier+0x20/0x20 [ 2254.727039][T28650] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2254.732592][T28650] ? get_page_from_freelist+0x7c0/0x7c0 [ 2254.738142][T28650] ? __zone_watermark_ok+0x91/0x280 [ 2254.743356][T28650] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2254.748738][T28650] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2254.754286][T28650] ? copy_process+0x5a4/0x5110 [ 2254.759049][T28650] ? kmem_cache_alloc+0x1d5/0x260 [ 2254.764078][T28650] copy_process+0x5f3/0x5110 [ 2254.768693][T28650] ? mem_cgroup_commit_charge+0x1cc/0x2a0 [ 2254.774410][T28650] ? _raw_spin_lock+0xa1/0x170 [ 2254.779174][T28650] ? mem_cgroup_try_charge_delay+0x10/0x10 [ 2254.784975][T28650] ? __lru_cache_add+0x1a1/0x1f0 [ 2254.789928][T28650] ? fork_idle+0x290/0x290 [ 2254.794342][T28650] _do_fork+0x196/0x920 [ 2254.798498][T28650] ? finish_fault+0x230/0x230 [ 2254.803168][T28650] ? up_write+0xa1/0x190 [ 2254.807433][T28650] ? dup_mm+0x300/0x300 [ 2254.811697][T28650] __x64_sys_clone+0x25e/0x2c0 [ 2254.816463][T28650] ? __ia32_sys_vfork+0x110/0x110 [ 2254.821494][T28650] ? do_user_addr_fault+0x55c/0x9f0 [ 2254.826692][T28650] do_syscall_64+0xcb/0x150 [ 2254.831197][T28650] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2254.837103][T28650] RIP: 0033:0x45f6a9 [ 2254.840992][T28650] Code: ff 48 85 f6 0f 84 57 8c fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c 2e 8c fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 2254.861545][T28650] RSP: 002b:00007ffee81ce378 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 2254.869957][T28650] RAX: ffffffffffffffda RBX: 00007f08e9583700 RCX: 000000000045f6a9 [ 2254.877926][T28650] RDX: 00007f08e95839d0 RSI: 00007f08e9582db0 RDI: 00000000003d0f00 [ 2254.885892][T28650] RBP: 00007ffee81ce5a0 R08: 00007f08e9583700 R09: 00007f08e9583700 [ 2254.893858][T28650] R10: 00007f08e95839d0 R11: 0000000000000202 R12: 0000000000000000 [ 2254.901847][T28650] R13: 00007ffee81ce42f R14: 00007f08e95839c0 R15: 000000000078c0ec [ 2254.919433][T28650] Mem-Info: [ 2254.923473][T28650] active_anon:1409747 inactive_anon:9707 isolated_anon:0 [ 2254.923473][T28650] active_file:95 inactive_file:723 isolated_file:0 [ 2254.923473][T28650] unevictable:363 dirty:4 writeback:4 unstable:0 [ 2254.923473][T28650] slab_reclaimable:10327 slab_unreclaimable:81316 [ 2254.923473][T28650] mapped:58711 shmem:9776 pagetables:37939 bounce:0 [ 2254.923473][T28650] free:10198 free_pcp:251 free_cma:0 [ 2254.962106][T28650] Node 0 active_anon:5639088kB inactive_anon:38828kB active_file:380kB inactive_file:2992kB unevictable:1452kB isolated(anon):0kB isolated(file):0kB mapped:235144kB dirty:16kB writeback:16kB shmem:39104kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 2254.992779][T28650] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2255.019024][T28650] lowmem_reserve[]: 0 2912 6416 6416 [ 2255.024514][T28650] DMA32 free:20412kB min:4644kB low:7624kB high:10604kB active_anon:2813168kB inactive_anon:5352kB active_file:184kB inactive_file:12kB unevictable:0kB writepending:8kB present:3129332kB managed:2983768kB mlocked:0kB kernel_stack:15968kB pagetables:23528kB bounce:0kB free_pcp:428kB local_pcp:12kB free_cma:0kB [ 2255.053855][T28650] lowmem_reserve[]: 0 0 3504 3504 [ 2255.059093][T28650] Normal free:5772kB min:5592kB low:9180kB high:12768kB active_anon:2825912kB inactive_anon:33476kB active_file:596kB inactive_file:316kB unevictable:1452kB writepending:24kB present:4718592kB managed:3588928kB mlocked:1452kB kernel_stack:29824kB pagetables:128228kB bounce:0kB free_pcp:1584kB local_pcp:496kB free_cma:0kB [ 2255.089425][T28650] lowmem_reserve[]: 0 0 0 0 [ 2255.094065][T28650] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2255.107504][T28650] DMA32: 75*4kB (MEH) 35*8kB (UMEH) 19*16kB (UMEH) 14*32kB (UMEH) 7*64kB (UMEH) 56*128kB (UMH) 6*256kB (UM) 6*512kB (UMH) 2*1024kB (MH) 2*2048kB (UH) 0*4096kB = 19700kB [ 2255.124378][T28650] Normal: 12*4kB (E) 12*8kB (ME) 6*16kB (ME) 1*32kB (M) 17*64kB (UM) 29*128kB (UM) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 5072kB [ 2255.147284][T28650] 10300 total pagecache pages [ 2255.152004][T28650] 0 pages in swap cache [ 2255.156182][T28650] Swap cache stats: add 0, delete 0, find 0/0 [ 2255.162249][T28650] Free swap = 0kB [ 2255.165998][T28650] Total swap = 0kB [ 2255.169718][T28650] 1965979 pages RAM [ 2255.173514][T28650] 0 pages HighMem/MovableOnly [ 2255.178263][T28650] 318829 pages reserved [ 2255.182408][T28650] 0 pages cma reserved [ 2255.186515][T28650] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.4,pid=18539,uid=0 [ 2255.200659][T28650] Out of memory: Killed process 18539 (syz-executor.4) total-vm:75240kB, anon-rss:13304kB, file-rss:35848kB, shmem-rss:0kB, UID:0 pgtables:160kB oom_score_adj:1000 21:34:23 executing program 3: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{0x0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:34:23 executing program 5: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x300, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x0) 21:34:23 executing program 2: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{0x0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:34:23 executing program 0: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x0, 0x10000009, 0x636, 0x200009, 0x0, 0xfffffffffffffffe, 0x0, 0x7fffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) connect$inet6(r3, &(0x7f00000000c0)={0xa, 0x4e24, 0x0, @local, 0x1}, 0x1c) 21:34:23 executing program 1: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x0, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/netlink\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x900, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) 21:34:23 executing program 4: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000300)={'syz1\x00', {0xd46, 0x0, 0x7fff, 0xff}, 0x3b, [0x0, 0x3, 0x6, 0x6, 0x7fff, 0x3, 0x3, 0x2, 0x2, 0x5, 0x8, 0xffffffff, 0xae99, 0x4, 0x9, 0x6, 0x79, 0xfffffffb, 0xe3a, 0x40, 0x5, 0x4176, 0x3, 0x0, 0x6, 0x9d72, 0x5, 0x6, 0x5, 0x2, 0x3, 0x1, 0x8, 0x2, 0xd41, 0x81, 0xfffffffe, 0x80000001, 0x7, 0x1, 0x2, 0x101, 0xffffff81, 0x8, 0xff, 0x5, 0x7, 0x7, 0x9, 0x8, 0x1, 0x587d, 0x0, 0xc0b, 0x4000, 0x7, 0xea, 0x7fff, 0xac0, 0x2, 0x3, 0x2, 0xfffff05f, 0x4], [0x3, 0x7fffffff, 0x27, 0x3ff, 0xe0, 0x27e, 0x5, 0xffffffe1, 0x9, 0xfffffffa, 0x440, 0x2, 0x20, 0x3, 0x6d, 0x7, 0x3, 0xfffffffc, 0x9, 0x5, 0x9, 0x17, 0x5, 0xffff, 0x1, 0x200, 0x401, 0xefd0, 0x0, 0x3, 0x3, 0x2ff, 0x3ff, 0x3, 0x2, 0xffffffff, 0xca34, 0x8, 0x1, 0x1, 0x6, 0x2, 0x8, 0x20, 0x9, 0x442, 0x6916, 0x2, 0x9, 0xfff, 0x20, 0x80, 0xffffffc1, 0x4, 0x0, 0x8, 0x40, 0x3, 0xc, 0x2, 0x7fffffff, 0x2, 0xfffffffb, 0x8], [0x400, 0x26f7, 0xb47, 0x93c, 0x1, 0x80000001, 0x2, 0x0, 0x2, 0x1, 0x9, 0xc2, 0xe1, 0x3, 0x4, 0x81, 0x8, 0x4, 0x7, 0x8000, 0xffffffff, 0x7f, 0x1, 0x401, 0x0, 0x6, 0x400000, 0x8001, 0xfff, 0xdacb, 0x7f, 0x71, 0x8, 0x5, 0x4, 0x4020, 0x4, 0x0, 0x2, 0x800, 0xffffffff, 0x616, 0xaad, 0x5, 0x0, 0x9a, 0x1, 0xa8, 0x3, 0x3f, 0x81, 0x8, 0x9, 0x2, 0x186d453e, 0x3, 0x2, 0x6, 0x10001, 0x80000001, 0x2, 0x5, 0x0, 0x3], [0x1f, 0x40, 0x8, 0xfffffffd, 0xfffffffa, 0x40, 0x8, 0x4c, 0x5, 0x5bae, 0x1, 0x800, 0x3, 0x2, 0x9, 0x800, 0x6, 0x6, 0x80000001, 0x112, 0x3f, 0xfffffffa, 0x8001, 0x9, 0x2, 0x6, 0x0, 0x101, 0x7f, 0x9, 0x3f, 0x1, 0x4, 0x1, 0x100, 0x1, 0x0, 0x38e9000, 0x1, 0x2, 0xc84, 0x9, 0x3f, 0x5, 0x6c, 0x35f, 0x101, 0x3, 0x5, 0x7ff, 0x133, 0x87, 0x8000, 0x3, 0x7, 0x7fffffff, 0x3ff, 0x7, 0x750, 0x0, 0x800, 0xffff, 0x1, 0x915]}, 0x45c) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = syz_open_procfs(0x0, &(0x7f0000000000)='pagemap\x00') read$char_usb(r4, 0x0, 0x7ffff000) setsockopt$netlink_NETLINK_PKTINFO(r4, 0x10e, 0x3, &(0x7f00000000c0), 0x4) fcntl$setpipe(r3, 0x407, 0x0) fcntl$setflags(r1, 0x2, 0x0) write(r2, &(0x7f0000000180)="4531ac6071dbd1800000000400004a2e14e2479213f76cbe9798bf9c13950e00"/46, 0x2e) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r5, &(0x7f00000017c0), 0x375, 0x0, 0x0) 21:34:23 executing program 2: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/netlink\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x900, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) [ 2255.880204][T28681] ================================================================== [ 2255.888337][T28681] BUG: KASAN: stack-out-of-bounds in unwind_next_frame+0x194/0x2330 [ 2255.897266][T28681] Read of size 8 at addr ffff88802d9af070 by task syz-executor.3/28681 [ 2255.905488][T28681] [ 2255.907847][T28681] CPU: 1 PID: 28681 Comm: syz-executor.3 Not tainted 5.4.56-syzkaller-00005-g8555f0d9d303 #0 [ 2255.917999][T28681] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2255.928051][T28681] Call Trace: [ 2255.931352][T28681] dump_stack+0x14a/0x1ce [ 2255.935687][T28681] ? show_regs_print_info+0x12/0x12 [ 2255.940895][T28681] ? printk+0xd2/0x114 [ 2255.944971][T28681] print_address_description+0x93/0x620 [ 2255.950527][T28681] ? preempt_schedule+0x110/0x130 [ 2255.955560][T28681] ? schedule_preempt_disabled+0x20/0x20 [ 2255.961198][T28681] __kasan_report+0x16d/0x1e0 [ 2255.965882][T28681] ? unwind_next_frame+0x194/0x2330 [ 2255.971084][T28681] ? __sanitizer_cov_trace_pc+0xd/0x50 [ 2255.976543][T28681] kasan_report+0x36/0x60 [ 2255.980868][T28681] unwind_next_frame+0x194/0x2330 [ 2255.985892][T28681] ? __sanitizer_cov_trace_pc+0xd/0x50 [ 2255.991357][T28681] ? unwind_get_return_address_ptr+0x130/0x130 [ 2255.997506][T28681] ? unwind_next_frame+0x2330/0x2330 [ 2256.002794][T28681] ? retint_kernel+0x1b/0x1b [ 2256.007384][T28681] ? __schedule+0x918/0xef0 [ 2256.011898][T28681] ? in_sched_functions+0x9/0x40 [ 2256.016857][T28681] ? stack_trace_save_tsk+0x490/0x490 [ 2256.022226][T28681] arch_stack_walk+0xf4/0x120 [ 2256.026907][T28681] ? __sanitizer_cov_trace_pc+0xd/0x50 [ 2256.032397][T28681] stack_trace_save_tsk+0x2e7/0x490 [ 2256.037598][T28681] ? stack_trace_consume_entry+0x230/0x230 [ 2256.043399][T28681] ? _raw_spin_lock+0xa1/0x170 [ 2256.048164][T28681] ? __ptrace_may_access+0x2b4/0x530 [ 2256.054401][T28681] proc_pid_stack+0x12f/0x1f0 [ 2256.059078][T28681] proc_single_show+0xd3/0x130 [ 2256.063839][T28681] seq_read+0x4aa/0xd30 [ 2256.068022][T28681] do_iter_read+0x43b/0x550 [ 2256.072526][T28681] do_preadv+0x213/0x350 [ 2256.076797][T28681] ? do_writev+0x5b0/0x5b0 [ 2256.081211][T28681] do_syscall_64+0xcb/0x150 [ 2256.085732][T28681] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2256.091622][T28681] RIP: 0033:0x45ccd9 [ 2256.095511][T28681] Code: 2d b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb b5 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2256.115107][T28681] RSP: 002b:00007fbf5a9f1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000127 [ 2256.123511][T28681] RAX: ffffffffffffffda RBX: 0000000000024a80 RCX: 000000000045ccd9 [ 2256.131502][T28681] RDX: 0000000000000375 RSI: 00000000200017c0 RDI: 0000000000000006 [ 2256.139472][T28681] RBP: 000000000078c090 R08: 0000000000000000 R09: 0000000000000000 [ 2256.147438][T28681] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078c04c [ 2256.155409][T28681] R13: 00007ffd7c7965df R14: 00007fbf5a9f29c0 R15: 000000000078c04c [ 2256.163377][T28681] [ 2256.165688][T28681] The buggy address belongs to the page: [ 2256.171314][T28681] page:ffffea0000b66bc0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 [ 2256.180413][T28681] flags: 0x4000000000000000() [ 2256.185087][T28681] raw: 4000000000000000 dead000000000100 dead000000000122 0000000000000000 [ 2256.193665][T28681] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 2256.203073][T28681] page dumped because: kasan: bad access detected [ 2256.209486][T28681] [ 2256.211799][T28681] Memory state around the buggy address: [ 2256.217420][T28681] ffff88802d9aef00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2256.225473][T28681] ffff88802d9aef80: 00 00 00 00 f1 f1 f1 f1 00 00 f3 f3 00 00 00 00 [ 2256.233526][T28681] >ffff88802d9af000: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 f3 f3 f3 [ 2256.241577][T28681] ^ [ 2256.249284][T28681] ffff88802d9af080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2256.257339][T28681] ffff88802d9af100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2256.266340][T28681] ================================================================== [ 2256.274391][T28681] Disabling lock debugging due to kernel taint [ 2256.468850][T28664] syz-executor.3 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 2256.481157][T28664] CPU: 0 PID: 28664 Comm: syz-executor.3 Tainted: G B 5.4.56-syzkaller-00005-g8555f0d9d303 #0 [ 2256.492706][T28664] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2256.502747][T28664] Call Trace: [ 2256.506039][T28664] dump_stack+0x14a/0x1ce [ 2256.510360][T28664] ? devkmsg_release+0x11c/0x11c [ 2256.515312][T28664] ? show_regs_print_info+0x12/0x12 [ 2256.520525][T28664] ? radix_tree_cpu_dead+0x160/0x160 [ 2256.525815][T28664] ? _raw_spin_lock+0xa1/0x170 [ 2256.530586][T28664] ? _raw_spin_trylock_bh+0x190/0x190 [ 2256.535954][T28664] dump_header+0xdb/0x700 [ 2256.540283][T28664] oom_kill_process+0xd3/0x280 [ 2256.545081][T28664] out_of_memory+0x5b6/0x890 [ 2256.549679][T28664] ? unregister_oom_notifier+0x20/0x20 [ 2256.555130][T28664] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2256.560672][T28664] ? get_page_from_freelist+0x7c0/0x7c0 21:34:24 executing program 1: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x0, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/netlink\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x900, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) [ 2256.566217][T28664] ? __zone_watermark_ok+0x91/0x280 [ 2256.571416][T28664] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2256.576785][T28664] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2256.582355][T28664] ? copy_process+0x5a4/0x5110 [ 2256.587116][T28664] ? kmem_cache_alloc+0x1d5/0x260 [ 2256.592160][T28664] copy_process+0x5f3/0x5110 [ 2256.596754][T28664] ? mem_cgroup_commit_charge+0x1cc/0x2a0 [ 2256.602475][T28664] ? _raw_spin_lock+0xa1/0x170 [ 2256.607249][T28664] ? mem_cgroup_try_charge_delay+0x10/0x10 [ 2256.613054][T28664] ? __lru_cache_add+0x1a1/0x1f0 [ 2256.618089][T28664] ? fork_idle+0x290/0x290 [ 2256.622496][T28664] _do_fork+0x196/0x920 [ 2256.626666][T28664] ? finish_fault+0x230/0x230 [ 2256.631331][T28664] ? up_write+0xa1/0x190 [ 2256.635559][T28664] ? dup_mm+0x300/0x300 [ 2256.639716][T28664] __x64_sys_clone+0x25e/0x2c0 [ 2256.644483][T28664] ? __ia32_sys_vfork+0x110/0x110 [ 2256.649498][T28664] ? __fpregs_load_activate+0x2d3/0x390 [ 2256.655031][T28664] ? do_user_addr_fault+0x55c/0x9f0 [ 2256.660230][T28664] do_syscall_64+0xcb/0x150 [ 2256.664752][T28664] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2256.670744][T28664] RIP: 0033:0x45f6a9 [ 2256.674630][T28664] Code: ff 48 85 f6 0f 84 57 8c fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c 2e 8c fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 2256.694911][T28664] RSP: 002b:00007ffd7c796528 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 2256.703314][T28664] RAX: ffffffffffffffda RBX: 00007fbf5a9d1700 RCX: 000000000045f6a9 [ 2256.711303][T28664] RDX: 00007fbf5a9d19d0 RSI: 00007fbf5a9d0db0 RDI: 00000000003d0f00 [ 2256.719259][T28664] RBP: 00007ffd7c796750 R08: 00007fbf5a9d1700 R09: 00007fbf5a9d1700 [ 2256.727229][T28664] R10: 00007fbf5a9d19d0 R11: 0000000000000202 R12: 0000000000000000 [ 2256.735182][T28664] R13: 00007ffd7c7965df R14: 00007fbf5a9d19c0 R15: 000000000078c0ec [ 2256.752618][T28664] Mem-Info: [ 2256.755802][T28664] active_anon:1406829 inactive_anon:9707 isolated_anon:0 [ 2256.755802][T28664] active_file:103 inactive_file:116 isolated_file:59 [ 2256.755802][T28664] unevictable:363 dirty:10 writeback:21 unstable:0 [ 2256.755802][T28664] slab_reclaimable:10326 slab_unreclaimable:81474 [ 2256.755802][T28664] mapped:58603 shmem:9776 pagetables:37985 bounce:0 [ 2256.755802][T28664] free:12544 free_pcp:1113 free_cma:0 [ 2256.794452][T28664] Node 0 active_anon:5629204kB inactive_anon:38828kB active_file:2040kB inactive_file:2676kB unevictable:1452kB isolated(anon):0kB isolated(file):0kB mapped:236916kB dirty:4kB writeback:0kB shmem:39104kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2256.818957][T28664] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2256.845539][T28664] lowmem_reserve[]: 0 2912 6416 6416 [ 2256.850868][T28664] DMA32 free:20964kB min:4644kB low:7624kB high:10604kB active_anon:2807116kB inactive_anon:5352kB active_file:1388kB inactive_file:1452kB unevictable:0kB writepending:4kB present:3129332kB managed:2983768kB mlocked:0kB kernel_stack:16128kB pagetables:23916kB bounce:0kB free_pcp:1892kB local_pcp:1444kB free_cma:0kB [ 2256.880596][T28664] lowmem_reserve[]: 0 0 3504 3504 [ 2256.885657][T28664] Normal free:5284kB min:5592kB low:9180kB high:12768kB active_anon:2825832kB inactive_anon:33476kB active_file:12kB inactive_file:504kB unevictable:1452kB writepending:0kB present:4718592kB managed:3588928kB mlocked:1452kB kernel_stack:29824kB pagetables:128116kB bounce:0kB free_pcp:1728kB local_pcp:1320kB free_cma:0kB [ 2256.915906][T28664] lowmem_reserve[]: 0 0 0 0 [ 2256.920435][T28664] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2256.933761][T28664] DMA32: 350*4kB (UMEH) 80*8kB (MEH) 70*16kB (UMEH) 43*32kB (UMEH) 15*64kB (UMEH) 45*128kB (UMH) 15*256kB (M) 8*512kB (UMH) 2*1024kB (MH) 1*2048kB (H) 0*4096kB = 23288kB [ 2256.950693][T28664] Normal: 132*4kB (UME) 28*8kB (UME) 60*16kB (UME) 30*32kB (UM) 18*64kB (UM) 26*128kB (M) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 7152kB [ 2256.965152][T28664] 10495 total pagecache pages [ 2256.969835][T28664] 0 pages in swap cache [ 2256.973965][T28664] Swap cache stats: add 0, delete 0, find 0/0 [ 2256.980058][T28664] Free swap = 0kB [ 2256.983754][T28664] Total swap = 0kB [ 2256.987493][T28664] 1965979 pages RAM [ 2256.991270][T28664] 0 pages HighMem/MovableOnly [ 2256.995935][T28664] 318829 pages reserved [ 2257.000083][T28664] 0 pages cma reserved [ 2257.004124][T28664] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.5,pid=28663,uid=0 [ 2257.061969][T28693] syz-executor.2 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 2257.074145][T28693] CPU: 0 PID: 28693 Comm: syz-executor.2 Tainted: G B 5.4.56-syzkaller-00005-g8555f0d9d303 #0 [ 2257.085679][T28693] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2257.095726][T28693] Call Trace: [ 2257.099011][T28693] dump_stack+0x14a/0x1ce [ 2257.103325][T28693] ? devkmsg_release+0x11c/0x11c [ 2257.108265][T28693] ? show_regs_print_info+0x12/0x12 [ 2257.113465][T28693] ? radix_tree_cpu_dead+0x160/0x160 [ 2257.118751][T28693] ? _raw_spin_lock+0xa1/0x170 [ 2257.123531][T28693] ? _raw_spin_trylock_bh+0x190/0x190 [ 2257.128919][T28693] dump_header+0xdb/0x700 [ 2257.133252][T28693] oom_kill_process+0xd3/0x280 [ 2257.138020][T28693] out_of_memory+0x5b6/0x890 [ 2257.142630][T28693] ? unregister_oom_notifier+0x20/0x20 [ 2257.148090][T28693] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2257.153642][T28693] ? get_page_from_freelist+0x7c0/0x7c0 [ 2257.159191][T28693] ? __zone_watermark_ok+0x91/0x280 [ 2257.164390][T28693] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2257.169759][T28693] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2257.175301][T28693] ? copy_process+0x5a4/0x5110 [ 2257.180064][T28693] ? copy_process+0x5a4/0x5110 [ 2257.184827][T28693] ? kmem_cache_alloc+0x1d5/0x260 [ 2257.189870][T28693] copy_process+0x5f3/0x5110 [ 2257.194477][T28693] ? mem_cgroup_commit_charge+0x1cc/0x2a0 [ 2257.200191][T28693] ? _raw_spin_lock+0xa1/0x170 [ 2257.204949][T28693] ? mem_cgroup_try_charge_delay+0x10/0x10 [ 2257.210752][T28693] ? __lru_cache_add+0x1a1/0x1f0 [ 2257.215685][T28693] ? fork_idle+0x290/0x290 [ 2257.220098][T28693] _do_fork+0x196/0x920 [ 2257.224246][T28693] ? finish_fault+0x230/0x230 [ 2257.228934][T28693] ? up_write+0xa1/0x190 [ 2257.233169][T28693] ? dup_mm+0x300/0x300 [ 2257.237323][T28693] __x64_sys_clone+0x25e/0x2c0 [ 2257.242083][T28693] ? __ia32_sys_vfork+0x110/0x110 [ 2257.247110][T28693] ? do_user_addr_fault+0x55c/0x9f0 [ 2257.253008][T28693] do_syscall_64+0xcb/0x150 [ 2257.257523][T28693] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2257.263410][T28693] RIP: 0033:0x45f6a9 [ 2257.267314][T28693] Code: ff 48 85 f6 0f 84 57 8c fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c 2e 8c fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 2257.286914][T28693] RSP: 002b:00007ffdfaf6b118 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 2257.295317][T28693] RAX: ffffffffffffffda RBX: 00007fddb5d67700 RCX: 000000000045f6a9 [ 2257.303284][T28693] RDX: 00007fddb5d679d0 RSI: 00007fddb5d66db0 RDI: 00000000003d0f00 [ 2257.311257][T28693] RBP: 00007ffdfaf6b340 R08: 00007fddb5d67700 R09: 00007fddb5d67700 [ 2257.319228][T28693] R10: 00007fddb5d679d0 R11: 0000000000000202 R12: 0000000000000000 [ 2257.327192][T28693] R13: 00007ffdfaf6b1cf R14: 00007fddb5d679c0 R15: 000000000078c0ec [ 2257.336157][T28693] Mem-Info: [ 2257.340090][T28693] active_anon:1409576 inactive_anon:9707 isolated_anon:0 [ 2257.340090][T28693] active_file:166 inactive_file:406 isolated_file:0 [ 2257.340090][T28693] unevictable:363 dirty:1 writeback:0 unstable:0 [ 2257.340090][T28693] slab_reclaimable:10326 slab_unreclaimable:81423 [ 2257.340090][T28693] mapped:58704 shmem:9776 pagetables:38008 bounce:0 [ 2257.340090][T28693] free:10623 free_pcp:201 free_cma:0 [ 2257.378662][T28693] Node 0 active_anon:5638304kB inactive_anon:38828kB active_file:664kB inactive_file:1824kB unevictable:1452kB isolated(anon):0kB isolated(file):0kB mapped:235016kB dirty:4kB writeback:0kB shmem:39104kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2257.404633][T28693] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2257.431769][T28693] lowmem_reserve[]: 0 2912 6416 6416 [ 2257.437889][T28693] DMA32 free:18280kB min:4644kB low:7624kB high:10604kB active_anon:2811148kB inactive_anon:5352kB active_file:188kB inactive_file:1320kB unevictable:0kB writepending:4kB present:3129332kB managed:2983768kB mlocked:0kB kernel_stack:16000kB pagetables:23916kB bounce:0kB free_pcp:1556kB local_pcp:1148kB free_cma:0kB [ 2257.470770][T28693] lowmem_reserve[]: 0 0 3504 3504 [ 2257.478174][T28693] Normal free:7160kB min:9688kB low:13276kB high:16864kB active_anon:2826836kB inactive_anon:33476kB active_file:4kB inactive_file:16kB unevictable:1452kB writepending:8kB present:4718592kB managed:3588928kB mlocked:1452kB kernel_stack:29824kB pagetables:128120kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2257.518268][T28693] lowmem_reserve[]: 0 0 0 0 [ 2257.527684][T28693] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2257.541389][T28693] DMA32: 175*4kB (UMEH) 47*8kB (UMEH) 12*16kB (UMEH) 11*32kB (UMEH) 11*64kB (UMEH) 38*128kB (UMH) 15*256kB (M) 8*512kB (UMH) 2*1024kB (MH) 1*2048kB (H) 0*4096kB = 19220kB [ 2257.558370][T28693] Normal: 13*4kB (ME) 10*8kB (UME) 3*16kB (UME) 15*32kB (UM) 17*64kB (UM) 26*128kB (UM) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 5076kB [ 2257.572639][T28693] 10226 total pagecache pages [ 2257.578054][T28693] 0 pages in swap cache [ 2257.582194][T28693] Swap cache stats: add 0, delete 0, find 0/0 [ 2257.588283][T28693] Free swap = 0kB [ 2257.591996][T28693] Total swap = 0kB [ 2257.595774][T28693] 1965979 pages RAM [ 2257.599571][T28693] 0 pages HighMem/MovableOnly [ 2257.604220][T28693] 318829 pages reserved [ 2257.608418][T28693] 0 pages cma reserved [ 2257.612490][T28693] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.0,pid=21892,uid=0 [ 2257.626635][T28693] Out of memory: Killed process 21892 (syz-executor.0) total-vm:75240kB, anon-rss:13296kB, file-rss:35836kB, shmem-rss:0kB, UID:0 pgtables:156kB oom_score_adj:1000 21:34:26 executing program 5: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x500, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x0) [ 2259.660281][T28720] syz-executor.2 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 2259.673295][T28720] CPU: 0 PID: 28720 Comm: syz-executor.2 Tainted: G B 5.4.56-syzkaller-00005-g8555f0d9d303 #0 [ 2259.684839][T28720] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2259.694896][T28720] Call Trace: [ 2259.698199][T28720] dump_stack+0x14a/0x1ce [ 2259.702554][T28720] ? devkmsg_release+0x11c/0x11c [ 2259.707506][T28720] ? show_regs_print_info+0x12/0x12 [ 2259.712717][T28720] ? radix_tree_cpu_dead+0x160/0x160 [ 2259.718004][T28720] ? _raw_spin_lock+0xa1/0x170 [ 2259.722766][T28720] ? _raw_spin_trylock_bh+0x190/0x190 [ 2259.728137][T28720] dump_header+0xdb/0x700 [ 2259.732472][T28720] oom_kill_process+0xd3/0x280 [ 2259.737238][T28720] out_of_memory+0x5b6/0x890 [ 2259.741822][T28720] ? unregister_oom_notifier+0x20/0x20 [ 2259.747279][T28720] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2259.752830][T28720] ? get_page_from_freelist+0x7c0/0x7c0 [ 2259.758368][T28720] ? __zone_watermark_ok+0x91/0x280 [ 2259.763555][T28720] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2259.768926][T28720] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2259.774469][T28720] ? copy_process+0x5a4/0x5110 [ 2259.779227][T28720] ? kmem_cache_alloc+0x1d5/0x260 [ 2259.784234][T28720] copy_process+0x5f3/0x5110 [ 2259.788811][T28720] ? capable+0x19/0xe0 [ 2259.792872][T28720] ? cap_capable+0x4d/0x280 [ 2259.797370][T28720] ? cap_capable+0x23f/0x280 [ 2259.801965][T28720] ? fork_idle+0x290/0x290 [ 2259.806373][T28720] ? capable+0x79/0xe0 [ 2259.810536][T28720] _do_fork+0x196/0x920 [ 2259.814696][T28720] ? dup_mm+0x300/0x300 [ 2259.818837][T28720] ? ktime_get_raw+0x130/0x130 [ 2259.823592][T28720] __x64_sys_clone+0x25e/0x2c0 [ 2259.828363][T28720] ? __ia32_sys_vfork+0x110/0x110 [ 2259.833505][T28720] ? __x64_sys_clock_gettime+0x20d/0x260 [ 2259.839153][T28720] do_syscall_64+0xcb/0x150 [ 2259.843651][T28720] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2259.849539][T28720] RIP: 0033:0x45ccd9 [ 2259.853425][T28720] Code: 2d b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb b5 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2259.873026][T28720] RSP: 002b:00007fddb5d66c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2259.881447][T28720] RAX: ffffffffffffffda RBX: 0000000000001f00 RCX: 000000000045ccd9 [ 2259.889407][T28720] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000103 [ 2259.897400][T28720] RBP: 000000000078c130 R08: ffffffffffffffff R09: 0000000000000000 [ 2259.905364][T28720] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078c0ec [ 2259.913351][T28720] R13: 00007ffdfaf6b1cf R14: 00007fddb5d679c0 R15: 000000000078c0ec [ 2259.942599][T28720] Mem-Info: [ 2259.954630][T28720] active_anon:1409725 inactive_anon:9707 isolated_anon:0 [ 2259.954630][T28720] active_file:82 inactive_file:172 isolated_file:0 [ 2259.954630][T28720] unevictable:363 dirty:0 writeback:13 unstable:0 [ 2259.954630][T28720] slab_reclaimable:10324 slab_unreclaimable:81470 [ 2259.954630][T28720] mapped:58495 shmem:9776 pagetables:38065 bounce:0 [ 2259.954630][T28720] free:10508 free_pcp:101 free_cma:0 [ 2259.995377][T28720] Node 0 active_anon:5639200kB inactive_anon:38828kB active_file:328kB inactive_file:988kB unevictable:1452kB isolated(anon):0kB isolated(file):0kB mapped:234280kB dirty:0kB writeback:52kB shmem:39104kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2260.021744][T28720] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2260.058510][T28720] lowmem_reserve[]: 0 2912 6416 6416 [ 2260.065849][T28720] DMA32 free:18776kB min:4644kB low:7624kB high:10604kB active_anon:2812468kB inactive_anon:5352kB active_file:40kB inactive_file:276kB unevictable:0kB writepending:0kB present:3129332kB managed:2983768kB mlocked:0kB kernel_stack:15936kB pagetables:23848kB bounce:0kB free_pcp:972kB local_pcp:496kB free_cma:0kB [ 2260.103956][T28720] lowmem_reserve[]: 0 0 3504 3504 [ 2260.109705][T28720] Normal free:4824kB min:5592kB low:9180kB high:12768kB active_anon:2828120kB inactive_anon:33476kB active_file:312kB inactive_file:100kB unevictable:1452kB writepending:152kB present:4718592kB managed:3588928kB mlocked:1452kB kernel_stack:30240kB pagetables:128412kB bounce:0kB free_pcp:124kB local_pcp:124kB free_cma:0kB [ 2260.143606][T28720] lowmem_reserve[]: 0 0 0 0 [ 2260.148234][T28720] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2260.161633][T28720] DMA32: 53*4kB (UEH) 30*8kB (UMEH) 37*16kB (UMEH) 14*32kB (UMEH) 13*64kB (UMEH) 43*128kB (UMH) 14*256kB (M) 7*512kB (UMH) 2*1024kB (UH) 1*2048kB (H) 0*4096kB = 19092kB [ 2260.179593][T28720] Normal: 32*4kB (UME) 20*8kB (UME) 8*16kB (UME) 6*32kB (UM) 2*64kB (UM) 33*128kB (UM) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 4960kB [ 2260.193880][T28720] 10121 total pagecache pages [ 2260.198634][T28720] 0 pages in swap cache [ 2260.202899][T28720] Swap cache stats: add 0, delete 0, find 0/0 [ 2260.209145][T28720] Free swap = 0kB [ 2260.212921][T28720] Total swap = 0kB [ 2260.216768][T28720] 1965979 pages RAM [ 2260.220709][T28720] 0 pages HighMem/MovableOnly [ 2260.225459][T28720] 318829 pages reserved [ 2260.229655][T28720] 0 pages cma reserved [ 2260.233743][T28720] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.4,pid=26857,uid=0 [ 2260.248129][T28720] Out of memory: Killed process 26857 (syz-executor.4) total-vm:75240kB, anon-rss:13160kB, file-rss:35912kB, shmem-rss:0kB, UID:0 pgtables:160kB oom_score_adj:1000 [ 2260.270597][ T23] oom_reaper: reaped process 26857 (syz-executor.4), now anon-rss:0kB, file-rss:34824kB, shmem-rss:0kB 21:34:26 executing program 2: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/netlink\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x900, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) 21:34:26 executing program 3: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, 0x0, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:34:27 executing program 1: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x0, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/netlink\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x900, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) 21:34:28 executing program 5: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x600, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x0) 21:34:28 executing program 0: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_ID(r2, 0x80082407, &(0x7f0000000140)) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f00000001c0)=[{&(0x7f0000000500)}, {&(0x7f0000000300)="0da5264f119185e79d3938a59f7992482658f6875b4f682e9ab28a7030dd7d20a07c71", 0x23}, {&(0x7f0000002740)="51e00a1a370ba1086c860c58bbda86c858715abbaeebc07e016e3ecb4ae0dbbdd41bc3c3e636a44b74e5f7ccb8eff4a80d331dae183a9a71fd226bb19357022ba26d1efa0a0600000064cdc7dfe169073e2257a21afdbc73468ffcc8812f7d7c000ab9d197320f3957433f7f5b45d25d3c7ce1b3f23216adefbdc1fd417ef159c1106e57a61cbc3127ef0bcfc5e1c8c689bb6b5b12e19da894c2d5c5a2a9423b60802f0d2df17d1b1bfd55bfc10f2980ecddb17b00d1f3552959845f4caf2f4d004777701d48a11f7384ff577bb1c2344eb40758b3857fb49c542dd69d86863f3c41da565ea41bf4eb9b56dc5bb9db825080db90db0454f41e9b5925a98a8fefc01829819746564930ad81a39111beffe2a5669ceac2db12e1ba4118c34ba3449753e9521d22d351bf", 0x129}], 0x3, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') r5 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000140)='ethtool\x00') sendmsg$ETHTOOL_MSG_LINKINFO_SET(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000200)={&(0x7f00000002c0)=ANY=[@ANYBLOB="7201a960632ed46b0fde8aad6bba45825a570e80e9649fced16db574dd5a49d3145698a6e6995b025f1e868d251f2481f539", @ANYRES16=r5, @ANYRES64], 0x58}, 0x1, 0x0, 0x0, 0x4000}, 0x8004) sendmsg$ETHTOOL_MSG_LINKMODES_SET(0xffffffffffffffff, &(0x7f0000002640)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000002600)={&(0x7f0000000380)=ANY=[@ANYBLOB='x\"\x00\x00', @ANYRES16=r5, @ANYBLOB="000229bd7000ffdbdf25050000000500020009000000a01103800800020004000000310004007047ed3db727301d45c077ffb223f71e20019bb2d4f11a0e1021ab8a16b9505c4cac88ac8a9a5905aba291b6d3000000fc00038008000180040003002c0001800400030008000100000000000400030008000100020000000a000200737461636b0000000400030044000180080001000300000004000300040003000900020025245e3a00000000080001000101000004000300090002002727215b00000000080001000800000004000300180001800a000200737461636b0000000800010009000000100001800a000200737461636b00000054000180340002002f7379732f6b65726e656c2f64656275672f62696e6465722f6661696c65645f7472616e73616374696f6e5f6c6f670004000300040003000400030004000300090002002440237900000000040001805c00038058000180080001000400000004000300340002002f7379732f6b65726e656c2f64656275672f62696e6465722f6661696c65645f7472616e73616374696f6e5f6c6f670008000100590000000a0002007b2f212d5d00000004100500ab0bfff24e9abeac9139c83dd3246a514e4894023c5e41da35a4c459968caa36bc341de63f9b4f642a5d9fe871d3e8321881e9ab62874a578a4119d02c0226d8b1742dfdf8b66ed2e89f9eae0ca1351238c1a5b1382479a1a4abca3d2523c15e9a3750b4e27d6928cc56d4f00851b2308ad451ad6c28f804da25204bae0dfe100a80f98511f66b40f2928bd684db63dfdc3c89571b9db2d73943327f066e08bacb08bf6fb138b26891c932c1815283f27422d7d18b528f431d43423f4a4933b14a3f713407ab512d8a099b51194ed7ca2cd83c333c51466cafe28e9e84ea64f8e296f4d6dcf8f88dc0cc2745404facd67e9ada774e6d4af2f1b47ca05267858942e5fb928e50e1afd0e79b96d3981f8d203521b942abe76a343dc36397d8cf0ce2051bfb1eb7fee9a4c8407388b6fd28e9ec392a38050449bd6422fadff14af2945e15ce04a33fd3a8bbe6c55890f34c1a648ffc116ac573a8d31a8ca20ce983c7d5dce52054305e7c5329d7b3453e6938b884d32b8afde05b3be026289402f248706b9bbdee5fa81189f4ac0163f905e0287a1d7f0662adc3ab24e155c9f2714babb15ead41606ea9cb496628c3f2b8aa79118cc81195cfc6a8c2815ab6d34bc1d1457824a0868d7a21efb27613e04faeb239ecf0bceaa9fc316ecee0e8bfe490c061d7c0418b0e0bd75116d426e37cc519ebe78c82a59c25d96a66fd41c0221f1bc54840a86fcc596effe631e8e0d00eb0ba0a61ae293c7a4e3f76206c9de607292bc4855c40e83d84725aa1dc2927452c25466d828d4ceb9cf605047a6c93c2c6867904e30a7a0f36866d3aa9bc2f3b04f5488fb2d9749a4c7470d4c4059e571a57dd96d01656ad7110eeb10c5d38cc5bd81844622e660241adc0635d7bfa9e559fc46e7aef273efb2351fa10c61b73321bce230845eae92a5920af273caa790d2673d3edd94a4d615a30828adc2b33f05cea8326e3051a73096e8ae9218deffa2df409313a61259b98cad20ce75e20137eb2a11ca460b39a6c9ebf7424ebd0a7384ae25bfddc3c8707f2aa44c79c2019177d747318c5513e575784dde1ae8585899d203fea3766589aebb880333544f7ed519acfeb8d0f9bae4a2f65992b107fe5c1b6b3dbb44616a059c5f736cabf445d6715ccc9efcbcb22f74405d40cbe3a03013e660f4d1812e23755b150ea2d9d3dd5e74fd5fb2f8cd6d8d4bf33ff15369784987161a95c36e24708f45125d478d399887e3b4b9470d4a8c681183f3de757f7d0424bd32f42b43576618665e6d780d8c972c4ac8c61f5034344025b7a8900207262dbeda5d0efb1b1a373570f090937dd9861811d68eefc3d6c0ea3010fd67c3eb4846059444abcb4c853594574ce587e0711969d05c1c15ed5fe30ce8cae3ca001c4b5e9a7476e01b87904134ac4b7514409c08860695cbc9cb61348d278c4bed5e1c2909ba57f1a76958b27971151aeb50fb1df28d9f4a28ccbf5068a7011f1205d66afff4d255e0fb447de496bd57ea05cd7e5b4e4814185dcc78b201c1ea9a1dbd5c71ce2f71e28819a25a9219083e40235268278df7816d37006f2e57d7e571b2e6a2f7208c1b59041b0cf41f932c1addcf89bac02b3a6da594fff3c59f6c86678d007cb7584f0a85e6c632ec4795d8e36702648b9b0e3f4492b6d5185bbd3edd3e213ce2facff743e606fd28fd24bd776391940c376b641cb7166e6a007f4ef0ef22e569f099aa4daffd9281ade6d1a86a10704ae1a30c2f1afe5383cd36d2f4f91c157bbd225f07262ea5ad244e5ebaedf43c8f6963e62f31239be97a42a8e5622e290ebe798c8e904a4bcfceba2dbfc36990a2f683b038586558b1b82e917344d77f2ac008aebec09853c122e958110001c9e0c9a82fb85ee16944d307c7c985feda78ec50922fde1a39d9091c1662d131e7366d4ffd6061fae4642d06e1b688ec06e315fac4b1868f343804d69e42bca1979a26d5ae1a0c19591f7ac0d76f4f299f572faea70999eac675226bfb83244f3fe107b59fc669870656d2a89aba749525d9e6a01ce21e6694239d490cf1d5fb9eca3efdffe8975f8f36a0034f433ac1b6149b7c8db164344006e1f4240837fc7d71c2122dae2c156d1f95d294149c9563c7b0fa095a9c92fbd02af971abbb186c49a00d5816afc620acc3420d3907fcff5799a0a9571fc1c709b3006acacbe10dece58f53cc9f8da21fbb06f0234408156bff7bc9549f954ae0a22947fb43a0f395181ffbab978b8c1dd13f34b6ab7488a9fc513870ecfb3cde5923a3c04f8c849632b7b1d6acf5a675c667384f6c8b89d8ddd698afe9d31fff5f7df20fb9067b511be2ba251a2d90535a0aad0932b173ed8b222a2bfea2c6a109708e55ba9d71a37f7d6b2fbbabacb10f301947f4e26ea1c38fcf3220fba01e8512dbed12ac131d6b43d71d514cbe7c090f0bf3a4cd1c1ad587f20af59b6f1262cae10edce591e15ef92212b15809df63786bb108a4a3d5b0cca804745f01b4a57eb60b16f110fed5f03e9c1161bb478d59d6afdce7fb6709a7413e1dacef2dd170b960daac0926b30dbd506d8e3bd78901f149fdb14b0e868fccf3ba321f50069cbf6a33b452f70efbaad442e3191817851e4107592cb0b7672711da3d28a06c3fea12aad803f21dd27079a478e4a720f21905fe689b431fcf365210f8c5653fe4170ba90d2e806c9e1ee1054294c82de0e146e738314b69ba917abd7dfeb33ca21bad0afc924d85bada791d57e7a9b8c14a044485066df4019d4949f584b5cd2592ea89ec18dbe1b0f0312d056fcd1576d954c9299f39082ff55dac9584b342a751c8953c6742f083a20e244eaad9d33a2a30286c4cb19ff602cc0d77dd2c3b6efb80004895bb8b4093019b7aa5d46d40293a903cdb079ee2d25cf2b59548809a5bacab6bb22a55099fe88d9ce38f2110c3f43280c0949330cf1184bd852dcbbd0a39366b231d10a42df91927401522aaa14bffa78c03f1085637773ec344119920c9597392dcbe0f7dd6d80ae9ebe27968f21faa3fad92b739904b7b82a7a78bbcd4e70c5570c2638bd5efb308707c20176b03be692dfc35e2be86502336e165dc34f7dacd596b556628f6399bcfe26158c72193a69e9ece2bb7744a3630dd5c918990c92b4925b5e84a3ee07b5b1d05650f6613c4f6b27a60ea044d04bf4b0786826b448aab1bb2451f8b3ce8decdffa0848a1929e2651aafa0a0faefb45a619fe4cdaa0fbc3f0b25ce67aa38ec6c54b6f0626eea693b4a82b40d3b893af7392d4be6b34a364b76003399b121ae579c8df079c78687b257148573ecaf464a121f90e9c4721f9dc55370799e8ce896277e12ddea30e3d9c8a8a2481adbe723e8b5c84d109651f43fa477a92286509de848fdb144daac740f3d9b83b728bb6cabda33ae18c0e2ab4007971e87431ba9a8d5aa96320adc009f574607ff131f0d2b8a4b2f56b56819a71a25a1af684abbffa6e39e148b74c0927730661ed9f7ffcc7403af2585b4711f47c03058f15732e6528ff22c0c3b086c17f932f455ab4f34011e1c94943184c16b762ca90532a03c5e6dcaac8fe455bd3d029d79e01580e9acbb812c56bf9d3f93ccf88894a8759475d479c40803bddc446fb3fc5006020f3f30ec8b3acc1a3b8bbfc97d08aeb1c09df67575fc526640d3acc92e747455a965233cd10a871b645538c42ec682807442480d26860215a08150f856bac85791b77e5b7395bc346cda441cfdef39274d1355f528183544d69ca72d4e7b16eae994e469736f3fa603e7cb28674659dc20a00cc46ead64137a619c44a3a51ed8a3d21c15b94f2b803e88706d49a435b9be7789e2bb6aa6707fee816464e379d3dcc8f05720f149744e694f3b400acc6168ce93added3186baabf934bb2f0a8e2efcb498c57acdeae9431f7bc4b74c1cb56af14cc85b29067678fe1c64fdff6988c7146388805fb49cbd6233c2949d276d9b0ce4f27baf58dc8e708173ec971f5172e06ada50d2dc9962673502f477d0b770ea554b171fd468b159ffcde2c43b63853094af0111814bb605ee9a1fd4264063def3c56c36fa1cb04f623b3d320e410690ff21cd2c50d3b7ef8fb2133171d0e9219dd35dcd106b720d77fa638e6725498fa094f6e63ab450a26684eecc2a378ea1eabfffb2186ba895bb7d7bd906bfbc189d1367e4b2966faeb2ad18c4b4646c6b006469d28e438d0d08b4930c81e7f76c4aa891d6ee624f787b3eac581621cda8a4531dd6558b1d9ed0653fb67684bac6cac7eb18e687341ce2a8edeaa41c89a518b9733ad6e05da39e6cf5a81fd55a1de7b71fddc37819d21912e9a8bf64f600f6ac3fcc68db0fc4c42062149aefaed5ff3c4dc3c04d59927610895fc5857972032b9e01589d19f5977a5da96b11c852b49e8e306ceb32132390200cc8004a61db5dae476c541cdfdc8d9b77e2c00b1bf0b9316609f35880d8ec85c58c559f4d2d3fa10909151ab32e55b3745165c4f7e951801f70c8266ea547854eaa7105b0e6005a1d4a47ee1d354dcc3326c08ac16ffa6771685dbe35d7a7e6a3e04be33cea0574883ebbab7e331e5a9e3dcfdb51223ac02c195be7cfdce7a82581531c56becc2be523572cc14c62ef1b06b06f133fdb4618379308d02544cadc788185860cb49e2d4f8ca0f9671cfada74e23d4a00acac2b3dbf67647839b05143064ef9489d6286e5c1612f19674a86e68bf4fc7205c1d7104e700278c4cc292a26d8e9b3ec6ed47e6b468d4da61b188ec23912387df888ea9cbc94b94fc6795ed602151a0fc895a6e4ea3b78208f8a948f15adea5bbc63e32ab74fa2712ac3e57ecdf00e6c6889429864d9f3c483a416ff360a277d127ea36b7d4fb623cd832bc24f1942017155872121253b870cc0b230a29a60e811db69014cddb75422f273899f7d87db30618d18ad217015daf4e5e6dce25db731c55cf6aa3b314650cc6e27f079258007d1988b695eca4075104bcbe3bcebb4b2659974fa92463b2f1a5295515ad33f8d5e83e029c34da01dd19c3599229a749951c4bf3b53a67fe1ae3ee14d3eaf6a7e3a6ecacc6f190b4632383a7299a1d97351e8343adc6dc6bf60a8b434984f90dc16632ded4168b87b43ade5eca2b19e05545bb38828353a90bf34176752cbabb8cf68483f5b01aff7e54fb8f3e9cc39ed8c0dc0b7034e61c94eee8b8f0c5a2927253ff2ee7c700485c4b29453cc2d5c3028d79b2adaea7d2449298f723935c67f6a1bbc6114c913cc3995f41403b8d131dd40a73545b65b94d5c1fc927df70f307d3085e0296a53cc05b37fa58f37b9423a54e598850df5da664a84340922ffc13bda76a9d991e4bba231321edacba6a0789abef90ea64f8e2081507bcabd45d2fdad88922fe0126e55dadd56c0543ab0f5bc4215006b3344fe1c7f7284280ffdd80c703d6f71011d1e7d1a3370786f979896569aa957c130c88555913165cdbe97a815f5863f5de1c61018c8737396a813aa6bfe13853295f4c4336cf9574fcc54e1fcacef45301505a1726268fe78d7f58ed0acb795b1013aec9db23b872fc0d24e6eefd16a98e8b0dae28702111b013874aff566413d2dafeb8b7d06b99b30ae941e2978810595b20b63a2aab72e4e6906d8511b64908d2b1098092f138066d8c12ae2ae6645e52964d6aa7cd9b47213a8e8d4839a9517b1838070b3fc9f4384d2b9bf8c4a909af065818e5b87347e64a758c660fc5f68e664804c61dc3cfb289abbe43496b30f415023ebdcb3ce213bfefa654a84040001000800050001000000580001801400020076657468315f746f5f6873720000000014000200626f6e645f736c6176655f3100000000140002006e657470636930000000000000000000080003000000000008000300020000000800030003000000050002000800000005000200040000004c1003802a000500de54e6efb011d37db346c05a3fc5c2dbe33a745f365315fb80a907884b5d9729f990640e7bd7000004000100080002000000000008000200070000000400010004100400b1463452ca5b76dce40382d668000c7499792d31103094d4b5f4e204a501d9b106966444871f5aca45d64d9d102dc81a20fc94a9096edac47fd7bbc422069f9a20086d9073c998feda798404320e1a3bcfd0019a902b88d03de2a1e2ebe34c52c0df23cf9d5007b86285099297debff023a7ef717cf0ab73ae190285cffd95afd0788f3d547164febf644960fe91f8daee1c0f5cb378ec53cd0f33cfc2b816e0e09ed2884e30c45211b222c7d563f6b16e09d49a80f7a221b19be27e166bc8ad00518bc2548d455c6e195f29816a15499c5a049687f3a3698f06909c20d39229befd0f8abb78f00aa82d82ee6d3b02dcd064757690b4b0460e01d1857f7114d0890e0c8c8ec816663c2ddcb4e62d658d875efec904cb95627a963f090528d35ae3884a97c9f8e06eb73cf6f420a7394d61fbfda582b5cf4555c3dd073941db5c38497515ae9e21e628228172f3706fa6727223d12000f5a996e3a9978599e7db65b27e67e07655eda7e85e7a975ef7f43b9462be65b5028a39d2390631da6292aae2333a0216e010f43c7589b94d613c0796d88c9cbd57c87f0cc6259df9b99296d251a50fc2b93d76b8ebe79de4f315da45e8578a5413a4cc6c91bf4c71a1051bd290eadfa821871a136b1ed7eac49763acc14183211a8bca037250a9c29a394a51beed63596f37d2a18277b5532b9ecc6639d1f932ac4b6c1bc835ee6267f6afffb0281a94e5daa464073f761f0228edd9617cb36d1cfd56ed3eb032997326e7c724c1a4e8060ac2b1ea540486d1dbe32fe6e1c1c289457c321489e3520ca0af51591c620390641d83f383c628cd3d797fa828267368ec5ade90d7e2f12821eca6c4ee2c96dcd9ac18b91198910e805593e38e97744b0ae18aec047b700ffd8b9fd9eadebf7f4861876f4933f9f5838f3e8b3da9dcdb60e8af01979059e7814574264b5635bb32420410f934b7358862986de2d19893f71f189ad6caea37b3f4fe1586a7920d7529d6ff299d0b62c4ac0b440cda8b1ccfa01c993b1b6c9a940ff3e916b2e720d9f0146371e1a19d885659ae716650ac3d460670452fcb330b3c9fee8802bd84befe8ee29e98e514d600839a3120bcb6977686e21dab3fcd027a789bb609f8c98b17b616c01b47e31081ec5eabb448519510534d0b2897af8fd8f2b9a15ab1cc3272fe2081c5e52edc0424c8e9d113499f65ef0872f4daf9574c850b37f03ddaa51936927605487eb080eb6fc9bac1f9566fec21bf3a6cecf2099f2bac8678e20247d87f0dacb5be70f989455c9fae04d40b3f8fa88a0f562dcc04533adccbc303826a22f40800ff5af46945474c4bde5216eb9b96931b939b3ae0ff4d5926863be07e923134c1df724857bc7a3baa1c474763dc3003009e0ca7e0454623ba9b100c15a652897ca9a22be88086d40ab0a0e5b739016b9b33345ba7ffbd34208d23f531ed0e2a23e00d5025f678dc1561502b8f4d2e103aea30a9906d79d94243d0abe2a5ba086fd631ae3bba1fd82384948e8906bf82b5802d623fd9c104247f243693ca025e53357cf611c3b2d407fd394d3b330fe42cdcdedcb54de27eb7eded046d2f7f92f603e631ae01bfa40c3b319358e6c410796f6677a4ac14b1c0cbbb085a4126450b47cf21f081ec6f0fbd5e355b62625fb8556ec252a5a75f30132157ffc256d1584dcfac752c7aae44b71de1124105e63022ec01b85772dd28248b6ad0fd3428a29be82e1e6f97c1a43068c5cc830ea244bf6a1122419b39baf27eceb7ac102af9832d4a321def22ff1a84c00dac37ab71feee165133d6bc8f3df3a4f6b06eb8a02396ccc88ad156c818ac3b9008b8f861d6d50c66ab9e0ae98b8b272ab8eb3a72fe963bed9d4704f611e4ed441dc027a204e62498526d07f8fd75a8f2fbe861203ed68610b14011b161c62ba6d8f9cd925e721be499c67059c5fbc82fdaccf5f803dc6176e66e9f354e6474e78bdabe5ff97d5fcd640bb86e9852e7a918020cf389f053d550605d0255dc0f556569bdf59b1fc1da91dc9e3c41305d56dd27478e955a938b3c77baa8d079116071b631cbb09955b8ac1db788ead0547489474e65e0a2d771821233d77f94788c8f37a11494a58859caf60fa4a7774144d92fc361b5b8f3577ee1493e8efebd5d60371f812650319e6df9bae6029ceee202b437abcbf2585c987f219be153df408c44894b3c5e77cc16e3f7dd03f82bcdc23d79d7d31f2cc8e0e6482730d2ee035bbcebd87fa5778133c102a0061df99497a63dd14530cea51f2678b899e32ce2f366849554997e86cee6609ed457f719b4021daea0af97125d76dbd2aaf18b165eea06df29ac6dcff0c0b0e205f9461aa2944a9590a8b91aed3c2f3d0227dcee699bb78d20eb302c975585dd278c6fd958c4bcf3719131858d66e39b758f6c9166c154236d710fe06dbb2ea896d4e640e003ad34b2e1475778512af3ba7d293b3999c0bdcc5846838533d2ff9387eeb9b3d543e9e4b59509463a05cd03dcd3a3a639e718cf780b99fedd125c60e6fd7fb3328f6c51d3c55d181b3e7103e4af30e8e9e55997cdabafce76a846264c23dc74b4e625336a7ce663d7872846c9c4aedc65823842e4426e631aa03aa5ff8a9b1486b56f06cad8947056c01c24c72ba6cb43173bbf5c82027bdbb6b5ac3dd9dd50ab07a72b2162095725af784b0fe700d1ad63f483ac1543b16760675dd11b4301995d0576649a0b17f4b6c2c6f33e63dac9374f7bb5410b87f5352cb2aa19d7d6cbbcf564a7fce26da906e7a3523247d326571b668c76cb4cfebfa9963dbe465e5bba5800cee8f64f0cf07d0d0bbc721b9e62a7b111afac6330bfc245a127423d458c4aae1f2e97e4e33528dba2dd542270cade09a69026e5e47747fe6033b0cbeec87c7262034710b986e2d571476e36e4fd4006a68b727bd0a4284257593877364fc6fb6e3e2dc2024e28da9ed8b31416c97bcabbc447dc727b2fa0870e9edd9fc637f1363bc050ad582f39635dead23307dcc03768468e2a3cc2b913a92e5b02eee32e18b81b829d7698088b7d6621d9f74306a3ed78ec4f02b37077ddaa3d4b843613b075f629f98f913a4cd57700ed72dcabede6cdcc1995bde0c087d50a179a7c7f4a5a603200adce0fde8c0d3d5a60118fe22ecac9cd48db3e9a6be74af0d4f7cbfd9fd34128d0699a21531d31653be3056e9ed8b700eff57653255e066633f34f6a2c9ce9926dc2e9228f91def4d2ad35df4cc5ed69c05db44b7c3518de643b703a2b1e8cc97fecd76af29971201235ee824370023f621db7bcb22771e318af214dfe03c4a5c35ea66b9292d138f41b1e42f2c4609402e2b0c9578b8857ffad315fc50b82e23f7f0c732bb5d8c5b795affccf3a9e6209b81536e2101c62a058af86958062cc9c3fa768439217405c85b0dac787912be39de42c68f11b08ff2aae838950507477487c3525b90fbf84c71b551fd910ca343590c4e7e9fdb65d78a6838256248c36ba840b66531822535ad8024dd63ce8b5590ce9bcddb944028c32f1ec85ef784594eb269b3c94aee458a4e041503ba18f2d3ab66555b68e6ab2489f79b6cd6ec2b6e9b5b700273db5afa89076b4911ebe1f6d03f9665c9aea365431c1b96ff35163afe7924f5b6ffacac8e605781c4c72162a96b150f52c781204d679927df2bc6f29732ecdc6d48bcac1d0fa613484670900cdaecfd75e82a33a4ddad6a796bdde858d1d7afc52360853c186aaf0f92a3ddf3f23f6a3a1412af8b244e0f42544df295da418f51aa2a7ff3af9105006f5de9700a0bbc9660758f4ef07898ae054bd3cbddf7c08e483c9e673cb66c3cca418d08ad30359d5f775fd57166f8669f96d98edafba1c05921daf0fc91081614fefcd2e3ac15606058272911dd073b381bee5894fdeb7b088092f1f6ad9d4f22bb60bc8d0d88819e4f80819d76a4aca32c97a0f2d6642286b159f2e6d45d0622ba376718ac118c2b935fa03f1a8b43fedcefefa1037c1bdab791982fc8a86b7cf90fe1acfdd403067c5c868ba47a0ecb50d387eb3e2b5300f7d81a3af30926de833c34ed23533f9c7da35ed6de3f4a146502b8f5e8cc4aa0bb7828713c74067f4712901c33659608ea7427fe013746fe601a8d1d99517b6d630ac3b23461f5642fc9bdc8516fc0ecac3f5fe3ebdb514659b4a299372f3bd82269ae7b3681e8dc304879449eb5b3a355d6b433a4d49034bb08bfb40acc8106ba671cd92b5d190210fa47bfecb1cbd5e41a3458f2bdd1da1f65711c05202b28cb65c3a18affc565066eb4e7b6ae6b6db368db970ba4d4c3aa7eb3182e0970ce1004e27f2e8357fffc38d61f82b1c9fa11299228592d1061dafaeddc4a2e36c1c923747d92d916a99f9b7bbd7ca7cc349de6b0508eb02cc4bbab69957648b24880ba609b8f5e82f1aefc49ed36a7120e2571dfa597c9e5523d2e87a4ffa72e9a96f6baba1ff01b2c1b35425f5bb27aee060e9434082bb91cba359bc511fa6532b568e48f7fd5fe78610975922cfc18fc9da0625cea139dbc66b6fcaaa4bea87d88b94ef5f72411d1e6568f9f96ad17560bd7374bd5bffdb6c4892a40e46ba0b0fe576af566e4673402bf0aff2e44d093a6359b5ad86da166f4b6d4893f3e6be645d7c9d55e032d2fc38f7f8cd89b90a0a81a664c4a38f50148d23cacb834e697fc2a9581f3487f1640a32bf34dbb68f81de58649779512eed98b03c1b1530aebd5021633206f321f6ebdee99f1aa9e9ee8f2354184ce012287e8307998e7b04cd79fed5dedddd2e8257838771df7e701d91257d7403bf1bf894fff2041693dd3682858a4029dfcaf89a43723b67bc2c1ea3735c54563eef81bfad655db678d228fae3e6cec7398a21c9be289a914f0d19f3be488f97e914f5be8f4b3cd800d10d4a7eb656610e220f89ba42ffdd44b1620d7902d25314886e49f5c785bd14dd2de344863cfec3f34d954956da68a749b2526456c2cade2c75e9fdc945099a2439e79e7dfccddd1d120b28f25e9002b0825a5cba5a0bf5986d47628a6bc0473b30a5685acde33052559b226d329f8ae01ea86d28a56837d3a2f006736bfcec2136f3abeb196809733e9113af0838d38eef6195b18f0f2494174efc9f3ba2cd36a04bc93c0314a2317813ccfe717f44563a5a326e902c2918d56d88066709eb5f716bb81865a982bfdf86f6f71d20b634f0d0a40b1c1230fd7aa77707151fd4d9be56eb4c89e5c0d7e9387a852fd97ac1b193ffebd2d0948544d863158c25b5d719bffc773d78c70404b95c63a5aef9e2282a44d732f5b631f4f7030a3c72c7ed21cdb91b01d406d53bc26fea82ad6bf53d17268509f78f8e97a6529a7581bbd29f409a5b5322b2653d0c421f98079963ff400d6c1e35a8a38982d6d23d4918da3c1749bb2d9c2813fed6405bf53d36a8f8a41a26b5ccbe9c9be83f30b4edaa99c59457c496ecdc78fe929ff857b90627848fa85971f47e79bfabdaa7a2eef638ec6bfeeb92c2e121cc0f46c928f4acd7b746af8edf9365b6be9cde9781c0e9c319e4b252a3181e8e23082cbce11d996c3dc9d05091b7d870578fc3120d4dce73851234d7110f3326e858911622be08c269e1aa039869f8e9556c401413abde473aaf69dec8affe16dcc75fd5f50a96d2693e3c717afc94c09904ab6179488c2f65aeb5850112bfafcc376a3e71f99ee69194290d713fc38895e927cca1fa8094ef20fdf44c4281b15855cfed2bc58ed4c55e882af33d37a723cc577ff898d8a7ae7df664"], 0x2278}, 0x1, 0x0, 0x0, 0x1}, 0x24fe6b5f8fa1200) preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:34:28 executing program 1: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9}, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/netlink\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x900, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) 21:34:28 executing program 2: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/netlink\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x900, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) [ 2260.565130][T28736] syz-executor.2 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 2260.590982][T28736] CPU: 0 PID: 28736 Comm: syz-executor.2 Tainted: G B 5.4.56-syzkaller-00005-g8555f0d9d303 #0 [ 2260.602536][T28736] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2260.612641][T28736] Call Trace: [ 2260.615937][T28736] dump_stack+0x14a/0x1ce [ 2260.620249][T28736] ? devkmsg_release+0x11c/0x11c [ 2260.625190][T28736] ? show_regs_print_info+0x12/0x12 [ 2260.630380][T28736] ? radix_tree_cpu_dead+0x160/0x160 [ 2260.635660][T28736] ? _raw_spin_lock+0xa1/0x170 [ 2260.640464][T28736] ? _raw_spin_trylock_bh+0x190/0x190 [ 2260.645857][T28736] dump_header+0xdb/0x700 [ 2260.650184][T28736] oom_kill_process+0xd3/0x280 [ 2260.654942][T28736] out_of_memory+0x5b6/0x890 [ 2260.659528][T28736] ? unregister_oom_notifier+0x20/0x20 [ 2260.664988][T28736] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2260.670552][T28736] ? get_page_from_freelist+0x7c0/0x7c0 [ 2260.676133][T28736] ? __zone_watermark_ok+0x91/0x280 [ 2260.681333][T28736] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2260.686704][T28736] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2260.692255][T28736] ? copy_process+0x5a4/0x5110 [ 2260.697019][T28736] ? kmem_cache_alloc+0x1d5/0x260 [ 2260.702036][T28736] copy_process+0x5f3/0x5110 [ 2260.706641][T28736] ? mem_cgroup_commit_charge+0x1cc/0x2a0 [ 2260.712366][T28736] ? _raw_spin_lock+0xa1/0x170 [ 2260.717121][T28736] ? mem_cgroup_try_charge_delay+0x10/0x10 [ 2260.722918][T28736] ? __lru_cache_add+0x1a1/0x1f0 [ 2260.727851][T28736] ? fork_idle+0x290/0x290 [ 2260.732278][T28736] _do_fork+0x196/0x920 [ 2260.736448][T28736] ? finish_fault+0x230/0x230 [ 2260.741111][T28736] ? up_write+0xa1/0x190 [ 2260.745348][T28736] ? dup_mm+0x300/0x300 [ 2260.749502][T28736] __x64_sys_clone+0x25e/0x2c0 [ 2260.754255][T28736] ? __ia32_sys_vfork+0x110/0x110 [ 2260.759290][T28736] ? do_user_addr_fault+0x55c/0x9f0 [ 2260.764483][T28736] do_syscall_64+0xcb/0x150 [ 2260.769006][T28736] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2260.774909][T28736] RIP: 0033:0x45f6a9 [ 2260.778819][T28736] Code: ff 48 85 f6 0f 84 57 8c fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c 2e 8c fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 2260.798429][T28736] RSP: 002b:00007ffdfaf6b118 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 2260.806844][T28736] RAX: ffffffffffffffda RBX: 00007fddb5da9700 RCX: 000000000045f6a9 [ 2260.814818][T28736] RDX: 00007fddb5da99d0 RSI: 00007fddb5da8db0 RDI: 00000000003d0f00 [ 2260.822889][T28736] RBP: 00007ffdfaf6b340 R08: 00007fddb5da9700 R09: 00007fddb5da9700 [ 2260.830856][T28736] R10: 00007fddb5da99d0 R11: 0000000000000202 R12: 0000000000000000 [ 2260.838853][T28736] R13: 00007ffdfaf6b1cf R14: 00007fddb5da99c0 R15: 000000000078bfac [ 2260.853871][T28736] Mem-Info: [ 2260.857248][T28736] active_anon:1409009 inactive_anon:9707 isolated_anon:3 [ 2260.857248][T28736] active_file:34 inactive_file:163 isolated_file:0 [ 2260.857248][T28736] unevictable:363 dirty:35 writeback:0 unstable:0 [ 2260.857248][T28736] slab_reclaimable:10322 slab_unreclaimable:81555 [ 2260.857248][T28736] mapped:58433 shmem:9776 pagetables:38120 bounce:0 [ 2260.857248][T28736] free:11046 free_pcp:373 free_cma:0 [ 2260.895346][T28736] Node 0 active_anon:5636036kB inactive_anon:38828kB active_file:136kB inactive_file:752kB unevictable:1452kB isolated(anon):12kB isolated(file):0kB mapped:233832kB dirty:140kB writeback:0kB shmem:39104kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 2260.921043][T28736] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2260.947390][T28736] lowmem_reserve[]: 0 2912 6416 6416 [ 2260.953704][T28736] DMA32 free:21696kB min:4644kB low:7624kB high:10604kB active_anon:2806820kB inactive_anon:5352kB active_file:260kB inactive_file:1176kB unevictable:0kB writepending:44kB present:3129332kB managed:2983768kB mlocked:0kB kernel_stack:16192kB pagetables:24332kB bounce:0kB free_pcp:352kB local_pcp:148kB free_cma:0kB [ 2260.984471][T28736] lowmem_reserve[]: 0 0 3504 3504 [ 2260.989677][T28736] Normal free:5736kB min:5592kB low:9180kB high:12768kB active_anon:2829268kB inactive_anon:33476kB active_file:40kB inactive_file:724kB unevictable:1452kB writepending:8kB present:4718592kB managed:3588928kB mlocked:1452kB kernel_stack:29952kB pagetables:128044kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2261.026873][T28736] lowmem_reserve[]: 0 0 0 0 [ 2261.032260][T28736] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2261.048853][T28736] DMA32: 83*4kB (MEH) 37*8kB (UMEH) 21*16kB (UMEH) 24*32kB (UMEH) 26*64kB (UMEH) 16*128kB (MH) 7*256kB (M) 5*512kB (MH) 4*1024kB (MH) 2*2048kB (MH) 1*4096kB (M) = 22084kB [ 2261.070499][T28736] Normal: 13*4kB (UE) 9*8kB (UE) 2*16kB (UE) 8*32kB (UMH) 4*64kB (UH) 32*128kB (UM) 1*256kB (U) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 5020kB [ 2261.085088][T28736] 10282 total pagecache pages [ 2261.096370][T28736] 0 pages in swap cache [ 2261.100561][T28736] Swap cache stats: add 0, delete 0, find 0/0 [ 2261.107702][T28736] Free swap = 0kB [ 2261.111451][T28736] Total swap = 0kB [ 2261.115223][T28736] 1965979 pages RAM [ 2261.119111][T28736] 0 pages HighMem/MovableOnly [ 2261.123811][T28736] 318829 pages reserved [ 2261.128019][T28736] 0 pages cma reserved [ 2261.132112][T28736] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.5,pid=28726,uid=0 [ 2261.146284][T28736] Out of memory: Killed process 28726 (syz-executor.5) total-vm:75504kB, anon-rss:16580kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:152kB oom_score_adj:1000 [ 2261.197721][ T23] oom_reaper: reaped process 28726 (syz-executor.5), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 2262.088256][T28772] syz-executor.2 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 2262.100392][T28772] CPU: 0 PID: 28772 Comm: syz-executor.2 Tainted: G B 5.4.56-syzkaller-00005-g8555f0d9d303 #0 [ 2262.111920][T28772] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2262.121956][T28772] Call Trace: [ 2262.125237][T28772] dump_stack+0x14a/0x1ce [ 2262.129568][T28772] ? devkmsg_release+0x11c/0x11c [ 2262.134836][T28772] ? show_regs_print_info+0x12/0x12 [ 2262.140032][T28772] ? radix_tree_cpu_dead+0x160/0x160 [ 2262.145322][T28772] ? _raw_spin_lock+0xa1/0x170 [ 2262.150095][T28772] ? _raw_spin_trylock_bh+0x190/0x190 [ 2262.155481][T28772] dump_header+0xdb/0x700 [ 2262.159829][T28772] oom_kill_process+0xd3/0x280 [ 2262.164608][T28772] out_of_memory+0x5b6/0x890 [ 2262.169216][T28772] ? unregister_oom_notifier+0x20/0x20 [ 2262.174682][T28772] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2262.180299][T28772] ? get_page_from_freelist+0x7c0/0x7c0 [ 2262.185852][T28772] ? __zone_watermark_ok+0x91/0x280 [ 2262.191055][T28772] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2262.196435][T28772] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2262.201981][T28772] ? copy_process+0x5a4/0x5110 [ 2262.206768][T28772] ? kmem_cache_alloc+0x1d5/0x260 [ 2262.211796][T28772] copy_process+0x5f3/0x5110 [ 2262.216387][T28772] ? is_mmconf_reserved+0x420/0x420 [ 2262.221580][T28772] ? preempt_schedule+0x110/0x130 [ 2262.226615][T28772] ? schedule_preempt_disabled+0x20/0x20 [ 2262.232250][T28772] ? _raw_spin_lock+0x170/0x170 [ 2262.237096][T28772] ? fork_idle+0x290/0x290 [ 2262.241497][T28772] ? dequeue_rt_stack+0xea0/0xea0 [ 2262.246528][T28772] ? pull_rt_task+0xe3/0xbf0 [ 2262.251108][T28772] _do_fork+0x196/0x920 [ 2262.255272][T28772] ? dup_mm+0x300/0x300 [ 2262.259418][T28772] ? ktime_get_raw+0x130/0x130 [ 2262.264190][T28772] __x64_sys_clone+0x25e/0x2c0 [ 2262.268947][T28772] ? __ia32_sys_vfork+0x110/0x110 [ 2262.273967][T28772] ? __x64_sys_clock_gettime+0x20d/0x260 [ 2262.279598][T28772] do_syscall_64+0xcb/0x150 [ 2262.284120][T28772] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2262.290018][T28772] RIP: 0033:0x45ccd9 [ 2262.293903][T28772] Code: 2d b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb b5 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2262.313505][T28772] RSP: 002b:00007fddb5d66c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2262.321914][T28772] RAX: ffffffffffffffda RBX: 0000000000001f00 RCX: 000000000045ccd9 [ 2262.329905][T28772] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 2262.338050][T28772] RBP: 000000000078c130 R08: ffffffffffffffff R09: 0000000000000000 [ 2262.346017][T28772] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078c0ec [ 2262.353984][T28772] R13: 00007ffdfaf6b1cf R14: 00007fddb5d679c0 R15: 000000000078c0ec [ 2262.362128][T28772] Mem-Info: [ 2262.401436][T28772] active_anon:1411054 inactive_anon:9707 isolated_anon:0 [ 2262.401436][T28772] active_file:45 inactive_file:17 isolated_file:0 [ 2262.401436][T28772] unevictable:363 dirty:21 writeback:0 unstable:0 [ 2262.401436][T28772] slab_reclaimable:10322 slab_unreclaimable:81421 [ 2262.401436][T28772] mapped:58419 shmem:9776 pagetables:38112 bounce:0 [ 2262.401436][T28772] free:9327 free_pcp:188 free_cma:0 [ 2262.452078][T28772] Node 0 active_anon:5644216kB inactive_anon:38828kB active_file:180kB inactive_file:68kB unevictable:1452kB isolated(anon):0kB isolated(file):0kB mapped:233676kB dirty:84kB writeback:0kB shmem:39104kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2262.488945][T28772] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2262.527497][T28772] lowmem_reserve[]: 0 2912 6416 6416 [ 2262.532914][T28772] DMA32 free:17248kB min:4644kB low:7624kB high:10604kB active_anon:2811236kB inactive_anon:5352kB active_file:148kB inactive_file:4kB unevictable:0kB writepending:16kB present:3129332kB managed:2983768kB mlocked:0kB kernel_stack:16160kB pagetables:24396kB bounce:0kB free_pcp:280kB local_pcp:248kB free_cma:0kB [ 2262.574748][T28772] lowmem_reserve[]: 0 0 3504 3504 [ 2262.579901][T28772] Normal free:4156kB min:5592kB low:9180kB high:12768kB active_anon:2832004kB inactive_anon:33476kB active_file:364kB inactive_file:336kB unevictable:1452kB writepending:68kB present:4718592kB managed:3588928kB mlocked:1452kB kernel_stack:29984kB pagetables:128052kB bounce:0kB free_pcp:472kB local_pcp:452kB free_cma:0kB [ 2262.622503][T28772] lowmem_reserve[]: 0 0 0 0 [ 2262.627098][T28772] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2262.642927][T28772] DMA32: 32*4kB (UME) 25*8kB (UME) 11*16kB (UME) 10*32kB (UME) 7*64kB (UME) 5*128kB (M) 8*256kB (UM) 6*512kB (UM) 4*1024kB (M) 3*2048kB (UM) 0*4096kB = 17272kB [ 2262.659100][T28772] Normal: 13*4kB (ME) 14*8kB (UME) 10*16kB (ME) 3*32kB (M) 13*64kB (UM) 21*128kB (UM) 1*256kB (M) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 4196kB [ 2262.677116][T28772] 10103 total pagecache pages [ 2262.681824][T28772] 0 pages in swap cache [ 2262.686019][T28772] Swap cache stats: add 0, delete 0, find 0/0 [ 2262.692186][T28772] Free swap = 0kB [ 2262.695920][T28772] Total swap = 0kB [ 2262.699627][T28772] 1965979 pages RAM [ 2262.703406][T28772] 0 pages HighMem/MovableOnly [ 2262.708109][T28772] 318829 pages reserved [ 2262.712299][T28772] 0 pages cma reserved [ 2262.716368][T28772] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.2,pid=23597,uid=0 [ 2262.730550][T28772] Out of memory: Killed process 23597 (syz-executor.2) total-vm:75372kB, anon-rss:14184kB, file-rss:34800kB, shmem-rss:0kB, UID:0 pgtables:144kB oom_score_adj:1000 21:34:29 executing program 1: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9}, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/netlink\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x900, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) 21:34:29 executing program 2: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x300, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x0) 21:34:29 executing program 4: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, 0x0, r3) r5 = gettid() sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000180)=[@cred={{0x1c, 0x1, 0x2, {r5, r3, r4}}}], 0x20}, 0x0) mount$fuse(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='fuse\x00', 0x804028, &(0x7f0000000440)=ANY=[@ANYRESHEX, @ANYRES64=r2, @ANYRESDEC=r2, @ANYRESDEC=0x0, @ANYRES64, @ANYRES16, @ANYBLOB="2c626c08000000653d30783030303030303030303030de7b3030302c736d61636b66737472616e736d7574653d737461638c002c006f6ebc9e0b4a83745f61707072613cc6251800000000000000911aea0a2adcf999490a4dca1d10b6d25b4c570dcdb1face8721584fc14fea4d9b3419092871b25cede3c3c0c7f32f4a904e38fa6e7da0bd0230239cfd1884f4916153e40658266fc353bd21630f24e8460269"]) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r7, 0x407, 0x0) write(r7, &(0x7f0000000340), 0x41395527) vmsplice(r6, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r8 = syz_open_procfs(0x0, &(0x7f0000000200)='net/nf_conntrack\x00') preadv(r8, &(0x7f00000017c0), 0x375, 0x0, 0x0) 21:34:29 executing program 3: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, 0x0, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:34:29 executing program 5: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x700, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x0) 21:34:30 executing program 0: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) r5 = accept(r2, 0x0, &(0x7f00000000c0)) r6 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000140)='ethtool\x00') sendmsg$ETHTOOL_MSG_LINKINFO_SET(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000200)={&(0x7f00000002c0)=ANY=[@ANYBLOB="7201a960632ed46b0fde8aad6bba45825a570e80e9649fced16db574dd5a49d3145698a6e6995b025f1e868d251f2481f539", @ANYRES16=r6, @ANYRES64], 0x58}, 0x1, 0x0, 0x0, 0x4000}, 0x8004) sendmsg$ETHTOOL_MSG_COALESCE_SET(r5, &(0x7f0000000300)={&(0x7f0000000140), 0xc, &(0x7f0000000240)={&(0x7f00000001c0)={0x4c, r6, 0x100, 0x70bd29, 0x25dfdbff, {}, [@ETHTOOL_A_COALESCE_RX_USECS={0x8, 0x2, 0x129}, @ETHTOOL_A_COALESCE_TX_USECS_IRQ={0x8, 0x8, 0x3}, @ETHTOOL_A_COALESCE_RX_MAX_FRAMES={0x8, 0x3, 0x5}, @ETHTOOL_A_COALESCE_RX_MAX_FRAMES_IRQ={0x8, 0x5, 0x427b7143}, @ETHTOOL_A_COALESCE_RX_USECS_LOW={0x8, 0xe, 0x78f2}, @ETHTOOL_A_COALESCE_RX_USECS_LOW={0x8}, @ETHTOOL_A_COALESCE_RATE_SAMPLE_INTERVAL={0x8, 0x17, 0x1}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004051) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:34:30 executing program 4: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='pagemap\x00') read$char_usb(r0, 0x0, 0x7ffff000) ioctl$sock_SIOCSIFVLAN_SET_VLAN_EGRESS_PRIORITY_CMD(r0, 0x8983, &(0x7f0000000180)={0x3, 'ip6_vti0\x00', {0x6}, 0x9}) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r5, &(0x7f00000017c0), 0x375, 0x0, 0x0) move_mount(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x60) [ 2263.015090][T28779] syz-executor.1 invoked oom-killer: gfp_mask=0x1100dca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO|0x1000000), order=0, oom_score_adj=1000 [ 2263.049399][T28779] CPU: 1 PID: 28779 Comm: syz-executor.1 Tainted: G B 5.4.56-syzkaller-00005-g8555f0d9d303 #0 [ 2263.061063][T28779] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2263.071121][T28779] Call Trace: [ 2263.074412][T28779] dump_stack+0x14a/0x1ce [ 2263.078726][T28779] ? devkmsg_release+0x11c/0x11c [ 2263.083640][T28779] ? show_regs_print_info+0x12/0x12 [ 2263.088830][T28779] ? radix_tree_cpu_dead+0x160/0x160 [ 2263.094092][T28779] ? _raw_spin_lock+0xa1/0x170 [ 2263.098830][T28779] ? _raw_spin_trylock_bh+0x190/0x190 [ 2263.104180][T28779] dump_header+0xdb/0x700 [ 2263.108494][T28779] oom_kill_process+0xd3/0x280 [ 2263.113267][T28779] out_of_memory+0x5b6/0x890 [ 2263.117829][T28779] ? unregister_oom_notifier+0x20/0x20 [ 2263.123272][T28779] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2263.128810][T28779] ? get_page_from_freelist+0x7c0/0x7c0 [ 2263.134346][T28779] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2263.139715][T28779] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2263.145245][T28779] ? mem_cgroup_commit_charge+0x1cc/0x2a0 [ 2263.150973][T28779] ? __perf_event_task_sched_out+0xfe4/0x1110 [ 2263.157030][T28779] ? __perf_event_task_sched_in+0x4f7/0x560 [ 2263.162936][T28779] wp_page_copy+0x1cb/0x1120 [ 2263.167535][T28779] ? perf_pmu_sched_task+0x370/0x370 [ 2263.172801][T28779] ? switch_mm_irqs_off+0x4d7/0x9a0 [ 2263.177989][T28779] ? add_mm_rss_vec+0x270/0x270 [ 2263.182814][T28779] ? _raw_spin_unlock_irq+0x5/0x20 [ 2263.187902][T28779] ? finish_task_switch+0x235/0x4c0 [ 2263.193094][T28779] ? vm_normal_page+0x1c9/0x1d0 [ 2263.197925][T28779] do_wp_page+0x4c1/0x1530 [ 2263.202317][T28779] ? _raw_spin_lock+0xa1/0x170 [ 2263.207080][T28779] ? do_swap_page+0x1560/0x1560 [ 2263.211911][T28779] ? ttwu_do_wakeup+0x154/0x5b0 [ 2263.216754][T28779] handle_mm_fault+0xfa5/0x41e0 [ 2263.221589][T28779] ? finish_fault+0x230/0x230 [ 2263.226254][T28779] ? down_read_trylock+0x17a/0x1d0 [ 2263.231349][T28779] ? vmacache_find+0x2d2/0x4b0 [ 2263.236117][T28779] do_user_addr_fault+0x48a/0x9f0 [ 2263.241126][T28779] page_fault+0x2f/0x40 [ 2263.245275][T28779] RIP: 0010:copy_user_enhanced_fast_string+0xe/0x30 [ 2263.251847][T28779] Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 89 d1 f3 a4 [ 2263.271452][T28779] RSP: 0018:ffff88802e1cf888 EFLAGS: 00010206 [ 2263.277498][T28779] RAX: ffffffff81f80e01 RBX: 0000000020713500 RCX: 0000000000000500 [ 2263.285451][T28779] RDX: 0000000000001000 RSI: ffff8881cec6bb00 RDI: 0000000020713000 [ 2263.293440][T28779] RBP: ffff88802e1cfda8 R08: dffffc0000000000 R09: ffffed1039d8d800 [ 2263.302370][T28779] R10: 0000000000000000 R11: 0000000000000000 R12: 00007ffffffff000 [ 2263.310338][T28779] R13: 0000000000001000 R14: ffff8881cec6b000 R15: 0000000020712500 [ 2263.318305][T28779] ? _copy_to_iter+0x1021/0x1060 [ 2263.323244][T28779] copyout+0x8e/0xb0 [ 2263.327132][T28779] copy_page_to_iter+0x393/0xbd0 [ 2263.332062][T28779] pipe_to_user+0xa3/0x130 [ 2263.336576][T28779] __splice_from_pipe+0x2d3/0x870 [ 2263.341588][T28779] ? user_page_pipe_buf_steal+0xc0/0xc0 [ 2263.347287][T28779] do_vmsplice+0x252/0xee0 [ 2263.351698][T28779] ? avc_ss_reset+0x3a0/0x3a0 [ 2263.356415][T28779] ? write_pipe_buf+0x1d0/0x1d0 [ 2263.361303][T28779] ? __rcu_read_lock+0x50/0x50 [ 2263.366082][T28779] ? check_stack_object+0x5a/0x90 [ 2263.371097][T28779] ? _copy_from_user+0xa4/0xe0 [ 2263.375849][T28779] ? rw_copy_check_uvector+0x2b3/0x310 [ 2263.381295][T28779] ? import_iovec+0x1c2/0x380 [ 2263.385956][T28779] ? dup_iter+0x110/0x110 [ 2263.390283][T28779] ? do_vfs_ioctl+0x780/0x1750 [ 2263.395039][T28779] __se_sys_vmsplice+0x1fb/0x300 [ 2263.400005][T28779] ? __x64_sys_vmsplice+0xa0/0xa0 [ 2263.405059][T28779] ? put_timespec64+0x109/0x150 [ 2263.409892][T28779] ? __x64_sys_clock_gettime+0x20d/0x260 [ 2263.415515][T28779] ? __ia32_sys_clock_settime+0x2a0/0x2a0 [ 2263.421210][T28779] do_syscall_64+0xcb/0x150 [ 2263.425690][T28779] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2263.431568][T28779] RIP: 0033:0x45ccd9 [ 2263.435437][T28779] Code: 2d b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb b5 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2263.455020][T28779] RSP: 002b:00007f08e95a3c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000116 [ 2263.463404][T28779] RAX: ffffffffffffffda RBX: 0000000000035780 RCX: 000000000045ccd9 [ 2263.471363][T28779] RDX: 0000000000000001 RSI: 0000000020000000 RDI: 0000000000000004 [ 2263.479312][T28779] RBP: 000000000078c088 R08: 0000000000000000 R09: 0000000000000000 [ 2263.487266][T28779] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078c04c [ 2263.495216][T28779] R13: 00007ffee81ce42f R14: 00007f08e95a49c0 R15: 000000000078c04c [ 2263.513217][T28779] Mem-Info: [ 2263.518841][T28779] active_anon:1410825 inactive_anon:9707 isolated_anon:0 [ 2263.518841][T28779] active_file:24 inactive_file:4 isolated_file:0 [ 2263.518841][T28779] unevictable:363 dirty:7 writeback:15 unstable:0 [ 2263.518841][T28779] slab_reclaimable:10322 slab_unreclaimable:81491 [ 2263.518841][T28779] mapped:58416 shmem:9776 pagetables:38127 bounce:0 [ 2263.518841][T28779] free:9289 free_pcp:249 free_cma:0 [ 2263.558193][T28779] Node 0 active_anon:5643300kB inactive_anon:38828kB active_file:92kB inactive_file:0kB unevictable:1452kB isolated(anon):0kB isolated(file):0kB mapped:233664kB dirty:28kB writeback:60kB shmem:39104kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2263.584033][T28779] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2263.610695][T28779] lowmem_reserve[]: 0 2912 6416 6416 [ 2263.617033][T28779] DMA32 free:17232kB min:4644kB low:7624kB high:10604kB active_anon:2809960kB inactive_anon:5352kB active_file:48kB inactive_file:60kB unevictable:0kB writepending:0kB present:3129332kB managed:2983768kB mlocked:0kB kernel_stack:16512kB pagetables:24660kB bounce:0kB free_pcp:496kB local_pcp:496kB free_cma:0kB [ 2263.648357][T28779] lowmem_reserve[]: 0 0 3504 3504 [ 2263.653461][T28779] Normal free:4472kB min:9688kB low:13276kB high:16864kB active_anon:2833496kB inactive_anon:33476kB active_file:4kB inactive_file:0kB unevictable:1452kB writepending:4kB present:4718592kB managed:3588928kB mlocked:1452kB kernel_stack:30112kB pagetables:127936kB bounce:0kB free_pcp:32kB local_pcp:0kB free_cma:0kB [ 2263.686058][T28779] lowmem_reserve[]: 0 0 0 0 [ 2263.690655][T28779] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2263.706693][T28779] DMA32: 8*4kB (EH) 12*8kB (ME) 19*16kB (UMEH) 15*32kB (UMEH) 9*64kB (MEH) 21*128kB (M) 9*256kB (M) 5*512kB (M) 4*1024kB (MH) 2*2048kB (M) 0*4096kB = 17232kB [ 2263.722863][T28779] Normal: 52*4kB (UEH) 18*8kB (UMEH) 7*16kB (UME) 4*32kB (MH) 6*64kB (MH) 26*128kB (M) 1*256kB (H) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 4560kB [ 2263.738695][T28779] 10112 total pagecache pages [ 2263.743433][T28779] 0 pages in swap cache [ 2263.749164][T28779] Swap cache stats: add 0, delete 0, find 0/0 [ 2263.756535][T28779] Free swap = 0kB [ 2263.760251][T28779] Total swap = 0kB [ 2263.763954][T28779] 1965979 pages RAM [ 2263.768619][T28779] 0 pages HighMem/MovableOnly [ 2263.773357][T28779] 318829 pages reserved [ 2263.778600][T28779] 0 pages cma reserved [ 2263.783259][T28779] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.5,pid=11512,uid=0 [ 2263.798801][T28779] Out of memory: Killed process 11512 (syz-executor.5) total-vm:75240kB, anon-rss:13108kB, file-rss:35840kB, shmem-rss:0kB, UID:0 pgtables:156kB oom_score_adj:1000 [ 2263.823920][ T23] oom_reaper: reaped process 11512 (syz-executor.5), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 2263.900123][ T359] syz-executor.1 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 2263.913138][ T359] CPU: 1 PID: 359 Comm: syz-executor.1 Tainted: G B 5.4.56-syzkaller-00005-g8555f0d9d303 #0 [ 2263.924727][ T359] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2263.934765][ T359] Call Trace: [ 2263.938041][ T359] dump_stack+0x14a/0x1ce [ 2263.942371][ T359] ? devkmsg_release+0x11c/0x11c [ 2263.947319][ T359] ? show_regs_print_info+0x12/0x12 [ 2263.952501][ T359] ? radix_tree_cpu_dead+0x160/0x160 [ 2263.957789][ T359] ? _raw_spin_lock+0xa1/0x170 [ 2263.962545][ T359] ? _raw_spin_trylock_bh+0x190/0x190 [ 2263.967911][ T359] dump_header+0xdb/0x700 [ 2263.972253][ T359] oom_kill_process+0xd3/0x280 [ 2263.976996][ T359] out_of_memory+0x5b6/0x890 [ 2263.981607][ T359] ? unregister_oom_notifier+0x20/0x20 [ 2263.987061][ T359] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2263.992644][ T359] ? get_page_from_freelist+0x7c0/0x7c0 [ 2263.998190][ T359] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2264.003553][ T359] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2264.009089][ T359] pagecache_get_page+0x50f/0x880 [ 2264.014106][ T359] filemap_fault+0x14cb/0x1a30 [ 2264.018870][ T359] ? __down_read+0xf1/0x210 [ 2264.023388][ T359] ? generic_file_read_iter+0x20b0/0x20b0 [ 2264.029117][ T359] ? ___preempt_schedule+0x16/0x20 [ 2264.034223][ T359] ext4_filemap_fault+0x7b/0x90 [ 2264.039064][ T359] handle_mm_fault+0x29ca/0x41e0 [ 2264.044003][ T359] ? finish_fault+0x230/0x230 [ 2264.048808][ T359] ? get_timespec64+0x11f/0x1d0 [ 2264.053700][ T359] ? down_read_trylock+0x17a/0x1d0 [ 2264.058917][ T359] ? vmacache_find+0x205/0x4b0 [ 2264.063665][ T359] do_user_addr_fault+0x48a/0x9f0 [ 2264.068683][ T359] page_fault+0x2f/0x40 [ 2264.072836][ T359] RIP: 0033:0x4105de [ 2264.076720][ T359] Code: 89 c6 48 8b 05 c3 35 89 00 4c 89 f3 44 8b 20 eb 48 0f 1f 00 bf e8 03 00 00 e8 8e c6 04 00 e8 79 2d ff ff 48 8b 15 a2 35 89 00 <8b> 0a 48 89 c2 41 39 cc 48 0f 45 d8 4c 29 f2 48 81 fa 87 13 00 00 [ 2264.096303][ T359] RSP: 002b:00007ffee81ce670 EFLAGS: 00010202 [ 2264.102371][ T359] RAX: 0000000000228800 RBX: 00000000002287e1 RCX: 00000000002287d8 [ 2264.110322][ T359] RDX: 0000001b31d20000 RSI: 0000000000000000 RDI: 0000000000000001 [ 2264.118291][ T359] RBP: 0000000000003182 R08: 0000000000000001 R09: 00000000023ef940 [ 2264.126473][ T359] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000000f [ 2264.134550][ T359] R13: 00007ffee81ce6a0 R14: 00000000002283a1 R15: 00007ffee81ce6b0 [ 2264.158930][ T359] Mem-Info: [ 2264.162230][ T359] active_anon:1410643 inactive_anon:9707 isolated_anon:0 [ 2264.162230][ T359] active_file:41 inactive_file:28 isolated_file:0 [ 2264.162230][ T359] unevictable:363 dirty:3 writeback:0 unstable:0 [ 2264.162230][ T359] slab_reclaimable:10322 slab_unreclaimable:81420 [ 2264.162230][ T359] mapped:58462 shmem:9776 pagetables:38149 bounce:0 [ 2264.162230][ T359] free:9595 free_pcp:248 free_cma:0 [ 2264.200832][ T359] Node 0 active_anon:5642572kB inactive_anon:38828kB active_file:164kB inactive_file:208kB unevictable:1452kB isolated(anon):0kB isolated(file):0kB mapped:233848kB dirty:12kB writeback:0kB shmem:39104kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2264.230796][ T359] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2264.259747][ T359] lowmem_reserve[]: 0 2912 6416 6416 [ 2264.265211][ T359] DMA32 free:18600kB min:4644kB low:7624kB high:10604kB active_anon:2808300kB inactive_anon:5352kB active_file:580kB inactive_file:536kB unevictable:0kB writepending:0kB present:3129332kB managed:2983768kB mlocked:0kB kernel_stack:16352kB pagetables:24660kB bounce:0kB free_pcp:732kB local_pcp:0kB free_cma:0kB [ 2264.294877][ T359] lowmem_reserve[]: 0 0 3504 3504 [ 2264.300451][ T359] Normal free:3844kB min:5592kB low:9180kB high:12768kB active_anon:2833512kB inactive_anon:33476kB active_file:4kB inactive_file:16kB unevictable:1452kB writepending:12kB present:4718592kB managed:3588928kB mlocked:1452kB kernel_stack:30048kB pagetables:127936kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2264.330294][ T359] lowmem_reserve[]: 0 0 0 0 [ 2264.335080][ T359] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2264.348915][ T359] DMA32: 8*4kB (EH) 14*8kB (MEH) 16*16kB (UEH) 32*32kB (UMEH) 13*64kB (UMEH) 26*128kB (M) 10*256kB (UMH) 6*512kB (UMH) 3*1024kB (M) 2*2048kB (UM) 0*4096kB = 18384kB [ 2264.367234][ T359] Normal: 89*4kB (UME) 15*8kB (UME) 5*16kB (UME) 2*32kB (M) 2*64kB (M) 25*128kB (M) 1*256kB (M) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 4204kB [ 2264.381671][ T359] 10155 total pagecache pages [ 2264.386634][ T359] 0 pages in swap cache [ 2264.390873][ T359] Swap cache stats: add 0, delete 0, find 0/0 [ 2264.397037][ T359] Free swap = 0kB [ 2264.400793][ T359] Total swap = 0kB [ 2264.404586][ T359] 1965979 pages RAM [ 2264.408453][ T359] 0 pages HighMem/MovableOnly [ 2264.413189][ T359] 318829 pages reserved [ 2264.419334][ T359] 0 pages cma reserved [ 2264.423595][ T359] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.0,pid=26510,uid=0 [ 2264.439925][ T359] Out of memory: Killed process 26510 (syz-executor.0) total-vm:75240kB, anon-rss:13096kB, file-rss:35840kB, shmem-rss:0kB, UID:0 pgtables:156kB oom_score_adj:1000 21:34:32 executing program 2: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9}, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/netlink\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x900, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) 21:34:32 executing program 4: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xb, &(0x7f0000000300)={0x9, 0x4}, 0x0) r0 = getpid() accept4$packet(0xffffffffffffffff, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000000240)=0x14, 0x80000) sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x10020, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') r5 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x10000, 0x104) r6 = syz_open_procfs(0x0, &(0x7f0000000000)='pagemap\x00') read$char_usb(r6, 0x0, 0x7ffff000) r7 = openat(r6, &(0x7f0000000180)='./file0\x00', 0x400, 0x96) renameat2(r5, &(0x7f0000000140)='./file0\x00', r7, &(0x7f00000001c0)='./file0\x00', 0x1) preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) 21:34:32 executing program 1: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9}, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/netlink\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x900, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) [ 2264.462862][ T23] oom_reaper: reaped process 26510 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 21:34:32 executing program 3: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, 0x0, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x4) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) 21:34:32 executing program 5: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x900, 0x0) lseek(0xffffffffffffffff, 0xffffffffa855772d, 0x0) 21:34:32 executing program 0: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb701, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) r2 = gettid() recvfrom(0xffffffffffffffff, 0xfffffffffffffffd, 0x0, 0x0, &(0x7f0000000400)=@un=@file={0x1, './file0\x00'}, 0x80) ptrace$peek(0x1, r2, &(0x7f00000000c0)) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) write(r4, &(0x7f0000000340), 0x41395527) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000200)='IPVS\x00') sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="02002dbd7000ffdbdf2507000000088a4018bb00000008000600feffffff7be5dcaaba4cb08c"], 0x2c}, 0x1, 0x0, 0x0, 0x20008001}, 0x4000004) sendmsg$IPVS_CMD_GET_DAEMON(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000300)={0xfc, r5, 0x10, 0x70bd2d, 0x25dfdbfc, {}, [@IPVS_CMD_ATTR_DAEMON={0x70, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6, 0x4, 0x9}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'veth1_vlan\x00'}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @empty}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @local}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6, 0x4, 0x400}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x3}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x5, 0x8, 0x5}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @rand_addr=0x64010101}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'veth1_to_bond\x00'}]}, @IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x88}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x1}]}, @IPVS_CMD_ATTR_DEST={0x54, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x3ff}, @IPVS_DEST_ATTR_TUN_TYPE={0x5, 0xd, 0x1}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0xebe9}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x3}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv4=@remote}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x6, 0xb, 0x2}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv6=@private0={0xfc, 0x0, [], 0x1}}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x6}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x2cb8}]}, 0xfc}, 0x1, 0x0, 0x0, 0x8001}, 0x10) r6 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r6, &(0x7f00000017c0), 0x375, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0) [ 2264.750086][T28819] syz-executor.4 invoked oom-killer: gfp_mask=0x1100dca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO|0x1000000), order=0, oom_score_adj=1000 [ 2264.774302][T28819] CPU: 0 PID: 28819 Comm: syz-executor.4 Tainted: G B 5.4.56-syzkaller-00005-g8555f0d9d303 #0 [ 2264.785864][T28819] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2264.795987][T28819] Call Trace: [ 2264.799288][T28819] dump_stack+0x14a/0x1ce [ 2264.803617][T28819] ? devkmsg_release+0x11c/0x11c [ 2264.808552][T28819] ? show_regs_print_info+0x12/0x12 [ 2264.813738][T28819] ? radix_tree_cpu_dead+0x160/0x160 [ 2264.819032][T28819] ? _raw_spin_lock+0xa1/0x170 [ 2264.824247][T28819] ? _raw_spin_trylock_bh+0x190/0x190 [ 2264.829617][T28819] dump_header+0xdb/0x700 [ 2264.833964][T28819] oom_kill_process+0xd3/0x280 [ 2264.838720][T28819] out_of_memory+0x5b6/0x890 [ 2264.843318][T28819] ? unregister_oom_notifier+0x20/0x20 [ 2264.848920][T28819] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2264.854485][T28819] ? get_page_from_freelist+0x7c0/0x7c0 [ 2264.860048][T28819] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2264.865434][T28819] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2264.870997][T28819] handle_mm_fault+0x18e6/0x41e0 [ 2264.875945][T28819] ? find_vma+0x150/0x150 [ 2264.880288][T28819] ? finish_fault+0x230/0x230 [ 2264.885060][T28819] ? up_write+0x180/0x190 [ 2264.889406][T28819] ? down_read_trylock+0x17a/0x1d0 [ 2264.894552][T28819] ? vmacache_update+0x9f/0xf0 [ 2264.899354][T28819] do_user_addr_fault+0x48a/0x9f0 [ 2264.904397][T28819] page_fault+0x2f/0x40 [ 2264.908555][T28819] RIP: 0033:0x4142bf [ 2264.912468][T28819] Code: 0f 84 c8 02 00 00 48 83 bd 78 ff ff ff 00 0f 84 f9 04 00 00 48 8b 95 68 ff ff ff 44 89 95 38 ff ff ff 4c 8d ac 10 00 f7 ff ff <49> 89 85 90 06 00 00 49 8d 85 10 03 00 00 49 89 95 98 06 00 00 41 [ 2264.932076][T28819] RSP: 002b:00007ffdf3466b80 EFLAGS: 00010206 [ 2264.938247][T28819] RAX: 00007f147e923000 RBX: 0000000000020000 RCX: 000000000045cd2a [ 2264.946441][T28819] RDX: 0000000000021000 RSI: 0000000000021000 RDI: 0000000000000000 [ 2264.954416][T28819] RBP: 00007ffdf3466c60 R08: ffffffffffffffff R09: 0000000000000000 [ 2264.962406][T28819] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffdf3466d60 [ 2264.970390][T28819] R13: 00007f147e943700 R14: 0000000000000992 R15: 000000000078c0ec [ 2264.993467][T28819] Mem-Info: [ 2264.997092][T28819] active_anon:1410492 inactive_anon:9707 isolated_anon:0 [ 2264.997092][T28819] active_file:13 inactive_file:12 isolated_file:0 [ 2264.997092][T28819] unevictable:363 dirty:24 writeback:6 unstable:0 [ 2264.997092][T28819] slab_reclaimable:10321 slab_unreclaimable:81790 [ 2264.997092][T28819] mapped:58445 shmem:9776 pagetables:38191 bounce:0 [ 2264.997092][T28819] free:9241 free_pcp:9 free_cma:0 [ 2265.036163][T28819] Node 0 active_anon:5641968kB inactive_anon:38828kB active_file:108kB inactive_file:136kB unevictable:1452kB isolated(anon):0kB isolated(file):0kB mapped:233780kB dirty:96kB writeback:24kB shmem:39104kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2265.061042][T28819] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2265.087070][T28819] lowmem_reserve[]: 0 2912 6416 6416 [ 2265.092373][T28819] DMA32 free:17476kB min:4644kB low:7624kB high:10604kB active_anon:2806580kB inactive_anon:5352kB active_file:392kB inactive_file:132kB unevictable:0kB writepending:56kB present:3129332kB managed:2983768kB mlocked:0kB kernel_stack:16800kB pagetables:25096kB bounce:0kB free_pcp:36kB local_pcp:0kB free_cma:0kB [ 2265.121747][T28819] lowmem_reserve[]: 0 0 3504 3504 [ 2265.126891][T28819] Normal free:3704kB min:5592kB low:9180kB high:12768kB active_anon:2834792kB inactive_anon:33476kB active_file:0kB inactive_file:88kB unevictable:1452kB writepending:20kB present:4718592kB managed:3588928kB mlocked:1452kB kernel_stack:29856kB pagetables:127668kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2265.156404][T28819] lowmem_reserve[]: 0 0 0 0 [ 2265.160962][T28819] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2265.180206][T28819] DMA32: 175*4kB (UME) 34*8kB (UME) 31*16kB (UME) 26*32kB (UME) 6*64kB (ME) 2*128kB (UM) 6*256kB (UM) 8*512kB (UM) 3*1024kB (M) 3*2048kB (UM) 0*4096kB = 17788kB [ 2265.197483][T28819] Normal: 63*4kB (UME) 17*8kB (UME) 8*16kB (UME) 3*32kB (M) 3*64kB (M) 26*128kB (M) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 4132kB [ 2265.211521][T28819] 10113 total pagecache pages [ 2265.216616][T28819] 0 pages in swap cache [ 2265.220772][T28819] Swap cache stats: add 0, delete 0, find 0/0 [ 2265.227270][T28819] Free swap = 0kB [ 2265.230997][T28819] Total swap = 0kB [ 2265.234726][T28819] 1965979 pages RAM [ 2265.238524][T28819] 0 pages HighMem/MovableOnly [ 2265.243635][T28819] 318829 pages reserved [ 2265.247909][T28819] 0 pages cma reserved [ 2265.251957][T28819] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.2,pid=26009,uid=0 [ 2265.266052][T28819] Out of memory: Killed process 26009 (syz-executor.2) total-vm:75240kB, anon-rss:13012kB, file-rss:35856kB, shmem-rss:0kB, UID:0 pgtables:152kB oom_score_adj:1000 [ 2265.284676][ T23] oom_reaper: reaped process 26009 (syz-executor.2), now anon-rss:0kB, file-rss:34824kB, shmem-rss:0kB [ 2265.347927][T28818] syz-executor.2 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 2265.360936][T28818] CPU: 0 PID: 28818 Comm: syz-executor.2 Tainted: G B 5.4.56-syzkaller-00005-g8555f0d9d303 #0 [ 2265.372496][T28818] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2265.382546][T28818] Call Trace: [ 2265.385838][T28818] dump_stack+0x14a/0x1ce [ 2265.390158][T28818] ? devkmsg_release+0x11c/0x11c [ 2265.395085][T28818] ? show_regs_print_info+0x12/0x12 [ 2265.401141][T28818] ? radix_tree_cpu_dead+0x160/0x160 [ 2265.406418][T28818] ? _raw_spin_lock+0xa1/0x170 [ 2265.411180][T28818] ? _raw_spin_trylock_bh+0x190/0x190 [ 2265.416550][T28818] dump_header+0xdb/0x700 [ 2265.420881][T28818] oom_kill_process+0xd3/0x280 [ 2265.425638][T28818] out_of_memory+0x5b6/0x890 [ 2265.430222][T28818] ? unregister_oom_notifier+0x20/0x20 [ 2265.435673][T28818] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2265.441217][T28818] ? get_page_from_freelist+0x7c0/0x7c0 [ 2265.446758][T28818] ? __zone_watermark_ok+0x91/0x280 [ 2265.451957][T28818] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2265.457335][T28818] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2265.462873][T28818] ? copy_process+0x5a4/0x5110 [ 2265.467626][T28818] ? kmem_cache_alloc+0x1d5/0x260 [ 2265.472639][T28818] copy_process+0x5f3/0x5110 [ 2265.477221][T28818] ? mem_cgroup_commit_charge+0x1cc/0x2a0 [ 2265.482934][T28818] ? _raw_spin_lock+0xa1/0x170 [ 2265.487694][T28818] ? mem_cgroup_try_charge_delay+0x10/0x10 [ 2265.493488][T28818] ? __lru_cache_add+0x1a1/0x1f0 [ 2265.498423][T28818] ? fork_idle+0x290/0x290 [ 2265.502831][T28818] ? cpus_share_cache+0xd0/0xd0 [ 2265.507694][T28818] _do_fork+0x196/0x920 [ 2265.511867][T28818] ? finish_fault+0x230/0x230 [ 2265.516556][T28818] ? up_write+0x180/0x190 [ 2265.520879][T28818] ? dup_mm+0x300/0x300 [ 2265.525031][T28818] __x64_sys_clone+0x25e/0x2c0 [ 2265.529791][T28818] ? __ia32_sys_vfork+0x110/0x110 [ 2265.534814][T28818] ? do_user_addr_fault+0x55c/0x9f0 [ 2265.540010][T28818] do_syscall_64+0xcb/0x150 [ 2265.544511][T28818] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2265.550400][T28818] RIP: 0033:0x45f6a9 [ 2265.554290][T28818] Code: ff 48 85 f6 0f 84 57 8c fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c 2e 8c fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 2265.573893][T28818] RSP: 002b:00007ffdfaf6b118 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 2265.582308][T28818] RAX: ffffffffffffffda RBX: 00007fddb5d67700 RCX: 000000000045f6a9 [ 2265.590279][T28818] RDX: 00007fddb5d679d0 RSI: 00007fddb5d66db0 RDI: 00000000003d0f00 [ 2265.598247][T28818] RBP: 00007ffdfaf6b340 R08: 00007fddb5d67700 R09: 00007fddb5d67700 [ 2265.606244][T28818] R10: 00007fddb5d679d0 R11: 0000000000000202 R12: 0000000000000000 [ 2265.614215][T28818] R13: 00007ffdfaf6b1cf R14: 00007fddb5d679c0 R15: 000000000078c0ec [ 2265.624574][T28818] Mem-Info: [ 2265.629080][T28818] active_anon:1407358 inactive_anon:9707 isolated_anon:0 [ 2265.629080][T28818] active_file:19 inactive_file:29 isolated_file:0 [ 2265.629080][T28818] unevictable:363 dirty:20 writeback:0 unstable:0 [ 2265.629080][T28818] slab_reclaimable:10321 slab_unreclaimable:81783 [ 2265.629080][T28818] mapped:58428 shmem:9776 pagetables:38195 bounce:0 [ 2265.629080][T28818] free:12039 free_pcp:550 free_cma:0 [ 2265.713598][T28818] Node 0 active_anon:5642432kB inactive_anon:38828kB active_file:156kB inactive_file:84kB unevictable:1452kB isolated(anon):0kB isolated(file):0kB mapped:233812kB dirty:80kB writeback:0kB shmem:39104kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2265.754393][T28818] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2265.781476][T28818] lowmem_reserve[]: 0 2912 6416 6416 [ 2265.787008][T28818] DMA32 free:16564kB min:4644kB low:7624kB high:10604kB active_anon:2807940kB inactive_anon:5352kB active_file:56kB inactive_file:36kB unevictable:0kB writepending:60kB present:3129332kB managed:2983768kB mlocked:0kB kernel_stack:16896kB pagetables:25232kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2265.817860][T28818] lowmem_reserve[]: 0 0 3504 3504 [ 2265.823092][T28818] Normal free:4364kB min:9688kB low:13276kB high:16864kB active_anon:2834500kB inactive_anon:33476kB active_file:24kB inactive_file:56kB unevictable:1452kB writepending:20kB present:4718592kB managed:3588928kB mlocked:1452kB kernel_stack:29984kB pagetables:127688kB bounce:0kB free_pcp:496kB local_pcp:248kB free_cma:0kB